| Index: trunk/extensions/Maps/ParserFunctions/DisplayPoint/Maps_BasePointMap.php |
| — | — | @@ -47,8 +47,6 @@ |
| 48 | 48 | |
| 49 | 49 | $this->setMapName(); |
| 50 | 50 | |
| 51 | | - $this->doParsing($parser); |
| 52 | | - |
| 53 | 51 | $this->setMarkerData($parser); |
| 54 | 52 | |
| 55 | 53 | $this->createMarkerString(); |
| — | — | @@ -88,6 +86,9 @@ |
| 89 | 87 | private function setMarkerData($parser) { |
| 90 | 88 | $this->coordinates = explode(';', $this->coordinates); |
| 91 | 89 | |
| | 90 | + $this->title = Xml::escapeJsString( $parser->recursiveTagParse( $this->title ) ); |
| | 91 | + $this->label = Xml::escapeJsString( $parser->recursiveTagParse( $this->label ) ); |
| | 92 | + |
| 92 | 93 | foreach($this->coordinates as $coordinates) { |
| 93 | 94 | $args = explode('~', $coordinates); |
| 94 | 95 | |
| — | — | @@ -98,11 +99,11 @@ |
| 99 | 100 | |
| 100 | 101 | if (count($args) > 1) { |
| 101 | 102 | // Parse and add the point specific title if it's present. |
| 102 | | - $markerData['title'] = $this->doEscaping( $parser->recursiveTagParse( $args[1] ) ); |
| | 103 | + $markerData['title'] = $parser->recursiveTagParse( $args[1] ); |
| 103 | 104 | |
| 104 | 105 | if (count($args) > 2) { |
| 105 | 106 | // Parse and add the point specific label if it's present. |
| 106 | | - $markerData['label'] = $this->doEscaping( $parser->recursiveTagParse( $args[2] ) ); |
| | 107 | + $markerData['label'] = $parser->recursiveTagParse( $args[2] ); |
| 107 | 108 | |
| 108 | 109 | if (count($args) > 3) { |
| 109 | 110 | // Add the point specific icon if it's present. |
| — | — | @@ -128,17 +129,19 @@ |
| 129 | 130 | } |
| 130 | 131 | |
| 131 | 132 | /** |
| 132 | | - * Creates a JS string with the marker data. |
| 133 | | - * |
| 134 | | - * @return unknown_type |
| | 133 | + * Creates a JS string with the marker data. Takes care of escaping the used values. |
| 135 | 134 | */ |
| 136 | 135 | private function createMarkerString() { |
| 137 | 136 | $markerItems = array(); |
| 138 | 137 | |
| 139 | 138 | foreach ($this->markerData as $markerData) { |
| 140 | | - $title = array_key_exists('title', $markerData) ? $markerData['title'] : $this->title; |
| 141 | | - $label = array_key_exists('label', $markerData) ? $markerData['label'] : $this->label; |
| | 139 | + $title = array_key_exists('title', $markerData) ? Xml::escapeJsString($markerData['title']) : $this->title; |
| | 140 | + $label = array_key_exists('label', $markerData) ? Xml::escapeJsString($markerData['label']) : $this->label; |
| 142 | 141 | |
| | 142 | + $markerData['lon'] = Xml::escapeJsString($markerData['lon']); |
| | 143 | + $markerData['lat'] = Xml::escapeJsString($markerData['lat']); |
| | 144 | + $markerData['icon'] = Xml::escapeJsString($markerData['icon']); |
| | 145 | + |
| 143 | 146 | $markerItems[] = str_replace( array('lon', 'lat', 'title', 'label', 'icon'), |
| 144 | 147 | array($markerData['lon'], $markerData['lat'], $title, $label, $markerData['icon']), |
| 145 | 148 | $this->markerStringFormat |
| — | — | @@ -156,8 +159,8 @@ |
| 157 | 160 | if (empty($this->centre)) { |
| 158 | 161 | if (count($this->markerData) == 1) { |
| 159 | 162 | // If centre is not set and there is exactelly one marker, use it's coordinates. |
| 160 | | - $this->centre_lat = $this->markerData[0]['lat']; |
| 161 | | - $this->centre_lon = $this->markerData[0]['lon']; |
| | 163 | + $this->centre_lat = Xml::escapeJsString( $this->markerData[0]['lat'] ); |
| | 164 | + $this->centre_lon = Xml::escapeJsString( $this->markerData[0]['lon'] ); |
| 162 | 165 | } |
| 163 | 166 | elseif (count($this->markerData) > 1) { |
| 164 | 167 | // If centre is not set and there are multiple markers, set the values to null, |
| — | — | @@ -176,8 +179,8 @@ |
| 177 | 180 | // If the centre is not false, it will be a valid coordinate, which can be used to set the latitude and longitutde. |
| 178 | 181 | if ($this->centre) { |
| 179 | 182 | $this->centre = MapsUtils::getLatLon($this->centre); |
| 180 | | - $this->centre_lat = $this->centre['lat']; |
| 181 | | - $this->centre_lon = $this->centre['lon']; |
| | 183 | + $this->centre_lat = Xml::escapeJsString( $this->centre['lat'] ); |
| | 184 | + $this->centre_lon = Xml::escapeJsString( $this->centre['lon'] ); |
| 182 | 185 | } |
| 183 | 186 | else { // If it's false, the coordinate was invalid, or geocoding failed. Either way, the default's should be used. |
| 184 | 187 | $this->setCentreDefaults(); |
| — | — | @@ -193,23 +196,4 @@ |
| 194 | 197 | $this->centre_lat = $egMapsMapLat; |
| 195 | 198 | $this->centre_lon = $egMapsMapLon; |
| 196 | 199 | } |
| 197 | | - |
| 198 | | - /** |
| 199 | | - * Parse the wiki text in the title and label values. |
| 200 | | - * |
| 201 | | - * @param unknown_type $parser |
| 202 | | - */ |
| 203 | | - private function doParsing(&$parser) { |
| 204 | | - $this->title = $this->doEscaping( $parser->recursiveTagParse( $this->title ) ); |
| 205 | | - $this->label = $this->doEscaping( $parser->recursiveTagParse( $this->label ) ); |
| 206 | | - } |
| 207 | | - |
| 208 | | - /** |
| 209 | | - * Escape function for titles and labels. |
| 210 | | - */ |
| 211 | | - private function doEscaping($text) { |
| 212 | | - // TODO: links do not get escaped properly yet. |
| 213 | | - return str_replace("'", "\'", $text); |
| 214 | | - } |
| 215 | | - |
| 216 | 200 | } |
| Index: trunk/extensions/Maps/GoogleMaps/Maps_GoogleMapsDispPoint.php |
| — | — | @@ -67,7 +67,7 @@ |
| 68 | 68 | public function addSpecificMapHTML() { |
| 69 | 69 | global $wgJsMimeType; |
| 70 | 70 | |
| 71 | | - $onloadFunctions = MapsGoogleMaps::addOverlayOutput($this->output, $this->mapName, $this->overlays, $this->controls); |
| | 71 | + $onloadFunctions = MapsGoogleMaps::addOverlayOutput($this->output, $this->mapName, $this->overlays, $this->controls); |
| 72 | 72 | |
| 73 | 73 | $this->output .=<<<END |
| 74 | 74 | |