Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F4713
Proposed_patch_v5
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Authored By
•
bzimport
Nov 21 2014, 10:05 PM
2014-11-21 22:05:15 (UTC+0)
Size
5 KB
Referenced Files
None
Subscribers
None
Proposed_patch_v5
View Options
Index: skins/MonoBook.php
===================================================================
--- skins/MonoBook.php (revision 47852)
+++ skins/MonoBook.php (working copy)
@@ -115,7 +115,7 @@
<div id="content">
<a name="top" id="top"></a>
<?php if($this->data['sitenotice']) { ?><div id="siteNotice"><?php $this->html('sitenotice') ?></div><?php } ?>
- <h1 id="firstHeading" class="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1>
+ <h1 id="firstHeading" class="firstHeading"><?php $this->html('title') ?></h1>
<div id="bodyContent">
<h3 id="siteSub"><?php $this->msg('tagline') ?></h3>
<div id="contentSub"><?php $this->html('subtitle') ?></div>
Index: skins/Modern.php
===================================================================
--- skins/Modern.php (revision 47852)
+++ skins/Modern.php (working copy)
@@ -102,7 +102,7 @@
class="mediawiki <?php $this->text('dir') ?> <?php $this->text('pageclass') ?> <?php $this->text('skinnameclass') ?>">
<!-- heading -->
- <div id="mw_header"><h1 id="firstHeading"><?php $this->data['displaytitle']!=""?$this->html('title'):$this->text('title') ?></h1></div>
+ <div id="mw_header"><h1 id="firstHeading"><?php $this->html('title') ?></h1></div>
<div id="mw_main">
<div id="mw_contentwrapper">
Index: includes/GlobalFunctions.php
===================================================================
--- includes/GlobalFunctions.php (revision 47852)
+++ includes/GlobalFunctions.php (working copy)
@@ -558,7 +558,7 @@
* @param $forContent Boolean
* @return String: the requested message.
*/
-function wfMsgReal( $key, $args, $useDB = true, $forContent=false, $transform = true ) {
+function wfMsgReal( $key, $args, $useDB = true, $forContent = false, $transform = true ) {
wfProfileIn( __METHOD__ );
$message = wfMsgGetKey( $key, $useDB, $forContent, $transform );
$message = wfMsgReplaceArgs( $message, $args );
@@ -570,7 +570,7 @@
* This function provides the message source for messages to be edited which are *not* stored in the database.
* @param $key String:
*/
-function wfMsgWeirdKey ( $key ) {
+function wfMsgWeirdKey( $key ) {
$source = wfMsgGetKey( $key, false, true, false );
if ( wfEmptyMsg( $key, $source ) )
return "";
Index: includes/parser/CoreParserFunctions.php
===================================================================
--- includes/parser/CoreParserFunctions.php (revision 47852)
+++ includes/parser/CoreParserFunctions.php (working copy)
@@ -205,17 +205,15 @@
* @param string $text Desired title text
* @return string
*/
- static function displaytitle( $parser, $text = '' ) {
- global $wgRestrictDisplayTitle;
- $text = trim( Sanitizer::decodeCharReferences( $text ) );
+ static function displaytitle( $parser, $displayTitle = '' ) {
+ #only requested titles that normalize to the actual title are allowed through
+ #mimick the escaping process that occurs in OutputPage::setPageTitle
+ $title = Title::newFromText( Sanitizer::stripAllTags( Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $displayTitle ) ) ) );
- if ( !$wgRestrictDisplayTitle ) {
- $parser->mOutput->setDisplayTitle( $text );
- } else {
- $title = Title::newFromText( $text );
- if( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) )
- $parser->mOutput->setDisplayTitle( $text );
+ if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) {
+ $parser->mOutput->setDisplayTitle( $displayTitle );
}
+
return '';
}
Index: includes/OutputPage.php
===================================================================
--- includes/OutputPage.php (revision 47852)
+++ includes/OutputPage.php (working copy)
@@ -310,18 +310,34 @@
}
}
- public function setHTMLTitle( $name ) { $this->mHTMLtitle = $name; }
+ /**
+ * "HTML title" means the contents of <title>. It is stored as plain, unescaped text and will be run through htmlspecialchars in the skin file.
+ */
+ public function setHTMLTitle( $name ) {
+ $this->mHTMLtitle = $name;
+ }
+
+ /**
+ * "Page title" means the contents of <h1>. It is stored as a valid HTML fragment.
+ * This function allows good tags like <sup> in the <h1> tag, but not bad tags like <script>.
+ * This function automatically sets <title> to the same content as <h1> but with all tags removed.
+ * Bad tags that were escaped in <h1> will still be escaped in <title>, and good tags like <i> will be dropped entirely.
+ */
public function setPageTitle( $name ) {
global $wgContLang;
$name = $wgContLang->convert( $name, true );
- $this->mPagetitle = $name;
+ # change "<script>foo&bar</script>" to "<script>foo&bar</script>"
+ # but leave "<i>foobar</i>" alone
+ $nameWithTags = Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $name ) );
+ $this->mPagetitle = $nameWithTags;
$taction = $this->getPageTitleActionText();
if( !empty( $taction ) ) {
$name .= ' - '.$taction;
}
- $this->setHTMLTitle( wfMsg( 'pagetitle', $name ) );
+ # change "<i>foo&bar</i>" to "foo&bar"
+ $this->setHTMLTitle( wfMsg( 'pagetitle', Sanitizer::stripAllTags( $nameWithTags ) ) );
}
public function getHTMLTitle() { return $this->mHTMLtitle; }
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
4278
Default Alt Text
Proposed_patch_v5 (5 KB)
Attached To
Mode
T14998: Weaken DISPLAYTITLE restictions
Attached
Detach File
Event Timeline
Log In to Comment