(bug 8556) When using $wgRawHtml, don't show scary session_failure/possible attack

[lhc/web/wiklou.git] / includes / EditPage.php

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 7dc1c0a..44cba7f 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -792,7 +792,7 @@ class EditPage {
                        $ip = User::isIP( $username );
                        if ( !$user->isLoggedIn() && !$ip ) { # User does not exist
                                $wgOut->wrapWikiMsg( "<div class=\"mw-userpage-userdoesnotexist error\">\n$1\n</div>",
-                                       array( 'userpage-userdoesnotexist', $username ) );
+                                       array( 'userpage-userdoesnotexist', wfEscapeWikiText( $username ) ) );
                        } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked
                                LogEventsList::showLogExtract(
                                        $wgOut,
@@ -1815,7 +1815,7 @@ HTML
                        'style' => '' // avoid php notices when appending preferences (appending allows customAttribs['style'] to still work
                );
 
-               global $wgBetterDirectionality, $wgContLang;
+               global $wgBetterDirectionality;
                if( $wgBetterDirectionality ) {
                        $pageLang = $this->mTitle->getPageLanguage();
                        $attribs['lang'] = $pageLang->getCode();
@@ -2019,8 +2019,14 @@ HTML
                if ( $wgRawHtml && !$this->mTokenOk ) {
                        // Could be an offsite preview attempt. This is very unsafe if
                        // HTML is enabled, as it could be an attack.
-                       $parsedNote = $wgOut->parse( "<div class='previewnote'>" .
-                               wfMsg( 'session_fail_preview_html' ) . "</div>" );
+                       $parsedNote = '';
+                       if ( $this->textbox1 !== '' ) {
+                               // Do not put big scary notice, if previewing the empty
+                               // string, which happens when you initially edit
+                               // a category page, due to automatic preview-on-open.
+                               $parsedNote = $wgOut->parse( "<div class='previewnote'>" .
+                                       wfMsg( 'session_fail_preview_html' ) . "</div>" );
+                       }
                        wfProfileOut( __METHOD__ );
                        return $parsedNote;
                }
@@ -2070,7 +2076,6 @@ HTML
                                if ( $this->mTitle->getNamespace() == NS_MEDIAWIKI ) {
                                        $parserOptions->setTargetLanguage( $this->mTitle->getPageLanguage() );
                                }
-                               $parserOptions->setTargetLanguage( $this->mTitle->getPageLanguage() );
                                $parserOptions->setTidy( true );
                                $parserOptions->enableLimitReport();
                                $parserOutput = $wgParser->parse( $this->mArticle->preSaveTransform( $toparse ),
@@ -2099,7 +2104,8 @@ HTML
                global $wgBetterDirectionality;
                if( $wgBetterDirectionality ) {
                        $pageLang = $this->mTitle->getPageLanguage();
-                       $attribs = array( 'lang' => $pageLang->getCode(), 'dir' => $pageLang->getDir() );
+                       $attribs = array( 'lang' => $pageLang->getCode(), 'dir' => $pageLang->getDir(),
+                               'class' => 'mw-content-'.$pageLang->getDir() );
                        $previewHTML = Html::rawElement( 'div', $attribs, $previewHTML );
                }
                wfProfileOut( __METHOD__ );