I have run into numerous issues trying to utilize unsafe user
provided content as an argument to a Message instance. Specific
cases are enumerated in MessageTest.php
Typically the solution to using user provided text is to use
Message::rawParam, but this pushes escaping of the parameter to
the caller. This patch introduces Message::plaintextParams which
handles escaping of the string parameter to match the requested
output format.
The functionality is:
* plain and text: exactly like rawParams()
* escaped, parse and parseAsBlock: escape it but don't do brace expansion
Additionaly, similar to Message::rawParam, plaintext parameters are not
valid parser function arguments.
Change-Id: I320645cd23c98fea4bfc32ab22b7ef8d320957cb
This caused bug 71334. The logo should be split out
into its own ResourceLoader module rather than
being in the site module.
This reverts commit efe0169c59.
Bug: 71334
Change-Id: I0234e78f93c2eb6574bae4ad48941498709ae528
Adding the editoptions box styling to mediawiki.skinning.interface instead
of the skin-agnostic mediawiki.action.* means it will only be added to skins
where it's likely to be appropriate, as this is also where the similar styles
for toc, categories, etc are defined.
This way skins in which the editoptions box would be inappropriate need never
worry about it anyway because they won't be using mediawiki.skinning.interface
for the same reason.
Bug: 58254
Change-Id: Ibd1c0617c426e34e7213ca0ce89a126340b012a7
There's a preference which makes the browser go to action=edit when double
clicking on the content. In VE we want to disable this while the editor is
open. With this check in place, we can turn it off by falsifying the value
of the preference (and then restoring the original value when VE closes).
Bug: 53058
Change-Id: I0f6225b25ad279755548361f82b855727758da2b
Currently registering a special page with a factory by passing the
callback string does not work because the is_string check comes
before the is_callback check. If we change the order of this if-
clauses we can also support callbacks like 'Factory::createPage'.
Change-Id: I751f97026ed8c580732c74d66b2804dd180ed16f
Skins where a white background works generally already have a white background
behind this. Skins where it doesn't work generally just wind up overriding this
back to the default (transparent).
Simply removing the background should simplify things.
Change-Id: I1a906f533f7ae2697ee18c998f316a0957ac8bda
Right now, SpecialPageFactory::getAliasListObject() just chooses the
last-seen alias and allows any alias to completely override the page's
"canonical" name (from SpecialPageFactory::$list or $wgSpecialPages).
Although the latter doesn't come up often since (almost?) all special pages
have their canonical name as one of their English-language aliases.
More sensible behavior is to always prefer the "canonical" name over any
conflicting aliases, and to prefer an alias that's the first alias for a
special page over one that is a fallback.
Also, when a special page's first alias winds up not actually referring
to that special page, we MUST NOT go redirecting other names for that
special page to that wrong alias.
Bug: 70686
Change-Id: I4b17ec0fdc87b4b0d7ae9d9eea7ffacb54dd6891
No need to set a variable to value of itself. Also consistent
with the way $remoteBasePath is set, already.
Change-Id: I9b71322592a5ca2d85927fcf6732096f758847e9
* Filter <style> elements
* Normalize style elements and attributes before filtering
* Add checks for attributes that contain css
* Add unit tests for html5sec and reported bugs
Bug:69008
Change-Id: I732eece710f1bfaaeea1e5de541fcd4cfb375de7
Since it is slow and is called many times when articles with lots of
interlanguage links are viewed.
Change-Id: Ib826ea6f1c105ffd43e456fb1c0c3b8aa6d8e391
Use the section headers from 1.24, and move an entry that was placed in
the wrong section in Iff8d444c.
Change-Id: I460551491f23352f08e64aa3f216e2e5f39b5a6f
The API output for help and 'fm' formats will soon have need of
including ResourceLoader modules on an otherwise-bare page. The easiest
way to do this is to use OutputPage, but that requires a skin. So let's
add a skin that outputs a basic page without any navigation elements or
other chrome (that may be added later, but that can wait for Design to
decide they want to design it).
Change-Id: Ifa95fae5acaa3cfbf2ca58a15f8d0c51d84b455a
