On Mon, 28 Nov 2005 12:40:56 -0800, Brion Vibber wrote:
Netocrat wrote:
[incorrectly patching
Title.php/getLocalURL() and getFullURL() to encode
ampersands]
This patch is incorrect, and will cause broken URLs to
be output
throughout the wiki.
Too hasty - I didn't notice that there were already escaped versions of
these functions and that unescaped versions were necessary.
Instead, you should locate the individual *output* of
the bad URL that
you found and patch *that* to properly HTML-encode its output.
I based part of the extension on code from BoardVote.php, which doesn't
use the escaped url function to generate the action of a form. So the
patch is not very significant anyhow but this is what it should have been:
Index: BoardVote.php
===================================================================
RCS file: /cvsroot/wikipedia/extensions/BoardVote/BoardVote.php,v
retrieving revision 1.4
diff -u -r1.4 BoardVote.php
--- BoardVote.php 13 Sep 2005 14:12:09 -0000 1.4
+++ BoardVote.php 29 Nov 2005 05:05:56 -0000
@@ -155,7 +155,7 @@
global $wgBoardCandidates, $wgOut;
$thisTitle = Title::makeTitle( NS_SPECIAL, "Boardvote" );
- $action = $thisTitle->getLocalURL( "action=vote" );
+ $action = $thisTitle->escapeLocalURL( "action=vote" );
if ( $this->mHasVoted ) {
$intro = wfMsg( "boardvote_intro_change" );
} else {
--
http://members.dodo.com.au/~netocrat