X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FHtml.php;h=3bcf13132f1beaa98fb01dfb15eb1feee4c233d0;hb=9a37fb8e4851d13bfb208eb886c9947a7f21571c;hp=0b6b6556aca67934823f5c9650a9169ed0fd480d;hpb=3a2853e218acb586a00f2e59638de4176aee287f;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Html.php b/includes/Html.php index 0b6b6556ac..3bcf13132f 100644 --- a/includes/Html.php +++ b/includes/Html.php @@ -220,8 +220,10 @@ class Html { * Identical to rawElement(), but HTML-escapes $contents (like * Xml::element()). * - * @param string $element - * @param array $attribs + * @param string $element Name of the element, e.g., 'a' + * @param array $attribs Associative array of attributes, e.g., [ + * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for + * further documentation. * @param string $contents * * @return string @@ -239,8 +241,10 @@ class Html { * Identical to rawElement(), but has no third parameter and omits the end * tag (and the self-closing '/' in XML mode for empty elements). * - * @param string $element - * @param array $attribs + * @param string $element Name of the element, e.g., 'a' + * @param array $attribs Associative array of attributes, e.g., [ + * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for + * further documentation. * * @return string */ @@ -459,7 +463,7 @@ class Html { * * @param array $attribs Associative array of attributes, e.g., [ * 'href' => 'https://www.mediawiki.org/' ]. Values will be HTML-escaped. - * A value of false means to omit the attribute. For boolean attributes, + * A value of false or null means to omit the attribute. For boolean attributes, * you can omit the key, e.g., [ 'checked' ] instead of * [ 'checked' => 'checked' ] or such. * @@ -485,22 +489,6 @@ class Html { // and better compression anyway. $key = strtolower( $key ); - // Bug 23769: Blacklist all form validation attributes for now. Current - // (June 2010) WebKit has no UI, so the form just refuses to submit - // without telling the user why, which is much worse than failing - // server-side validation. Opera is the only other implementation at - // this time, and has ugly UI, so just kill the feature entirely until - // we have at least one good implementation. - - // As the default value of "1" for "step" rejects decimal - // numbers to be entered in 'type="number"' fields, allow - // the special case 'step="any"'. - - if ( in_array( $key, [ 'max', 'min', 'pattern', 'required' ] ) - || $key === 'step' && $value !== 'any' ) { - continue; - } - // https://www.w3.org/TR/html401/index/attributes.html ("space-separated") // https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated") $spaceSeparatedListAttributes = [ @@ -556,28 +544,7 @@ class Html { if ( in_array( $key, self::$boolAttribs ) ) { $ret .= " $key=\"\""; } else { - // Apparently we need to entity-encode \n, \r, \t, although the - // spec doesn't mention that. Since we're doing strtr() anyway, - // we may as well not call htmlspecialchars(). - // @todo FIXME: Verify that we actually need to - // escape \n\r\t here, and explain why, exactly. - // We could call Sanitizer::encodeAttribute() for this, but we - // don't because we're stubborn and like our marginal savings on - // byte size from not having to encode unnecessary quotes. - // The only difference between this transform and the one by - // Sanitizer::encodeAttribute() is ' is not encoded. - $map = [ - '&' => '&', - '"' => '"', - '>' => '>', - // '<' allegedly allowed per spec - // but breaks some tools if not escaped. - "<" => '<', - "\n" => ' ', - "\r" => ' ', - "\t" => ' ' - ]; - $ret .= " $key=$quote" . strtr( $value, $map ) . $quote; + $ret .= " $key=$quote" . Sanitizer::encodeAttribute( $value ) . $quote; } } return $ret; @@ -622,9 +589,12 @@ class Html { * * @param string $contents CSS * @param string $media A media type string, like 'screen' + * @param array $attribs (since 1.31) Associative array of attributes, e.g., [ + * 'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for + * further documentation. * @return string Raw HTML */ - public static function inlineStyle( $contents, $media = 'all' ) { + public static function inlineStyle( $contents, $media = 'all', $attribs = [] ) { // Don't escape '>' since that is used // as direct child selector. // Remember, in css, there is no "x" for hexadecimal escapes, and @@ -642,7 +612,7 @@ class Html { return self::rawElement( 'style', [ 'media' => $media, - ], $contents ); + ] + $attribs, $contents ); } /** @@ -708,6 +678,52 @@ class Html { return self::input( $name, $value, 'checkbox', $attribs ); } + /** + * Return the HTML for a message box. + * @since 1.31 + * @param string $html of contents of box + * @param string $className corresponding to box + * @param string $heading (optional) + * @return string of HTML representing a box. + */ + private static function messageBox( $html, $className, $heading = '' ) { + if ( $heading ) { + $html = self::element( 'h2', [], $heading ) . $html; + } + return self::rawElement( 'div', [ 'class' => $className ], $html ); + } + + /** + * Return a warning box. + * @since 1.31 + * @param string $html of contents of box + * @return string of HTML representing a warning box. + */ + public static function warningBox( $html ) { + return self::messageBox( $html, 'warningbox' ); + } + + /** + * Return an error box. + * @since 1.31 + * @param string $html of contents of error box + * @param string $heading (optional) + * @return string of HTML representing an error box. + */ + public static function errorBox( $html, $heading = '' ) { + return self::messageBox( $html, 'errorbox', $heading ); + } + + /** + * Return a success box. + * @since 1.31 + * @param string $html of contents of box + * @return string of HTML representing a success box. + */ + public static function successBox( $html ) { + return self::messageBox( $html, 'successbox' ); + } + /** * Convenience function to produce a radio button (input element with type=radio) * @@ -775,7 +791,7 @@ class Html { $attribs['name'] = $name; if ( substr( $value, 0, 1 ) == "\n" ) { - // Workaround for bug 12130: browsers eat the initial newline + // Workaround for T14130: browsers eat the initial newline // assuming that it's just for show, but they do keep the later // newlines, which we may want to preserve during editing. // Prepending a single newline