// disallow some styles that could be used to bypass $wgRestrictDisplayTitle
if ( $wgRestrictDisplayTitle ) {
- $htmlTagsCallback = function ( $params ) {
+ $htmlTagsCallback = function ( &$params ) {
$decoded = Sanitizer::decodeTagAttributes( $params );
if ( isset( $decoded['style'] ) ) {
return self::formatRaw( SiteStats::edits(), $raw );
}
static function numberofviews( $parser, $raw = null ) {
- return self::formatRaw( SiteStats::views(), $raw );
+ global $wgDisableCounters;
+ return !$wgDisableCounters ? self::formatRaw( SiteStats::views(), $raw ) : '';
}
static function pagesinnamespace( $parser, $namespace = 0, $raw = null ) {
return self::formatRaw( SiteStats::pagesInNs( intval( $namespace ) ), $raw );
return '';
} else {
return '<span class="error">' .
- wfMessage( 'duplicate-defaultsort', $old, $text )->inContentLanguage()->escaped() .
+ wfMessage( 'duplicate-defaultsort',
+ wfEscapeWikiText( $old ), // Message should be parsed, but these params should only be escaped.
+ wfEscapeWikiText( $text )
+ )->inContentLanguage()->text() .
'</span>';
}
}