User: Fix loading of user_touched

[lhc/web/wiklou.git] / includes / Sanitizer.php

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index a856f1e..d41e559 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -750,7 +750,17 @@ class Sanitizer {
                        }
 
                        # Allow any attribute beginning with "data-"
-                       if ( !preg_match( '/^data-(?!ooui)/i', $attribute ) && !isset( $whitelist[$attribute] ) ) {
+                       # However:
+                       # * data-ooui is reserved for ooui
+                       # * data-mw and data-parsoid are reserved for parsoid
+                       # * data-mw-<name here> is reserved for extensions (or core) if
+                       #   they need to communicate some data to the client and want to be
+                       #   sure that it isn't coming from an untrusted user.
+                       # * Ensure that the attribute is not namespaced by banning
+                       #   colons.
+                       if ( !preg_match( '/^data-(?!ooui|mw|parsoid)[^:]*$/i', $attribute )
+                               && !isset( $whitelist[$attribute] )
+                       ) {
                                continue;
                        }
 
@@ -940,7 +950,6 @@ class Sanitizer {
                return $value;
        }
 
-
        /**
         * Pick apart some CSS and check it for forbidden or unsafe structures.
         * Returns a sanitized string. This sanitized string will have
@@ -1631,7 +1640,7 @@ class Sanitizer {
 
                        # 10.2
                        'ul'         => array_merge( $common, array( 'type' ) ),
-                       'ol'         => array_merge( $common, array( 'type', 'start' ) ),
+                       'ol'         => array_merge( $common, array( 'type', 'start', 'reversed' ) ),
                        'li'         => array_merge( $common, array( 'type', 'value' ) ),
 
                        # 10.3