[MediaWiki-commits] [Gerrit] Readded escaping of highlight snippets - change (mediawiki...BlueSpiceExtensions)

Tue, 29 Jul 2014 09:21:36 -0700 

Smuggli has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/150245

Change subject: Readded escaping of highlight snippets
......................................................................

Readded escaping of highlight snippets

Snippets somehow could contain html

Change-Id: Ibb5a19ef33b824ab1d148323cb821762ef9ed9bd
---
M ExtendedSearch/views/view.ExtendedSearchResultEntry.php
M ExtendedSearch/views/view.SearchResult.php
2 files changed, 3 insertions(+), 30 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/BlueSpiceExtensions 
refs/changes/45/150245/1

diff --git a/ExtendedSearch/views/view.ExtendedSearchResultEntry.php 
b/ExtendedSearch/views/view.ExtendedSearchResultEntry.php
index d5865f5..611f19d 100644
--- a/ExtendedSearch/views/view.ExtendedSearchResultEntry.php
+++ b/ExtendedSearch/views/view.ExtendedSearchResultEntry.php
@@ -34,7 +34,10 @@
                $sOut = '';
                foreach ( $aSnippets as $sFrag ) {
                        if ( empty( $sFrag ) ) continue;
+                       $sFrag = htmlspecialchars( $sFrag, ENT_QUOTES, 'UTF-8' 
);
+                       $sFrag = str_replace( array( '<em>', 
'&lt;/em&gt;' ), array( '<em>', '</em>' ), $sFrag );
                        $sOut .= $sFrag . '<br />';
+
                }
                return $sOut;
        }
diff --git a/ExtendedSearch/views/view.SearchResult.php 
b/ExtendedSearch/views/view.SearchResult.php
index 6bb104d..874fe28 100644
--- a/ExtendedSearch/views/view.SearchResult.php
+++ b/ExtendedSearch/views/view.SearchResult.php
@@ -29,11 +29,6 @@
         */
        protected $sOut = '';
        /**
-        * List of messages to be rendered.
-        * @var array List of strings.
-        */
-       protected $aMessages = array();
-       /**
         * Contain view for search entry.
         * @var ViewExtendedSearchResultEntry View for search entry.
         */
@@ -75,33 +70,11 @@
        }
 
        /**
-        * Adds a message to be displayed.
-        * @param string $key Key for the message.
-        * @param string $message The message in HTML.
-        */
-       public function addMessage( $key, $message ) {
-               $this->aMessages[$key] = $message;
-       }
-
-       /**
         * Adds additional output to page.
         * @param string $aOutputToAdd HTML that shall be displayed.
         */
        public function addOutput( $aOutputToAdd ) {
                $this->out .= $aOutputToAdd;
-       }
-
-       /**
-        * Prepares a message for direct output.
-        * @param string $message The message that should be prepared.
-        * @return string The modified message.
-        */
-       protected function secureMessage( $message ) {
-               $search = array( "&lt;b&gt;", "&lt;/b&gt;", "&lt;i&gt;", 
"&lt;/i&gt;" );
-               $replace = array( "<b>", "</b>", "<i>", "</i>" ); // these tags 
may be contained in i18n messages
-               $secure = htmlentities( $message, ENT_QUOTES, 'UTF-8' );
-
-               return str_replace( $search, $replace, $secure ); // primitive 
whitelisting
        }
 
        /**
@@ -111,8 +84,6 @@
        public function execute( $param = false ) {
                $aOut = array();
                $aOut[] = parent::execute();
-               foreach ( $this->aMessages as $message )
-                       $aOut[] = '<p>'.$this->secureMessage( $message 
)."</p>\n"; // primitive whitelisting
 
                $aOut[] = $this->sOut;
                if ( !empty( $this->aResultEntryView ) ) {
@@ -294,7 +265,6 @@
                                $sDirectionMessage = ( 
$aSorting['sortdirection'] == 'asc' )
                                        ? wfMessage( 
'bs-extendedsearch-ascending' )->plain()
                                        : wfMessage( 
'bs-extendedsearch-descending' )->plain();
-
 
                                global $wgScriptPath;
                                $sIcon .= '" title="' . $sDirectionMessage . '" 
alt="' . $sDirectionMessage . '" />';

-- 
To view, visit https://gerrit.wikimedia.org/r/150245
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibb5a19ef33b824ab1d148323cb821762ef9ed9bd
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/BlueSpiceExtensions
Gerrit-Branch: master
Gerrit-Owner: Smuggli <mug...@hallowelt.biz>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to