Page MenuHomePhabricator
Create Task
Maniphest T266707

MediaHandler::addMeta() can't decide if values are escaped HTML, literal strings, or wikitext
Open, Needs TriagePublic
Actions

Description

To quote from the phpdoc:

	 * @param string $value Thingy goes into a wikitext table; it used to be escaped but
	 *   that was incompatible with previous practise of customized display
	 *   with wikitext formatting via messages such as 'exif-model-value'.
	 *   So the escaping is taken back out, but generally this seems a confusing
	 *   interface.

It appears that in general $value is expected to be wikitext, but in htmlspecialchars is usually used to escape raw data from EXIF tags, etc, instead of wfEscapeWikiText so that URL auto-linking occurs, and parameters to messages are not necessarily consistently escaped.

I think addMeta() should specify that the values are always wikitext, and we should have a helper method somewhere to do the 'almost-escaping' correctly.

Details

SubjectRepoBranchLines +/-
Ensure FormatMetadata::makeFormattedData always escapes EXIF valuesmediawiki/coremaster+92 -31
Customize query in gerrit

Related Objects

Event Timeline

cscott created this task.Oct 28 2020, 8:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 28 2020, 8:29 PM
Reedy renamed this task from MediaHandler::addMeta() can't decide if values are escaped HTML, literal strings, or wikitext. to MediaHandler::addMeta() can't decide if values are escaped HTML, literal strings, or wikitext.Oct 28 2020, 8:36 PM
Reedy added a project: MediaWiki-File-management.
Reedy updated the task description. (Show Details)
Restricted Application added a project: Commons. · View Herald TranscriptOct 28 2020, 8:36 PM
cscott updated the task description. (Show Details)Oct 28 2020, 9:03 PM
gerritbot added a comment.Oct 28 2020, 10:02 PM

Change 637035 had a related patch set uploaded (by C. Scott Ananian; owner: C. Scott Ananian):
[mediawiki/core@master] Ensure FormatMetadata::makeFormattedData always escapes EXIF values

https://gerrit.wikimedia.org/r/637035

gerritbot added a project: Patch-For-Review.Oct 28 2020, 10:02 PM
gerritbot added a comment.Oct 30 2020, 7:12 PM

Change 637035 merged by jenkins-bot:
[mediawiki/core@master] Ensure FormatMetadata::makeFormattedData always escapes EXIF values

https://gerrit.wikimedia.org/r/637035

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.16; 2020-11-03).Oct 30 2020, 8:00 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 30 2020, 8:10 PM
Bawolff awarded a token.Oct 31 2020, 11:06 PM
thiemowmde mentioned this in T226751: PHP error "non well formed numeric value encountered" from FormatMetadata->formatCoords.Mar 3 2021, 7:59 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL