r111879 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r111878‎ | r111879 | r111880 >
Date:19:24, 19 February 2012
Author:wikinaut
Status:deferred
Tags:
Comment:
Three-file version. Class moved to Etherpad_body.php
Modified paths:
  • /trunk/extensions/EtherpadLite/EtherpadLite.php (modified) (history)
  • /trunk/extensions/EtherpadLite/EtherpadLite_body.php (added) (history)

Diff [purge]

Index: trunk/extensions/EtherpadLite/EtherpadLite.php
@@ -64,13 +64,14 @@
6565 'path' => __FILE__,
6666 'name' => 'EtherpadLite',
6767 'author' => array( 'Thomas Gries' ),
68 - 'version' => '1.10 20120219',
 68+ 'version' => '1.11 20120219',
6969 'url' => 'https://www.mediawiki.org/wiki/Extension:EtherpadLite',
7070 'descriptionmsg' => 'etherpadlite-desc',
7171 );
7272
7373 $dir = dirname( __FILE__ ) . '/';
7474 $wgExtensionMessagesFiles['EtherpadLite'] = $dir . 'EtherpadLite.i18n.php';
 75+$wgAutoloadClasses['EtherpadLite'] = $dir . 'EtherpadLite_body.php';
7576 $wgHooks['ParserFirstCallInit'][] = 'EtherpadLite::EtherpadLiteParserInit';
7677
7778 # Define a default Etherpad Lite server Url and base path
@@ -88,8 +89,8 @@
8990 # Whitelist of allowed Etherpad Lite server Urls
9091 #
9192 # If there are items in the array, and the user supplied URL is not in the array,
92 -# the url will not be allowed (proposed in bug 27768 for Extension:RSS)
93 -# Attention:
 93+# the url will not be allowed
 94+#
9495 # Urls are case-sensitively tested against values in the array.
9596 # They must exactly match including any trailing "/" character.
9697 #
@@ -103,181 +104,3 @@
104105
105106 # include "*" if you expressly want to allow all urls (you should not do this)
106107 # $wgEtherpadLiteUrlWhitelist = array( "*" );
107 -
108 -
109 -class EtherpadLite {
110 -
111 - /**
112 - * Tell the parser how to handle <eplite> elements
113 - * https://www.mediawiki.org/wiki/Manual:Tag_extensions
114 - * @param $parser Parser Object
115 - */
116 - static function EtherpadLiteParserInit( $parser ) {
117 -
118 - global $wgEtherpadLitePadsOnThisPage;
119 -
120 - $wgEtherpadLitePadsOnThisPage = array();
121 - $parser->setHook( 'eplite', array( __CLASS__, 'EtherpadLiteRender' ) );
122 -
123 - return true;
124 -
125 - }
126 -
127 - static function EtherpadLiteRender( $input, $args, $parser, $frame ) {
128 -
129 - global $wgUser;
130 - global $wgEtherpadLiteDefaultPadUrl, $wgEtherpadLiteDefaultWidth, $wgEtherpadLiteDefaultHeight,
131 - $wgEtherpadLiteMonospacedFont, $wgEtherpadLiteShowControls, $wgEtherpadLiteShowLineNumbers,
132 - $wgEtherpadLiteShowChat, $wgEtherpadLiteShowAuthorColors, $wgEtherpadLiteUrlWhitelist,
133 - $wgEtherpadLitePadsOnThisPage;
134 -
135 - # check the user input
136 -
137 - # undefined id= attributes are replaced by id="" and result
138 - # in Etherpad Lite server showing its entry page - where you can open a new pad.
139 - $args['id'] = ( isset( $args['id'] ) ) ? $args['id'] : "";
140 -
141 - $args['height'] = ( isset( $args['height'] ) ) ? $args['height'] : $wgEtherpadLiteDefaultHeight;
142 - $args['width'] = ( isset( $args['width'] ) ) ? $args['width'] : $wgEtherpadLiteDefaultWidth;
143 -
144 - $useMonospaceFont = wfBoolToStr(
145 - ( ( isset( $args['monospaced-font'] ) ) ? filter_var( $args['monospaced-font'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteMonospacedFont )
146 - );
147 -
148 - $showControls = wfBoolToStr(
149 - ( ( isset( $args['show-controls'] ) ) ? filter_var( $args['show-controls'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowControls )
150 - );
151 -
152 - $showLineNumbers = wfBoolToStr(
153 - ( ( isset( $args['show-linenumbers'] ) ) ? filter_var( $args['show-linenumbers'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowLineNumbers )
154 - );
155 -
156 - $showChat = wfBoolToStr(
157 - ( ( isset( $args['show-chat'] ) ) ? filter_var( $args['show-chat'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowChat )
158 - );
159 -
160 - $noColors = wfBoolToStr(
161 - ! ( ( isset( $args['show-colors'] ) ) ? filter_var( $args['show-colors'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowAuthorColors )
162 - );
163 -
164 - # src= is the pad server base url and is user input in <eplite src= > tag from MediaWiki page
165 - # id= is the pad name (also known as pad id) and is user input in <eplite id= > tag from MediaWiki page
166 -
167 - $src = ( isset( $args['src'] ) ) ? $args['src'] : $wgEtherpadLiteDefaultPadUrl;
168 - # Sanitizer::cleanUrl just does some normalization, somewhat not needed.
169 - $src = Sanitizer::cleanUrl( $src );
170 -
171 - switch ( true ) {
172 -
173 - # disallow because there is no whitelist or emtpy whitelist
174 - case ( !isset( $wgEtherpadLiteUrlWhitelist )
175 - || !is_array( $wgEtherpadLiteUrlWhitelist )
176 - || ( count( $wgEtherpadLiteUrlWhitelist ) === 0 ) ):
177 - return EtherpadLite::EtherpadLiteError( 'etherpadlite-empty-whitelist',
178 - $src
179 - );
180 - break;
181 -
182 - # allow
183 - case ( in_array( "*", $wgEtherpadLiteUrlWhitelist ) ):
184 - case ( in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
185 - break;
186 -
187 - # otherwise disallow
188 - case ( !in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
189 - default:
190 - $listOfAllowed = $parser->getFunctionLang()->listToText( $wgEtherpadLiteUrlWhitelist );
191 - $numberAllowed = $parser->getFunctionLang()->formatNum( count( $wgEtherpadLiteUrlWhitelist ) );
192 - return EtherpadLite::EtherpadLiteError( 'etherpadlite-url-is-not-whitelisted',
193 - array( $src, $listOfAllowed, $numberAllowed )
194 - );
195 - }
196 -
197 - # Append the id to end of url. Strip off trailing / if present before appending one.
198 - $url = preg_replace( "/\/+$/", "", $src ) . "/" . $args['id'];
199 -
200 - # prevent multiple iframes and rendering of a same pad on a page
201 - # show an error message if a pad is found more than once on a page.
202 - #
203 - # the empty id however may be used more than once as the empty id invokes an
204 - # Etherpad Lite server showing its "create a pad" html page.
205 -
206 - if ( !in_array( $url, $wgEtherpadLitePadsOnThisPage ) ) {
207 - $wgEtherpadLitePadsOnThisPage[] = $url;
208 - } elseif ( $args['id'] !== "" ) {
209 - return EtherpadLite::EtherpadLiteError( 'etherpadlite-pad-used-more-than-once', $url );
210 - }
211 -
212 -
213 - # preset the pad username from MediaWiki username or IP
214 - # this not strict, as the pad username can be overwritten in the pad
215 - #
216 - # attention:
217 - # 1. we must render the page for each visiting user to get their username
218 - # 2. the pad username can currently be overwritten when editing the pad
219 - #
220 - # Future todo might be to make the adding of username optional
221 - # since disabling of cache has a significant performance impact
222 - # on larger sites.
