Page MenuHomePhabricator
Create Task
Maniphest T16773

$wgOut->setPageTitle() html entity escaping bug
Closed, ResolvedPublic
Actions

Description

Author: hightowe

Description:
$wgOut->setPageTitle($new_title) appears to have an entity escaping bug. I can demonstrate the bug by calling it this way: $wgOut->setPageTitle("US&S"). Doing that makes my <title> tag correct, but does _not_ change "US&S" to "US&amp;S" in the HTML of the rendered page.

Calling it this way: $wgOut->setPageTitle(htmlspecialchars("US&S")) gets the HTML correct, but then the <title> tag will hold "US&amp;amp;S" ... obviously wrong.

I can do this, and get the correct results:

$new_title="US&S";
$wgOut->setPageTitle(htmlspecialchars($new_title));
$wgOut->setHTMLTitle($new_title);

I see in mediawiki/includes/OutputPage.php that setPageTitle() calls setHTMLTitle(), but it must do so wrongly in some way.

Version: 1.12.x
Severity: normal

Details

Reference
bz14773

Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 10:11 PM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz14773.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jul 9 2008, 7:47 PM
brooke added a comment.Jul 10 2008, 11:12 PM

Ugh, usage seems fairly inconsistent and annoying. Needs some cleanup...

siebrand added a comment.Aug 11 2008, 10:02 PM

Prio: high

Parent5446 added a comment.Sep 8 2008, 8:46 PM

This is a very strange bug. There is no HTML conversion in OutputPage::setPageTitle() (which referenced Language::convert() and wfMsg() as well as OutputPage::setHTMLTitle()), but when generating the page in OutputPage::headerElement(), the title is put through htmlspecialchars(). So why would putting the title through htmlspecialchars() a two times or one make a difference (especially since the latter causes no conversion whatsoever).

Mr.Z-man added a comment.Jul 22 2009, 4:18 AM

This seems to have been fixed in r49330, which runs setPageTitle() input through Sanitizer::normalizeCharReferences().

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL