| Index: trunk/phase3/index.php |
| — | — | @@ -96,7 +96,7 @@ |
| 97 | 97 | SpecialPage::executePath( $wgTitle ); |
| 98 | 98 | } else { |
| 99 | 99 | if ( Namespace::getMedia() == $wgTitle->getNamespace() ) { |
| 100 | | - $wgTitle = Title::makeTitle( Namespace::getImage(), $wgTitle->getDBkey() ); |
| | 100 | + $wgTitle = Title::makeTitle( NS_IMAGE, $wgTitle->getDBkey() ); |
| 101 | 101 | } |
| 102 | 102 | |
| 103 | 103 | switch( $wgTitle->getNamespace() ) { |
| Index: trunk/phase3/includes/DifferenceEngine.php |
| — | — | @@ -60,10 +60,10 @@ |
| 61 | 61 | $this->mOldComment = $sk->formatComment($this->mOldComment); |
| 62 | 62 | $this->mNewComment = $sk->formatComment($this->mNewComment); |
| 63 | 63 | |
| 64 | | - $oldUserLink = $sk->makeLinkObj( Title::makeTitle( NS_USER, $this->mOldUser ), $this->mOldUser ); |
| 65 | | - $newUserLink = $sk->makeLinkObj( Title::makeTitle( NS_USER, $this->mNewUser ), $this->mNewUser ); |
| 66 | | - $oldUTLink = $sk->makeLinkObj( Title::makeTitle( NS_USER_TALK, $this->mOldUser ), $talk ); |
| 67 | | - $newUTLink = $sk->makeLinkObj( Title::makeTitle( NS_USER_TALK, $this->mNewUser ), $talk ); |
| | 64 | + $oldUserLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER, $this->mOldUser ), $this->mOldUser ); |
| | 65 | + $newUserLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER, $this->mNewUser ), $this->mNewUser ); |
| | 66 | + $oldUTLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER_TALK, $this->mOldUser ), $talk ); |
| | 67 | + $newUTLink = $sk->makeLinkObj( Title::makeTitleSafe( NS_USER_TALK, $this->mNewUser ), $talk ); |
| 68 | 68 | $oldContribs = $sk->makeKnownLinkObj( Title::makeTitle( NS_SPECIAL, 'Contributions' ), $contribs, |
| 69 | 69 | 'target=' . urlencode($this->mOldUser) ); |
| 70 | 70 | $newContribs = $sk->makeKnownLinkObj( Title::makeTitle( NS_SPECIAL, 'Contributions' ), $contribs, |
| Index: trunk/phase3/includes/Title.php |
| — | — | @@ -138,8 +138,8 @@ |
| 139 | 139 | } |
| 140 | 140 | |
| 141 | 141 | # From a namespace index and a DB key. |
| 142 | | - # It's assumed that $ns and $title are *valid*, for instance |
| 143 | | - # when they came directly from the database. |
| | 142 | + # It's assumed that $ns and $title are *valid*, for instance when |
| | 143 | + # they came directly from the database or a special page name. |
| 144 | 144 | /* static */ function &makeTitle( $ns, $title ) { |
| 145 | 145 | $t =& new Title(); |
| 146 | 146 | $t->mInterwiki = ''; |
| — | — | @@ -151,6 +151,19 @@ |
| 152 | 152 | $t->mTextform = str_replace( '_', ' ', $title ); |
| 153 | 153 | return $t; |
| 154 | 154 | } |
| | 155 | + |
| | 156 | + # From a namespace index and a DB key. |
| | 157 | + # These will be checked for validity, which is a bit slower |
| | 158 | + # than makeTitle() but safer for user-provided data. |
| | 159 | + /* static */ function makeTitleSafe( $ns, $title ) { |
| | 160 | + $t = new Title(); |
| | 161 | + $t->mDbkeyform = Title::makeName( $ns, $title ); |
| | 162 | + if( $t->secureAndSplit() ) { |
| | 163 | + return $t; |
| | 164 | + } else { |
| | 165 | + return NULL; |
| | 166 | + } |
| | 167 | + } |
| 155 | 168 | |
| 156 | 169 | /* static */ function newMainPage() { |
| 157 | 170 | return Title::newFromText( wfMsg( 'mainpage' ) ); |
| Index: trunk/phase3/includes/Image.php |
| — | — | @@ -26,7 +26,7 @@ |
| 27 | 27 | global $wgUploadDirectory; |
| 28 | 28 | |
| 29 | 29 | $this->name = $name; |
| 30 | | - $this->title = Title::makeTitle( Namespace::getImage(), $this->name ); |
| | 30 | + $this->title = Title::makeTitleSafe( NS_IMAGE, $this->name ); |
| 31 | 31 | //$this->imagePath = wfImagePath( $name ); |
| 32 | 32 | $hash = md5( $this->title->getDBkey() ); |
| 33 | 33 | $this->imagePath = $wgUploadDirectory . '/' . $hash{0} . '/' .substr( $hash, 0, 2 ) . "/{$name}"; |
