Issue:Magic word in titlematch is not escaped
From FollowTheScore
Description: | |
Extension / Version: | DPL / 1.9.0 |
Type / Status: | Bug / open |
Problem
Observe: User:Nx/sand'box
The first query is correctly escaped, the second one, which uses {{PAGENAME}} is not. -- Nx / talk 12:14, 14 February 2010 (UTC)
- Ok, upon further investigation, this isn't really a dpl bug. {{PAGENAME}} et al. return an escaped title: Nx/sand'box -- Nx / talk 13:18, 14 February 2010 (UTC)
And the solution is to run Sanitizer:decodeCharReferences (this is what the Title:newFromText does too), e.g. in the foreach cycle:
$link = Sanitizer::decodeCharReferences($link);
-- Nx / talk 13:37, 14 February 2010 (UTC)
Reply
Are you talking about the place where "linksto", "linksfrom" etc. conditions are being converted to SQL statements (~ line 1900)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --Gero 07:49, 16 February 2010 (UTC)