jenkins-bot has submitted this change and it was merged. Change subject: Do not encode "'" as %27 (redirect loop in Opera 12) ......................................................................
Do not encode "'" as %27 (redirect loop in Opera 12) Similar to 7b4df0e12e36332fc2b303d7dac2295f8d36c888, but for apostrophe instead of tilde and for Opera instead of Chrome. Bug: T106793 Change-Id: Ic54390434cebcc76a6c8ab49acc164d36e0cdff6 --- M includes/GlobalFunctions.php M includes/Linker.php M resources/src/mediawiki/mediawiki.util.js M tests/parser/parserTests.txt M tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php M tests/phpunit/includes/LinkerTest.php M tests/qunit/suites/resources/mediawiki/mediawiki.jqueryMsg.test.js M tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js 8 files changed, 31 insertions(+), 30 deletions(-) Approvals: Krinkle: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index b853d07..68e1635 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -404,14 +404,15 @@ * RFC 1738 says ~ is unsafe, however RFC 3986 considers it an unreserved * character which should not be encoded. More importantly, google chrome * always converts %7E back to ~, and converting it in this function can - * cause a redirect loop (T105265). + * cause a redirect loop (T105265). Similarly, encoding ' causes a + * redirect loop on Opera 12 (T106793). * * But + is not safe because it's used to indicate a space; &= are only safe in - * paths and not in queries (and we don't distinguish here); ' seems kind of - * scary; and urlencode() doesn't touch -_. to begin with. Plus, although / + * paths and not in queries (and we don't distinguish here); + * and urlencode() doesn't touch -_. to begin with. Plus, although / * is reserved, we don't care. So the list we unescape is: * - * ;:@$!*(),/~ + * ;:@$!*'(),/~ * * However, IIS7 redirects fail when the url contains a colon (Bug 22709), * so no fancy : for IIS7. @@ -430,7 +431,7 @@ } if ( is_null( $needle ) ) { - $needle = array( '%3B', '%40', '%24', '%21', '%2A', '%28', '%29', '%2C', '%2F', '%7E' ); + $needle = array( '%3B', '%40', '%24', '%21', '%2A', '%27', '%28', '%29', '%2C', '%2F', '%7E' ); if ( !isset( $_SERVER['SERVER_SOFTWARE'] ) || ( strpos( $_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS/7' ) === false ) ) { @@ -441,7 +442,7 @@ $s = urlencode( $s ); $s = str_ireplace( $needle, - array( ';', '@', '$', '!', '*', '(', ')', ',', '/', '~', ':' ), + array( ';', '@', '$', '!', '*', '\'', '(', ')', ',', '/', '~', ':' ), $s ); diff --git a/includes/Linker.php b/includes/Linker.php index d6a4056..4d3f3ce 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -939,7 +939,10 @@ $href = self::getUploadUrl( $title, $query ); - return '<a href="' . htmlspecialchars( $href ) . '" class="new" title="' . + // @todo FIXME: If we don't to escape apostrophes (single quotes) here (using ENT_QUOTES), + // then double apostrophes will be parsed as italics somewhere later in the parser, + // and break everything horribly + return '<a href="' . htmlspecialchars( $href, ENT_QUOTES ) . '" class="new" title="' . htmlspecialchars( $title->getPrefixedText(), ENT_QUOTES ) . '">' . $encLabel . '</a>'; } diff --git a/resources/src/mediawiki/mediawiki.util.js b/resources/src/mediawiki/mediawiki.util.js index 2a3542c..1d11d8c 100644 --- a/resources/src/mediawiki/mediawiki.util.js +++ b/resources/src/mediawiki/mediawiki.util.js @@ -78,6 +78,7 @@ .replace( /%24/g, '$' ) .replace( /%21/g, '!' ) .replace( /%2A/g, '*' ) + .replace( /%27/g, '\'' ) .replace( /%28/g, '(' ) .replace( /%29/g, ')' ) .replace( /%2C/g, ',' ) diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index aa8c9c8..9cada85 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -5711,7 +5711,7 @@ ### ### Tables ### -### some content taken from http://meta.wikimedia.org/wiki/MediaWiki_User%27s_Guide:_Using_tables +### some content taken from http://meta.wikimedia.org/wiki/MediaWiki_User's_Guide:_Using_tables ### # This should not produce <table></table> as <table><tr><td></td></tr></table> @@ -7368,7 +7368,7 @@ !! wikitext [[Lista d''e paise d''o munno]] !! html/php -<p><a href="/index.php?title=Lista_d%27%27e_paise_d%27%27o_munno&action=edit&redlink=1" class="new" title="Lista d''e paise d''o munno (page does not exist)">Lista d''e paise d''o munno</a> +<p><a href="/index.php?title=Lista_d''e_paise_d''o_munno&action=edit&redlink=1" class="new" title="Lista d''e paise d''o munno (page does not exist)">Lista d''e paise d''o munno</a> </p> !! html/parsoid <p><a rel="mw:WikiLink" href="./Lista_d''e_paise_d''o_munno" title="Lista d''e paise d''o munno">Lista d''e paise d''o munno</a></p> @@ -7405,10 +7405,10 @@ [[''Pentecoste''|''Pentecoste'']] !! html/php -<p><a href="/index.php?title=Special:Upload&wpDestFile=Denys_Savchenko_%27%27Pentecoste%27%27.jpg" class="new" title="File:Denys Savchenko ''Pentecoste''.jpg">File:Denys Savchenko <i>Pentecoste</i>.jpg</a> -</p><p><a href="/index.php?title=%27%27Pentecoste%27%27&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)">''Pentecoste''</a> -</p><p><a href="/index.php?title=%27%27Pentecoste%27%27&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)">Pentecoste</a> -</p><p><a href="/index.php?title=%27%27Pentecoste%27%27&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)"><i>Pentecoste</i></a> +<p><a href="/index.php?title=Special:Upload&wpDestFile=Denys_Savchenko_''Pentecoste''.jpg" class="new" title="File:Denys Savchenko ''Pentecoste''.jpg">File:Denys Savchenko <i>Pentecoste</i>.jpg</a> +</p><p><a href="/index.php?title=''Pentecoste''&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)">''Pentecoste''</a> +</p><p><a href="/index.php?title=''Pentecoste''&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)">Pentecoste</a> +</p><p><a href="/index.php?title=''Pentecoste''&action=edit&redlink=1" class="new" title="''Pentecoste'' (page does not exist)"><i>Pentecoste</i></a> </p> !! html/parsoid <p><span class="mw-default-size" typeof="mw:Error mw:Image" data-mw='{"errors":[{"key":"missing-image","message":"This image does not exist."}]}'><a href="./File:Denys_Savchenko_''Pentecoste''.jpg"><img resource="./File:Denys_Savchenko_''Pentecoste''.jpg" src="./Special:FilePath/Denys_Savchenko_''Pentecoste''.jpg" height="220" width="220"/></a></span></p> @@ -14033,7 +14033,7 @@ !! wikitext [[:Category:MediaWiki User's Guide]] !! html -<p><a href="/wiki/Category:MediaWiki_User%27s_Guide" title="Category:MediaWiki User's Guide">Category:MediaWiki User's Guide</a> +<p><a href="/wiki/Category:MediaWiki_User's_Guide" title="Category:MediaWiki User's Guide">Category:MediaWiki User's Guide</a> </p> !! end @@ -14044,7 +14044,7 @@ !! wikitext [[Category:MediaWiki User's Guide]] !! html -<a href="/wiki/Category:MediaWiki_User%27s_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> +<a href="/wiki/Category:MediaWiki_User's_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> !! end !! test @@ -14063,7 +14063,7 @@ !! wikitext [[Category:MediaWiki User's Guide|Foo]] !! html -<a href="/wiki/Category:MediaWiki_User%27s_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> +<a href="/wiki/Category:MediaWiki_User's_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> !! end !! test @@ -14073,7 +14073,7 @@ !! wikitext [[Category:MediaWiki User's Guide|MediaWiki User's Guide]] !! html -<a href="/wiki/Category:MediaWiki_User%27s_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> +<a href="/wiki/Category:MediaWiki_User's_Guide" title="Category:MediaWiki User's Guide">MediaWiki User's Guide</a> !! end !! test @@ -19025,7 +19025,7 @@ !! wikitext [[Category:МедиаWики Усер'с Гуиде]] !! html -<a href="/wiki/%D0%9A%D0%B0%D1%82%D0%B5%D0%B3%D0%BE%D1%80%D0%B8%D1%98%D0%B0:MediaWiki_User%27s_Guide" title="Категорија:MediaWiki User's Guide">MediaWiki User's Guide</a> +<a href="/wiki/%D0%9A%D0%B0%D1%82%D0%B5%D0%B3%D0%BE%D1%80%D0%B8%D1%98%D0%B0:MediaWiki_User's_Guide" title="Категорија:MediaWiki User's Guide">MediaWiki User's Guide</a> !! end @@ -20981,7 +20981,7 @@ !! html <ul class="gallery mw-gallery-traditional"> <li class="gallerybox" style="width: 155px"><div style="width: 155px"> - <div class="thumb" style="width: 150px;"><div style="margin:68px auto;"><a href="/wiki/%22_onclick%3D%22alert(%27malicious_javascript_code!