From 3fd3a2f1b3f3bfb3d8bcb46e8f75fad6fe5bfb34 Mon Sep 17 00:00:00 2001 From: Ilmari Karonen Date: Sun, 2 Jul 2006 14:39:47 +0000 Subject: [PATCH] (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex more consistent: Accept just a namespace prefix and a colon, reject input with interwiki prefixes, otherwise do what Title::makeTitleSafe() does. --- RELEASE-NOTES | 4 +- includes/SpecialAllpages.php | 119 +++++++++++++++++++------------- includes/SpecialPrefixindex.php | 106 ++++++++++++++-------------- 3 files changed, 128 insertions(+), 101 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 07321d2106..761d0b265f 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -624,7 +624,9 @@ Some default configuration options have changed: * (bug 6511) Add diff links to old revision navigation bar * (bug 6511) Replace 'oldrevisionnavigation' message with 'old-revision-navigation' * Fix regression in Polish genitive month forms - +* (bug 4037) Make input handling in Special:Allpages and Special:Prefixindex + more consistent: Accept just a namespace prefix and a colon, reject input + with interwiki prefixes, otherwise do what Title::makeTitleSafe() does. == Compatibility == diff --git a/includes/SpecialAllpages.php b/includes/SpecialAllpages.php index 8ea51ba912..7be9e04a92 100644 --- a/includes/SpecialAllpages.php +++ b/includes/SpecialAllpages.php @@ -218,62 +218,57 @@ function showChunk( $namespace = NS_MAIN, $from, $including = false ) { $sk = $wgUser->getSkin(); - $fromTitle = null; - if ($from!="") { - $fromTitle = Title::newFromURL( $from ); - if (!$fromTitle) { - return; - } - $fromNS = $fromTitle->getNamespace(); - if ($namespace == NS_MAIN) - $namespace = $fromNS; - } - $fromKey = is_null( $fromTitle ) ? '' : $fromTitle->getDBkey(); + $fromList = $this->getNamespaceKeyAndText($namespace, $from); - $dbr =& wfGetDB( DB_SLAVE ); - $res = $dbr->select( 'page', - array( 'page_namespace', 'page_title', 'page_is_redirect' ), - array( - 'page_namespace' => $namespace, - 'page_title >= ' . $dbr->addQuotes( $fromKey ) - ), - $fname, - array( - 'ORDER BY' => 'page_title', - 'LIMIT' => $this->maxPerPage + 1, - 'USE INDEX' => 'name_title', - ) - ); + if ( !$fromList ) { + $out = wfMsgWikiHtml( 'badtitletext' ); + } else { + list( $namespace, $fromKey, $from ) = $fromList; + + $dbr =& wfGetDB( DB_SLAVE ); + $res = $dbr->select( 'page', + array( 'page_namespace', 'page_title', 'page_is_redirect' ), + array( + 'page_namespace' => $namespace, + 'page_title >= ' . $dbr->addQuotes( $fromKey ) + ), + $fname, + array( + 'ORDER BY' => 'page_title', + 'LIMIT' => $this->maxPerPage + 1, + 'USE INDEX' => 'name_title', + ) + ); - ### FIXME: side link to previous + ### FIXME: side link to previous - $n = 0; - $out = ''; + $n = 0; + $out = '
'; - $namespaces = $wgContLang->getFormattedNamespaces(); - while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { - $t = Title::makeTitle( $s->page_namespace, $s->page_title ); - if( $t ) { - $link = ($s->page_is_redirect ? '
' : '' ) . - $sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) . - ($s->page_is_redirect ? '
' : '' ); - } else { - $link = '[[' . htmlspecialchars( $s->page_title ) . ']]'; - } - if( $n % 3 == 0 ) { - $out .= ''; + $namespaces = $wgContLang->getFormattedNamespaces(); + while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { + $t = Title::makeTitle( $s->page_namespace, $s->page_title ); + if( $t ) { + $link = ($s->page_is_redirect ? '
' : '' ) . + $sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) . + ($s->page_is_redirect ? '
' : '' ); + } else { + $link = '[[' . htmlspecialchars( $s->page_title ) . ']]'; + } + if( $n % 3 == 0 ) { + $out .= ''; + } + $out .= ""; + $n++; + if( $n % 3 == 0 ) { + $out .= ''; + } } - $out .= ""; - $n++; - if( $n % 3 == 0 ) { + if( ($n % 3) != 0 ) { $out .= ''; } + $out .= '
$link
$link
'; } - if( ($n % 3) != 0 ) { - $out .= ''; - } - $out .= ''; - if ( $including ) { $out2 = ''; @@ -284,7 +279,7 @@ function showChunk( $namespace = NS_MAIN, $from, $including = false ) { $out2 .= '' . $sk->makeKnownLink( $wgContLang->specialPage( "Allpages" ), wfMsgHtml ( 'allpages' ) ); - if ( ($n == $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { + if ( $dbr && ($n == $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { $namespaceparam = $namespace ? "&namespace=$namespace" : ""; $out2 .