dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SECURITY: Fix RevDel log entry information leaks
[lhc/web/wiklou.git] / includes / specials / SpecialWatchlist.php
1 <?php
2 /**
3 * Implements Special:Watchlist
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage Watchlist
22 */
23 class SpecialWatchlist extends SpecialRecentChanges {
24 protected $customFilters;
25
26 /**
27 * Constructor
28 */
29 public function __construct( $page = 'Watchlist', $restriction = 'viewmywatchlist' ) {
30 parent::__construct( $page, $restriction );
31 }
32
33 public function isIncludable() {
34 return false;
35 }
36
37 /**
38 * Get a FormOptions object containing the default options
39 *
40 * @return FormOptions
41 */
42 public function getDefaultOptions() {
43 $opts = parent::getDefaultOptions();
44 $user = $this->getUser();
45
46 // Overwrite RC options with Watchlist options
47 // (calling #add() again is okay)
48 $opts->add( 'days', $user->getOption( 'watchlistdays' ), FormOptions::FLOAT );
49 $opts->add( 'hideminor', $user->getBoolOption( 'watchlisthideminor' ) );
50 $opts->add( 'hidebots', $user->getBoolOption( 'watchlisthidebots' ) );
51 $opts->add( 'hideanons', $user->getBoolOption( 'watchlisthideanons' ) );
52 $opts->add( 'hideliu', $user->getBoolOption( 'watchlisthideliu' ) );
53 $opts->add( 'hidepatrolled', $user->getBoolOption( 'watchlisthidepatrolled' ) );
54 $opts->add( 'hidemyself', $user->getBoolOption( 'watchlisthideown' ) );
55
56 // Add new ones
57 $opts->add( 'extended', $user->getBoolOption( 'extendwatchlist' ) );
58
59 return $opts;
60 }
61
62 /**
63 * Fetch values for a FormOptions object from the WebRequest associated with this instance.
64 *
65 * Maps old pre-1.23 request parameters Watchlist used to use (different from Recentchanges' ones)
66 * to the current ones.
67 *
68 * @param FormOptions $parameters
69 * @return FormOptions
70 */
71 protected function fetchOptionsFromRequest( $opts ) {
72 static $compatibilityMap = array(
73 'hideMinor' => 'hideminor',
74 'hideBots' => 'hidebots',
75 'hideAnons' => 'hideanons',
76 'hideLiu' => 'hideliu',
77 'hidePatrolled' => 'hidepatrolled',
78 'hideOwn' => 'hidemyself',
79 );
80
81 $params = $this->getRequest()->getValues();
82 foreach ( $compatibilityMap as $from => $to ) {
83 if ( isset( $params[$from] ) ) {
84 $params[$to] = $params[$from];
85 unset( $params[$from] );
86 }
87 }
88
89 // Not the prettiest way to achieve this… FormOptions internally depends on data sanitization
90 // methods defined on WebRequest and removing this dependency would cause some code duplication.
91 $request = new DerivativeRequest( $this->getRequest(), $params );
92 $opts->fetchValuesFromRequest( $request );
93 return $opts;
94 }
95
96 /**
97 * Get custom show/hide filters
98 *
99 * @return array Map of filter URL param names to properties (msg/default)
100 */
101 protected function getCustomFilters() {
102 if ( $this->customFilters === null ) {
103 $this->customFilters = array();
104 wfRunHooks( 'SpecialWatchlistFilters', array( $this, &$this->customFilters ) );
105 }
106
107 return $this->customFilters;
108 }
109
110 /**
111 * Process $par and put options found if $opts. Not used for Watchlist.
