r28179 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r28178‎ | r28179 | r28180 >
Date:15:19, 5 December 2007
Author:brion
Status:old
Tags:
Comment:
Revert r28158, 28159, 28160, 28164:
* Bad validation of input
* Bad passing of unescaped input into SQL
* Bad passing of unescaped titles into URL output
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/SpecialUndelete.php (modified) (history)
  • /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/SpecialUndelete.php
@@ -97,21 +97,14 @@
9898 *
9999 * @return ResultWrapper
100100 */
101 - function listRevisions( $startTime, $limit ) {
102 - $whereClause = array( 'ar_namespace' => $this->title->getNamespace(),
103 - 'ar_title' => $this->title->getDBkey() );
104 - if ( $startTime && is_numeric($startTime) )
105 - $whereClause[] = "ar_timestamp < $startTime";
106 -
107 - $optionsClause = array( 'ORDER BY' => 'ar_timestamp DESC' );
108 - if ( $limit > 0 ) $optionsClause['LIMIT'] = intval($limit);
109 -
 101+ function listRevisions() {
110102 $dbr = wfGetDB( DB_SLAVE );
111103 $res = $dbr->select( 'archive',
112104 array( 'ar_minor_edit', 'ar_timestamp', 'ar_user', 'ar_user_text', 'ar_comment', 'ar_len' ),
113 - $whereClause,
 105+ array( 'ar_namespace' => $this->title->getNamespace(),
 106+ 'ar_title' => $this->title->getDBkey() ),
114107 'PageArchive::listRevisions',
115 - $optionsClause ) ;
 108+ array( 'ORDER BY' => 'ar_timestamp DESC' ) );
116109 $ret = $dbr->resultObject( $res );
117110 return $ret;
118111 }
@@ -829,7 +822,7 @@
830823 }
831824
832825 /* private */ function showHistory() {
833 - global $wgLang, $wgContLang, $wgUser, $wgOut, $wgRequest;
 826+ global $wgLang, $wgContLang, $wgUser, $wgOut;
834827
835828 $sk = $wgUser->getSkin();
836829 if ( $this->mAllowed ) {
@@ -853,37 +846,12 @@
854847 }
855848
856849 # List all stored revisions
857 - $tmpLimit = $wgRequest->getIntOrNull ( 'limit' );
858 - $tmpLimit = (is_null($tmpLimit))? 5001 : $tmpLimit + 1;
859 - $revisions = $archive->listRevisions( $wgRequest->getVal ( 'offset' ),
860 - $tmpLimit );
861 - if ( $tmpLimit < 1 ) $tmpLimit = $revisions->numRows() + 1;
862 -
 850+ $revisions = $archive->listRevisions();
863851 $files = $archive->listFiles();
864852
865853 $haveRevisions = $revisions && $revisions->numRows() > 0;
866854 $haveFiles = $files && $files->numRows() > 0;
867855
868 - $hasMore = false;
869 - if ( $revisions && $revisions->numRows() >= $tmpLimit ) {
870 - if ( $revisions->numRows() >= 2 ) {
871 - $revisions->seek ( $revisions->numRows() - 2 );
872 - $tmp = $revisions->fetchObject();
873 - $revisions->rewind ( );
874 - $offset = $tmp->ar_timestamp;
875 - } else
876 - $offset = 0;
877 -
878 - $titleObj = SpecialPage::getTitleFor ( 'Undelete' );
879 - $nextLink = $sk->makeKnownLinkObj ( $titleObj, wfMsg( 'undelete-next-revs', 5000 ),
880 - "target={$this->mTarget}&limit=5000&offset=$offset" );
881 -
882 - $allLink = $sk->makeKnownLinkObj ( $titleObj, wfMsg( 'undelete-show-all' ),
883 - "target={$this->mTarget}&limit=-1&offset=0" );
884 -
885 - $wgOut->addHTML ( wfMsg ( 'undelete-more-revs', $tmpLimit - 1, $nextLink, $allLink ) );
886 - $hasMore = true;
887 - }
888856 # Batch existence check on user and talk pages
889857 if( $haveRevisions ) {
890858 $batch = new LinkBatch();
@@ -967,17 +935,16 @@
968936 $target = urlencode( $this->mTarget );
969937 $remaining = $revisions->numRows();
970938 $earliestLiveTime = $this->getEarliestTime( $this->mTargetObj );
971 -
972 - if ( $hasMore ) $remaining --;
973 -
974 - while( ( $row = $revisions->fetchObject() ) && $remaining-- ) {
 939+
 940+ while( $row = $revisions->fetchObject() ) {
 941+ $remaining--;
975942 $ts = wfTimestamp( TS_MW, $row->ar_timestamp );
976943 if ( $this->mAllowed ) {
977944 $checkBox = Xml::check( "ts$ts" );
978945 $pageLink = $sk->makeKnownLinkObj( $titleObj,
979946 $wgLang->timeanddate( $ts, true ),
980947 "target=$target&timestamp=$ts" );
981 - if( ($remaining > 0 || $hasMore ) ||
 948+ if( ($remaining > 0) ||
982949 ($earliestLiveTime && $ts > $earliestLiveTime ) ) {
983950 $diffLink = '(' .
984951 $sk->makeKnownLinkObj( $titleObj,
Index: trunk/phase3/languages/messages/MessagesEn.php
@@ -2006,11 +2006,6 @@
20072007 'It may have already been undeleted.',
20082008 'undelete-error-short' => 'Error undeleting file: $1',
20092009 'undelete-error-long' => "Errors were encountered while undeleting the file:\n\n$1",
2010 -'undelete-more-revs' => '<b><font style="color: red">WARNING!</font> This page has more deleted revisions than are displayed here.</b><br />
2011 -$1 revisions are displayed below. You may select revisions from this list or select none to restore all revisions (including those not displayed).<br />
2012 -($2) ($3)',
2013 -'undelete-next-revs' => 'View next $1 revisions',
2014 -'undelete-show-all' => 'Show all revisions',
20152010
20162011 # Namespace form on various pages
20172012 'namespace' => 'Namespace:',
Index: trunk/phase3/RELEASE-NOTES
@@ -87,11 +87,6 @@
8888 does not exists
8989 * (bug 8396) Ignore out-of-date serialised message caches
9090 * (bug 12195) Undeleting pages now requires 'undelete' permission
91 -* Only show most recent 5000 revisions on Special:Undelete by default. Accept
92 - limit and offset parameters. Undelete with no revisions selected still
93 - undeletes all revisions, regardless of how many are displayed.
94 -* Add "show all" option to Special:Undelete when some revisions are excluded,
95 - despite that showing all revisions may fail less than gracefully.
9691
9792 === Bug fixes in 1.12 ===
9893

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r28158* Only show most recent 5000 revisions on Special:Undelete by default. Accept...amidaniel22:08, 4 December 2007

Status & tagging log