jenkins-bot has submitted this change and it was merged.
Change subject: Escape highlighted snippets
......................................................................
Escape highlighted snippets
Bug: 54167
Change-Id: I772b4878151b587672f60d8a22c805ec61896052
---
M CirrusSearchSearcher.php
1 file changed, 25 insertions(+), 3 deletions(-)
Approvals:
Chad: Looks good to me, approved
jenkins-bot: Verified
diff --git a/CirrusSearchSearcher.php b/CirrusSearchSearcher.php
index 0aefbe2..00e97dc 100644
--- a/CirrusSearchSearcher.php
+++ b/CirrusSearchSearcher.php
@@ -420,6 +420,15 @@
* An individual search result from Elasticsearch.
*/
class CirrusSearchResult extends SearchResult {
+ /**
+ * @var string|null lazy built escaped copy of
CirrusSearchSearcher::HIGHLIGHT_PRE
+ */
+ private static $highlightPreEscaped = null;
+ /**
+ * @var string|null lazy built escaped copy of
CirrusSearchSearcher::HIGHLIGHT_POST
+ */
+ private static $highlightPostEscaped = null;
+
private $titleSnippet;
private $redirectTitle, $redirectSnipppet;
private $sectionTitle, $sectionSnippet;
@@ -434,19 +443,19 @@
if ( $title->getNamespace() !== 0 ) {
$nstext = $title->getNsText() . ':';
}
- $this->titleSnippet = $nstext . $highlights[ 'title' ][
0 ];
+ $this->titleSnippet = $nstext .
self::escapeHighlightedText( $highlights[ 'title' ][ 0 ] );
} else {
$this->titleSnippet = '';
}
if ( !isset( $highlights[ 'title' ] ) && isset( $highlights[
'redirect.title' ] ) ) {
- $this->redirectSnipppet = $highlights[ 'redirect.title'
][ 0 ];
+ $this->redirectSnipppet = self::escapeHighlightedText(
$highlights[ 'redirect.title' ][ 0 ] );
$this->redirectTitle = $this->findRedirectTitle(
$result->redirect );
} else {
$this->redirectSnipppet = '';
$this->redirectTitle = null;
}
if ( isset( $highlights[ 'text' ] ) ) {
- $this->textSnippet = $highlights[ 'text' ][ 0 ];
+ $this->textSnippet = self::escapeHighlightedText(
$highlights[ 'text' ][ 0 ] );
} else {
list( $contextLines, $contextChars ) =
SearchEngine::userHighlightPrefs();
$this->initText();
@@ -468,6 +477,19 @@
}
/**
+ * Escape highlighted text coming back from Elasticsearch.
+ */
+ public static function escapeHighlightedText( $text ) {
+ if ( self::$highlightPreEscaped === null ) {
+ self::$highlightPreEscaped = htmlspecialchars(
CirrusSearchSearcher::HIGHLIGHT_PRE );
+ self::$highlightPostEscaped = htmlspecialchars(
CirrusSearchSearcher::HIGHLIGHT_POST );
+ }
+ return str_replace( array( self::$highlightPreEscaped,
self::$highlightPostEscaped ),
+ array( CirrusSearchSearcher::HIGHLIGHT_PRE,
CirrusSearchSearcher::HIGHLIGHT_POST ),
+ htmlspecialchars( $text ) );
+ }
+
+ /**
* Build the redirect title from the highlighted redirect snippet.
* @param array $redirects Array of redirects stored as arrays with
'title' and 'namespace' keys
* @return Title object representing the redirect
--
To view, visit https://gerrit.wikimedia.org/r/84340
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I772b4878151b587672f60d8a22c805ec61896052
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CirrusSearch
Gerrit-Branch: master
Gerrit-Owner: Manybubbles <never...@wikimedia.org>
Gerrit-Reviewer: CSteipp <cste...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Manybubbles <never...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