223 -
224 - $parser->disableCache();
225 -
226 - # Etherpad Lite requires rawurlencoded userName, thus we must add it manually
227 -
228 - $url = wfAppendQuery( $url, array(
229 - "showControls" => $showControls,
230 - "showChat" => $showChat,
231 - "showLineNumbers" => $showLineNumbers,
232 - "useMonospaceFont" => $useMonospaceFont,
233 - "noColors" => $noColors,
234 - )
235 - ) . "&userName=" . rawurlencode( $wgUser->getName() );
236 -
237 - # @todo One could potentially stuff other css in the width argument
238 - # since ; isn't checked for. Since overall css is checked for allowed
239 - # rules, this isn't super big deal.
240 - $iframeAttributes = array(
241 - "style" => "width:" . $args['width'] . ";" .
242 - "height:" . $args['height'],
243 - "class" => "eplite-iframe-" . $args['id'] ,
244 - "src" => Sanitizer::cleanUrl( $url ),
245 - );
246 -
247 - $sanitizedAttributes = Sanitizer::validateAttributes( $iframeAttributes, array ( "style", "class", "src" ) );
248 -
249 - if ( !isset( $sanitizedAttributes['src'] ) ) {
250 - // The Sanitizer decided that the src attribute was no good.
251 - // (aka used a protocol that isn't in the whitelist)
252 - return EtherpadLite::EtherpadLiteError( 'etherpadlite-invalid-pad-url', $src );
253 - }
254 -
255 - $output = Html::rawElement(
256 - 'iframe',
257 - $sanitizedAttributes
258 - );
259 -
260 - wfDebug( "EtherpadLite::EtherpadLiteRender $output\n" );
261 -
262 - return $output;
263 -
264 - }
265 -
266 - /**
267 - * Output an error message, all wraped up nicely.
268 - * @param String $errorName The system message that this error is
269 - * @param String|Array $param Error parameter (or parameters)
270 - * @return String Html that is the error.
271 - */
272 - private static function EtherpadLiteError( $errorName, $param ) {
273 -
274 - // Anything from a parser tag should use Content lang for message,
275 - // since the cache doesn't vary by user language: do not use wfMsgForContent but wfMsgForContent
276 - // The ->parse() part makes everything safe from an escaping standpoint.
277 -
278 - return Html::rawElement( 'span', array( 'class' => 'error' ),
279 - wfMessage( $errorName )->inContentLanguage()->params( $param )->parse()
280 - );
281 -
282 - }
283 -
284 -} /* class EtherpadLite */
Index: trunk/extensions/EtherpadLite/EtherpadLite_body.php
@@ -0,0 +1,193 @@
 2+<?php
 3+/**
 4+ * EtherpadLite extension class
 5+ *
 6+ * @file
 7+ * @ingroup Extensions
 8+ *
 9+ * @author Thomas Gries
 10+ * @license GPL v2
 11+ * @license MIT
 12+ *
 13+ * Dual licensed under the MIT and GPL licenses:
 14+ * http://www.opensource.org/licenses/mit-license.php
 15+ * http://www.gnu.org/licenses/gpl.html
 16+ *
 17+ */
 18+
 19+class EtherpadLite {
 20+
 21+ /**
 22+ * Tell the parser how to handle <eplite> elements
 23+ * https://www.mediawiki.org/wiki/Manual:Tag_extensions
 24+ * @param $parser Parser Object
 25+ */
 26+ static function EtherpadLiteParserInit( $parser ) {
 27+
 28+ global $wgEtherpadLitePadsOnThisPage;
 29+
 30+ $wgEtherpadLitePadsOnThisPage = array();
 31+ $parser->setHook( 'eplite', array( __CLASS__, 'EtherpadLiteRender' ) );
 32+
 33+ return true;
 34+
 35+ }
 36+
 37+ static function EtherpadLiteRender( $input, $args, $parser, $frame ) {
 38+
 39+ global $wgUser;
 40+ global $wgEtherpadLiteDefaultPadUrl, $wgEtherpadLiteDefaultWidth, $wgEtherpadLiteDefaultHeight,
 41+ $wgEtherpadLiteMonospacedFont, $wgEtherpadLiteShowControls, $wgEtherpadLiteShowLineNumbers,
 42+ $wgEtherpadLiteShowChat, $wgEtherpadLiteShowAuthorColors, $wgEtherpadLiteUrlWhitelist,
 43+ $wgEtherpadLitePadsOnThisPage;
 44+
 45+ # check the user input
 46+
 47+ # undefined id= attributes are replaced by id="" and result
 48+ # in Etherpad Lite server showing its entry page - where you can open a new pad.
