r80511 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r80510‎ | r80511 | r80512 >
Date:19:39, 18 January 2011
Author:vyznev
Status:ok (Comments)
Tags:
Comment:
bug 26781: make wfEscapeWikiText() escape "*", "#", ";" and ":" at the beginning of the output and after line feeds. Also make escaping of "{", "}" and "=" more thorough and rewrite to use strtr() instead of str_replace() and htmlspecialchars().
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/GlobalFunctions.php (modified) (history)
  • /trunk/phase3/tests/parser/parserTests.txt (modified) (history)

Diff [purge]

Index: trunk/phase3/tests/parser/parserTests.txt
@@ -2227,6 +2227,28 @@
22282228 !! end
22292229
22302230 !! test
 2231+Magic Word: {{PAGENAME}} with metacharacters
 2232+!! options
 2233+title=[['foo & bar = baz']]
 2234+!! input
 2235+''{{PAGENAME}}''
 2236+!! result
 2237+<p><i>&#39;foo &#38; bar &#61; baz&#39;</i>
 2238+</p>
 2239+!! end
 2240+
 2241+!! test
 2242+Magic Word: {{PAGENAME}} with metacharacters (bug 26781)
 2243+!! options
 2244+title=[[*RFC 1234 http://example.com/]]
 2245+!! input
 2246+{{PAGENAME}}
 2247+!! result
 2248+<p>&#42;RFC&#32;1234 http&#58;//example.com/
 2249+</p>
 2250+!! end
 2251+
 2252+!! test
22312253 Magic Word: {{PAGENAMEE}}
22322254 !! options
22332255 title=[[User:Ævar Arnfjörð Bjarmason]]
Index: trunk/phase3/includes/GlobalFunctions.php
@@ -1149,21 +1149,20 @@
11501150 * Escapes the given text so that it may be output using addWikiText()
11511151 * without any linking, formatting, etc. making its way through. This
11521152 * is achieved by substituting certain characters with HTML entities.
1153 - * As required by the callers, <nowiki> is not used. It currently does
1154 - * not filter out characters which have special meaning only at the
1155 - * start of a line, such as "*".
 1153+ * As required by the callers, <nowiki> is not used.
11561154 *
11571155 * @param $text String: text to be escaped
11581156 */
11591157 function wfEscapeWikiText( $text ) {
1160 - $text = str_replace(
1161 - array( '[', '|', ']', '\'', 'ISBN ',
1162 - 'RFC ', '://', "\n=", '{{', '}}' ),
1163 - array( '&#91;', '&#124;', '&#93;', '&#39;', 'ISBN&#32;',
1164 - 'RFC&#32;', '&#58;//', "\n&#61;", '&#123;&#123;', '&#125;&#125;' ),
1165 - htmlspecialchars( $text )
1166 - );
1167 - return $text;
 1158+ $text = strtr( "\n$text", array(
 1159+ '"' => '&#34;', '&' => '&#38;', "'" => '&#39;', '<' => '&#60;',
 1160+ '=' => '&#61;', '>' => '&#62;', '[' => '&#91;', ']' => '&#93;',
 1161+ '{' => '&#123;', '|' => '&#124;', '}' => '&#125;',
 1162+ "\n#" => "\n&#35;", "\n*" => "\n&#42;",
 1163+ "\n:" => "\n&#58;", "\n;" => "\n&#59;",
 1164+ '://' => '&#58;//', 'ISBN ' => 'ISBN&#32;', 'RFC ' => 'RFC&#32;',
 1165+ ) );
 1166+ return substr( $text, 1 );
11681167 }
11691168
11701169 /**
Index: trunk/phase3/RELEASE-NOTES
@@ -98,6 +98,7 @@
9999 * (bug 26449) Keep underlines from headings outside of tables and thumbs by
100100 adding overflow:hidden to h1,h2,h3,h4,h5,h6 (also fixes editsection bunching).
101101 * (bug 26708) Remove background-color:white from tables in Monobook and Vector.
 102+* (bug 26781) {{PAGENAME}} and related parser functions escape their output better
102103
103104 === API changes in 1.18 ===
104105 * (bug 26339) Throw warning when truncating an overlarge API result

Sign-offs

UserFlagDate
Catropeinspected20:32, 15 July 2011

Follow-up revisions

RevisionCommit summaryAuthorDate
r80512followup r80511: make {{PAGENAMEE}} and friends also call wfEscapeWikiText() ...vyznev20:15, 18 January 2011

Comments

#Comment by Happy-melon (talk | contribs)   23:03, 18 January 2011

People using the padleft-based string functions are not going to be happy about one character suddenly turning into five at the start of their strings. But I suppose we could always reinstate r46628, that would fix it... :D

#Comment by Catrope (talk | contribs)   20:32, 15 July 2011

This looks good to me, but I guess someone else with more parser experience (e.g. Tim or Platonides) should look at it as well.

Status & tagging log