Go to the documentation of this file.
37 '/&([A-Za-z0-9\x80-\xff]+);
39 |&\#[xX]([0-9A-Fa-f]+);
333 if ( self::$attribsRegex ===
null ) {
334 $attribFirst =
'[:A-Z_a-z0-9]';
335 $attrib =
'[:A-Z_a-z-.0-9]';
336 $space =
'[\x09\x0a\x0d\x20]';
337 self::$attribsRegex =
338 "/(?:^|$space)({$attribFirst}{$attrib}*)
341 # The attribute value: quoted or alone
344 | ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
345 | (\#[0-9a-fA-F]+) # Technically wrong, but lots of
346 # colors are specified like this.
347 # We'll be normalizing it.
369 global $wgUseTidy, $wgAllowMicrodataAttributes, $wgAllowImageTag;
371 static $htmlpairsStatic, $htmlsingle, $htmlsingleonly, $htmlnest, $tabletags,
372 $htmllist, $listtags, $htmlsingleallowed, $htmlelementsStatic, $staticInitialised;
378 $globalContext = implode(
'-', compact(
'wgAllowMicrodataAttributes',
'wgAllowImageTag' ) );
379 if ( !$staticInitialised || $staticInitialised != $globalContext ) {
381 $htmlpairsStatic =
array( # Tags
that must be closed
382 'b',
'bdi',
'del',
'i',
'ins',
'u',
'font',
'big',
'small',
'sub',
'sup',
'h1',
383 'h2',
'h3',
'h4',
'h5',
'h6',
'cite',
'code',
'em',
's',
384 'strike',
'strong',
'tt',
'var',
'div',
'center',
385 'blockquote',
'ol',
'ul',
'dl',
'table',
'caption',
'pre',
386 'ruby',
'rt',
'rb',
'rp',
'p',
'span',
'abbr',
'dfn',
387 'kbd',
'samp',
'data',
'time',
'mark'
390 'br',
'wbr',
'hr',
'li',
'dt',
'dd'
392 $htmlsingleonly =
array( # Elements
that cannot have close
tags
395 if ( $wgAllowMicrodataAttributes ) {
396 $htmlsingle[] = $htmlsingleonly[] =
'meta';
397 $htmlsingle[] = $htmlsingleonly[] =
'link';
399 $htmlnest =
array( # Tags
that can be nested--??
400 'table',
'tr',
'td',
'th',
'div',
'blockquote',
'ol',
'ul',
401 'li',
'dl',
'dt',
'dd',
'font',
'big',
'small',
'sub',
'sup',
'span',
402 'var',
'kbd',
'samp',
'em',
'strong',
'q',
'ruby',
'bdo'
414 if ( $wgAllowImageTag ) {
415 $htmlsingle[] =
'img';
416 $htmlsingleonly[] =
'img';
419 $htmlsingleallowed = array_unique( array_merge( $htmlsingle, $tabletags ) );
420 $htmlelementsStatic = array_unique( array_merge( $htmlsingle, $htmlpairsStatic, $htmlnest ) );
422 # Convert them all to hashtables for faster lookup
423 $vars =
array(
'htmlpairsStatic',
'htmlsingle',
'htmlsingleonly',
'htmlnest',
'tabletags',
424 'htmllist',
'listtags',
'htmlsingleallowed',
'htmlelementsStatic' );
426 $$var = array_flip( $$var );
428 $staticInitialised = $globalContext;
430 # Populate $htmlpairs and $htmlelements with the $extratags and $removetags arrays
431 $extratags = array_flip( $extratags );
432 $removetags = array_flip( $removetags );
433 $htmlpairs = array_merge( $extratags, $htmlpairsStatic );
434 $htmlelements = array_diff_key( array_merge( $extratags, $htmlelementsStatic ), $removetags );
436 # Remove HTML comments
438 $bits = explode(
'<', $text );
439 $text = str_replace(
'>',
'>', array_shift( $bits ) );
441 $tagstack = $tablestack =
array();
442 foreach ( $bits
as $x ) {
444 # $slash: Does the current element start with a '/'?
445 # $t: Current element name
446 # $params: String between element name and >
447 # $brace: Ending '>' or '/>'
448 # $rest: Everything until the next element of $bits
449 if ( preg_match(
'!^(/?)([^\\s/>]+)([^>]*?)(/{0,1}>)([^<]*)$!', $x, $regs ) ) {
452 $slash =
$t =
$params = $brace = $rest =
null;
456 if ( isset( $htmlelements[
$t = strtolower(
$t )] ) ) {
458 if ( $slash && isset( $htmlsingleonly[
$t] ) ) {
460 } elseif ( $slash ) {
461 # Closing a tag... is it the one we just opened?
462 $ot = @array_pop( $tagstack );
464 if ( isset( $htmlsingleallowed[$ot] ) ) {
465 # Pop all elements with an optional close tag
466 # and see if we find a match below them
468 array_push( $optstack, $ot );
470 $ot = array_pop( $tagstack );
472 while ( $ot !=
$t && isset( $htmlsingleallowed[$ot] ) ) {
473 array_push( $optstack, $ot );
475 $ot = array_pop( $tagstack );
479 # No match. Push the optional elements back again
482 $ot = array_pop( $optstack );
485 array_push( $tagstack, $ot );
487 $ot = array_pop( $optstack );
492 @array_push( $tagstack, $ot );
493 # <li> can be nested in <ul> or <ol>, skip those cases:
494 if ( !isset( $htmllist[$ot] ) || !isset( $listtags[
$t] ) ) {
499 if (
$t ==
'table' ) {
500 $tagstack = array_pop( $tablestack );
505 # Keep track for later
506 if ( isset( $tabletags[
$t] ) &&
507 !in_array(
'table', $tagstack ) ) {
509 } elseif ( in_array(
$t, $tagstack ) &&
510 !isset( $htmlnest[
$t] ) ) {
512 # Is it a self closed htmlpair ? (bug 5487)
513 } elseif ( $brace ==
'/>' &&
514 isset( $htmlpairs[
$t] ) ) {
516 } elseif ( isset( $htmlsingleonly[
$t] ) ) {
517 # Hack to force empty tag for unclosable elements
519 } elseif ( isset( $htmlsingle[
$t] ) ) {
520 # Hack to not close $htmlsingle tags
522 # Still need to push this optionally-closed tag to
523 # the tag stack so that we can match end tags
524 # instead of marking them as bad.
