r111313 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r111312‎ \| r111313 \| r111314 >
Date:	18:53, 12 February 2012
Author:	wikinaut
Status:	deferred (Comments)
Tags:
Comment:	follow-up r111286 . changed attribute names pad-id to id, pad-url to src. Using Sanitizer to sanitize width, height, id, src attributes when composing the iframe. The other boolean attributes are sanitized manually
Modified paths:	/trunk/extensions/EtherpadLite/EtherpadLite.php (modified) (history)

Diff [purge]

Index: trunk/extensions/EtherpadLite/EtherpadLite.php
—	—	@@ -11,9 +11,10 @@
12	12	*
13	13	* Usage:
14	14	*
15		~~- * <eplite pad-id="padid" />~~
16		~~- * <eplite pad-id="myPseudoSecretPadHash-7ujHvhq06g" />~~
17		~~- * <eplite pad-id="padid" height="200px" width="600px" />~~
	15	+ * <eplite id="padid" />
	16	+ * <eplite id="myPseudoSecretPadHash-7ujHvhq06g" />
	17	+ * <eplite id="padid" height="200px" width="600px" />
	18	+ * <eplite id="padid" src="http://www.another-pad-server.org/p/" />
18	19	*
19	20	* Installation:
20	21	*
—	—	@@ -49,18 +50,18 @@
50	51	*
51	52	*/
52	53
53		~~-// Check environment~~
	54	+# Check environment
54	55	if ( !defined( 'MEDIAWIKI' ) ) {
55	56	echo( "This is an extension to MediaWiki and cannot be run standalone.\n" );
56	57	die( - 1 );
57	58	}
58	59
59		~~-// Credits~~
	60	+# Credits
60	61	$wgExtensionCredits['parserhook'][] = array(
61	62	'path' => __FILE__,
62	63	'name' => 'EtherpadLite',
63	64	'author' => array( 'Thomas Gries' ),
64		~~- 'version' => '1.02 20120212',~~
	65	+ 'version' => '1.03 20120212',
65	66	'url' => 'https://www.mediawiki.org/wiki/Extension:EtherpadLite',
66	67	'descriptionmsg' => 'etherpadlite-desc',
67	68	);
—	—	@@ -70,14 +71,14 @@
71	72	$wgExtensionMessagesFiles['EtherpadLite'] = $dir . 'EtherpadLite.i18n.php';
72	73	$wgHooks['ParserFirstCallInit'][] = 'wfEtherpadLiteParserInit';
73	74
74		~~-// https://www.mediawiki.org/wiki/Manual:Tag_extensions~~
	75	+# https://www.mediawiki.org/wiki/Manual:Tag_extensions
75	76	function wfEtherpadLiteParserInit( $parser ) {
76	77	$parser->setHook('eplite', 'wfEtherpadLiteRender');
77	78	return true;
78	79	}
79	80
80	81	# Define a default Etherpad Lite server Url and base path
81		~~-# this server is used unless a distinct server is defined by pad-id="..."~~
	82	+# this server is used unless a distinct server is defined by id="..."
82	83	$wgEtherpadLiteDefaultPadUrl = "http://www.example.com/p/";
83	84	$wgEtherpadLiteDefaultWidth = "300px";
84	85	$wgEtherpadLiteDefaultHeight = "200px";
—	—	@@ -101,33 +102,39 @@
102	103	$wgEtherpadLiteMonospacedFont, $wgEtherpadLiteShowControls, $wgEtherpadLiteShowLineNumbers,
103	104	$wgEtherpadLiteShowChat, $wgEtherpadLiteShowAuthorColors;
104	105
105		~~- $padId = ( isset( $args['pad-id'] ) ) ? $args['pad-id'] : "" ;~~
106		~~- $height = ( isset( $args['height'] ) ) ? $args['height'] : $wgEtherpadLiteDefaultHeight;~~
107		~~- $width = ( isset( $args['width'] ) ) ? $args['width'] : $wgEtherpadLiteDefaultWidth;~~
	106	+ # undefined id= attributes are replaced by id="" and result
	107	+ # in Etherpad Lite server showing its entry page - where you can open a new pad.
	108	+ $args['id'] = ( isset( $args['id'] ) ) ? $args['id'] : "";
108	109
	110	+ $args['height'] = ( isset( $args['height'] ) ) ? $args['height'] : $wgEtherpadLiteDefaultHeight;
	111	+ $args['width'] = ( isset( $args['width'] ) ) ? $args['width'] : $wgEtherpadLiteDefaultWidth;
