* (bug 26298) Throw warning instead of silently saving blank page when php-suhosin...

To resolve this, edit your php.ini and raise the limits in suhosin.request.max_value_length and suhosin.post.max_value_length settings to more reasonable values.

As a helper for users hit by this, I've made a tweak on trunk in rXXXXX to check for the case of a missing wpTextbox1 field (which I can confirm when installing Suhosin and setting the suhosin.request.max_value_length absurdly low). This extends the previous behavior to check for incomplete form submissions by just checking if the edittime (a late field) is present; and also I added a message to show when it forces those previews.

So now when someone hits this sort of filter, it'll force a preview. Unfortunately that'll show a big empty box, but at least you'll know it's because something went wrong, and it won't save it silently...

Adds UI message 'edit_form_incomplete' with default English value. It's fairly generic as we can't know whether the field was filtered for length, content, or what.

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 638146d..9db10d7 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -57,6 +57,7 @@ class EditPage {
        var $mTokenOk = false;
        var $mTokenOkExceptSuffix = false;
        var $mTriedSave = false;
+       var $incompleteForm = false;
        var $tooBig = false;
        var $kblength = false;
        var $missingComment = false;
@@ -599,7 +600,17 @@ class EditPage {
 
                        $this->scrolltop = $request->getIntOrNull( 'wpScrolltop' );
 
-                       if ( is_null( $this->edittime ) ) {
+                       if ($this->textbox1 === '' && $request->getVal( 'wpTextbox1' ) === null) {
+                               // wpTextbox1 field is missing, possibly due to being "too big"
+                               // according to some filter rules such as Suhosin's setting for
+                               // suhosin.request.max_value_length (d'oh)
+                               $this->incompleteForm = true;
+                       } else {
+                               // edittime should be one of our last fields; if it's missing,
+                               // the submission probably broke somewhere in the middle.
+                               $this->incompleteForm = is_null( $this->edittime );
+                       }
+                       if ( $this->incompleteForm ) {
                                # If the form is incomplete, force to preview.
                                wfDebug( __METHOD__ . ": Form data appears to be incomplete\n" );
                                wfDebug( "POST DATA: " . var_export( $_POST, true ) . "\n" );
@@ -1921,6 +1932,8 @@ HTML
                        } else {
                                $note = wfMsg( 'session_fail_preview' );
                        }
+               } else if ( $this->incompleteForm ) {
+                       $note = wfMsg( 'edit_form_incomplete' );
                } else {
                        $note = wfMsg( 'previewnote' );
                }

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 1521b2b..8f65f01 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -1341,6 +1341,7 @@ If it still does not work, try [[Special:UserLogout|logging out]] and logging ba
 'token_suffix_mismatch'            => "'''Your edit has been rejected because your client mangled the punctuation characters in the edit token.'''
 The edit has been rejected to prevent corruption of the page text.
 This sometimes happens when you are using a buggy web-based anonymous proxy service.",
+'edit_form_incomplete'             => "'''Some parts of the edit form did not reach the server; double-check that your edits are intact and try again.'''",
 'editing'                          => 'Editing $1',
 'editingsection'                   => 'Editing $1 (section)',
 'editingcomment'                   => 'Editing $1 (new section)',