525 array_push( $tagstack,
$t );
526 } elseif ( isset( $tabletags[
$t] )
527 && in_array(
$t, $tagstack ) ) {
531 if (
$t ==
'table' ) {
532 array_push( $tablestack, $tagstack );
535 array_push( $tagstack,
$t );
538 # Replace any variables or template parameters with
540 if ( is_callable( $processCallback ) ) {
548 # Strip non-approved attributes from the tag
552 $rest = str_replace(
'>',
'>', $rest );
553 $close = ( $brace ==
'/>' && !$slash ) ?
' /' :
'';
554 $text .=
"<$slash$t$newparams$close>$rest";
558 $text .=
'<' . str_replace(
'>',
'>', $x );
560 # Close off any remaining tags
561 while ( is_array( $tagstack ) && (
$t = array_pop( $tagstack ) ) ) {
563 if (
$t ==
'table' ) {
564 $tagstack = array_pop( $tablestack );
568 # this might be possible using tidy itself
569 foreach ( $bits
as $x ) {
570 preg_match(
'/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
574 if ( isset( $htmlelements[
$t = strtolower(
$t )] ) ) {
575 if ( is_callable( $processCallback ) ) {
585 $rest = str_replace(
'>',
'>', $rest );
586 $text .=
"<$slash$t$newparams$brace$rest";
590 $text .=
'<' . str_replace(
'>',
'>', $x );
609 while ( ( $start = strpos( $text,
'<!--' ) ) !==
false ) {
610 $end = strpos( $text,
'-->', $start + 4 );
611 if ( $end ===
false ) {
612 # Unterminated comment; bail out
618 # Trim space and newline if the comment is both
619 # preceded and followed by a newline
620 $spaceStart = max( $start - 1, 0 );
621 $spaceLen = $end - $spaceStart;
622 while ( substr( $text, $spaceStart, 1 ) ===
' ' && $spaceStart > 0 ) {
626 while ( substr( $text, $spaceStart + $spaceLen, 1 ) ===
' ' ) {
629 if ( substr( $text, $spaceStart, 1 ) ===
"\n"
630 && substr( $text, $spaceStart + $spaceLen, 1 ) ===
"\n" ) {
631 # Remove the comment, leading and trailing
632 # spaces, and leave only one newline.
633 $text = substr_replace( $text,
"\n", $spaceStart, $spaceLen + 1 );
635 # Remove just the comment.
636 $text = substr_replace( $text,
'', $start, $end - $start );
658 if ( $element ==
'meta' || $element ==
'link' ) {
659 if ( !isset(
$params[
'itemprop'] ) ) {
663 if ( $element ==
'meta' && !isset(
$params[
'content'] ) ) {
667 if ( $element ==
'link' && !isset(
$params[
'href'] ) ) {
712 global $wgAllowRdfaAttributes, $wgAllowMicrodataAttributes;
714 $whitelist = array_flip( $whitelist );
719 #allow XML namespace declaration if RDFa is enabled
720 if ( $wgAllowRdfaAttributes && preg_match( self::XMLNS_ATTRIBUTE_PATTERN, $attribute ) ) {
721 if ( !preg_match( self::EVIL_URI_PATTERN,
$value ) ) {
728 # Allow any attribute beginning with "data-"
729 if ( !preg_match(
'/^data-/i', $attribute ) && !isset( $whitelist[$attribute] ) ) {
733 # Strip javascript "expression" from stylesheets.
734 # http://msdn.microsoft.com/workshop/author/dhtml/overview/recalc.asp
735 if ( $attribute ==
'style' ) {
739 if ( $attribute ===
'id' ) {
744 # http://www.w3.org/TR/wai-aria/
745 # http://www.whatwg.org/html/elements.html#wai-aria
746 # For now we only support role="presentation" until we work out what roles should be
747 # usable by content and we ensure that our code explicitly rejects patterns that
748 # violate HTML5's ARIA restrictions.
749 if ( $attribute ===
'role' &&
$value !==
'presentation' ) {
755 if ( $attribute ===
'rel' || $attribute ===
'rev'
757 || $attribute ===
'about' || $attribute ===
'property'
758 || $attribute ===
'resource' || $attribute ===
'datatype'
759 || $attribute ===
'typeof'
761 || $attribute ===
'itemid' || $attribute ===
'itemprop'
762 || $attribute ===
'itemref' || $attribute ===
'itemscope'
763 || $attribute ===
'itemtype'
766 if ( preg_match( self::EVIL_URI_PATTERN,
$value ) ) {
771 # NOTE: even though elements using href/src are not allowed directly, supply
772 # validation code that can be used by tag hook handlers, etc
773 if ( $attribute ===
'href' || $attribute ===
'src' ) {
774 if ( !preg_match( $hrefExp,
$value ) ) {
785 if ( $wgAllowMicrodataAttributes ) {
786 # itemtype, itemid, itemref don't make sense without itemscope
787 if ( !array_key_exists(
'itemscope',
$out ) ) {
788 unset(
$out[
'itemtype'] );
789 unset(
$out[
'itemid'] );
790 unset(
$out[
'itemref'] );
792 # TODO: Strip itemprop if we aren't descendants of an itemscope or pointed to by an itemref.
808 $out = array_merge( $a, $b );
809 if ( isset( $a[
'class'] ) && isset( $b[
'class'] )
810 && is_string( $a[
'class'] ) && is_string( $b[
'class'] )
811 && $a[
'class'] !== $b[
'class']
813 $classes = preg_split(
'/\s+/',
"{$a['class']} {$b['class']}",
814 -1, PREG_SPLIT_NO_EMPTY );
815 $out[
'class'] = implode(
' ', array_unique( $classes ) );
844 if ( !$decodeRegex ) {
845 $space =
'[\\x20\\t\\r\\n\\f]';
846 $nl =
'(?:\\n|\\r\\n|\\r|\\f)';
848 $decodeRegex =
"/ $backslash
850 ($nl) | # 1. Line continuation
851 ([0-9A-Fa-f]{1,6})$space? | # 2. character number
852 (.) | # 3. backslash cancelling special meaning
853 () | # 4. backslash at end of string
856 $value = preg_replace_callback( $decodeRegex,
860 $value = preg_replace_callback(
864 if ( $cp ===
false ) {
867 return chr( $cp - 65248 );
875 array(
'ʀ',
'ɴ',
'ⁿ',
'ʟ',
'ɪ',
'⁽',
'₍' ),
876 array(
'r',
'n',
'n',
'l',
'i',
'(',
'(' ),
883 if ( !preg_match(
'! ^ \s* /\* [^*\\/]* \*/ \s* $ !x',
$value ) ) {
894 $commentPos = strpos(
$value,
'/*' );
895 if ( $commentPos !==
false ) {
904 \xE3\x80\xB1 | # U+3031
905 \xE3\x82\x9D | # U+309D
906 \xE3\x83\xBC | # U+30FC
907 \xE3\x83\xBD | # U+30FD
908 \xEF\xB9\xBC | # U+FE7C
909 \xEF\xB9\xBD | # U+FE7D
910 \xEF\xBD\xB0 # U+FF70
942 if ( preg_match(
'/[\000-\010\013\016-\037\177]/',
$value ) ) {
943 return '/* invalid control char */';
944 } elseif ( preg_match(
954 | attr\s*\([^)]+[\s,]+url
956 return '/* insecure input */';
976 if ( $char ==
"\n" || $char ==
'"' || $char ==
"'" || $char ==
'\\' ) {
979 return '\\' . dechex( ord( $char ) ) .
