// been changed somehow, and keep it if so.
$anonPO = ParserOptions::newFromAnon();
$anonPO->setEditSection( false );
+ $anonPO->setAllowUnsafeRawHtml( false );
if ( !$options->matches( $anonPO ) ) {
wfLogWarning( __METHOD__ . ': Setting a changed bogus ParserOptions: ' . wfGetAllCallers( 5 ) );
$options->isBogus = false;
// either.
$po = ParserOptions::newFromAnon();
$po->setEditSection( false );
+ $po->setAllowUnsafeRawHtml( false );
$po->isBogus = true;
if ( $options !== null ) {
$this->mParserOptions = empty( $options->isBogus ) ? $options : null;
$this->mParserOptions = ParserOptions::newFromContext( $this->getContext() );
$this->mParserOptions->setEditSection( false );
+ $this->mParserOptions->setAllowUnsafeRawHtml( false );
}
if ( $options !== null && !empty( $options->isBogus ) ) {
} else {
$titleObj = Title::newFromText( $returnto );
}
- if ( !is_object( $titleObj ) ) {
+ // We don't want people to return to external interwiki. That
+ // might potentially be used as part of a phishing scheme
+ if ( !is_object( $titleObj ) || $titleObj->isExternal() ) {
$titleObj = Title::newMainPage();
}
dépôts / lhc / web / wiklou.git / blobdiff