wiki.techinc.nl/includes/resourceloader/ResourceLoaderUserCSSPrefsModule.php

<?php
/**
 * Resource loader module for user preference customizations.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @author Trevor Parscal
 * @author Roan Kattouw
 */

/**
 * Module for user preference customizations
 */
class ResourceLoaderUserCSSPrefsModule extends ResourceLoaderModule {

	/* Protected Members */

	protected $modifiedTime = array();

	protected $origin = self::ORIGIN_CORE_INDIVIDUAL;

	/* Methods */

	/**
	 * @param $context ResourceLoaderContext
	 * @return array|int|Mixed
	 */
	public function getModifiedTime( ResourceLoaderContext $context ) {
		$hash = $context->getHash();
		if ( isset( $this->modifiedTime[$hash] ) ) {
			return $this->modifiedTime[$hash];
		}

		global $wgUser;
		return $this->modifiedTime[$hash] = wfTimestamp( TS_UNIX, $wgUser->getTouched() );
	}

	/**
	 * @param $context ResourceLoaderContext
	 * @return array
	 */
	public function getStyles( ResourceLoaderContext $context ) {
		global $wgAllowUserCssPrefs, $wgUser;

		if ( !$wgAllowUserCssPrefs ) {
			return array();
		}

		$options = $wgUser->getOptions();

		// Build CSS rules
		$rules = array();

		// Underline: 2 = browser default, 1 = always, 0 = never
		if ( $options['underline'] < 2 ) {
			$rules[] = "a { text-decoration: " .
				( $options['underline'] ? 'underline' : 'none' ) . "; }";
		} else {
			# The scripts of these languages are very hard to read with underlines
			$rules[] = 'a:lang(ar), a:lang(ckb), a:lang(kk-arab), ' .
			'a:lang(mzn), a:lang(ps), a:lang(ur) { text-decoration: none; }';
		}
		if ( $options['justify'] ) {
			$rules[] = "#article, #bodyContent, #mw_content { text-align: justify; }\n";
		}
		if ( !$options['showtoc'] ) {
			$rules[] = "#toc { display: none; }\n";
		}
		if ( !$options['editsection'] ) {
			$rules[] = ".mw-editsection { display: none; }\n";
		}
		if ( $options['editfont'] !== 'default' ) {
			// Double-check that $options['editfont'] consists of safe characters only
			if ( preg_match( '/^[a-zA-Z0-9_, -]+$/', $options['editfont'] ) ) {
				$rules[] = "textarea { font-family: {$options['editfont']}; }\n";
			}
		}
		$style = implode( "\n", $rules );
		if ( $this->getFlip( $context ) ) {
			$style = CSSJanus::transform( $style, true, false );
		}
		return array( 'all' => $style );
	}

	/**
	 * @return string
	 */
	public function getGroup() {
		return 'private';
	}

	/**
	 * @return array
	 */
	public function getDependencies() {
		return array( 'mediawiki.user' );
	}
}
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`<?php`
			`/**`
Added missing GPLv2 headers in some places. Also made file/class documentation more consistent. Change-Id: I1815587ab2eeb24623ce4bf1c695088bd3f1c2ea 2012-04-30 07:16:10 +00:00			`* Resource loader module for user preference customizations.`
			`*`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License along`
			`* with this program; if not, write to the Free Software Foundation, Inc.,`
			`* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`* http://www.gnu.org/copyleft/gpl.html`
			`*`
			`* @file`
			`* @author Trevor Parscal`
			`* @author Roan Kattouw`
			`*/`

			`/**`
			`* Module for user preference customizations`
			`*/`
			`class ResourceLoaderUserCSSPrefsModule extends ResourceLoaderModule {`

			`/* Protected Members */`

			`protected $modifiedTime = array();`

			`protected $origin = self::ORIGIN_CORE_INDIVIDUAL;`

			`/* Methods */`

			`/**`
			`* @param $context ResourceLoaderContext`
			`* @return array\|int\|Mixed`
			`*/`
			`public function getModifiedTime( ResourceLoaderContext $context ) {`
			`$hash = $context->getHash();`
			`if ( isset( $this->modifiedTime[$hash] ) ) {`
			`return $this->modifiedTime[$hash];`
			`}`