' ';
1006 if ( trim( $text ) ==
'' ) {
1022 $encValue = htmlspecialchars( $text, ENT_QUOTES );
1027 $encValue = strtr( $encValue,
array(
1045 # Templates and links may be expanded in later parsing,
1046 # creating invalid or dangerous output. Suppress this.
1047 $encValue = strtr( $encValue,
array(
1053 "''" =>
'''',
1054 'ISBN' =>
'ISBN',
1056 'PMID' =>
'PMID',
1062 $encValue = preg_replace_callback(
1064 array(
'Sanitizer',
'armorLinksCallback' ),
1101 global $wgExperimentalHtmlIds;
1104 if ( $wgExperimentalHtmlIds && !in_array(
'legacy',
$options ) ) {
1106 $id = preg_replace(
'/[ \t\n\r\f_\'"&#%]+/',
'_', $id );
1107 $id = trim( $id,
'_' );
1109 # Must have been all whitespace to start with.
1116 # HTML4-style escaping
1117 static $replace =
array(
1123 $id = str_replace( array_keys( $replace ), array_values( $replace ), $id );
1125 if ( !preg_match(
'/^[a-zA-Z]/', $id )
1126 && !in_array(
'noninitial',
$options ) ) {
1146 return rtrim( preg_replace(
1147 array(
'/(^[0-9\\-])|[\\x00-\\x20!"#$%&\'()*+,.\\/:;<=>?@[\\]^`{|}~]|\\xC2\\xA0/',
'/_+/' ),
1161 # It seems wise to escape ' as well as ", as a matter of course. Can't
1163 $html = htmlspecialchars(
$html, ENT_QUOTES );
1173 return str_replace(
':',
':',
$matches[1] );
1185 if ( trim( $text ) ==
'' ) {
1191 if ( !preg_match_all(
1192 self::getAttribsRegex(),
1195 PREG_SET_ORDER ) ) {
1199 foreach ( $pairs
as $set ) {
1200 $attribute = strtolower( $set[1] );
1222 foreach ( $assoc_array
as $attribute =>
$value ) {
1223 $encAttribute = htmlspecialchars( $attribute );
1226 $attribs[] =
"$encAttribute=\"$encValue\"";
1240 if ( isset( $set[6] ) ) {
1241 # Illegal #XXXXXX color with no quotes.
1243 } elseif ( isset( $set[5] ) ) {
1246 } elseif ( isset( $set[4] ) ) {
1249 } elseif ( isset( $set[3] ) ) {
1252 } elseif ( !isset( $set[2] ) ) {
1253 # In XHTML, attributes must have a value.
1254 # For 'reduced' form, return explicitly the attribute name here.
1257 throw new MWException(
"Tag conditions not met. This should never happen and is a bug." );
1274 return str_replace(
'"',
'"',
1275 self::normalizeWhitespace(
1284 return preg_replace(
1285 '/\r\n|[\x20\x0d\x0a\x09]/',
1299 return trim( preg_replace(
'/[ _]+/',
' ',
$section ) );
1318 return preg_replace_callback(
1319 self::CHAR_REFS_REGEX,
1320 array(
'Sanitizer',
'normalizeCharReferencesCallback' ),
1337 if ( is_null(
$ret ) ) {
1338 return htmlspecialchars(
$matches[0] );
1355 if ( isset( self::$htmlEntityAliases[
$name] ) ) {
1356 return '&' . self::$htmlEntityAliases[
$name] .
';';
1357 } elseif ( in_array(
$name,
1358 array(
'lt',
'gt',
'amp',
'quot' ) ) ) {
1360 } elseif ( isset( self::$htmlEntities[
$name] ) ) {
1361 return '&#' . self::$htmlEntities[
$name] .
';';
1363 return "&$name;";
1372 $point = intval( $codepoint );
1374 return sprintf(
'&#%d;', $point );
1385 $point = hexdec( $codepoint );
1387 return sprintf(
'&#x%x;', $point );
1399 return $codepoint == 0x09
1400 || $codepoint == 0x0a
1401 || $codepoint == 0x0d
1402 || ( $codepoint >= 0x20 && $codepoint <= 0xd7ff )
1403 || ( $codepoint >= 0xe000 && $codepoint <= 0xfffd )
1404 || ( $codepoint >= 0x10000 && $codepoint <= 0x10ffff );
1415 return preg_replace_callback(
1416 self::CHAR_REFS_REGEX,
1417 array(
'Sanitizer',
'decodeCharReferencesCallback' ),
1433 $text = preg_replace_callback(
1434 self::CHAR_REFS_REGEX,
1435 array(
'Sanitizer',
'decodeCharReferencesCallback' ),
1457 # Last case should be an ampersand by itself
1485 if ( isset( self::$htmlEntityAliases[
$name] ) ) {
1488 if ( isset( self::$htmlEntities[
$name] ) ) {
1503 return isset( $list[$element] )
1514 global $wgAllowRdfaAttributes, $wgAllowMicrodataAttributes;
1516 static $whitelist, $staticInitialised;
1517 $globalContext = implode(
'-', compact(
'wgAllowRdfaAttributes',
'wgAllowMicrodataAttributes' ) );
1519 if ( isset( $whitelist ) && $staticInitialised == $globalContext ) {
1536 if ( $wgAllowRdfaAttributes ) {
1537 # RDFa attributes as specified in section 9 of
1538 # http://www.w3.org/TR/2008/REC-rdfa-syntax-20081014
1539 $common = array_merge( $common,
array(
1540 'about',
'property',
'resource',
'datatype',
'typeof',
1544 if ( $wgAllowMicrodataAttributes ) {
1545 # add HTML5 microdata tags as specified by
1546 # http://www.whatwg.org/html/microdata.html#the-microdata-model
1547 $common = array_merge( $common,
array(
1548 'itemid',
'itemprop',
'itemref',
'itemscope',
'itemtype'
1552 $block = array_merge( $common,
array(
'align' ) );
1553 $tablealign =
array(
'align',
'valign' );
1561 'nowrap', # deprecated
1562 'width', # deprecated
1563 'height', # deprecated
1564 'bgcolor', # deprecated
1567 # Numbers refer to sections in HTML 4.01 standard describing the element.