%27);"><img alt="galleryalt" src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg" width="120" height="14" srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x, http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x" /></a></div></div> + <div class="thumb" style="width: 150px;"><div style="margin:68px auto;"><a href="/wiki/%22_onclick%3D%22alert('malicious_javascript_code!');"><img alt="galleryalt" src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg" width="120" height="14" srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x, http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x" /></a></div></div> <div class="gallerytext"> <p>caption </p> diff --git a/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php b/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php index d4df7b0..07dcabc 100644 --- a/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php +++ b/tests/phpunit/includes/GlobalFunctions/wfUrlencodeTest.php @@ -105,8 +105,8 @@ // remaining chars do not need encoding array( - ';@$-_.!*', - ';@$-_.!*', + ';@$-_.!*\'', + ';@$-_.!*\'', ), ### Other tests @@ -118,9 +118,6 @@ // Other 'funnies' chars array( '[]', '%5B%5D' ), array( '<>', '%3C%3E' ), - - // Apostrophe is encoded - array( '\'', '%27' ), ); } } diff --git a/tests/phpunit/includes/LinkerTest.php b/tests/phpunit/includes/LinkerTest.php index 823c933..1122ddd 100644 --- a/tests/phpunit/includes/LinkerTest.php +++ b/tests/phpunit/includes/LinkerTest.php @@ -232,7 +232,7 @@ null, ), array( - '<a class="external" rel="nofollow" href="//en.example.org/w/Foo%27bar">Foo\'bar</a>', + '<a class="external" rel="nofollow" href="//en.example.org/w/Foo\'bar">Foo\'bar</a>', "[[Foo'bar]]", 'enwiki', ), diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.jqueryMsg.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.jqueryMsg.test.js index a105022..0cd8ac0 100644 --- a/tests/qunit/suites/resources/mediawiki/mediawiki.jqueryMsg.test.js +++ b/tests/qunit/suites/resources/mediawiki/mediawiki.jqueryMsg.test.js @@ -388,7 +388,7 @@ 'Bar in anchor' ); - expectedSpecialCharacters = '<a title=""Who" wants to be a millionaire & live on 'Exotic Island'?" href="/wiki/%22Who%22_wants_to_be_a_millionaire_%26_live_on_%27Exotic_Island%27%3F">"Who" wants to be a millionaire & live on 'Exotic Island'?</a>'; + expectedSpecialCharacters = '<a title=""Who" wants to be a millionaire & live on 'Exotic Island'?" href="/wiki/%22Who%22_wants_to_be_a_millionaire_%26_live_on_'Exotic_Island'%3F">"Who" wants to be a millionaire & live on 'Exotic Island'?</a>'; mw.messages.set( 'special-characters', '[[' + specialCharactersPageName + ']]' ); assert.htmlEqual( diff --git a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js index 450f0f5..d70d1d0 100644 --- a/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js +++ b/tests/qunit/suites/resources/mediawiki/mediawiki.util.test.js @@ -92,7 +92,7 @@ assert.equal( mw.util.rawurlencode( 'Test:A & B/Here' ), 'Test%3AA%20%26%20B%2FHere' ); } ); - QUnit.test( 'wikiUrlencode', 11, function ( assert ) { + QUnit.test( 'wikiUrlencode', 10, function ( assert ) { assert.equal( mw.util.wikiUrlencode( 'Test:A & B/Here' ), 'Test:A_%26_B/Here' ); // See also wfUrlencodeTest.php#provideURLS $.each( { @@ -100,12 +100,11 @@ '&': '%26', '=': '%3D', ':': ':', - ';@$-_.!*': ';@$-_.!*', + ';@$-_.!*\'': ';@$-_.!*\'', '/': '/', '~': '~', '[]': '%5B%5D', - '<>': '%3C%3E', - '\'': '%27' + '<>': '%3C%3E' }, function ( input, output ) { assert.equal( mw.util.wikiUrlencode( input ), output ); } ); -- To view, visit https://gerrit.wikimedia.org/r/232758 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ic54390434cebcc76a6c8ab49acc164d36e0cdff6 Gerrit-PatchSet: 6 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Bartosz Dziewoński <matma....@gmail.com> Gerrit-Reviewer: Aaron Schulz <asch...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Bartosz Dziewoński <matma....@gmail.com> Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com> Gerrit-Reviewer: Cscott <canan...@wikimedia.org> Gerrit-Reviewer: Daniel Friesen <dan...@nadir-seen-fire.com> Gerrit-Reviewer: Edokter <er...@darcoury.nl> Gerrit-Reviewer: Jack Phoenix <j...@countervandalism.net> Gerrit-Reviewer: Krinkle <krinklem...@gmail.com> Gerrit-Reviewer: Subramanya Sastry <ssas...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits