r98785 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r98784‎ | r98785 | r98786 >
Date:17:55, 3 October 2011
Author:ashley
Status:deferred (Comments)
Tags:
Comment:
FreqPatternTagCloud: initial cleanup to Special:FreqPatternTagCloud file + add a bunch of FIXMEs (register_globals, SQL injection, XSS...)
Modified paths:
  • /trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php (modified) (history)
  • /trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php (modified) (history)

Diff [purge]

Index: trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php
@@ -1,301 +1,360 @@
22 <?php
3 -
43 /**
54 * Frequent Pattern Tag Cloud Plug-in
65 * Special page
7 - *
 6+ *
87 * @author Tobias Beck, University of Heidelberg
98 * @author Andreas Fay, University of Heidelberg
109 * @version 1.0
1110 */
1211
13 -include_once(FPTC_PATH_INCLUDES."TagCloud.php");
14 -include_once(FPTC_PATH_INCLUDES."Proposal.php");
 12+include_once( FPTC_PATH_INCLUDES . 'TagCloud.php' );
 13+include_once( FPTC_PATH_INCLUDES . 'Proposal.php' );
1514
1615 class FreqPatternTagCloud extends SpecialPage {
17 -
18 - const ATTRIBUTE_VALUE_INDEX_SPECIALPAGE = "SearchByProperty";
19 -
20 - const CATEGORY_PAGE = "Category";
21 -
 16+
 17+ const ATTRIBUTE_VALUE_INDEX_SPECIALPAGE = 'SearchByProperty';
 18+
 19+ const CATEGORY_PAGE = 'Category';
 20+
2221 /**
2322 * Maximum font size of tags in px
2423 *
2524 * @var int
2625 */
2726 private $fontSizeMax = 70;
28 -
 27+
2928 /**
3029 * Minimum font size of tags in px
31 - *
 30+ *
3231 * @var int
3332 */
3433 private $fontSizeMin = 8;
35 -
36 - const MAINTENANCE_SPECIALPAGE = "FreqPatternTagCloudMaintenance";
37 -
38 - const SPECIALPAGE_PREFIX = "Special";
39 -
 34+
 35+ const MAINTENANCE_SPECIALPAGE = 'FreqPatternTagCloudMaintenance';
 36+
 37+ const SPECIALPAGE_PREFIX = 'Special';
 38+
4039 /**
41 - * Constructor
42 - *
43 - * @return void
 40+ * Constructor -- set up the new special page
4441 */
4542 public function __construct() {
46 - parent::__construct("FreqPatternTagCloud");
47 - $this->includable(true);
 43+ parent::__construct( 'FreqPatternTagCloud' );
 44+ $this->includable( true );
4845 }
4946
5047 /**
5148 * Executes special page (will be called when accessing special page)
5249 *
53 - * @param string $par Content of GET-Parameter
54 - * @return void
 50+ * @param $par Mixed: parameter passed to the special page or null
5551 */
56 - public function execute($par) {
57 - global $wgFreqPatternTagCloudMaxFontSize, $wgFreqPatternTagCloudMinFontSize, $wgRequest, $wgOut, $searchAttribut, $wgScriptPath;
58 -
59 - include_once("includes/FrequentPattern.php");
 52+ public function execute( $par ) {
 53+ global $wgFreqPatternTagCloudMaxFontSize, $wgFreqPatternTagCloudMinFontSize;
 54+
 55+ include_once( "includes/FrequentPattern.php" );
6056 /*
6157 FrequentPattern::deleteAllRules();
6258 FrequentPattern::computeAllRules();
6359 FrequentPattern::showAllRules();
6460 */
65 -
 61+
6662 $this->setHeaders();
67 -
 63+
6864 // Configuration
 65+ // @todo FIXME: register_globals...
