mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/RSS
synced 2024-11-23 23:34:07 +00:00
fix for bug34763 'RSS feed items (HTML) are not rendered as HTML but htmlescaped'; tolerated controlled regression bug30377 'feed item length limitation', because this now becomes very tricky when we allow some tags in order to close bug 34763.
This commit is contained in:
Thomas Gries
parent
dc94c95fb2
commit
832948bb19
Notes:
Thomas Gries
2012-03-07 21:06:35 +00:00
|
|
@ -11,6 +11,13 @@ http://www.mediawiki.org/wiki/Extension:RSS
|
|||
(otherwise using the defaults - PHP will abort the entire program when your
|
||||
memory usage gets too high)
|
||||
|
||||
=== Version 2.12 2012-03-07 ===
|
||||
* bug fix 34763 "RSS feed items (HTML) are not rendered as HTML but htmlescaped"
|
||||
* regression bug 30377 "Add a new parameter to limit the number of characters
|
||||
when rendering the channel item <description>". Feed item string length
|
||||
limitation is difficult when we allow HTML <a> or <img> tags, because a mere
|
||||
content-unaware limitation breaks (can break) tags which results in disastrous
|
||||
rendering results.
|
||||
|
||||
=== Version 2.11 2012-02-29 ===
|
||||
* function name typo correction
|
||||
|
|
|
|||
13
RSS.php
13
RSS.php
|
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @file
|
||||
* @ingroup Extensions
|
||||
* @version 2.11
|
||||
* @version 2.12
|
||||
* @author mutante, Daniel Kinzler, Rdb, Mafs, Thomas Gries, Alxndr, Chris Reigrut, K001
|
||||
* @author Kellan Elliott-McCrea <kellan@protest.net> -- author of MagpieRSS
|
||||
* @author Jeroen De Dauw
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
* @link http://www.mediawiki.org/wiki/Extension:RSS Documentation
|
||||
*/
|
||||
|
||||
define( "EXTENSION_RSS_VERSION", "2.11 20120229" );
|
||||
define( "EXTENSION_RSS_VERSION", "2.12 20120307" );
|
||||
|
||||
if ( !defined( 'MEDIAWIKI' ) ) {
|
||||
die( "This is not a valid entry point.\n" );
|
||||
|
|
@ -93,5 +93,12 @@ $wgRSSDateDefaultFormat = "(Y-m-d H:i:s)";
|
|||
|
||||
// limit the number of characters in the item description
|
||||
// or set to false for unlimited length.
|
||||
// $wgRSSItemMaxLength = false;
|
||||
// THIS IS CURRENTLY NOT WORKING (bug 30377)
|
||||
$wgRSSItemMaxLength = false;
|
||||
|
||||
// You can choose to allow active links in feed items; default: false
|
||||
$wgRSSAllowLinkTag = false;
|
||||
|
||||
// If you want to see images in feed items, then you need to globally allow
|
||||
// image tags in your wiki by using the MediaWiki parameter; default: false
|
||||
// $wgAllowImageTag = true;
|
||||
|
|
|
|||
105
RSSParser.php
105
RSSParser.php
|
|
@ -312,6 +312,14 @@ class RSSParser {
|
|||
return $ret;
|
||||
}
|
||||
|
||||
function sandboxParse($wikiText) {
|
||||
global $wgTitle, $wgUser;
|
||||
$myParser = new Parser();
|
||||
$myParserOptions = ParserOptions::newFromUser($wgUser);
|
||||
$result = $myParser->parse($wikiText, $wgTitle, $myParserOptions);
|
||||
return $result->getText();
|
||||
}
|
||||
|
||||
/**
|
||||
* Render the entire feed so that each item is passed to the
|
||||
* template which the MediaWiki then displays.