112 *
113 * @param string $par
114 * @param FormOptions $opts
115 */
116 public function parseParameters( $par, FormOptions $opts ) {
117 }
118
119 /**
120 * Get the current FormOptions for this request
121 */
122 public function getOptions() {
123 if ( $this->rcOptions === null ) {
124 $this->rcOptions = $this->setup( null );
125 }
126
127 return $this->rcOptions;
128 }
129
130 /**
131 * Execute
132 * @param $par Parameter passed to the page
133 */
134 function execute( $par ) {
135 global $wgRCShowWatchingUsers, $wgEnotifWatchlist, $wgShowUpdatedMarker;
136
137 $user = $this->getUser();
138 $output = $this->getOutput();
139 $output->addModuleStyles( 'mediawiki.special.changeslist' );
140 $output->addModules( 'mediawiki.special.changeslist.js' );
141
142 # Anons don't get a watchlist
143 $this->requireLogin( 'watchlistanontext' );
144
145 // Check permissions
146 $this->checkPermissions();
147
148 $request = $this->getRequest();
149 $opts = $this->getOptions();
150
151 $mode = SpecialEditWatchlist::getMode( $request, $par );
152 if ( $mode !== false ) {
153 if ( $mode === SpecialEditWatchlist::EDIT_RAW ) {
154 $title = SpecialPage::getTitleFor( 'EditWatchlist', 'raw' );
155 } else {
156 $title = SpecialPage::getTitleFor( 'EditWatchlist' );
157 }
158
159 $output->redirect( $title->getLocalURL() );
160 return;
161 }
162
163 if ( ( $wgEnotifWatchlist || $wgShowUpdatedMarker ) && $request->getVal( 'reset' ) &&
164 $request->wasPosted() )
165 {
166 $user->clearAllNotifications();
167 $output->redirect( $this->getPageTitle()->getFullURL( $opts->getChangedValues() ) );
168 return;
169 }
170
171 $this->setHeaders();
172 $this->outputHeader();
173 $this->addModules();
174
175 // Add feed links
176 $wlToken = $user->getTokenFromOption( 'watchlisttoken' );
177 if ( $wlToken ) {
178 $this->addFeedLinks( array(
179 'action' => 'feedwatchlist',
180 'allrev' => 1,
181 'wlowner' => $user->getName(),
182 'wltoken' => $wlToken,
183 ) );
184 }
185
186 $output->addSubtitle(
187 $this->msg( 'watchlistfor2', $user->getName() )
188 ->rawParams( SpecialEditWatchlist::buildTools( null ) )
189 );
190
191 $dbr = wfGetDB( DB_SLAVE, 'watchlist' );
192
193 # Show a message about slave lag, if applicable
194 $lag = wfGetLB()->safeGetLag( $dbr );
195 if ( $lag > 0 ) {
196 $output->showLagWarning( $lag );
197 }
198
199 $nitems = $this->countItems( $dbr );
200 if ( $nitems == 0 ) {
201 $output->addWikiMsg( 'nowatchlist' );
202 return;
203 }
204
205 # Possible where conditions
206 $conds = array();
207
208 if ( $opts['days'] > 0 ) {
209 $conds[] = 'rc_timestamp > ' . $dbr->addQuotes( $dbr->timestamp( time() - intval( $opts['days'] * 86400 ) ) );
210 }
211
212 # Toggles
213 if ( $opts['hidemyself'] ) {
214 $conds[] = 'rc_user != ' . $user->getId();
215 }
216 if ( $opts['hidebots'] ) {
217 $conds[] = 'rc_bot = 0';
218 }
219 if ( $opts['hideminor'] ) {
220 $conds[] = 'rc_minor = 0';
221 }
222 if ( $opts['hideliu'] ) {
223 $conds[] = 'rc_user = 0';
224 }
225 if ( $opts['hideanons'] ) {
226 $conds[] = 'rc_user != 0';
227 }
228 if ( $user->useRCPatrol() && $opts['hidepatrolled'] ) {
229 $conds[] = 'rc_patrolled != 1';
230 }
231 # Namespace filtering
232 if ( $opts['namespace'] !== '' ) {
233 $selectedNS = $dbr->addQuotes( $opts['namespace'] );
234 $operator = $opts['invert'] ? '!=' : '=';
235 $boolean = $opts['invert'] ? 'AND' : 'OR';
236
237 # namespace association (bug 2429)