= " | " . $sk->makeKnownLink( $wgContLang->specialPage( "Allpages" ), @@ -296,6 +291,32 @@ function showChunk( $namespace = NS_MAIN, $from, $including = false ) { $wgOut->addHtml( $out2 . $out ); } + +/** + * @param int $ns the namespace of the article + * @param string $text the name of the article + * @return array( int namespace, string dbkey, string pagename ) or NULL on error + * @static (sort of) + * @access private + */ +function getNamespaceKeyAndText ($ns, $text) { + if ( $text == '' ) + return array( $ns, '', '' ); # shortcut for common case + + $t = Title::makeTitleSafe($ns, $text); + if ( $t && $t->isLocal() ) + return array( $t->getNamespace(), $t->getDBkey(), $t->getText() ); + else if ( $t ) + return NULL; + + # try again, in case the problem was an empty pagename + $text = preg_replace('/(#|$)/', 'X$1', $text); + $t = Title::makeTitleSafe($ns, $text); + if ( $t && $t->isLocal() ) + return array( $t->getNamespace(), '', '' ); + else + return NULL; +} } ?> diff --git a/includes/SpecialPrefixindex.php b/includes/SpecialPrefixindex.php index 5988560e1e..a0b30bdaaf 100644 --- a/includes/SpecialPrefixindex.php +++ b/includes/SpecialPrefixindex.php @@ -62,61 +62,65 @@ function showChunk( $namespace = NS_MAIN, $prefix, $including = false, $from = n $sk = $wgUser->getSkin(); - $prefixTitle = Title::newFromURL( $prefix ); - if ($namespace == NS_MAIN and $prefixTitle) { - $namespace = $prefixTitle->getNamespace(); - } - $prefixKey = is_null( $prefixTitle ) ? '' : $prefixTitle->getDBkey(); - if (!isset($from)) $from = $prefix; - $fromTitle = Title::newFromURL( $from ); - $fromKey = is_null( $fromTitle ) ? '' : $fromTitle->getDBkey(); - - $dbr =& wfGetDB( DB_SLAVE ); - - $res = $dbr->select( 'page', - array( 'page_namespace', 'page_title', 'page_is_redirect' ), - array( - 'page_namespace' => $namespace, - 'page_title LIKE \'' . $dbr->escapeLike( $prefixKey ) .'%\'', - 'page_title >= ' . $dbr->addQuotes( $fromKey ), - ), - $fname, - array( - 'ORDER BY' => 'page_title', - 'LIMIT' => $this->maxPerPage + 1, - 'USE INDEX' => 'name_title', - ) - ); - - ### FIXME: side link to previous - - $n = 0; - $out = ''; - - $namespaces = $wgContLang->getFormattedNamespaces(); - while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { - $t = Title::makeTitle( $s->page_namespace, $s->page_title ); - if( $t ) { - $link = ($s->page_is_redirect ? '
' : '' ) . - $sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) . - ($s->page_is_redirect ? '
' : '' ); - } else { - $link = '[[' . htmlspecialchars( $s->page_title ) . ']]'; - } - if( $n % 3 == 0 ) { - $out .= ''; + + $fromList = $this->getNamespaceKeyAndText($namespace, $from); + $prefixList = $this->getNamespaceKeyAndText($namespace, $prefix); + + if ( !$prefixList || !$fromList ) { + $out = wfMsgWikiHtml( 'badtitletext' ); + } else { + list( $namespace, $prefixKey, $prefix ) = $prefixList; + list( $fromNs, $fromKey, $from ) = $fromList; + + ### FIXME: should complain if $fromNs != $namespace + + $dbr =& wfGetDB( DB_SLAVE ); + + $res = $dbr->select( 'page', + array( 'page_namespace', 'page_title', 'page_is_redirect' ), + array( + 'page_namespace' => $namespace, + 'page_title LIKE \'' . $dbr->escapeLike( $prefixKey ) .'%\'', + 'page_title >= ' . $dbr->addQuotes( $fromKey ), + ), + $fname, + array( + 'ORDER BY' => 'page_title', + 'LIMIT' => $this->maxPerPage + 1, + 'USE INDEX' => 'name_title', + ) + ); + + ### FIXME: side link to previous + + $n = 0; + $out = '
'; + + $namespaces = $wgContLang->getFormattedNamespaces(); + while( ($n < $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { + $t = Title::makeTitle( $s->page_namespace, $s->page_title ); + if( $t ) { + $link = ($s->page_is_redirect ? '
' : '' ) . + $sk->makeKnownLinkObj( $t, htmlspecialchars( $t->getText() ), false, false ) . + ($s->page_is_redirect ? '
' : '' ); + } else { + $link = '[[' . htmlspecialchars( $s->page_title ) . ']]'; + } + if( $n % 3 == 0 ) { + $out .= ''; + } + $out .= ""; + $n++; + if( $n % 3 == 0 ) { + $out .= ''; + } } - $out .= ""; - $n++; - if( $n % 3 == 0 ) { + if( ($n % 3) != 0 ) { $out .= ''; } + $out .= '
$link
$link
'; } - if( ($n % 3) != 0 ) { - $out .= ''; - } - $out .= ''; if ( $including ) { $out2 = ''; @@ -127,7 +131,7 @@ function showChunk( $namespace = NS_MAIN, $prefix, $including = false, $from = n $out2 .= '' . $sk->makeKnownLink( $wgContLang->specialPage( $this->name ), wfMsg ( 'allpages' ) ); - if ( ($n == $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { + if ( $dbr && ($n == $this->maxPerPage) && ($s = $dbr->fetchObject( $res )) ) { $namespaceparam = $namespace ? "&namespace=$namespace" : ""; $out2 .= " | " . $sk->makeKnownLink( $wgContLang->specialPage( $this->name ), -- 2.20.1