r50882 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r50881‎ \| r50882 \| r50883 >
Date:	09:35, 22 May 2009
Author:	nikerabbit
Status:	ok (Comments)
Tags:
Comment:	Escaping fixes
Modified paths:	/trunk/phase3/includes/Block.php (modified) (history) /trunk/phase3/includes/ChangesList.php (modified) (history) /trunk/phase3/includes/EditPage.php (modified) (history) /trunk/phase3/includes/Linker.php (modified) (history) /trunk/phase3/includes/LogEventsList.php (modified) (history) /trunk/phase3/includes/LogPage.php (modified) (history) /trunk/phase3/includes/OutputPage.php (modified) (history) /trunk/phase3/includes/PageHistory.php (modified) (history) /trunk/phase3/includes/Pager.php (modified) (history) /trunk/phase3/includes/Preferences.php (modified) (history) /trunk/phase3/includes/QueryPage.php (modified) (history) /trunk/phase3/includes/Skin.php (modified) (history) /trunk/phase3/includes/diff/DifferenceEngine.php (modified) (history) /trunk/phase3/includes/specials/SpecialAncientpages.php (modified) (history) /trunk/phase3/includes/specials/SpecialContributions.php (modified) (history) /trunk/phase3/includes/specials/SpecialDeletedContributions.php (modified) (history) /trunk/phase3/includes/specials/SpecialDoubleRedirects.php (modified) (history) /trunk/phase3/includes/specials/SpecialFewestrevisions.php (modified) (history) /trunk/phase3/includes/specials/SpecialIpblocklist.php (modified) (history) /trunk/phase3/includes/specials/SpecialListfiles.php (modified) (history) /trunk/phase3/includes/specials/SpecialListgrouprights.php (modified) (history) /trunk/phase3/includes/specials/SpecialListusers.php (modified) (history) /trunk/phase3/includes/specials/SpecialNewimages.php (modified) (history) /trunk/phase3/includes/specials/SpecialNewpages.php (modified) (history) /trunk/phase3/includes/specials/SpecialPrefixindex.php (modified) (history) /trunk/phase3/includes/specials/SpecialProtectedpages.php (modified) (history) /trunk/phase3/includes/specials/SpecialRecentchangeslinked.php (modified) (history) /trunk/phase3/includes/specials/SpecialResetpass.php (modified) (history) /trunk/phase3/includes/specials/SpecialRevisiondelete.php (modified) (history) /trunk/phase3/includes/specials/SpecialUndelete.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserrights.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/PageHistory.php
—	—	@@ -373,6 +373,7 @@
374	374	function revLink( $rev ) {
375	375	global $wgLang;
376	376	$date = $wgLang->timeanddate( wfTimestamp(TS_MW, $rev->getTimestamp()), true );
	377	+ $date = htmlspecialchars( $date );
377	378	if( !$rev->isDeleted( Revision::DELETED_TEXT ) ) {
378	379	$link = $this->mSkin->makeKnownLinkObj( $this->mTitle, $date, "oldid=" . $rev->getId() );
379	380	} else {
Index: trunk/phase3/includes/Preferences.php
—	—	@@ -122,7 +122,7 @@
123	123	'type' => 'info',
124	124	'label' => wfMsgExt( 'prefs-memberingroups', 'parseinline',
125	125	count($userEffectiveGroupsArray) ),
126		~~- 'default' => $wgLang->commaList( $userEffectiveGroupsArray ),~~
	126	+ 'default' => htmlspecialchars( $wgLang->commaList( $userEffectiveGroupsArray ) ),
127	127	'raw' => true,
128	128	'section' => 'personal/info',
129	129	);
—	—	@@ -301,19 +301,19 @@
302	302	$time = $wgLang->timeAndDate( $user->getEmailAuthenticationTimestamp(), true );
303	303	$d = $wgLang->date( $user->getEmailAuthenticationTimestamp(), true );
304	304	$t = $wgLang->time( $user->getEmailAuthenticationTimestamp(), true );
305		~~- $emailauthenticated = wfMsg('emailauthenticated', $time, $d, $t ).'<br />';~~
	305	+ $emailauthenticated = htmlspecialchars(wfMsg('emailauthenticated', $time, $d, $t )).'<br />';
306	306	$disableEmailPrefs = false;
307	307	} else {
308	308	$disableEmailPrefs = true;
309	309	global $wgUser; // wgUser is okay here, it's for display
310	310	$skin = $wgUser->getSkin();