1568 # See: http://www.w3.org/TR/html4/
1572 'center' => $common, # deprecated
1591 'strong' => $common,
1602 'blockquote' => array_merge( $common,
array(
'cite' ) ),
1603 'q' => array_merge( $common,
array(
'cite' ) ),
1613 'br' => array_merge( $common,
array(
'clear' ) ),
1619 'pre' => array_merge( $common,
array(
'width' ) ),
1622 'ins' => array_merge( $common,
array(
'cite',
'datetime' ) ),
1623 'del' => array_merge( $common,
array(
'cite',
'datetime' ) ),
1626 'ul' => array_merge( $common,
array(
'type' ) ),
1627 'ol' => array_merge( $common,
array(
'type',
'start' ) ),
1628 'li' => array_merge( $common,
array(
'type',
'value' ) ),
1636 'table' => array_merge( $common,
1637 array(
'summary',
'width',
'border',
'frame',
1638 'rules',
'cellspacing',
'cellpadding',
1643 'caption' => $block,
1651 'colgroup' => array_merge( $common,
array(
'span' ) ),
1652 'col' => array_merge( $common,
array(
'span' ) ),
1655 'tr' => array_merge( $common,
array(
'bgcolor' ), $tablealign ),
1658 'td' => array_merge( $common, $tablecell, $tablealign ),
1659 'th' => array_merge( $common, $tablecell, $tablealign ),
1662 # NOTE: <a>
is not allowed
directly, but the attrib
1664 'a' => array_merge( $common,
array(
'href',
'rel',
'rev' ) ), # rel/rev esp.
for RDFa
1667 # Not usually allowed, but may be
used for extension-style
hooks
1668 #
such as <math> when
it is rasterized, or
if $wgAllowImageTag
is
1670 'img' => array_merge( $common,
array(
'alt',
'src',
'width',
'height' ) ),
1678 'strike' => $common,
1683 'font' => array_merge( $common,
array(
'size',
'color',
'face' ) ),
1687 'hr' => array_merge( $common,
array(
'width' ) ),
1695 'rt' => $common, #array_merge( $common,
array(
'rbspan' ) ),
1698 # MathML
root element, where
used for extensions
1699 #
'title' may not be 100% valid here;
it's XHTML
1700 # http://www.w3.org/TR/REC-MathML/
1701 'math
' => array( 'class', 'style
', 'id', 'title' ),
1703 # HTML 5 section 4.6
1706 # HTML5 elements, defined by:
1707 # http://www.whatwg.org/html/
1708 'data' => array_merge( $common, array( 'value
' ) ),
1709 'time
' => array_merge( $common, array( 'datetime
' ) ),
1712 // meta and link are only permitted by removeHTMLtags when Microdata
1713 // is enabled so we don't bother adding a conditional to hide these
1717 'meta' =>
array(
'itemprop',
'content' ),
1718 'link' =>
array(
'itemprop',
'href' ),
1721 $staticInitialised = $globalContext;
1740 # Normalize &entities and whitespace
1757 $out =
"<!DOCTYPE html [\n";
1758 foreach ( self::$htmlEntities
as $entity => $codepoint ) {
1759 $out .=
"<!ENTITY $entity \"&#$codepoint;\">";
1770 # Normalize any HTML entities in input. They will be
1771 # re-escaped by makeExternalLink().
1774 # Escape any control characters introduced by the above step
1775 $url = preg_replace_callback(
'/[\][<>"\\x00-\\x20\\x7F\|]/',
1776 array( __CLASS__,
'cleanUrlCallback' ), $url );
1778 # Validate hostname portion
1780 if ( preg_match(
'!^([^:]+:)(//[^/]+)?(.*)$!iD', $url,
$matches ) ) {
1787 \\s| # general whitespace
1788 \xc2\xad| # 00ad SOFT HYPHEN
1789 \xe1\xa0\x86| # 1806 MONGOLIAN TODO SOFT HYPHEN
1790 \xe2\x80\x8b| # 200b ZERO WIDTH SPACE
1791 \xe2\x81\xa0| # 2060 WORD JOINER
1792 \xef\xbb\xbf| # feff ZERO WIDTH NO-BREAK SPACE
1793 \xcd\x8f| # 034f COMBINING GRAPHEME JOINER
1794 \xe1\xa0\x8b| # 180b MONGOLIAN FREE VARIATION SELECTOR ONE
1795 \xe1\xa0\x8c| # 180c MONGOLIAN FREE VARIATION SELECTOR TWO
1796 \xe1\xa0\x8d| # 180d MONGOLIAN FREE VARIATION SELECTOR THREE
1797 \xe2\x80\x8c| # 200c ZERO WIDTH NON-JOINER
1798 \xe2\x80\x8d| # 200d ZERO WIDTH JOINER
1799 [\xef\xb8\x80-\xef\xb8\x8f] # fe00-fe0f VARIATION SELECTOR-1-16
1802 $host = preg_replace( $strip,
'', $host );
1806 return $protocol . $host . $rest;
1857 $rfc5322_atext =
"a-z0-9!#$%&'*+\\-\/=?^_`{|}~";
1858 $rfc1034_ldh_str =
"a-z0-9\\-";
1860 $html5_email_regexp =
"/
1862 [$rfc5322_atext\\.]+ # user part which is liberal :p
1864 [$rfc1034_ldh_str]+ # First domain part
1865 (\\.[$rfc1034_ldh_str]+)* # Following part prefixed with a dot
1869 return (
bool)preg_match( $html5_email_regexp, $addr );
static normalizeAttributeValue( $text)
Normalize whitespace and character references in an XML source- encoded text for an attribute value.
