3 * Parent class for all special pages.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
21 * @ingroup SpecialPage
24 use MediaWiki\Auth\AuthManager
;
25 use MediaWiki\Linker\LinkRenderer
;
26 use MediaWiki\MediaWikiServices
;
29 * Parent class for all special pages.
31 * Includes some static functions for handling the special page list deprecated
32 * in favor of SpecialPageFactory.
34 * @ingroup SpecialPage
36 class SpecialPage
implements MessageLocalizer
{
37 // The canonical name of this special page
38 // Also used for the default <h1> heading, @see getDescription()
41 // The local name of this special page
44 // Minimum user level required to access this page, or "" for anyone.
45 // Also used to categorise the pages in Special:Specialpages
46 protected $mRestriction;
48 // Listed in Special:Specialpages?
51 // Whether or not this special page is being included from an article
52 protected $mIncluding;
54 // Whether the special page can be included in an article
55 protected $mIncludable;
58 * Current request context
64 * @var \MediaWiki\Linker\LinkRenderer|null
66 private $linkRenderer;
69 * Get a localised Title object for a specified special page name
70 * If you don't need a full Title object, consider using TitleValue through
71 * getTitleValueFor() below.
74 * @since 1.21 $fragment parameter added
77 * @param string|bool $subpage Subpage string, or false to not use a subpage
78 * @param string $fragment The link fragment (after the "#")
82 public static function getTitleFor( $name, $subpage = false, $fragment = '' ) {
83 return Title
::newFromTitleValue(
84 self
::getTitleValueFor( $name, $subpage, $fragment )
89 * Get a localised TitleValue object for a specified special page name
93 * @param string|bool $subpage Subpage string, or false to not use a subpage
94 * @param string $fragment The link fragment (after the "#")
97 public static function getTitleValueFor( $name, $subpage = false, $fragment = '' ) {
98 $name = MediaWikiServices
::getInstance()->getSpecialPageFactory()->
99 getLocalNameFor( $name, $subpage );
101 return new TitleValue( NS_SPECIAL
, $name, $fragment );
105 * Get a localised Title object for a page name with a possibly unvalidated subpage
107 * @param string $name
108 * @param string|bool $subpage Subpage string, or false to not use a subpage
109 * @return Title|null Title object or null if the page doesn't exist
111 public static function getSafeTitleFor( $name, $subpage = false ) {
112 $name = MediaWikiServices
::getInstance()->getSpecialPageFactory()->
113 getLocalNameFor( $name, $subpage );
115 return Title
::makeTitleSafe( NS_SPECIAL
, $name );
122 * Default constructor for special pages
123 * Derivative classes should call this from their constructor
124 * Note that if the user does not have the required level, an error message will
125 * be displayed by the default execute() method, without the global function ever
128 * If you override execute(), you can recover the default behavior with userCanExecute()
129 * and displayRestrictionError()
131 * @param string $name Name of the special page, as seen in links and URLs
132 * @param string $restriction User right required, e.g. "block" or "delete"
133 * @param bool $listed Whether the page is listed in Special:Specialpages
134 * @param callable|bool $function Unused
135 * @param string $file Unused
136 * @param bool $includable Whether the page can be included in normal pages
138 public function __construct(
139 $name = '', $restriction = '', $listed = true,
140 $function = false, $file = '', $includable = false
142 $this->mName
= $name;
143 $this->mRestriction
= $restriction;
144 $this->mListed
= $listed;
145 $this->mIncludable
= $includable;
149 * Get the name of this Special Page.
157 * Get the permission that a user must have to execute this page
160 function getRestriction() {
161 return $this->mRestriction
;
164 // @todo FIXME: Decide which syntax to use for this, and stick to it
166 * Whether this special page is listed in Special:SpecialPages
170 function isListed() {
171 return $this->mListed
;
175 * Set whether this page is listed in Special:Specialpages, at run-time
177 * @param bool $listed
180 function setListed( $listed ) {
181 return wfSetVar( $this->mListed
, $listed );
185 * Get or set whether this special page is listed in Special:SpecialPages
187 * @param bool|null $x
190 function listed( $x = null ) {
191 return wfSetVar( $this->mListed
, $x );
195 * Whether it's allowed to transclude the special page via {{Special:Foo/params}}
198 public function isIncludable() {
199 return $this->mIncludable
;
203 * How long to cache page when it is being included.