238 if ( !$opts['associated'] ) {
239 $condition = "rc_namespace $operator $selectedNS";
240 } else {
241 # Also add the associated namespace
242 $associatedNS = $dbr->addQuotes(
243 MWNamespace::getAssociated( $opts['namespace'] )
244 );
245 $condition = "(rc_namespace $operator $selectedNS "
246 . $boolean
247 . " rc_namespace $operator $associatedNS)";
248 }
249
250 $conds[] = $condition;
251 }
252
253 # Toggle watchlist content (all recent edits or just the latest)
254 if ( $opts['extended'] ) {
255 $limitWatchlist = $user->getIntOption( 'wllimit' );
256 $usePage = false;
257 } else {
258 # Top log Ids for a page are not stored
259 $nonRevisionTypes = array( RC_LOG );
260 wfRunHooks( 'SpecialWatchlistGetNonRevisionTypes', array( &$nonRevisionTypes ) );
261 if ( $nonRevisionTypes ) {
262 $conds[] = $dbr->makeList(
263 array(
264 'rc_this_oldid=page_latest',
265 'rc_type' => $nonRevisionTypes,
266 ),
267 LIST_OR
268 );
269 }
270 $limitWatchlist = 0;
271 $usePage = true;
272 }
273
274 $tables = array( 'recentchanges', 'watchlist' );
275 $fields = RecentChange::selectFields();
276 $join_conds = array(
277 'watchlist' => array(
278 'INNER JOIN',
279 array(
280 'wl_user' => $user->getId(),
281 'wl_namespace=rc_namespace',
282 'wl_title=rc_title'
283 ),
284 ),
285 );
286 $options = array( 'ORDER BY' => 'rc_timestamp DESC' );
287 if ( $wgShowUpdatedMarker ) {
288 $fields[] = 'wl_notificationtimestamp';
289 }
290 if ( $limitWatchlist ) {
291 $options['LIMIT'] = $limitWatchlist;
292 }
293
294 $rollbacker = $user->isAllowed( 'rollback' );
295 if ( $usePage || $rollbacker ) {
296 $tables[] = 'page';
297 $join_conds['page'] = array( 'LEFT JOIN', 'rc_cur_id=page_id' );
298 if ( $rollbacker ) {
299 $fields[] = 'page_latest';
300 }
301 }
302
303 // Log entries with DELETED_ACTION must not show up unless the user has
304 // the necessary rights.
305 if ( !$user->isAllowed( 'deletedhistory' ) ) {
306 $bitmask = LogPage::DELETED_ACTION;
307 } elseif ( !$user->isAllowed( 'suppressrevision' ) ) {
308 $bitmask = LogPage::DELETED_ACTION | LogPage::DELETED_RESTRICTED;
309 } else {
310 $bitmask = 0;
311 }
312 if ( $bitmask ) {
313 $conds[] = $dbr->makeList( array(
314 'rc_type != ' . RC_LOG,
315 $dbr->bitAnd( 'rc_deleted', $bitmask ) . " != $bitmask",
316 ), LIST_OR );
317 }
318
319
320 ChangeTags::modifyDisplayQuery( $tables, $fields, $conds, $join_conds, $options, '' );
321 wfRunHooks( 'SpecialWatchlistQuery', array( &$conds, &$tables, &$join_conds, &$fields, $opts ) );
322
323 $rows = $dbr->select( $tables, $fields, $conds, __METHOD__, $options, $join_conds );
324 $numRows = $rows->numRows();
325
326 /* Start bottom header */
327
328 $lang = $this->getLanguage();
329 $wlInfo = '';
330 if ( $opts['days'] > 0 ) {
331 $timestamp = wfTimestampNow();
332 $wlInfo = $this->msg( 'wlnote' )->numParams( $numRows, round( $opts['days'] * 24 ) )->params(
333 $lang->userDate( $timestamp, $user ), $lang->userTime( $timestamp, $user ) )->parse() . "<br />\n";
334 }
335
336 $nondefaults = $opts->getChangedValues();
337 $cutofflinks = $this->cutoffLinks( $opts['days'], $nondefaults ) . "<br />\n";
338
339 # Spit out some control panel links
340 $filters = array(
341 'hideminor' => 'rcshowhideminor',
342 'hidebots' => 'rcshowhidebots',
343 'hideanons' => 'rcshowhideanons',
344 'hideliu' => 'rcshowhideliu',
345 'hidemyself' => 'rcshowhidemine',