6966 if (isset($wgFreqPatternTagCloudMaxFontSize)) {
7067 $this->fontSizeMax = $wgFreqPatternTagCloudMaxFontSize;
7168 }
7269 if (isset($wgFreqPatternTagCloudMinFontSize)) {
7370 $this->fontSizeMin = $wgFreqPatternTagCloudMinFontSize;
7471 }
75 -
 72+
7673 // Check whether special page is included
7774 // Show attribute-selection form only if special page is not included and $par was given
78 -
79 - if (!$this->including() || !strlen($par)) {
 75+ if ( !$this->including() || !strlen( $par ) ) {
8076 // Print form
81 - $this->printForm($par);
82 -
 77+ $this->printForm( $par );
 78+
8379 // Print search result with suggestions
84 - $this->printSearchResult($par);
 80+ $this->printSearchResult( $par );
8581 }
86 - $this->printTagCloud($par);
 82+
 83+ $this->printTagCloud( $par );
8784 }
88 -
 85+
8986 /**
9087 * Gets suggestions for current attribute value
9188 *
92 - * @param string $currentAttributeValue
 89+ * @param $currentAttributeValue String
9390 * @return string JSON Array of attributes
9491 */
95 - public static function getAttributeSuggestions($currentAttributeValue) {
96 - $dbr =& wfGetDB( DB_SLAVE );
97 -
98 - $res = $dbr->select("smw_ids", "smw_title", "smw_namespace = 102 AND LENGTH(smw_iw) = 0 AND smw_title LIKE '%".mysql_real_escape_string($currentAttributeValue)."%'", __METHOD__, array("ORDER BY" => "smw_title", "LIMIT" => 20));
99 -
 92+ public static function getAttributeSuggestions( $currentAttributeValue ) {
 93+ $dbr = wfGetDB( DB_SLAVE );
 94+
 95+ $res = $dbr->select(
 96+ 'smw_ids',
 97+ 'smw_title',
 98+ array(
 99+ 'smw_namespace' => 102,
 100+ 'LENGTH(smw_iw) = 0',
 101+ 'smw_title ' . $dbr->buildLike(
 102+ $dbr->anyString(),
 103+ $currentAttributeValue,
 104+ $dbr->anyString()
 105+ )
 106+ ),
 107+ __METHOD__,
 108+ array( 'ORDER BY' => 'smw_title', 'LIMIT' => 20 )
 109+ );
 110+
100111 $attributes = array();
101 - while ($row = $res->fetchRow()) {
102 - $attributes[] = sprintf('"%s"', addcslashes($row['smw_title'], '"'));
 112+ while ( $row = $res->fetchRow() ) {
 113+ $attributes[] = sprintf( '"%s"', addcslashes( $row['smw_title'], '"' ) );
103114 }
104 -
 115+
105116 // Category
106 - if (strpos(wfMsg("fptc-categoryname"), $currentAttributeValue) !== false) {
107 - $attributes[] = sprintf('"%s"', wfMsg("fptc-categoryname"));
 117+ if ( strpos( wfMsg( 'fptc-categoryname' ), $currentAttributeValue ) !== false ) {
 118+ $attributes[] = sprintf( '"%s"', wfMsg( 'fptc-categoryname' ) );
108119 }
109 -
110 - $res->free();
111 -
112 - return sprintf("[%s]", implode(", ", $attributes));
 120+
 121+ return sprintf( '[%s]', implode( ', ', $attributes ) );
113122 }
114 -
 123+
115124 /**
116125 * Gets suggestions for current search value
117126 *
118 - * @param string $currentSearchValue
 127+ * @param $currentSearchValue String
119128 * @return string JSON Array of values
120129 */
121 - public static function getSearchSuggestions($currentSearchValue) {
122 - $dbr =& wfGetDB( DB_SLAVE );
123 -
 130+ public static function getSearchSuggestions( $currentSearchValue ) {
 131+ $dbr = wfGetDB( DB_SLAVE );
 132+
124133 // Get possible attribute values
125 - $res = $dbr->query("(SELECT DISTINCT vals.smw_title AS val, atts.smw_title AS att
126 - FROM ".$dbr->tableName("smw_ids")." vals, ".$dbr->tableName("smw_ids")." atts, ".$dbr->tableName("smw_rels2")." rels
127 - WHERE vals.smw_id = rels.o_id
128 - AND atts.smw_id = rels.p_id
129 - AND vals.smw_namespace = 0
130 - AND atts.smw_namespace = 102
131 - AND LENGTH(vals.smw_iw) = 0
132 - AND LENGTH(atts.smw_iw) = 0
133 - AND vals.smw_title LIKE '%".mysql_real_escape_string($currentSearchValue)."%'
134 - ORDER BY vals.smw_title
135 - LIMIT 20) UNION (
136 - SELECT smw_title AS val, '".wfMsg("fptc-categoryname")."' AS att
137 - FROM ".$dbr->tableName("smw_ids")."
