From 674b24b02465f0d80aba8df843a8fbc985616d67 Mon Sep 17 00:00:00 2001
From: Tim Starling <tstarling@users.mediawiki.org>
Date: Fri, 13 Aug 2004 11:57:20 +0000
Subject: [PATCH] Fixed register_globals dependence, fixed HTML-insertion
 vulnerability by replacing the useless $limit with the actual number of rows
 returned

---
 includes/SpecialWatchlist.php | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/includes/SpecialWatchlist.php b/includes/SpecialWatchlist.php
index cd96ae921b..0518dc9d18 100644
--- a/includes/SpecialWatchlist.php
+++ b/includes/SpecialWatchlist.php
@@ -4,9 +4,8 @@ require_once( "WatchedItem.php" );
 
 function wfSpecialWatchlist()
 {
-	global $wgUser, $wgOut, $wgLang, $wgTitle, $wgMemc;
+	global $wgUser, $wgOut, $wgLang, $wgTitle, $wgMemc, $wgRequest;
 	global $wgUseWatchlistCache, $wgWLCacheTimeout, $wgDBname;
-	global $days, $limit, $target; # From query string
 	$fname = "wfSpecialWatchlist";
 
 	$wgOut->setPagetitle( wfMsg( "watchlist" ) );
@@ -22,7 +21,12 @@ function wfSpecialWatchlist()
 		return;
 	}
 
-	global $action,$remove,$id;
+	# Get query variables
+	$days = $wgRequest->getVal( 'days' );
+	$action = $wgRequest->getVal( 'action' );
+	$remove = $wgRequest->getVal( 'remove' );
+	$id = $wgRequest->getVal( 'id' );
+
 	if(($action == "submit") && isset($remove) && is_array($id)) {
 		$wgOut->addHTML( wfMsg( "removingchecked" ) );
 		foreach($id as $one) {
@@ -62,8 +66,8 @@ function wfSpecialWatchlist()
         $wgOut->addHTML( wfMsg( "nowatchlist" ) );
         return;
 	}
-
-	if ( ! isset( $days ) ) {
+	
+	if ( is_null( $days ) ) {
 		$big = 1000;
 		if($nitems > $big) {
 			# Set default cutoff shorter
@@ -100,7 +104,6 @@ function wfSpecialWatchlist()
 			"<ul>\n" );
 		$sql = "SELECT wl_namespace,wl_title FROM $watchlist WHERE wl_user=$uid";
 		$res = $dbr->query( $sql );
-		global $wgUser, $wgLang;
 		$sk = $wgUser->getSkin();
 		while( $s = $dbr->fetchObject( $res ) ) {
 			$t = Title::makeTitle( $s->wl_namespace, $s->wl_title );
@@ -156,18 +159,18 @@ function wfSpecialWatchlist()
 
 
 	$res = $dbr->query( $sql, $fname );
-
+	$numRows = $dbr->numRows( $res );
 	if($days >= 1)
-		$note = wfMsg( "rcnote", $wgLang->formatNum( $limit ), $wgLang->formatNum( $days ) );
+		$note = wfMsg( "rcnote", $wgLang->formatNum( $numRows ), $wgLang->formatNum( $days ) );
 	elseif($days > 0)
-		$note = wfMsg( "wlnote", $wgLang->formatNum( $limit ), $wgLang->formatNum( round($days*24) ) );
+		$note = wfMsg( "wlnote", $wgLang->formatNum( $numRows ), $wgLang->formatNum( round($days*24) ) );
 	else
 		$note = "";
 	$wgOut->addHTML( "\n<hr />\n{$note}\n<br />" );
-	$note = wlCutoffLinks( $days, $limit );
+	$note = wlCutoffLinks( $days );
 	$wgOut->addHTML( "{$note}\n" );
 
-	if ( $dbr->numRows( $res ) == 0 ) {
+	if ( $numRows == 0 ) {
 		$wgOut->addHTML( "<p><i>" . wfMsg( "watchnochange" ) . "</i></p>" );
 		return;
 	}
@@ -213,7 +216,7 @@ function wlDaysLink( $d, $page ) {
 	return $s;
 }
 
-function wlCutoffLinks( $days, $limit, $page = "Watchlist" )
+function wlCutoffLinks( $days, $page = "Watchlist" )
 {
 	$hours = array( 1, 2, 6, 12 );
 	$days = array( 1, 3, 7 );
-- 
2.20.1