r93030 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r93029‎ \| r93030 \| r93031 >
Date:	23:36, 24 July 2011
Author:	jeroendedauw
Status:	deferred
Tags:	lamecommitsummary
Comment:	fu r93023
Modified paths:	/trunk/extensions/Widgets/WidgetRenderer.php (modified) (history) /trunk/extensions/Widgets/Widgets.php (modified) (history) /trunk/extensions/Widgets/smarty_plugins/modifier.validate.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Widgets/WidgetRenderer.php
—	—	@@ -3,158 +3,151 @@
4	4	* Class holding functions for displaying widgets.
5	5	*/
6	6
7		~~-if ( !defined( 'MEDIAWIKI' ) ) {~~
8		~~- echo "This file is not a valid entry point.";~~
9		~~- exit( 1 );~~
10		-}
11		-
12	7	class WidgetRenderer {
13	8
14		~~-public static function renderWidget ( &$parser, $widgetName ) {~~
15		~~- global $IP;~~
	9	+ public static function renderWidget ( &$parser, $widgetName ) {
	10	+ global $IP;
16	11
17		~~- $smarty = new Smarty;~~
18		~~- $smarty->left_delimiter = '<!--{';~~
19		~~- $smarty->right_delimiter = '}-->';~~
20		~~- $smarty->compile_dir = "$IP/extensions/Widgets/compiled_templates/";~~
	12	+ $smarty = new Smarty;
	13	+ $smarty->left_delimiter = '<!--{';
	14	+ $smarty->right_delimiter = '}-->';
	15	+ $smarty->compile_dir = "$IP/extensions/Widgets/compiled_templates/";
21	16
22		~~- // registering custom Smarty plugins~~
23		~~- $smarty->plugins_dir[] = "$IP/extensions/Widgets/smarty_plugins/";~~
	17	+ // registering custom Smarty plugins
	18	+ $smarty->plugins_dir[] = "$IP/extensions/Widgets/smarty_plugins/";
24	19
25		~~- $smarty->security = true;~~
26		~~- $smarty->security_settings = array(~~
27		~~- 'IF_FUNCS' => array(~~
28		~~- 'is_array',~~
29		~~- 'isset',~~
30		~~- 'array',~~
31		~~- 'list',~~
32		~~- 'count',~~
33		~~- 'sizeof',~~
34		~~- 'in_array',~~
35		~~- 'true',~~
36		~~- 'false',~~
37		~~- 'null'~~
38		~~- ),~~
39		~~- 'MODIFIER_FUNCS' => array( 'validate' )~~
40		~~- );~~
	20	+ $smarty->security = true;
	21	+ $smarty->security_settings = array(
	22	+ 'IF_FUNCS' => array(
	23	+ 'is_array',
	24	+ 'isset',
	25	+ 'array',
	26	+ 'list',
	27	+ 'count',
	28	+ 'sizeof',
	29	+ 'in_array',
	30	+ 'true',
	31	+ 'false',
	32	+ 'null'
	33	+ ),
	34	+ 'MODIFIER_FUNCS' => array( 'validate' )
	35	+ );
41	36
42		~~- // register the resource name "db"~~
43		~~- $smarty->register_resource(~~
44		~~- 'wiki',~~
45		~~- array(~~
46		~~- array('WidgetRenderer', 'wiki_get_template'),~~
47		~~- array('WidgetRenderer', 'wiki_get_timestamp'),~~
48		~~- array('WidgetRenderer', 'wiki_get_secure'),~~
49		~~- array('WidgetRenderer', 'wiki_get_trusted')~~
50		~~- )~~
51		~~- );~~
	37	+ // register the resource name "db"
	38	+ $smarty->register_resource(
	39	+ 'wiki',
	40	+ array(
	41	+ array( 'WidgetRenderer', 'wiki_get_template' ),
	42	+ array( 'WidgetRenderer', 'wiki_get_timestamp' ),
	43	+ array( 'WidgetRenderer', 'wiki_get_secure' ),
	44	+ array( 'WidgetRenderer', 'wiki_get_trusted' )
	45	+ )
	46	+ );
52	47
53		~~- $params = func_get_args();~~