| — | — | @@ -377,7 +377,7 @@ |
| 378 | 378 | 'img_user_text' => $wgUser->getName(), |
| 379 | 379 | ), $fname, 'IGNORE' |
| 380 | 380 | ); |
| 381 | | - $descTitle = Title::makeTitle( NS_IMAGE, $name ); |
| | 381 | + $descTitle = Title::makeTitleSafe( NS_IMAGE, $name ); |
| 382 | 382 | |
| 383 | 383 | if ( $dbw->affectedRows() ) { |
| 384 | 384 | # Successfully inserted, this is a new image |
| Index: trunk/phase3/includes/Skin.php |
| — | — | @@ -1696,7 +1696,7 @@ |
| 1697 | 1697 | } |
| 1698 | 1698 | # this can be passed the NS number as defined in Language.php |
| 1699 | 1699 | /*static*/ function makeNSUrl( $name, $urlaction='', $namespace=0 ) { |
| 1700 | | - $title = Title::makeTitle( $namespace, $name ); |
| | 1700 | + $title = Title::makeTitleSafe( $namespace, $name ); |
| 1701 | 1701 | $this->checkTitle($title, $name); |
| 1702 | 1702 | return $title->getLocalURL( $urlaction ); |
| 1703 | 1703 | } |
| — | — | @@ -1770,7 +1770,7 @@ |
| 1771 | 1771 | } |
| 1772 | 1772 | |
| 1773 | 1773 | function makeImageLink( $name, $url, $alt = '' ) { |
| 1774 | | - $nt = Title::makeTitle( Namespace::getImage(), $name ); |
| | 1774 | + $nt = Title::makeTitleSafe( NS_IMAGE, $name ); |
| 1775 | 1775 | return $this->makeImageLinkObj( $nt, $alt ); |
| 1776 | 1776 | } |
| 1777 | 1777 | |
| — | — | @@ -1903,7 +1903,7 @@ |
| 1904 | 1904 | # $img is an Image object |
| 1905 | 1905 | function makeThumbLinkObj( $img, $label = '', $align = 'right', $boxwidth = 180, $boxheight=false, $framed=false , $manual_thumb = "" ) { |
| 1906 | 1906 | global $wgStylePath, $wgLang; |
| 1907 | | - # $image = Title::makeTitle( Namespace::getImage(), $name ); |
| | 1907 | + # $image = Title::makeTitleSafe( NS_IMAGE, $name ); |
| 1908 | 1908 | $url = $img->getURL(); |
| 1909 | 1909 | |
| 1910 | 1910 | #$label = htmlspecialchars( $label ); |
| — | — | @@ -1945,7 +1945,7 @@ |
| 1946 | 1946 | |
| 1947 | 1947 | if ( $manual_thumb != '' ) # Use manually specified thumbnail |
| 1948 | 1948 | { |
| 1949 | | - $manual_title = Title::makeTitle( Namespace::getImage(), $manual_thumb ); #new Title ( $manual_thumb ) ; |
| | 1949 | + $manual_title = Title::makeTitleSafe( NS_IMAGE, $manual_thumb ); #new Title ( $manual_thumb ) ; |
| 1950 | 1950 | $manual_img = Image::newFromTitle( $manual_title ); |
| 1951 | 1951 | $thumbUrl = $manual_img->getURL(); |
| 1952 | 1952 | if ( $manual_img->exists() ) |
| — | — | @@ -1986,7 +1986,7 @@ |
| 1987 | 1987 | } |
| 1988 | 1988 | |
| 1989 | 1989 | function makeMediaLink( $name, $url, $alt = "" ) { |
| 1990 | | - $nt = Title::makeTitle( Namespace::getMedia(), $name ); |
| | 1990 | + $nt = Title::makeTitleSafe( Namespace::getMedia(), $name ); |
| 1991 | 1991 | return $this->makeMediaLinkObj( $nt, $alt ); |
| 1992 | 1992 | } |
| 1993 | 1993 | |
| Index: trunk/phase3/includes/OutputPage.php |
| — | — | @@ -829,7 +829,7 @@ |
| 830 | 830 | foreach ( $namespaces as $key => $val ) { |
| 831 | 831 | # Make title object |
| 832 | 832 | $dbk = $dbkeys[$key]; |
| 833 | | - $title = $titles[$key] = Title::makeTitle( $val, $dbk ); |
| | 833 | + $title = $titles[$key] = Title::makeTitleSafe( $val, $dbk ); |
| 834 | 834 | |
| 835 | 835 | # Skip invalid entries. |
| 836 | 836 | # Result will be ugly, but prevents crash. |
| Index: trunk/phase3/includes/SpecialBooksources.php |
| — | — | @@ -41,7 +41,7 @@ |
| 42 | 42 | |
| 43 | 43 | # First, see if we have a custom list setup in |
| 44 | 44 | # [[Wikipedia:Book sources]] or equivalent. |
| 45 | | - $bstitle = Title::makeTitle( NS_WIKIPEDIA, wfMsg( "booksources" ) ); |
| | 45 | + $bstitle = Title::makeTitleSafe( NS_WIKIPEDIA, wfMsg( "booksources" ) ); |
| 46 | 46 | $dbr =& wfGetDB( DB_SLAVE ); |
| 47 | 47 | $bstext = $dbr->selectField( 'cur', 'cur_text', $bstitle->curCond(), $fname ); |
| 48 | 48 | if( $bstext ) { |