Add warning if you give Html::openElement a name with a space

Bug: T201747
Change-Id: I7772f1e8c0c12bdf1fd60d62e015f2ec82d8ac90

diff --git a/RELEASE-NOTES-1.33 b/RELEASE-NOTES-1.33
index ce95bd6..96ca382 100644 (file)
--- a/RELEASE-NOTES-1.33
+++ b/RELEASE-NOTES-1.33
@@ -196,6 +196,8 @@ because of Phabricator reports.
 === Other changes in 1.33 ===
 * (T208871) The hard-coded Google search form on the database error page was
   removed.
+* (T201747) Html::openElement() warns if given an element name wiht a space
+  in it.
 * …
 
 == Compatibility ==

diff --git a/includes/Html.php b/includes/Html.php
index d066eff..0aea7ea 100644 (file)
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -255,6 +255,12 @@ class Html {
                // consistency and better compression.
                $element = strtolower( $element );
 
+               // Some people were abusing this by passing things like
+               // 'h1 id="foo" to $element, which we don't want.
+               if ( strpos( $element, ' ' ) !== false ) {
+                       wfWarn( __METHOD__ . " given element name with space '$element'" );
+               }
+
                // Remove invalid input types
                if ( $element == 'input' ) {
                        $validTypes = [

diff --git a/tests/phpunit/includes/HtmlTest.php b/tests/phpunit/includes/HtmlTest.php
index 5410644..1d687e5 100644 (file)
--- a/tests/phpunit/includes/HtmlTest.php
+++ b/tests/phpunit/includes/HtmlTest.php
@@ -76,6 +76,15 @@ class HtmlTest extends MediaWikiTestCase {
                parent::tearDown();
        }
 
+       /**
+        * @expectedException PHPUnit_Framework_Error_Notice
+        * @expectedExceptionMessage given element name with space
+        * @covers Html::openElement
+        */
+       public function testOpenElement() {
+               Html::openElement( 'span id="x"' );
+       }
+
        /**
         * @covers Html::element
         * @covers Html::rawElement