205 * @note If cache time is not 0, then the current user becomes an anon
206 * if you want to do any per-user customizations, than this method
207 * must be overriden to return 0.
209 * @return int Time in seconds, 0 to disable caching altogether,
210 * false to use the parent page's cache settings
212 public function maxIncludeCacheTime() {
213 return $this->getConfig()->get( 'MiserMode' ) ?
$this->getCacheTTL() : 0;
217 * @return int Seconds that this page can be cached
219 protected function getCacheTTL() {
224 * Whether the special page is being evaluated via transclusion
225 * @param bool|null $x
228 function including( $x = null ) {
229 return wfSetVar( $this->mIncluding
, $x );
233 * Get the localised name of the special page
236 function getLocalName() {
237 if ( !isset( $this->mLocalName
) ) {
238 $this->mLocalName
= MediaWikiServices
::getInstance()->getSpecialPageFactory()->
239 getLocalNameFor( $this->mName
);
242 return $this->mLocalName
;
246 * Is this page expensive (for some definition of expensive)?
247 * Expensive pages are disabled or cached in miser mode. Originally used
248 * (and still overridden) by QueryPage and subclasses, moved here so that
249 * Special:SpecialPages can safely call it for all special pages.
253 public function isExpensive() {
258 * Is this page cached?
259 * Expensive pages are cached or disabled in miser mode.
260 * Used by QueryPage and subclasses, moved here so that
261 * Special:SpecialPages can safely call it for all special pages.
266 public function isCached() {
271 * Can be overridden by subclasses with more complicated permissions
274 * @return bool Should the page be displayed with the restricted-access
277 public function isRestricted() {
278 // DWIM: If anons can do something, then it is not restricted
279 return $this->mRestriction
!= '' && !User
::groupHasPermission( '*', $this->mRestriction
);
283 * Checks if the given user (identified by an object) can execute this
284 * special page (as defined by $mRestriction). Can be overridden by sub-
285 * classes with more complicated permissions schemes.
287 * @param User $user The user to check
288 * @return bool Does the user have permission to view the page?
290 public function userCanExecute( User
$user ) {
291 return $user->isAllowed( $this->mRestriction
);
295 * Output an error message telling the user what access level they have to have
296 * @throws PermissionsError
298 function displayRestrictionError() {
299 throw new PermissionsError( $this->mRestriction
);
303 * Checks if userCanExecute, and if not throws a PermissionsError
307 * @throws PermissionsError
309 public function checkPermissions() {
310 if ( !$this->userCanExecute( $this->getUser() ) ) {
311 $this->displayRestrictionError();
316 * If the wiki is currently in readonly mode, throws a ReadOnlyError
320 * @throws ReadOnlyError
322 public function checkReadOnly() {
323 if ( wfReadOnly() ) {
324 throw new ReadOnlyError
;
329 * If the user is not logged in, throws UserNotLoggedIn error
331 * The user will be redirected to Special:Userlogin with the given message as an error on
335 * @param string $reasonMsg [optional] Message key to be displayed on login page
336 * @param string $titleMsg [optional] Passed on to UserNotLoggedIn constructor
337 * @throws UserNotLoggedIn
339 public function requireLogin(
340 $reasonMsg = 'exception-nologin-text', $titleMsg = 'exception-nologin'
342 if ( $this->getUser()->isAnon() ) {
343 throw new UserNotLoggedIn( $reasonMsg, $titleMsg );
348 * Tells if the special page does something security-sensitive and needs extra defense against
349 * a stolen account (e.g. a reauthentication). What exactly that will mean is decided by the
350 * authentication framework.
351 * @return bool|string False or the argument for AuthManager::securitySensitiveOperationStatus().
352 * Typically a special page needing elevated security would return its name here.
354 protected function getLoginSecurityLevel() {
359 * Record preserved POST data after a reauthentication.
361 * This is called from checkLoginSecurityLevel() when returning from the
362 * redirect for reauthentication, if the redirect had been served in
363 * response to a POST request.
