From c5f80c16251b02a1fcadeebb238e3a917b899acc Mon Sep 17 00:00:00 2001 From: Tpt Date: Tue, 26 Nov 2013 21:54:10 +0100 Subject: [PATCH] Add validation of the content model edited by EditPage Bug: 57615 Change-Id: I6c1bb9774542e39bfb899a47b7afac516fea4a16 --- includes/EditPage.php | 36 ++++++++++++++++++++++-------- languages/messages/MessagesEn.php | 2 ++ languages/messages/MessagesQqq.php | 5 +++++ maintenance/language/messages.inc | 2 ++ 4 files changed, 36 insertions(+), 9 deletions(-) diff --git a/includes/EditPage.php b/includes/EditPage.php index ab5856a1d0..33956f60dc 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -319,6 +319,18 @@ class EditPage { } } + /** + * Returns if the given content model is editable. + * + * @param string $modelId The ID of the content model to test. Use CONTENT_MODEL_XXX constants. + * @return bool + * @throws MWException if $modelId has no known handler + */ + public function isSupportedContentModel( $modelId ) { + return $this->allowNonTextContent || + ContentHandler::getForModelID( $modelId ) instanceof TextContentHandler; + } + function submit() { $this->edit(); } @@ -613,6 +625,7 @@ class EditPage { /** * This function collects the form data and uses it to populate various member variables. * @param $request WebRequest + * @throws ErrorPageError */ function importFormData( &$request ) { global $wgContLang, $wgUser; @@ -777,12 +790,17 @@ class EditPage { $this->bot = $request->getBool( 'bot', true ); $this->nosummary = $request->getBool( 'nosummary' ); - $content_handler = ContentHandler::getForTitle( $this->mTitle ); - $this->contentModel = $request->getText( 'model', $content_handler->getModelID() ); #may be overridden by revision - $this->contentFormat = $request->getText( 'format', $content_handler->getDefaultFormat() ); #may be overridden by revision + $this->contentModel = $request->getText( 'model', $this->contentModel ); #may be overridden by revision + $this->contentFormat = $request->getText( 'format', $this->contentFormat ); #may be overridden by revision + if ( !ContentHandler::getForModelID( $this->contentModel )->isSupportedFormat( $this->contentFormat ) ) { + throw new ErrorPageError( + 'editpage-notsupportedcontentformat-title', + 'editpage-notsupportedcontentformat-text', + array( $this->contentFormat, ContentHandler::getLocalizedName( $this->contentModel ) ) + ); + } #TODO: check if the desired model is allowed in this namespace, and if a transition from the page's current model to the new model is allowed - #TODO: check if the desired content model supports the given content format! $this->live = $request->getCheck( 'live' ); $this->editintro = $request->getText( 'editintro', @@ -2128,9 +2146,9 @@ class EditPage { return $content; } - if ( !$this->allowNonTextContent && !( $content instanceof TextContent ) ) { - throw new MWException( "This content model can not be edited as text: " - . ContentHandler::getLocalizedName( $content->getModel() ) ); + if ( !$this->isSupportedContentModel( $content->getModel() ) ) { + throw new MWException( 'This content model is not supported: ' + . ContentHandler::getLocalizedName( $content->getModel() ) ); } return $content->serialize( $this->contentFormat ); @@ -2158,8 +2176,8 @@ class EditPage { $content = ContentHandler::makeContent( $text, $this->getTitle(), $this->contentModel, $this->contentFormat ); - if ( !$this->allowNonTextContent && !( $content instanceof TextContent ) ) { - throw new MWException( "This content model can not be edited as text: " + if ( !$this->isSupportedContentModel( $content->getModel() ) ) { + throw new MWException( 'This content model is not supported: ' . ContentHandler::getLocalizedName( $content->getModel() ) ); } diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index 5b48e7ddd8..321b04e32c 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1580,6 +1580,8 @@ It already exists.', 'content-not-allowed-here' => '"$1" content is not allowed on page [[$2]]', 'editwarning-warning' => 'Leaving this page may cause you to lose any changes you have made. If you are logged in, you can disable this warning in the "Editing" section of your preferences.', +'editpage-notsupportedcontentformat-title'=> 'Content format not supported', +'editpage-notsupportedcontentformat-text' => 'The content format $1 is not supported by the content model $2.', # Content models 'content-model-wikitext' => 'wikitext', diff --git a/languages/messages/MessagesQqq.php b/languages/messages/MessagesQqq.php index a62f50c226..d6e48e3a55 100644 --- a/languages/messages/MessagesQqq.php +++ b/languages/messages/MessagesQqq.php @@ -2118,6 +2118,11 @@ Parameters: 'editwarning-warning' => "{{doc-important|Do ''not'' use {{int:prefs-editing}} for \"Editing\". It is forbidden in this message, see [[mwr:68405]].}} but you can see the text of that button here: {{msg-mw|Prefs-editing}}", +'editpage-notsupportedcontentformat-title'=> 'Title of error page shown when using an incompatible format on EditPage', +'editpage-notsupportedcontentformat-text' => 'Error message shown when using an incompatible format on EditPage. +* $1 is the format id +* $2 is the content model name +', # Content models 'content-model-wikitext' => 'Name for the wikitext content model, used when decribing what type of content a page contains. diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index 045126336c..c686c148d4 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -767,6 +767,8 @@ $wgMessageStructure = array( 'invalid-content-data', 'content-not-allowed-here', 'editwarning-warning', + 'editpage-notsupportedcontentformat-title', + 'editpage-notsupportedcontentformat-text', ), 'contentmodels' => array( 'content-model-wikitext', -- 2.20.1