Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More globals and uninitialized variables fixes. Added WebRequest ($wgRequest)

Browse source 
object to encapsulate the handling of get/post variables:

The following grab something out of $_REQUEST. The first parameter is the
variable name and is required. The second is an optional default value:

  $wgRequest->getVal() - any type, returns NULL if no default given
  $wgRequest->getInt() - forced integer, 0 default
  $wgRequest->getText() - runs through $wgLang->recodeInput()
  $wgRequest->getBool() - return true/false
  $wgRequest->getCheck() - returns true if the var is set, even if to ""

$wgRequest strips slashes at initialization if necessary.

Also in this fine object:
  $wgRequest->wasPosted() - returns false if this wasn't a real form post,
    so we can protect against faked submissions in get urls.

There's still plenty of work to do, not everything uses the new functions
yet. To test the strict mode, do define('DEBUG_GLOBALS', 1);
This commit is contained in:
Brion Vibber 2004-03-08 09:09:35 +00:00
parent 51f738ea9a
commit 014093acc4
24 changed files with 409 additions and 330 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
includes/Article.php
View file

@ -814,7 +814,7 @@ class Article {
function doDeleteArticle( $title )
{
global $wgUser, $wgOut, $wgLang, $wpReason;
global $wgUser, $wgOut, $wgLang, $wgRequest;
global $wgUseSquid, $wgDeferredUpdateList, $wgInternalServer;
$fname = "Article::doDeleteArticle";
@ -931,7 +931,7 @@ class Article {
$log = new LogPage( wfMsg( "dellogpage" ), wfMsg( "dellogpagetext" ) );
$art = $title->getPrefixedText();
$wpReason = wfCleanQueryVar( $wpReason );
$wpReason = $wgRequest->getText( "wpReason" );
$log->addEntry( wfMsg( "deletedarticle", $art ), $wpReason );
# Clear the cached article id so the interface doesn't act like we exist
@ -941,7 +941,7 @@ class Article {
function rollback()
{
global $wgUser, $wgLang, $wgOut, $from;
global $wgUser, $wgLang, $wgOut, $wgRequest;
if ( ! $wgUser->isSysop() ) {
$wgOut->sysopRequired();
@ -953,7 +953,7 @@ class Article {
}
# Enhanced rollback, marks edits rc_bot=1
$bot = !!$_REQUEST['bot'];
$bot = $wgRequest->getBool( 'bot' );
# Replace all this user's current edits with the next one down
$tt = wfStrencode( $this->mTitle->getDBKey() );
@ -972,7 +972,7 @@ class Article {
$uid = $s->cur_user;
$pid = $s->cur_id;
$from = str_replace( '_', ' ', wfCleanQueryVar( $from ) );
$from = str_replace( '_', ' ', $wgRequest->getVal( "from" ) );
if( $from != $s->cur_user_text ) {
$wgOut->setPageTitle(wfmsg("rollbackfailed"));
$wgOut->addWikiText( wfMsg( "alreadyrolled",

