Aude has uploaded a new change for review.
https://gerrit.wikimedia.org/r/180461
Change subject: Sanitize wikibase-item html formatting
......................................................................
Sanitize wikibase-item html formatting
And don't assume Title == serialization if we don't have
an EntityTitleLookup.
Change-Id: I82b90f8a8cad8f7b65a0c7a26d76611be7fb1f25
---
M lib/includes/formatters/EntityIdHtmlLinkFormatter.php
M lib/includes/formatters/WikibaseValueFormatterBuilders.php
M lib/tests/phpunit/formatters/WikibaseValueFormatterBuildersTest.php
3 files changed, 74 insertions(+), 21 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase
refs/changes/61/180461/1
diff --git a/lib/includes/formatters/EntityIdHtmlLinkFormatter.php
b/lib/includes/formatters/EntityIdHtmlLinkFormatter.php
index b4f5210..0b655c7 100644
--- a/lib/includes/formatters/EntityIdHtmlLinkFormatter.php
+++ b/lib/includes/formatters/EntityIdHtmlLinkFormatter.php
@@ -22,14 +22,14 @@
class EntityIdHtmlLinkFormatter extends EntityIdLabelFormatter {
/**
- * @var EntityTitleLookup|null
+ * @var EntityTitleLookup
*/
protected $entityTitleLookup;
public function __construct(
FormatterOptions $options,
LabelLookup $labelLookup,
- EntityTitleLookup $entityTitleLookup = null
+ EntityTitleLookup $entityTitleLookup
) {
parent::__construct( $options, $labelLookup );
@@ -44,11 +44,8 @@
* @return string
*/
protected function formatEntityId( EntityId $entityId ) {
- if ( isset( $this->entityTitleLookup ) ) {
- $title = $this->entityTitleLookup->getTitleForId(
$entityId );
- } else {
- $title = Title::newFromText(
$entityId->getSerialization() );
- }
+ $title = $this->entityTitleLookup->getTitleForId( $entityId );
+
$attributes = array(
'title' => $title->getPrefixedText(),
'href' => $title->getLocalURL()
diff --git a/lib/includes/formatters/WikibaseValueFormatterBuilders.php
b/lib/includes/formatters/WikibaseValueFormatterBuilders.php
index 734f8c5..4c93676 100644
--- a/lib/includes/formatters/WikibaseValueFormatterBuilders.php
+++ b/lib/includes/formatters/WikibaseValueFormatterBuilders.php
@@ -93,7 +93,7 @@
SnakFormatter::FORMAT_HTML => array(
'PT:url' => 'Wikibase\Lib\HtmlUrlFormatter',
'PT:commonsMedia' =>
'Wikibase\Lib\CommonsLinkFormatter',
- 'PT:wikibase-item' => array( 'this',
'newEntityIdHtmlLinkFormatter' ),
+ 'PT:wikibase-item' => array( 'this',
'newEntityIdHtmlFormatter' ),
'VT:time' => array( 'this', 'newHtmlTimeFormatter' ),
'VT:monolingualtext' =>
'Wikibase\Formatters\MonolingualHtmlFormatter',
),
@@ -558,14 +558,19 @@
*
* @param FormatterOptions $options
*
- * @return EntityIdHtmlLinkFormatter
+ * @return ValueFormatter
*/
- private function newEntityIdHtmlLinkFormatter( FormatterOptions
$options ) {
- return new EntityIdHtmlLinkFormatter(
- $options,
- $this->newLabelLookup( $options ),
- $this->entityTitleLookup
- );
+ private function newEntityIdHtmlFormatter( FormatterOptions $options ) {
+ $labelLookup = $this->newLabelLookup( $options );
+
+ if ( !$this->entityTitleLookup ) {
+ return new EscapingValueFormatter(
+ new EntityIdLabelFormatter( $options,
$labelLookup ),
+ 'htmlspecialchars'
+ );
+ }
+
+ return new EntityIdHtmlLinkFormatter( $options, $labelLookup,
$this->entityTitleLookup );
}
/**
diff --git
a/lib/tests/phpunit/formatters/WikibaseValueFormatterBuildersTest.php
b/lib/tests/phpunit/formatters/WikibaseValueFormatterBuildersTest.php
index 4fe740f..20eb09b 100644
--- a/lib/tests/phpunit/formatters/WikibaseValueFormatterBuildersTest.php
+++ b/lib/tests/phpunit/formatters/WikibaseValueFormatterBuildersTest.php
@@ -2,11 +2,12 @@
namespace Wikibase\Lib\Test;
+use Language;
+use Title;
use DataValues\MonolingualTextValue;
use DataValues\QuantityValue;
use DataValues\StringValue;
use DataValues\TimeValue;
-use Language;
use ValueFormatters\FormatterOptions;
use ValueFormatters\StringFormatter;
use ValueFormatters\TimeFormatter;
@@ -14,12 +15,12 @@
use Wikibase\DataModel\Entity\EntityId;
use Wikibase\DataModel\Entity\EntityIdValue;
use Wikibase\DataModel\Entity\ItemId;
-use Wikibase\LanguageFallbackChain;
