Issue:Magic word in titlematch is not escaped

From FollowTheScore
Revision as of 08:52, 16 February 2010 by Gero (talk | contribs)
Jump to: navigation, search
Description:
Extension / Version: DPL   /   1.9.0
Type / Status: Bug   /   open

Problem

Observe: User:Nx/sand'box

The first query is correctly escaped, the second one, which uses {{PAGENAME}} is not. -- Nx / talk 12:14, 14 February 2010 (UTC)

Ok, upon further investigation, this isn't really a dpl bug. {{PAGENAME}} et al. return an escaped title: Nx/sand'box -- Nx / talk 13:18, 14 February 2010 (UTC)


And the solution is to run Sanitizer:decodeCharReferences (this is what the Title:newFromText does too), e.g. in the foreach cycle:

$link = Sanitizer::decodeCharReferences($link);

-- Nx / talk 13:37, 14 February 2010 (UTC)

Reply

Macros like PAGENAME can be used anywhere within a DPL query - not ony in 'titlematch'. The problem is that the expansion happens outside DPL and DPL does not know that there once has been a call of such a macro when it parses its parameter content. Are you talking about the place where "linksto", "linksfrom", "titlematch" etc. conditions are being converted to SQL statements (~ line 1900, ~2300)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --Gero 07:49, 16 February 2010 (UTC)