171
includes/EditPage.php
View file

@ -9,6 +9,13 @@ class EditPage {
var $mArticle;
var $mTitle;
# Form values
var $save = false, $preview = false;
var $minoredit = false, $watchthis = false;
var $textbox1 = "", $textbox2 = "", $summary = "";
var $edittime = "", $section = "";
var $oldid = 0;
function EditPage( $article ) {
$this->mArticle =& $article;
global $wgTitle;
@ -19,14 +26,11 @@ class EditPage {
function edit()
{
global $wgOut, $wgUser, $wgWhitelistEdit;
global $wpTextbox1, $wpSummary, $wpSave, $wpPreview;
global $wpMinoredit, $wpEdittime, $wpTextbox2;
global $wgOut, $wgUser, $wgWhitelistEdit, $wgRequest;
// this is not an article
$wgOut->setArticleFlag(false);
$fields = array( "wpTextbox1", "wpSummary", "wpTextbox2" );
wfCleanFormFields( $fields );
$this->importFormData( $wgRequest );
if ( ! $this->mTitle->userCanEdit() ) {
$wgOut->readOnlyPage( $this->mArticle->getContent(), true );
@ -41,23 +45,45 @@ class EditPage {
return;
}
if ( wfReadOnly() ) {
if( isset( $wpSave ) or isset( $wpPreview ) ) {
if( $this->save || $this->preview ) {
$this->editForm( "preview" );
} else {
$wgOut->readOnlyPage( $this->mArticle->getContent() );
}
return;
}
if ( $_SERVER['REQUEST_METHOD'] != "POST" ) unset( $wpSave );
if ( isset( $wpSave ) ) {
if( !$wgRequest->wasPosted() ) $this->save = false;
if ( $this->save ) {
$this->editForm( "save" );
} else if ( isset( $wpPreview ) ) {
} else if ( $this->preview ) {
$this->editForm( "preview" );
} else { # First time through
$this->editForm( "initial" );
}
}
function importFormData( &$request ) {
# These fields need to be checked for encoding.
# Also remove trailing whitespace, but don't remove _initial_
# whitespace from the text boxes. This may be significant formatting.
$this->textbox1 = rtrim( $request->getText( "wpTextbox1" ) );
$this->textbox2 = rtrim( $request->getText( "wpTextbox2" ) );
$this->summary = trim( $request->getText( "wpSummary" ) );
$this->edittime = $request->getVal( 'wpEdittime' );
if( !preg_match( '/^\d{14}$/', $this->edittime ) ) $this->edittime = "";
$this->save = $request->getCheck( 'wpSave' );
$this->preview = $request->getCheck( 'wpPreview' );
$this->minoredit = $request->getCheck( 'wpMinoredit' );
$this->watchthis = $request->getCheck( 'wpWatchthis' );
$this->oldid = $request->getInt( 'oldid' );
# Section edit can come from either the form or a link
$this->section = $request->getVal( 'wpSection', $request->getVal( 'section' ) );
}
# Since there is only one text field on the edit form,
# pressing <enter> will cause the form to be submitted, but
# the submit button value won't appear in the query, so we
@ -66,8 +92,7 @@ class EditPage {
function submit()
{
global $wpSave, $wpPreview;
if ( ! isset( $wpPreview ) ) { $wpSave = 1; }
if( !$this->preview ) $this->save = true;
$this->edit();
}
@ -81,18 +106,11 @@ class EditPage {
function editForm( $formtype )
{
global $wgOut, $wgUser;
global $wpTextbox1, $wpSummary, $wpWatchthis;
global $wpSave, $wpPreview;
global $wpMinoredit, $wpEdittime, $wpTextbox2, $wpSection;
global $oldid, $redirect, $section;
global $wgLang, $wgParser, $wgTitle;
global $wgAllowAnonymousMinor;
if(isset($wpSection)) { $section=$wpSection; } else { $wpSection=$section; }
$sk = $wgUser->getSkin();
$isConflict = false;
$wpTextbox1 = rtrim ( $wpTextbox1 ) ; # To avoid text getting longer on each preview
if(!$this->mTitle->getArticleID()) { # new article
$wgOut->addWikiText(wfmsg("newarticletext"));
@ -125,39 +143,40 @@ class EditPage {
$aid = $this->mTitle->getArticleID();
if ( 0 == $aid ) {
# we need to strip Windoze linebreaks because some browsers
# append them and the string comparison fails
if ( ( "" == $wpTextbox1 ) ||
( wfMsg( "newarticletext" ) == rtrim( preg_replace("/\r/","",$wpTextbox1) ) ) ) {
# Don't save a new article if it's blank.
if ( ( "" == $this->textbox1 ) ||
( wfMsg( "newarticletext" ) == $this->textbox1 ) ) {
$wgOut->redirect( $this->mTitle->getFullURL() );
return;
}
$this->mArticle->insertNewArticle( $wpTextbox1, $wpSummary, $wpMinoredit, $wpWatchthis );
$this->mArticle->insertNewArticle( $this->textbox1, $this->summary, $this->minoredit, $this->watchthis );
return;
}
# Article exists. Check for edit conflict.
# Don't check for conflict when appending a comment - this should always work
$this->mArticle->clear(); # Force reload of dates, etc.
if ( $section!="new" && ( $this->mArticle->getTimestamp() != $wpEdittime ) ) {
if( ( $this->section != "new" ) &&
( $this->mArticle->getTimestamp() != $this->edittime ) ) {
$isConflict = true;
}
$u = $wgUser->getID();
$userid = $wgUser->getID();
# Suppress edit conflict with self
if ( ( 0 != $u ) && ( $this->mArticle->getUser() == $u ) ) {
if ( ( 0 != $userid ) && ( $this->mArticle->getUser() == $userid ) ) {
$isConflict = false;
} else {
# switch from section editing to normal editing in edit conflict
# FIXME: This is confusing. In theory we should attempt to merge, finding
# the equivalent section if it's unchanged and avoid the conflict.
if($isConflict) {
$section="";$wpSection="";
$this->section = "";
}
}
if ( ! $isConflict ) {
# All's well: update the article here
if($this->mArticle->updateArticle( $wpTextbox1, $wpSummary, $wpMinoredit, $wpWatchthis, $wpSection ))
if($this->mArticle->updateArticle( $this->textbox1, $this->summary, $this->minoredit, $this->watchthis, $this->section ))
return;
else
$isConflict = true;
@ -167,9 +186,9 @@ class EditPage {
# checking, etc.
if ( "initial" == $formtype ) {
$wpEdittime = $this->mArticle->getTimestamp();
$wpTextbox1 = $this->mArticle->getContent(true);
$wpSummary = "";
$this->edittime = $this->mArticle->getTimestamp();
$this->textbox1 = $this->mArticle->getContent(true);
$this->summary = "";
}
$wgOut->setRobotpolicy( "noindex,nofollow" );
@ -181,21 +200,21 @@ class EditPage {
$wgOut->setPageTitle( $s );
$wgOut->addHTML( wfMsg( "explainconflict" ) );
$wpTextbox2 = $wpTextbox1;
$wpTextbox1 = $this->mArticle->getContent(true);
$wpEdittime = $this->mArticle->getTimestamp();
$this->textbox2 = $this->textbox1;
$this->textbox1 = $this->mArticle->getContent(true);
$this->edittime = $this->mArticle->getTimestamp();
} else {
$s = wfMsg( "editing", $this->mTitle->getPrefixedText() );
if($section!="") {
if($section=="new") {
if( $this->section != "" ) {
if( $this->section == "new" ) {
$s.=wfMsg("commentedit");
} else {
$s.=wfMsg("sectionedit");
}
}
$wgOut->setPageTitle( $s );
if ( $oldid ) {
if ( $this->oldid ) {
$this->mArticle->setOldSubtitle();
$wgOut->addHTML( wfMsg( "editingold" ) );
}
@ -211,7 +230,7 @@ class EditPage {
"</strong><br />\n" );
}
$kblength = (int)(strlen( $wpTextbox1 ) / 1024);
$kblength = (int)(strlen( $this->textbox1 ) / 1024);
if( $kblength > 29 ) {
$wgOut->addHTML( "<strong>" .
wfMsg( "longpagewarning", $kblength )
@ -226,7 +245,7 @@ class EditPage {
else $ew = "" ;
$q = "action=submit";
if ( "no" == $redirect ) { $q .= "&redirect=no"; }
#if ( "no" == $redirect ) { $q .= "&redirect=no"; }
$action = $this->mTitle->escapeLocalURL( $q );
$summary = wfMsg( "summary" );
@ -243,52 +262,47 @@ class EditPage {
$copywarn = wfMsg( "copyrightwarning", $sk->makeKnownLink(
wfMsg( "copyrightpage" ) ) );
$wpTextbox1 = wfEscapeHTML( $wpTextbox1 );
$wpTextbox2 = wfEscapeHTML( $wpTextbox2 );
$wpSummary = wfEscapeHTML( $wpSummary );
if($wgUser->getOption("showtoolbar")) {
// prepare toolbar for edit buttons
$toolbar=$sk->getEditToolbar();
}
// activate checkboxes if user wants them to be always active
if (!$wpPreview && $wgUser->getOption("watchdefault")) $wpWatchthis=1;
if (!$wpPreview && $wgUser->getOption("minordefault")) $wpMinoredit=1;
// activate checkbox also if user is already watching the page,
// require wpWatchthis to be unset so that second condition is not
// checked unnecessarily
if (!$wpWatchthis && !$wpPreview && $this->mTitle->userIsWatching()) $wpWatchthis=1;
$minoredithtml = "";
if( !$this->preview ) {
if( $wgUser->getOption( "watchdefault" ) ) $this->watchthis = true;
if( $wgUser->getOption( "minordefault" ) ) $this->minoredit = true;
// activate checkbox also if user is already watching the page,
// require wpWatchthis to be unset so that second condition is not
// checked unnecessarily
if( !$this->watchthis && $this->mTitle->userIsWatching() ) $this->watchthis = true;
}
$minoredithtml = "";
if ( 0 != $wgUser->getID() || $wgAllowAnonymousMinor ) {
$minoredithtml =
"<input tabindex=3 type=checkbox value=1 name='wpMinoredit'".($wpMinoredit?" checked":"")." id='wpMinoredit'>".
"<input tabindex='3' type='checkbox' value='1' name='wpMinoredit'".($this->minoredit?" checked":"")." id='wpMinoredit'>".
"<label for='wpMinoredit'>{$minor}</label>";
}
$watchhtml = "";
$watchhtml = "";
if ( 0 != $wgUser->getID() ) {
$watchhtml = "<input tabindex=4 type=checkbox name='wpWatchthis'".($wpWatchthis?" checked":"")." id='wpWatchthis'>".
$watchhtml = "<input tabindex='4' type='checkbox' name='wpWatchthis'".($this->watchthis?" checked":"")." id='wpWatchthis'>".
"<label for='wpWatchthis'>{$watchthis}</label>";
}
$checkboxhtml= $minoredithtml . $watchhtml . "<br>";
$checkboxhtml = $minoredithtml . $watchhtml . "<br>";
if ( "preview" == $formtype) {
$previewhead="<h2>" . wfMsg( "preview" ) . "</h2>\n<p><large><center><font color=\"#cc0000\">" .
wfMsg( "note" ) . wfMsg( "previewnote" ) . "</font></center></large><P>\n";
wfMsg( "note" ) . wfMsg( "previewnote" ) . "</font></center></large><p>\n";
if ( $isConflict ) {
$previewhead.="<h2>" . wfMsg( "previewconflict" ) .
"</h2>\n";
}
$previewtext = wfUnescapeHTML( $wpTextbox1 );
$previewtext = wfUnescapeHTML( $this->textbox1 );
$parserOptions = ParserOptions::newFromUser( $wgUser );
$parserOptions->setUseCategoryMagic( false );
@ -307,15 +321,16 @@ class EditPage {
# if this is a comment, show a subject line at the top, which is also the edit summary.
# Otherwise, show a summary field at the bottom
if($section=="new") {
$commentsubject="{$subject}: <input tabindex=1 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
$summarytext = htmlspecialchars( $wgLang->recodeForEdit( $this->summary ) ); # FIXME
if( $this->section == "new" ) {
$commentsubject="{$subject}: <input tabindex='1' type='text' value=\"$summarytext\" name=\"wpSummary\" maxlength='200' size='60'><br>";
$editsummary = "";
} else {
$commentsubject = "";
$editsummary="{$summary}: <input tabindex=3 type=text value=\"{$wpSummary}\" name=\"wpSummary\" maxlength=200 size=60><br>";
$editsummary="{$summary}: <input tabindex='3' type='text' value=\"$summarytext\" name=\"wpSummary\" maxlength='200' size='60'><br>";
}
if( $_GET["action"] == "edit" ) {
if( !$this->preview ) {
# Don't select the edit box on preview; this interferes with seeing what's going on.
$wgOut->setOnloadHandler( "document.editform.wpTextbox1.focus()" );
}
@ -324,19 +339,19 @@ class EditPage {
<form id=\"editform\" name=\"editform\" method=\"post\" action=\"$action\"
enctype=\"application/x-www-form-urlencoded\">
{$commentsubject}
<textarea tabindex=2 name=\"wpTextbox1\" rows={$rows}
cols={$cols}{$ew} wrap=\"virtual\">" .
$wgLang->recodeForEdit( $wpTextbox1 ) .
<textarea tabindex='2' name=\"wpTextbox1\" rows='{$rows}'
cols='{$cols}'{$ew} wrap=\"virtual\">" .
htmlspecialchars( $wgLang->recodeForEdit( $this->textbox1 ) ) .
"
</textarea>
<br>{$editsummary}
{$checkboxhtml}
<input tabindex=5 type=submit value=\"{$save}\" name=\"wpSave\" accesskey=\"s\">
<input tabindex=6 type=submit value=\"{$prev}\" name=\"wpPreview\" accesskey=\"p\">
<input tabindex='5' type='submit' value=\"{$save}\" name=\"wpSave\" accesskey=\"s\">
<input tabindex='6' type='submit' value=\"{$prev}\" name=\"wpPreview\" accesskey=\"p\">
<em>{$cancel}</em> | <em>{$edithelp}</em>
<br><br>{$copywarn}
<input type=hidden value=\"{$section}\" name=\"wpSection\">
<input type=hidden value=\"{$wpEdittime}\" name=\"wpEdittime\">\n" );
<input type=hidden value=\"" . htmlspecialchars( $this->section ) . "\" name=\"wpSection\">
<input type=hidden value=\"{$this->edittime}\" name=\"wpEdittime\">\n" );
if ( $isConflict ) {
$wgOut->addHTML( "<h2>" . wfMsg( "yourdiff" ) . "</h2>\n" );
@ -344,8 +359,8 @@ $wgLang->recodeForEdit( $wpTextbox1 ) .
wfMsg( "yourtext" ), wfMsg( "storedversion" ) );
$wgOut->addHTML( "<h2>" . wfMsg( "yourtext" ) . "</h2>
<textarea tabindex=6 name=\"wpTextbox2\" rows={$rows} cols={$cols} wrap=virtual>"
. $wgLang->recodeForEdit( $wpTextbox2 ) .
<textarea tabindex=6 name=\"wpTextbox2\" rows='{$rows}' cols='{$cols}' wrap='virtual'>"
. htmlspecialchars( $wgLang->recodeForEdit( $wpTextbox2 ) ) .
"
</textarea>" );
}

