dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
SECURITY: jquery.makeCollapsible: Escape user-generated CSS selectors
[lhc/web/wiklou.git]
/
includes
/
parser
/
Parser.php
diff --git
a/includes/parser/Parser.php
b/includes/parser/Parser.php
index
8e5dcbd
..
b66031c
100644
(file)
--- a/
includes/parser/Parser.php
+++ b/
includes/parser/Parser.php
@@
-1113,7
+1113,11
@@
class Parser {
$line = "</{$last_tag}>{$line}";
}
array_pop( $tr_attributes );
$line = "</{$last_tag}>{$line}";
}
array_pop( $tr_attributes );
- $outLine = $line . str_repeat( '</dd></dl>', $indent_level );
+ if ( $indent_level > 0 ) {
+ $outLine = rtrim( $line ) . str_repeat( '</dd></dl>', $indent_level );
+ } else {
+ $outLine = $line;
+ }
} elseif ( $first_two === '|-' ) {
# Now we have a table row
$line = preg_replace( '#^\|-+#', '', $line );
} elseif ( $first_two === '|-' ) {
# Now we have a table row
$line = preg_replace( '#^\|-+#', '', $line );
@@
-1204,13
+1208,15
@@
class Parser {
# be mistaken as delimiting cell parameters
# Bug T153140: Neither should language converter markup.
if ( preg_match( '/\[\[|-\{/', $cell_data[0] ) === 1 ) {
# be mistaken as delimiting cell parameters
# Bug T153140: Neither should language converter markup.
if ( preg_match( '/\[\[|-\{/', $cell_data[0] ) === 1 ) {
- $cell = "{$previous}<{$last_tag}>
{$cell}"
;
+ $cell = "{$previous}<{$last_tag}>
" . trim( $cell )
;
} elseif ( count( $cell_data ) == 1 ) {
} elseif ( count( $cell_data ) == 1 ) {
- $cell = "{$previous}<{$last_tag}>{$cell_data[0]}";
+ // Whitespace in cells is trimmed
+ $cell = "{$previous}<{$last_tag}>" . trim( $cell_data[0] );
} else {
$attributes = $this->mStripState->unstripBoth( $cell_data[0] );
$attributes = Sanitizer::fixTagAttributes( $attributes, $last_tag );
} else {
$attributes = $this->mStripState->unstripBoth( $cell_data[0] );
$attributes = Sanitizer::fixTagAttributes( $attributes, $last_tag );
- $cell = "{$previous}<{$last_tag}{$attributes}>{$cell_data[1]}";
+ // Whitespace in cells is trimmed
+ $cell = "{$previous}<{$last_tag}{$attributes}>" . trim( $cell_data[1] );
}
$outLine .= $cell;
}
$outLine .= $cell;
@@
-1465,7
+1471,7
@@
class Parser {
/**
* @throws MWException
* @param array $m
/**
* @throws MWException
* @param array $m
- * @return
HTML|string
+ * @return
string HTML
*/
public function magicLinkCallback( $m ) {
if ( isset( $m[1] ) && $m[1] !== '' ) {
*/
public function magicLinkCallback( $m ) {
if ( isset( $m[1] ) && $m[1] !== '' ) {
@@
-1617,7
+1623,9
@@
class Parser {
public function doHeadings( $text ) {
for ( $i = 6; $i >= 1; --$i ) {
$h = str_repeat( '=', $i );
public function doHeadings( $text ) {
for ( $i = 6; $i >= 1; --$i ) {
$h = str_repeat( '=', $i );
- $text = preg_replace( "/^$h(.+)$h\\s*$/m", "<h$i>\\1</h$i>", $text );
+ // Trim non-newline whitespace from headings
+ // Using \s* will break for: "==\n===\n" and parse as <h2>=</h2>
+ $text = preg_replace( "/^(?:$h)[ \\t]*(.+?)[ \\t]*(?:$h)\\s*$/m", "<h$i>\\1</h$i>", $text );
}
return $text;
}
}
return $text;
}
@@
-1868,8
+1876,8
@@
class Parser {
$dtrail = '';
$dtrail = '';
- # Set linktype for CSS
- if URL==text, link is essentially free
- $linktype =
( $text === $url ) ? 'free' :
'text';
+ # Set linktype for CSS
+ $linktype = 'text';
# No link text, e.g. [http://domain.tld/some.link]
if ( $text == '' ) {
# No link text, e.g. [http://domain.tld/some.link]
if ( $text == '' ) {
@@
-4050,9
+4058,11
@@
class Parser {
# Get all headlines for numbering them and adding funky stuff like [edit]
# links - this is for later, but we need the number of headlines right now
# Get all headlines for numbering them and adding funky stuff like [edit]
# links - this is for later, but we need the number of headlines right now
+ # NOTE: white space in headings have been trimmed in doHeadings. They shouldn't
+ # be trimmed here since whitespace in HTML headings is significant.
$matches = [];
$numMatches = preg_match_all(
$matches = [];
$numMatches = preg_match_all(
- '/<H(?P<level>[1-6])(?P<attrib>.*?>)
\s*(?P<header>[\s\S]*?)\s*
<\/H[1-6] *>/i',
+ '/<H(?P<level>[1-6])(?P<attrib>.*?>)
(?P<header>[\s\S]*?)
<\/H[1-6] *>/i',
$text,
$matches
);
$text,
$matches
);