r59032 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r59031‎ \| r59032 \| r59033 >
Date:	21:57, 13 November 2009
Author:	daniel
Status:	ok
Tags:
Comment:	only allow xmlns:* if RDFa is enabled
Modified paths:	/trunk/phase3/includes/Sanitizer.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/Sanitizer.php
—	—	@@ -614,13 +614,15 @@
615	615	* @todo Check for unique id attribute :P
616	616	*/
617	617	static function validateAttributes( $attribs, $whitelist ) {
	618	+ global $wgAllowRdfaAttributes;
	619	+
618	620	$whitelist = array_flip( $whitelist );
619	621	$hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
620	622
621	623	$out = array();
622	624	foreach( $attribs as $attribute => $value ) {
623		~~- #allow XML namespace declaration. Useful especially with RDFa~~
624		~~- if ( preg_match( MW_XMLNS_ATTRIBUTE_PATTRN, $attribute ) ) {~~
	625	+ #allow XML namespace declaration if RDFa is enabled
	626	+ if ( $wgAllowRdfaAttributes && preg_match( MW_XMLNS_ATTRIBUTE_PATTRN, $attribute ) ) {
625	627	if ( !preg_match( MW_EVIL_URI_PATTERN, $value ) ) {
626	628	$out[$attribute] = $value;
627	629	}

05:21, 11 January 2010 Tim Starling (talk | contribs) changed the status of r59032 [removed: new added: ok]