54		~~- array_shift( $params ); # first one is parser - we don't need it~~
55		~~- array_shift( $params ); # second one is widget name~~
	48	+ $params = func_get_args();
	49	+ array_shift( $params ); # first one is parser - we don't need it
	50	+ array_shift( $params ); # second one is widget name
56	51
57		~~- $params_tree = array();~~
	52	+ $params_tree = array();
58	53
59		~~- foreach ( $params as $param ) {~~
60		~~- $pair = explode('=', $param, 2);~~
	54	+ foreach ( $params as $param ) {
	55	+ $pair = explode('=', $param, 2);
61	56
62		~~- if ( count( $pair ) == 2 ) {~~
63		~~- $key = trim($pair[0]);~~
64		~~- $val = trim($pair[1]);~~
65		~~- } else {~~
66		~~- $key = $param;~~
67		~~- $val = true;~~
68		~~- }~~
	57	+ if ( count( $pair ) == 2 ) {
	58	+ $key = trim( $pair[0] );
	59	+ $val = trim( $pair[1] );
	60	+ } else {
	61	+ $key = $param;
	62	+ $val = true;
	63	+ }
69	64
70		~~- if ( $val == 'false' ) {~~
71		~~- $val = false;~~
72		~~- }~~
	65	+ if ( $val == 'false' ) {
	66	+ $val = false;
	67	+ }
73	68
74		~~- /* If the name of the parameter has object notation~~
	69	+ /* If the name of the parameter has object notation
75	70
76		~~- a.b.c.d~~
	71	+ a.b.c.d
77	72
78		~~- then we assign stuff to hash of hashes, not scalar~~
	73	+ then we assign stuff to hash of hashes, not scalar
79	74
80		~~- */~~
81		~~- $keys = explode( '.', $key );~~
	75	+ */
	76	+ $keys = explode( '.', $key );
82	77
83		~~- // $subtree will be moved from top to the bottom and at the end will point to the last level~~
84		~~- $subtree =& $params_tree;~~
	78	+ // $subtree will be moved from top to the bottom and at the end will point to the last level
	79	+ $subtree =& $params_tree;
85	80
86		~~- // go throught all the keys but last one~~
87		~~- $last_key = array_pop( $keys );~~
	81	+ // go throught all the keys but last one
	82	+ $last_key = array_pop( $keys );
88	83
89		~~- foreach ( $keys as $subkey ) {~~
90		~~- // if next level of subtree doesn't exist yet, create an empty one~~
91		~~- if ( !array_key_exists( $subkey, $subtree ) ) {~~
92		~~- $subtree[$subkey] = array();~~
93		~~- }~~
	84	+ foreach ( $keys as $subkey ) {
	85	+ // if next level of subtree doesn't exist yet, create an empty one
	86	+ if ( !array_key_exists( $subkey, $subtree ) ) {
	87	+ $subtree[$subkey] = array();
	88	+ }
94	89
95		~~- // move to the lower level~~
96		~~- $subtree =& $subtree[$subkey];~~
97		~~- }~~
	90	+ // move to the lower level
	91	+ $subtree =& $subtree[$subkey];
	92	+ }
98	93
99		~~- // last portion of the key points to itself~~
100		~~- if ( isset( $subtree[$last_key] ) ) {~~
101		~~- // if already an array, push into it, otherwise, convert into array first~~
102		~~- if ( !is_array( $subtree[$last_key] ) ) {~~
103		~~- $subtree[$last_key] = array( $subtree[$last_key] );~~
104		~~- }~~
	94	+ // last portion of the key points to itself
	95	+ if ( isset( $subtree[$last_key] ) ) {
	96	+ // if already an array, push into it, otherwise, convert into array first