	112	+
109	113	$useMonospaceFont = wfEtherpadLiteStringFromTestedBoolean( $args['monospaced-font'], $wgEtherpadLiteMonospacedFont );
110	114	$showControls = wfEtherpadLiteStringFromTestedBoolean( $args['show-controls'], $wgEtherpadLiteShowControls ) ;
111	115	$showLineNumbers = wfEtherpadLiteStringFromTestedBoolean( $args['show-linenumbers'], $wgEtherpadLiteShowLineNumbers );
112	116	$showChat = wfEtherpadLiteStringFromTestedBoolean( $args['show-chat'], $wgEtherpadLiteShowChat );
113	117	$noColors = ! ( wfEtherpadLiteStringFromTestedBoolean( $args['show-colors'], $wgEtherpadLiteShowAuthorColors ) );
114	118
115		~~- $epliteHostUrl = Sanitizer::cleanUrl (~~
116		~~- ( isset( $args['pad-url'] ) ) ? $args['pad-url'] : $wgEtherpadLiteDefaultPadUrl~~
	119	+ $args['src'] = Sanitizer::cleanUrl (
	120	+ ( isset( $args['src'] ) ) ? $args['src'] : $wgEtherpadLiteDefaultPadUrl
117	121	);
118	122
119		~~- // preset the pad username from MediaWiki username or IP~~
	123	+ # preset the pad username from MediaWiki username or IP
120	124
121		~~- // attention:~~
122		~~- // 1. we must render the page for each visiting user to get their username~~
123		~~- // 2. the pad username can currently be overwritten when editing the pad~~
	125	+ # attention:
	126	+ # 1. we must render the page for each visiting user to get their username
	127	+ # 2. the pad username can currently be overwritten when editing the pad
124	128
125	129	$parser->disableCache();
126	130	$userName = $wgUser->getName();
127		-
	131	+
	132	+ $sanitizedAttributes = Sanitizer::validateAttributes( $args, array ( "width", "height", "id", "src" ) );
	133	+
128	134	$iframeAttributes = array(
129		~~- "style" => "width:$width;height:$height",~~
130		~~- "id" => "epframe$padId",~~
131		~~- "src" => "$epliteHostUrl/$padId" .~~
	135	+ "style" => "width:" . $sanitizedAttributes['width'] . ";" .
	136	+ "height:" . $sanitizedAttributes['height'],
	137	+ "id" => "eplite-iframe-" . $sanitizedAttributes['id'] ,
	138	+ "src" => $sanitizedAttributes['src'] . "/" . $sanitizedAttributes['id'] .
132	139	"?showControls=$showControls" .
133	140	"&showChat=$showChat" .
134	141	"&showLineNumbers=$showLineNumbers" .

Follow-up revisions

Revision	Commit summary	Author	Date
r111327	follow-up r111313 . iframes have class= instead of id= . proper use of isset(...	wikinaut	21:22, 12 February 2012

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r111286	there was a SVN post hook erro 8 glithc and revision 111285 disappeared silen...	wikinaut	08:12, 12 February 2012

Comments

#Comment by Wikinaut (talk | contribs) 19:06, 12 February 2012

In r111313 I fixed (I think) all of the issues mentioned in r111263 .

Let me explain here again:

1. I changed the attribute names from pad-id => id and pad-url => src. This allows to treat (id, src, height, width) as standard attributes and to use

$sanitizedAttributes = Sanitizer::validateAttributes( $args, array ( "width", "height", "id", "src" ) );

for this, and then to use $santizedAttributes['src'] for example.

2. The boolean parameters are manually checked.

Please have a look to r111313 . Documentation https://www.mediawiki.org/wiki/Extension:EtherpadLite has been updated as well.

Status & tagging log

10:57, 15 February 2012 Hashar (talk | contribs) changed the status of r111313 [removed: new added: deferred]