r62422 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r62421‎ | r62422 | r62423 >
Date:10:31, 13 February 2010
Author:nad
Status:deferred (Comments)
Tags:
Comment:
don't allow updating record info if protected
Modified paths:
  • /trunk/extensions/RecordAdmin/RecordAdmin.php (modified) (history)
  • /trunk/extensions/RecordAdmin/RecordAdmin_body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/RecordAdmin/RecordAdmin_body.php
@@ -8,6 +8,7 @@
99 var $formClass = '';
1010 var $formAtts = '';
1111 var $type = '';
 12+ var $editable = false;
1213 var $record = '';
1314 var $types = array();
1415 var $values = array();
@@ -109,7 +110,8 @@
110111 * Override SpecialPage::execute()
111112 */
112113 function execute( $param ) {
113 - global $wgVersion, $wgOut, $wgRequest, $wgRecordAdminUseNamespaces, $wgLang, $wgRecordAdminCategory;
 114+ global $wgVersion, $wgOut, $wgRequest, $wgRecordAdminUseNamespaces, $wgLang, $wgRecordAdminCategory, $wgSecurityProtectRecords;
 115+ if ( !isset( $wgSecurityProtectRecords ) ) $wgSecurityProtectRecords = false;
114116 $this->setHeaders();
115117 $type = $wgRequest->getText( 'wpType' ) or $type = $param;
116118 $newtype = $wgRequest->getText( 'wpNewType' );
@@ -118,6 +120,7 @@
119121 $title = $this->title = Title::makeTitle( NS_SPECIAL, 'RecordAdmin' );
120122 $action = $title->getLocalURL( 'action=submit' );
121123 $wpTitle = trim( $wgRequest->getText( 'wpTitle' ) );
 124+ $this->template = Title::makeTitle( NS_TEMPLATE, $type );
122125
123126 if ( $type && $wgRecordAdminUseNamespaces ) {
124127 if ( $wpTitle && !ereg( "^$type:.+$", $wpTitle ) ) $wpTitle = "$type:$wpTitle";
@@ -249,72 +252,82 @@
250253
251254 # A specific record has been selected, render form for updating
252255 else {
253 - $rtitle = Title::newFromText( $record );
254 - $article = new Article( $rtitle );
255 - $text = $article->fetchContent();
256 - $wgOut->addWikiText( "== " . wfMsg( 'recordadmin-edit', $rtitle->getPrefixedText(), $type ) . " ==\n" );
 256+ if ( !$wgSecurityProtectRecords || $this->template->userCan( 'read' ) ) {
 257+ $rtitle = Title::newFromText( $record );
 258+ $article = new Article( $rtitle );
 259+ $text = $article->fetchContent();
 260+ $wgOut->addWikiText( "== " . wfMsg( 'recordadmin-edit', $rtitle->getPrefixedText(), $type ) . " ==\n" );
257261
258 - # Update article if form posted
259 - if ( count( $posted ) && $rtitle->userCan( 'edit', false ) ) {
260 - $summary = $wgRequest->getText( 'wpSummary' ) or $summary = wfMsgForContent( 'recordadmin-typeupdated', $type );
261 - $minor = $wgRequest->getText( 'wpMinoredit' ) ? EDIT_MINOR : 0;
262 - $watch = $wgRequest->getText( 'wpWatchthis' );
 262+ # Update article if form posted
 263+ if ( count( $posted ) && $rtitle->userCan( 'edit', false ) ) {
 264+ $summary = $wgRequest->getText( 'wpSummary' ) or $summary = wfMsgForContent( 'recordadmin-typeupdated', $type );
 265+ $minor = $wgRequest->getText( 'wpMinoredit' ) ? EDIT_MINOR : 0;
 266+ $watch = $wgRequest->getText( 'wpWatchthis' );
263267
264 - # Get the location and length of the record braces to replace
265 - foreach ( $this->examineBraces( $text ) as $brace ) if ( $brace['NAME'] == $type ) $braces = $brace;
 268+ # Get the location and length of the record braces to replace
 269+ foreach ( $this->examineBraces( $text ) as $brace ) if ( $brace['NAME'] == $type ) $braces = $brace;
266270
267 - # Attempt to save the article
268 - $summary = "[[Special:RecordAdmin/$type|" . wfMsgForContent( 'recordadmin' ) . "]]: $summary";
269 - $replace = '';