	97	+ if ( !is_array( $subtree[$last_key] ) ) {
	98	+ $subtree[$last_key] = array( $subtree[$last_key] );
	99	+ }
105	100
106		~~- $subtree[$last_key][] = $val;~~
107		~~- } else {~~
108		~~- // doesn't exist yet, just setting a value~~
109		~~- $subtree[$last_key] = $val;~~
110		~~- }~~
111		~~- }~~
	101	+ $subtree[$last_key][] = $val;
	102	+ } else {
	103	+ // doesn't exist yet, just setting a value
	104	+ $subtree[$last_key] = $val;
	105	+ }
	106	+ }
112	107
113		~~- $smarty->assign( $params_tree );~~
	108	+ $smarty->assign( $params_tree );
114	109
115		~~- try {~~
116		~~- $output = $smarty->fetch( "wiki:$widgetName" );~~
117		~~- } catch ( Exception $e ) {~~
118		-
119		~~- return '<div class=\"error\">' . wfMsgExt( 'widgets-desc', array( 'parsemag' ), htmlentities($widgetName) ) . '</div>';~~
120		~~- }~~
	110	+ try {
	111	+ $output = $smarty->fetch( "wiki:$widgetName" );
	112	+ } catch ( Exception $e ) {
121	113
122		~~- // Hide the widget from the parser~~
123		~~- $output = 'ENCODED_CONTENT '.base64_encode($output).' END_ENCODED_CONTENT';~~
124		~~- return $output;~~
125		-}
	114	+ return '<div class=\"error\">' . wfMsgExt( 'widgets-desc', array( 'parsemag' ), htmlentities($widgetName) ) . '</div>';
	115	+ }
126	116
127		~~-public static function processEncodedWidgetOutput( &$out, &$text ) {~~
128		~~- // Find all hidden content and restore to normal~~
129		~~- $text = preg_replace(~~
130		~~- '/ENCODED_CONTENT ([0-9a-zA-Z\/+]+=) END_ENCODED_CONTENT/esm',~~
131		~~- 'base64_decode("$1")',~~
132		~~- $text~~
133		~~- );~~
	117	+ // Hide the widget from the parser
	118	+ $output = 'ENCODED_CONTENT '.base64_encode($output).' END_ENCODED_CONTENT';
	119	+ return $output;
	120	+ }
134	121
135		~~- return true;~~
136		-}
	122	+ public static function processEncodedWidgetOutput( &$out, &$text ) {
	123	+ // Find all hidden content and restore to normal
	124	+ $text = preg_replace(
	125	+ '/ENCODED_CONTENT ([0-9a-zA-Z\/+]+=) END_ENCODED_CONTENT/esm',
	126	+ 'base64_decode("$1")',
	127	+ $text
	128	+ );
137	129
	130	+ return true;
	131	+ }
	132	+
138	133	// the following four functions are all registered with Smarty
139	134	public static function wiki_get_template( $widgetName, &$widgetCode, &$smarty_obj ) {
140	135	global $wgWidgetsUseFlaggedRevs;
141	136
142		~~- $widgetTitle = Title::newFromText($widgetName, NS_WIDGET);~~
	137	+ $widgetTitle = Title::newFromText( $widgetName, NS_WIDGET );
	138	+
143	139	if ( $widgetTitle && $widgetTitle->exists() ) {
144		~~- if ($wgWidgetsUseFlaggedRevs)~~
145		~~- {~~
	140	+ if ( $wgWidgetsUseFlaggedRevs ) {
146	141	$flaggedWidgetArticle = FlaggedArticle::getTitleInstance( $widgetTitle );
147	142	$flaggedWidgetArticleRevision = $flaggedWidgetArticle->getStableRev();
148		~~- if ($flaggedWidgetArticleRevision)~~
149		~~- {~~
	143	+
	144	+ if ( $flaggedWidgetArticleRevision ) {
150	145	$widgetCode = $flaggedWidgetArticleRevision->getRevText();
151	146	}
152		~~- else~~
153		~~- {~~
	147	+ else {
154	148	$widgetCode = '';
155	149	}
