Manual:$wgLegalTitleChars

From Linux Web Expert

<translate> Page titles and redirects</translate>: $wgLegalTitleChars
Override the default list of illegal characters in page titles.
<translate> Introduced in version:</translate>1.6.0 (r10960)
<translate> Deprecated in version:</translate>1.41.0 (Gerrit change 942710; git #1552f420)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(string)
<translate> Default value:</translate>' %!"$&\'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF+' (1.39+)

" %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF+" (1.8-1.38)

" %!\"$&'()*,\\-.\\/0-9:;=?@A-Z\\\\^_`a-z~\\x80-\\xFF" (1.6-1.7)

Details

File:OOjs UI icon notice-destructive.svg <translate> Warning:</translate> Don't change this unless you know what you're doing!

This is a regex character class (i.e. a list of characters in a format suitable for a regular expression) that you want MediaWiki to allow in page titles despite being in the list of illegal characters.

The list of illegal characters is as follows: #<>[]|{}, non-printable characters 0 through 31, and 'delete' character 127.

Problem characters

The following punctuation symbols may cause problems if enabled:

  • []{}|# - These are needed for link and template syntax, never enable them.
  • <> - These cause problems with HTML escaping, don't use.
  • % - Minor problems with path to query rewrite rules, see below. Included in the default allow list.
  • + - Doesn't work with path to query rewrite rules, corrupted by apache. Included in the default allow list since MediaWiki 1.8.0. In some rare cases you may wish to remove + for compatibility with old links.
  • ? - Doesn't work with path to PATH_INFO rewrites. Included in the default allow list.

The last three of these punctuation problems can be avoided by using an alias, instead of a rewrite rule of either variety.

The problem with % is that when using a path to query rewrite rule, URLs are double-unescaped: once by Apache's path conversion code, and again by PHP. So %253F, for example, becomes "?". Our code does not double-escape to compensate for this, indeed double escaping would break if the double-escaped title was passed in the query string rather than the path. This is a minor security issue because articles can be created such that they are hard to view or edit.

Theoretically 0x80-0x9F of ISO 8859-1 should be disallowed, but this breaks interlanguage links and so they are included in the allowed list by default.

References

See also