r52695 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r52694‎ \| r52695 \| r52696 >
Date:	14:12, 2 July 2009
Author:	nikerabbit
Status:	ok
Tags:
Comment:	Re-write the form for current best practises => escape everything, use xhtml builders
Modified paths:	/trunk/extensions/DeleteBatch/DeleteBatch.body.php (modified) (history) /trunk/extensions/DeleteBatch/DeleteBatch.i18n.php (modified) (history) /trunk/extensions/DeleteBatch/DeleteBatch.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DeleteBatch/DeleteBatch.body.php
—	—	@@ -1,10 +1,4 @@
2	2	<?php
3		-/**
4		~~- * Protect against register_globals vulnerabilities.~~
5		~~- * This line must be present before any global variable is referenced.~~
6		~~- */~~
7		~~-if ( ! defined( 'MEDIAWIKI' ) )~~
8		~~- die();~~
9	3
10	4	class DeleteBatch extends SpecialPage {
11	5
—	—	@@ -44,7 +38,7 @@
45	39	wfLoadExtensionMessages( 'DeleteBatch' );
46	40
47	41	$wgOut->setPageTitle( wfMsg( 'deletebatch-title' ) );
48		~~- $cSF = new DeleteBatchForm( $par );~~
	42	+ $cSF = new DeleteBatchForm( $par, $this->getTitle() );
49	43
50	44	$action = $wgRequest->getVal( 'action' );
51	45	if ( 'success' == $action ) {
—	—	@@ -53,7 +47,7 @@
54	48	$wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {
55	49	$cSF->doSubmit();
56	50	} else {
57		~~- $cSF->showForm( '' );~~
	51	+ $cSF->showForm();
58	52	}
59	53	}
60	54	}
—	—	@@ -62,12 +56,15 @@
63	57	class DeleteBatchForm {
64	58	var $mUser, $mPage, $mFile, $mFileTemp;
65	59
	60	+ protected $title;
	61	+
66	62	/* constructor */
67		~~- function deletebatchForm( $par ) {~~
	63	+ function __construct( $par, $title ) {
68	64	global $wgRequest;
69		~~- $this->mMode = $wgRequest->getVal( 'wpMode' );~~
70		~~- $this->mPage = $wgRequest->getVal( 'wpPage' );~~
71		~~- $this->mReason = $wgRequest->getVal( 'wpReason' );~~
	65	+ $this->title = $title;
	66	+ $this->mMode = $wgRequest->getText( 'wpMode' );
	67	+ $this->mPage = $wgRequest->getText( 'wpPage' );
	68	+ $this->mReason = $wgRequest->getText( 'wpReason' );
72	69	$this->mFile = $wgRequest->getFileName( 'wpFile' );
73	70	$this->mFileTemp = $wgRequest->getFileTempName( 'wpFile' );
74	71	}
—	—	@@ -77,90 +74,114 @@
78	75	*
79	76	* @param $err Mixed: error message or null if there's no error
80	77	*/
81		~~- function showForm( $err = '' ) {~~
82		~~- global $wgOut, $wgUser, $wgRequest;~~
	78	+ function showForm( $errorMessage = false ) {
	79	+ global $wgOut, $wgUser, $wgScript;
83	80
84		~~- $token = htmlspecialchars( $wgUser->editToken() );~~
85		~~- $titleObj = SpecialPage::getTitleFor( 'DeleteBatch' );~~
86		~~- $action = $titleObj->escapeLocalURL( "action=submit" );~~
87		-
88		~~- if ( '' != $err ) {~~
	81	+ if ( $errorMessage ) {
89	82	$wgOut->setSubtitle( wfMsgHtml( 'formerror' ) );
90		~~- $wgOut->addHTML( "<p class='error'>{$err}</p>\n" );~~
	83	+ $wgOut->wrapWikiMsg( "<p class='error'>$1</p>\n", $errorMessage );