use Wikibase\LanguageFallbackChainFactory;
use Wikibase\Lib\EntityIdFormatter;
use Wikibase\Lib\OutputFormatValueFormatterFactory;
use Wikibase\Lib\SnakFormatter;
use Wikibase\Lib\WikibaseValueFormatterBuilders;
+use Wikibase\Lib\Store\EntityTitleLookup;
/**
* @covers Wikibase\Lib\WikibaseValueFormatterBuilders
@@ -41,9 +42,10 @@
/**
* @param EntityId $entityId The Id of an entity to use for all entity
lookups
+ * @param EntityTitleLookup|null $entityTitleLookup
* @return WikibaseValueFormatterBuilders
*/
- private function newWikibaseValueFormatterBuilders() {
+ private function newWikibaseValueFormatterBuilders( EntityTitleLookup
$entityTitleLookup = null ) {
$termLookup = $this->getMock( 'Wikibase\Lib\Store\TermLookup' );
$termLookup->expects( $this->any() )
@@ -66,7 +68,7 @@
);
} ) );
- return new WikibaseValueFormatterBuilders( $termLookup,
Language::factory( 'en' ) );
+ return new WikibaseValueFormatterBuilders( $termLookup,
Language::factory( 'en' ), $entityTitleLookup );
}
private function newFormatterOptions( $lang = 'en' ) {
@@ -76,10 +78,25 @@
}
/**
+ * @return EntityTitleLookup
+ */
+ private function newEntityTitleLookup() {
+ $entityTitleLookup = $this->getMock(
'Wikibase\Lib\Store\EntityTitleLookup' );
+ $entityTitleLookup->expects( $this->any() )
+ ->method( 'getTitleForId' )
+ ->will( $this->returnCallback( function ( EntityId
$entityId ) {
+ return Title::newFromText(
$entityId->getSerialization() );
+ } )
+ );
+
+ return $entityTitleLookup;
+ }
+
+ /**
* @dataProvider buildDispatchingValueFormatterProvider
*/
public function testBuildDispatchingValueFormatter( $format, $options,
$value, $expected, $dataTypeId = null ) {
- $builders = $this->newWikibaseValueFormatterBuilders();
+ $builders = $this->newWikibaseValueFormatterBuilders(
$this->newEntityTitleLookup() );
$factory = new OutputFormatValueFormatterFactory(
$builders->getValueFormatterBuildersForFormats() );
$formatter = $builders->buildDispatchingValueFormatter(
$factory, $format, $options );
@@ -189,10 +206,44 @@
}
/**
+ * In case WikibaseValueFormatterBuilders doesn't have a
EntityTitleLookup it returns
+ * a formatter which doesn't link the entity id.
+ *
+ * @dataProvider buildDispatchingValueFormatterNoTitleLookupProvider
+ */
+ public function testBuildDispatchingValueFormatter_noTitleLookup(
$format, $options, $value, $expected, $dataTypeId = null ) {
+ $builders = $this->newWikibaseValueFormatterBuilders();
+
+ $factory = new OutputFormatValueFormatterFactory(
$builders->getValueFormatterBuildersForFormats() );
+ $formatter = $builders->buildDispatchingValueFormatter(
$factory, $format, $options );
+
+ $text = $formatter->formatValue( $value, $dataTypeId );
+ $this->assertRegExp( $expected, $text );
+ }
+
+ public function buildDispatchingValueFormatterNoTitleLookupProvider() {
+ return array(
+ 'plain item label' => array(
+ SnakFormatter::FORMAT_PLAIN,
+ $this->newFormatterOptions(),
+ new EntityIdValue( new ItemId( 'Q5' ) ),
+ '@^Label for Q5$@'
+ ),
+ 'widget item link' => array(
+ SnakFormatter::FORMAT_HTML_WIDGET,
+ $this->newFormatterOptions(),
+ new EntityIdValue( new ItemId( 'Q5' ) ),
+ '/^Label for Q5*$/',
+ 'wikibase-item'
+ )
+ );
+ }
+
+ /**
* @dataProvider
buildDispatchingValueFormatterProvider_LabelLookupOption
*/
public function testBuildDispatchingValueFormatter_LabelLookupOption(
$options, ItemId $value, $expected ) {
- $builders = $this->newWikibaseValueFormatterBuilders();
+ $builders = $this->newWikibaseValueFormatterBuilders(
$this->newEntityTitleLookup() );
$factory = new OutputFormatValueFormatterFactory(
$builders->getValueFormatterBuildersForFormats() );
$formatter = $builders->buildDispatchingValueFormatter(
$factory, SnakFormatter::FORMAT_HTML, $options );
--
To view, visit https://gerrit.wikimedia.org/r/180461
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I82b90f8a8cad8f7b65a0c7a26d76611be7fb1f25
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: wmf/1.25wmf12c
Gerrit-Owner: Aude <aude.w...@gmail.com>
Gerrit-Reviewer: Hoo man <h...@online.de>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