311		~~- $emailauthenticated = wfMsg('emailnotauthenticated').'<br />' .~~
	311	+ $emailauthenticated = wfMsgHtml('emailnotauthenticated').'<br />' .
312	312	$skin->makeKnownLinkObj( SpecialPage::getTitleFor( 'Confirmemail' ),
313	313	wfMsg( 'emailconfirmlink' ) ) . '<br />';
314	314	}
315	315	} else {
316	316	$disableEmailPrefs = true;
317		~~- $emailauthenticated = wfMsg( 'noemailprefs' );~~
	317	+ $emailauthenticated = wfMsgHtml( 'noemailprefs' );
318	318	}
319	319
320	320	$defaultPreferences['emailauthentication'] =
—	—	@@ -413,7 +413,7 @@
414	414	array(
415	415	'type' => 'radio',
416	416	'options' =>
417		~~- array_flip( array_map( 'wfMsg', $wgLang->getMathNames() ) ),~~
	417	+ array_flip( array_map( 'wfMsgHtml', $wgLang->getMathNames() ) ),
418	418	'label' => ' ',
419	419	'section' => 'rendering/math',
420	420	);
—	—	@@ -848,6 +848,7 @@
849	849
850	850	if (!$displayNs) $displayNs = wfMsg( 'blanknamespace' );
851	851
	852	+ $displayNs = htmlspecialchars( $displayNs );
852	853	$nsOptions[$displayNs] = $ns;
853	854	}
854	855
—	—	@@ -882,7 +883,7 @@
883	884	$ret = array();
884	885
885	886	$mptitle = Title::newMainPage();
886		~~- $previewtext = wfMsg( 'skin-preview' );~~
	887	+ $previewtext = wfMsgHtml( 'skin-preview' );
887	888	# Only show members of Skin::getSkinNames() rather than
888	889	# $skinNames (skins is all skin names from Language.php)
889	890	$validSkinNames = Skin::getUsableSkins();
—	—	@@ -892,7 +893,7 @@
893	894	$msgName = "skinname-{$skinkey}";
894	895	$localisedSkinName = wfMsg( $msgName );
895	896	if ( !wfEmptyMsg( $msgName, $localisedSkinName ) ) {
896		~~- $skinname = $localisedSkinName;~~
	897	+ $skinname = htmlspecialchars($localisedSkinName);
897	898	}
898	899	}
899	900	asort($validSkinNames);
—	—	@@ -905,7 +906,7 @@
906	907	global $wgAllowUserCss, $wgAllowUserJs;
907	908	if( $wgAllowUserCss ) {
908	909	$cssPage = Title::makeTitleSafe( NS_USER, $user->getName().'/'.$skinkey.'.css' );
909		~~- $customCSS = $sk->link( $cssPage, wfMsgExt( 'prefs-custom-css', array() ) );~~
	910	+ $customCSS = $sk->link( $cssPage, wfMsgHtml( 'prefs-custom-css' ) );
910	911	$extraLinks .= " ($customCSS)";
911	912	}
912	913	if( $wgAllowUserJs ) {
—	—	@@ -914,7 +915,7 @@
915	916	$extraLinks .= " ($customJS)";
916	917	}
917	918	if( $skinkey == $wgDefaultSkin )
918		~~- $sn .= ' (' . wfMsg( 'default' ) . ')';~~
	919	+ $sn .= ' (' . wfMsgHtml( 'default' ) . ')';
919	920	$display = "$sn $previewlink{$extraLinks}";
920	921	$ret[$display] = $skinkey;
921	922	}
—	—	@@ -933,9 +934,9 @@
934	935	$epoch = '20010115161234'; # Wikipedia day
935	936	foreach( $dateopts as $key ) {
936	937	if( $key == 'default' ) {
937		~~- $formatted = wfMsg( 'datedefault' );~~
	938	+ $formatted = wfMsgHtml( 'datedefault' );
938	939	} else {
939		~~- $formatted = $wgLang->timeanddate( $epoch, false, $key );~~
	940	+ $formatted = htmlspecialchars($wgLang->timeanddate( $epoch, false, $key ));
940	941	}
941	942	$ret[$formatted] = $key;
942	943	}
—	—	@@ -1222,7 +1223,7 @@
1223	1224	$sk = $wgUser->getSkin();
1224	1225	$t = SpecialPage::getTitleFor( 'Preferences', 'reset' );
1225	1226
1226		~~- $html .= "\n" . $sk->link( $t, wfMsg( 'restoreprefs' ) );~~
	1227	+ $html .= "\n" . $sk->link( $t, wfMsgHtml( 'restoreprefs' ) );
1227	1228
1228	1229	$html = Xml::tags( 'div', array( 'class' => 'mw-prefs-buttons' ), $html );
1229	1230
Index: trunk/phase3/includes/specials/SpecialUserrights.php
—	—	@@ -421,7 +421,7 @@
422	422	private static function buildGroupLink( $group ) {
423	423	static $cache = array();
424	424	if( !isset( $cache[$group] ) )
425		~~- $cache[$group] = User::makeGroupLinkHtml( $group, User::getGroupName( $group ) );~~
	425	+ $cache[$group] = User::makeGroupLinkHtml( $group, htmlspecialchars( User::getGroupName( $group ) ) );
426	426	return $cache[$group];
427	427	}
428	428
Index: trunk/phase3/includes/specials/SpecialFewestrevisions.php
