From 68d86e98900e9e7fdc10a43ec43c04d4208a3e89 Mon Sep 17 00:00:00 2001 From: Michael Dale Date: Wed, 23 Sep 2009 15:00:35 +0000 Subject: [PATCH] before processing wikipage js :: * make sure its a valid wikipage * in the User or MediaWiki namespace * and ends with .js * removed $wgEnableScriptLoaderJsFile support for "file" based includes. (was a off by default config option that I don't see much use for) --- includes/DefaultSettings.php | 8 +---- js2/mwEmbed/jsScriptLoader.php | 56 +++++++++++++++------------------- js2/mwEmbed/mv_embed.js | 49 +++++++++++++++-------------- 3 files changed, 51 insertions(+), 62 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 440c308c21..a4050d27ef 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -2787,13 +2787,7 @@ $wgScriptModifiedCheck = true; $wgEnableJS2system = false; /* - * boolean; if relative file paths can be used (in addition to the autoload - * js classes listed in: $wgJSAutoloadClasses) - */ -$wgEnableScriptLoaderJsFile = false; - -/* - * boolean; if we should minify the output. (note if you send ?debug=true in + * boolean; if we should minify the output. (note if you send ?debug=true in * the page request it will automatically not group and not minify) */ $wgEnableScriptMinify = true; diff --git a/js2/mwEmbed/jsScriptLoader.php b/js2/mwEmbed/jsScriptLoader.php index 56f400a616..7d3fbf9294 100644 --- a/js2/mwEmbed/jsScriptLoader.php +++ b/js2/mwEmbed/jsScriptLoader.php @@ -22,11 +22,11 @@ class jsScriptLoader { var $jsvarurl = false; // whether we should include generated JS (special class '-') var $doProcReqFlag = true; - //@@todo fix: will break down if someone does }); in their msg text + //@@todo fix: will break down if someone does }) in their msg text const loadGMregEx = '/loadGM\s*\(\s*{(.*)}\s*\)\s*/siU'; function doScriptLoader() { - global $wgJSAutoloadClasses, $wgJSAutoloadLocalClasses, $wgEnableScriptLoaderJsFile, $IP, + global $wgJSAutoloadClasses, $wgJSAutoloadLocalClasses, $IP, $wgEnableScriptMinify, $wgUseFileCache; // Process the request @@ -168,7 +168,7 @@ class jsScriptLoader { */ function procRequestVars() { global $wgContLanguageCode, $wgEnableScriptMinify, $wgJSAutoloadClasses, - $wgJSAutoloadLocalClasses, $wgStyleVersion, $wgEnableScriptLoaderJsFile; + $wgJSAutoloadLocalClasses, $wgStyleVersion; // Set debug flag if ( ( isset( $_GET['debug'] ) && $_GET['debug'] == 'true' ) || ( isset( $wgEnableScriptDebug ) && $wgEnableScriptDebug == true ) ) { @@ -194,11 +194,27 @@ class jsScriptLoader { // Clean the class list and populate jsFileList foreach ( $reqClassList as $reqClass ) { if ( trim( $reqClass ) != '' ) { - // Check for special case '-' class for user-generated JS if ( substr( $reqClass, 0, 3 ) == 'WT:' ) { - $this->jsFileList[$reqClass] = true; - $this->rKey .= $reqClass; - $this->jsvarurl = true; + $doAddWT = false; + // Check for special case '-' class for user-generated JS + if( substr( $reqClass, 3, 1) == '-'){ + $doAddWT = true; + }else{ + if( strtolower( substr( $reqClass, -3) ) == '.js'){ + //make sure its a valid wikipage before doing processing + $t = Title::newFromDBkey( substr( $reqClass, 3) ); + if( $t->exists() + && $t->getNamespace == NS_MEDIAWIKI + && $t->getNamespace == NS_USER){ + $doAddWT = true; + } + } + } + if( $doAddWT ){ + $this->jsFileList[$reqClass] = true; + $this->rKey .