138 - WHERE smw_title LIKE '%".mysql_real_escape_string($currentSearchValue)."%'
139 - AND smw_namespace = 14
140 - ORDER BY smw_title
141 - LIMIT 10
142 - )");
143 -
 134+ // @todo FIXME: ugly + SQL INJECTION POINT!
 135+ $res = $dbr->query(
 136+ "(SELECT DISTINCT vals.smw_title AS val, atts.smw_title AS att
 137+ FROM ".$dbr->tableName("smw_ids")." vals, ".$dbr->tableName("smw_ids")." atts, ".$dbr->tableName("smw_rels2")." rels
 138+ WHERE vals.smw_id = rels.o_id
 139+ AND atts.smw_id = rels.p_id
 140+ AND vals.smw_namespace = 0
 141+ AND atts.smw_namespace = 102
 142+ AND LENGTH(vals.smw_iw) = 0
 143+ AND LENGTH(atts.smw_iw) = 0
 144+ AND vals.smw_title LIKE '%".mysql_real_escape_string($currentSearchValue)."%'
 145+ ORDER BY vals.smw_title
 146+ LIMIT 20) UNION (
 147+ SELECT smw_title AS val, '".wfMsg("fptc-categoryname")."' AS att
 148+ FROM ".$dbr->tableName("smw_ids")."
 149+ WHERE smw_title LIKE '%".mysql_real_escape_string($currentSearchValue)."%'
 150+ AND smw_namespace = 14
 151+ ORDER BY smw_title
 152+ LIMIT 10
 153+ )"
 154+ );
 155+
144156 $suggestions = array();
145 - while ($row = $res->fetchRow()) {
 157+ while ( $row = $res->fetchRow() ) {
146158 // Apply frequent pattern rules
147 - $conclusions = FrequentPattern::getConclusions($row['att'], $row['val']);
148 -
149 - if (!count($conclusions)) {
 159+ $conclusions = FrequentPattern::getConclusions( $row['att'], $row['val'] );
 160+
 161+ if ( !count( $conclusions ) ) {
150162 continue;
151163 } else {
152 - foreach ($conclusions as $conclusion) {
153 - $suggestions[] = sprintf('{ "label": "%s", "category": "'.addcslashes(wfMsg("fptc-search-suggestion-value"), '"').'" }', addcslashes($conclusion, '"'), addcslashes($row['val'], '"'));
 164+ foreach ( $conclusions as $conclusion ) {
 165+ $suggestions[] = sprintf(
 166+ '{ "label": "%s", "category": "' .
 167+ addcslashes( wfMsg( 'fptc-search-suggestion-value' ), '"' ) .
 168+ '" }', addcslashes( $conclusion, '"' ), addcslashes( $row['val'], '"' )
 169+ );
154170 }
155171 }
156172 }
157 -
158 - $res->free();
159 -
160 - return sprintf("[%s]", implode(", ", $suggestions));
 173+
 174+ return sprintf( '[%s]', implode( ', ', $suggestions ) );
161175 }
162 -
 176+
163177 /**
164178 * Gets suggestions
165179 *
166 - * @param string $attribute Attribute
167 - * @param string $value Chosen value
168 - * @return string
169 - *
 180+ * @param $attribute String: attribute
 181+ * @param $value String: chosen value
 182+ * @return string
170183 */
171 - public static function getSuggestions($attribute, $value) {
 184+ public static function getSuggestions( $attribute, $value ) {
172185 // Get similar tags, sorted by priority
173 - $tags = FrequentPattern::getConclusions($attribute, $value);
174 -
175 - if (!count($tags)) {
 186+ $tags = FrequentPattern::getConclusions( $attribute, $value );
 187+
 188+ if ( !count( $tags ) ) {
176189 return '<li class="no_entries">-</li>';
177190 } else {
178191 $suggestions = array();
179 - foreach ($tags as $number => $tag) {
180 - $suggestions[] = sprintf('<li class="similar_tag"><a href="#browse_similar_tag" title="%2$s">%1$d. %2$s</a></li>', $number + 1, $tag);
 192+ foreach ( $tags as $number => $tag ) {
 193+ $suggestions[] = sprintf(
 194+ '<li class="similar_tag"><a href="#browse_similar_tag" title="%2$s">%1$d. %2$s</a></li>',
 195+ $number + 1, $tag
 196+ );
181197 }
182 -
183 - return implode("\n", $suggestions);
 198+
 199+ return implode( "\n", $suggestions );
184200 }
185201 }
186 -
 202+
187203 /**
188204 * Prints form to <code>$wgOut</code>
189205 *