—	—	@@ -57,9 +57,9 @@
58	58
59	59	$plink = $skin->makeKnownLinkObj( $nt, $text );
60	60
61		~~- $nl = wfMsgExt( 'nrevisions', array( 'parsemag', 'escape'),~~
	61	+ $nl = wfMsgExt( 'nrevisions', array( 'parsemag', 'escape' ),
62	62	$wgLang->formatNum( $result->value ) );
63		~~- $redirect = $result->redirect ? ' - ' . wfMsg( 'isredirect' ) : '';~~
	63	+ $redirect = $result->redirect ? ' - ' . wfMsgHtml( 'isredirect' ) : '';
64	64	$nlink = $skin->makeKnownLinkObj( $nt, $nl, 'action=history' ) . $redirect;
65	65
66	66
Index: trunk/phase3/includes/specials/SpecialRecentchangeslinked.php
—	—	@@ -171,7 +171,7 @@
172	172	$opts->consumeValues( array( 'showlinkedto', 'target' ) );
173	173	$extraOpts = array();
174	174	$extraOpts['namespace'] = $this->namespaceFilterForm( $opts );
175		~~- $extraOpts['target'] = array( wfMsg( 'recentchangeslinked-page' ),~~
	175	+ $extraOpts['target'] = array( wfMsgHtml( 'recentchangeslinked-page' ),
176	176	Xml::input( 'target', 40, str_replace('_',' ',$opts['target']) ) .
177	177	Xml::check( 'showlinkedto', $opts['showlinkedto'], array('id' => 'showlinkedto') ) . ' ' .
178	178	Xml::label( wfMsg("recentchangeslinked-to"), 'showlinkedto' ) );
Index: trunk/phase3/includes/specials/SpecialUndelete.php
—	—	@@ -897,7 +897,7 @@
898	898	$targetPage,
899	899	wfMsgHtml(
900	900	'revisionasof',
901		~~- $wgLang->timeanddate( $rev->getTimestamp(), true )~~
	901	+ htmlspecialchars( $wgLang->timeanddate( $rev->getTimestamp(), true ) )
902	902	),
903	903	array(),
904	904	$targetQuery
—	—	@@ -1150,7 +1150,7 @@
1151	1151	}
1152	1152	} else {
1153	1153	$checkBox = '';
1154		~~- $pageLink = $wgLang->timeanddate( $ts, true );~~
	1154	+ $pageLink = htmlspecialchars( $wgLang->timeanddate( $ts, true ) );
1155	1155	$last = wfMsgHtml('diff');
1156	1156	}
1157	1157	$userLink = $sk->revUserTools( $rev );
—	—	@@ -1224,10 +1224,12 @@
1225	1225	function getPageLink( $rev, $titleObj, $ts, $sk ) {
1226	1226	global $wgLang;
1227	1227
	1228	+ $time = htmlspecialchars( $wgLang->timeanddate( $ts, true ) );
	1229	+
1228	1230	if( !$rev->userCan(Revision::DELETED_TEXT) ) {
1229		~~- return '<span class="history-deleted">' . $wgLang->timeanddate( $ts, true ) . '</span>';~~
	1231	+ return '<span class="history-deleted">' . $time . '</span>';
1230	1232	} else {
1231		~~- $link = $sk->makeKnownLinkObj( $titleObj, $wgLang->timeanddate( $ts, true ),~~
	1233	+ $link = $sk->makeKnownLinkObj( $titleObj, $time,
1232	1234	"target=".$this->mTargetObj->getPrefixedUrl()."&timestamp=$ts" );
1233	1235	if( $rev->isDeleted(Revision::DELETED_TEXT) )
1234	1236	$link = '<span class="history-deleted">' . $link . '</span>';
Index: trunk/phase3/includes/specials/SpecialNewpages.php
—	—	@@ -254,7 +254,7 @@
255	255	$dm = $wgContLang->getDirMark();
256	256
257	257	$title = Title::makeTitleSafe( $result->rc_namespace, $result->rc_title );
258		~~- $time = $wgLang->timeAndDate( $result->rc_timestamp, true );~~
	258	+ $time = htmlspecialchars( $wgLang->timeAndDate( $result->rc_timestamp, true ) );
259	259	$query = $this->patrollable( $result ) ? "rcid={$result->rc_id}&redirect=no" : 'redirect=no';
260	260	$plink = $this->skin->makeKnownLinkObj( $title, '', $query );
261	261	$hist = $this->skin->makeKnownLinkObj( $title, wfMsgHtml( 'hist' ), 'action=history' );
Index: trunk/phase3/includes/specials/SpecialIpblocklist.php
—	—	@@ -384,11 +384,10 @@
385	385	if( is_null( $msg ) ) {
386	386	$msg = array();
387	387	$keys = array( 'infiniteblock', 'expiringblock', 'unblocklink', 'change-blocklink',
388		~~- 'anononlyblock', 'createaccountblock', 'noautoblockblock', 'emailblock', 'blocklist-nousertalk' );~~
	388	+ 'anononlyblock', 'createaccountblock', 'noautoblockblock', 'emailblock', 'blocklist-nousertalk', 'blocklistline' );
389	389	foreach( $keys as $key ) {
390	390	$msg[$key] = wfMsgHtml( $key );
391	391	}
392		~~- $msg['blocklistline'] = wfMsg( 'blocklistline' );~~