91	84	}
92	85
93	86	$wgOut->addWikiMsg( 'deletebatch-help' );
94	87
95		~~- /* don't bother writing up former parameters if not error */~~
96		~~- if ( ( 'submit' == $wgRequest->getVal( 'action' ) ) && ( '' != $err ) ) {~~
97		~~- $scPage = htmlspecialchars( $this->mPage );~~
98		~~- $scReason = htmlspecialchars( $this->mReason );~~
99		~~- $scFile = htmlspecialchars( $this->mFile );~~
100		~~- } else {~~
101		~~- $scPage = '';~~
102		~~- $scReason = '';~~
103		~~- $scFile = '';~~
	88	+ $tabindex = 1;
	89	+
	90	+ $rows = array(
	91	+
	92	+ array(
	93	+ Xml::label( wfMsg( 'deletebatch-as' ), 'wpMode' ),
	94	+ $this->userSelect( 'wpMode', ++$tabindex )->getHtml()
	95	+ ),
	96	+ array(
	97	+ Xml::label( wfMsg( 'deletebatch-page' ), 'wpPage' ),
	98	+ $this->pagelistInput( 'wpPage', ++$tabindex )
	99	+ ),
	100	+ array(
	101	+ wfMsgExt( 'deletebatch-or', 'parseinline' ),
	102	+ ' '
	103	+ ),
	104	+ array(
	105	+ Xml::label( wfMsg( 'deletebatch-caption' ), 'wpFile' ),
	106	+ $this->fileInput( 'wpFile', ++$tabindex )
	107	+ ),
	108	+ array(
	109	+ ' ',
	110	+ $this->submitButton( 'wpdeletebatchSubmit', ++$tabindex )
	111	+ )
	112	+
	113	+ );
	114	+
	115	+ $form =
	116	+
	117	+ Xml::openElement( 'form', array(
	118	+ 'name' => 'deletebatch',
	119	+ 'enctype' => 'multipart/form-data',
	120	+ 'method' => 'post',
	121	+ 'action' => $this->title->getLocalUrl( array( 'action' => 'submit' ) ),
	122	+ ) );
	123	+
	124	+ $form .= '<table>';
	125	+
	126	+ foreach( $rows as $row ) {
	127	+ list( $label, $input ) = $row;
	128	+ $form .= "<tr><td class='mw-label'>$label</td>";
	129	+ $form .= "<td class='mw-input'>$input</td></tr>";
104	130	}
105	131
106		~~- $wgOut->addHTML( "~~
107		~~-<form name=\"deletebatch\" enctype=\"multipart/form-data\" method=\"post\" action=\"{$action}\">~~
108		~~- <table border=\"0\">~~
109		~~- <tr>~~
110		~~- <td align=\"right\">" . wfMsg( 'deletebatch-as' ) . "</td>~~
111		~~- <td align=\"left\">" );~~
112		~~- $this->makeSelect(~~
113		~~- 'wpMode',~~
114		~~- array(~~
115		~~- wfMsg( 'deletebatch-select-script' ) => 'script',~~
116		~~- wfMsg( 'deletebatch-select-yourself' ) => 'you'~~
117		~~- ),~~
118		~~- $this->mMode,~~
119		~~- 1~~
120		~~- );~~
121		~~- $wgOut->addHTML( "</td>~~
122		~~- </tr>~~
123		~~- <tr>~~
124		~~- <td align=\"right\" style=\"vertical-align:top\">" . wfMsg( 'deletebatch-page' ) . "</td>~~
125		~~- <td align=\"left\">~~
126		~~- <textarea tabindex=\"3\" name=\"wpPage\" id=\"wpPage\" cols=\"40\" rows=\"10\"></textarea>~~
127		~~- </td>~~
128		~~- </tr>~~
129		~~- <tr>~~
130		~~- <td align=\"right\">" . wfMsg( 'deletebatch-or' ) . " </td>~~
131		~~- <td align=\"left\">~~
132		~~-  ~~
133		~~- </td>~~
134		~~- </tr>~~
135		~~- <tr>~~
136		~~- <td align=\"right\">" . wfMsg( 'deletebatch-caption' ) . "</td>~~
137		~~- <td align=\"left\">~~
