Soeren.oldag has uploaded a new change for review.
https://gerrit.wikimedia.org/r/216049
Change subject: Improved escaping on special pages.
......................................................................
Improved escaping on special pages.
When inserting messages into raw html escaped() is used instead of text().
Serializations of entity ids are now escaped, too.
Change-Id: If776a91059d1e7137e166e177fdd41df7de0141b
---
M i18n/en.json
M i18n/qqq.json
M specials/SpecialCrossCheck.php
M specials/SpecialExternalDbs.php
M tests/phpunit/Specials/SpecialCrossCheckTest.php
5 files changed, 40 insertions(+), 36 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/WikidataQualityExternalValidation
refs/changes/49/216049/1
diff --git a/i18n/en.json b/i18n/en.json
index 83d7e7d..febc96e 100755
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -4,7 +4,7 @@
},
"wbqev-crosscheck": "Cross-Check with external databases",
- "wbqev-crosscheck-explanation-general": "This special page performs
cross-checks between items in Wikidata and external databases. You can check
the databases we use on the special page $1.",
+ "wbqev-crosscheck-explanation-general": "This special page performs
cross-checks between items in Wikidata and external databases. You can check
the databases we use on the special page",
"wbqev-crosscheck-explanation-detail": "To revise an item enter its id. The
values of each validatable property are compared to the value in the database
and the result is presented here. Additionally we check whether references are
missing or can be added in form of the database that states the same fact.",
"wbqev-crosscheck-form-section": "Cross-check item",
"wbqev-crosscheck-form-entityid-label": "Item ID:",
@@ -12,7 +12,7 @@
"wbqev-crosscheck-form-submit-label": "Check",
"wbqev-crosscheck-invalid-entity-id": "Invalid entity ID!",
"wbqev-crosscheck-not-existent-entity": "Entity does not exist!",
- "wbqev-crosscheck-result-headline": "Result for $1",
+ "wbqev-crosscheck-result-headline": "Result for",
"wbqev-crosscheck-empty-result": "The entered entity has no statements, that
can be cross-checked with any supported database.",
"wbqev-crosscheck-result-table-header-references": "References",
"wbqev-crosscheck-result-table-header-local-value": "Wikidata value",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 97d7877..f45036b 100755
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -8,7 +8,7 @@
]
},
"wbqev-crosscheck": "{{doc-special|CrossCheck}}",
- "wbqev-crosscheck-explanation-general": "General explanation text for
special page.",
+ "wbqev-crosscheck-explanation-general": "General explanation text for
special page. Link to special page that shows external databases available for
cross-checks is appended to this.",
"wbqev-crosscheck-explanation-detail": "More detailed explanation text
for special page.",
"wbqev-crosscheck-form-section": "Header of the section of the entity id
form.",
"wbqev-crosscheck-form-entityid-label": "Label for the entity id input
field.",
@@ -16,7 +16,7 @@
"wbqev-crosscheck-form-submit-label": "Label of the button, that starts
the check.\n{{Identical|Check}}",
"wbqev-crosscheck-invalid-entity-id": "Error message that appears when
the entered string is not a valid entity id.",
"wbqev-crosscheck-not-existent-entity": "Error message that appears
when the entered entity does not exist.",
- "wbqev-crosscheck-result-headline": "Headline that appears above the
results. Has one parameter, that is the label of the entity, that was checked.",
+ "wbqev-crosscheck-result-headline": "Headline that appears above the
results. Label of the entity, that was checked is appended to this.",
"wbqev-crosscheck-empty-result": "Message that appears, when the given
entity has no statements that can be validated with any supported external
database.",
"wbqev-crosscheck-result-table-header-references":
"{{Identical|Reference}}",
"wbqev-crosscheck-result-table-header-local-value": "Header of the
column that displays the data values stored in Wikidata.",
diff --git a/specials/SpecialCrossCheck.php b/specials/SpecialCrossCheck.php
index 2612b8a..b03e797 100755
--- a/specials/SpecialCrossCheck.php
