* (bug 8458) Limit custom signature length to $wgMaxSigChars bytes

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a10c2b9..fd02d7d 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -82,6 +82,8 @@ it from source control: http://www.mediawiki.org/wiki/Download_from_SVN
   Common.css and MediaWiki:Monobook.css.
 * (bug 8869) Introduce Special:Uncategorizedtemplates
 * (bug 8734) Different log message when article protection level is changed
+* (bug 8458) Limit custom signature length to $wgMaxSigChars bytes
+
 
 == Bugfixes since 1.10 ==
 

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index b25a50e..82aff9d 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -857,6 +857,7 @@ $wgRedirectSources = false;
 
 $wgShowIPinHeader      = true; # For non-logged in users
 $wgMaxNameChars                = 255;  # Maximum number of bytes in username
+$wgMaxSigChars      = 255;  # Maximum number of bytes in signature
 $wgMaxArticleSize      = 2048; # Maximum article size in kilobytes
 
 $wgExtraSubtitle       = '';

diff --git a/includes/Parser.php b/includes/Parser.php
index 75aef1d..2d67bf2 100644 (file)
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -3803,11 +3803,16 @@ class Parser
         * @private
         */
        function getUserSig( &$user ) {
+               global $wgMaxSigChars;
+               
                $username = $user->getName();
                $nickname = $user->getOption( 'nickname' );
                $nickname = $nickname === '' ? $username : $nickname;
-
-               if( $user->getBoolOption( 'fancysig' ) !== false ) {
+               
+               if( strlen( $nickname ) > $wgMaxSigChars ) {
+                       $nickname = $username;
+                       wfDebug( __METHOD__ . ": $username has overlong signature.\n" );
+               } elseif( $user->getBoolOption( 'fancysig' ) !== false ) {
                        # Sig. might contain markup; validate this
                        if( $this->validateSig( $nickname ) !== false ) {
                                # Validated; clean up (if needed) and return it

diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index 292ebce..bcfe982 100644 (file)
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -241,7 +241,13 @@ class PreferencesForm {
                }
 
                # Validate the signature and clean it up as needed
-               if( $this->mToggles['fancysig'] ) {
+               global $wgMaxSigChars;
+               if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       global $wgLang;
+                       $this->mainPrefsForm( 'error',
+                               wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+                       return;
+               } elseif( $this->mToggles['fancysig'] ) {
                        if( Parser::validateSig( $this->mNick ) !== false ) {
                                $this->mNick = $wgParser->cleanSig( $this->mNick );
                        } else {
@@ -603,8 +609,14 @@ class PreferencesForm {
                        );
                }
 
-               global $wgParser;
-               if( !empty( $this->mToggles['fancysig'] ) &&
+               global $wgParser, $wgMaxSigChars;
+               if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       $invalidSig = $this->tableRow(
+                               ' ',
+                               Xml::element( 'span', array( 'class' => 'error' ),
+                                       wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+                       );
+               } elseif( !empty( $this->mToggles['fancysig'] ) &&
                        false === $wgParser->validateSig( $this->mNick ) ) {
                        $invalidSig = $this->tableRow(
                                ' ',
@@ -617,7 +629,14 @@ class PreferencesForm {
                $wgOut->addHTML(
                        $this->tableRow(
                                Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
-                               Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+                               Xml::input( 'wpNick', 25, $this->mNick,
+                                       array(
+                                               'id' => 'wpNick',
+                                               // Note: $wgMaxSigChars is currently enforced in UTF-8 bytes,
+                                               // but 'maxlength' attribute is enforced in characters.
+                                               // It's still possible to put in an overlong string
+                                               // 'legitimately' by typing non-ASCII chars.
+                                               'maxlength' => $wgMaxSigChars ) )
                        ) .
                        $invalidSig .
                        $this->tableRow( ' ', $this->getToggle( 'fancysig' ) )

diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php
index 97ed8c5..6936a47 100644 (file)
--- a/languages/messages/MessagesEn.php
+++ b/languages/messages/MessagesEn.php
@@ -830,6 +830,7 @@ Your account has been created. Don't forget to change your {{SITENAME}} preferen
 'yourvariant'                => 'Variant',
 'yournick'                   => 'Nickname:',
 'badsig'                     => 'Invalid raw signature; check HTML tags.',
+'badsiglength'               => 'Nickname too long; must be under $1 characters.',
 'email'                      => 'E-mail',
 'prefs-help-realname'        => 'Real name is optional and if you choose to provide it this will be used for giving you attribution for your work.',
 'loginerror'                 => 'Login error',