138		~~- <input type=\"file\" tabindex=\"4\" name=\"wpFile\" id=\"wpFile\" value=\"{$scFile}\" />~~
139		~~- </td>~~
140		~~- </tr>~~
141		~~- <tr>~~
142		~~- <td align=\"right\"> </td>~~
143		~~- <td align=\"left\">~~
144		~~- <input tabindex=\"5\" name=\"wpdeletebatchSubmit\" type=\"submit\" value=\"" . wfMsg( 'delete' ) . "\" />~~
145		~~- </td>~~
146		~~- </tr>~~
147		~~- </table>~~
148		~~- <input type='hidden' name='wpEditToken' value=\"{$token}\" />~~
149		~~-</form>" );~~
	132	+ $form .= '</table>';
	133	+
	134	+ $form .= Xml::hidden( 'title', $this->title );
	135	+ $form .= Xml::hidden( 'wpEditToken', $wgUser->editToken() );
	136	+ $form .= '</form>';
	137	+ $wgOut->addHTML( $form );
150	138	}
151	139
152		~~- /* draws select and selects it properly */~~
153		~~- function makeSelect( $name, $options_array, $current, $tabindex ) {~~
154		~~- global $wgOut;~~
155		~~- $wgOut->addHTML( "<select tabindex=\"$tabindex\" name=\"$name\">" );~~
156		~~- foreach ( $options_array as $key => $value ) {~~
157		~~- if ( $value == $current )~~
158		~~- $wgOut->addHTML( "<option value=\"$value\" selected=\"selected\">$key</option>" );~~
159		~~- else~~
160		~~- $wgOut->addHTML( "<option value=\"$value\">$key</option>" );~~
161		~~- }~~
162		~~- $wgOut->addHTML( "</select>" );~~
	140	+ function userSelect( $name, $tabindex ) {
	141	+ $options = array(
	142	+ wfMsg( 'deletebatch-select-script' ) => 'script',
	143	+ wfMsg( 'deletebatch-select-yourself' ) => 'you'
	144	+ );
	145	+
	146	+ $select = new XmlSelect( $name, $name );
	147	+ $select->setDefault( $this->mMode );
	148	+ $select->setAttribute( 'tabindex', $tabindex );
	149	+ $select->addOptions( $options );
	150	+ return $select;
163	151	}
164	152
	153	+ function pagelistInput( $name, $tabindex ) {
	154	+ $params = array(
	155	+ 'tabindex' => $tabindex,
	156	+ 'name' => $name,
	157	+ 'id' => $name,
	158	+ 'cols' => 40,
	159	+ 'rows' => 10
	160	+ );
	161	+
	162	+ return Xml::element( 'textarea', $params, $this->mPage, false );
	163	+ }
	164	+
	165	+ function fileInput( $name, $tabindex ) {
	166	+ $params = array(
	167	+ 'type' => 'file',
	168	+ 'tabindex' => $tabindex,
	169	+ 'name' => $name,
	170	+ 'id' => $name,
	171	+ 'value' => $this->mFile
	172	+ );
	173	+
	174	+ return Xml::element( 'input', $params );
	175	+ }
	176	+
	177	+ function submitButton( $name, $tabindex ) {
	178	+ $params = array(
	179	+ 'tabindex' => $tabindex,
	180	+ 'name' => $name,
	181	+ );
	182	+
	183	+ return Xml::submitButton( wfMsg( 'deletebatch-delete' ), $params );
	184	+ }
	185	+
165	186	/* wraps up multi deletes */
166	187	function deleteBatch( $user = false, $line = '', $filename = null ) {
167	188	global $wgUser, $wgOut;
—	—	@@ -169,16 +190,16 @@
170	191	if ( $filename ) {
171	192	/* both a file and a given page? not too much? */
172	193	if ( '' != $this->mPage ) {
173		~~- $this->showForm( wfMsg( 'deletebatch-both-modes' ) );~~
