dépôts
/
lhc
/
web
/
wiklou.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a4147ef
)
only allow xmlns:* if RDFa is enabled
author
Daniel Kinzler
<daniel@users.mediawiki.org>
Fri, 13 Nov 2009 21:57:13 +0000
(21:57 +0000)
committer
Daniel Kinzler
<daniel@users.mediawiki.org>
Fri, 13 Nov 2009 21:57:13 +0000
(21:57 +0000)
includes/Sanitizer.php
patch
|
blob
|
history
diff --git
a/includes/Sanitizer.php
b/includes/Sanitizer.php
index
1277dce
..
d273d38
100644
(file)
--- a/
includes/Sanitizer.php
+++ b/
includes/Sanitizer.php
@@
-614,13
+614,15
@@
class Sanitizer {
* @todo Check for unique id attribute :P
*/
static function validateAttributes( $attribs, $whitelist ) {
* @todo Check for unique id attribute :P
*/
static function validateAttributes( $attribs, $whitelist ) {
+ global $wgAllowRdfaAttributes;
+
$whitelist = array_flip( $whitelist );
$hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
$out = array();
foreach( $attribs as $attribute => $value ) {
$whitelist = array_flip( $whitelist );
$hrefExp = '/^(' . wfUrlProtocols() . ')[^\s]+$/';
$out = array();
foreach( $attribs as $attribute => $value ) {
- #allow XML namespace declaration
. Useful especially with RDFa
- if ( preg_match( MW_XMLNS_ATTRIBUTE_PATTRN, $attribute ) ) {
+ #allow XML namespace declaration
if RDFa is enabled
+ if (
$wgAllowRdfaAttributes &&
preg_match( MW_XMLNS_ATTRIBUTE_PATTRN, $attribute ) ) {
if ( !preg_match( MW_EVIL_URI_PATTERN, $value ) ) {
$out[$attribute] = $value;
}
if ( !preg_match( MW_EVIL_URI_PATTERN, $value ) ) {
$out[$attribute] = $value;
}