346 'hidepatrolled' => 'rcshowhidepatr'
347 );
348 foreach ( $this->getCustomFilters() as $key => $params ) {
349 $filters[$key] = $params['msg'];
350 }
351 // Disable some if needed
352 if ( !$user->useNPPatrol() ) {
353 unset( $filters['hidepatrolled'] );
354 }
355
356 $links = array();
357 foreach ( $filters as $name => $msg ) {
358 $links[] = $this->showHideLink( $nondefaults, $msg, $name, $opts[$name] );
359 }
360
361 $hiddenFields = $nondefaults;
362 unset( $hiddenFields['namespace'] );
363 unset( $hiddenFields['invert'] );
364 unset( $hiddenFields['associated'] );
365
366 # Create output
367 $form = '';
368
369 # Show watchlist header
370 $form .= "<p>";
371 $form .= $this->msg( 'watchlist-details' )->numParams( $nitems )->parse() . "\n";
372 if ( $wgEnotifWatchlist && $user->getOption( 'enotifwatchlistpages' ) ) {
373 $form .= $this->msg( 'wlheader-enotif' )->parse() . "\n";
374 }
375 if ( $wgShowUpdatedMarker ) {
376 $form .= $this->msg( 'wlheader-showupdated' )->parse() . "\n";
377 }
378 $form .= "</p>";
379
380 if ( $wgShowUpdatedMarker ) {
381 $form .= Xml::openElement( 'form', array( 'method' => 'post',
382 'action' => $this->getPageTitle()->getLocalURL(),
383 'id' => 'mw-watchlist-resetbutton' ) ) . "\n" .
384 Xml::submitButton( $this->msg( 'enotif_reset' )->text(), array( 'name' => 'dummy' ) ) . "\n" .
385 Html::hidden( 'reset', 'all' ) . "\n";
386 foreach ( $nondefaults as $key => $value ) {
387 $form .= Html::hidden( $key, $value ) . "\n";
388 }
389 $form .= Xml::closeElement( 'form' ) . "\n";
390 }
391
392 $form .= Xml::openElement( 'form', array(
393 'method' => 'post',
394 'action' => $this->getPageTitle()->getLocalURL(),
395 'id' => 'mw-watchlist-form'
396 ) );
397 $form .= Xml::fieldset(
398 $this->msg( 'watchlist-options' )->text(),
399 false,
400 array( 'id' => 'mw-watchlist-options' )
401 );
402
403 $form .= SpecialRecentChanges::makeLegend( $this->getContext() );
404
405 # Namespace filter and put the whole form together.
406 $form .= $wlInfo;
407 $form .= $cutofflinks;
408 $form .= $lang->pipeList( $links ) . "\n";
409 $form .= "<hr />\n<p>";
410 $form .= Html::namespaceSelector(
411 array(
412 'selected' => $opts['namespace'],
413 'all' => '',
414 'label' => $this->msg( 'namespace' )->text()
415 ), array(
416 'name' => 'namespace',
417 'id' => 'namespace',
418 'class' => 'namespaceselector',
419 )
420 ) . '&#160;';
421 $form .= Xml::checkLabel(
422 $this->msg( 'invert' )->text(),
423 'invert',
424 'nsinvert',
425 $opts['invert'],
426 array( 'title' => $this->msg( 'tooltip-invert' )->text() )
427 ) . '&#160;';
428 $form .= Xml::checkLabel(
429 $this->msg( 'namespace_association' )->text(),
430 'associated',
431 'nsassociated',
432 $opts['associated'],
433 array( 'title' => $this->msg( 'tooltip-namespace_association' )->text() )
434 ) . '&#160;';
435 $form .= Xml::submitButton( $this->msg( 'allpagessubmit' )->text() ) . "</p>\n";
436 foreach ( $hiddenFields as $key => $value ) {
437 $form .= Html::hidden( $key, $value ) . "\n";
438 }
439 $form .= Xml::closeElement( 'fieldset' ) . "\n";
440 $form .= Xml::closeElement( 'form' ) . "\n";
441 $output->addHTML( $form );
442
443 # If there's nothing to show, stop here
444 if ( $numRows == 0 ) {
445 $output->wrapWikiMsg(
446 "<div class='mw-changeslist-empty'>\n$1\n</div>", 'recentchanges-noresult'
447 );
448 return;
449 }
450
451 /* End bottom header */