+++ b/specials/SpecialCrossCheck.php
@@ -18,6 +18,7 @@
use Html;
use HTMLForm;
use Linker;
+use JobQueueGroup;
use Traversable;
use Wikibase\DataModel\Entity\EntityId;
use DataValues\DataValue;
@@ -135,7 +136,7 @@
* @return string
*/
public function getDescription() {
- return $this->msg( 'wbqev-crosscheck' )->text();
+ return $this->msg( 'wbqev-crosscheck' )->escaped();
}
/**
@@ -175,14 +176,14 @@
$entity = $this->entityLookup->getEntity( $entityId );
} catch ( EntityIdParsingException $e ) {
$out->addHTML(
- $this->buildNotice( $this->msg(
'wbqev-crosscheck-invalid-entity-id' )->text(), true )
+ $this->buildNotice( 'wbqev-crosscheck-invalid-entity-id', true
)
);
return;
}
if ( !$entity ) {
$out->addHTML(
- $this->buildNotice( $this->msg(
'wbqev-crosscheck-not-existent-entity' )->text(), true )
+ $this->buildNotice( 'wbqev-crosscheck-not-existent-entity' ,
true )
);
return;
}
@@ -203,7 +204,7 @@
} else {
$out->addHTML(
$this->buildResultHeader( $entityId )
- . $this->buildNotice( $this->msg(
'wbqev-crosscheck-empty-result' )->text() )
+ . $this->buildNotice( 'wbqev-crosscheck-empty-result' )
);
}
}
@@ -243,10 +244,11 @@
'div',
array( 'class' => 'wbqev-infobox' )
)
- . $this->msg( 'wbqev-crosscheck-explanation-general',
$externalDbLink )->text()
+ . $this->msg( 'wbqev-crosscheck-explanation-general' )->escaped()
+ . sprintf( ' %s.', $externalDbLink )
. Html::element( 'br' )
. Html::element( 'br' )
- . $this->msg( 'wbqev-crosscheck-explanation-detail' )->text()
+ . $this->msg( 'wbqev-crosscheck-explanation-detail' )->escaped()
. Html::closeElement( 'div' );
return $infoBox;
@@ -274,7 +276,8 @@
array (
'class' => $cssClasses
),
- $message );
+ $this->msg( $message )->text()
+ );
}
/**
@@ -287,12 +290,14 @@
private function buildResultHeader( EntityId $entityId ) {
$entityLink = sprintf( '%s (%s)',
$this->entityIdHtmlLinkFormatter->formatEntityId( $entityId ),
- $entityId->getSerialization() );
+ htmlspecialchars( $entityId->getSerialization()
) );
return
- Html::openElement( 'h3' )
- . $this->msg( 'wbqev-crosscheck-result-headline', $entityLink
)->text()
- . Html::closeElement( 'h3' );
+ Html::rawElement(
+ 'h3',
+ array(),
+ sprintf( '%s %s', $this->msg(
'wbqev-crosscheck-result-headline' )->escaped(), $entityLink )
+ );
}
/**
@@ -341,7 +346,6 @@
*/
private function formatStatus( $status ) {
$messageName = "wbqev-crosscheck-status-" . strtolower( $status );
- $message = $this->msg( $messageName )->text();
$formattedStatus =
Html::element(
@@ -349,7 +353,7 @@
array (
'class' => 'wbqev-status wbqev-status-' . $status
),
- $message
+ $this->msg( $messageName )->text()
);
return $formattedStatus;
@@ -396,27 +400,27 @@
$table = new HtmlTable(
array(
new HtmlTableHeader(
- $this->msg( 'wbqev-crosscheck-result-table-header-status'
)->text(),
+ $this->msg( 'wbqev-crosscheck-result-table-header-status'
)->escaped(),
true
),
new HtmlTableHeader(
- $this->msg( 'datatypes-type-wikibase-property' )->text(),
+ $this->msg( 'datatypes-type-wikibase-property'
)->escaped(),
true
),
new HtmlTableHeader(
- $this->msg(
'wbqev-crosscheck-result-table-header-local-value' )->text()
+ $this->msg(
'wbqev-crosscheck-result-table-header-local-value' )->escaped()
),
new HtmlTableHeader(
- $this->msg(
'wbqev-crosscheck-result-table-header-external-value' )->text()
+ $this->msg(
'wbqev-crosscheck-result-table-header-external-value' )->escaped()
),
new HtmlTableHeader(
- $this->msg(
'wbqev-crosscheck-result-table-header-references' )->text(),
+ $this->msg(
'wbqev-crosscheck-result-table-header-references' )->escaped(),
true
),
new HtmlTableHeader(
Linker::linkKnown(
self::getTitleFor( 'ExternalDbs' ),
- $this->msg(
'wbqev-crosscheck-result-table-header-external-source' )->text() ),
+ $this->msg(
'wbqev-crosscheck-result-table-header-external-source' )->escaped() ),
true
)
),
@@ -430,7 +434,7 @@
$this->entityIdHtmlLinkFormatter->formatEntityId(
$result->getPropertyId() ),
$this->formatDataValues(
$result->getCompareResult()->getLocalValue() ),
$this->formatDataValues(
$result->getCompareResult()->getExternalValues(), true, Html::element( 'br' ) ),
- $this->msg( "wbqev-crosscheck-status-" .
