When this code parses a string that looks like this:
*
** A
** B
It creates an option group with 2 options, but the name
of the group is an empty string. This makes the OOUI
DropdownInputWidget fail later.
Since the empty group name is useless anyway, drop it. This
makes the code behave as if the parsed string looked like
this:
* A
* B
Live example for the issue:
https://el.wikipedia.org/wiki/MediaWiki:Protect-dropdown
Bug: T275125
Change-Id: I780c1be27740b0ed3b35aa569b5a528112d7238f
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
This includes fixing some mistakes, as well as removing
redundant text that doesn't add new information, either because
it literally repeats what the code already says, or is actually
duplicated.
Change-Id: I3a8dd8ce57192deda8916cc444c87d7ab1a36515
The `$selected` var could be null and in this case, return the default,
an empty string. The null check was after creating the XmlSelect
object which seemed out of place as after setting the variable to
the default, it's not used anywhere below.
Actually, the check should happen above and set it to it's default if
need be before creating the object below.
Change-Id: I6b69a7780c9f4a9ae283db8fa90b9cee76954d00
There are a few messages that use a custom format for select
lists. This moves the parsing of these messages into a single
method.
Bug: T245565
Change-Id: I0a24d3458979d7cca2dc3cb38c1b0f700a88490a
