[MediaWiki-commits] [Gerrit] mediawiki...FileAnnotations[master]: Minor code conventions and code quality changes all over
jenkins-bot has submitted this change and it was merged.
Change subject: Minor code conventions and code quality changes all over
..
Minor code conventions and code quality changes all over
I read through most of the code today in a big code review.
This changes things that were easier to fix than to file bugs about,
or things I wouldn't bother complaining about because they're trivial.
ApiFileAnnotations.php:
* Use htmlspecialchars() everywhere, except where we explicitly
need to allow HTML syntax.
* More robustly check for the single-link-in-single-paragraph case.
Example inputs that would break old logic: "" (PHP warning),
"" (PHP warning), "http://example.com/ Some text" ("Some text" ignored).
extension.json:
* Change hook functions to just be named "on".
* Remove unused "ExtensionFunctions" and "callback", they do nothing.
* Rename ResourceLoader module to "ext.fileannotations".
FileAnnotations.hooks.php:
* Match changes in extension.json.
* Avoid implicit $wgTitle usage from "new Message()" by using
the msg() function from context.
FileAnnotationsContent:
* Whitespace changes per code conventions.
* Avoid implicit $wgTitle usage from "new Message()" by
specifying the title.
* Show informational message in user language with correct parser
cache handling.
fileannotations.less:
* Minor code conventions changes.
fileannotations.js:
* Avoid magic namespace numbers.
* Pass titles to the API in canonical text form, to avoid 'normalized'
warnings in output.
Change-Id: Ib0d1060a3d4bd6b295322deec6d8fa261b65fa7b
---
M ApiFileAnnotations.php
M FileAnnotations.hooks.php
M extension.json
M includes/FileAnnotationsContent.php
M resources/src/fileannotations.js
M resources/src/fileannotations.less
6 files changed, 51 insertions(+), 55 deletions(-)
Approvals:
MarkTraceur: Looks good to me, approved
Jforrester: Looks good to me, but someone else must approve
jenkins-bot: Verified
diff --git a/ApiFileAnnotations.php b/ApiFileAnnotations.php
index ad4b379..fe090a5 100644
--- a/ApiFileAnnotations.php
+++ b/ApiFileAnnotations.php
@@ -132,15 +132,15 @@
$src = $info['thumburl'];
$imagesHtml .=
- '' .
- '' .
+ '' .
+ '' .
'';
}
$imagesHtml .= '';
$seeMoreHtml = $pages
- ? ''
+ ? ''
: '';
$html =
@@ -204,14 +204,15 @@
$page = $pages[0];
$html =
'' .
+ // The API result here should
be safe HTML
$page['extract'] .
'' .
'' .
'' .
'';
@@ -292,26 +293,26 @@
if ( isset( $labels[$currentLang] ) ) {
$label =
'' .
-
$labels[$currentLang]['value'] .
+ htmlspecialchars(
$labels[$currentLang]['value'] ) .
'';
} elseif ( isset( $labels['en'] ) ) {
// Blatantly strange fallback, but we
don't want to have
// no label...hopefully this works for
99% of things.
$label =
'' .
- $labels['en']['value'] .
+ htmlspecialchars(
$labels['en']['value'] ) .
'';
}
if ( isset( $descriptions[$currentLang] ) ) {
$description =
'' .
-
$descriptions[$currentLang]['value'] .
+ htmlspecialchars(
$descriptions[$currentLang]['value'] ) .
'';
[MediaWiki-commits] [Gerrit] mediawiki...FileAnnotations[master]: Minor code conventions and code quality changes all over
Bartosz DziewoĆski has uploaded a new change for review.
https://gerrit.wikimedia.org/r/310074
Change subject: Minor code conventions and code quality changes all over
..
Minor code conventions and code quality changes all over
I read through most of the code today in a big code review.
This changes things that were easier to fix than to file bugs about,
or things I wouldn't bother complaining about because they're trivial.
ApiFileAnnotations.php:
* Use htmlspecialchars() everywhere, except where we explicitly
need to allow HTML syntax.
* More robustly check for the single-link-in-single-paragraph case.
Example inputs that would break old logic: "" (PHP warning),
"" (PHP warning), "http://example.com/ Some text" ("Some text" ignored).
extension.json:
* Change hook functions to just be named "on".
* Remove unused "ExtensionFunctions" and "callback", they do nothing.
* Rename ResourceLoader module to "ext.fileannotations".
FileAnnotations.hooks.php:
* Match changes in extension.json.
* Avoid implicit $wgTitle usage from "new Message()" by using
the msg() function from context.
FileAnnotationsContent:
* Whitespace changes per code conventions.
* Avoid implicit $wgTitle usage from "new Message()" by
specifying the title.
* Show informational message in user language with correct parser
cache handling.
fileannotations.less:
* Minor code conventions changes.
fileannotations.js:
* Avoid magic namespace numbers.
* Pass titles to the API in canonical text form, to avoid 'normalized'
warnings in output.
Change-Id: Ib0d1060a3d4bd6b295322deec6d8fa261b65fa7b
---
M ApiFileAnnotations.php
M FileAnnotations.hooks.php
M extension.json
M includes/FileAnnotationsContent.php
M resources/src/fileannotations.js
M resources/src/fileannotations.less
6 files changed, 51 insertions(+), 55 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/FileAnnotations
refs/changes/74/310074/1
diff --git a/ApiFileAnnotations.php b/ApiFileAnnotations.php
index 73dafbd..fdcbba4 100644
--- a/ApiFileAnnotations.php
+++ b/ApiFileAnnotations.php
@@ -131,8 +131,8 @@
$src = $info['thumburl'];
$imagesHtml .=
- '' .
- '' .
+ '' .
+ '' .
'';
}
@@ -140,7 +140,7 @@
// @FIXME: i18n!
$seeMoreHtml = $pages
- ? '' . 'See
more images' . ''
+ ? '' . 'See more images' . ''
: '';
$html =
@@ -204,14 +204,15 @@
// There's only one page, so just do it here
$html =
'' .
+ // The API result here should
be safe HTML
$page['extract'] .
'' .
'' .
'' .
'';
@@ -291,26 +292,26 @@
if ( isset( $labels[$currentLang] ) ) {
$label =
'' .
-
$labels[$currentLang]['value'] .
+ htmlspecialchars(
$labels[$currentLang]['value'] ) .
'';
} elseif ( isset( $labels['en'] ) ) {
// Blatantly strange fallback, but we
don't want to have
// no label...hopefully this works for
99% of things.
$label =
'' .
- $labels['en']['value'] .
+ htmlspecialchars(
$labels['en']['value'] ) .
'';
}
if ( isset( $descriptions[$currentLang] ) ) {
$description =
'' .
-
$descriptions[$currentLang]['value'] .
+ htmlspecialchars(