60
includes/GlobalFunctions.php
View file

@ -81,11 +81,11 @@ function wfLocalUrlE( $a, $q = "" )
}
function wfFullUrl( $a, $q = "" ) {
die( "Call to obsolete function wfFullUrl()" );
wfDebugDieBacktrace( "Call to obsolete function wfFullUrl(); use Title::getFullURL" );
}
function wfFullUrlE( $a, $q = "" ) {
die( "Call to obsolete function wfFullUrlE()" );
wfDebugDieBacktrace( "Call to obsolete function wfFullUrlE(); use Title::getFullUrlE" );
}
@ -283,37 +283,7 @@ function wfMsgReal( $key, $args, $useDB ) {
function wfCleanFormFields( $fields )
{
global $HTTP_POST_VARS;
global $wgInputEncoding, $wgOutputEncoding, $wgEditEncoding, $wgLang;
if ( get_magic_quotes_gpc() ) {
foreach ( $fields as $fname ) {
if ( isset( $HTTP_POST_VARS[$fname] ) ) {
$HTTP_POST_VARS[$fname] = stripslashes(
$HTTP_POST_VARS[$fname] );
}
global ${$fname};
if ( isset( ${$fname} ) ) {
${$fname} = stripslashes( ${$fname} );
}
}
}
$enc = $wgOutputEncoding;
if( $wgEditEncoding != "") $enc = $wgEditEncoding;
if ( $enc != $wgInputEncoding ) {
foreach ( $fields as $fname ) {
if ( isset( $HTTP_POST_VARS[$fname] ) ) {
$HTTP_POST_VARS[$fname] = $wgLang->iconv(
$wgOutputEncoding, $wgInputEncoding,
$HTTP_POST_VARS[$fname] );
}
global ${$fname};
if ( isset( ${$fname} ) ) {
${$fname} = $wgLang->iconv(
$enc, $wgInputEncoding, ${$fname} );
}
}
}
wfDebugDieBacktrace( "Call to obsolete wfCleanFormFields(). Use wgRequest instead..." );
}
function wfMungeQuotes( $in )
@ -334,11 +304,7 @@ function wfDemungeQuotes( $in )
function wfCleanQueryVar( $var )
{
global $wgLang;
if ( get_magic_quotes_gpc() ) {
$var = stripslashes( $var );
}
return $wgLang->recodeInput( $var );
wfDebugDieBacktrace( "Call to obsolete function wfCleanQueryVar(); use wgRequest instead" );
}
function wfSpecialPage()
@ -384,13 +350,13 @@ function wfSpecialPage()
function wfSearch( $s )
{
$se = new SearchEngine( wfCleanQueryVar( $s ) );
$se = new SearchEngine( $s );
$se->showResults();
}
function wfGo( $s )
{ # pick the nearest match
$se = new SearchEngine( wfCleanQueryVar( $s ) );
$se = new SearchEngine( $s );
$se->goResult();
}
@ -688,13 +654,9 @@ function wfClientAcceptsGzip() {
# Yay, more global functions!
function wfCheckLimits( $deflimit = 50, $optionname = "rclimit" ) {
global $wgUser;
global $wgUser, $wgRequest;
if( isset( $_REQUEST['limit'] ) ) {
$limit = IntVal( $_REQUEST['limit'] );
} else {
$limit = 0;
}
$limit = $wgRequest->getInt( 'limit', 0 );
if( $limit < 0 ) $limit = 0;
if( ( $limit == 0 ) && ( $optionname != "" ) ) {
$limit = (int)$wgUser->getOption( $optionname );
@ -702,11 +664,7 @@ function wfCheckLimits( $deflimit = 50, $optionname = "rclimit" ) {
if( $limit <= 0 ) $limit = $deflimit;
if( $limit > 5000 ) $limit = 5000; # We have *some* limits...
if( isset( $_REQUEST['offset'] ) ) {
$offset = IntVal( $_REQUEST['offset'] );
} else {
$offset = 0;
}
$offset = $wgRequest->getInt( 'offset', 0 );
if( $offset < 0 ) $offset = 0;
if( $offset > 65000 ) $offset = 65000; # do we need a max? what?

1
includes/LinksUpdate.php
View file

@ -221,6 +221,7 @@ class LinksUpdate {
function fixBrokenLinks() {
/* Update any brokenlinks *to* this page */
/* Call for a newly created page, or just to make sure state is consistent */
$fname = "LinksUpdate::fixBrokenLinks";
$sql = "SELECT bl_from FROM brokenlinks WHERE bl_to='{$this->mTitleEnc}'";
$res = wfQuery( $sql, DB_READ, $fname );

12
includes/LogPage.php
View file

@ -106,8 +106,14 @@ class LogPage {
}
$d = $wgLang->timeanddate( wfTimestampNow(), false );
preg_match( "/^(.*?)<ul>(.*)$/sD", $this->mContent, $m );
if( preg_match( "/^(.*?)<ul>(.*)$/sD", $this->mContent, $m ) ) {
$before = $m[1];
$after = $m[2];
} else {
$before = "";
$after = "";
}
if($textaction)
$this->mComment = $textaction;
else
@ -120,7 +126,7 @@ class LogPage {
# comment gets escaped again, so we use the unescaped version
$this->mComment .= ": {$comment}";
}
$this->mContent = "{$m[1]}<ul><li>{$d} {$ul} {$action}{$inline}</li>\n{$m[2]}";
$this->mContent = "{$before}<ul><li>{$d} {$ul} {$action}{$inline}</li>\n{$after}";
# TODO: automatic log rotation...