393	392	}
394	393
395	394	# Prepare links to the blocker's user and talk pages
—	—	@@ -405,7 +404,7 @@
406	405	. $sk->userToolLinks( $block->mUser, $block->mAddress, false, Linker::TOOL_LINKS_NOBLOCK );
407	406	}
408	407
409		~~- $formattedTime = $wgLang->timeanddate( $block->mTimestamp, true );~~
	408	+ $formattedTime = htmlspecialchars( $wgLang->timeanddate( $block->mTimestamp, true ) );
410	409
411	410	$properties = array();
412	411	$properties[] = Block::formatExpiry( $block->mExpiry );
—	—	@@ -443,7 +442,7 @@
444	443
445	444	# Create changeblocklink for all blocks with exception of autoblocks
446	445	if( !$block->mAuto ) {
447		~~- $changeblocklink = wfMsg( 'pipe-separator' ) .~~
	446	+ $changeblocklink = wfMsgExt( 'pipe-separator', 'escapenoentities' ) .
448	447	$sk->link( SpecialPage::getTitleFor( 'Blockip', $block->mAddress ),
449	448	$msg['change-blocklink'],
450	449	array(), array(), 'known' );
—	—	@@ -451,7 +450,7 @@
452	451	$toolLinks = "($unblocklink$changeblocklink)";
453	452	}
454	453
455		~~- $comment = $sk->commentBlock( $block->mReason );~~
	454	+ $comment = $sk->commentBlock( htmlspecialchars($block->mReason) );
456	455
457	456	$s = "{$line} $comment";
458	457	if ( $block->mHideName )
Index: trunk/phase3/includes/specials/SpecialListfiles.php
—	—	@@ -127,7 +127,7 @@
128	128	global $wgLang;
129	129	switch ( $field ) {
130	130	case 'img_timestamp':
131		~~- return $wgLang->timeanddate( $value, true );~~
	131	+ return htmlspecialchars( $wgLang->timeanddate( $value, true ) );
132	132	case 'img_name':
133	133	static $imgfile = null;
134	134	if ( $imgfile === null ) $imgfile = wfMsg( 'imgfile' );
Index: trunk/phase3/includes/specials/SpecialRevisiondelete.php
—	—	@@ -701,7 +701,7 @@
702	702	private function logLine( $row ) {
703	703	global $wgLang;
704	704
705		~~- $date = $wgLang->timeanddate( $row->log_timestamp );~~
	705	+ $date = htmlspecialchars( $wgLang->timeanddate( $row->log_timestamp ) );
706	706	$paramArray = LogPage::extractParams( $row->log_params );
707	707	$title = Title::makeTitle( $row->log_namespace, $row->log_title );
708	708
Index: trunk/phase3/includes/specials/SpecialPrefixindex.php
—	—	@@ -170,7 +170,7 @@
171	171	$nsForm .
172	172	'</td>
173	173	<td id="mw-prefixindex-nav-form">' .
174		~~- $sk->makeKnownLinkObj( $self, wfMsg ( 'allpages' ) );~~
	174	+ $sk->makeKnownLinkObj( $self, wfMsgHtml( 'allpages' ) );
175	175
176	176	if( isset( $res ) && $res && ( $n == $this->maxPerPage ) && ( $s = $res->fetchObject() ) ) {
177	177	$namespaceparam = $namespace ? "&namespace=$namespace" : "";
Index: trunk/phase3/includes/specials/SpecialContributions.php
—	—	@@ -513,7 +513,7 @@
514	514
515	515	$comment = $wgContLang->getDirMark() . $sk->revComment( $rev, false, true );
516	516	$date = $wgLang->timeanddate( wfTimestamp( TS_MW, $row->rev_timestamp ), true );
517		~~- $d = $sk->makeKnownLinkObj( $page, $date, 'oldid='.intval($row->rev_id) );~~
	517	+ $d = $sk->makeKnownLinkObj( $page, htmlspecialchars($date), 'oldid='.intval($row->rev_id) );
518	518
519	519	if( $this->target == 'newbies' ) {
520	520	$userlink = ' . . ' . $sk->userLink( $row->rev_user, $row->rev_user_text );
Index: trunk/phase3/includes/specials/SpecialListgrouprights.php
—	—	@@ -41,7 +41,7 @@
42	42	);
43	43
44	44	foreach( $wgGroupPermissions as $group => $permissions ) {
45		~~- $groupname = ( $group == '' ) ? 'all' : htmlspecialchars( $group ); // Replace with a more descriptive groupname~~
	45	+ $groupname = ( $group == '' ) ? 'all' : $group; // Replace with a more descriptive groupname
46	46
47	47	$msg = wfMsg( 'group-' . $groupname );
48	48	if ( wfEmptyMsg( 'group-' . $groupname, $msg ) \|\| $msg == '' ) {
—	—	@@ -59,9 +59,9 @@
60	60
61	61	if( $group == '*' ) {
62	62	// Do not make a link for the generic * group
63		~~- $grouppage = $groupnameLocalized;~~
