protected $config;
/**
- * @param Config $config
+ * @param Config|null $config
*/
function __construct( Config $config = null ) {
$this->data = [];
* Gets the template data requested
* @since 1.22
* @param string $name Key for the data
- * @param mixed $default Optional default (or null)
+ * @param mixed|null $default Optional default (or null)
* @return mixed The value of the data requested or the deafult
+ * @return-taint onlysafefor_htmlnoent
*/
public function get( $name, $default = null ) {
return $this->data[$name] ?? $default;
/**
* @private
* @param string $str
+ * @suppress SecurityCheck-DoubleEscaped $this->data can be either
*/
function text( $str ) {
echo htmlspecialchars( $this->data[$str] );
/**
* @private
* @param string $str
+ * @suppress SecurityCheck-XSS phan-taint-check cannot tell if $str is pre-escaped
*/
function html( $str ) {
echo $this->data[$str];
/**
* @private
* @param string $msgKey
+ * @warning You should never use this method. I18n messages should be escaped
+ * @deprecated 1.32 Use ->msg() or ->msgWiki() instead.
+ * @suppress SecurityCheck-XSS
+ * @return-taint exec_html
*/
function msgHtml( $msgKey ) {
+ wfDeprecated( __METHOD__, '1.32' );
echo wfMessage( $msgKey )->text();
}
function msgWiki( $msgKey ) {
global $wgOut;
- $text = wfMessage( $msgKey )->text();
- echo $wgOut->parse( $text );
+ $text = wfMessage( $msgKey )->plain();
+ echo $wgOut->parseAsInterface( $text );
}
/**