190 - * @param string $defaultAttribute (optional)Default value for attribute to be tagged
191 - * @return void
 206+ * @param $defaultAttribute String: (optional)Default value for attribute to be tagged
192207 */
193 - private function printForm($defaultAttribute) {
 208+ private function printForm( $defaultAttribute ) {
194209 global $wgOut, $wgUser;
195 -
 210+
196211 // Add input field
197 - if ($wgUser->isAllowed("protect")) {
198 - $refreshData = sprintf('<div id="fptc_refresh">%s</div>',
199 - $wgOut->parseInline(sprintf('[[:%s:%s|%s]]', self::SPECIALPAGE_PREFIX, self::MAINTENANCE_SPECIALPAGE, wfMsg("fptc-refresh-frequent-patterns"))));
 212+ if ( $wgUser->isAllowed( 'protect' ) ) {
 213+ $refreshData = sprintf(
 214+ '<div id="fptc_refresh">%s</div>',
 215+ $wgOut->parseInline(
 216+ sprintf(
 217+ '[[:%s:%s|%s]]',
 218+ self::SPECIALPAGE_PREFIX,
 219+ self::MAINTENANCE_SPECIALPAGE,
 220+ wfMsg( 'fptc-refresh-frequent-patterns' )
 221+ )
 222+ )
 223+ );
200224 } else {
201 - $refreshData = "";
 225+ $refreshData = '';
202226 }
203 - $wgOut->addHTML($refreshData.wfMsg("fptc-form-attribute-name").': <input type="text" name="fptc_attributeName" id="fptc_attributeName" value="'.$defaultAttribute.'"><input type="submit" value="'.wfMsg("fptc-form-submit-button").'" onClick="fptc_relocate();">
204 - ');
205 -
206 - $wgOut->addHTML("<br><br>");
 227+
 228+ $wgOut->addHTML(
 229+ $refreshData .
 230+ wfMsg( 'fptc-form-attribute-name' ) .
 231+ ' <input type="text" name="fptc_attributeName" id="fptc_attributeName" value="' .
 232+ $defaultAttribute . '"><input type="submit" value="' .
 233+ wfMsg( 'fptc-form-submit-button' ) . '" onclick="fptc_relocate();">'
 234+ );
 235+
 236+ $wgOut->addHTML( '<br /><br />' );
207237 }
208 -
 238+
209239 /**
210240 * Prints tag cloud for attribute <code>attribute</code> to <code>$wgOut</code>
211241 *
212 - * @param string $attribute Attribute
213 - * @return void
 242+ * @param $attribute String: attribute
214243 */
215 - private function printTagCloud($attribute) {
 244+ private function printTagCloud( $attribute ) {
216245 global $wgOut;
217 -
 246+
218247 try {
219 - $tagCloud = new TagCloud($attribute);
220 -
 248+ $tagCloud = new TagCloud( $attribute );
 249+
221250 // Context menu
222 - $wgOut->addHTML('<ul id="fptc_contextMenu" class="contextMenu">
223 - <li class="browse">
224 - <a href="#browse">'.wfMsg("fptc-context-menu-browse").'</a>
225 - </li>
226 - <li class="suggestions separator">
227 - '.wfMsg("fptc-context-menu-similar-tags").':
228 - </li>
229 - </ul>');
230 -
 251+ $wgOut->addHTML(
 252+ '<ul id="fptc_contextMenu" class="contextMenu">
 253+ <li class="browse">
 254+ <a href="#browse">' . wfMsg( 'fptc-context-menu-browse' ) . '</a>
 255+ </li>
 256+ <li class="suggestions separator">
 257+ ' . wfMsg( 'fptc-context-menu-similar-tags' ) . '
 258+ </li>
 259+ </ul>'
 260+ );
 261+
231262 // Print tags
232 - foreach ($tagCloud->getTags() as $tag) {
233 - $this->printTag($tag, $attribute);
 263+ foreach ( $tagCloud->getTags() as $tag ) {
 264+ $this->printTag( $tag, $attribute );
234265 }
235 -
236 - $wgOut->addHTML('<div style="clear:both"></div>');
237 - } catch (InvalidAttributeException $e) {
238 - if ($attribute) {
 266+
 267+ $wgOut->addHTML( '<div style="clear:both"></div>' );
 268+ } catch ( InvalidAttributeException $e ) {
 269+ if ( $attribute ) {
239270 // Attribute not found -> show error
240 - $wgOut->addHTML('<span style="color:red; font-weight:bold;">'.wfMsg("fptc-invalid-attribute").'</span>');
 271+ $wgOut->addHTML(
 272+ '<span style="color:red; font-weight:bold;">' .