 49+ $args['id'] = ( isset( $args['id'] ) ) ? $args['id'] : "";
 50+
 51+ $args['height'] = ( isset( $args['height'] ) ) ? $args['height'] : $wgEtherpadLiteDefaultHeight;
 52+ $args['width'] = ( isset( $args['width'] ) ) ? $args['width'] : $wgEtherpadLiteDefaultWidth;
 53+
 54+ $useMonospaceFont = wfBoolToStr(
 55+ ( ( isset( $args['monospaced-font'] ) ) ? filter_var( $args['monospaced-font'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteMonospacedFont )
 56+ );
 57+
 58+ $showControls = wfBoolToStr(
 59+ ( ( isset( $args['show-controls'] ) ) ? filter_var( $args['show-controls'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowControls )
 60+ );
 61+
 62+ $showLineNumbers = wfBoolToStr(
 63+ ( ( isset( $args['show-linenumbers'] ) ) ? filter_var( $args['show-linenumbers'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowLineNumbers )
 64+ );
 65+
 66+ $showChat = wfBoolToStr(
 67+ ( ( isset( $args['show-chat'] ) ) ? filter_var( $args['show-chat'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowChat )
 68+ );
 69+
 70+ $noColors = wfBoolToStr(
 71+ ! ( ( isset( $args['show-colors'] ) ) ? filter_var( $args['show-colors'], FILTER_VALIDATE_BOOLEAN ) : $wgEtherpadLiteShowAuthorColors )
 72+ );
 73+
 74+ # src= is the pad server base url and is user input in <eplite src= > tag from MediaWiki page
 75+ # id= is the pad name (also known as pad id) and is user input in <eplite id= > tag from MediaWiki page
 76+
 77+ $src = ( isset( $args['src'] ) ) ? $args['src'] : $wgEtherpadLiteDefaultPadUrl;
 78+ # Sanitizer::cleanUrl just does some normalization, somewhat not needed.
 79+ $src = Sanitizer::cleanUrl( $src );
 80+
 81+ switch ( true ) {
 82+
 83+ # disallow because there is no whitelist or emtpy whitelist
 84+ case ( !isset( $wgEtherpadLiteUrlWhitelist )
 85+ || !is_array( $wgEtherpadLiteUrlWhitelist )
 86+ || ( count( $wgEtherpadLiteUrlWhitelist ) === 0 ) ):
 87+ return EtherpadLite::EtherpadLiteError( 'etherpadlite-empty-whitelist',
 88+ $src
 89+ );
 90+ break;
 91+
 92+ # allow
 93+ case ( in_array( "*", $wgEtherpadLiteUrlWhitelist ) ):
 94+ case ( in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
 95+ break;
 96+
 97+ # otherwise disallow
 98+ case ( !in_array( $src, $wgEtherpadLiteUrlWhitelist ) ):
 99+ default:
 100+ $listOfAllowed = $parser->getFunctionLang()->listToText( $wgEtherpadLiteUrlWhitelist );
 101+ $numberAllowed = $parser->getFunctionLang()->formatNum( count( $wgEtherpadLiteUrlWhitelist ) );
 102+ return EtherpadLite::EtherpadLiteError( 'etherpadlite-url-is-not-whitelisted',
 103+ array( $src, $listOfAllowed, $numberAllowed )
 104+ );
 105+ }
 106+
 107+ # Append the id to end of url. Strip off trailing / if present before appending one.
 108+ $url = preg_replace( "/\/+$/", "", $src ) . "/" . $args['id'];
 109+
 110+ # prevent multiple iframes and rendering of a same pad on a page
 111+ # show an error message if a pad is found more than once on a page.
