Difference between revisions of "Issue:Magic word in titlematch is not escaped"
From FollowTheScore
(solution, hopefully it doesn't break anything) |
|||
| Line 20: | Line 20: | ||
== Reply == | == Reply == | ||
| + | Are you talking about the place where "linksto", "linksfrom" etc. conditions are being converted to SQL statements (~ line 1900)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --[[User:Gero|Gero]] 07:49, 16 February 2010 (UTC) | ||
Revision as of 08:49, 16 February 2010
| Description: | |
| Extension / Version: | DPL / 1.9.0 |
| Type / Status: | Bug / open |
Problem
Observe: User:Nx/sand'box
The first query is correctly escaped, the second one, which uses {{PAGENAME}} is not. -- Nx / talk 12:14, 14 February 2010 (UTC)
- Ok, upon further investigation, this isn't really a dpl bug. {{PAGENAME}} et al. return an escaped title: Nx/sand'box -- Nx / talk 13:18, 14 February 2010 (UTC)
And the solution is to run Sanitizer:decodeCharReferences (this is what the Title:newFromText does too), e.g. in the foreach cycle:
$link = Sanitizer::decodeCharReferences($link);
-- Nx / talk 13:37, 14 February 2010 (UTC)
Reply
Are you talking about the place where "linksto", "linksfrom" etc. conditions are being converted to SQL statements (~ line 1900)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --Gero 07:49, 16 February 2010 (UTC)
