Index: trunk/phase3/skins/MonoBook.php |
— | — | @@ -115,7 +115,7 @@ |
116 | 116 | <div id="content"> |
117 | 117 | <a name="top" id="top"></a> |
118 | 118 | <?php if($this->data['sitenotice']) { ?><div id="siteNotice"><?php $this->html('sitenotice') ?></div><?php } ?> |
119 | | - <h1 id="firstHeading" class="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1> |
| 119 | + <h1 id="firstHeading" class="firstHeading"><?php $this->html('title') ?></h1> |
120 | 120 | <div id="bodyContent"> |
121 | 121 | <h3 id="siteSub"><?php $this->msg('tagline') ?></h3> |
122 | 122 | <div id="contentSub"><?php $this->html('subtitle') ?></div> |
Index: trunk/phase3/skins/Modern.php |
— | — | @@ -102,7 +102,7 @@ |
103 | 103 | class="mediawiki <?php $this->text('dir') ?> <?php $this->text('pageclass') ?> <?php $this->text('skinnameclass') ?>"> |
104 | 104 | |
105 | 105 | <!-- heading --> |
106 | | - <div id="mw_header"><h1 id="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1></div> |
| 106 | + <div id="mw_header"><h1 id="firstHeading"><?php $this->html('title') ?></h1></div> |
107 | 107 | |
108 | 108 | <div id="mw_main"> |
109 | 109 | <div id="mw_contentwrapper"> |
Index: trunk/phase3/includes/GlobalFunctions.php |
— | — | @@ -606,7 +606,7 @@ |
607 | 607 | * @param $forContent Boolean |
608 | 608 | * @return String: the requested message. |
609 | 609 | */ |
610 | | -function wfMsgReal( $key, $args, $useDB = true, $forContent=false, $transform = true ) { |
| 610 | +function wfMsgReal( $key, $args, $useDB = true, $forContent = false, $transform = true ) { |
611 | 611 | wfProfileIn( __METHOD__ ); |
612 | 612 | $message = wfMsgGetKey( $key, $useDB, $forContent, $transform ); |
613 | 613 | $message = wfMsgReplaceArgs( $message, $args ); |
— | — | @@ -618,7 +618,7 @@ |
619 | 619 | * This function provides the message source for messages to be edited which are *not* stored in the database. |
620 | 620 | * @param $key String: |
621 | 621 | */ |
622 | | -function wfMsgWeirdKey ( $key ) { |
| 622 | +function wfMsgWeirdKey( $key ) { |
623 | 623 | $source = wfMsgGetKey( $key, false, true, false ); |
624 | 624 | if ( wfEmptyMsg( $key, $source ) ) |
625 | 625 | return ""; |
Index: trunk/phase3/includes/parser/CoreParserFunctions.php |
— | — | @@ -229,17 +229,15 @@ |
230 | 230 | * @param string $text Desired title text |
231 | 231 | * @return string |
232 | 232 | */ |
233 | | - static function displaytitle( $parser, $text = '' ) { |
234 | | - global $wgRestrictDisplayTitle; |
235 | | - $text = trim( Sanitizer::decodeCharReferences( $text ) ); |
| 233 | + static function displaytitle( $parser, $displayTitle = '' ) { |
| 234 | + #only requested titles that normalize to the actual title are allowed through |
| 235 | + #mimic the escaping process that occurs in OutputPage::setPageTitle |
| 236 | + $title = Title::newFromText( Sanitizer::stripAllTags( Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $displayTitle ) ) ) ); |
236 | 237 | |
237 | | - if ( !$wgRestrictDisplayTitle ) { |
238 | | - $parser->mOutput->setDisplayTitle( $text ); |
239 | | - } else { |
240 | | - $title = Title::newFromText( $text ); |
241 | | - if( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) |
242 | | - $parser->mOutput->setDisplayTitle( $text ); |
| 238 | + if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) { |
| 239 | + $parser->mOutput->setDisplayTitle( $displayTitle ); |
243 | 240 | } |
| 241 | + |
244 | 242 | return ''; |
245 | 243 | } |
246 | 244 | |
Index: trunk/phase3/includes/OutputPage.php |
— | — | @@ -320,18 +320,34 @@ |
321 | 321 | } |
322 | 322 | } |
323 | 323 | |
324 | | - public function setHTMLTitle( $name ) { $this->mHTMLtitle = $name; } |
| 324 | + /** |
| 325 | + * "HTML title" means the contents of <title>. It is stored as plain, unescaped text and will be run through htmlspecialchars in the skin file. |
| 326 | + */ |
| 327 | + public function setHTMLTitle( $name ) { |
| 328 | + $this->mHTMLtitle = $name; |
| 329 | + } |
| 330 | + |
| 331 | + /** |
| 332 | + * "Page title" means the contents of <h1>. It is stored as a valid HTML fragment. |
| 333 | + * This function allows good tags like <sup> in the <h1> tag, but not bad tags like <script>. |
| 334 | + * This function automatically sets <title> to the same content as <h1> but with all tags removed. |
| 335 | + * Bad tags that were escaped in <h1> will still be escaped in <title>, and good tags like <i> will be dropped entirely. |
| 336 | + */ |
325 | 337 | public function setPageTitle( $name ) { |
326 | 338 | global $wgContLang; |
327 | 339 | $name = $wgContLang->convert( $name, true ); |
328 | | - $this->mPagetitle = $name; |
| 340 | + # change "<script>foo&bar</script>" to "<script>foo&bar</script>" |
| 341 | + # but leave "<i>foobar</i>" alone |
| 342 | + $nameWithTags = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $name ) ); |
| 343 | + $this->mPagetitle = $nameWithTags; |
329 | 344 | |
330 | 345 | $taction = $this->getPageTitleActionText(); |
331 | 346 | if( !empty( $taction ) ) { |
332 | 347 | $name .= ' - '.$taction; |
333 | 348 | } |
334 | 349 | |
335 | | - $this->setHTMLTitle( wfMsg( 'pagetitle', $name ) ); |
| 350 | + # change "<i>foo&bar</i>" to "foo&bar" |
| 351 | + $this->setHTMLTitle( wfMsg( 'pagetitle', Sanitizer::stripAllTags( $nameWithTags ) ) ); |
336 | 352 | } |
337 | 353 | |
338 | 354 | public function setTitle( $t ) { |
Index: trunk/phase3/RELEASE-NOTES |
— | — | @@ -332,6 +332,7 @@ |
333 | 333 | * (bug 18009) $wgHooks and $wgExtensionFunctions now support closures |
334 | 334 | * (bug 17948) Maintenance scripts now exit(0) or exit(1) as appropriate |
335 | 335 | * (bug 18377) Time in Enhanced ChangesList lacking localisation |
| 336 | +* (bug 12998) Allow <sup>, <sub>, etc. in DISPLAYTITLE |
336 | 337 | |
337 | 338 | == API changes in 1.15 == |
338 | 339 | * (bug 16858) Revamped list=deletedrevs to make listing deleted contributions |