 112+ #
 113+ # the empty id however may be used more than once as the empty id invokes an
 114+ # Etherpad Lite server showing its "create a pad" html page.
 115+
 116+ if ( !in_array( $url, $wgEtherpadLitePadsOnThisPage ) ) {
 117+ $wgEtherpadLitePadsOnThisPage[] = $url;
 118+ } elseif ( $args['id'] !== "" ) {
 119+ return EtherpadLite::EtherpadLiteError( 'etherpadlite-pad-used-more-than-once', $url );
 120+ }
 121+
 122+
 123+ # preset the pad username from MediaWiki username or IP
 124+ # this not strict, as the pad username can be overwritten in the pad
 125+ #
 126+ # attention:
 127+ # 1. we must render the page for each visiting user to get their username
 128+ # 2. the pad username can currently be overwritten when editing the pad
 129+ #
 130+ # Future todo might be to make the adding of username optional
 131+ # since disabling of cache has a significant performance impact
 132+ # on larger sites.
 133+
 134+ $parser->disableCache();
 135+
 136+ # Etherpad Lite requires rawurlencoded userName, thus we must add it manually
 137+
 138+ $url = wfAppendQuery( $url, array(
 139+ "showControls" => $showControls,
 140+ "showChat" => $showChat,
 141+ "showLineNumbers" => $showLineNumbers,
 142+ "useMonospaceFont" => $useMonospaceFont,
 143+ "noColors" => $noColors,
 144+ )
 145+ ) . "&userName=" . rawurlencode( $wgUser->getName() );
 146+
 147+ # @todo One could potentially stuff other css in the width argument
 148+ # since ; isn't checked for. Since overall css is checked for allowed
 149+ # rules, this isn't super big deal.
 150+ $iframeAttributes = array(
 151+ "style" => "width:" . $args['width'] . ";" .
 152+ "height:" . $args['height'],
 153+ "class" => "eplite-iframe-" . $args['id'] ,
 154+ "src" => Sanitizer::cleanUrl( $url ),
 155+ );
 156+
 157+ $sanitizedAttributes = Sanitizer::validateAttributes( $iframeAttributes, array ( "style", "class", "src" ) );
 158+
 159+ if ( !isset( $sanitizedAttributes['src'] ) ) {
 160+ // The Sanitizer decided that the src attribute was no good.
 161+ // (aka used a protocol that isn't in the whitelist)
 162+ return EtherpadLite::EtherpadLiteError( 'etherpadlite-invalid-pad-url', $src );
 163+ }
 164+
 165+ $output = Html::rawElement(
 166+ 'iframe',
 167+ $sanitizedAttributes
 168+ );
 169+
 170+ wfDebug( "EtherpadLite::EtherpadLiteRender $output\n" );
 171+
 172+ return $output;
 173+
 174+ }
 175+
 176+ /**
 177+ * Output an error message, all wraped up nicely.
 178+ * @param String $errorName The system message that this error is
 179+ * @param String|Array $param Error parameter (or parameters)
 180+ * @return String Html that is the error.
 181+ */
 182+ private static function EtherpadLiteError( $errorName, $param ) {
 183+
 184+ // Anything from a parser tag should use Content lang for message,
 185+ // since the cache doesn't vary by user language: do not use wfMsgForContent but wfMsgForContent
 186+ // The ->parse() part makes everything safe from an escaping standpoint.
 187+
 188+ return Html::rawElement( 'span', array( 'class' => 'error' ),
 189+ wfMessage( $errorName )->inContentLanguage()->params( $param )->parse()
 190+ );
 191+
 192+ }
 193+
 194+} /* class EtherpadLite */
Property changes on: trunk/extensions/EtherpadLite/EtherpadLite_body.php
___________________________________________________________________
Added: svn:eol-style
1195 + native

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r111869moved wgEtherpadLite default parameters out of the class to make them really ...wikinaut16:25, 19 February 2012

Status & tagging log