365 * The base SpecialPage implementation does nothing. If your subclass uses
366 * getLoginSecurityLevel() or checkLoginSecurityLevel(), it should probably
367 * implement this to do something with the data.
372 protected function setReauthPostData( array $data ) {
376 * Verifies that the user meets the security level, possibly reauthenticating them in the process.
378 * This should be used when the page does something security-sensitive and needs extra defense
379 * against a stolen account (e.g. a reauthentication). The authentication framework will make
380 * an extra effort to make sure the user account is not compromised. What that exactly means
381 * will depend on the system and user settings; e.g. the user might be required to log in again
382 * unless their last login happened recently, or they might be given a second-factor challenge.
384 * Calling this method will result in one if these actions:
385 * - return true: all good.
386 * - return false and set a redirect: caller should abort; the redirect will take the user
387 * to the login page for reauthentication, and back.
388 * - throw an exception if there is no way for the user to meet the requirements without using
389 * a different access method (e.g. this functionality is only available from a specific IP).
391 * Note that this does not in any way check that the user is authorized to use this special page
392 * (use checkPermissions() for that).
394 * @param string|null $level A security level. Can be an arbitrary string, defaults to the page
396 * @return bool False means a redirect to the reauthentication page has been set and processing
397 * of the special page should be aborted.
398 * @throws ErrorPageError If the security level cannot be met, even with reauthentication.
400 protected function checkLoginSecurityLevel( $level = null ) {
401 $level = $level ?
: $this->getName();
402 $key = 'SpecialPage:reauth:' . $this->getName();
403 $request = $this->getRequest();
405 $securityStatus = AuthManager
::singleton()->securitySensitiveOperationStatus( $level );
406 if ( $securityStatus === AuthManager
::SEC_OK
) {
407 $uniqueId = $request->getVal( 'postUniqueId' );
409 $key .= ':' . $uniqueId;
410 $session = $request->getSession();
411 $data = $session->getSecret( $key );
413 $session->remove( $key );
414 $this->setReauthPostData( $data );
418 } elseif ( $securityStatus === AuthManager
::SEC_REAUTH
) {
419 $title = self
::getTitleFor( 'Userlogin' );
420 $queryParams = $request->getQueryValues();
422 if ( $request->wasPosted() ) {
423 $data = array_diff_assoc( $request->getValues(), $request->getQueryValues() );
425 // unique ID in case the same special page is open in multiple browser tabs
426 $uniqueId = MWCryptRand
::generateHex( 6 );
427 $key .= ':' . $uniqueId;
428 $queryParams['postUniqueId'] = $uniqueId;
429 $session = $request->getSession();
430 $session->persist(); // Just in case
431 $session->setSecret( $key, $data );
436 'returnto' => $this->getFullTitle()->getPrefixedDBkey(),
437 'returntoquery' => wfArrayToCgi( array_diff_key( $queryParams, [ 'title' => true ] ) ),
440 $url = $title->getFullURL( $query, false, PROTO_HTTPS
);
442 $this->getOutput()->redirect( $url );
446 $titleMessage = wfMessage( 'specialpage-securitylevel-not-allowed-title' );
447 $errorMessage = wfMessage( 'specialpage-securitylevel-not-allowed' );
448 throw new ErrorPageError( $titleMessage, $errorMessage );
452 * Return an array of subpages beginning with $search that this special page will accept.
454 * For example, if a page supports subpages "foo", "bar" and "baz" (as in Special:PageName/foo,
457 * - `prefixSearchSubpages( "ba" )` should return `array( "bar", "baz" )`
458 * - `prefixSearchSubpages( "f" )` should return `array( "foo" )`
459 * - `prefixSearchSubpages( "z" )` should return `array()`
460 * - `prefixSearchSubpages( "" )` should return `array( foo", "bar", "baz" )`
462 * @param string $search Prefix to search for
463 * @param int $limit Maximum number of results to return (usually 10)
464 * @param int $offset Number of results to skip (usually 0)
465 * @return string[] Matching subpages
467 public function prefixSearchSubpages( $search, $limit, $offset ) {
468 $subpages = $this->getSubpagesForPrefixSearch();
473 return self
::prefixSearchArray( $search, $limit, $subpages, $offset );
477 * Return an array of subpages that this special page will accept for prefix
478 * searches. If this method requires a query you might instead want to implement
479 * prefixSearchSubpages() directly so you can support $limit and $offset. This
480 * method is better for static-ish lists of things.