$result->getReferenceResult()->getStatus() )->text(),
+ $this->msg( "wbqev-crosscheck-status-" .
$result->getReferenceResult()->getStatus() )->escaped(),
$this->entityIdHtmlLinkFormatter->formatEntityId(
$result->getDumpMetaInformation()->getSourceItemId() )
)
);
diff --git a/specials/SpecialExternalDbs.php b/specials/SpecialExternalDbs.php
index c248af3..5009d68 100755
--- a/specials/SpecialExternalDbs.php
+++ b/specials/SpecialExternalDbs.php
@@ -69,7 +69,7 @@
* @return string
*/
public function getDescription() {
- return $this->msg( 'wbqev-externaldbs' )->text();
+ return $this->msg( 'wbqev-externaldbs' )->escaped();
}
/**
@@ -84,10 +84,10 @@
$out->addHTML(
Html::openElement( 'p' )
- . $this->msg( 'wbqev-externaldbs-instructions' )->text()
+ . $this->msg( 'wbqev-externaldbs-instructions'
)->escaped()
. Html::closeElement( 'p' )
. Html::openElement( 'h3' )
- . $this->msg( 'wbqev-externaldbs-overview-headline'
)->text()
+ . $this->msg( 'wbqev-externaldbs-overview-headline'
)->escaped()
. Html::closeElement( 'h3' )
);
@@ -101,13 +101,13 @@
$table = new HtmlTable(
array (
- $this->msg( 'wbqev-externaldbs-name'
)->text(),
- $this->msg( 'wbqev-externaldbs-id' )->text(),
- $this->msg(
'wbqev-externaldbs-import-date' )->text(),
- $this->msg(
'wbqev-externaldbs-language' )->text(),
- $this->msg(
'wbqev-externaldbs-source-urls' )->text(),
- $this->msg( 'wbqev-externaldbs-size'
)->text(),
- $this->msg( 'wbqev-externaldbs-license'
)->text()
+ $this->msg( 'wbqev-externaldbs-name'
)->escaped(),
+ $this->msg( 'wbqev-externaldbs-id' )->escaped(),
+ $this->msg(
'wbqev-externaldbs-import-date' )->escaped(),
+ $this->msg(
'wbqev-externaldbs-language' )->escaped(),
+ $this->msg(
'wbqev-externaldbs-source-urls' )->escaped(),
+ $this->msg( 'wbqev-externaldbs-size'
)->escaped(),
+ $this->msg( 'wbqev-externaldbs-license'
)->escaped()
),
true
);
@@ -120,7 +120,7 @@
} else {
$out->addHTML(
Html::openElement( 'p' )
- . $this->msg( 'wbqev-externaldbs-no-databases'
)->text()
+ . $this->msg( 'wbqev-externaldbs-no-databases'
)->escaped()
. Html::closeElement( 'p' )
);
}
diff --git a/tests/phpunit/Specials/SpecialCrossCheckTest.php
b/tests/phpunit/Specials/SpecialCrossCheckTest.php
index 4e43d43..ba42e52 100755
--- a/tests/phpunit/Specials/SpecialCrossCheckTest.php
+++ b/tests/phpunit/Specials/SpecialCrossCheckTest.php
@@ -283,7 +283,7 @@
unset( $matchers['error'] );
$matchers['result for'] = array(
'tag' => 'h3',
- 'content' => '(wbqev-crosscheck-result-headline:'
+ 'content' => '(wbqev-crosscheck-result-headline)'
);
$matchers['result table'] = array(
--
To view, visit https://gerrit.wikimedia.org/r/216049
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If776a91059d1e7137e166e177fdd41df7de0141b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/WikidataQualityExternalValidation
Gerrit-Branch: master
Gerrit-Owner: Soeren.oldag <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