270 - foreach ( $posted as $k => $v ) if ( $v ) {
271 - if ( $this->types[$k] == 'bool' ) $v = 'yes';
272 - $replace .= "| $k = $v\n";
273 - }
274 - $replace = $replace ? "{{" . "$type\n$replace}}" : "{{" . "$type}}";
275 - $text = substr_replace( $text, $replace, $braces['OFFSET'], $braces['LENGTH'] );
276 - $success = $article->doEdit( $text, $summary, EDIT_UPDATE|$minor );
277 - if ($watch) $article->doWatch();
 271+ # Attempt to save the article if allowed
 272+ if ( !$wgSecurityProtectRecords || $this->template->userCan( 'edit' ) ) {
 273+ $summary = "[[Special:RecordAdmin/$type|" . wfMsgForContent( 'recordadmin' ) . "]]: $summary";
 274+ $replace = '';
 275+ foreach ( $posted as $k => $v ) if ( $v ) {
 276+ if ( $this->types[$k] == 'bool' ) $v = 'yes';
 277+ $replace .= "| $k = $v\n";
 278+ }
 279+ $replace = $replace ? "{{" . "$type\n$replace}}" : "{{" . "$type}}";
 280+ $text = substr_replace( $text, $replace, $braces['OFFSET'], $braces['LENGTH'] );
 281+ $success = $article->doEdit( $text, $summary, EDIT_UPDATE|$minor );
 282+ if ($watch) $article->doWatch();
 283+ } else $success = false;
278284
279 - # Redirect to view the record if successfully updated
280 - if ( $success ) {
281 - $wgOut->disable();
282 - wfResetOutputBuffers();
283 - header( "Location: " . $rtitle->getFullUrl() );
 285+ # Redirect to view the record if successfully updated
 286+ if ( $success ) {
 287+ $wgOut->disable();
 288+ wfResetOutputBuffers();
 289+ header( "Location: " . $rtitle->getFullUrl() );
 290+ }
 291+
 292+ # Stay at edit form and render error if not edited successfully
 293+ else $wgOut->addHTML( "<div class='errorbox'>" . wfMsg( 'recordadmin-updateerror' ) . "</div>\n" );
 294+ $wgOut->addHTML( "<br /><br /><br /><br />\n" );
284295 }
285296
286 - # Stay at edit form and render error if not edited successfully
287 - else $wgOut->addHTML( "<div class='errorbox'>" . wfMsg( 'recordadmin-updateerror' ) . "</div>\n" );
288 - $wgOut->addHTML( "<br /><br /><br /><br />\n" );
289 - }
 297+ # Extract current values from article
 298+ $braces = false;
 299+ foreach ( $this->examineBraces( $text ) as $brace ) if ( $brace['NAME'] == $type ) $braces = $brace;
 300+ if ( $braces ) {
 301+ # Fill in current values
 302+ $this->populateForm( substr( $text, $braces['OFFSET'], $braces['LENGTH'] ) );
290303
291 - # Extract current values from article
292 - $braces = false;
293 - foreach ( $this->examineBraces( $text ) as $brace ) if ( $brace['NAME'] == $type ) $braces = $brace;
294 - if ( $braces ) {
295 - # Fill in current values
296 - $this->populateForm( substr( $text, $braces['OFFSET'], $braces['LENGTH'] ) );
 304+ # Render the form
 305+ $wgOut->addHTML( "<form class=\"{$this->formClass}\"{$this->formAtts} action=\"$action\" method=\"POST\">" );
 306+ $wgOut->addHTML( $this->form );
 307+ $wgOut->addHTML( Xml::element( 'input', array( 'type' => 'hidden', 'name' => 'wpType', 'value' => $type ) ) );
 308+ $wgOut->addHTML( Xml::element( 'input', array( 'type' => 'hidden', 'name' => 'wpRecord', 'value' => $record ) ) );
 309+ $wgOut->addHTML( '<br /><hr /><br />'
 310+ . "<span id='wpSummaryLabel'><label for='wpSummary'>Summary:</label></span>&nbsp;"
 311+ . Xml::element( 'input', array( 'type' => 'text', 'name' => 'wpSummary', 'id' => 'wpSummary', 'maxlength' => '200', 'size' => '60' ) )
 312+ . "<br />\n"
 313+ . Xml::element( 'input', array( 'type' => 'checkbox', 'name' => 'wpMinoredit', 'value' => '1', 'id' => 'wpMinoredit', 'accesskey' => 'i' ) )