			`global $wgUser;`
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token parameter present * (bug 35317) CSRF in Special:Upload Revert r56793, which removed the CSRF check for Special:Upload for normal file uploads. Cross-site posting of file uploads without user interaction has been possible since at least as early as Chrome 8 (late 2010) and Firefox 6 (mid 2011). Commonist has used api.php since version 0.4.0 (April 2010), and the API already requires an edit token, so Commonist 0.4.0+ is not affected by this change. * (bug 34907) Fix for CSRF vulnerability due to mw.user.tokens. Patch by Roan Kattouw and Tim Starling. * Filter out private modules early in ResourceLoader::makeResponse() and just pretend they weren't specified. This means these modules cannot be loaded through load.php . This filtering must not happen in makeModuleResponse(), because that would break inlining. * Force inlining of private modules in OutputPage::makeResourceLoaderLink(), disregarding $wgResourceLoaderInlinePrivateModules * Remove $wgResourceLoaderInlinePrivateModules * Remove special treatment of private modules ($private) in ResourceLoader::makeResponse() and sendResponseHeaders(), because we're not allowing private modules to be loaded through here any more * Remove identity checks in ResourceLoaderUserOptionsModule and ResourceLoaderUserCSSPrefsModule, they didn't make a lot of sense before but they're certainly useless now. * Factored out error comment construction in ResourceLoader.php and stripped comment terminations from exception messages. I didn't find an XSS vulnerability but it looked scary. Patchset2: Removes whitespace error that prevented automatic merge by Gerrit: includes/resourceloader/ResourceLoaderUserOptionsModule.php Change-Id: I2dec8b8caf9db3c64919763865cc10cccdd6a1a3 2012-03-22 19:52:37 +00:00			`return $this->modifiedTime[$hash] = wfTimestamp( TS_UNIX, $wgUser->getTouched() );`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`}`
Remove a bunch of trailing spaces and unneeded newlines Change-Id: I7db616db8c969567d420c0161fa207b366e292b6 2012-10-19 20:03:05 +00:00
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`/**`
			`* @param $context ResourceLoaderContext`
			`* @return array`
			`*/`
			`public function getStyles( ResourceLoaderContext $context ) {`
* (bug 34212) ApiBlock/ApiUnblock allow action to take place without a token parameter present * (bug 35317) CSRF in Special:Upload Revert r56793, which removed the CSRF check for Special:Upload for normal file uploads. Cross-site posting of file uploads without user interaction has been possible since at least as early as Chrome 8 (late 2010) and Firefox 6 (mid 2011). Commonist has used api.php since version 0.4.0 (April 2010), and the API already requires an edit token, so Commonist 0.4.0+ is not affected by this change. * (bug 34907) Fix for CSRF vulnerability due to mw.user.tokens. Patch by Roan Kattouw and Tim Starling. * Filter out private modules early in ResourceLoader::makeResponse() and just pretend they weren't specified. This means these modules cannot be loaded through load.php . This filtering must not happen in makeModuleResponse(), because that would break inlining. * Force inlining of private modules in OutputPage::makeResourceLoaderLink(), disregarding $wgResourceLoaderInlinePrivateModules * Remove $wgResourceLoaderInlinePrivateModules * Remove special treatment of private modules ($private) in ResourceLoader::makeResponse() and sendResponseHeaders(), because we're not allowing private modules to be loaded through here any more * Remove identity checks in ResourceLoaderUserOptionsModule and ResourceLoaderUserCSSPrefsModule, they didn't make a lot of sense before but they're certainly useless now. * Factored out error comment construction in ResourceLoader.php and stripped comment terminations from exception messages. I didn't find an XSS vulnerability but it looked scary. Patchset2: Removes whitespace error that prevented automatic merge by Gerrit: includes/resourceloader/ResourceLoaderUserOptionsModule.php Change-Id: I2dec8b8caf9db3c64919763865cc10cccdd6a1a3 2012-03-22 19:52:37 +00:00			`global $wgAllowUserCssPrefs, $wgUser;`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`if ( !$wgAllowUserCssPrefs ) {`
			`return array();`
			`}`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`$options = $wgUser->getOptions();`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`// Build CSS rules`
			`$rules = array();`

			`// Underline: 2 = browser default, 1 = always, 0 = never`
			`if ( $options['underline'] < 2 ) {`
			`$rules[] = "a { text-decoration: " .`
			`( $options['underline'] ? 'underline' : 'none' ) . "; }";`
			`} else {`
			`# The scripts of these languages are very hard to read with underlines`
Remove Persian from link underlining removal There was a discussion [1] on this on Persian Wikipedia and users don't want it actually. It is such an UI inconsistency and detecting links based on their color is hard. It may have problem on Amiri font but not on System default font and Persian Wikipedia fonts. [1] https://fa.wikipedia.org/wiki/MediaWiki:Common.css?oldid=10552148 Change-Id: I8168baff1b9e64d0c79dcd7a896b9cbeeed0b266 2013-07-24 14:47:29 +00:00			`$rules[] = 'a:lang(ar), a:lang(ckb), a:lang(kk-arab), ' .`
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`'a:lang(mzn), a:lang(ps), a:lang(ur) { text-decoration: none; }';`
			`}`
			`if ( $options['justify'] ) {`
			`$rules[] = "#article, #bodyContent, #mw_content { text-align: justify; }\n";`
			`}`
			`if ( !$options['showtoc'] ) {`
			`$rules[] = "#toc { display: none; }\n";`
			`}`
			`if ( !$options['editsection'] ) {`
Remove all uses of obsolete .editsection class Cleanup after I6a6c12a9. To be merged after appropriate caches are purged. Change-Id: I4950496e584735a3ceeb0e1c4123dfe6597f2ae1 2013-04-26 21:48:29 +00:00			`$rules[] = ".mw-editsection { display: none; }\n";`
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`}`
			`if ( $options['editfont'] !== 'default' ) {`
			`// Double-check that $options['editfont'] consists of safe characters only`
			`if ( preg_match( '/^[a-zA-Z0-9_, -]+$/', $options['editfont'] ) ) {`
			`$rules[] = "textarea { font-family: {$options['editfont']}; }\n";`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`}`
			`}`
ResourceLoader: Honor $wgAllow* settings in site/user modules Bug: 46858 Change-Id: I17b3a2c1df5d52458f92c715242003b34111432c 2013-04-03 20:50:08 +00:00			`$style = implode( "\n", $rules );`
			`if ( $this->getFlip( $context ) ) {`
			`$style = CSSJanus::transform( $style, true, false );`
			`}`
			`return array( 'all' => $style );`
(bug 34289) user.options CSS loaded twice. Fixed by splitting off the CSS part of user.options into a separate module (user.cssprefs), as per the fixme comment added in r93363. No RELEASE-NOTEs because this is a regression fix that I'm gonna tag for backporting to 1.19 2012-02-09 11:04:24 +00:00			`}`

			`/**`
			`* @return string`
			`*/`
			`public function getGroup() {`
			`return 'private';`
			`}`

			`/**`
			`* @return array`
			`*/`
			`public function getDependencies() {`
			`return array( 'mediawiki.user' );`
			`}`
			`}`