jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/76341 )
Change subject: Protect -{...}- variant constructs in galleries
......................................................................
Protect -{...}- variant constructs in galleries
This also protects naked external links, which are internally surrounded by
`-{R|...}-` by LanguageConverter::markNoConversion.
Originally found in failed tests in I7fa2d85d6.
Bug: T54190
Change-Id: I9b099273203482ffb570a5654d8ba50c833e526d
---
M includes/parser/Parser.php
M tests/parser/parserTests.txt
2 files changed, 133 insertions(+), 1 deletion(-)
Approvals:
Tim Starling: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 8f9830c..5b2dadd 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -5018,7 +5018,10 @@
// FIXME: Doing recursiveTagParse at this
stage, and the trim before
// splitting on '|' is a bit odd, and different
from makeImage.
$matches[3] = $this->recursiveTagParse( trim(
$matches[3] ) );
- $parameterMatches = StringUtils::explode( '|',
$matches[3] );
+ // Protect LanguageConverter markup
+ $parameterMatches =
StringUtils::delimiterExplode(
+ '-{', '}-', '|', $matches[3], true /*
nested */
+ );
foreach ( $parameterMatches as $parameterMatch
) {
list( $magicName, $match ) =
$mwArray->matchVariableStartToEnd( $parameterMatch );
@@ -5035,6 +5038,11 @@
$addr =
self::EXT_LINK_ADDR;
$prots =
$this->mUrlProtocols;
// check to see if link
matches an absolute url, if not then it must be a wiki link.
+ if ( preg_match(
'/^-{R|(.*)}-$/', $linkValue ) ) {
+ // Result of
LanguageConverter::markNoConversion
+ // invoked on
an external link.
+ $linkValue =
substr( $linkValue, 4, -2 );
+ }
if ( preg_match(
"/^($prots)$addr$chars*$/u", $linkValue ) ) {
$link =
$linkValue;
} else {
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index edcc2c4..b34a03f 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -20643,6 +20643,35 @@
<figure class="mw-default-size" typeof="mw:Image/Thumb"><a
href="File:Foobar.jpg"><img resource="./File:Foobar.jpg"
src="//example.com/images/thumb/3/3a/Foobar.jpg/220px-Foobar.jpg"
data-file-width="1941" data-file-height="220" data-file-type="bitmap"
height="25" width="220"/></a><figcaption><span typeof="mw:LanguageVariant"
data-mw='{"bidir":[{"l":"zh-cn","t":"blog (hk: <span
typeof=\"mw:LanguageVariant\"
data-parsoid='{\"fl\":[\"zh-hans\"],\"dsr\":[42,64,null,2]}'
data-mw='{\"filter\":[\"zh-hans\"],\"text\":\"WEBJOURNAL\"}'></span>,
tw: <span typeof=\"mw:LanguageVariant\"
data-parsoid='{\"fl\":[\"zh-hans\"],\"dsr\":[70,88,null,2]}'
data-mw='{\"filter\":[\"zh-hans\"],\"text\":\"WEBLOG\"}'></span>)"}],"show":true}'></span></figcaption></figure>
!! end
+!! test
+Don't break gallery if language converter markup is inside.
+!! options
+language=zh
+!! wikitext
+<gallery>
+File:foobar.jpg|[[File:foobar.jpg|20px|desc|alt=-{R|foo}-|-{R|bar}-]]|alt=-{R|bat}-
+File:foobar.jpg|{{Test|unamedParam|alt=-{R|param}-}}|alt=galleryalt
+</gallery>
+!! html
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="/wiki/File:Foobar.jpg" class="image"><img
alt="bat"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p><a href="/wiki/File:Foobar.jpg" class="image" title="bar"><img alt="foo"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/20px-Foobar.jpg";
width="20" height="2"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/30px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/40px-Foobar.jpg 2x" /></a>
+</p>
+ </div>
+ </div></li>
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="/wiki/File:Foobar.jpg" class="image"><img
alt="galleryalt"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p>This is a test template
+</p>
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
# FIXME: This test is currently broken in the PHP parser (bug 52661)
!! test
Don't break list handling if language converter markup is in the item.