 314+ . "&nbsp;<label for='wpMinoredit' title='Mark this as a minor edit [i]' accesskey='i'>This is a minor edit</label>&nbsp;"
 315+ . Xml::element( 'input', array( 'type' => 'checkbox', 'name' => 'wpWatchthis', 'value' => '1', 'id' => 'wpWatchthis', 'accesskey' => 'w' ) )
 316+ . "&nbsp;<label for='wpWatchthis' title='Add this page to your watchlist [w]' accesskey='w'>Watch this page</label>\n"
 317+ . "<br />\n"
 318+ . ( ( !$wgSecurityProtectRecords || $this->template->userCan( 'edit' ) )
 319+ ? Xml::element( 'input', array( 'type' => 'submit', 'value' => wfMsg( 'recordadmin-buttonsave' ) ) ) . '&nbsp;'
 320+ : '' )
 321+ . Xml::element( 'input', array( 'type' => 'reset', 'value' => wfMsg( 'recordadmin-buttonreset' ) ) ) . '</form>'
 322+ );
 323+ }
297324
298 - # Render the form
299 - $wgOut->addHTML( "<form class=\"{$this->formClass}\"{$this->formAtts} action=\"$action\" method=\"POST\">" );
300 - $wgOut->addHTML( $this->form );
301 - $wgOut->addHTML( Xml::element( 'input', array( 'type' => 'hidden', 'name' => 'wpType', 'value' => $type ) ) );
302 - $wgOut->addHTML( Xml::element( 'input', array( 'type' => 'hidden', 'name' => 'wpRecord', 'value' => $record ) ) );
303 - $wgOut->addHTML( '<br /><hr /><br />'
304 - . "<span id='wpSummaryLabel'><label for='wpSummary'>Summary:</label></span>&nbsp;"
305 - . Xml::element( 'input', array( 'type' => 'text', 'name' => 'wpSummary', 'id' => 'wpSummary', 'maxlength' => '200', 'size' => '60' ) )
306 - . "<br />\n"
307 - . Xml::element( 'input', array( 'type' => 'checkbox', 'name' => 'wpMinoredit', 'value' => '1', 'id' => 'wpMinoredit', 'accesskey' => 'i' ) )
308 - . "&nbsp;<label for='wpMinoredit' title='Mark this as a minor edit [i]' accesskey='i'>This is a minor edit</label>&nbsp;"
309 - . Xml::element( 'input', array( 'type' => 'checkbox', 'name' => 'wpWatchthis', 'value' => '1', 'id' => 'wpWatchthis', 'accesskey' => 'w' ) )
310 - . "&nbsp;<label for='wpWatchthis' title='Add this page to your watchlist [w]' accesskey='w'>Watch this page</label>\n"
311 - . "<br />\n"
312 - . Xml::element( 'input', array( 'type' => 'submit', 'value' => wfMsg( 'recordadmin-buttonsave' ) ) ) . '&nbsp;'
313 - . Xml::element( 'input', array( 'type' => 'reset', 'value' => wfMsg( 'recordadmin-buttonreset' ) ) ) . '</form>'
314 - );
 325+ # No instance of the template found, just display the article content
 326+ else $wgOut->addWikiText( $text );
315327 }
316 -
317 - # No instance of the template found, just display the article content
318 - else $wgOut->addWikiText( $text );
 328+
 329+ else {
 330+ $wgOut->addWikiText( wfMsg( 'badaccess-read', $record ) );
 331+ }
319332 }
320333 }
321334
Index: trunk/extensions/RecordAdmin/RecordAdmin.php
@@ -11,7 +11,7 @@
1212 * @licence GNU General Public Licence 2.0 or later
1313 */
1414
15 -define( 'RECORDADMIN_VERSION', '0.10.3, 2010-01-24' );
 15+define( 'RECORDADMIN_VERSION', '0.10.4, 2010-02-13' );
1616
1717 $wgRecordAdminUseNamespaces = false; # Whether record articles should be in a namespace of the same name as their type
1818 $wgRecordAdminCategory = 'Records'; # Category containing record types

Comments

#Comment by Nikerabbit (talk | contribs)   11:23, 13 February 2010

Wow this code needs some care.

  • There is lots of functions in Html/Xml classes to make the code shorter and clearer
  • I'm pretty sure there is redirect method in OutputPage
  • addWikiText is bad for interface, does not handle i18n properly. addWikiMsg/wrapWikiMsg should be used where possible
  • Hard-coded strings
  • WebRequest has other methods besides getText too

Status & tagging log