	63	+ $grouppage = htmlspecialchars($groupnameLocalized);
64	64	} else {
65		~~- $grouppage = $this->skin->makeLink( $grouppageLocalized, $groupnameLocalized );~~
	65	+ $grouppage = $this->skin->makeLink( $grouppageLocalized, htmlspecialchars($groupnameLocalized) );
66	66	}
67	67
68	68	if ( $group === 'user' ) {
Index: trunk/phase3/includes/specials/SpecialDeletedContributions.php
—	—	@@ -83,7 +83,7 @@
84	84	$limits = $wgLang->pipeList( $limitLinks );
85	85
86	86	$this->mNavigationBar = "(" . $wgLang->pipeList( array( $pagingLinks['first'], $pagingLinks['last'] ) ) . ") " .
87		~~- wfMsgExt( 'viewprevnext', array( 'parsemag' ), $pagingLinks['prev'], $pagingLinks['next'], $limits );~~
	87	+ wfMsgExt( 'viewprevnext', array( 'parsemag', 'escape', 'replaceafter' ), $pagingLinks['prev'], $pagingLinks['next'], $limits );
88	88	return $this->mNavigationBar;
89	89	}
90	90
—	—	@@ -145,7 +145,7 @@
146	146	"&diff=prev" );
147	147
148	148	$comment = $sk->revComment( $rev );
149		~~- $d = $wgLang->timeanddate( $rev->getTimestamp(), true );~~
	149	+ $d = htmlspecialchars( $wgLang->timeanddate( $rev->getTimestamp(), true ) );
150	150
151	151	if( $rev->isDeleted( Revision::DELETED_TEXT ) ) {
152	152	$d = '<span class="history-deleted">' . $d . '</span>';
Index: trunk/phase3/includes/specials/SpecialListusers.php
—	—	@@ -135,7 +135,7 @@
136	136	global $wgEdititis;
137	137	if ( $wgEdititis ) {
138	138	$editCount = $wgLang->formatNum( $row->edits );
139		~~- $edits = ' [' . wfMsgExt( 'usereditcount', 'parsemag', $editCount ) . ']';~~
	139	+ $edits = ' [' . wfMsgExt( 'usereditcount', array( 'parsemag', 'escape' ), $editCount ) . ']';
140	140	} else {
141	141	$edits = '';
142	142	}
—	—	@@ -145,7 +145,8 @@
146	146	if( $row->creation ) {
147	147	$d = $wgLang->date( wfTimestamp( TS_MW, $row->creation ), true );
148	148	$t = $wgLang->time( wfTimestamp( TS_MW, $row->creation ), true );
149		~~- $created = ' (' . wfMsgHtml( 'usercreated', $d, $t ) . ')';~~
	149	+ $created = ' (' . wfMsg( 'usercreated', $d, $t ) . ')';
	150	+ $created = htmlspecialchars( $created );
150	151	}
151	152
152	153	wfRunHooks( 'SpecialListusersFormatRow', array( &$item, $row ) );
—	—	@@ -251,7 +252,7 @@
252	253	protected static function buildGroupLink( $group ) {
253	254	static $cache = array();
254	255	if( !isset( $cache[$group] ) )
255		~~- $cache[$group] = User::makeGroupLinkHtml( $group, User::getGroupMember( $group ) );~~
	256	+ $cache[$group] = User::makeGroupLinkHtml( $group, htmlspecialchars( User::getGroupMember( $group ) ) );
256	257	return $cache[$group];
257	258	}
258	259	}
Index: trunk/phase3/includes/specials/SpecialAncientpages.php
—	—	@@ -47,7 +47,7 @@
48	48	$d = $wgLang->timeanddate( wfTimestamp( TS_MW, $result->value ), true );
49	49	$title = Title::makeTitle( $result->namespace, $result->title );
50	50	$link = $skin->makeKnownLinkObj( $title, htmlspecialchars( $wgContLang->convert( $title->getPrefixedText() ) ) );
51		~~- return wfSpecialList($link, $d);~~
	51	+ return wfSpecialList($link, htmlspecialchars($d) );
52	52	}
53	53	}
54	54
Index: trunk/phase3/includes/specials/SpecialResetpass.php
—	—	@@ -142,7 +142,7 @@
143	143	if ( $type != 'text' )
144	144	$out .= Xml::label( wfMsg( $label ), $name );
145	145	else
146		~~- $out .= wfMsg( $label );~~
	146	+ $out .= wfMsgHtml( $label );
147	147	$out .= '</td>';
148	148	$out .= "<td class='mw-input'>";
149	149	$out .= $field;
Index: trunk/phase3/includes/specials/SpecialProtectedpages.php
—	—	@@ -86,7 +86,7 @@
87	87	$expiry_description = wfMsg( 'protect-expiring' , $wgLang->timeanddate( $expiry ) ,
88	88	$wgLang->date( $expiry ) , $wgLang->time( $expiry ) );
89	89
90		~~- $description_items[] = $expiry_description;~~
	90	+ $description_items[] = htmlspecialchars($expiry_description);
91	91	}
92	92
93	93	if(!is_null($size = $row->page_len)) {
Index: trunk/phase3/includes/specials/SpecialNewimages.php
—	—	@@ -128,7 +128,7 @@
