Issue:Magic word in titlematch is not escaped

From FollowTheScore
Revision as of 09:49, 16 February 2010 by Gero (talk | contribs)
Jump to: navigation, search
Description:
Extension / Version: DPL   /   1.9.0
Type / Status: Bug   /   open

Problem

Observe: User:Nx/sand'box

The first query is correctly escaped, the second one, which uses {{PAGENAME}} is not. -- Nx / talk 12:14, 14 February 2010 (UTC)

Ok, upon further investigation, this isn't really a dpl bug. {{PAGENAME}} et al. return an escaped title: Nx/sand'box -- Nx / talk 13:18, 14 February 2010 (UTC)


And the solution is to run Sanitizer:decodeCharReferences (this is what the Title:newFromText does too), e.g. in the foreach cycle: 

$link = Sanitizer::decodeCharReferences($link);

-- Nx / talk 13:37, 14 February 2010 (UTC)

Reply

Are you talking about the place where "linksto", "linksfrom" etc. conditions are being converted to SQL statements (~ line 1900)? A more general approach would be to run the sanitizer before all parameters are being analysed, i.e. at the top of the parameter parsing loop ( ~ line 360 ..). But I am not sure if this would create unwanted side effects. --Gero 07:49, 16 February 2010 (UTC)

Retrieved from "http://followthescore.org/dpldemo/index.php?title=Issue:Magic_word_in_titlematch_is_not_escaped&oldid=14475"