wikimedia/mediawiki-extensions-Gadgets
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets synced 2024-11-28 09:10:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix escaping in Special:GadgetUsage.

Browse source 
wfEscapeWikiText() is incorrect in this context. It escapes
HTML, but also escapes a whole bunch of other stuff that
is not needed here

Also: Prefer html::element for escaping, because it makes it
easier to see at a glance everything is escaped.

Change-Id: I91b0722ea98f1e20339c7e0aa839c1073b778ed5
This commit is contained in:
Brian Wolff 2015-10-27 03:23:42 -06:00
parent e009534e5c
commit 246329b7fc
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
SpecialGadgetUsage.php
View file

@ -71,7 +71,7 @@ class SpecialGadgetUsage extends QueryPage {
$headers = array( 'gadgetusage-gadget', 'gadgetusage-usercount' );
foreach( $headers as $h ) {
$html .= Html::rawElement( 'th', array(), $this->msg( $h )->escaped() );
$html .= Html::element( 'th', array(), $this->msg( $h )->text() );
}
$html .= Html::closeElement( 'tr' );
$this->getOutput()->addHTML( $html );
@ -80,15 +80,15 @@ class SpecialGadgetUsage extends QueryPage {
/**
* @param Skin $skin
* @param object $result Result row
* @return string bool
* @return string|bool String of HTML
*/
public function formatResult( $skin, $result ) {
$gadgetTitle = wfEscapeWikiText( substr( $result->title, 7 ) );
$gadgetTitle = substr( $result->title, 7 );
$gadgetUserCount = $this->getLanguage()->formatNum( $result->value );
if ( $gadgetTitle ) {
$html = Html::openElement( 'tr', array() );
$html .= Html::rawElement( 'td', array(), $gadgetTitle );
$html .= Html::rawElement( 'td', array(), $gadgetUserCount );
$html .= Html::element( 'td', array(), $gadgetTitle );
$html .= Html::element( 'td', array(), $gadgetUserCount );
$html .= Html::closeElement( 'tr' );
return $html;
}