@@ -22240,7 +22269,102 @@
!! end
+!!test
+Gallery override link with WikiLink (bug 34852)
+!! wikitext
+<gallery>
+File:foobar.jpg|caption|alt=galleryalt|link=InterWikiLink
+</gallery>
+!! html
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="/wiki/InterWikiLink"><img alt="galleryalt"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p>caption
+</p>
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
+!!test
+Gallery override link with absolute external link (bug 34852)
+!! wikitext
+<gallery>
+File:foobar.jpg|caption|alt=galleryalt|link=http://www.example.org
+</gallery>
+!! html
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="http://www.example.org";><img
alt="galleryalt"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p>caption
+</p>
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
!! test
+Gallery override link with absolute external link with LanguageConverter
+!! options
+language=zh
+!! input
+<gallery>
+File:foobar.jpg|caption|alt=galleryalt|link=http://www.example.org
+</gallery>
+!! result
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="http://www.example.org";><img
alt="galleryalt"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p>caption
+</p>
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
+!!test
+Gallery override link with malicious javascript (bug 34852)
+!! wikitext
+<gallery>
+File:foobar.jpg|caption|alt=galleryalt|link=" onclick="alert('malicious
javascript code!');
+</gallery>
+!! html
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a
href="/wiki/%22_onclick%3D%22alert(%27malicious_javascript_code!%27);"><img
alt="galleryalt"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+<p>caption
+</p>
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
+!!test
+Gallery with invalid title as link (bug 43964)
+!! wikitext
+<gallery>
+File:foobar.jpg|link=<
+</gallery>
+!! html
+<ul class="gallery mw-gallery-traditional">
+ <li class="gallerybox" style="width: 155px"><div style="width:
155px">
+ <div class="thumb" style="width: 150px;"><div
style="margin:68px auto;"><a href="/wiki/File:Foobar.jpg" class="image"><img
alt="Foobar.jpg"
src="http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg";
width="120" height="14"
srcset="http://example.com/images/thumb/3/3a/Foobar.jpg/180px-Foobar.jpg 1.5x,
http://example.com/images/thumb/3/3a/Foobar.jpg/240px-Foobar.jpg 2x"
/></a></div></div>
+ <div class="gallerytext">
+ </div>
+ </div></li>
+</ul>
+
+!! end
+
+!!test
Language parser function
!! wikitext
{{#language:ar}}
--
To view, visit https://gerrit.wikimedia.org/r/76341
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9b099273203482ffb570a5654d8ba50c833e526d
Gerrit-PatchSet: 20
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Liangent <[email protected]>
Gerrit-Reviewer: Aklapper <[email protected]>
Gerrit-Reviewer: Bartosz DziewoĆski <[email protected]>
Gerrit-Reviewer: Brian Wolff <[email protected]>
Gerrit-Reviewer: C. Scott Ananian <[email protected]>
Gerrit-Reviewer: Daniel Kinzler <[email protected]>
Gerrit-Reviewer: Jackmcbarn <[email protected]>
Gerrit-Reviewer: Jdlrobson <[email protected]>
Gerrit-Reviewer: Liangent <[email protected]>
Gerrit-Reviewer: Smalyshev <[email protected]>
Gerrit-Reviewer: Subramanya Sastry <[email protected]>
Gerrit-Reviewer: Tim Starling <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
![http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg"](http://example.com/images/thumb/3/3a/Foobar.jpg/120px-Foobar.jpg"){kind=link}
![http://example.com/images/thumb/3/3a/Foobar.jpg/20px-Foobar.jpg"](http://example.com/images/thumb/3/3a/Foobar.jpg/20px-Foobar.jpg"){kind=link}
