[MediaWiki-commits] [Gerrit] mediawiki/core[fundraising/REL1_27]: Make anchor for headlines escape > and <

Tue, 14 Nov 2017 16:11:05 -0800 

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391410 )

Change subject: Make anchor for headlines escape > and <
......................................................................


Make anchor for headlines escape > and <

As a hardening step against language converter and its crazy regexes.

Bug: T125163
Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
---
M includes/Linker.php
1 file changed, 8 insertions(+), 6 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/includes/Linker.php b/includes/Linker.php
index 5717fba..70488c5 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1789,22 +1789,24 @@
         *   a space and ending with '>'
         *   This *must* be at least '>' for no attribs
         * @param string $anchor The anchor to give the headline (the bit after 
the #)
-        * @param string $html Html for the text of the header
+        * @param string $html HTML for the text of the header
         * @param string $link HTML to add for the section edit link
-        * @param bool|string $legacyAnchor A second, optional anchor to give 
for
+        * @param string|bool $fallbackAnchor A second, optional anchor to give 
for
         *   backward compatibility (false to omit)
         *
         * @return string HTML headline
         */
        public static function makeHeadline( $level, $attribs, $anchor, $html,
-               $link, $legacyAnchor = false
+               $link, $fallbackAnchor = false
        ) {
+               $anchorEscaped = htmlspecialchars( $anchor );
                $ret = "<h$level$attribs"
-                       . "<span class=\"mw-headline\" 
id=\"$anchor\">$html</span>"
+                       . "<span class=\"mw-headline\" 
id=\"$anchorEscaped\">$html</span>"
                        . $link
                        . "</h$level>";
-               if ( $legacyAnchor !== false ) {
-                       $ret = "<div id=\"$legacyAnchor\"></div>$ret";
+               if ( $fallbackAnchor !== false && $fallbackAnchor !== $anchor ) 
{
+                       $fallbackAnchor = htmlspecialchars( $fallbackAnchor );
+                       $ret = "<div id=\"$fallbackAnchor\"></div>$ret";
                }
                return $ret;
        }

-- 
To view, visit https://gerrit.wikimedia.org/r/391410
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: fundraising/REL1_27
Gerrit-Owner: Ejegg <ej...@ejegg.com>
Gerrit-Reviewer: Ejegg <ej...@ejegg.com>
Gerrit-Reviewer: Jackmcbarn <jackmcb...@gmail.com>
Gerrit-Reviewer: MaxSem <maxsem.w...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to