156	150	}
157		~~- else~~
158		~~- {~~
	151	+ else {
159	152	$widgetArticle = new Article( $widgetTitle, 0 );
160	153	$widgetCode = $widgetArticle->getContent();
161	154	}
—	—	@@ -171,10 +164,10 @@
172	165
173	166	public static function wiki_get_timestamp( $widgetName, &$widgetTimestamp, &$smarty_obj ) {
174	167	$widgetTitle = Title::newFromText( $widgetName, NS_WIDGET );
175		~~- if ($widgetTitle && $widgetTitle->exists()) {~~
	168	+
	169	+ if ( $widgetTitle && $widgetTitle->exists() ) {
176	170	$widgetArticle = new Article( $widgetTitle, 0 );
177	171	$widgetTimestamp = $widgetArticle->getTouched();
178		-
179	172	return true;
180	173	} else {
181	174	return false;
Index: trunk/extensions/Widgets/smarty_plugins/modifier.validate.php
—	—	@@ -9,8 +9,7 @@
10	10	* Useful when you need to validate but not escape.
11	11	* -------------------------------------------------------------
12	12	*/
13		~~-function smarty_modifier_validate($string, $type='url')~~
14		-{
	13	+function smarty_modifier_validate( $string, $type='url' ) {
15	14	// mapping for PHP filters (http://us2.php.net/manual/en/filter.constants.php)
16	15	$filters = array(
17	16	'url' => FILTER_VALIDATE_URL,
—	—	@@ -21,8 +20,7 @@
22	21	'ip' => FILTER_VALIDATE_IP
23	22	);
24	23
25		~~- if (array_key_exists($type, $filters) && filter_var($string, $filters[$type]) !== FALSE)~~
26		~~- {~~
	24	+ if ( array_key_exists($type, $filters) && filter_var($string, $filters[$type]) !== FALSE ) {
27	25	return $string;
28	26	}
29	27
Index: trunk/extensions/Widgets/Widgets.php
—	—	@@ -42,6 +42,10 @@
43	43
44	44	// Define new right
45	45	$wgAvailableRights[] = 'editwidgets';
	46	+
	47	+// Assign editing to widgeteditor and sysop groups only (widgets can be dangerous so we do it here, not in LocalSettings)
	48	+$wgGroupPermissions['*']['editwidgets'] = false;
	49	+$wgGroupPermissions['widgeteditor']['editwidgets'] = true;
46	50	$wgGroupPermissions['sysop']['editwidgets'] = true;
47	51
48	52	// Set this to true to use FlaggedRevs extension's stable version for widget security
—	—	@@ -99,10 +103,6 @@
100	104	global $wgGroupPermissions, $wgNamespaceProtection, $wgWidgetsUseFlaggedRevs;
101	105
102	106	if ( !$wgWidgetsUseFlaggedRevs ) {
103		~~- // Assign editing to widgeteditor group only (widgets can be dangerous so we do it here, not in LocalSettings)~~
104		~~- $wgGroupPermissions['*']['editwidgets'] = false;~~
105		~~- $wgGroupPermissions['widgeteditor']['editwidgets'] = true;~~
106		-
107	107	// Setting required namespace permission rights
108	108	$wgNamespaceProtection[NS_WIDGET] = array( 'editwidgets' );
109	109	}

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r93023	let sysops have the right to edit widgets by default; really doesn't make sen...	jeroendedauw	22:18, 24 July 2011

Status & tagging log

23:49, 30 August 2011 Jack Phoenix (talk | contribs) changed the tags for r93030 [added: lamecommitsummary]
22:35, 25 July 2011 😂 (talk | contribs) changed the status of r93030 [removed: new added: deferred]