html('sitenotice') ?>
- data['displaytitle']!=""?$this->html('title'):$this->text('title') ?>
+html('title') ?>
msg('tagline') ?>
html('subtitle') ?>
Index: skins/Modern.php
===================================================================
--- skins/Modern.php (revision 47852)
+++ skins/Modern.php (working copy)
@@ -102,7 +102,7 @@
class="mediawiki text('dir') ?> text('pageclass') ?> text('skinnameclass') ?>">
- data['displaytitle']!=""?$this->html('title'):$this->text('title') ?>
html('title') ?>
Index: includes/GlobalFunctions.php
===================================================================
--- includes/GlobalFunctions.php (revision 47852)
+++ includes/GlobalFunctions.php (working copy)
@@ -558,7 +558,7 @@
* @param $forContent Boolean
* @return String: the requested message.
*/
-function wfMsgReal( $key, $args, $useDB = true, $forContent=false, $transform = true ) {
+function wfMsgReal( $key, $args, $useDB = true, $forContent = false, $transform = true ) {
wfProfileIn( __METHOD__ );
$message = wfMsgGetKey( $key, $useDB, $forContent, $transform );
$message = wfMsgReplaceArgs( $message, $args );
@@ -570,7 +570,7 @@
* This function provides the message source for messages to be edited which are *not* stored in the database.
* @param $key String:
*/
-function wfMsgWeirdKey ( $key ) {
+function wfMsgWeirdKey( $key ) {
$source = wfMsgGetKey( $key, false, true, false );
if ( wfEmptyMsg( $key, $source ) )
return "";
Index: includes/parser/CoreParserFunctions.php
===================================================================
--- includes/parser/CoreParserFunctions.php (revision 47852)
+++ includes/parser/CoreParserFunctions.php (working copy)
@@ -205,17 +205,15 @@
* @param string $text Desired title text
* @return string
*/
- static function displaytitle( $parser, $text = '' ) {
- global $wgRestrictDisplayTitle;
- $text = trim( Sanitizer::decodeCharReferences( $text ) );
+ static function displaytitle( $parser, $displayTitle = '' ) {
+ #only requested titles that normalize to the actual title are allowed through
+ #mimick the escaping process that occurs in OutputPage::setPageTitle
+ $title = Title::newFromText( Sanitizer::stripAllTags( Sanitizer::normalizeCharReferences( Sanitizer::removeHTMLtags( $displayTitle ) ) ) );
- if ( !$wgRestrictDisplayTitle ) {
- $parser->mOutput->setDisplayTitle( $text );
- } else {
- $title = Title::newFromText( $text );
- if( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) )
- $parser->mOutput->setDisplayTitle( $text );
+ if ( $title instanceof Title && $title->getFragment() == '' && $title->equals( $parser->mTitle ) ) {
+ $parser->mOutput->setDisplayTitle( $displayTitle );
}
+
return '';
}
Index: includes/OutputPage.php
===================================================================
--- includes/OutputPage.php (revision 47852)
+++ includes/OutputPage.php (working copy)
@@ -310,18 +310,34 @@
}
}
- public function setHTMLTitle( $name ) { $this->mHTMLtitle = $name; }
+ /**
+ * "HTML title" means the contents of . It is stored as plain, unescaped text and will be run through htmlspecialchars in the skin file.
+ */
+ public function setHTMLTitle( $name ) {
+ $this->mHTMLtitle = $name;
+ }
+
+ /**
+ * "Page title" means the contents of . It is stored as a valid HTML fragment.
+ * This function allows good tags like in the