The index of the header message $result[1]=The index of the body text message $result[2 through n]=Parameters passed to body text message. Please note the header message cannot receive/use parameters. 'ImportHandleLogItemXMLTag':When parsing a XML tag in a log item. $reader:XMLReader object $logInfo:Array of information Return false to stop further processing of the tag 'ImportHandlePageXMLTag':When parsing a XML tag in a page. $reader:XMLReader object $pageInfo:Array of information Return false to stop further processing of the tag 'ImportHandleRevisionXMLTag':When parsing a XML tag in a page revision. $reader:XMLReader object $pageInfo:Array of page information $revisionInfo:Array of revision information Return false to stop further processing of the tag 'ImportHandleToplevelXMLTag':When parsing a top level XML tag. $reader:XMLReader object Return false to stop further processing of the tag 'ImportHandleUploadXMLTag':When parsing a XML tag in a file upload. $reader:XMLReader object $revisionInfo:Array of information Return false to stop further processing of the tag 'InfoAction':When building information to display on the action=info page. $context:IContextSource object & $pageInfo:Array of information 'InitializeArticleMaybeRedirect':MediaWiki check to see if title is a redirect. $title:Title object for the current page $request:WebRequest $ignoreRedirect:boolean to skip redirect check $target:Title/string of redirect target $article:Article object 'InterwikiLoadPrefix':When resolving if a given prefix is an interwiki or not. Return true without providing an interwiki to continue interwiki search. $prefix:interwiki prefix we are looking for. & $iwData:output array describing the interwiki with keys iw_url, iw_local, iw_trans and optionally iw_api and iw_wikiid. 'InternalParseBeforeSanitize':during Parser 's internalParse method just before the parser removes unwanted/dangerous HTML tags and after nowiki/noinclude/includeonly/onlyinclude and other processings. Ideal for syntax-extensions after template/parser function execution which respect nowiki and HTML-comments. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InternalParseBeforeLinks':during Parser 's internalParse method before links but after nowiki/noinclude/includeonly/onlyinclude and other processings. & $parser:Parser object & $text:string containing partially parsed text & $stripState:Parser 's internal StripState object 'InvalidateEmailComplete':Called after a user 's email has been invalidated successfully. $user:user(object) whose email is being invalidated 'IRCLineURL':When constructing the URL to use in an IRC notification. Callee may modify $url and $query, URL will be constructed as $url . $query & $url:URL to index.php & $query:Query string $rc:RecentChange object that triggered url generation 'IsFileCacheable':Override the result of Article::isFileCacheable()(if true) $article:article(object) being checked 'IsTrustedProxy':Override the result of wfIsTrustedProxy() $ip:IP being check $result:Change this value to override the result of wfIsTrustedProxy() 'IsUploadAllowedFromUrl':Override the result of UploadFromUrl::isAllowedUrl() $url:URL used to upload from & $allowed:Boolean indicating if uploading is allowed for given URL 'isValidEmailAddr':Override the result of User::isValidEmailAddr(), for instance to return false if the domain name doesn 't match your organization. $addr:The e-mail address entered by the user & $result:Set this and return false to override the internal checks 'isValidPassword':Override the result of User::isValidPassword() $password:The password entered by the user & $result:Set this and return false to override the internal checks $user:User the password is being validated for 'Language::getMessagesFileName':$code:The language code or the language we 're looking for a messages file for & $file:The messages file path, you can override this to change the location. 'LanguageGetNamespaces':Provide custom ordering for namespaces or remove namespaces. Do not use this hook to add namespaces. Use CanonicalNamespaces for that. & $namespaces:Array of namespaces indexed by their numbers 'LanguageGetMagic':DEPRECATED, use $magicWords in a file listed in $wgExtensionMessagesFiles instead. Use this to define synonyms of magic words depending of the language $magicExtensions:associative array of magic words synonyms $lang:language code(string) 'LanguageGetSpecialPageAliases':DEPRECATED, use $specialPageAliases in a file listed in $wgExtensionMessagesFiles instead. Use to define aliases of special pages names depending of the language $specialPageAliases:associative array of magic words synonyms $lang:language code(string) 'LanguageGetTranslatedLanguageNames':Provide translated language names. & $names:array of language code=> language name $code language of the preferred translations 'LanguageLinks':Manipulate a page 's language links. This is called in various places to allow extensions to define the effective language links for a page. $title:The page 's Title. & $links:Associative array mapping language codes to prefixed links of the form "language:title". & $linkFlags:Associative array mapping prefixed links to arrays of flags. Currently unused, but planned to provide support for marking individual language links in the UI, e.g. for featured articles. 'LinkBegin':Used when generating internal and interwiki links in Linker::link(), before processing starts. Return false to skip default processing and return $ret. See documentation for Linker::link() for details on the expected meanings of parameters. $skin:the Skin object $target:the Title that the link is pointing to & $html:the contents that the< a > tag should have(raw HTML) $result
static normalizeEntity( $name)
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the equivalent numeric entity re...
static getTagAttributeCallback( $set)
Pick the appropriate attribute value from a match set from the attribs regex matches.
and how to run hooks for an and one after Each event has a preferably in CamelCase For ArticleDelete hook A clump of code and data that should be run when an event happens This can be either a function and a chunk of data
static attributeWhitelist( $element)
Fetch the whitelist of acceptable attributes for a given element name.
static removeHTMLcomments( $text)
Remove '', and everything between.
skin txt MediaWiki includes four core it has been set as the default in MediaWiki since the replacing Monobook it had been been the default skin since before being replaced by Vector largely rewritten in while keeping its appearance Several legacy skins were removed in the as the burden of supporting them became too heavy to bear Those in etc for skin dependent CSS etc for skin dependent JavaScript These can also be customised on a per user by etc This feature has led to a wide variety of user styles becoming that gallery is a good place to ending in php
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned and may include noclasses & $html
const EVIL_URI_PATTERN
Blacklist for evil uris like javascript: WARNING: DO NOT use this in any place that actually requires...