2
includes/Parser.php
View file

@ -1423,7 +1423,7 @@ class Parser
$this->mOptions = $options;
$this->mTitle = $title;
if ( $clearState ) {
$this->clearState;
$this->clearState();
}
$stripState = false;

3
includes/QueryPage.php
View file

@ -171,7 +171,8 @@ class QueryPage {
function feedUrl() {
global $wgLang;
return wfFullUrl( $wgLang->SpecialPage( $this->getName() ) );
$title = Title::MakeTitle( NS_SPECIAL, $this->getName() );
return $title->getFullURL();
}
}

3
includes/Setup.php
View file

@ -51,6 +51,9 @@ include_once( "MessageCache.php" );
include_once( "BlockCache.php" );
include_once( "Parser.php" );
include_once( "ParserCache.php" );
include_once( "WebRequest.php" );
$wgRequest = new WebRequest();
wfProfileOut( "$fname-includes" );
wfProfileIn( "$fname-memcached" );

46
includes/SpecialAsksql.php
View file

@ -2,26 +2,39 @@
function wfSpecialAsksql()
{
global $wgUser, $wgOut, $action;
global $wgUser, $wgOut, $wgRequest;
if ( ! $wgUser->isSysop() ) {
$wgOut->sysopRequired();
return;
}
$fields = array( "wpSqlQuery" );
wfCleanFormFields( $fields );
$f = new SqlQueryForm();
if( $wgRequest->wasPosted() ) {
$query = $wgRequest->getVal( 'wpSqlQuery' );
$action = $wgRequest->getVal( 'action' );
} else {
$query = "";
$action = "";
}
$f = new SqlQueryForm( $query);
if ( "submit" == $action ) { $f->doSubmit(); }
else { $f->showForm( "" ); }
if ( "submit" == $action ) {
$f->doSubmit();
} else {
$f->showForm( "" );
}
}
class SqlQueryForm {
var $query = "";
function SqlQueryForm( $query ) {
$this->query = $query;
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang;
global $wpSqlQuery;
global $wgLogQueries;
$wgOut->setPagetitle( wfMsg( "asksql" ) );
@ -33,7 +46,7 @@ class SqlQueryForm {
if ( "" != $err ) {
$wgOut->addHTML( "<p><font color='red' size='+1'>" . htmlspecialchars($err) . "</font>\n" );
}
if ( ! $wpSqlQuery ) { $wpSqlQuery = "SELECT ... FROM ... WHERE ..."; }
if ( ! $this->query ) { $this->query = "SELECT ... FROM ... WHERE ..."; }
$q = wfMsg( "sqlquery" );
$qb = wfMsg( "querybtn" );
$titleObj = Title::makeTitle( NS_SPECIAL, "Asksql" );
@ -45,7 +58,7 @@ class SqlQueryForm {
<td align=right>{$q}:</td>
<td align=left>
<textarea name=\"wpSqlQuery\" cols=80 rows=4 wrap=\"virtual\">"
. htmlspecialchars($wpSqlQuery) ."
. htmlspecialchars($this->query) ."
</textarea>
</td>
</tr><tr>
@ -59,22 +72,21 @@ class SqlQueryForm {
function doSubmit()
{
global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath, $wgLang;
global $wpSqlQuery;
global $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname, $wgSqlTimeout;
# Use a limit, folks!
$wpSqlQuery = trim( $wpSqlQuery );
if( preg_match( "/^SELECT/i", $wpSqlQuery )
and !preg_match( "/LIMIT/i", $wpSqlQuery ) ) {
$wpSqlQuery .= " LIMIT 100";
$this->query = trim( $this->query );
if( preg_match( "/^SELECT/i", $this->query )
and !preg_match( "/LIMIT/i", $this->query ) ) {
$this->query .= " LIMIT 100";
}
$conn = Database::newFromParams( $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname );
$this->logQuery( $wpSqlQuery );
$this->logQuery( $this->query );
# Start timer, will kill the DB thread in $wgSqlTimeout seconds
$conn->startTimer( $wgSqlTimeout );
$res = $conn->query( $wpSqlQuery, "SpecialAsksql::doSubmit" );
$res = $conn->query( $this->query, "SpecialAsksql::doSubmit" );
$conn->stopTimer();
$this->logFinishedQuery();

63
includes/SpecialBlockip.php
View file

@ -2,37 +2,40 @@
function wfSpecialBlockip()
{
global $wgUser, $wgOut, $action;
global $wgUser, $wgOut, $wgRequest;
if ( ! $wgUser->isSysop() ) {
$wgOut->sysopRequired();
return;
}
$fields = array( "wpBlockAddress", "wpBlockReason", "wpBlockExpiry" );
wfCleanFormFields( $fields );
$ipb = new IPBlockForm();
$action = $wgRequest->getVal( 'action' );
if ( "success" == $action ) { $ipb->showSuccess(); }
else if ( "submit" == $action ) { $ipb->doSubmit(); }
else if ( $wgRequest->wasPosted() && "submit" == $action ) { $ipb->doSubmit(); }
else { $ipb->showForm( "" ); }
}
class IPBlockForm {
var $BlockAddress, $BlockExpiry, $BlockReason;
function IPBlockForm() {
global $wgRequest;
$this->BlockAddress = $wgRequest->getVal( 'wpBlockAddress', $wgRequest->getVal( 'ip' ) );
$this->BlockReason = $wgRequest->getText( 'wpBlockReason' );
$this->BlockExpiry = $wgRequest->getVal( 'wpBlockExpiry' );
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang, $wgDefaultBlockExpiry;
global $ip, $wpBlockAddress, $wpBlockExpiry, $wpBlockReason;
global $wgRequest;
$wgOut->setPagetitle( wfMsg( "blockip" ) );
$wgOut->addWikiText( wfMsg( "blockiptext" ) );
if ( ! $wpBlockAddress ) {
$wpBlockAddress = $ip;
}
if ( is_null( $wpBlockExpiry ) || $wpBlockExpiry === "" ) {
$wpBlockExpiry = $wgDefaultBlockExpiry;
if ( is_null( $this->BlockExpiry ) || $this->BlockExpiry === "" ) {
$this->BlockExpiry = $wgDefaultBlockExpiry;
}
$mIpaddress = wfMsg( "ipaddress" );
@ -47,9 +50,9 @@ class IPBlockForm {
$wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
}
$scBlockAddress = htmlspecialchars( $wpBlockAddress );
$scBlockExpiry = htmlspecialchars( $wpBlockExpiry );
$scBlockReason = htmlspecialchars( $wpBlockReason );
$scBlockAddress = htmlspecialchars( $this->BlockAddress );
$scBlockExpiry = htmlspecialchars( $this->BlockExpiry );
$scBlockReason = htmlspecialchars( $this->BlockReason );
$wgOut->addHTML( "<p>
<form id=\"blockip\" method=\"post\" action=\"{$action}\">
@ -76,21 +79,20 @@ class IPBlockForm {
function doSubmit()
{
global $wgOut, $wgUser, $wgLang;
global $ip, $wpBlockAddress, $wpBlockReason, $wpBlockExpiry;
global $wgSysopUserBans, $wgSysopRangeBans;
$userId = 0;
$wpBlockAddress = trim( $wpBlockAddress );
$this->BlockAddress = trim( $this->BlockAddress );
$rxIP = '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';
# Check for invalid specifications
if ( ! preg_match( "/^$rxIP$/", $wpBlockAddress ) ) {
if ( preg_match( "/^($rxIP)\\/(\\d{1,2})$/", $wpBlockAddress, $matches ) ) {
if ( ! preg_match( "/^$rxIP$/", $this->BlockAddress ) ) {
if ( preg_match( "/^($rxIP)\\/(\\d{1,2})$/", $this->BlockAddress, $matches ) ) {
if ( $wgSysopRangeBans ) {
if ( $matches[2] > 31 || $matches[2] < 16 ) {
$this->showForm( wfMsg( "ip_range_invalid" ) );
}
$wpBlockAddress = Block::normaliseRange( $wpBlockAddress );
$this->BlockAddress = Block::normaliseRange( $this->BlockAddress );
} else {
# Range block illegal
$this->showForm( wfMsg( "range_block_disabled" ) );
@ -99,9 +101,9 @@ class IPBlockForm {
} else {
# Username block
if ( $wgSysopUserBans ) {
$userId = User::idFromName( $wpBlockAddress );
$userId = User::idFromName( $this->BlockAddress );
if ( $userId == 0 ) {
$this->showForm( wfMsg( "nosuchuser", htmlspecialchars( $wpBlockAddress ) ) );
$this->showForm( wfMsg( "nosuchuser", htmlspecialchars( $this->BlockAddress ) ) );
return;
}
} else {
@ -111,11 +113,11 @@ class IPBlockForm {
}
}
if ( $wpBlockExpiry == "infinite" || $wpBlockExpiry == "indefinite" ) {
if ( $this->BlockExpiry == "infinite" || $this->BlockExpiry == "indefinite" ) {
$expiry = '';
} else {
# Convert GNU-style date, returns -1 on error
$expiry = strtotime( $wpBlockExpiry );
$expiry = strtotime( $this->BlockExpiry );
if ( $expiry < 0 ) {
$this->showForm( wfMsg( "ipb_expiry_invalid" ) );
@ -127,7 +129,7 @@ class IPBlockForm {
}
if ( "" == $wpBlockReason ) {
if ( "" == $this->BlockReason ) {
$this->showForm( wfMsg( "noblockreason" ) );
return;
}
@ -135,28 +137,27 @@ class IPBlockForm {
# Create block
# Note: for a user block, ipb_address is only for display purposes
$ban = new Block( $wpBlockAddress, $userId, $wgUser->getID(),
wfStrencode( $wpBlockReason ), wfTimestampNow(), 0, $expiry );
$ban = new Block( $this->BlockAddress, $userId, $wgUser->getID(),
wfStrencode( $this->BlockReason ), wfTimestampNow(), 0, $expiry );
$ban->insert();
# Make log entry
$log = new LogPage( wfMsg( "blocklogpage" ), wfMsg( "blocklogtext" ) );
$action = wfMsg( "blocklogentry", $wpBlockAddress, $wpBlockExpiry );
$log->addEntry( $action, $wpBlockReason );
$action = wfMsg( "blocklogentry", $this->BlockAddress, $this->BlockExpiry );
$log->addEntry( $action, $this->BlockReason );
# Report to the user
$titleObj = Title::makeTitle( NS_SPECIAL, "Blockip" );
$wgOut->redirect( $titleObj->getFullURL( "action=success&ip={$wpBlockAddress}" ) );
$wgOut->redirect( $titleObj->getFullURL( "action=success&ip={$this->BlockAddress}" ) );
}
function showSuccess()
{
global $wgOut, $wgUser;
global $ip;
$wgOut->setPagetitle( wfMsg( "blockip" ) );
$wgOut->setSubtitle( wfMsg( "blockipsuccesssub" ) );
$text = wfMsg( "blockipsuccesstext", $ip );
$text = wfMsg( "blockipsuccesstext", $this->BlockAddress );
$wgOut->addWikiText( $text );
}
}

