r41195 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r41194‎ | r41195 | r41196 >
Date:14:35, 23 September 2008
Author:yaron
Status:old
Tags:
Comment:
Simplified HTML-escaping of form values, "leaving form" warning disabled for
Internet Explorer, template parsing for automatic-page-name value fixed
Modified paths:
  • /trunk/extensions/SemanticForms/includes/SF_FormPrinter.inc (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/includes/SF_FormPrinter.inc
@@ -475,10 +475,7 @@
476476 } else
477477 $cur_value = '';
478478 if ($cur_value && ! is_array($cur_value)) {
479 - $cur_value = Sanitizer::safeEncodeAttribute($cur_value);
480 - // undo the encoding of ampersands and a few other characters
481 - $cur_value = str_replace('&', '&', $cur_value);
482 - $cur_value = str_replace(array('{', '|', '}'), array('{', '|', '}'), $cur_value);
 479+ $cur_value = str_replace('"', '"', $cur_value);
483480 }
484481
485482 if ($cur_value == null) {
@@ -495,10 +492,7 @@
496493 } else
497494 $cur_value = '';
498495 if ($cur_value) {
499 - $cur_value = Sanitizer::safeEncodeAttribute($cur_value);
500 - // undo the encoding of ampersands and a few other characters
501 - $cur_value = str_replace('&', '&', $cur_value);
502 - $cur_value = str_replace(array('{', '|', '}'), array('{', '|', '}'), $cur_value);
 496+ $cur_value = str_replace('"', '"', $cur_value);
503497 }
504498 }
505499
@@ -1061,7 +1055,14 @@
10621056 // English and can't be changed
10631057 function confirm_text(evt) {
10641058 // show this confirmation message only if the user didn't
1065 - // click on a form element
 1059+ // click on a form element.
 1060+ // unfortunately, Internet Explorer doesn't pass in any value to
 1061+ // this function, so we can't tell if it was called when a user
 1062+ // hit "Save page", etc. - in the interest of not causing user
 1063+ // confusion, we'll just do nothing if the browser is IE
 1064+ if (typeof evt == 'undefined') {
 1065+ return;
 1066+ }
10661067 if (evt.target.className != "createbox") {
10671068 return "Changes to the form will not be saved.";
10681069 }
@@ -1091,7 +1092,7 @@
10921093 global $wgParser;
10931094 $new_text = $wgParser->preprocess(str_replace( "{{!}}", "|", $form_page_title ), $this->mPageTitle, new ParserOptions());
10941095 return array($form_text, "/*<![CDATA[*/ $javascript_text /*]]>*/",
1095 - $data_text, $form_page_title, $generated_page_name);
 1096+ $data_text, $new_text, $generated_page_name);
10961097 }
10971098
10981099 /**

Status & tagging log