X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FMessage.php;h=2c979dedd0afdbbbab67693f6ee0f1f52f91a6f4;hb=06045fd914a2472f6615fb79b0244c1103099a6d;hp=c204aee03248ecf14326e721eeb389278ede22bb;hpb=b6e954a1629f28024d30a8e2575fb6de977b5e00;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Message.php b/includes/Message.php index c204aee032..2c979dedd0 100644 --- a/includes/Message.php +++ b/includes/Message.php @@ -384,22 +384,30 @@ class Message implements MessageSpecifier, Serializable { /** * Transform a MessageSpecifier or a primitive value used interchangeably with - * specifiers (a message key string, or a key + params array) into a proper Message + * specifiers (a message key string, or a key + params array) into a proper Message. + * + * Also accepts a MessageSpecifier inside an array: that's not considered a valid format + * but is an easy error to make due to how StatusValue stores messages internally. + * Further array elements are ignored in that case. + * * @param string|array|MessageSpecifier $value * @return Message * @throws InvalidArgumentException * @since 1.27 */ public static function newFromSpecifier( $value ) { - if ( $value instanceof RawMessage ) { - $message = new RawMessage( $value->getKey(), $value->getParams() ); + $params = []; + if ( is_array( $value ) ) { + $params = $value; + $value = array_shift( $params ); + } + + if ( $value instanceof Message ) { // Message, RawMessage, ApiMessage, etc + $message = clone( $value ); } elseif ( $value instanceof MessageSpecifier ) { $message = new Message( $value ); - } elseif ( is_array( $value ) ) { - $key = array_shift( $value ); - $message = new Message( $key, $value ); } elseif ( is_string( $value ) ) { - $message = new Message( $value ); + $message = new Message( $value, $params ); } else { throw new InvalidArgumentException( __METHOD__ . ': invalid argument type ' . gettype( $value ) ); @@ -794,10 +802,13 @@ class Message implements MessageSpecifier, Serializable { $string = $this->fetchMessage(); if ( $string === false ) { - if ( $this->format === 'plain' || $this->format === 'text' ) { - return '<' . $this->key . '>'; - } - return '<' . htmlspecialchars( $this->key ) . '>'; + // Err on the side of safety, ensure that the output + // is always html safe in the event the message key is + // missing, since in that case its highly likely the + // message key is user-controlled. + // '⧼' is used instead of '<' to side-step any + // double-escaping issues. + return '⧼' . htmlspecialchars( $this->key ) . '⧽'; } # Replace $* with a list of parameters for &uselang=qqx.