r9555 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r9554‎ \| r9555 \| r9556 >
Date:	21:35, 21 June 2005
Author:	vibber
Status:	old
Tags:
Comment:	Make an attempt to fix some more problems: * incorrect escaping of URL components * missing escaping of URLs in <a href> tags * don't try to place HTML-formatted wikitext into a single-quoted attribute value * an odd str_replace * some other XHTML bits
Modified paths:	/trunk/phase3/includes/SpecialValidate.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialValidate.php
—	—	@@ -52,7 +52,7 @@
53	53	function getVersionLink( &$article, $revision, $text = "" ) {
54	54	$t = $article->getTitle();
55	55	if( $text == "" ) $text = wfMsg("val_view_version");
56		~~- $ret = "<a href=\"" . $t->getLocalURL( htmlspecialchars("oldid={$revision}" )) . "\">" . $this->getParsedWiki($text) . "</a>";~~
	56	+ $ret = "<a href=\"" . $t->escapeLocalURL( "oldid={$revision}" ) . "\">" . $this->getParsedWiki($text) . "</a>";
57	57	return $ret;
58	58	}
59	59
—	—	@@ -281,7 +281,7 @@
282	282	$user = $wgUser->GetName();
283	283	}
284	284	$nt = Title::newFromText( "Special:Validate" );
285		~~- $url = $nt->getLocalURL( "mode=userstats&user=" . htmlspecialchars ( $user ) );~~
	285	+ $url = $nt->escapeLocalURL( "mode=userstats&user=" . urlencode( $user ) );
286	286	return "<a href=\"{$url}\">{$text}</a>";
287	287	}
288	288
—	—	@@ -315,29 +315,32 @@
316	316	$u->setId( $x->rev_user );
317	317	$u->setName( $x->rev_user_text );
318	318	$nt = $u->getUserPage();
319		~~- $url = "<a href='" . $nt->getLocalUrl() . "'>" . $nt->getText() . "</a>";~~
	319	+ # FIXME: Why doesn't this use standard linking code?
	320	+ $url = "<a href='" . $nt->escapeLocalUrl() . "'>" . htmlspecialchars( $nt->getText() ) . "</a>";
320	321	$metadata .= $url;
321	322	}
	323	+ # FIXME: Why doesn't this use standard comment formatting?
322	324	$metadata .= " : <small>\"" . $this->getParsedWiki( $x->rev_comment ) . "\"</small>";
323	325	return $metadata;
324	326	}
325	327
326	328	# Generates a link to the topic description
327	329	function linkTopic ( $s ) {
	330	+ # FIXME: Why doesn't this use standard linking code?
328	331	$t = Title::newFromText ( wfMsg ( 'val_topic_desc_page' ) ) ;
329	332	$r = "<a href=\"" ;
330		~~- $r .= $t->getLocalURL () ;~~
	333	+ $r .= $t->escapeLocalURL () ;
331	334	$r .= "#" . urlencode ( $s ) ;
332	335	$r .= "\">{$s}</a>" ;
333	336	return $r ;
334		~~- }~~
	337	+ }
335	338
336	339	# Generates HTML from a wiki text, e.g., a wfMsg
337	340	function getParsedWiki ( $text ) {
338	341	global $wgOut , $wgTitle, $wgParser ;
339	342	$parserOutput = $wgParser->parse( $text , $wgTitle, $wgOut->mParserOptions,false);
340	343	return $parserOutput->getText() ;
341		~~- }~~
	344	+ }
342	345
343	346	# Generates a form for a single revision
344	347	function getRevisionForm( &$article, $idx, &$data, $focus = false ) {
—	—	@@ -381,9 +384,9 @@
382	385	}
383	386	$vote .= "<input type='radio' name='re_v{$idx}' value='{$a}'";
384	387	if( $a == $y->value ) {
385		~~- $vote .= " checked";~~
	388	+ $vote .= " checked='checked'";
386	389	}
387		~~- $vote .= "/>";~~
	390	+ $vote .= " />";
388	391	if( $max == 2 && $a == 1 ) {
389	392	$vote .= wfMsg( "val_no" ) . " ";
390	393	} elseif( $max == 2 && $a == 2 ) {
—	—	@@ -402,9 +405,9 @@
403	406	}
404	407	$checked = $focus ? " checked='checked'" : "";
405	408	$ret .= "<tr><td colspan='3' valign='center'>\n";
406		~~- $ret .= "<input type='checkbox' name='re_merge_{$revision}' value='1'{$checked}/>" . $this->getParsedWiki( wfMsg( 'val_merge_old' ) ) . " \n";~~
407		~~- $ret .= "<input type='checkbox' name='re_clear_{$revision}' value='1'{$checked}/>" . $this->getParsedWiki( wfMsg( 'val_clear_old' ) ) . " \n";~~
408		~~- $ret .= "<input type='submit' name='re_submit[{$revision}]' value='" . $this->getParsedWiki( wfMsg("ok") ) . "'/>\n";~~
	409	+ $ret .= "<input type='checkbox' name='re_merge_{$revision}' value='1'{$checked} />" . $this->getParsedWiki( wfMsg( 'val_merge_old' ) ) . " \n";
	410	+ $ret .= "<input type='checkbox' name='re_clear_{$revision}' value='1'{$checked} />" . $this->getParsedWiki( wfMsg( 'val_clear_old' ) ) . " \n";
	411	+ $ret .= "<input type='submit' name='re_submit[{$revision}]' value=\"" . wfMsgHtml( "ok" ) . "\" />\n";
409	412
410	413	if( $focus ) {
411	414	$ret .= "<br/>\n<small>" . $this->getParsedWiki ( wfMsg( "val_form_note" ) ) . "</small>";
—	—	@@ -440,7 +443,7 @@
441	444	}
442	445	$ret .= "<p class='revision_saved'>" . $this->getParsedWiki( wfMsg( 'val_revision_changes_ok' ) ) . "</p>";
443	446	}
444		~~- else $ret .= wfMsg ( 'val_votepage_intro' ) ;~~
	447	+ else $ret .= wfMsgHtml ( 'val_votepage_intro' ) ;
445	448
446	449	# Make sure the requested revision exists
447	450	$ts = $this->rev2date[$revision]->rev_timestamp;
—	—	@@ -454,7 +457,7 @@
455	458	# Output
456	459	$title = $article->getTitle();
457	460	$title = $title->getPrefixedText();
458		~~- $wgOut->setPageTitle( str_replace ( '$1' , $title , wfMsg( 'val_rev_for' ) ) );~~
	461	+ $wgOut->setPageTitle( wfMsg( 'val_rev_for', $title ) );
459	462	foreach( $this->voteCache as $x => $y ) {
460	463	$ret .= $this->getRevisionForm( $article, $x, $y, $x == $ts );
461	464	$ret .= "<br/>\n";

Status & tagging log

15:03, 12 September 2011 Meno25 (talk | contribs) changed the status of r9555 [removed: ok added: old]
14:05, 18 June 2009 😂 (talk | contribs) changed the status of r9555 [removed: new added: ok]