|
||||
|
|
@ -320,7 +328,7 @@ class RSSParser {
|
|||
* @param $frame the frame param to pass to recursiveTagParse()
|
||||
*/
|
||||
function renderFeed( $parser, $frame ) {
|
||||
|
||||
|
||||
$renderedFeed = '';
|
||||
|
||||
if ( isset( $this->itemTemplate ) && isset( $parser ) && isset( $frame ) ) {
|
||||
|
|
@ -336,15 +344,15 @@ class RSSParser {
|
|||
}
|
||||
|
||||
if ( $this->canDisplay( $item ) ) {
|
||||
$renderedFeed .= $this->renderItem( $item ) . "\n";
|
||||
$renderedFeed .= $this->renderItem( $item, $parser ) . "\n";
|
||||
$headcnt++;
|
||||
}
|
||||
}
|
||||
|
||||
$renderedFeed = $parser->recursiveTagParse( $renderedFeed, $frame );
|
||||
$renderedFeed = $this->sandboxParse( $renderedFeed );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $renderedFeed;
|
||||
}
|
||||
|
||||
|
|
@ -353,7 +361,7 @@ class RSSParser {
|
|||
*
|
||||
* @param $item Array: an array produced by RSSData where keys are the names of the RSS elements
|
||||
*/
|
||||
protected function renderItem( $item ) {
|
||||
protected function renderItem( $item, $parser ) {
|
||||
|
||||
$renderedItem = $this->itemTemplate;
|
||||
|
||||
|
|
@ -385,12 +393,14 @@ class RSSParser {
|
|||
$renderedItem = str_replace( '{{{date}}}', $txt, $renderedItem );
|
||||
break;
|
||||
default:
|
||||
$str = $this->escapeTemplateParameter( $item[$info] );
|
||||
$str = $this->escapeTemplateParameter( $item[$info] );
|
||||
/***
|
||||
if ( mb_strlen( $str ) > $this->ItemMaxLength ) {
|
||||
$str = mb_substr( $str, 0, $this->ItemMaxLength ) . " ...";
|
||||
}
|
||||
***/
|
||||
$txt = $this->highlightTerms( $str );
|
||||
$renderedItem = str_replace( '{{{' . $info . '}}}', $txt, $renderedItem );
|
||||
$renderedItem = str_replace( '{{{' . $info . '}}}', $parser->insertStripItem( $str ), $renderedItem );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -434,41 +444,60 @@ class RSSParser {
|
|||
* to the other kinds of markup, to avoid user input ending a template
|
||||
* invocation.
|
||||
*
|
||||
* We change differently flavoured <p> and <br> tags to effective <br> tags,
|
||||
* other tags such as <a> will be rendered html-escaped.
|
||||
* If you want to allow clickable link Urls (HTML <a> tag) in RSS feeds:
|
||||
* $wgRSSAllowLinkTag = true;
|
||||
*
|
||||
* If you want to allow images (HTML <img> tag) in RSS feeds:
|
||||
* $wgAllowImageTag = true;
|
||||
*
|
||||
*/
|
||||
protected function escapeTemplateParameter( $text ) {
|
||||
$text = str_replace(
|
||||
array( '[', '|', ']', '\'', 'ISBN ',
|
||||
'RFC ', '://', "\n=", '{{', '}}',
|
||||
),
|
||||
array( '[', '|', ']', ''', 'ISBN ',
|
||||
'RFC ', '://', "\n=", '{{', '}}',
|
||||
),
|
||||
htmlspecialchars( str_replace( "\n", "", $text ) )
|
||||
);
|
||||
global $wgRSSAllowLinkTag, $wgAllowImageTag;
|
||||
|
||||
// keep some basic layout tags
|
||||
$text = str_replace(
|
||||
array( '<p>', '</p>',
|
||||
'<br/>', '<br>', '</br>',
|
||||
'<b>', '</b>',
|
||||
'<i>', '</i>',
|
||||
'<u>', '</u>',
|
||||
'<s>', '</s>',
|
||||
),
|
||||
array( "", "<br/>",
|
||||
"<br/>", "<br/>", "<br/>",
|
||||
"'''", "'''",
|
||||
"''", "''",
|
||||
"<u>", "</u>",
|
||||
"<s>", "</s>",
|
||||
),
|
||||
$text
|
||||
);
|
||||
if ( isset( $wgRSSAllowLinkTag ) && $wgRSSAllowLinkTag ) {
|
||||
$extra = array( "a" );
|
||||
} else {
|
||||
$extra = array();
|
||||
}
|
||||
|
||||
return $text;
|
||||
if ( ( isset( $wgRSSAllowLinkTag ) && $wgRSSAllowLinkTag )
|
||||
|| ( isset( $wgAllowImageTag ) && $wgAllowImageTag ) ) {
|
||||
|
||||
$ret = Sanitizer::removeHTMLtags( $text, null, array(), $extra, array( "iframe" ) );
|
||||
|
||||
} else { // use the old escape method for a while
|
||||
|
||||
$text = str_replace(
|
||||
array( '[', '|', ']', '\'', 'ISBN ',
|
||||
'RFC ', '://', "\n=", '{{', '}}',
|
||||
),
|
||||
array( '[', '|', ']', ''', 'ISBN ',
|
||||
'RFC ', '://', "\n=", '{{', '}}',
|
||||
),
|
||||
htmlspecialchars( str_replace( "\n", "", $text ) )
|
||||
);
|
||||
|
||||
// keep some basic layout tags
|
||||
$ret = str_replace(
|
||||
array( '<p>', '</p>',
|
||||
'<br/>', '<br>', '</br>',
|
||||
'<b>', '</b>',
|
||||
'<i>', '</i>',
|
||||
'<u>', '</u>',
|
||||
'<s>', '</s>',
|
||||
),
|
||||
array( "", "<br/>",
|
||||
"<br/>", "<br/>", "<br/>",
|
||||
"'''", "'''",
|
||||
"''", "''",
|
||||
"<u>", "</u>",
|
||||
"<s>", "</s>",
|
||||
),
|
||||
$text
|
||||
);
|
||||
}
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in a new issue