* headaches, which may be fatal.
*/
class EditPage {
+ /**
+ * Used for Unicode support checks
+ */
+ const UNICODE_CHECK = 'ℳ𝒲♥𝓊𝓃𝒾𝒸ℴ𝒹ℯ';
+
/**
* Status: Article successfully updated
*/
*/
const AS_CANNOT_USE_CUSTOM_MODEL = 241;
+ /**
+ * Status: edit rejected because browser doesn't support Unicode.
+ */
+ const AS_UNICODE_NOT_SUPPORTED = 242;
+
/**
* HTML id and name for the beginning of the edit form.
*/
*/
const POST_EDIT_COOKIE_DURATION = 1200;
- /** @var Article */
+ /**
+ * @deprecated for public usage since 1.30 use EditPage::getArticle()
+ * @var Article
+ */
public $mArticle;
/** @var WikiPage */
private $page;
- /** @var Title */
+ /**
+ * @deprecated for public usage since 1.30 use EditPage::getTitle()
+ * @var Title
+ */
public $mTitle;
/** @var null|Title */
/** @var bool */
public $isConflict = false;
- /** @var bool */
+ /**
+ * @deprecated since 1.30 use Title::isCssJsSubpage()
+ * @var bool
+ */
public $isCssJsSubpage = false;
- /** @var bool */
+ /**
+ * @deprecated since 1.30 use Title::isCssSubpage()
+ * @var bool
+ */
public $isCssSubpage = false;
- /** @var bool */
+ /**
+ * @deprecated since 1.30 use Title::isJsSubpage()
+ * @var bool
+ */
public $isJsSubpage = false;
- /** @var bool */
+ /**
+ * @deprecated since 1.30
+ * @var bool
+ */
public $isWrongCaseCssJsPage = false;
/** @var bool New page or new section */
*/
private $isOldRev = false;
+ /**
+ * @var string|null What the user submitted in the 'wpUnicodeCheck' field
+ */
+ private $unicodeCheck;
+
/**
* @param Article $article
*/
$this->isConflict = false;
// css / js subpages of user pages get a special treatment
+ // The following member variables are deprecated since 1.30,
+ // the functions should be used instead.
$this->isCssJsSubpage = $this->mTitle->isCssJsSubpage();
$this->isCssSubpage = $this->mTitle->isCssSubpage();
$this->isJsSubpage = $this->mTitle->isJsSubpage();
- // @todo FIXME: Silly assignment.
$this->isWrongCaseCssJsPage = $this->isWrongCaseCssJsPage();
# Show applicable editing introductions
* @return bool
*/
protected function previewOnOpen() {
- global $wgPreviewOnOpenNamespaces;
+ $previewOnOpenNamespaces = $this->context->getConfig()->get( 'PreviewOnOpenNamespaces' );
$request = $this->context->getRequest();
if ( $request->getVal( 'preview' ) == 'yes' ) {
// Explicit override from request
// Standard preference behavior
return true;
} elseif ( !$this->mTitle->exists()
- && isset( $wgPreviewOnOpenNamespaces[$this->mTitle->getNamespace()] )
- && $wgPreviewOnOpenNamespaces[$this->mTitle->getNamespace()]
+ && isset( $previewOnOpenNamespaces[$this->mTitle->getNamespace()] )
+ && $previewOnOpenNamespaces[$this->mTitle->getNamespace()]
) {
// Categories are special
return true;
# These fields need to be checked for encoding.
# Also remove trailing whitespace, but don't remove _initial_
# whitespace from the text boxes. This may be significant formatting.
- $this->textbox1 = $this->safeUnicodeInput( $request, 'wpTextbox1' );
+ $this->textbox1 = rtrim( $request->getText( 'wpTextbox1' ) );
if ( !$request->getCheck( 'wpTextbox2' ) ) {
// Skip this if wpTextbox2 has input, it indicates that we came
// from a conflict page with raw page text, not a custom form
}
}
+ $this->unicodeCheck = $request->getText( 'wpUnicodeCheck' );
+
$this->summary = $request->getText( 'wpSummary' );
# If the summary consists of a heading, e.g. '==Foobar==', extract the title from the
case self::AS_CANNOT_USE_CUSTOM_MODEL:
case self::AS_PARSE_ERROR:
+ case self::AS_UNICODE_NOT_SUPPORTED:
$out->addWikiText( '<div class="error">' . "\n" . $status->getWikiText() . '</div>' );
return true;
* time.
