r37733 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r37732‎ \| r37733 \| r37734 >
Date:	23:02, 15 July 2008
Author:	catrope
Status:	old
Tags:
Comment:	Really doing the redircite thing right this time (I hope), now using Xml::escapeJsString() and Xml::tags() to escape stuff.
Modified paths:	/trunk/extensions/redircite/redircite.php (modified) (history)

Diff [purge]

Index: trunk/extensions/redircite/redircite.php
—	—	@@ -1,7 +1,5 @@
2	2	<?php
3	3
4		~~-die("redircite extension disabled -- contains HTML injection vulnerabilities.");~~
5		-
6	4	/**
7	5	* This program is free software; you can redistribute it and/or modify
8	6	* it under the terms of the GNU General Public License as published by
—	—	@@ -50,11 +48,15 @@
51	49	// which will be translated to the HTML stored in $redirciteMarkerList by
52	50	// redircite_afterTidy()
53	51	global $redirciteMarkerList;
	52	+ # Verify that $input is a valid title
	53	+ $inputTitle = Title::newFromText($input);
	54	+ if(!$inputTitle)
	55	+ return $input;
54	56	$lparse = clone $parser;
55	57	$link1 = $lparse->parse("[[$input]]", $parser->mTitle, $parser->mOptions, false, false);
56	58	$link1text = $link1->getText();
57	59	$title1 = Title::newFromText($input);
58		~~- if(!$title1) // Page doesn't exist~~
	60	+ if(!$title1->exists()) // Page doesn't exist
59	61	// Just output a normal (red) link
60	62	return $link1text;
61	63	$articleObj = new Article($title1);
—	—	@@ -67,7 +69,12 @@
68	70	$link2text = $link2->getText();
69	71
70	72	$marker = "xx-redircite-marker-" . count($redirciteMarkerList) . "-redircite-xx";
71		~~- $redirciteMarkerList[] = "<span onmouseout='this.firstChild.innerHTML = \"$input\";' onmouseover='this.firstChild.innerHTML = \"{$title2->getPrefixedText()}\";'>$link2text</span>";~~
	73	+ $onmouseout = 'this.firstChild.innerHTML = "'. Xml::escapeJsString($input) . '";';
	74	+ $onmouseover = 'this.firstChild.innerHTML = "' . Xml::escapeJsString($title2->getPrefixedText()) . '";';
	75	+ $redirciteMarkerList[] = Xml::tags('span', array(
	76	+ 'onmouseout' => $onmouseout,
	77	+ 'onmouseover' => $onmouseover),
	78	+ $link2text);
72	79	return $marker;
73	80	}
74	81

Status & tagging log

15:29, 12 September 2011 Meno25 (talk | contribs) changed the status of r37733 [removed: ok added: old]