6
includes/SpecialContributions.php
View file

@ -2,14 +2,14 @@
function wfSpecialContributions( $par = "" )
{
global $wgUser, $wgOut, $wgLang, $target, $hideminor;
global $wgUser, $wgOut, $wgLang, $wgRequest;
$fname = "wfSpecialContributions";
$sysop = $wgUser->isSysop();
if( $par )
$target = $par;
else
$target = wfCleanQueryVar( $target );
$target = $wgResult->getVal( 'target' );
if ( "" == $target ) {
$wgOut->errorpage( "notargettitle", "notargettext" );
@ -20,7 +20,7 @@ function wfSpecialContributions( $par = "" )
list( $limit, $offset ) = wfCheckLimits( 50, "" );
$offlimit = $limit + $offset;
$querylimit = $offlimit + 1;
$hideminor = ($hideminor ? 1 : 0);
$hideminor = ($wgRequest->getVal( 'hideminor' ) ? 1 : 0);
$nt = Title::newFromURL( $target );
$nt->setNamespace( Namespace::getUser() );

29
includes/SpecialEmailuser.php
View file

@ -4,14 +4,15 @@ require_once('UserMailer.php');
function wfSpecialEmailuser()
{
global $wgUser, $wgOut, $action, $target;
global $wgUser, $wgOut, $wgRequest;
if ( 0 == $wgUser->getID() ||
( false === strpos( $wgUser->getEmail(), "@" ) ) ) {
$wgOut->errorpage( "mailnologin", "mailnologintext" );
return;
}
$target = wfCleanQueryVar( $target );
$action = $wgRequest->getVal( $action );
$target = $wgRequest->getVal( $target );
if ( "" == $target ) {
$wgOut->errorpage( "notargettitle", "notargettext" );
return;
@ -32,29 +33,33 @@ function wfSpecialEmailuser()
$wgOut->errorpage( "noemailtitle", "noemailtext" );
return;
}
$fields = array( "wpSubject", "wpText" );
wfCleanFormFields( $fields );
$f = new EmailUserForm( $nu->getName() . " <{$address}>" );
$f = new EmailUserForm( $nu->getName() . " <{$address}>", $target );
if ( "success" == $action ) { $f->showSuccess(); }
else if ( "submit" == $action ) { $f->doSubmit(); }
else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
else { $f->showForm( "" ); }
}
class EmailUserForm {
var $mAddress;
var $target;
var $text, $subject;
function EmailUserForm( $addr )
function EmailUserForm( $addr, $target )
{
global $wgRequest;
$this->mAddress = $addr;
$this->target = $target;
$this->text = $wgRequest->getText( 'wpText' );
$this->subject = $wgRequest->getText( 'wpSubject' );
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang;
global $wpSubject, $wpText, $target;
global $wpSubject, $wpText;
$wgOut->setPagetitle( wfMsg( "emailpage" ) );
$wgOut->addWikiText( wfMsg( "emailpagetext" ) );
@ -64,13 +69,13 @@ class EmailUserForm {
$emf = wfMsg( "emailfrom" );
$sender = $wgUser->getName();
$emt = wfMsg( "emailto" );
$rcpt = str_replace( "_", " ", urldecode( $target ) );
$rcpt = str_replace( "_", " ", $this->target );
$emr = wfMsg( "emailsubject" );
$emm = wfMsg( "emailmessage" );
$ems = wfMsg( "emailsend" );
$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
$action = $titleObj->escapeLocalURL( "target={$target}&action=submit" );
$action = $titleObj->escapeLocalURL( "target={$this->target}&action=submit" );
if ( "" != $err ) {
$wgOut->setSubtitle( wfMsg( "formerror" ) );
@ -106,7 +111,7 @@ class EmailUserForm {
function doSubmit()
{
global $wgOut, $wgUser, $wgLang, $wgOutputEncoding;
global $wpSubject, $wpText, $target;
global $wpSubject, $wpText, $this->target;
$from = wfQuotedPrintable( $wgUser->getName() ) . " <" . $wgUser->getEmail() . ">";
@ -115,7 +120,7 @@ class EmailUserForm {
if (! $mailResult)
{
$titleObj = Title::makeTitle( NS_SPECIAL, "Emailuser" );
$wgOut->redirect( $titleObj->getFullURL( "target={$target}&action=success" ) );
$wgOut->redirect( $titleObj->getFullURL( "target={$this->target}&action=success" ) );
}
else
$wgOut->addHTML( wfMsg( "usermailererror" ) . $mailResult);

9
includes/SpecialImagelist.php
View file

@ -2,11 +2,10 @@
function wfSpecialImagelist()
{
global $wgUser, $wgOut, $wgLang, $sort;
global $wpIlMatch, $wpIlSubmit;
$fields = array( 'wpIlMatch' );
wfCleanFormFields( $fields );
global $wgUser, $wgOut, $wgLang, $wgRequest;
$sort = $wgRequest->getVal( 'sort' );
$wpIlMatch = $wgRequest->getText( 'wpIlMatch' );
$sql = "SELECT img_size,img_name,img_user,img_user_text," .
"img_description,img_timestamp FROM image";

47
includes/SpecialIpblocklist.php
View file

@ -2,16 +2,17 @@
function wfSpecialIpblocklist()
{
global $wgUser, $wgOut, $action, $ip;
$fields = array( "wpUnblockAddress" );
wfCleanFormFields( $fields );
$ipu = new IPUnblockForm();
global $wgUser, $wgOut, $wgRequest, $action;
$ip = $wgRequest->getVal( 'wpUnblockAddress', $wgRequest->getVal( 'ip' ) );
$reason = $wgRequest->getText( 'wpUnblockReason' );
$ipu = new IPUnblockForm( $ip, $reason );
if ( "success" == $action ) {
$msg = wfMsg( "ipusuccess", $ip );
$ipu->showList( $msg );
} else if ( "submit" == $action ) {
} else if ( "submit" == $action && $wgRequest->wasPosted() ) {
if ( ! $wgUser->isSysop() ) {
$wgOut->sysopRequired();
return;
@ -25,19 +26,23 @@ function wfSpecialIpblocklist()
}
class IPUnblockForm {
var $ip, $reason;
function IPUnblockForm( $ip, $reason ) {
$this->ip = $ip;
$this->reason = $reason;
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang;
global $ip, $wpUnblockAddress;
$wgOut->setPagetitle( wfMsg( "unblockip" ) );
$wgOut->addWikiText( wfMsg( "unblockiptext" ) );
if ( ! $wpUnblockAddress ) { $wpUnblockAddress = $ip; }
$ipa = wfMsg( "ipaddress" );
$ipr = wfMsg( "ipbreason" );
$ipus = wfMsg( "ipusubmit" );
$ipus = htmlspecialchars( wfMsg( "ipusubmit" ) );
$titleObj = Title::makeTitle( NS_SPECIAL, "Ipblocklist" );
$action = $titleObj->escapeLocalURL( "action=submit" );
@ -45,16 +50,17 @@ class IPUnblockForm {
$wgOut->setSubtitle( wfMsg( "formerror" ) );
$wgOut->addHTML( "<p><font color='red' size='+1'>{$err}</font>\n" );
}
$wgOut->addHTML( "<p>
<form id=\"unblockip\" method=\"post\" action=\"{$action}\">
<table border=0><tr>
<td align=right>{$ipa}:</td>
<td align=left>
<input tabindex=1 type=text size=20 name=\"wpUnblockAddress\" value=\"{$wpUnblockAddress}\">
<input tabindex=1 type=text size=20 name=\"wpUnblockAddress\" value=\"" . htmlspecialchars( $this->ip ) . "\">
</td></tr><tr>
<td align=right>{$ipr}:</td>
<td align=left>
<input tabindex=1 type=text size=40 name=\"wpUnblockReason\" value=\"{$wpUnblockReason}\">
<input tabindex=1 type=text size=40 name=\"wpUnblockReason\" value=\"" . htmlspecialchars( $this->reason ) . "\">
</td></tr><tr>
<td>&nbsp;</td><td align=left>
<input tabindex=2 type=submit name=\"wpBlock\" value=\"{$ipus}\">
@ -66,15 +72,14 @@ class IPUnblockForm {
function doSubmit()
{
global $wgOut, $wgUser, $wgLang;
global $wpUnblockAddress, $wpUnblockReason;
$block = new Block();
$wpUnblockAddress = trim( $wpUnblockAddress );
$this->ip = trim( $this->ip );
if ( $wpUnblockAddress{0} == "#" ) {
$block->mId = substr( $wpUnblockAddress, 1 );
if ( $this->ip{0} == "#" ) {
$block->mId = substr( $this->ip, 1 );
} else {
$block->mAddress = $wpUnblockAddress;
$block->mAddress = $this->ip;
}
# Delete block (if it exists)
@ -83,12 +88,12 @@ class IPUnblockForm {
# Make log entry
$log = new LogPage( wfMsg( "blocklogpage" ), wfMsg( "blocklogtext" ) );
$action = wfMsg( "unblocklogentry", $wpUnblockAddress );
$log->addEntry( $action, $wpUnblockReason );
$action = wfMsg( "unblocklogentry", $this->ip );
$log->addEntry( $action, $this->reason );
# Report to the user
$titleObj = Title::makeTitle( NS_SPECIAL, "Ipblocklist" );
$success = $titleObj->getFullURL( "action=success&ip=" . urlencode($wpUnblockAddress) );
$success = $titleObj->getFullURL( "action=success&ip=" . urlencode( $this->ip ) );
$wgOut->redirect( $success );
}
@ -108,7 +113,7 @@ class IPUnblockForm {
# Callback function to output a block
function wfAddRow( $block, $tag ) {
global $wgOut, $wgUser, $wgLang, $ip;
global $wgOut, $wgUser, $wgLang;
$sk = $wgUser->getSkin();

25
includes/SpecialLockdb.php
View file

@ -2,24 +2,28 @@
function wfSpecialLockdb()
{
global $wgUser, $wgOut, $action;
global $wgUser, $wgOut, $wgRequest, $action;
if ( ! $wgUser->isDeveloper() ) {
$wgOut->developerRequired();
return;
}
$fields = array( "wpLockReason" );
wfCleanFormFields( $fields );
$f = new DBLockForm();
if ( "success" == $action ) { $f->showSuccess(); }
else if ( "submit" == $action ) { $f->doSubmit(); }
else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
else { $f->showForm( "" ); }
}
class DBLockForm {
var $reason = "";
function DBLockForm() {
global $wgRequest;
$this->reason = $wgRequest->getText( 'wpLockReason' );
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang;
@ -58,10 +62,10 @@ class DBLockForm {
function doSubmit()
{
global $wgOut, $wgUser, $wgLang;
global $wpLockConfirm, $wpLockReason, $wgReadOnlyFile;
global $wgOut, $wgUser, $wgLang, $wgRequest;
global $wgReadOnlyFile;
if ( ! $wpLockConfirm ) {
if ( ! $wgRequest->getCheck( 'wpLockConfirm' ) ) {
$this->showForm( wfMsg( "locknoconfirm" ) );
return;
}
@ -71,7 +75,7 @@ class DBLockForm {
$wgOut->fileNotFoundError( $wgReadOnlyFile );
return;
}
fwrite( $fp, $wpLockReason );
fwrite( $fp, $this->reason );
fwrite( $fp, "\n<p>(by " . $wgUser->getName() . " at " .
$wgLang->timeanddate( wfTimestampNow() ) . ")\n" );
fclose( $fp );
@ -83,11 +87,10 @@ class DBLockForm {
function showSuccess()
{
global $wgOut, $wgUser;
global $ip;
$wgOut->setPagetitle( wfMsg( "lockdb" ) );
$wgOut->setSubtitle( wfMsg( "lockdbsuccesssub" ) );
$wgOut->addWikiText( wfMsg( "lockdbsuccesstext", $ip ) );
$wgOut->addWikiText( wfMsg( "lockdbsuccesstext" ) );
}
}

