r114008 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r114007‎ | r114008 | r114009 >
Date:11:14, 16 March 2012
Author:santhosh
Status:ok
Tags:
Comment:
More validations , limit the maxlength of aggregate group name.
Ping 113709
Modified paths:
  • /trunk/extensions/Translate/api/ApiAggregateGroups.php (modified) (history)
  • /trunk/extensions/Translate/specials/SpecialAggregateGroups.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Translate/specials/SpecialAggregateGroups.php
@@ -40,7 +40,7 @@
4141 $out->permissionRequired( 'translate-manage' );
4242 return;
4343 }
44 -
 44+
4545 $groups = MessageGroups::getAllGroups();
4646 $aggregates = array();
4747 $pages = array();
@@ -106,7 +106,7 @@
107107 wfMsg( 'tpt-aggregategroup-add-new' ) .
108108 "</a>" );
109109 $newGroupNameLabel = wfMsg( 'tpt-aggregategroup-new-name' );
110 - $newGroupName = Html::element( 'input', array( 'class' => 'tp-aggregategroup-add-name' ) );
 110+ $newGroupName = Html::element( 'input', array( 'class' => 'tp-aggregategroup-add-name', 'maxlength' => '200' ) );
111111 $newGroupDescriptionLabel = wfMsg( 'tpt-aggregategroup-new-description' );
112112 $newGroupDescription = Html::element( 'input',
113113 array( 'class' => 'tp-aggregategroup-add-description' )
@@ -125,7 +125,7 @@
126126 protected function listSubgroups( AggregateMessageGroup $parent ) {
127127 $out = $this->getOutput();
128128 $sanid = Sanitizer::escapeId( $parent->getId() );
129 -
 129+
130130 $id = $this->htmlIdForGroup( $parent, 'mw-tpa-grouplist-' );
131131 $out->addHtml( Html::openElement( 'ol', array( 'id' => $id ) ) );
132132
@@ -154,7 +154,7 @@
155155 if ( isset( $subgroups[$groupId] ) ) continue;
156156 $select->addOption( $group->getLabel(), $groupId );
157157 }
158 -
 158+
159159 return $select;
160160 }
161161
Index: trunk/extensions/Translate/api/ApiAggregateGroups.php
@@ -43,7 +43,11 @@
4444 if ( $subgroups ) {
4545 $subgroups = array_map( 'trim', explode( ',', $subgroups ) );
4646 } else {
47 - // For newly created groups the subgroups value might be empty
 47+ // For newly created groups the subgroups value might be empty,
 48+ // but check that.
 49+ if ( !TranslateMetadata::get( $aggregateGroup, 'name' ) ) {
 50+ $this->dieUsage( '‎Invalid Aggregate message group', 'invalidaggregategroup' );
 51+ } ;
4852 $subgroups = array();
4953 }
5054 $group = MessageGroups::getGroup( $groupId );
@@ -51,8 +55,9 @@
5256 $this->dieUsage( 'Group does not exist or invalid', 'invalidgroup' );
5357 }
5458
55 - // @FIXME: handle pages with a comma in their name
56 -
 59+ if ( !self::isValid( $aggregateGroup ) ) {
 60+ $this->dieUsage( '‎Invalid Aggregate message group', 'invalidaggregategroup' );
 61+ }
5762 // Add or remove from the list
5863 if ( $action === 'associate' ) {
5964 $subgroups[] = $groupId;
@@ -77,7 +82,9 @@
7883 if ( TranslateMetadata::get( $aggregateGroup, 'subgroups' ) ) {
7984 $this->dieUsage( 'Aggregate message group already exists', 'duplicateaggregategroup' );
8085 }
81 - // @FIXME: check that the group id is valid (like, no commas)
 86+ if ( !self::isValid ( $aggregateGroup ) ) {
 87+ $this->dieUsage( '‎Invalid Aggregate message group name', 'invalidaggregategroup' );
 88+ }
8289 TranslateMetadata::set( $aggregateGroup, 'subgroups', '' ) ;
8390 $name = trim( $params['groupname'] );
8491 $desc = trim( $params['groupdescription'] );
@@ -99,6 +106,13 @@
100107 MessageGroups::clearCache();
101108 }
102109
 110+ protected function isValid( $aggregateGroup ) {
 111+ if ( !$aggregateGroup || preg_match( '/[\x00-\x1f\x22\x23\x2c\x2e\x3c\x3e\x5b\x5d\x7b\x7c\x7d\x7f\s]+/i', $aggregateGroup ) ) {
 112+ return false;
 113+ }
 114+ return true;
 115+ }
 116+
103117 public function isWriteMode() {
104118 return true;
105119 }

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r113709create the groupdId by more better....santhosh06:32, 13 March 2012

Status & tagging log