 273+ wfMsg( 'fptc-invalid-attribute' ) .
 274+ '</span>'
 275+ );
241276 }
242277 }
243278 }
244 -
 279+
245280 /**
246281 * Prints tag to <code>$wgOut</code>
247282 *
248 - * @param Tag $tag
249 - * @return void
250 - *
 283+ * @param $tag Tag
 284+ * @param $attribute
251285 */
252 - private function printTag(Tag $tag, $attribute) {
 286+ private function printTag( Tag $tag, $attribute ) {
253287 global $wgOut;
254 -
255 - $wgOut->addHTML(sprintf('<div class="fptc_tag" style="font-size:%dpx;">%s</div>',
256 - $this->fontSizeMin + ($this->fontSizeMax - $this->fontSizeMin) * $tag->getRate(),
257 - $attribute == wfMsg("fptc-categoryname")
258 - ? $wgOut->parseInline(sprintf("[[:%s:%s|%s]]", self::CATEGORY_PAGE, $tag->getValue(), $tag->getValue()))
259 - : $wgOut->parseInline(sprintf("[[:%s:%s/%s/%s|%s]]", self::SPECIALPAGE_PREFIX, self::ATTRIBUTE_VALUE_INDEX_SPECIALPAGE, $attribute, $tag->getValue(), $tag->getValue()))));
 288+
 289+ $wgOut->addHTML(
 290+ sprintf(
 291+ '<div class="fptc_tag" style="font-size:%dpx;">%s</div>',
 292+ $this->fontSizeMin + ( $this->fontSizeMax - $this->fontSizeMin ) * $tag->getRate(),
 293+ $attribute == wfMsg( 'fptc-categoryname' )
 294+ ? $wgOut->parseInline(
 295+ sprintf(
 296+ '[[:%s:%s|%s]]',
 297+ self::CATEGORY_PAGE,
 298+ $tag->getValue(),
 299+ $tag->getValue()
 300+ )
 301+ )
 302+ : $wgOut->parseInline(
 303+ sprintf(
 304+ '[[:%s:%s/%s/%s|%s]]',
 305+ self::SPECIALPAGE_PREFIX,
 306+ self::ATTRIBUTE_VALUE_INDEX_SPECIALPAGE,
 307+ $attribute,
 308+ $tag->getValue(),
 309+ $tag->getValue()
 310+ )
 311+ )
 312+ )
 313+ );
260314 }
261 -
262 - /** Prints the result of the search for attribute <code>attribute</code> to <code>$wgOut</code>
 315+
 316+ /**
 317+ * Prints the result of the search for attribute <code>attribute</code> to
 318+ * <code>$wgOut</code>
263319 *
264 - * @param string $attribute Attribute
265 - * @return void
 320+ * @param $attribute String: attribute
266321 */
267 - private function printSearchResult($attribute) {
 322+ private function printSearchResult( $attribute ) {
268323 global $wgOut;
269 -
270 - if (strlen($attribute)) {
 324+
 325+ if ( strlen( $attribute ) ) {
271326 try {
272 - $searchResult = new TagCloud($attribute);
273 -
274 - } catch (InvalidAttributeException $e) {
275 -
276 - if ($attribute) {
277 - $proposal = new Proposal($attribute);
 327+ $searchResult = new TagCloud( $attribute );
 328+
 329+ } catch ( InvalidAttributeException $e ) {
 330+
 331+ if ( $attribute ) {
 332+ $proposal = new Proposal( $attribute );
278333 // Attribute not found -> show attributes that are related
279334 try {
280335 // Only if suggestions found
281 - if ($proposal->getProposal()) {