We use the convention $dbr for read and $dbw for write to help you keep track of whether the database object is a the world will explode Or to be a subsequent write query which succeeded on the master may fail when replicated to the slave due to a unique key collision Replication on the slave will stop and it may take hours to repair the database and get it back online Setting read_only in my cnf on the slave will avoid this but given the dire we prefer to have as many checks as possible We provide a but the wrapper functions like please read the documentation for except in special pages derived from QueryPage It s a common pitfall for new developers to submit code containing SQL queries which examine huge numbers of rows Remember that COUNT * is(N), counting rows in atable is like counting beans in a bucket.------------------------------------------------------------------------ Replication------------------------------------------------------------------------The largest installation of MediaWiki, Wikimedia, uses a large set ofslave MySQL servers replicating writes made to a master MySQL server. Itis important to understand the issues associated with this setup if youwant to write code destined for Wikipedia.It 's often the case that the best algorithm to use for a given taskdepends on whether or not replication is in use. Due to our unabashedWikipedia-centrism, we often just use the replication-friendly version, but if you like, you can use wfGetLB() ->getServerCount() > 1 tocheck to see if replication is in use.===Lag===Lag primarily occurs when large write queries are sent to the master.Writes on the master are executed in parallel, but they are executed inserial when they are replicated to the slaves. The master writes thequery to the binlog when the transaction is committed. The slaves pollthe binlog and start executing the query as soon as it appears. They canservice reads while they are performing a write query, but will not readanything more from the binlog and thus will perform no more writes. Thismeans that if the write query runs for a long time, the slaves will lagbehind the master for the time it takes for the write query to complete.Lag can be exacerbated by high read load. MediaWiki 's load balancer willstop sending reads to a slave when it is lagged by more than 30 seconds.If the load ratios are set incorrectly, or if there is too much loadgenerally, this may lead to a slave permanently hovering around 30seconds lag.If all slaves are lagged by more than 30 seconds, MediaWiki will stopwriting to the database. All edits and other write operations will berefused, with an error returned to the user. This gives the slaves achance to catch up. Before we had this mechanism, the slaves wouldregularly lag by several minutes, making review of recent editsdifficult.In addition to this, MediaWiki attempts to ensure that the user seesevents occurring on the wiki in chronological order. A few seconds of lagcan be tolerated, as long as the user sees a consistent picture fromsubsequent requests. This is done by saving the master binlog positionin the session, and then at the start of each request, waiting for theslave to catch up to that position before doing any reads from it. Ifthis wait times out, reads are allowed anyway, but the request isconsidered to be in "lagged slave mode". Lagged slave mode can bechecked by calling wfGetLB() ->getLaggedSlaveMode(). The onlypractical consequence at present is a warning displayed in the pagefooter.===Lag avoidance===To avoid excessive lag, queries which write large numbers of rows shouldbe split up, generally to write one row at a time. Multi-row INSERT ...SELECT queries are the worst offenders should be avoided altogether.Instead do the select first and then the insert.===Working with lag===Despite our best efforts, it 's not practical to guarantee a low-lagenvironment. Lag will usually be less than one second, but mayoccasionally be up to 30 seconds. For scalability, it 's very importantto keep load on the master low, so simply sending all your queries tothe master is not the answer. So when you have a genuine need forup-to-date data, the following approach is advised:1) Do a quick query to the master for a sequence number or timestamp 2) Run the full query on the slave and check if it matches the data you gotfrom the master 3) If it doesn 't, run the full query on the masterTo avoid swamping the master every time the slaves lag, use of thisapproach should be kept to a minimum. In most cases you should just readfrom the slave and let the user deal with the delay.------------------------------------------------------------------------ Lock contention------------------------------------------------------------------------Due to the high write rate on Wikipedia(and some other wikis), MediaWiki developers need to be very careful to structure their writesto avoid long-lasting locks. By default, MediaWiki opens a transactionat the first query, and commits it before the output is sent. Locks willbe held from the time when the query is done until the commit. So youcan reduce lock time by doing as much processing as possible before youdo your write queries.Often this approach is not good enough, and it becomes necessary toenclose small groups of queries in their own transaction. Use thefollowing syntax:$dbw=wfGetDB(DB_MASTER
static $htmlEntities
List of all named character entities defined in HTML 4.01 http://www.w3.org/TR/html4/sgml/entities....
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add text
static decodeEntity( $name)
If the named entity is defined in the HTML 4.0/XHTML 1.0 DTD, return the UTF-8 encoding of that chara...
static mergeAttributes( $a, $b)
Merge two sets of HTML attributes.
wfProfileIn( $functionname)
Begin profiling of a function.
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses & $ret
wfSuppressWarnings( $end=false)
Reference-counted warning suppression.
static normalizeSectionNameWhitespace( $section)
Normalizes whitespace in a section name, such as might be returned by Parser::stripSectionName(),...
static validateEmail( $addr)
Does a string look like an e-mail address?
static decCharReference( $codepoint)
static safeEncodeTagAttributes( $assoc_array)
Build a partial tag string from an associative array of attribute names and values as returned by dec...
static decodeCharReferencesAndNormalize( $text)
Decode any character references, numeric or named entities, in the next and normalize the resulting s...
static $attribsRegex
Lazy-initialised attributes regex, see getAttribsRegex()
static escapeClass( $class)
Given a value, escape it so that it can be used as a CSS class and return it.
static normalizeCharReferencesCallback( $matches)
this class mediates it Skin Encapsulates a look and feel for the wiki All of the functions that render HTML and make choices about how to render it are here and are called from various other places when and is meant to be subclassed with other skins that may override some of its functions The User object contains a reference to a and so rather than having a global skin object we just rely on the global User and get the skin with $wgUser and also has some character encoding functions and other locale stuff The current user interface language is instantiated as and the content language as $wgContLang
static stripAllTags( $text)
Take a fragment of (potentially invalid) HTML and return a version with any tags removed,...
static validateTag( $params, $element)
Takes attribute names and values for a tag and the tag name and validates that the tag is allowed to ...
to move a page</td >< td > &*You are moving the page across *A non empty talk page already exists under the new or *You uncheck the box below In those you will have to move or merge the page manually if desired</td >< td > be sure to &You are responsible for making sure that links continue to point where they are supposed to go Note that the page will &a page at the new title
static hackDocType()
Hack up a private DOCTYPE with HTML's standard entity declarations.
const XMLNS_ATTRIBUTE_PATTERN
codepointToUtf8( $codepoint)
Return UTF-8 sequence for a given Unicode code point.
static $htmlEntityAliases
Character entity aliases accepted by MediaWiki.
wfRestoreWarnings()
Restore error level to previous value.
Using a hook running we can avoid having all this option specific stuff in our mainline code Using hooks
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global then executing the whole list after the page is displayed We don t do anything smart like collating updates to the same table or such because the list is almost always going to have just one item on if so it s not worth the trouble Since there is a job queue in the jobs table
static safeEncodeAttribute( $text)
Encode an attribute value for HTML tags, with extra armoring against further wiki processing.
design txt This is a brief overview of the new design More thorough and up to date information is available on the documentation wiki at etc Handles the details of getting and saving to the user table of the and dealing with sessions and cookies OutputPage Encapsulates the entire HTML page that will be sent in response to any server request It is used by calling its functions to add in any and then calling but I prefer the flexibility This should also do the output encoding The system allocates a global one in $wgOut Title Represents the title of an and does all the work of translating among various forms such as plain database etc For and for historical it also represents a few features of articles that don t involve their such as access rights See also title txt Article Encapsulates access to the page table of the database The object represents a an and maintains state such as etc Revision Encapsulates individual page revision data and access to the revision text blobs storage system Higher level code should never touch text storage directly
wfProfileOut( $functionname='missing')
Stop profiling of a function.
static encodeAttribute( $text)
Encode an attribute value for HTML output.
static armorLinksCallback( $matches)
Regex replace callback for armoring links against further processing.
wfRunHooks( $event, array $args=array(), $deprecatedVersion=null)
Call hook functions defined in $wgHooks.
static validateAttributes( $attribs, $whitelist)
Take an array of attribute names and values and normalize or discard illegal values for the given whi...
the array() calling protocol came about after MediaWiki 1.4rc1.