482 * @return string[] subpages to search from
484 protected function getSubpagesForPrefixSearch() {
489 * Perform a regular substring search for prefixSearchSubpages
490 * @param string $search Prefix to search for
491 * @param int $limit Maximum number of results to return (usually 10)
492 * @param int $offset Number of results to skip (usually 0)
493 * @return string[] Matching subpages
495 protected function prefixSearchString( $search, $limit, $offset ) {
496 $title = Title
::newFromText( $search );
497 if ( !$title ||
!$title->canExist() ) {
498 // No prefix suggestion in special and media namespace
502 $searchEngine = MediaWikiServices
::getInstance()->newSearchEngine();
503 $searchEngine->setLimitOffset( $limit, $offset );
504 $searchEngine->setNamespaces( [] );
505 $result = $searchEngine->defaultPrefixSearch( $search );
506 return array_map( function ( Title
$t ) {
507 return $t->getPrefixedText();
512 * Helper function for implementations of prefixSearchSubpages() that
513 * filter the values in memory (as opposed to making a query).
516 * @param string $search
518 * @param array $subpages
522 protected static function prefixSearchArray( $search, $limit, array $subpages, $offset ) {
523 $escaped = preg_quote( $search, '/' );
524 return array_slice( preg_grep( "/^$escaped/i",
525 array_slice( $subpages, $offset ) ), 0, $limit );
529 * Sets headers - this should be called from the execute() method of all derived classes!
531 function setHeaders() {
532 $out = $this->getOutput();
533 $out->setArticleRelated( false );
534 $out->setRobotPolicy( $this->getRobotPolicy() );
535 $out->setPageTitle( $this->getDescription() );
536 if ( $this->getConfig()->get( 'UseMediaWikiUIEverywhere' ) ) {
537 $out->addModuleStyles( [
538 'mediawiki.ui.input',
539 'mediawiki.ui.radio',
540 'mediawiki.ui.checkbox',
550 * @param string|null $subPage
552 final public function run( $subPage ) {
554 * Gets called before @see SpecialPage::execute.
555 * Return false to prevent calling execute() (since 1.27+).
559 * @param SpecialPage $this
560 * @param string|null $subPage
562 if ( !Hooks
::run( 'SpecialPageBeforeExecute', [ $this, $subPage ] ) ) {
566 if ( $this->beforeExecute( $subPage ) === false ) {
569 $this->execute( $subPage );
570 $this->afterExecute( $subPage );
573 * Gets called after @see SpecialPage::execute.
577 * @param SpecialPage $this
578 * @param string|null $subPage
580 Hooks
::run( 'SpecialPageAfterExecute', [ $this, $subPage ] );
584 * Gets called before @see SpecialPage::execute.
585 * Return false to prevent calling execute() (since 1.27+).
589 * @param string|null $subPage
592 protected function beforeExecute( $subPage ) {
597 * Gets called after @see SpecialPage::execute.
601 * @param string|null $subPage
603 protected function afterExecute( $subPage ) {
608 * Default execute method
609 * Checks user permissions
611 * This must be overridden by subclasses; it will be made abstract in a future version
613 * @param string|null $subPage
615 public function execute( $subPage ) {
617 $this->checkPermissions();
618 $securityLevel = $this->getLoginSecurityLevel();
619 if ( $securityLevel !== false && !$this->checkLoginSecurityLevel( $securityLevel ) ) {
622 $this->outputHeader();
626 * Outputs a summary message on top of special pages
627 * Per default the message key is the canonical name of the special page
628 * May be overridden, i.e. by extensions to stick with the naming conventions
629 * for message keys: 'extensionname-xxx'
631 * @param string $summaryMessageKey Message key of the summary
633 function outputHeader( $summaryMessageKey = '' ) {
634 if ( $summaryMessageKey == '' ) {
635 $msg = MediaWikiServices
::getInstance()->getContentLanguage()->lc( $this->getName() ) .
638 $msg = $summaryMessageKey;
640 if ( !$this->msg( $msg )->isDisabled() && !$this->including() ) {
641 $this->getOutput()->wrapWikiMsg(
642 "<div class='mw-specialpage-summary'>\n$1\n</div>", $msg );
647 * Returns the name that goes in the \<h1\> in the special page itself, and
648 * also the name that will be listed in Special:Specialpages
650 * Derived classes can override this, but usually it is easier to keep the
655 function getDescription() {
656 return $this->msg( strtolower( $this->mName
) )->text();
660 * Get a self-referential title object
662 * @param string|bool $subpage
664 * @deprecated since 1.23, use SpecialPage::getPageTitle
666 function getTitle( $subpage = false ) {
667 wfDeprecated( __METHOD__
, '1.23' );
668 return $this->getPageTitle( $subpage );
672 * Get a self-referential title object
674 * @param string|bool $subpage
678 function getPageTitle( $subpage = false ) {
679 return self
::getTitleFor( $this->mName
, $subpage );
683 * Sets the context this SpecialPage is executed in
685 * @param IContextSource $context
688 public function setContext( $context ) {
689 $this->mContext
= $context;
693 * Gets the context this SpecialPage is executed in
695 * @return IContextSource|RequestContext
698 public function getContext() {
699 if ( $this->mContext
instanceof IContextSource
) {
700 return $this->mContext
;
702 wfDebug( __METHOD__
. " called and \$mContext is null. " .
703 "Return RequestContext::getMain(); for sanity\n" );
705 return RequestContext
::getMain();
710 * Get the WebRequest being used for this instance
715 public function getRequest() {
716 return $this->getContext()->getRequest();
720 * Get the OutputPage being used for this instance
725 public function getOutput() {
726 return $this->getContext()->getOutput();
730 * Shortcut to get the User executing this instance
735 public function getUser() {
736 return $this->getContext()->getUser();
740 * Shortcut to get the skin being used for this instance
745 public function getSkin() {
746 return $this->getContext()->getSkin();
750 * Shortcut to get user's language
755 public function getLanguage() {
756 return $this->getContext()->getLanguage();
760 * Shortcut to get main config object
764 public function getConfig() {
765 return $this->getContext()->getConfig();
769 * Return the full title, including $par
774 public function getFullTitle() {
775 return $this->getContext()->getTitle();
779 * Return the robot policy. Derived classes that override this can change
780 * the robot policy set by setHeaders() from the default 'noindex,nofollow'.
785 protected function getRobotPolicy() {
786 return 'noindex,nofollow';
790 * Wrapper around wfMessage that sets the current context.
796 public function msg( $key /* $args */ ) {
797 $message = $this->getContext()->msg( ...func_get_args() );
798 // RequestContext passes context to wfMessage, and the language is set from
799 // the context, but setting the language for Message class removes the
800 // interface message status, which breaks for example usernameless gender
801 // invocations. Restore the flag when not including special page in content.
802 if ( $this->including() ) {
803 $message->setInterfaceMessageFlag( false );
810 * Adds RSS/atom links
812 * @param array $params
814 protected function addFeedLinks( $params ) {
815 $feedTemplate = wfScript( 'api' );
817 foreach ( $this->getConfig()->get( 'FeedClasses' ) as $format => $class ) {
818 $theseParams = $params +
[ 'feedformat' => $format ];
819 $url = wfAppendQuery( $feedTemplate, $theseParams );
820 $this->getOutput()->addFeedLink( $format, $url );
825 * Adds help link with an icon via page indicators.
826 * Link target can be overridden by a local message containing a wikilink:
827 * the message key is: lowercase special page name + '-helppage'.
828 * @param string $to Target MediaWiki.org page title or encoded URL.
829 * @param bool $overrideBaseUrl Whether $url is a full URL, to avoid MW.o.
832 public function addHelpLink( $to, $overrideBaseUrl = false ) {
833 if ( $this->including() ) {
838 MediaWikiServices
::getInstance()->getContentLanguage()->lc( $this->getName() ) .