*/
public function internalAttemptSave( &$result, $bot = false ) {
- global $wgMaxArticleSize;
- global $wgContentHandlerUseDB;
-
$status = Status::newGood();
$user = $this->context->getUser();
return $status;
}
+ if ( $this->unicodeCheck !== self::UNICODE_CHECK ) {
+ $status->fatal( 'unicode-support-fail' );
+ $status->value = self::AS_UNICODE_NOT_SUPPORTED;
+ return $status;
+ }
+
$request = $this->context->getRequest();
$spam = $request->getText( 'wpAntispam' );
if ( $spam !== '' ) {
}
$this->contentLength = strlen( $this->textbox1 );
- if ( $this->contentLength > $wgMaxArticleSize * 1024 ) {
+ $config = $this->context->getConfig();
+ $maxArticleSize = $config->get( 'MaxArticleSize' );
+ if ( $this->contentLength > $maxArticleSize * 1024 ) {
// Error will be displayed by showEditForm()
$this->tooBig = true;
$status->setResult( false, self::AS_CONTENT_TOO_BIG );
$changingContentModel = false;
if ( $this->contentModel !== $this->mTitle->getContentModel() ) {
- if ( !$wgContentHandlerUseDB ) {
+ if ( !$config->get( 'ContentHandlerUseDB' ) ) {
$status->fatal( 'editpage-cannot-use-custom-model' );
$status->value = self::AS_CANNOT_USE_CUSTOM_MODEL;
return $status;
// Check for length errors again now that the section is merged in
$this->contentLength = strlen( $this->toEditText( $content ) );
- if ( $this->contentLength > $wgMaxArticleSize * 1024 ) {
+ if ( $this->contentLength > $maxArticleSize * 1024 ) {
$this->tooBig = true;
$status->setResult( false, self::AS_MAX_ARTICLE_SIZE_EXCEEDED );
return $status;
}
public function setHeaders() {
- global $wgAjaxEditStash;
-
$out = $this->context->getOutput();
$out->addModules( 'mediawiki.action.edit' );
# Keep Resources.php/mediawiki.action.edit.preview in sync with the possible keys
$out->addJsConfigVars( [
'wgEditMessage' => $msg,
- 'wgAjaxEditStash' => $wgAjaxEditStash,
+ 'wgAjaxEditStash' => $this->context->getConfig()->get( 'AjaxEditStash' ),
] );
}
call_user_func_array( $formCallback, [ &$out ] );
}
+ // Add a check for Unicode support
+ $out->addHTML( Html::hidden( 'wpUnicodeCheck', self::UNICODE_CHECK ) );
+
// Add an empty field to trip up spambots
$out->addHTML(
Xml::openElement( 'div', [ 'id' => 'antispam-container', 'style' => 'display: none;' ] )
$out->addHTML( $this->editFormTextBeforeContent );
- if ( !$this->isCssJsSubpage && $showToolbar && $user->getOption( 'showtoolbar' ) ) {
+ if ( !$this->mTitle->isCssJsSubpage() && $showToolbar && $user->getOption( 'showtoolbar' ) ) {
$out->addHTML( self::getEditToolbar( $this->mTitle ) );
}
}
protected function showHeader() {
- global $wgAllowUserCss, $wgAllowUserJs;
-
$out = $this->context->getOutput();
$user = $this->context->getUser();
if ( $this->isConflict ) {
$out->addWikiText( $this->hookError );
}
- if ( !$this->checkUnicodeCompliantBrowser() ) {
- $out->addWikiMsg( 'nonunicodebrowser' );
- }
-
if ( $this->section != 'new' ) {
$revision = $this->mArticle->getRevisionFetched();
if ( $revision ) {
);
}
} else {
- if ( $this->isCssJsSubpage ) {
+ if ( $this->mTitle->isCssJsSubpage() ) {
# Check the skin exists
- if ( $this->isWrongCaseCssJsPage ) {
+ if ( $this->isWrongCaseCssJsPage() ) {
$out->wrapWikiMsg(
"<div class='error' id='mw-userinvalidcssjstitle'>\n$1\n</div>",
[ 'userinvalidcssjstitle', $this->mTitle->getSkinFromCssJsSubpage() ]
);
}
if ( $this->getTitle()->isSubpageOf( $user->getUserPage() ) ) {
+ $isCssSubpage = $this->mTitle->isCssSubpage();
$out->wrapWikiMsg( '<div class="mw-usercssjspublic">$1</div>',