List of Api Query prop modules.
when a variable name is used in a it is silently declared as a new masking the global
and how to run hooks for an and one after Each event has a preferably in CamelCase For ArticleDelete hook A clump of code and data that should be run when an event happens This can be either a function and a chunk of or an object and a method hook function The function part of a third party developers and administrators to define code that will be run at certain points in the mainline and to modify the data run by that mainline code Hooks can keep mainline code simple
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global list
static hexCharReference( $codepoint)
static escapeId( $id, $options=array())
Given a value, escape it so that it can be used in an id attribute and return it.
</td >< td > &</td >< td > t want your writing to be edited mercilessly and redistributed at will
static validateCodepoint( $codepoint)
Returns true if a given Unicode codepoint is a valid character in XML.
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped & $options
wfUrlProtocols( $includeProtocolRelative=true)
Returns a regular expression of url protocols.
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such and we might be restricted by PHP settings such as safe mode or open_basedir We cannot assume that the software even has read access anywhere useful Many shared hosts run all users web applications under the same so they can t rely on Unix and must forbid reads to even standard directories like tmp lest users read each others files We cannot assume that the user has the ability to install or run any programs not written as web accessible PHP scripts Since anything that works on cheap shared hosting will work if you have shell or root access MediaWiki s design is based around catering to the lowest common denominator Although we support higher end setups as the way many things work by default is tailored toward shared hosting These defaults are unconventional from the point of view of and they certainly aren t ideal for someone who s installing MediaWiki as root
Allows to change the fields on the form that will be generated $name
if(!defined( 'MEDIAWIKI')) if(!isset( $wgVersion)) $matches
static validateTagAttributes( $attribs, $element)
Take an array of attribute names and values and normalize or discard illegal values for the given ele...
static cssDecodeCallback( $matches)
pre inside other HTML tags(bug 54946) !! wikitext a< div >< pre > foo</pre ></div >< pre ></pre > !! html< p >a</p >< div >< pre > foo</pre ></div >< pre ></pre > !! end !! test HTML pre followed by indent-pre !! wikitext< pre >foo</pre > bar !! html< pre >foo</pre >< pre >bar</pre > !! end !!test Block tag pre !!options parsoid !! wikitext< p >< pre >foo</pre ></p > !! html< p data-parsoid
published in in Madrid In the first edition of the Vocabolario for was published In in Rotterdam was the Dictionnaire Universel ! html< p > The first monolingual dictionary written in a Romance language was< i > Sebastián Covarrubias</i >< i > Tesoro de la lengua castellana o published in in Madrid In the first edition of the< i > Vocabolario dell< a href="/index.php?title=Accademia_della_Crusca&action=edit&redlink=1" class="new" title="Accademia della Crusca (page does not exist)"> Accademia della Crusca</a ></i > for was published In in Rotterdam was the< i > Dictionnaire Universel</i ></p > ! end ! test Italics and ! wikitext foo ! html< p >< i > foo</i ></p > !end ! test Italics and ! wikitext foo ! html< p >< i > foo</i ></p > !end ! test Italics and ! wikitext foo ! html< p >< i > foo</i ></p > !end ! test Italics and ! wikitext foo ! html php< p >< i > foo</i ></p > ! html parsoid< p >< i > foo</i >< b ></b ></p > !end ! test Italics and ! wikitext foo ! html< p >< i > foo</i ></p > !end ! test Italics and ! wikitext foo ! html< p >< b > foo</b ></p > !end ! test Italics and ! wikitext foo ! html< p >< b > foo</b ></p > !end ! test Italics and ! wikitext foo ! html php< p >< b > foo</b ></p > ! html parsoid< p >< b > foo</b >< i ></i ></p > !end ! test Italics and ! wikitext foo ! html< p >< i > foo</i ></p > !end ! test Italics and ! wikitext foo ! html< p >< b > foo</b ></p > !end ! test Italics and ! wikitext foo ! html< p >< b > foo</b ></p > !end ! test Italics and ! wikitext foo ! html php< p >< b > foo</b ></p > ! html parsoid< p >< b > foo</b >< i ></i ></p > !end ! test Italics and ! options ! wikitext foo ! html< p >< b >< i > foo</i ></b ></p > !end ! test Italics and ! wikitext foo ! html< p >< i >< b > foo</b ></i ></p > !end ! test Italics and ! wikitext foo ! html< p >< i >< b > foo</b ></i ></p > !end ! test Italics and ! wikitext foo ! html< p >< i >< b > foo</b ></i ></p > !end ! test Italics and ! wikitext foo bar ! html< p >< i > foo< b > bar</b ></i ></p > !end ! test Italics and ! wikitext foo bar ! html< p >< i > foo< b > bar</b ></i ></p > !end ! test Italics and ! wikitext foo bar ! html< p >< i > foo< b > bar</b ></i ></p > !end ! test Italics and ! wikitext foo bar ! html php< p >< b > foo</b > bar</p > ! html parsoid< p >< b > foo</b > bar< i ></i ></p > !end ! test Italics and ! wikitext foo bar ! html php< p >< b > foo</b > bar</p > ! html parsoid< p >< b > foo</b > bar< b ></b ></p > !end ! test Italics and ! wikitext this is about foo s family ! html< p >< i > this is about< b > foo s family</b ></i ></p > !end ! test Italics and ! wikitext this is about foo s family ! html< p >< i > this is about< b > foo s</b > family</i ></p > !end ! test Italics and ! wikitext this is about foo s family ! html< p >< b > this is about< i > foo</i ></b >< i > s family</i ></p > !end ! test Italics and ! options ! wikitext this is about foo s family ! html< p >< i > this is about</i > foo< b > s family</b ></p > !end ! test Italics and ! wikitext this is about foo s family ! html< p >< b > this is about< i > foo s</i > family</b ></p > !end ! test Italicized possessive ! wikitext The s talk page ! html< p > The< i >< a href="/wiki/Main_Page" title="Main Page"> Main Page</a ></i > s talk page</p > ! end ! test Parsoid only
=Architecture==Two class hierarchies are used to provide the functionality associated with the different content models:*Content interface(and AbstractContent base class) define functionality that acts on the concrete content of a page, and *ContentHandler base class provides functionality specific to a content model, but not acting on concrete content. The most important function of ContentHandler is to act as a factory for the appropriate implementation of Content. These Content objects are to be used by MediaWiki everywhere, instead of passing page content around as text. All manipulation and analysis of page content must be done via the appropriate methods of the Content object. For each content model, a subclass of ContentHandler has to be registered with $wgContentHandlers. The ContentHandler object for a given content model can be obtained using ContentHandler::getForModelID($id). Also Title, WikiPage and Revision now have getContentHandler() methods for convenience. ContentHandler objects are singletons that provide functionality specific to the content type, but not directly acting on the content of some page. ContentHandler::makeEmptyContent() and ContentHandler::unserializeContent() can be used to create a Content object of the appropriate type. However, it is recommended to instead use WikiPage::getContent() resp. Revision::getContent() to get a page 's content as a Content object. These two methods should be the ONLY way in which page content is accessed. Another important function of ContentHandler objects is to define custom action handlers for a content model, see ContentHandler::getActionOverrides(). This is similar to what WikiPage::getActionOverrides() was already doing.