From b802e2a780c43135bcfa4b7114771eff5e2daa58 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Wed, 13 Jun 2007 16:28:19 +0000
Subject: [PATCH] * (bug 8458) Limit custom signature length to $wgMaxSigChars
 bytes

---
 RELEASE-NOTES                     |  2 ++
 includes/DefaultSettings.php      |  1 +
 includes/Parser.php               |  9 +++++++--
 includes/SpecialPreferences.php   | 27 +++++++++++++++++++++++----
 languages/messages/MessagesEn.php |  1 +
 5 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a10c2b93cf..fd02d7d573 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -82,6 +82,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   Common.css and MediaWiki:Monobook.css.
 * (bug 8869) Introduce Special:Uncategorizedtemplates
 * (bug 8734) Different log message when article protection level is changed
+* (bug 8458) Limit custom signature length to $wgMaxSigChars bytes
+
 
 == Bugfixes since 1.10 ==
 
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index b25a50ef75..82aff9ddb7 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -857,6 +857,7 @@ $wgRedirectSources = false;
 
 $wgShowIPinHeader	= true; # For non-logged in users
 $wgMaxNameChars		= 255;  # Maximum number of bytes in username
+$wgMaxSigChars      = 255;  # Maximum number of bytes in signature
 $wgMaxArticleSize	= 2048; # Maximum article size in kilobytes
 
 $wgExtraSubtitle	= '';
diff --git a/includes/Parser.php b/includes/Parser.php
index 75aef1d596..2d67bf2751 100644
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -3803,11 +3803,16 @@ class Parser
 	 * @private
 	 */
 	function getUserSig( &$user ) {
+		global $wgMaxSigChars;
+		
 		$username = $user->getName();
 		$nickname = $user->getOption( 'nickname' );
 		$nickname = $nickname === '' ? $username : $nickname;
-
-		if( $user->getBoolOption( 'fancysig' ) !== false ) {
+		
+		if( strlen( $nickname ) > $wgMaxSigChars ) {
+			$nickname = $username;
+			wfDebug( __METHOD__ . ": $username has overlong signature.\n" );
+		} elseif( $user->getBoolOption( 'fancysig' ) !== false ) {
 			# Sig. might contain markup; validate this
 			if( $this->validateSig( $nickname ) !== false ) {
 				# Validated; clean up (if needed) and return it
diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index 292ebce387..bcfe9823b0 100644
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -241,7 +241,13 @@ class PreferencesForm {
 		}
 
 		# Validate the signature and clean it up as needed
-		if( $this->mToggles['fancysig'] ) {
+		global $wgMaxSigChars;
+		if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+			global $wgLang;
+			$this->mainPrefsForm( 'error',
+				wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+			return;
+		} elseif( $this->mToggles['fancysig'] ) {
 			if( Parser::validateSig( $this->mNick ) !== false ) {
 				$this->mNick = $wgParser->cleanSig( $this->mNick );
 			} else {
@@ -603,8 +609,14 @@ class PreferencesForm {
 			);
 		}
 
-		global $wgParser;
-		if( !empty( $this->mToggles['fancysig'] ) &&
+		global $wgParser, $wgMaxSigChars;
+		if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+			$invalidSig = $this->tableRow(
+				'&nbsp;',
+				Xml::element( 'span', array( 'class' => 'error' ),
+					wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+			);
+		} elseif( !empty( $this->mToggles['fancysig'] ) &&
 			false === $wgParser->validateSig( $this->mNick ) ) {
 			$invalidSig = $this->tableRow(
 				'&nbsp;',
@@ -617,7 +629,14 @@ class PreferencesForm {
 		$wgOut->addHTML(
 			$this->tableRow(
 				Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
-				Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+				Xml::input( 'wpNick', 25, $this->mNick,
+					array(
+						'id' => 'wpNick',
+						// Note: $wgMaxSigChars is currently enforced in UTF-8 bytes,
+						// but 'maxlength' attribute is enforced in characters.
+						// It's still possible to put in an overlong string
+						// 'legitimately' by typing non-ASCII chars.
+						'maxlength' => $wgMaxSigChars ) )
 			) .
 			$invalidSig .
 			$this->tableRow( '&nbsp;', $this->getToggle( 'fancysig' ) )
diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 97ed8c5055..6936a47420 100644
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -830,6 +830,7 @@ Your account has been created. Don't forget to change your {{SITENAME}} preferen
 'yourvariant'                => 'Variant',
 'yournick'                   => 'Nickname:',
 'badsig'                     => 'Invalid raw signature; check HTML tags.',
+'badsiglength'               => 'Nickname too long; must be under $1 characters.',
 'email'                      => 'E-mail',
 'prefs-help-realname'        => 'Real name is optional and if you choose to provide it this will be used for giving you attribution for your work.',
 'loginerror'                 => 'Login error',
-- 
2.20.1