From 6e88bd35ff2986bbb30486ce57686e7af1e2f2a3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niklas=20Laxstr=C3=B6m?= Date: Mon, 3 Dec 2007 09:33:21 +0000 Subject: [PATCH] * It's not nice to throw sql errors with invalid input --- includes/SpecialMergeHistory.php | 64 +++++++++++++++++++++---------- languages/messages/MessagesEn.php | 5 +++ 2 files changed, 49 insertions(+), 20 deletions(-) diff --git a/includes/SpecialMergeHistory.php b/includes/SpecialMergeHistory.php index 5a2233d205..05239a10fb 100644 --- a/includes/SpecialMergeHistory.php +++ b/includes/SpecialMergeHistory.php @@ -32,6 +32,7 @@ class MergehistoryForm { $this->mAction = $request->getVal( 'action' ); $this->mTarget = $request->getVal( 'target' ); $this->mDest = $request->getVal( 'dest' ); + $this->mSubmitted = $request->getBool( 'submitted' ); $this->mTargetID = intval( $request->getVal( 'targetID' ) ); $this->mDestID = intval( $request->getVal( 'destID' ) ); @@ -40,17 +41,13 @@ class MergehistoryForm { $this->mMerge = $request->wasPosted() && $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) ); // target page - if( $this->mTarget !== "" ) { + if( $this->mSubmitted ) { $this->mTargetObj = Title::newFromURL( $this->mTarget ); - } else { - $this->mTargetObj = NULL; - } - # Destination - if( $this->mDest !== "" ) { $this->mDestObj = Title::newFromURL( $this->mDest ); } else { - $this->mDestObj = NULL; - } + $this->mTargetObj = null; + $this->mDestObj = null; + } $this->preCacheMessages(); } @@ -74,12 +71,38 @@ class MergehistoryForm { if( $this->mTargetID && $this->mDestID && $this->mAction=="submit" && $this->mMerge ) { return $this->merge(); } - - if( is_object($this->mTargetObj) && is_object($this->mDestObj) ) { - return $this->showHistory(); + + if ( !$this->mSubmitted ) { + $this->showMergeForm(); + return; } - - return $this->showMergeForm(); + + $errors = array(); + if ( !$this->mTargetObj instanceof Title ) { + $errors[] = wfMsgExt( 'mergehistory-invalid-source', array( 'parse' ) ); + } elseif( !$this->mTargetObj->exists() ) { + $errors[] = wfMsgExt( 'mergehistory-no-source', array( 'parse' ), + wfEscapeWikiText( $this->mTargetObj->getPrefixedText() ) + ); + } + + if ( !$this->mDestObj instanceof Title) { + $errors[] = wfMsgExt( 'mergehistory-invalid-destination', array( 'parse' ) ); + } elseif( !$this->mDestObj->exists() ) { + $errors[] = wfMsgExt( 'mergehistory-no-destination', array( 'parse' ), + wfEscapeWikiText( $this->mDestObj->getPrefixedText() ) + ); + } + + // TODO: warn about target = dest? + + if ( count( $errors ) ) { + $this->showMergeForm(); + $wgOut->addHTML( implode( "\n", $errors ) ); + } else { + $this->showHistory(); + } + } function showMergeForm() { @@ -96,12 +119,13 @@ class MergehistoryForm { wfMsg( 'mergehistory-box' ) ) . Xml::hidden( 'title', SpecialPage::getTitleFor( 'Mergehistory' )->getPrefixedDbKey() ) . + Xml::hidden( 'submitted', '1' ) . Xml::openElement( 'table' ) . " - ".Xml::Label( wfMsg( 'mergehistory-from' ), 'target' )." + ".Xml::label( wfMsg( 'mergehistory-from' ), 'target' )." ".Xml::input( 'target', 30, $this->mTarget, array('id'=>'target') )." - ".Xml::Label( wfMsg( 'mergehistory-into' ), 'dest' )." + ".Xml::label( wfMsg( 'mergehistory-into' ), 'dest' )." ".Xml::input( 'dest', 30, $this->mDest, array('id'=>'dest') )." " . Xml::submitButton( wfMsg( 'mergehistory-go' ) ) . @@ -117,9 +141,9 @@ class MergehistoryForm { $this->sk = $wgUser->getSkin(); $wgOut->setPagetitle( wfMsg( "mergehistory" ) ); - + $this->showMergeForm(); - + # List all stored revisions $revisions = new MergeHistoryPager( $this, array(), $this->mTargetObj, $this->mDestObj ); $haveRevisions = $revisions && $revisions->getNumRows() > 0; @@ -210,7 +234,7 @@ class MergehistoryForm { $checkBox = wfRadio( "mergepoint", $ts, false ); $pageLink = $this->sk->makeKnownLinkObj( $rev->getTitle(), - $wgLang->timeanddate( $ts ), 'oldid=' . $rev->getID() ); + htmlspecialchars( $wgLang->timeanddate( $ts ) ), 'oldid=' . $rev->getID() ); if( $rev->isDeleted( Revision::DELETED_TEXT ) ) { $pageLink = '' . $pageLink . ''; } @@ -285,7 +309,7 @@ class MergehistoryForm { $maxtimestamp = ($lasttime < $maxtimestamp) ? $lasttime : $maxtimestamp; // $this->mTimestamp must be less than $maxtimestamp if( $this->mTimestamp >= $maxtimestamp ) { - $wgOut->addHtml( wfMsg('mergehistory-fail') ); + $wgOut->addWikiText( wfMsg('mergehistory-fail') ); return false; } # Update the revisions @@ -304,7 +328,7 @@ class MergehistoryForm { __METHOD__ ); # Check if this did anything if( !$count = $dbw->affectedRows() ) { - $wgOut->addHtml( wfMsg('mergehistory-fail') ); + $wgOut->addWikiText( wfMsg('mergehistory-fail') ); return false; } # Update our logs diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 5db88dba44..d10cbb7312 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1200,6 +1200,11 @@ Make sure that this change will maintain historical page continuity. 'mergehistory-empty' => 'No revisions can be merged', 'mergehistory-success' => '$3 revisions of [[:$1]] successfully merged into [[:$2]].', 'mergehistory-fail' => 'Unable to perform history merge, please recheck the page and time parameters.', +'mergehistory-no-source' => 'Source page $1 does not exists.', +'mergehistory-no-destination' => 'Destination page $1 does not exists.', +'mergehistory-invalid-source' => 'Source page must be a valid title.', +'mergehistory-invalid-destination' => 'Destination page must be a valid title.', + # Merge log 'mergelog' => 'Merge log', -- 2.20.1