282 - $wgOut->addHTML(wfMsg("fptc-suggestion"));
283 - $wgOut->addHTML(" ");
 336+ if ( $proposal->getProposal() ) {
 337+ $wgOut->addHTML( wfMsg( 'fptc-suggestion' ) );
 338+ $wgOut->addHTML( ' ' );
284339 }
285 - $w=1;
286 - foreach ($proposal->getProposal() as $possibleAttribute) {
287 -
288 - $wgOut->addHTML('<a href='.$possibleAttribute.'>'.$possibleAttribute.'</a>');
289 - if ($w < count($proposal->getProposal())) {
290 - $wgOut->addHTML(", ");
 340+
 341+ $w = 1;
 342+ foreach ( $proposal->getProposal() as $possibleAttribute ) {
 343+ $wgOut->addHTML(
 344+ // @todo FIXME: oh hello there XSS
 345+ '<a href=' . $possibleAttribute . '>' .
 346+ $possibleAttribute . '</a>'
 347+ );
 348+ if ( $w < count( $proposal->getProposal() ) ) {
 349+ $wgOut->addHTML( ', ' );
291350 }
292351 $w++;
293352 }
294 -
295 - } catch (InvalidAttributeException $e) {
296 - $wgOut->addHTML(wfMsg("fptc-no-suggestion"));
 353+
 354+ } catch ( InvalidAttributeException $e ) {
 355+ $wgOut->addHTML( wfMsg( 'fptc-no-suggestion' ) );
297356 }
298 - if ($proposal->getProposal()) {
299 - $wgOut->addHTML("<br><br>");
 357+ if ( $proposal->getProposal() ) {
 358+ $wgOut->addHTML( '<br /><br />' );
300359 }
301360 }
302361 }
Index: trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php
@@ -16,8 +16,8 @@
1717 'freqpatterntagcloudmaintenance' => 'Frequent Pattern Tag Cloud Maintenance',
1818 'fptc-categoryname' => 'Category',
1919 'fptc-context-menu-browse' => 'Browse pages with this value',
20 - 'fptc-context-menu-similar-tags' => 'Similar tags',
21 - 'fptc-form-attribute-name' => 'Property',
 20+ 'fptc-context-menu-similar-tags' => 'Similar tags:',
 21+ 'fptc-form-attribute-name' => 'Property:',
2222 'fptc-form-submit-button' => 'Submit',
2323 'fptc-invalid-attribute' => 'The entered property is invalid.',
2424 'fptc-insufficient-rights-for-maintenance' => 'You have to log in as system administrator to view this page.',
@@ -39,8 +39,8 @@
4040 'freqpatterntagcloudmaintenance' => 'Frequent Pattern Tag Cloud Maintenance',
4141 'fptc-categoryname' => 'Kategorie',
4242 'fptc-context-menu-browse' => 'Durchsuche Seiten mit diesem Wert',
43 - 'fptc-context-menu-similar-tags' => 'Ähnliche Tags',
44 - 'fptc-form-attribute-name' => 'Attribut',
 43+ 'fptc-context-menu-similar-tags' => 'Ähnliche Tags:',
 44+ 'fptc-form-attribute-name' => 'Attribut:',
4545 'fptc-form-submit-button' => 'Eingabe',
4646 'fptc-invalid-attribute' => 'Das eingegebene Attribut ist ungültig.',
4747 'fptc-insufficient-rights-for-maintenance' => 'Um diese Seite sehen zu können müssen Sie als Systemadministrator angemeldet sein.',

Comments

#Comment by Johnduhart (talk | contribs)   10:53, 5 October 2011

Again, use the autoloader.

Status & tagging log