841 if ( !$msg->isDisabled() ) {
842 $helpUrl = Skin
::makeUrl( $msg->plain() );
843 $this->getOutput()->addHelpLink( $helpUrl, true );
845 $this->getOutput()->addHelpLink( $to, $overrideBaseUrl );
850 * Get the group that the special page belongs in on Special:SpecialPage
851 * Use this method, instead of getGroupName to allow customization
852 * of the group name from the wiki side
854 * @return string Group of this special page
857 public function getFinalGroupName() {
858 $name = $this->getName();
860 // Allow overriding the group from the wiki side
861 $msg = $this->msg( 'specialpages-specialpagegroup-' . strtolower( $name ) )->inContentLanguage();
862 if ( !$msg->isBlank() ) {
863 $group = $msg->text();
865 // Than use the group from this object
866 $group = $this->getGroupName();
873 * Indicates whether this special page may perform database writes
878 public function doesWrites() {
883 * Under which header this special page is listed in Special:SpecialPages
884 * See messages 'specialpages-group-*' for valid names
885 * This method defaults to group 'other'
890 protected function getGroupName() {
895 * Call wfTransactionalTimeLimit() if this request was POSTed
898 protected function useTransactionalTimeLimit() {
899 if ( $this->getRequest()->wasPosted() ) {
900 wfTransactionalTimeLimit();
906 * @return \MediaWiki\Linker\LinkRenderer
908 public function getLinkRenderer() {
909 if ( $this->linkRenderer
) {
910 return $this->linkRenderer
;
912 return MediaWikiServices
::getInstance()->getLinkRenderer();
918 * @param \MediaWiki\Linker\LinkRenderer $linkRenderer
920 public function setLinkRenderer( LinkRenderer
$linkRenderer ) {
921 $this->linkRenderer
= $linkRenderer;
925 * Generate (prev x| next x) (20|50|100...) type links for paging
929 * @param array $query Optional URL query parameter string
930 * @param bool $atend Optional param for specified if this is the last page
931 * @param string|bool $subpage Optional param for specifying subpage
934 protected function buildPrevNextNavigation( $offset, $limit,
935 array $query = [], $atend = false, $subpage = false
937 $lang = $this->getLanguage();
939 # Make 'previous' link
940 $prev = $this->msg( 'prevn' )->numParams( $limit )->text();
942 $plink = $this->numLink( max( $offset - $limit, 0 ), $limit, $query,
943 $prev, 'prevn-title', 'mw-prevlink', $subpage );
945 $plink = htmlspecialchars( $prev );
949 $next = $this->msg( 'nextn' )->numParams( $limit )->text();
951 $nlink = htmlspecialchars( $next );
953 $nlink = $this->numLink( $offset +
$limit, $limit,
954 $query, $next, 'nextn-title', 'mw-nextlink', $subpage );
957 # Make links to set number of items per page
959 foreach ( [ 20, 50, 100, 250, 500 ] as $num ) {
960 $numLinks[] = $this->numLink( $offset, $num, $query,
961 $lang->formatNum( $num ), 'shown-title', 'mw-numlink', $subpage );
964 return $this->msg( 'viewprevnext' )->rawParams( $plink, $nlink, $lang->pipeList( $numLinks ) )->
969 * Helper function for buildPrevNextNavigation() that generates links
973 * @param array $query Extra query parameters
974 * @param string $link Text to use for the link; will be escaped
975 * @param string $tooltipMsg Name of the message to use as tooltip
976 * @param string $class Value of the "class" attribute of the link
977 * @param string|bool $subpage Optional param for specifying subpage
978 * @return string HTML fragment
980 private function numLink( $offset, $limit, array $query, $link,
981 $tooltipMsg, $class, $subpage = false
983 $query = [ 'limit' => $limit, 'offset' => $offset ] +
$query;
984 $tooltip = $this->msg( $tooltipMsg )->numParams( $limit )->text();
985 $href = $this->getPageTitle( $subpage )->getLocalURL( $query );
986 return Html
::element( 'a', [ 'href' => $href,
987 'title' => $tooltip, 'class' => $class ], $link );