==Serialization==With the ContentHandler facility, page content no longer has to be text based. Objects implementing the Content interface are used to represent and handle the content internally. For storage and data exchange, each content model supports at least one serialization format via ContentHandler::serializeContent($content). The list of supported formats for a given content model can be accessed using ContentHandler::getSupportedFormats(). Content serialization formats are identified using MIME type like strings. The following formats are built in:*text/x-wiki - wikitext *text/javascript - for js pages *text/css - for css pages *text/plain - for future use, e.g. with plain text messages. *text/html - for future use, e.g. with plain html messages. *application/vnd.php.serialized - for future use with the api and for extensions *application/json - for future use with the api, and for use by extensions *application/xml - for future use with the api, and for use by extensions In PHP, use the corresponding CONTENT_FORMAT_XXX constant. Note that when using the API to access page content, especially action=edit, action=parse and action=query &prop=revisions, the model and format of the content should always be handled explicitly. Without that information, interpretation of the provided content is not reliable. The same applies to XML dumps generated via maintenance/dumpBackup.php or Special:Export. Also note that the API will provide encapsulated, serialized content - so if the API was called with format=json, and contentformat is also json(or rather, application/json), the page content is represented as a string containing an escaped json structure. Extensions that use JSON to serialize some types of page content may provide specialized API modules that allow access to that content in a more natural form.==Compatibility==The ContentHandler facility is introduced in a way that should allow all existing code to keep functioning at least for pages that contain wikitext or other text based content. However, a number of functions and hooks have been deprecated in favor of new versions that are aware of the page 's content model, and will now generate warnings when used. Most importantly, the following functions have been deprecated:*Revisions::getText() and Revisions::getRawText() is deprecated in favor Revisions::getContent() *WikiPage::getText() is deprecated in favor WikiPage::getContent() Also, the old Article::getContent()(which returns text) is superceded by Article::getContentObject(). However, both methods should be avoided since they do not provide clean access to the page 's actual content. For instance, they may return a system message for non-existing pages. Use WikiPage::getContent() instead. Code that relies on a textual representation of the page content should eventually be rewritten. However, ContentHandler::getContentText() provides a stop-gap that can be used to get text for a page. Its behavior is controlled by $wgContentHandlerTextFallback it
static normalizeCss( $value)
Normalize CSS into a format we can easily search for hostile input.
static fixTagAttributes( $text, $element)
Take a tag soup fragment listing an HTML element's attributes and normalize it to well-formed XML,...
Prior to maintenance scripts were a hodgepodge of code that had no cohesion or formal method of action Beginning in
you don t have to do a grep find to see where the $wgReverseTitle variable is used
const CHAR_REFS_REGEX
Regular expression to match various types of character references in Sanitizer::normalizeCharReferenc...
static normalizeWhitespace( $text)
This document is intended to provide useful advice for parties seeking to redistribute MediaWiki to end users It s targeted particularly at maintainers for Linux since it s been observed that distribution packages of MediaWiki often break We ve consistently had to recommend that users seeking support use official tarballs instead of their distribution s and this often solves whatever problem the user is having It would be nice if this could such as
it sets a lot of them automatically from query and such
static decodeChar( $codepoint)
Return UTF-8 string for a codepoint if that is a valid character reference, otherwise U+FFFD REPLACEM...
static delimiterReplace( $startDelim, $endDelim, $replace, $subject, $flags='')
Perform an operation equivalent to.
utf8ToCodepoint( $char)
Determine the Unicode codepoint of a single-character UTF-8 sequence.
static normalizeCharReferences( $text)
Ensure that any entities and character references are legal for XML and XHTML specifically.
static decodeTagAttributes( $text)
Return an associative array of attribute names and values from a partial tag string.
Please log in again after you receive it</td >< td > s a saved copy from
deferred txt A few of the database updates required by various functions here can be deferred until after the result page is displayed to the user For updating the view updating the linked to tables after a etc PHP does not yet have any way to tell the server to actually return and disconnect while still running these but it might have such a feature in the future We handle these by creating a deferred update object and putting those objects on a global then executing the whole list after the page is displayed We don t do anything smart like collating updates to the same table or such because the list is almost always going to have just one item on if that
static setupAttributeWhitelist()
Foreach array key (an allowed HTML element), return an array of allowed attributes.
static configuration should be added through ResourceLoaderGetConfigVars instead & $vars
static decodeCharReferences( $text)
Decode any character references, numeric or named entities, in the text and return a UTF-8 string.
null means default in associative array with keys and values unescaped Should be merged with default with a value of false meaning to suppress the attribute in associative array with keys and values unescaped noclasses just before the function returns a value If you return an< a > element with HTML attributes $attribs and contents $html will be returned If you return $ret will be returned and may include noclasses after processing & $attribs
HTML sanitizer for MediaWiki.
static checkCss( $value)
Pick apart some CSS and check it for forbidden or unsafe structures.
static getAttribsRegex()
Regular expression to match HTML/XML attribute pairs within a tag.
static escapeHtmlAllowEntities( $html)
Given HTML input, escape with htmlspecialchars but un-escape entities.
static decodeCharReferencesCallback( $matches)
static cleanUrlCallback( $matches)
static removeHTMLtags( $text, $processCallback=null, $args=array(), $extratags=array(), $removetags=array())
Cleans up HTML, removes dangerous tags and attributes, and removes HTML comments.
1.8.16