X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FSanitizer.php;h=de63af797915086570a2f3c6670a50ed7cb12fdc;hp=e8f06c46b14695ee8296e3f5201f75e776d70ee5;hb=59ebff658ce912c1b0e7ef8d8f9bfec5a4e17b39;hpb=180c2020cc8d703b8f6e9a8ad3988ca431560250

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index e8f06c46b1..de63af7979 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -346,12 +346,9 @@ class Sanitizer {
 				  ($space*=$space*
 					(?:
 					 # The attribute value: quoted or alone
-					  \"([^<\"]*)\"
-					 | '([^<']*)'
+					  \"([^<\"]*)(?:\"|\$)
+					 | '([^<']*)(?:'|\$)
 					 |  ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
-					 |  (\#[0-9a-fA-F]+) # Technically wrong, but lots of
-										 # colors are specified like this.
-										 # We'll be normalizing it.
 					)
 				)?(?=$space|\$)/sx";
 		}
@@ -457,15 +454,13 @@ class Sanitizer {
 	public static function removeHTMLtags( $text, $processCallback = null,
 		$args = array(), $extratags = array(), $removetags = array()
 	) {
-		global $wgUseTidy;
-
 		extract( self::getRecognizedTagData( $extratags, $removetags ) );
 
 		# Remove HTML comments
 		$text = Sanitizer::removeHTMLcomments( $text );
 		$bits = explode( '<', $text );
 		$text = str_replace( '>', '&gt;', array_shift( $bits ) );
-		if ( !$wgUseTidy ) {
+		if ( !MWTidy::isEnabled() ) {
 			$tagstack = $tablestack = array();
 			foreach ( $bits as $x ) {
 				$regs = array();
@@ -1264,10 +1259,7 @@ class Sanitizer {
 	 * @return string
 	 */
 	private static function getTagAttributeCallback( $set ) {
-		if ( isset( $set[6] ) ) {
-			# Illegal #XXXXXX color with no quotes.
-			return $set[6];
-		} elseif ( isset( $set[5] ) ) {
+		if ( isset( $set[5] ) ) {
 			# No quotes.
 			return $set[5];
 		} elseif ( isset( $set[4] ) ) {
@@ -1815,7 +1807,7 @@ class Sanitizer {
 			$host = preg_replace( $strip, '', $host );
 
 			// IPv6 host names are bracketed with [].  Url-decode these.
-			if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B(.*?)%5D((:\d+)?)$!', $host, $matches ) ) {
+			if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B([0-9A-Fa-f:.]+)%5D((:\d+)?)$!', $host, $matches ) ) {
 				$host = '//[' . $matches[1] . ']' . $matches[2];
 			}