http://www.mediawiki.org/wiki/Special:Code/MediaWiki/76848
Revision: 76848 Author: mah Date: 2010-11-16 23:21:36 +0000 (Tue, 16 Nov 2010) Log Message: ----------- * Remove references to unused charset handling. * Remove references to unused config variables. * Consolidate renderItem() to a single loop instead of a separate one for highlighting displayFields. * Make sure everything gets htmlspecialchars() treatment. o Modified Paths: -------------- trunk/extensions/RSS/RSS.php trunk/extensions/RSS/RSSParser.php Modified: trunk/extensions/RSS/RSS.php =================================================================== --- trunk/extensions/RSS/RSS.php 2010-11-16 23:20:41 UTC (rev 76847) +++ trunk/extensions/RSS/RSS.php 2010-11-16 23:21:36 UTC (rev 76848) @@ -50,14 +50,10 @@ $wgHooks['ParserFirstCallInit'][] = 'RSSHooks::parserInit'; $wgRSSCacheAge = 3600; // one hour -$wgRSSCacheFreshOnly = false; $wgRSSCacheCompare = false; // Check cached content, if available, against remote. // $wgRSSCacheCompare should be set to false or a timeout // (less than $wgRSSCacheAge) after which a comparison will // be made. -$wgRSSOutputEncoding = 'ISO-8859-1'; -$wgRSSInputEncoding = null; -$wgRSSDetectEncoding = true; $wgRSSFetchTimeout = 5; // 5 second timeout // Agent to use for fetching feeds Modified: trunk/extensions/RSS/RSSParser.php =================================================================== --- trunk/extensions/RSS/RSSParser.php 2010-11-16 23:20:41 UTC (rev 76847) +++ trunk/extensions/RSS/RSSParser.php 2010-11-16 23:21:36 UTC (rev 76848) @@ -1,7 +1,6 @@ <?php class RSSParser { - protected $charset; protected $maxheads = 32; protected $reversed = false; protected $highlight = array(); @@ -35,15 +34,6 @@ function __construct( $url, $args ) { $this->url = $url; - # Get charset from argument array - # FIXME: not used yet - if ( isset( $args['charset'] ) ) { - $this->charset = $args['charset']; - } else { - global $wgOutputEncoding; - $this->charset = $wgOutputEncoding; - } - # Get max number of headlines from argument-array if ( isset( $args['max'] ) ) { $this->maxheads = $args['max']; @@ -92,16 +82,11 @@ * * NOTES ON FAILED REQUESTS: * If there is an HTTP error while fetching an RSS object, the cached version - * will be returned, if it exists (and if $wgRSSCacheFreshOnly is false) + * will be returned, if it exists. * * @return boolean Status object */ function fetch() { - global $wgRSSCacheAge, $wgRSSCacheFreshOnly; - global $wgRSSCacheDirectory, $wgRSSFetchTimeout; - global $wgRSSOutputEncoding, $wgRSSInputEncoding; - global $wgRSSDetectEncoding; - if ( !isset( $this->url ) ) { return Status::newFatal( 'rss-fetch-nourl' ); } @@ -256,22 +241,21 @@ protected function renderItem( $item, $parser, $frame ) { $output = ""; if ( isset( $parser ) && isset( $frame ) ) { - $rendered = array(); - foreach ( $this->displayFields as $field ) { - if ( isset($item[$field] ) ) { - $item[$field] = $this->highlightTerms( $item[$field] ); - } - } - + $displayFields = array_flip( $this->displayFields ); $rendered = $this->itemTemplate; + // $info will only be an XML element name, so we're safe // using it. $item[$info] is handled by the XML parser -- // and that means bad RSS with stuff like // <description><script>alert("hi")</script></description> will find its // rogue <script> tags neutered. foreach ( array_keys( $item ) as $info ) { - $rendered = str_replace( '{{{' . $info . '}}}', wfEscapeWikiText( $item[$info] ), - $rendered ); + if ( isset( $displayFields[ $info ] ) ) { + $txt = $this->highlightTerms( htmlspecialchars( $item[ $info ] ) ); + } else { + $txt = htmlspecialchars( $item[ $info ] ); + } + $rendered = str_replace( '{{{' . $info . '}}}', $txt, $rendered ); } $output .= $parser->recursiveTagParse( $rendered, $frame ); } _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs