r107877 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r107876‎ | r107877 | r107878 >
Date:11:05, 3 January 2012
Author:toniher
Status:deferred (Comments)
Tags:
Comment:
code for restricting by NS
Modified paths:
  • /trunk/extensions/UserFunctions/UserFunctions.php (modified) (history)

Diff [purge]

Index: trunk/extensions/UserFunctions/UserFunctions.php
@@ -31,11 +31,17 @@
3232 **/
3333 $wgUFEnablePersonalDataFunctions = false;
3434
 35+/** Restrict to certain namespaces **/
 36+$wgUFAllowedNamespaces = array(
 37+ NS_MEDIAWIKI => true
 38+);
 39+
 40+
3541 $wgExtensionFunctions[] = 'wfSetupUserFunctions';
3642 $wgExtensionCredits['parserhook'][] = array(
3743 'path' => __FILE__,
3844 'name' => 'UserFunctions',
39 - 'version' => '2.1.1',
 45+ 'version' => '2.2',
4046 'url' => 'https://www.mediawiki.org/wiki/Extension:UserFunctions',
4147 'author' => array( 'Algorithm ', 'Toniher', 'Kghbln', 'Wikinaut', '...' ),
4248 'descriptionmsg' => 'userfunctions-desc',
@@ -61,28 +67,49 @@
6268 */
6369 class UserFunctions_HookStub {
6470 var $realObj;
 71+ var $cur_ns;
6572
6673 /**
6774 * @param $parser Parser
6875 * @return bool
6976 */
7077 function registerParser( &$parser ) {
71 - global $wgUFEnablePersonalDataFunctions;
 78+ global $wgUFEnablePersonalDataFunctions, $wgUFAllowedNamespaces;
7279
73 - // These functions accept DOM-style arguments
74 - $parser->setFunctionHook( 'ifanon', array( &$this, 'ifanonObj' ), SFH_OBJECT_ARGS );
75 - $parser->setFunctionHook( 'ifblocked', array( &$this, 'ifblockedObj' ), SFH_OBJECT_ARGS );
76 - $parser->setFunctionHook( 'ifsysop', array( &$this, 'ifsysopObj' ), SFH_OBJECT_ARGS );
77 - $parser->setFunctionHook( 'ifingroup', array( &$this, 'ifingroupObj' ), SFH_OBJECT_ARGS );
 80+ // Depending on MW version
 81+ if (class_exists("RequestContext")) {
 82+ $cur_ns = RequestContext::getMain()->getTitle()->getNamespace();
 83+ } else {
 84+ global $wgTitle;
 85+ $cur_ns = $wgTitle->getNamespace();
 86+ }
7887
79 - if ($wgUFEnablePersonalDataFunctions) {
80 - $parser->setFunctionHook( 'realname', array( &$this, 'realname' ) );
81 - $parser->setFunctionHook( 'username', array( &$this, 'username' ) );
82 - $parser->setFunctionHook( 'useremail', array( &$this, 'useremail' ) );
83 - $parser->setFunctionHook( 'nickname', array( &$this, 'nickname' ) );
84 - $parser->setFunctionHook( 'ip', array( &$this, 'ip' ) );
 88+ $process = false;
 89+
 90+ // Check if current page NS is in the allowed list
 91+ if (isset($wgUFAllowedNamespaces[$cur_ns])) {
 92+ if ($wgUFAllowedNamespaces[$cur_ns]) {
 93+ $process = true;
 94+ }
8595 }
8696
 97+ if ($process) {
 98+ // These functions accept DOM-style arguments
 99+ $parser->setFunctionHook( 'ifanon', array( &$this, 'ifanonObj' ), SFH_OBJECT_ARGS );
 100+ $parser->setFunctionHook( 'ifblocked', array( &$this, 'ifblockedObj' ), SFH_OBJECT_ARGS );
 101+ $parser->setFunctionHook( 'ifsysop', array( &$this, 'ifsysopObj' ), SFH_OBJECT_ARGS );
 102+ $parser->setFunctionHook( 'ifingroup', array( &$this, 'ifingroupObj' ), SFH_OBJECT_ARGS );
 103+
 104+ if ($wgUFEnablePersonalDataFunctions) {
 105+ $parser->setFunctionHook( 'realname', array( &$this, 'realname' ) );
 106+ $parser->setFunctionHook( 'username', array( &$this, 'username' ) );
 107+ $parser->setFunctionHook( 'useremail', array( &$this, 'useremail' ) );
 108+ $parser->setFunctionHook( 'nickname', array( &$this, 'nickname' ) );
 109+ $parser->setFunctionHook( 'ip', array( &$this, 'ip' ) );
 110+ }
 111+
 112+ }
 113+
87114 return true;
88115 }
89116

Comments

#Comment by Nikerabbit (talk | contribs)   20:13, 3 January 2012

Why is it restricted to mediawiki namespace?

#Comment by Toniher (talk | contribs)   20:33, 3 January 2012

Hi, from comment: http://www.mediawiki.org/wiki/Extension_talk:UserFunctions#More_secure_version_suggestion_7767 (in a privacy/security concerned mode) because that is a namespace which can normally be edited only by sysops. So, adding any other NS implies having pondered any hypothetical risk.

#Comment by Nikerabbit (talk | contribs)   21:08, 3 January 2012

What are the privacy security concerns?

#Comment by Toniher (talk | contribs)   21:14, 3 January 2012

The most likely one, IMHO, is that some users in public wikis might think use it to conceal superficially (obvious when checking the code) certain content to some groups, users, etc.

#Comment by 😂 (talk | contribs)   18:09, 6 January 2012

The way you've got it now, you're restricting based on the request title, not the page being parsed.

I don't think this is a good idea at all, but the better way is to unconditionally define it at registration time, and then conditionally output based on $parser->getTitle()'s namespace.

#Comment by Toniher (talk | contribs)   19:07, 6 January 2012

Hi ^demon, I did that way because I thought it might be better not to actually set those hooks in non-allowed namespaces. Let's say, presently, in non-allowed namespaces: {{#ifanon|You're anonymous|You're not anonymous}} would not be processed. If I changed it as you suggest, I guess I would receive an empty output, unless I tried to have an output that mimicked the original parser function by using the given parameters. I don't know any other way to do this…

In any case, I imagine that if I change it as you comment, coherently, maybe I should do the same for functions filtered by $wgUFEnablePersonalDataFunctions

Status & tagging log