452
453 /* Do link batch query */
454 $batch = new LinkBatch;
455 foreach ( $rows as $row ) {
456 $batch->add( NS_USER, $row->rc_user_text );
457 $batch->add( NS_USER_TALK, $row->rc_user_text );
458 $batch->add( $row->rc_namespace, $row->rc_title );
459 }
460 $batch->execute();
461
462 $dbr->dataSeek( $rows, 0 );
463
464 $list = ChangesList::newFromContext( $this->getContext() );
465 $list->setWatchlistDivs();
466
467 $s = $list->beginRecentChangesList();
468 $counter = 1;
469 foreach ( $rows as $obj ) {
470 # Make RC entry
471 $rc = RecentChange::newFromRow( $obj );
472 $rc->counter = $counter++;
473
474 if ( $wgShowUpdatedMarker ) {
475 $updated = $obj->wl_notificationtimestamp;
476 } else {
477 $updated = false;
478 }
479
480 if ( $wgRCShowWatchingUsers && $user->getOption( 'shownumberswatching' ) ) {
481 $rc->numberofWatchingusers = $dbr->selectField( 'watchlist',
482 'COUNT(*)',
483 array(
484 'wl_namespace' => $obj->rc_namespace,
485 'wl_title' => $obj->rc_title,
486 ),
487 __METHOD__ );
488 } else {
489 $rc->numberofWatchingusers = 0;
490 }
491
492 $changeLine = $list->recentChangesLine( $rc, $updated, $counter );
493 if ( $changeLine !== false ) {
494 $s .= $changeLine;
495 }
496 }
497 $s .= $list->endRecentChangesList();
498
499 $output->addHTML( $s );
500 }
501
502 protected function showHideLink( $options, $message, $name, $value ) {
503 $label = $this->msg( $value ? 'show' : 'hide' )->escaped();
504 $options[$name] = 1 - (int)$value;
505
506 return $this->msg( $message )->rawParams( Linker::linkKnown( $this->getPageTitle(), $label, array(), $options ) )->escaped();
507 }
508
509 protected function hoursLink( $h, $options = array() ) {
510 $options['days'] = ( $h / 24.0 );
511
512 return Linker::linkKnown(
513 $this->getPageTitle(),
514 $this->getLanguage()->formatNum( $h ),
515 array(),
516 $options
517 );
518 }
519
520 protected function daysLink( $d, $options = array() ) {
521 $options['days'] = $d;
522 $message = ( $d ? $this->getLanguage()->formatNum( $d ) : $this->msg( 'watchlistall2' )->escaped() );
523
524 return Linker::linkKnown(
525 $this->getPageTitle(),
526 $message,
527 array(),
528 $options
529 );
530 }
531
532 /**
533 * Returns html
534 *
535 * @param int $days This gets overwritten, so is not used
536 * @param array $options Query parameters for URL
537 * @return string
538 */
539 protected function cutoffLinks( $days, $options = array() ) {
540 $hours = array( 1, 2, 6, 12 );
541 $days = array( 1, 3, 7 );
542 $i = 0;
543 foreach ( $hours as $h ) {
544 $hours[$i++] = $this->hoursLink( $h, $options );
545 }
546 $i = 0;
547 foreach ( $days as $d ) {
548 $days[$i++] = $this->daysLink( $d, $options );
549 }
550 return $this->msg( 'wlshowlast' )->rawParams(
551 $this->getLanguage()->pipeList( $hours ),
552 $this->getLanguage()->pipeList( $days ),
553 $this->daysLink( 0, $options ) )->parse();
554 }
555
556 /**
557 * Count the number of items on a user's watchlist
558 *
559 * @param DatabaseBase $dbr A database connection
560 * @return Integer
561 */
562 protected function countItems( $dbr ) {
563 # Fetch the raw count
564 $rows = $dbr->select( 'watchlist', array( 'count' => 'COUNT(*)' ),
565 array( 'wl_user' => $this->getUser()->getId() ), __METHOD__ );
566 $row = $dbr->fetchObject( $rows );
567 $count = $row->count;
568
569 return floor( $count / 2 );
570 }
571 }
Wiklou, le Wiki du Wiklou