r111412 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r111411‎ \| r111412 \| r111413 >
Date:	20:22, 13 February 2012
Author:	wikinaut
Status:	deferred (Comments)
Tags:
Comment:	follow-up 111327 . here we got: using wfBoolToStr(), wfAppendUrl, Http::isValidURI, and the real beta etherpad server url as agreed by the eplite team
Modified paths:	/trunk/extensions/EtherpadLite/EtherpadLite.i18n.php (modified) (history) /trunk/extensions/EtherpadLite/EtherpadLite.php (modified) (history)

Diff [purge]

Index: trunk/extensions/EtherpadLite/EtherpadLite.php
—	—	@@ -7,7 +7,7 @@
8	8	*
9	9	* The extension adds a tag "eplite" to the MediaWiki parser and
10	10	* provides a method to embed Etherpad Lite pads on MediaWiki pages.
11		~~- * The Etherpad Lite server is not part of the extension.~~
	11	+ * An Etherpad Lite server is not part of the extension.
12	12	*
13	13	* Usage:
14	14	*
—	—	@@ -21,14 +21,17 @@
22	22	* Add the following lines in LocalSettings.php:
23	23	*
24	24	* require_once( "$IP/extensions/EtherpadLite/EtherpadLite.php" );
25		~~- * $wgEtherpadLiteDefaultPadUrl = "http://www.your-pad-server.org/p/";~~
	25	+ * Etherpad Lite host server Url.
	26	+ * The shown one is a test server: it is not meant for production.
	27	+ * $wgEtherpadLiteDefaultPadUrl = "http://beta.etherpad.org/p/";
26	28	* $wgEtherpadLiteDefaultWidth = "600px";
27	29	* $wgEtherpadLiteDefaultHeigth = "400px";
28	30	*
29	31	* Prerequisite:
30	32	*
31		~~- * Etherpad Lite host server (example)~~
32		~~- * $wgEtherpadLiteDefaultPadUrl = "http://www.example.com/p/";~~
	33	+ * You need at least one Etherpad Lite host server
	34	+ * The shown one is a test server: it is not meant for production.
	35	+ * $wgEtherpadLiteDefaultPadUrl = "http://beta.etherpad.org/p/";
33	36	*
34	37	* For setting up your own Etherpad Lite server (based on node.js) see
35	38	* Etherpad Lite homepage https://github.com/Pita/etherpad-lite
—	—	@@ -61,7 +64,7 @@
62	65	'path' => __FILE__,
63	66	'name' => 'EtherpadLite',
64	67	'author' => array( 'Thomas Gries' ),
65		~~- 'version' => '1.04 20120212',~~
	68	+ 'version' => '1.05 20120213',
66	69	'url' => 'https://www.mediawiki.org/wiki/Extension:EtherpadLite',
67	70	'descriptionmsg' => 'etherpadlite-desc',
68	71	);
—	—	@@ -79,7 +82,7 @@
80	83
81	84	# Define a default Etherpad Lite server Url and base path
82	85	# this server is used unless a distinct server is defined by id="..."
83		~~-$wgEtherpadLiteDefaultPadUrl = "http://www.example.com/p/";~~
	86	+$wgEtherpadLiteDefaultPadUrl = "http://beta.etherpad.org/p/";
84	87	$wgEtherpadLiteDefaultWidth = "300px";
85	88	$wgEtherpadLiteDefaultHeight = "200px";
86	89	$wgEtherpadLiteMonospacedFont = false;
—	—	@@ -88,11 +91,6 @@
89	92	$wgEtherpadLiteShowChat = true;
90	93	$wgEtherpadLiteShowAuthorColors = true;
91	94
92		-
93		~~-function wfEtherpadLiteStringFromBoolean( $bool ) {~~
94		~~- return ( $bool ) ? "true" : "false";~~
95		-}
96		-
97	95	function wfEtherpadLiteRender( $input, $args, $parser, $frame ) {
98	96
99	97	global $wgUser;
—	—	@@ -100,6 +98,8 @@
101	99	$wgEtherpadLiteMonospacedFont, $wgEtherpadLiteShowControls, $wgEtherpadLiteShowLineNumbers,
102	100	$wgEtherpadLiteShowChat, $wgEtherpadLiteShowAuthorColors;
103	101
	102	+ # check the user input
	103	+
104	104	# undefined id= attributes are replaced by id="" and result
105	105	# in Etherpad Lite server showing its entry page - where you can open a new pad.
106	106	$args['id'] = ( isset( $args['id'] ) ) ? $args['id'] : "";
—	—	@@ -107,54 +107,73 @@
108	108	$args['height'] = ( isset( $args['height'] ) ) ? $args['height'] : $wgEtherpadLiteDefaultHeight;
109	109	$args['width'] = ( isset( $args['width'] ) ) ? $args['width'] : $wgEtherpadLiteDefaultWidth;
110	110
111		~~- $useMonospaceFont = wfEtherpadLiteStringFromBoolean(~~
	111	+ $useMonospaceFont = wfBoolToStr(
112	112	( ( isset( $args['monospaced-font'] ) ) ? filter_var( $args['monospaced-font'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteMonospacedFont )
113	113	);
114	114
115		~~- $showControls = wfEtherpadLiteStringFromBoolean(~~
	115	+ $showControls = wfBoolToStr(
116	116	( ( isset( $args['show-controls'] ) ) ? filter_var( $args['show-controls'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowControls )
117	117	);
118	118
119		~~- $showLineNumbers = wfEtherpadLiteStringFromBoolean(~~
	119	+ $showLineNumbers = wfBoolToStr(
120	120	( ( isset( $args['show-linenumbers'] ) ) ? filter_var( $args['show-linenumbers'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowLineNumbers )
121	121	);
122	122
123		~~- $showChat = wfEtherpadLiteStringFromBoolean(~~
	123	+ $showChat = wfBoolToStr(
124	124	( ( isset( $args['show-chat'] ) ) ? filter_var( $args['show-chat'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowChat )
125	125	);
126	126
127		~~- $noColors = wfEtherpadLiteStringFromBoolean(~~
	127	+ $noColors = wfBoolToStr(
128	128	! ( ( isset( $args['show-colors'] ) ) ? filter_var( $args['show-colors'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowAuthorColors )
129	129	);
130	130
131		~~- $args['src'] = Sanitizer::cleanUrl (~~
132		~~- ( isset( $args['src'] ) ) ? $args['src'] : $wgEtherpadLiteDefaultPadUrl~~
133		~~- );~~
	131	+ # src= is the pad server base url and is user input in <eplite src= > tag from MediaWiki page
	132	+ # id= is the pad name (also known as pad id) and is user input in <eplite id= > tag from MediaWiki page
	133	+
	134	+ $src = ( isset( $args['src'] ) ) ? $args['src'] : $wgEtherpadLiteDefaultPadUrl;
	135	+
	136	+ if ( !Http::isValidURI( $src ) ) {
	137	+ return wfMsg( 'etherpadlite-invalid-pad-url', htmlspecialchars( $src ) );
	138	+ } else {
	139	+ $args['src'] = Sanitizer::cleanUrl ( $src );
	140	+ }
	141	+
	142	+ # let's use the MediaWiki santizer for our user attributes
	143	+
	144	+ $sanitizedAttributes = Sanitizer::validateAttributes( $args, array ( "width", "height", "id", "src" ) );
134	145
	146	+ $url = Sanitizer::cleanUrl( preg_replace( "/\/+$/", "", $sanitizedAttributes['src'] ) . "/" . $sanitizedAttributes['id'] );
	147	+
	148	+ # just check again with the pad id appended
	149	+
	150	+ if ( !Http::isValidURI( $url ) ) {
	151	+ return wfMsg( 'etherpadlite-invalid-pad-url', htmlspecialchars( $url ) );
	152	+ }
	153	+
135	154	# preset the pad username from MediaWiki username or IP
136		-
	155	+ # this not strict, as the pad username can be overwritten in the pad
	156	+ #
137	157	# attention:
138	158	# 1. we must render the page for each visiting user to get their username
139	159	# 2. the pad username can currently be overwritten when editing the pad
140	160
141	161	$parser->disableCache();
142		~~- $userName = rawurlencode( $wgUser->getName() );~~
	162	+
	163	+ $url = wfAppendQuery( $url, array(
	164	+ "showControls" => $showControls,
	165	+ "showChat" => $showChat,
	166	+ "showLineNumbers" => $showLineNumbers,
	167	+ "useMonospaceFont" => $useMonospaceFont,
	168	+ "noColors" => $noColors,
	169	+ "userName" => rawurlencode( $wgUser->getName() ),
	170	+ )
	171	+ );
143	172
144		~~- $sanitizedAttributes = Sanitizer::validateAttributes( $args, array ( "width", "height", "id", "src" ) );~~
145		-
146	173	$iframeAttributes = array(
147	174	"style" => "width:" . $sanitizedAttributes['width'] . ";" .
148		~~- "height:" . $sanitizedAttributes['height'],~~
	175	+ "height:" . $sanitizedAttributes['height'],
149	176	"class" => "eplite-iframe-" . $sanitizedAttributes['id'] ,
150		~~- "src" => Sanitizer::cleanUrl(~~
151		~~- $sanitizedAttributes['src'] . "/" . $sanitizedAttributes['id'] .~~
152		~~- "?showControls=$showControls" .~~
153		~~- "&showChat=$showChat" .~~
154		~~- "&showLineNumbers=$showLineNumbers" .~~
155		~~- "&useMonospaceFont=$useMonospaceFont" .~~
156		~~- "&noColors=$noColors" .~~
157		~~- "&userName=$userName"~~
158		~~- ),~~
	177	+ "src" => Sanitizer::cleanUrl( $url ),
159	178	);
160	179
161	180	$output = Html::rawElement(
Index: trunk/extensions/EtherpadLite/EtherpadLite.i18n.php
—	—	@@ -13,4 +13,5 @@
14	14	*/
15	15	$messages['en'] = array(
16	16	'etherpadlite-desc' => 'Provides a method to embed one or many Etherpad Lite pads (which are hosted on local or external Etherpad Lite server/s) on MediaWiki pages. It adds an <eplite> parser tag.',
	17	+ 'etherpadlite-invalid-pad-url' => '\'$1\' is not a valid Etherpad Lite URL or pad name.',
17	18	);

Follow-up revisions

Revision	Commit summary	Author	Date
r111424	follow-up r111412 . Added the possibility of defining a whitelist of allowed ...	wikinaut	21:36, 13 February 2012

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r111327	follow-up r111313 . iframes have class= instead of id= . proper use of isset(...	wikinaut	21:22, 12 February 2012

Comments

#Comment by Bawolff (talk | contribs) 00:59, 14 February 2012

My advice about wfAppendUrl may actual have been bad. wfAppendUrl uses urlencode, and EtherpadLite seems to expect rawurlencode data...

Status & tagging log

10:57, 15 February 2012 Hashar (talk | contribs) changed the status of r111412 [removed: new added: deferred]