- $this->isCssSubpage ? 'usercssispublic' : 'userjsispublic'
+ $isCssSubpage ? 'usercssispublic' : 'userjsispublic'
);
if ( $this->formtype !== 'preview' ) {
- if ( $this->isCssSubpage && $wgAllowUserCss ) {
+ $config = $this->context->getConfig();
+ if ( $isCssSubpage && $config->get( 'AllowUserCss' ) ) {
$out->wrapWikiMsg(
"<div id='mw-usercssyoucanpreview'>\n$1\n</div>",
[ 'usercssyoucanpreview' ]
);
}
- if ( $this->isJsSubpage && $wgAllowUserJs ) {
+ if ( $this->mTitle->isJsSubpage() && $config->get( 'AllowUserJs' ) ) {
$out->wrapWikiMsg(
"<div id='mw-userjsyoucanpreview'>\n$1\n</div>",
[ 'userjsyoucanpreview' ]
$out->addHTML( Html::hidden( 'wpEdittime', $this->edittime ) );
$out->addHTML( Html::hidden( 'editRevId', $this->editRevId ) );
$out->addHTML( Html::hidden( 'wpScrolltop', $this->scrolltop, [ 'id' => 'wpScrolltop' ] ) );
-
- if ( !$this->checkUnicodeCompliantBrowser() ) {
- $out->addHTML( Html::hidden( 'safemode', '1' ) );
- }
}
protected function showFormAfterText() {
}
protected function showTextbox( $text, $name, $customAttribs = [] ) {
- $wikitext = $this->safeUnicodeOutput( $text );
- $wikitext = $this->addNewLineAtEnd( $wikitext );
+ $wikitext = $this->addNewLineAtEnd( $text );
$attribs = $this->buildTextboxAttribs( $name, $customAttribs, $this->context->getUser() );
* @return string
*/
public function getPreviewText() {
- global $wgRawHtml;
- global $wgAllowUserCss, $wgAllowUserJs;
-
$out = $this->context->getOutput();
+ $config = $this->context->getConfig();
- if ( $wgRawHtml && !$this->mTokenOk ) {
+ if ( $config->get( 'RawHtml' ) && !$this->mTokenOk ) {
// Could be an offsite preview attempt. This is very unsafe if
// HTML is enabled, as it could be an attack.
$parsedNote = '';
if ( $content->getModel() == CONTENT_MODEL_CSS ) {
$format = 'css';
- if ( $level === 'user' && !$wgAllowUserCss ) {
+ if ( $level === 'user' && !$config->get( 'AllowUserCss' ) ) {
$format = false;
}
} elseif ( $content->getModel() == CONTENT_MODEL_JAVASCRIPT ) {
$format = 'js';
- if ( $level === 'user' && !$wgAllowUserJs ) {
+ if ( $level === 'user' && !$config->get( 'AllowUserJs' ) ) {
$format = false;
}
} else {
$out->addReturnTo( $this->getContextTitle(), [ 'action' => 'edit' ] );
}
- /**
- * Check if the browser is on a blacklist of user-agents known to
- * mangle UTF-8 data on form submission. Returns true if Unicode
- * should make it through, false if it's known to be a problem.
- * @return bool
- */
- private function checkUnicodeCompliantBrowser() {
- global $wgBrowserBlackList;
-
- $currentbrowser = $this->context->getRequest()->getHeader( 'User-Agent' );
- if ( $currentbrowser === false ) {
- // No User-Agent header sent? Trust it by default...
- return true;
- }
-
- foreach ( $wgBrowserBlackList as $browser ) {
- if ( preg_match( $browser, $currentbrowser ) ) {
- return false;
- }
- }
- return true;
- }
-
/**
* Filter an input field through a Unicode de-armoring process if it
* came from an old browser with known broken Unicode editing issues.
*
+ * @deprecated since 1.30, does nothing
+ *
* @param WebRequest $request
* @param string $field
* @return string
*/
protected function safeUnicodeInput( $request, $field ) {
- $text = rtrim( $request->getText( $field ) );
- return $request->getBool( 'safemode' )
- ? $this->unmakeSafe( $text )
- : $text;
+ return rtrim( $request->getText( $field ) );
}
/**
* Filter an output field through a Unicode armoring process if it is
* going to an old browser with known broken Unicode editing issues.