129	129	$nt = Title::newFromText( $name, NS_FILE );
130	130	$ul = $sk->link( Title::makeTitle( NS_USER, $ut ), $ut );
131	131
132		~~- $gallery->add( $nt, "$ul<br />\n<i>".$wgLang->timeanddate( $s->img_timestamp, true )."</i><br />\n" );~~
	132	+ $gallery->add( $nt, "$ul<br />\n<i>".htmlspecialchars($wgLang->timeanddate( $s->img_timestamp, true ))."</i><br />\n" );
133	133
134	134	$timestamp = wfTimestamp( TS_MW, $s->img_timestamp );
135	135	if( empty( $firstTimestamp ) ) {
—	—	@@ -170,7 +170,7 @@
171	171	$now = wfTimestampNow();
172	172	$d = $wgLang->date( $now, true );
173	173	$t = $wgLang->time( $now, true );
174		~~- $dateLink = $sk->makeKnownLinkObj( $titleObj, wfMsgHtml( 'sp-newimages-showfrom', $d, $t ),~~
	174	+ $dateLink = $sk->makeKnownLinkObj( $titleObj, htmlspecialchars( wfMsg( 'sp-newimages-showfrom', $d, $t ) ),
175	175	'from='.$now.$botpar.$searchpar );
176	176
177	177	$botLink = $sk->makeKnownLinkObj($titleObj, wfMsgHtml( 'showhidebots',
Index: trunk/phase3/includes/specials/SpecialDoubleRedirects.php
—	—	@@ -81,7 +81,7 @@
82	82	$titleC = Title::makeTitle( $result->nsc, $result->tc );
83	83
84	84	$linkA = $skin->makeKnownLinkObj( $titleA, '', 'redirect=no' );
85		~~- $edit = $skin->makeBrokenLinkObj( $titleA, "(".wfMsg("qbedit").")" , 'redirect=no');~~
	85	+ $edit = $skin->makeBrokenLinkObj( $titleA, "(".wfMsgHtml("qbedit").")" , 'redirect=no');
86	86	$linkB = $skin->makeKnownLinkObj( $titleB, '', 'redirect=no' );
87	87	$linkC = $skin->makeKnownLinkObj( $titleC );
88	88	$arr = $wgContLang->getArrow() . $wgContLang->getDirMark();
Index: trunk/phase3/includes/Skin.php
—	—	@@ -1634,20 +1634,20 @@
1635	1635	}
1636	1636
1637	1637	function historyLink() {
1638		~~- return $this->link( $this->mTitle, wfMsg( 'history' ),~~
	1638	+ return $this->link( $this->mTitle, wfMsgHtml( 'history' ),
1639	1639	array( 'rel' => 'archives' ), array( 'action' => 'history' ) );
1640	1640	}
1641	1641
1642	1642	function whatLinksHere() {
1643	1643	return $this->makeKnownLinkObj(
1644	1644	SpecialPage::getTitleFor( 'Whatlinkshere', $this->mTitle->getPrefixedDBkey() ),
1645		~~- wfMsg( 'whatlinkshere' ) );~~
	1645	+ wfMsgHtml( 'whatlinkshere' ) );
1646	1646	}
1647	1647
1648	1648	function userContribsLink() {
1649	1649	return $this->makeKnownLinkObj(
1650	1650	SpecialPage::getTitleFor( 'Contributions', $this->mTitle->getDBkey() ),
1651		~~- wfMsg( 'contributions' ) );~~
	1651	+ wfMsgHtml( 'contributions' ) );
1652	1652	}
1653	1653
1654	1654	function showEmailUser( $id ) {
Index: trunk/phase3/includes/EditPage.php
—	—	@@ -1286,8 +1286,8 @@
1287	1287	#if ( "no" == $redirect ) { $q .= "&redirect=no"; }
1288	1288	$action = $wgTitle->escapeLocalURL( $q );
1289	1289
1290		~~- $summary = wfMsg( 'summary' );~~
1291		~~- $subject = wfMsg( 'subject' );~~
	1290	+ $summary = wfMsgExt( 'summary', 'parseinline' );
	1291	+ $subject = wfMsgExt( 'subject', 'parseinline' );
1292	1292
1293	1293	$cancel = $sk->makeKnownLink( $wgTitle->getPrefixedText(),
1294	1294	wfMsgExt('cancel', array('parseinline')) );
—	—	@@ -1384,7 +1384,8 @@
1385	1385	$editsummary = "<div class='editOptions'>\n";
1386	1386	global $wgParser;
1387	1387	$formattedSummary = wfMsgForContent( 'newsectionsummary', $wgParser->stripSectionName( $this->summary ) );
1388		~~- $subjectpreview = $summarytext && $this->preview ? "<div class=\"mw-summary-preview\">". wfMsg('subject-preview') . $sk->commentBlock( $formattedSummary, $this->mTitle, true )."</div>\n" : '';~~
	1388	+ $subjectpreview = $summarytext && $this->preview ?
	1389	+ "<div class=\"mw-summary-preview\">". wfMsgExt('subject-preview', 'parseinline') . $sk->commentBlock( $formattedSummary, $this->mTitle, true )."</div>\n" : '';
1389	1390	$summarypreview = '';
1390	1391	} else {
1391	1392	$commentsubject = '';
—	—	@@ -1414,7 +1415,7 @@
1415	1416	$summarypreview =
1416	1417	Xml::tags( 'div',