= $reqClass; + $this->jsvarurl = true; + } continue; } @@ -215,29 +231,7 @@ class jsScriptLoader { } } - // Check for requested files, if enabled - if ( $wgEnableScriptLoaderJsFile ) { - if ( isset( $_GET['files'] ) ) { - $reqFileList = explode( ',', isset( $_GET['files'] ) ); - // Clean the file list and populate jsFileList - foreach ( $reqFileList as $reqFile ) { - // No jumping dirs - $reqFile = str_replace( '../', '', $reqFile ); - // Only allow alphanumeric underscores periods and ending with .js - $reqFile = ereg_replace( "[^A-Za-z0-9_\-\/\.]", '', $reqFile ); - if ( substr( $reqFile, - 3 ) == '.js' ) { - // Don't add it twice: - if ( !in_array( $reqFile, $jsFileList ) ) { - $this->jsFileList[] = $IP . $reqFile; - $this->rKey .= $reqFile; - } - } else { - $this->error_msg .= 'Not valid requested JavaScript file' . "\n"; - } - } - } - } - + // Add the language code to the rKey: $this->rKey .= '_' . $wgContLanguageCode; @@ -311,8 +305,6 @@ class jsScriptLoader { // Return the updated loadGM JSON with updated msgs: return 'loadGM( ' . FormatJson::encode( $jmsg ) . ')'; } else { - print_r($jvar); - // Could not parse JSON return error: (maybe a alert?) //we just make a note in the code, visitors will get the fallback language, //developers will read the js source when its not behaving as expected. diff --git a/js2/mwEmbed/mv_embed.js b/js2/mwEmbed/mv_embed.js index ddeffd0eb0..9863d68957 100644 --- a/js2/mwEmbed/mv_embed.js +++ b/js2/mwEmbed/mv_embed.js @@ -554,29 +554,32 @@ var mvJsLoader = { _this.doLoad([ 'window.jQuery' ], function() { - _global['$j'] = jQuery.noConflict(); - - //setup our global settings using the (jQuery helper) - $j.extend( mwConfig, mwConfigOptions); - - // Set up the skin path - _global['mv_jquery_skin_path'] = mv_embed_path + 'jquery/jquery.ui/themes/' +mwConfig['jui_skin'] + '/'; - _global['mv_skin_img_path'] = mv_embed_path + 'skins/' + mwConfig['skin_name'] + '/images/'; - _global['mv_default_thumb_url'] = mv_skin_img_path + 'vid_default_thumb.jpg'; - - // Make sure the skin/style sheets are always available: - loadExternalCss( mv_jquery_skin_path + 'jquery-ui-1.7.1.custom.css' ); - loadExternalCss( mv_embed_path + 'skins/' + mwConfig['skin_name'] + '/styles.css' ); - - // Set up AJAX to not send dynamic URLs for loading scripts (we control that with - // the scriptLoader) - $j.ajaxSetup({ - cache: true - }); - - js_log( 'jQuery loaded into $j' ); - // Set up mvEmbed jQuery bindings: - mv_jqueryBindings(); + //only do the $j setup once: + if(!_global['$j']){ + _global['$j'] = jQuery.noConflict(); + + //setup our global settings using the (jQuery helper) + $j.extend( mwConfig, mwConfigOptions); + + // Set up the skin path + _global['mv_jquery_skin_path'] = mv_embed_path + 'jquery/jquery.ui/themes/' +mwConfig['jui_skin'] + '/'; + _global['mv_skin_img_path'] = mv_embed_path + 'skins/' + mwConfig['skin_name'] + '/images/'; + _global['mv_default_thumb_url'] = mv_skin_img_path + 'vid_default_thumb.jpg'; + + // Make sure the skin/style sheets are always available: + loadExternalCss( mv_jquery_skin_path + 'jquery-ui-1.7.1.custom.css' ); + loadExternalCss( mv_embed_path + 'skins/' + mwConfig['skin_name'] + '/styles.css' ); + + // Set up AJAX to not send dynamic URLs for loading scripts (we control that with + // the scriptLoader) + $j.ajaxSetup({ + cache: true + }); + + js_log( 'jQuery loaded into $j' ); + // Set up mvEmbed jQuery bindings: + mv_jqueryBindings(); + } // Run the callback if( callback ) { callback(); -- 2.20.1