Thread:Support/Add MW-Extension "Poll" to translatewiki.net/reply (4)

The extension is not written in a way we expect with regards to best practices and patterns. Not following those can cause security issues, i18n issues and the extension is more likely to break when it ages.

One of the best practices is escaping everything that is outputted. Some examples: -$wgOut->addHtml( $skin->link( $this->getTitle, wfMsg('poll-back'), array, array( 'action' => 'list' ) ) ); +$wgOut->addHtml( Linker::link( $this->getTitle, wfMessage( 'poll-back' )->escaped, array, array( 'action' => 'list' ) ) );

-while( $row = $dbr->fetchObject( $query ) ) { +foreach ( $query as $row ) {

-$wgOut->addHtml( 'getTitle->getFullURL('action=create').'">'.wfMsg( 'poll-create-link' ).'' ); +$wgOut->addHtml( Html::rawElement( 'li', array, Linker::link( $this->getTitle, wfMessage( 'poll-create-link' )->escaped, array, array( 'action' => 'create' ) ) ) );

-$wgOut->addHtml( Xml::check( 'controll_delete' ).' '.wfMsg('poll-delete-question', $question).' ' ); +$wgOut->addHtml( Xml::checkLabel( wfMsg( 'poll-delete-question', $question ), 'controll_delete' ) . ' ' );