1417	1418	array( 'class' => 'mw-summary-preview' ),
1418		~~- wfMsg( 'summary-preview' ) .~~
	1419	+ wfMsgExt( 'summary-preview', 'parseinline' ) .
1419	1420	$sk->commentBlock( $this->summary, $this->mTitle )
1420	1421	);
1421	1422	}
Index: trunk/phase3/includes/Block.php
—	—	@@ -826,7 +826,7 @@
827	827	* Convert a DB-encoded expiry into a real string that humans can read.
828	828	*
829	829	* @param $encoded_expiry String: Database encoded expiry time
830		~~- * @return String~~
	830	+ * @return Html-escaped String
831	831	*/
832	832	public static function formatExpiry( $encoded_expiry ) {
833	833	static $msg = null;
—	—	@@ -844,7 +844,7 @@
845	845	$expirystr = $msg['infiniteblock'];
846	846	} else {
847	847	global $wgLang;
848		~~- $expiretimestr = $wgLang->timeanddate( $expiry, true );~~
	848	+ $expiretimestr = htmlspecialchars($wgLang->timeanddate( $expiry, true ));
849	849	$expirystr = wfMsgReplaceArgs( $msg['expiringblock'], array($expiretimestr) );
850	850	}
851	851	return $expirystr;
Index: trunk/phase3/includes/Pager.php
—	—	@@ -607,8 +607,8 @@
608	608	}
609	609	$nicenumber = $wgLang->formatNum( $this->mLimit );
610	610	$linkTexts = array(
611		~~- 'prev' => wfMsgExt( 'pager-newer-n', array( 'parsemag' ), $nicenumber ),~~
612		~~- 'next' => wfMsgExt( 'pager-older-n', array( 'parsemag' ), $nicenumber ),~~
	611	+ 'prev' => wfMsgExt( 'pager-newer-n', array( 'parsemag', 'escape' ), $nicenumber ),
	612	+ 'next' => wfMsgExt( 'pager-older-n', array( 'parsemag', 'escape' ), $nicenumber ),
613	613	'first' => wfMsgHtml( 'histlast' ),
614	614	'last' => wfMsgHtml( 'histfirst' )
615	615	);
Index: trunk/phase3/includes/OutputPage.php
—	—	@@ -1444,7 +1444,7 @@
1445	1445	public function addReturnTo( $title ) {
1446	1446	global $wgUser;
1447	1447	$this->addLink( array( 'rel' => 'next', 'href' => $title->getFullUrl() ) );
1448		~~- $link = wfMsg( 'returnto', $wgUser->getSkin()->link( $title ) );~~
	1448	+ $link = wfMsgHtml( 'returnto', $wgUser->getSkin()->link( $title ) );
1449	1449	$this->addHTML( "<p>{$link}</p>\n" );
1450	1450	}
1451	1451
Index: trunk/phase3/includes/LogPage.php
—	—	@@ -173,7 +173,7 @@
174	174	}
175	175	if( isset( $wgLogActions[$key] ) ) {
176	176	if( is_null( $title ) ) {
177		~~- $rv = wfMsg( $wgLogActions[$key] );~~
	177	+ $rv = wfMsgHtml( $wgLogActions[$key] );
178	178	} else {
179	179	$titleLink = self::getTitleLink( $type, $skin, $title, $params );
180	180	if( $key == 'rights/rights' ) {
—	—	@@ -194,9 +194,9 @@
195	195	}
196	196	if( count( $params ) == 0 ) {
197	197	if ( $skin ) {
198		~~- $rv = wfMsg( $wgLogActions[$key], $titleLink );~~
	198	+ $rv = wfMsgHtml( $wgLogActions[$key], $titleLink );
199	199	} else {
200		~~- $rv = wfMsgForContent( $wgLogActions[$key], $titleLink );~~
	200	+ $rv = wfMsgExt( $wgLogActions[$key], array( 'parsemag', 'escape', 'replaceafter', 'content' ), $titleLink );
201	201	}
202	202	} else {
203	203	$details = '';
—	—	@@ -243,7 +243,11 @@
244	244	$nfield = intval( substr( $params[3], 7 ) ); // <nfield=x>
245	245	$details .= ': '.RevisionDeleter::getLogMessage( $count, $nfield, $ofield, true );
246	246	}
247		~~- $rv = wfMsgReal( $wgLogActions[$key], $params, true, !$skin ) . $details;~~
	247	+ if ( $skin ) {
	248	+ $rv = wfMsgHtml( $wgLogActions[$key], $params ) . $details;
	249	+ } else {
	250	+ $rv = wfMsgExt( $wgLogActions[$key], array( 'parsemag', 'escape', 'replaceafter', 'content' ), $params ) . $details;
	251	+ }
248	252	}
249	253	}
250	254	} else {
Index: trunk/phase3/includes/QueryPage.php
—	—	@@ -585,7 +585,7 @@
586	586	return wfSpecialList( $pageLink, $this->makeWlhLink( $title, $skin, $result ) );
587	587	} else {
588	588	$tsafe = htmlspecialchars( $result->title );
589		~~- return wfMsg( 'wantedpages-badtitle', $tsafe );~~
	589	+ return wfMsgHtml( 'wantedpages-badtitle', $tsafe );
590	590	}
591	591	}
592	592
Index: trunk/phase3/includes/ChangesList.php