43
includes/SpecialMovepage.php
View file

@ -3,7 +3,7 @@ include_once( "LinksUpdate.php" );
function wfSpecialMovepage()
{
global $wgUser, $wgOut;
global $wgUser, $wgOut, $wgRequest, $action;
if ( 0 == $wgUser->getID() or $wgUser->isBlocked() ) {
$wgOut->errorpage( "movenologin", "movenologintext" );
@ -13,18 +13,17 @@ function wfSpecialMovepage()
$wgOut->readOnlyPage();
return;
}
$fields = array( "wpNewTitle", "wpOldTitle" );
wfCleanFormFields( $fields );
$f = new MovePageForm();
if ( "success" == $_REQUEST['action'] ) { $f->showSuccess(); }
else if ( "submit" == $_REQUEST['action'] ) { $f->doSubmit(); }
if ( "success" == $action ) { $f->showSuccess(); }
else if ( "submit" == $action && $wgRequest->wasPosted() ) { $f->doSubmit(); }
else { $f->showForm( "" ); }
}
class MovePageForm {
var $oldTitle, $newTitle; # Text input
var $ot, $nt; # Old, new Title objects
var $ons, $nns; # Namespaces
var $odt, $ndt; # Pagenames (dbkey form)
@ -33,30 +32,32 @@ class MovePageForm {
var $oldid, $newid; # "cur_id" field (yes, both from "cur")
var $talkmoved = 0;
function MovePageForm() {
global $wgRequest;
$this->oldTitle = $wgRequest->getText( 'wpOldTitle', $wgRequest->getVal( 'target' ) );
$this->newTitle = $wgRequest->getText( 'wpNewTitle' );
}
function showForm( $err )
{
global $wgOut, $wgUser, $wgLang;
$wgOut->setPagetitle( wfMsg( "movepage" ) );
if ( ! $_REQUEST['wpOldTitle'] ) {
if ( "" == $_REQUEST['target'] ) {
$wgOut->errorpage( "notargettitle", "notargettext" );
return;
}
$oldTitle = htmlspecialchars( $_REQUEST['target'] );
} else {
$oldTitle = htmlspecialchars( $_REQUEST['wpOldTitle'] );
if ( empty( $this->oldTitle ) ) {
$wgOut->errorpage( "notargettitle", "notargettext" );
return;
}
$encOldTitle = htmlspecialchars( $oldTitle );
$encNewTitle = htmlspecialchars( $_REQUEST['wpNewTitle'] );
$ot = Title::newFromURL( $oldTitle );
$encOldTitle = htmlspecialchars( $this->oldTitle );
$encNewTitle = htmlspecialchars( $this->newTitle );
$ot = Title::newFromURL( $this->oldTitle );
$ott = $ot->getPrefixedText();
$wgOut->addWikiText( wfMsg( "movepagetext" ) );
if ( ! Namespace::isTalk( $ot->getNamespace() ) )
if ( ! Namespace::isTalk( $ot->getNamespace() ) ) {
$wgOut->addWikiText( "\n\n" . wfMsg( "movepagetalktext" ) );
}
$ma = wfMsg( "movearticle" );
$newt = wfMsg( "newtitle" );
@ -107,8 +108,8 @@ class MovePageForm {
global $wgUseSquid, $wgInternalServer;
$fname = "MovePageForm::doSubmit";
$this->ot = Title::newFromText( $_REQUEST['wpOldTitle'] );
$this->nt = Title::newFromText( $_REQUEST['wpNewTitle'] );
$this->ot = Title::newFromText( $this->oldTitle );
$this->nt = Title::newFromText( $this->newTitle );
if( !$this->ot or !$this->nt ) {
$this->showForm( wfMsg( "badtitletext" ) );
return;
@ -134,7 +135,7 @@ class MovePageForm {
( "" != $this->ot->getInterwiki() ) ||
( !$this->ot->userCanEdit() ) ||
( !$this->oldid ) ||
( ! Namespace::isMovable( $nns ) ) ||
( ! Namespace::isMovable( $this->nns ) ) ||
( "" == $this->ndt ) ||
( "" != $this->nt->getInterwiki() ) ||
( !$this->nt->userCanEdit() ) ||

6
includes/SpecialNewpages.php
View file

@ -13,7 +13,7 @@ class NewPagesPage extends QueryPage {
}
function getSQL( $offset, $limit ) {
return "SELECT rc_title AS cur_title,rc_user AS cur_user,rc_user_text AS cur_user_text,rc_comment as cur_comment," .
return "SELECT rc_namespace AS cur_namespace, rc_title AS cur_title,rc_user AS cur_user,rc_user_text AS cur_user_text,rc_comment as cur_comment," .
"rc_timestamp AS cur_timestamp,length(cur_text) as cur_length FROM recentchanges,cur " .
"WHERE rc_cur_id=cur_id AND rc_new=1 AND rc_namespace=0 AND cur_is_redirect=0 " .
"ORDER BY rc_timestamp DESC LIMIT {$offset}, {$limit}";
@ -49,12 +49,12 @@ class NewPagesPage extends QueryPage {
function wfSpecialNewpages()
{
global $wgRequest;
list( $limit, $offset ) = wfCheckLimits();
$npp = new NewPagesPage();
if( !$npp->doFeed( $_GET["feed"] ) ) {
if( !$npp->doFeed( $wgRequest->getVal( 'feed' ) ) ) {
$npp->doQuery( $offset, $limit );
}
}

12
includes/SpecialPreferences.php
View file

@ -3,11 +3,15 @@
function wfSpecialPreferences()
{
global $wgUser, $wgOut, $wgUseDynamicDates, $action;
global $wpSaveprefs, $wpReset;
global $wpSaveprefs, $wpReset, $wgRequest;
$fields = array( "wpOldpass", "wpNewpass", "wpRetypePass",
"wpUserEmail", "wpNick" );
wfCleanFormFields( $fields );
# EWWWWWW temp hack
global $wpOldpass, $wpNewpass, $wpRetypePass, $wpNick, $wpUserEmail;
$wpOldpass = $wgRequest->getText( 'wpOldpass' );
$wpNewpass = $wgRequest->getText( 'wpNewpass' );
$wpRetypePass = $wgRequest->getText( 'wpRetypePass' );
$wpNick = $wgRequest->getText( 'wpNick' );
$wpUserEmail = $wgRequest->getVal( 'wpUserEmail' );
if ( 0 == $wgUser->getID() ) {
$wgOut->errorpage( "prefsnologin", "prefsnologintext" );

6
includes/SpecialUpload.php
View file

@ -4,9 +4,6 @@ function wfSpecialUpload()
{
global $wgUser, $wgOut, $wpUpload, $wpReUpload, $action;
global $wgDisableUploads;
$fields = array( "wpUploadFile", "wpUploadDescription" );
wfCleanFormFields( $fields );
if ( $wgDisableUploads ) {
$wgOut->addWikiText( wfMsg( "uploaddisabled" ) );
@ -60,8 +57,7 @@ function processUpload()
$wpUploadSize = $HTTP_POST_FILES['wpUploadFile']['size'];
}
$prev = error_reporting( E_ALL & ~( E_NOTICE | E_WARNING ) );
$oname = wfCleanQueryVar( $HTTP_POST_FILES['wpUploadFile']['name'] );
if ( $wpUploadSaveName != "" ) $wpUploadSaveName = wfCleanQueryVar( $wpUploadSaveName );
$oname = $wgRequest->getVal( $HTTP_POST_FILES['wpUploadFile'], 'name' );
error_reporting( $prev );
if ( "" != $oname ) {

7
includes/SpecialUserlogin.php
View file

@ -10,8 +10,11 @@ function wfSpecialUserlogin()
}
$fields = array( "wpName", "wpPassword", "wpName",
"wpPassword", "wpRetype", "wpEmail" );
wfCleanFormFields( $fields );
"wpPassword", "wpRetype" );
# FIXME: UGLY HACK
foreach( $fields as $x ) {
$_REQUEST[$x] = $wgRequest->getText( $x );
}
# When switching accounts, it sucks to get automatically logged out
global $wgLang;

3
includes/Title.php
View file

@ -100,12 +100,13 @@ class Title {
# For links that came from outside, check for alternate/legacy
# character encoding.
wfDebug( "Refer: {$_SERVER['HTTP_REFERER']}\n" );
wfDebug( "Servr: $wgServer\n" );
if( empty( $_SERVER["HTTP_REFERER"] ) ||
strncmp($wgServer, $_SERVER["HTTP_REFERER"], strlen( $wgServer ) ) )
{
$s = $wgLang->checkTitleEncoding( $s );
} else {
wfDebug( "Refer: {$_SERVER['HTTP_REFERER']}\n" );
}
$t->mDbkeyform = str_replace( " ", "_", $s );

1
includes/WatchedItem.php
View file

@ -59,6 +59,7 @@ class WatchedItem {
}
/* static */ function duplicateEntries( $ot, $nt ) {
$fname = "WatchedItem::duplicateEntries";
global $wgMemc, $wgDBname;
$oldnamespace = $ot->getNamespace() & ~1;
$newnamespace = $nt->getNamespace() & ~1;

106
includes/WebRequest.php Normal file
View file

@ -0,0 +1,106 @@
<?php
# Hypothetically, we could use a WebRequest object to fake a
# self-contained request.
## Enable this to debug total elimination of register_globals
#define( "DEBUG_GLOBALS", 1 );
# Deal with importing all those nasssty globals and things
class WebRequest {
function WebRequest() {
if( defined('DEBUG_GLOBALS') ) error_reporting(E_ALL);
$this->checkMagicQuotes();
$this->checkRegisterGlobals();
}
function &fix_magic_quotes( &$arr ) {
foreach( $arr as $key => $val ) {
if( is_array( $val ) ) {
$this->fix_magic_quotes( $arr[$key] );
} else {
$arr[$key] = stripslashes( $val );
}
}
return $arr;
}
function checkMagicQuotes() {
if ( get_magic_quotes_gpc() ) {
$this->fix_magic_quotes( $_COOKIE );
$this->fix_magic_quotes( $_ENV );
$this->fix_magic_quotes( $_GET );
$this->fix_magic_quotes( $_POST );
$this->fix_magic_quotes( $_REQUEST );
$this->fix_magic_quotes( $_SERVER );
} elseif( defined('DEBUG_GLOBALS') ) {
die("DEBUG_GLOBALS: turn on magic_quotes_gpc" );
}
}
function checkRegisterGlobals() {
if( ini_get( "register_globals" ) ) {
if( defined( "DEBUG_GLOBALS" ) ) {
die( "DEBUG_GLOBALS: Turn register_globals off!" );
}
} else {
if( !defined( "DEBUG_GLOBALS" ) ) {
# Insecure, but at least it'll run
import_request_variables( "GPC" );
}
}
}
function getGPCVal( &$arr, $name, $default ) {
if( isset( $arr[$name] ) ) {
return $arr[$name];
} else {
return $default;
}
}
function getGPCText( &$arr, $name, $default ) {
# Text fields may be in an alternate encoding which we should check.
# Also, strip CRLF line endings down to LF to achieve consistency.
global $wgLang;
if( isset( $arr[$name] ) ) {
return str_replace( "\r\n", "\n", $wgLang->recodeInput( $arr[$name] ) );
} else {
return $default;
}
}
function getVal( $name, $default = NULL ) {
return $this->getGPCVal( $_REQUEST, $name, $default );
}
function getInt( $name, $default = 0 ) {
return IntVal( $this->getVal( $name, $default ) );
}
function getBool( $name, $default = false ) {
return $this->getVal( $name, $default ) ? true : false;
}
function getCheck( $name ) {
# Checkboxes and buttons are only present when clicked
# Presence connotes truth, abscense false
$val = $this->getVal( $name, NULL );
return isset( $val );
}
function getText( $name, $default = "" ) {
return $this->getGPCText( $_REQUEST, $name, $default );
}
function wasPosted() {
return $_SERVER['REQUEST_METHOD'] == 'POST';
}
function checkSessionCookie() {
return isset( $_COOKIE[ini_get("session.name")] );
}
}
?>

68
index.php
View file

@ -3,42 +3,6 @@
#
$wgRequestTime = microtime();
## Enable this to debug total elimination of register_globals
#define( "DEBUG_GLOBALS", 1 );
if( defined('DEBUG_GLOBALS') ) error_reporting(E_ALL);
function &fix_magic_quotes( &$arr ) {
foreach( $arr as $key => $val ) {
if( is_array( $val ) ) {
fix_magic_quotes( $arr[$key] );
} else {
$arr[$key] = stripslashes( $val );
}
}
return $arr;
}
if ( get_magic_quotes_gpc() ) {
fix_magic_quotes( $_COOKIE );
fix_magic_quotes( $_ENV );
fix_magic_quotes( $_GET );
fix_magic_quotes( $_POST );
fix_magic_quotes( $_REQUEST );
fix_magic_quotes( $_SERVER );
} elseif( defined('DEBUG_GLOBALS') ) {
die("DEBUG_GLOBALS: turn on magic_quotes_gpc" );
}
if( defined('DEBUG_GLOBALS') ) {
if( ini_get( "register_globals" ) ) {
die( "DEBUG_GLOBALS: turn off register_globals" );
}
} elseif( !ini_get( "register_globals" ) ) {
# Insecure, but at least it'll run
import_request_variables( "GPC" );
}
unset( $IP );
ini_set( "allow_url_fopen", 0 ); # For security...
if(!file_exists("LocalSettings.php")) {
@ -60,18 +24,12 @@ wfProfileIn( "main-misc-setup" );
OutputPage::setEncodings(); # Not really used yet
# Query string fields
if( empty( $_REQUEST['action'] ) ) {
$action = "view";
} else {
$action = $_REQUEST['action'];
}
$action = $wgRequest->getVal( "action", "view" );
if( isset( $_SERVER['PATH_INFO'] ) ) {
$title = substr( $_SERVER['PATH_INFO'], 1 );
} elseif( !empty( $_REQUEST['title'] ) ) {
$title = $_REQUEST['title'];
} else {
$title = "";
$title = $wgRequest->getVal( "title" );
}
# Placeholders in case of DB error
@ -80,15 +38,15 @@ $wgArticle = new Article($wgTitle);
$action = strtolower( trim( $action ) );
if ( "" == $action ) { $action = "view"; }
if ( !empty( $_REQUEST['printable'] ) && $_REQUEST['printable'] == "yes") {
if ($wgRequest->getVal( "printable" ) == "yes") {
$wgOut->setPrintable();
}
if ( "" == $title && "delete" != $action ) {
$wgTitle = Title::newFromText( wfMsg( "mainpage" ) );
} elseif ( !empty( $_REQUEST['curid'] ) ) {
} elseif ( $curid = $wgRequest->getInt( 'curid' ) ) {
# URLs like this are generated by RC, because rc_title isn't always accurate
$wgTitle = Title::newFromID( $_REQUEST['curid'] );
$wgTitle = Title::newFromID( $curid );
} else {
$wgTitle = Title::newFromURL( $title );
}
@ -104,27 +62,27 @@ if ( !$wgUser->getID() && is_array( $wgWhitelistRead ) && $wgTitle) {
}
}
if ( !empty( $_REQUEST['search'] ) ) {
if( isset($_REQUEST['fulltext']) ) {
wfSearch( $_REQUEST['search'] );
if ( $search = $wgRequest->getText( 'search' ) ) {
if( $wgRequest->getVal( 'fulltext' ) ) {
wfSearch( $search );
} else {
wfGo( $_REQUEST['search'] );
wfGo( $search );
}
} else if( !$wgTitle or $wgTitle->getInterwiki() != "" or $wgTitle->getDBkey() == "" ) {
$wgTitle = Title::newFromText( wfMsg( "badtitle" ) );
$wgOut->errorpage( "badtitle", "badtitletext" );
} else if ( ( $action == "view" ) && $wgTitle->getPrefixedDBKey() != $title ) {
/* redirect to canonical url, make it a 301 to allow caching */
$wgOut->redirect( wfLocalUrl( $wgTitle->getPrefixedURL() ), '301');
$wgOut->redirect( $wgTitle->getFullURL(), '301');
} else if ( Namespace::getSpecial() == $wgTitle->getNamespace() ) {
wfSpecialPage();
} else {
if ( Namespace::getMedia() == $wgTitle->getNamespace() ) {
$wgTitle = Title::makeTitle( Namespace::getImage(), $wgTitle->getDBkey() );
}
}
switch( $wgTitle->getNamespace() ) {
case 6:
case NS_IMAGE:
include_once( "ImagePage.php" );
$wgArticle = new ImagePage( $wgTitle );
break;
@ -149,7 +107,7 @@ if ( !empty( $_REQUEST['search'] ) ) {
break;
case "edit":
case "submit":
if( !$wgCommandLineMode && !isset( $_COOKIE[ini_get("session.name")] ) ) {
if( !$wgCommandLineMode && !$wgRequest->checkSessionCookie() ) {
User::SetupSession();
}
include_once( "EditPage.php" );