Difference between revisions of "Issue:Magic word in titlematch is not escaped"

From FollowTheScore
Jump to: navigation, search
Line 20: Line 20:
  
 
== Reply ==
 
== Reply ==
Are you talking about the place where "linksto", "linksfrom" etc. conditions are being converted to SQL statements (~ line 1900)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --[[User:Gero|Gero]] 07:49, 16 February 2010 (UTC)
+
Macros like PAGENAME can be used anywhere within a DPL query - not ony in 'titlematch'. The problem is that the expansion happens outside DPL and DPL does not know that there once has been a call of such a macro when it parses its parameter content. Are you talking about the place where "linksto", "linksfrom", "titlematch" etc. conditions are being converted to SQL statements (~ line 1900, ~2300)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --[[User:Gero|Gero]] 07:49, 16 February 2010 (UTC)

Revision as of 08:52, 16 February 2010

Description:
Extension / Version: DPL   /   1.9.0
Type / Status: Bug   /   open

Problem

Observe: User:Nx/sand'box

The first query is correctly escaped, the second one, which uses {{PAGENAME}} is not. -- Nx / talk 12:14, 14 February 2010 (UTC)

Ok, upon further investigation, this isn't really a dpl bug. {{PAGENAME}} et al. return an escaped title: Nx/sand'box -- Nx / talk 13:18, 14 February 2010 (UTC)


And the solution is to run Sanitizer:decodeCharReferences (this is what the Title:newFromText does too), e.g. in the foreach cycle: 

$link = Sanitizer::decodeCharReferences($link);

-- Nx / talk 13:37, 14 February 2010 (UTC)

Reply

Macros like PAGENAME can be used anywhere within a DPL query - not ony in 'titlematch'. The problem is that the expansion happens outside DPL and DPL does not know that there once has been a call of such a macro when it parses its parameter content. Are you talking about the place where "linksto", "linksfrom", "titlematch" etc. conditions are being converted to SQL statements (~ line 1900, ~2300)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --Gero 07:49, 16 February 2010 (UTC)

Retrieved from "http://followthescore.org/dpldemo/index.php?title=Issue:Magic_word_in_titlematch_is_not_escaped&oldid=14476"