On Mon, 28 Nov 2005 12:40:56 -0800, Brion Vibber wrote:
Netocrat wrote:
[incorrectly patching Title.php/getLocalURL() and getFullURL() to encode ampersands]
This patch is incorrect, and will cause broken URLs to be output throughout the wiki.
Too hasty - I didn't notice that there were already escaped versions of these functions and that unescaped versions were necessary.
Instead, you should locate the individual *output* of the bad URL that you found and patch *that* to properly HTML-encode its output.
I based part of the extension on code from BoardVote.php, which doesn't use the escaped url function to generate the action of a form. So the patch is not very significant anyhow but this is what it should have been:
Index: BoardVote.php =================================================================== RCS file: /cvsroot/wikipedia/extensions/BoardVote/BoardVote.php,v retrieving revision 1.4 diff -u -r1.4 BoardVote.php --- BoardVote.php 13 Sep 2005 14:12:09 -0000 1.4 +++ BoardVote.php 29 Nov 2005 05:05:56 -0000 @@ -155,7 +155,7 @@ global $wgBoardCandidates, $wgOut; $thisTitle = Title::makeTitle( NS_SPECIAL, "Boardvote" ); - $action = $thisTitle->getLocalURL( "action=vote" ); + $action = $thisTitle->escapeLocalURL( "action=vote" ); if ( $this->mHasVoted ) { $intro = wfMsg( "boardvote_intro_change" ); } else {