r90588 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r90587‎ \| r90588 \| r90589 >
Date:	14:59, 22 June 2011
Author:	mgrabovsky
Status:	ok (Comments)
Tags:
Comment:	Follow-up r90482: escape some more wikitext
Modified paths:	/trunk/phase3/includes/FileDeleteForm.php (modified) (history) /trunk/phase3/includes/specials/SpecialUserlogin.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/FileDeleteForm.php
—	—	@@ -253,7 +253,7 @@
254	254	return wfMsgExt(
255	255	"{$message}-old", # To ensure grep will find them: 'filedelete-intro-old', 'filedelete-nofile-old', 'filedelete-success-old'
256	256	'parse',
257		~~- $this->title->getText(),~~
	257	+ wfEscapeWikiText( $this->title->getText() ),
258	258	$wgLang->date( $this->getTimestamp(), true ),
259	259	$wgLang->time( $this->getTimestamp(), true ),
260	260	wfExpandUrl( $this->file->getArchiveUrl( $this->oldimage ) ) );
—	—	@@ -261,7 +261,7 @@
262	262	return wfMsgExt(
263	263	$message,
264	264	'parse',
265		~~- $this->title->getText()~~
	265	+ wfEscapeWikiText( $this->title->getText() )
266	266	);
267	267	}
268	268	}
Index: trunk/phase3/includes/specials/SpecialUserlogin.php
—	—	@@ -831,7 +831,7 @@
832	832
833	833	$wgOut->setPageTitle( wfMsg( 'loginsuccesstitle' ) );
834	834	if( $msgname ){
835		~~- $wgOut->addWikiMsg( $msgname, $wgUser->getName() );~~
	835	+ $wgOut->addWikiMsg( $msgname, wfEscapeWikiText( $wgUser->getName() ) );
836	836	}
837	837
838	838	$wgOut->addHTML( $injected_html );

Revision	Commit summary	Author	Date
r90482	Follow-up r90371, per comment by ^demon...	mgrabovsky	19:45, 20 June 2011

#Comment by Aaron Schulz (talk | contribs) 02:27, 7 July 2011

wfMsgExt replaces the vars before parsing (unless you give it the 'replaceafter' param). This will now double-encode.

#Comment by Matěj Grabovský (talk | contribs) 12:46, 18 August 2011

Unfortunately, this is not true. At least not for me.

#Comment by Matěj Grabovský (talk | contribs) 13:31, 18 August 2011

#Comment by Aaron Schulz (talk | contribs) 21:42, 1 September 2011

Blah, I see...I was confusing html & wikitext escaping.

21:42, 1 September 2011 Aaron Schulz (talk | contribs) changed the status of r90588 [removed: new added: ok]
15:55, 31 August 2011 Matěj Grabovský (talk | contribs) changed the status of r90588 [removed: fixme added: new]
02:27, 7 July 2011 Aaron Schulz (talk | contribs) changed the status of r90588 [removed: new added: fixme]