	194	+ $this->showForm( 'deletebatch-both-modes' );
174	195	return;
175	196	}
176	197	if ( "text/plain" != mime_content_type( $filename ) ) {
177		~~- $this->showForm( wfMsg( 'deletebatch-file-bad-format' ) );~~
	198	+ $this->showForm( 'deletebatch-file-bad-format' );
178	199	return;
179	200	}
180	201	$file = fopen( $filename, 'r' );
181	202	if ( !$file ) {
182		~~- $this->showForm( wfMsg( 'deletebatch-file-missing' ) );~~
	203	+ $this->showForm( 'deletebatch-file-missing' );
183	204	return;
184	205	}
185	206	}
—	—	@@ -227,8 +248,7 @@
228	249	}
229	250
230	251	$sk = $wgUser->getSkin();
231		~~- $titleObj = SpecialPage::getTitleFor( 'DeleteBatch' );~~
232		~~- $link_back = $sk->linkKnown( $titleObj, wfMsg( 'deletebatch-link-back' ) );~~
	252	+ $link_back = $sk->linkKnown( $this->title, wfMsgHtml( 'deletebatch-link-back' ) );
233	253	$wgOut->addHTML( "<br /><b>" . $link_back . "</b>" );
234	254	}
235	255
—	—	@@ -274,8 +294,8 @@
275	295	$art = new Article( $page );
276	296	}
277	297
278		~~- /* what is the generic reason for page deletion?~~
279		~~- something about the content, I guess...~~
	298	+ /* what is the generic reason for page deletion?
	299	+ something about the content, I guess...
280	300	*/
281	301	$art->doDelete( $reason );
282	302	$db->commit();
—	—	@@ -284,10 +304,10 @@
285	305
286	306	/* on submit */
287	307	function doSubmit() {
288		~~- global $wgOut, $wgUser, $wgRequest, $wgLanguageCode;~~
	308	+ global $wgOut;
289	309	$wgOut->setPageTitle( wfMsg( 'deletebatch-title' ) );
290	310	if ( !$this->mPage && !$this->mFileTemp ) {
291		~~- $this->showForm( wfMsg( 'deletebatch-no-page' ) );~~
	311	+ $this->showForm( 'deletebatch-no-page' );
292	312	return;
293	313	}
294	314	if ( $this->mPage ) {
Index: trunk/extensions/DeleteBatch/DeleteBatch.i18n.php
—	—	@@ -24,6 +24,7 @@
25	25	'deletebatch-as' => 'Run the script as:',
26	26	'deletebatch-both-modes' => 'Please choose either one specified page or a given list of pages.',
27	27	'deletebatch-or' => '<b>or</b>',
	28	+ 'deletebatch-delete' => 'Delete',
28	29	'deletebatch-page' => 'Pages to be deleted:',
29	30	'deletebatch-reason' => 'Reason for deletion',
30	31	'deletebatch-processing-from-file' => 'deleting pages from file list',
Index: trunk/extensions/DeleteBatch/DeleteBatch.php
—	—	@@ -16,7 +16,7 @@
17	17	$wgExtensionCredits['specialpage'][] = array(
18	18	'path' => __FILE__,
19	19	'name' => 'Delete Batch',
20		~~- 'version' => '1.2.1',~~
	20	+ 'version' => '1.3',
21	21	'author' => 'Bartek Łapiński',
22	22	'url' => 'http://www.mediawiki.org/wiki/Extension:DeleteBatch',
23	23	'description' => 'Deletes a batch of pages',

Status & tagging log

13:55, 14 May 2011 Siebrand (talk | contribs) changed the status of r52695 [removed: deferred added: ok]
15:27, 29 July 2009 😂 (talk | contribs) changed the status of r52695 [removed: new added: deferred]