dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge "[Bug 41030] fix fatal error when rendering non-existing pages"
[lhc/web/wiklou.git]
/
includes
/
Sanitizer.php
diff --git
a/includes/Sanitizer.php
b/includes/Sanitizer.php
index
a0c77da
..
8919f10
100644
(file)
--- a/
includes/Sanitizer.php
+++ b/
includes/Sanitizer.php
@@
-692,7
+692,9
@@
class Sanitizer {
}
}
}
}
- if ( $attribute === 'align' && !in_array( $element, $cells ) ) {
+ // Table align is special, it's about block alignment instead of
+ // content align (see also bug 40306)
+ if ( $attribute === 'align' && in_array( $element, $table ) ) {
if ( $value === 'center' ) {
$style .= ' margin-left: auto;';
$property = 'margin-right';
if ( $value === 'center' ) {
$style .= ' margin-left: auto;';
$property = 'margin-right';
@@
-910,7
+912,7
@@
class Sanitizer {
// Reject problematic keywords and control characters
if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
return '/* invalid control char */';
// Reject problematic keywords and control characters
if ( preg_match( '/[\000-\010\016-\037\177]/', $value ) ) {
return '/* invalid control char */';
- } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\( !ix', $value ) ) {
+ } elseif ( preg_match( '! expression | filter\s*: | accelerator\s*: | url\s*\(
| image\s*\(
!ix', $value ) ) {
return '/* insecure input */';
}
return $value;
return '/* insecure input */';
}
return $value;
@@
-1026,7
+1028,7
@@
class Sanitizer {
# Stupid hack
$encValue = preg_replace_callback(
# Stupid hack
$encValue = preg_replace_callback(
- '/(' . wfUrlProtocols() . ')/',
+ '/(
(?i)
' . wfUrlProtocols() . ')/',
array( 'Sanitizer', 'armorLinksCallback' ),
$encValue );
return $encValue;
array( 'Sanitizer', 'armorLinksCallback' ),
$encValue );
return $encValue;
@@
-1181,6
+1183,7
@@
class Sanitizer {
* attribs regex matches.
*
* @param $set Array
* attribs regex matches.
*
* @param $set Array
+ * @throws MWException
* @return String
*/
private static function getTagAttributeCallback( $set ) {
* @return String
*/
private static function getTagAttributeCallback( $set ) {