$error = new OOUI\HtmlSnippet( $error );
}
- $notices = $this->getNotices();
- foreach ( $notices as &$notice ) {
- $notice = new OOUI\HtmlSnippet( $notice );
- }
-
$config = [
'classes' => [ "mw-htmlform-field-$fieldType", $this->mClass ],
'align' => $this->getLabelAlignOOUI(),
'help' => ( $help !== null && $help !== '' ) ? new OOUI\HtmlSnippet( $help ) : null,
'errors' => $errors,
- 'notices' => $notices,
'infusable' => $infusable,
'helpInline' => $this->isHelpInline(),
];
* @return bool
*/
public function isHelpInline() {
- return isset( $this->mParams['help-inline'] ) ? $this->mParams['help-inline'] : true;
+ return $this->mParams['help-inline'] ?? true;
}
/**
* Determine form errors to display and their classes
* @since 1.20
*
+ * phan-taint-check gets confused with returning both classes
+ * and errors and thinks double escaping is happening, so specify
+ * that return value has no taint.
+ *
* @param string $value The value of the input
* @return array array( $errors, $errorClass )
+ * @return-taint none
*/
public function getErrorsAndErrorClass( $value ) {
$errors = $this->validate( $value, $this->mParent->mFieldData );
return $errors;
}
- /**
- * Determine notices to display for the field.
- *
- * @since 1.28
- * @return string[]
- */
- public function getNotices() {
- $notices = [];
-
- if ( isset( $this->mParams['notice-message'] ) ) {
- $notices[] = $this->getMessage( $this->mParams['notice-message'] )->parse();
- }
-
- if ( isset( $this->mParams['notice-messages'] ) ) {
- foreach ( $this->mParams['notice-messages'] as $msg ) {
- $notices[] = $this->getMessage( $msg )->parse();
- }
- } elseif ( isset( $this->mParams['notice'] ) ) {
- $notices[] = $this->mParams['notice'];
- }
-
- return $notices;
- }
-
/**
* @return string HTML
*/
* Formats one or more errors as accepted by field validation-callback.
*
* @param string|Message|array $errors Array of strings or Message instances
+ * To work around limitations in phan-taint-check the calling
+ * class has taintedness disabled. So instead we pretend that
+ * this method outputs html, since the result is eventually
+ * outputted anyways without escaping and this allows us to verify
+ * stuff is safe even though the caller has taintedness cleared.
+ * @param-taint $errors exec_html
* @return string HTML
* @since 1.18
*/