*
+ * @deprecated since 1.30, does nothing
+ *
* @param string $text
* @return string
*/
protected function safeUnicodeOutput( $text ) {
- return $this->checkUnicodeCompliantBrowser()
- ? $text
- : $this->makeSafe( $text );
- }
-
- /**
- * A number of web browsers are known to corrupt non-ASCII characters
- * in a UTF-8 text editing environment. To protect against this,
- * detected browsers will be served an armored version of the text,
- * with non-ASCII chars converted to numeric HTML character references.
- *
- * Preexisting such character references will have a 0 added to them
- * to ensure that round-trips do not alter the original data.
- *
- * @param string $invalue
- * @return string
- */
- private function makeSafe( $invalue ) {
- // Armor existing references for reversibility.
- $invalue = strtr( $invalue, [ "&#x" => "�" ] );
-
- $bytesleft = 0;
- $result = "";
- $working = 0;
- $valueLength = strlen( $invalue );
- for ( $i = 0; $i < $valueLength; $i++ ) {
- $bytevalue = ord( $invalue[$i] );
- if ( $bytevalue <= 0x7F ) { // 0xxx xxxx
- $result .= chr( $bytevalue );
- $bytesleft = 0;
- } elseif ( $bytevalue <= 0xBF ) { // 10xx xxxx
- $working = $working << 6;
- $working += ( $bytevalue & 0x3F );
- $bytesleft--;
- if ( $bytesleft <= 0 ) {
- $result .= "&#x" . strtoupper( dechex( $working ) ) . ";";
- }
- } elseif ( $bytevalue <= 0xDF ) { // 110x xxxx
- $working = $bytevalue & 0x1F;
- $bytesleft = 1;
- } elseif ( $bytevalue <= 0xEF ) { // 1110 xxxx
- $working = $bytevalue & 0x0F;
- $bytesleft = 2;
- } else { // 1111 0xxx
- $working = $bytevalue & 0x07;
- $bytesleft = 3;
- }
- }
- return $result;
- }
-
- /**
- * Reverse the previously applied transliteration of non-ASCII characters
- * back to UTF-8. Used to protect data from corruption by broken web browsers
- * as listed in $wgBrowserBlackList.
- *
- * @param string $invalue
- * @return string
- */
- private function unmakeSafe( $invalue ) {
- $result = "";
- $valueLength = strlen( $invalue );
- for ( $i = 0; $i < $valueLength; $i++ ) {
- if ( ( substr( $invalue, $i, 3 ) == "&#x" ) && ( $invalue[$i + 3] != '0' ) ) {
- $i += 3;
- $hexstring = "";
- do {
- $hexstring .= $invalue[$i];
- $i++;
- } while ( ctype_xdigit( $invalue[$i] ) && ( $i < strlen( $invalue ) ) );
-
- // Do some sanity checks. These aren't needed for reversibility,
- // but should help keep the breakage down if the editor
- // breaks one of the entities whilst editing.
- if ( ( substr( $invalue, $i, 1 ) == ";" ) && ( strlen( $hexstring ) <= 6 ) ) {
- $codepoint = hexdec( $hexstring );
- $result .= UtfNormal\Utils::codepointToUtf8( $codepoint );
- } else {
- $result .= "&#x" . $hexstring . substr( $invalue, $i, 1 );
- }
- } else {
- $result .= substr( $invalue, $i, 1 );
- }
- }
- // reverse the transform that we made for reversibility reasons.
- return strtr( $result, [ "�" => "&#x" ] );
+ return $text;
}
/**
* @since 1.29
*/
protected function addLongPageWarningHeader() {
- global $wgMaxArticleSize;
-
if ( $this->contentLength === false ) {
$this->contentLength = strlen( $this->textbox1 );
}
$out = $this->context->getOutput();
$lang = $this->context->getLanguage();
- if ( $this->tooBig || $this->contentLength > $wgMaxArticleSize * 1024 ) {
+ $maxArticleSize = $this->context->getConfig()->get( 'MaxArticleSize' );
+ if ( $this->tooBig || $this->contentLength > $maxArticleSize * 1024 ) {
$out->wrapWikiMsg( "<div class='error' id='mw-edit-longpageerror'>\n$1\n</div>",
[
'longpageerror',
$lang->formatNum( round( $this->contentLength / 1024, 3 ) ),
- $lang->formatNum( $wgMaxArticleSize )
+ $lang->formatNum( $maxArticleSize )
]
);
} else {