Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F9570
encLink-1.18.patch
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 22 2014, 12:44 AM
2014-11-22 00:44:56 (UTC+0)
Size
3 KB
Referenced Files
None
Subscribers
None
encLink-1.18.patch
View Options
--- a/includes/Linker.php
+++ a/includes/Linker.php
@@ -773,31 +773,31 @@ class Linker {
* Make a "broken" link to an image
*
* @param $title Title object
- * @param $text String: link label in unescaped text form
+ * @param $label String: link label (plain text)
* @param $query String: query string
- * @param $trail String: link trail (HTML fragment)
- * @param $prefix String: link prefix (HTML fragment)
+ * @param $unused1 Unused parameter kept for b/c
+ * @param $unused2 Unused parameter kept for b/c
* @param $time Boolean: a file of a certain timestamp was requested
* @return String
*/
- public static function makeBrokenImageLinkObj( $title, $text = '', $query = '', $trail = '', $prefix = '', $time = false ) {
+ public static function makeBrokenImageLinkObj( $title, $label = '', $query = '', $unused1 = '', $unused2 = '', $time = false ) {
global $wgEnableUploads, $wgUploadMissingFileUrl;
if ( ! $title instanceof Title ) {
- return "<!-- ERROR -->{$prefix}{$text}{$trail}";
+ return "<!-- ERROR -->" . htmlspecialchars( $label );
}
wfProfileIn( __METHOD__ );
+ if ( $label == '' ) {
+ $label = $title->getPrefixedText();
+ }
+ $encLabel = htmlspecialchars( $label );
$currentExists = $time ? ( wfFindFile( $title ) != false ) : false;
- list( $inside, $trail ) = self::splitTrail( $trail );
- if ( $text == '' )
- $text = htmlspecialchars( $title->getPrefixedText() );
-
if ( ( $wgUploadMissingFileUrl || $wgEnableUploads ) && !$currentExists ) {
$redir = RepoGroup::singleton()->getLocalRepo()->checkRedirect( $title );
if ( $redir ) {
wfProfileOut( __METHOD__ );
- return self::linkKnown( $title, "$prefix$text$inside", array(), $query ) . $trail;
+ return self::linkKnown( $title, $encLabel, array(), wfCgiToArray( $query ) );
}
$href = self::getUploadUrl( $title, $query );
@@ -805,10 +805,10 @@ class Linker {
wfProfileOut( __METHOD__ );
return '<a href="' . htmlspecialchars( $href ) . '" class="new" title="' .
htmlspecialchars( $title->getPrefixedText(), ENT_QUOTES ) . '">' .
- "$prefix$text$inside</a>$trail";
+ $encLabel . '</a>';
} else {
wfProfileOut( __METHOD__ );
- return self::linkKnown( $title, "$prefix$text$inside", array(), $query ) . $trail;
+ return self::linkKnown( $title, $encLabel, array(), wfCgiToArray( $query ) );
}
}
--- a/tests/parser/parserTests.txt
+++ a/tests/parser/parserTests.txt
@@ -1666,6 +1666,21 @@ Link with double quotes in title part (literal) and alternate part (interpreted)
!! end
!! test
+Broken image links with HTML captions (bug 39700)
+!! input
+[[File:Nonexistent|<script></script>]]
+[[File:Nonexistent|100px|<script></script>]]
+[[File:Nonexistent|<]]
+[[File:Nonexistent|a<i>b</i>c]]
+!! result
+<p><a href="/index.php?title=Special:Upload&wpDestFile=Nonexistent" class="new" title="File:Nonexistent"><script></script></a>
+<a href="/index.php?title=Special:Upload&wpDestFile=Nonexistent" class="new" title="File:Nonexistent"><script></script></a>
+<a href="/index.php?title=Special:Upload&wpDestFile=Nonexistent" class="new" title="File:Nonexistent"><</a>
+<a href="/index.php?title=Special:Upload&wpDestFile=Nonexistent" class="new" title="File:Nonexistent">abc</a>
+</p>
+!! end
+
+!! test
Plain link to URL
!! input
[[http://www.example.com]]
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9069
Default Alt Text
encLink-1.18.patch (3 KB)
Attached To
Mode
T41700: A File: link to a non-existing image can inject html
Attached
Detach File
Event Timeline
Log In to Comment