$attribs = array_map( array( 'UtfNormal', 'cleanUp' ), $attribs );
}
if ( $contents ) {
- wfProfileIn( __METHOD__ . '-norm' );
$contents = $wgContLang->normalize( $contents );
- wfProfileOut( __METHOD__ . '-norm' );
}
return self::element( $element, $attribs, $contents );
}
/**
* Check if a string is well-formed XML.
* Must include the surrounding tag.
+ * This function is a DoS vector if an attacker can define
+ * entities in $text.
*
* @param string $text String to test.
* @return bool
*
* @todo Error position reporting return
*/
- public static function isWellFormed( $text ) {
+ private static function isWellFormed( $text ) {
$parser = xml_parser_create( "UTF-8" );
# case folding violates XML standard, turn it off
}
}
-class XmlSelect {
- protected $options = array();
- protected $default = false;
- protected $attributes = array();
-
- public function __construct( $name = false, $id = false, $default = false ) {
- if ( $name ) {
- $this->setAttribute( 'name', $name );
- }
-
- if ( $id ) {
- $this->setAttribute( 'id', $id );
- }
-
- if ( $default !== false ) {
- $this->default = $default;
- }
- }
-
- /**
- * @param string $default
- */
- public function setDefault( $default ) {
- $this->default = $default;
- }
-
- /**
- * @param string $name
- * @param array $value
- */
- public function setAttribute( $name, $value ) {
- $this->attributes[$name] = $value;
- }
-
- /**
- * @param string $name
- * @return array|null
- */
- public function getAttribute( $name ) {
- if ( isset( $this->attributes[$name] ) ) {
- return $this->attributes[$name];
- } else {
- return null;
- }
- }
-
- /**
- * @param string $name
- * @param bool $value
- */
- public function addOption( $name, $value = false ) {
- // Stab stab stab
- $value = $value !== false ? $value : $name;
-
- $this->options[] = array( $name => $value );
- }
-
- /**
- * This accepts an array of form
- * label => value
- * label => ( label => value, label => value )
- *
- * @param array $options
- */
- public function addOptions( $options ) {
- $this->options[] = $options;
- }
-
- /**
- * This accepts an array of form
- * label => value
- * label => ( label => value, label => value )
- *
- * @param array $options
- * @param bool $default
- * @return string
- */
- static function formatOptions( $options, $default = false ) {
- $data = '';
-
- foreach ( $options as $label => $value ) {
- if ( is_array( $value ) ) {
- $contents = self::formatOptions( $value, $default );
- $data .= Html::rawElement( 'optgroup', array( 'label' => $label ), $contents ) . "\n";
- } else {
- $data .= Xml::option( $label, $value, $value === $default ) . "\n";
- }
- }
-
- return $data;
- }
-
- /**
- * @return string
- */
- public function getHTML() {
- $contents = '';
-
- foreach ( $this->options as $options ) {
- $contents .= self::formatOptions( $options, $this->default );
- }
-
- return Html::rawElement( 'select', $this->attributes, rtrim( $contents ) );
- }
-}
-
/**
* A wrapper class which causes Xml::encodeJsVar() and Xml::encodeJsCall() to
* interpret a given string as being a JavaScript expression, instead of string