—	—	@@ -176,7 +176,7 @@
177	177	if( '' != $this->lastdate ) {
178	178	$s .= "</ul>\n";
179	179	}
180		~~- $s .= '<h4>'.$date."</h4>\n<ul class=\"special\">";~~
	180	+ $s .= Xml::element( 'h4', null, $date ) . "\n<ul class=\"special\">";
181	181	$this->lastdate = $date;
182	182	$this->rclistOpen = true;
183	183	}
—	—	@@ -517,7 +517,7 @@
518	518	# Process current cache
519	519	$ret = $this->recentChangesBlock();
520	520	$this->rc_cache = array();
521		~~- $ret .= "<h4>{$date}</h4>\n";~~
	521	+ $ret .= Xml::element( 'h4', null, $date );
522	522	$this->lastdate = $date;
523	523	}
524	524
Index: trunk/phase3/includes/Linker.php
—	—	@@ -1276,7 +1276,7 @@
1277	1277	}
1278	1278	if ( $sectionTitle ) {
1279	1279	$link = $this->link( $sectionTitle,
1280		~~- wfMsgForContent( 'sectionlink' ), array(), array(),~~
	1280	+ htmlspecialchars( wfMsgForContent( 'sectionlink' ) ), array(), array(),
1281	1281	'noclasses' );
1282	1282	} else {
1283	1283	$link = '';
Index: trunk/phase3/includes/LogEventsList.php
—	—	@@ -355,6 +355,8 @@
356	356	$revert = '<span class="mw-logevent-actionlink">' . $revert . '</span>';
357	357	}
358	358
	359	+ $time = htmlspecialchars( $time );
	360	+
359	361	return Xml::tags( 'li', array( "class" => implode( ' ', $classes ) ),
360	362	$del . $time . ' ' . $userLink . ' ' . $action . ' ' . $comment . ' ' . $revert . " $tagDisplay" ) . "\n";
361	363	}
Index: trunk/phase3/includes/diff/DifferenceEngine.php
—	—	@@ -737,7 +737,7 @@
738	738
739	739	function localiseLineNumbersCb( $matches ) {
740	740	global $wgLang;
741		~~- return wfMsgExt( 'lineno', array (), $wgLang->formatNum( $matches[1] ) );~~
	741	+ return wfMsgExt( 'lineno', 'escape', $wgLang->formatNum( $matches[1] ) );
742	742	}
743	743
744	744
—	—	@@ -840,7 +840,7 @@
841	841	$this->mNewPage = $this->mNewRev->getTitle();
842	842	if( $this->mNewRev->isCurrent() ) {
843	843	$newLink = $this->mNewPage->escapeLocalUrl( 'oldid=' . $this->mNewid );
844		~~- $this->mPagetitle = wfMsgHTML( 'currentrev-asof', $timestamp );~~
	844	+ $this->mPagetitle = htmlspecialchars( wfMsg( 'currentrev-asof', $timestamp ) );
845	845	$newEdit = $this->mNewPage->escapeLocalUrl( 'action=edit' );
846	846
847	847	$this->mNewtitle = "<a href='$newLink'>{$this->mPagetitle}</a>";
—	—	@@ -848,7 +848,7 @@
849	849	} else {
850	850	$newLink = $this->mNewPage->escapeLocalUrl( 'oldid=' . $this->mNewid );
851	851	$newEdit = $this->mNewPage->escapeLocalUrl( 'action=edit&oldid=' . $this->mNewid );
852		~~- $this->mPagetitle = wfMsgHTML( 'revisionasof', $timestamp );~~
	852	+ $this->mPagetitle = htmlspecialchars( wfMsg( 'revisionasof', $timestamp ) );
853	853
854	854	$this->mNewtitle = "<a href='$newLink'>{$this->mPagetitle}</a>";
855	855	$this->mNewtitle .= " (<a href='$newEdit'>" . wfMsgHtml( $editable ? 'editold' : 'viewsourceold' ) . "</a>)";

Comments

#Comment by Nikerabbit (talk | contribs) 12:03, 22 May 2009

This changes summary, subject, summary-preview and subject-preview from html to wikitext. Should probably be notified somewhere.

#Comment by Mormegil (talk | contribs) 12:57, 22 May 2009

Special:Preferences is now broken, you can’t escape $userEffectiveGroupsArray in Preferences.php (entry for 'usergroups' on line 125), it contains HTML links to the respective group pages (see a few lines above).

#Comment by Nikerabbit (talk | contribs) 16:16, 22 May 2009

I noticed that too, fixed in r50895.

#Comment by Roberto Mura (talk | contribs) 10:50, 15 June 2009

A bad white line just on the top of the page. So titles and contents go down.

#Comment by Siebrand (talk | contribs) 11:46, 15 June 2009

Can you provide more information? Sample URL, for example.

#Comment by Platonides (talk | contribs) 15:00, 10 February 2011

Add release notes

Status & tagging log

03:34, 2 June 2009 Tim Starling (talk | contribs) changed the status of r50882 [removed: new added: ok]