From c388d1e0e17026b618a586e2bd7c799135b97b05 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@users.mediawiki.org>
Date: Mon, 24 Nov 2003 08:41:40 +0000
Subject: [PATCH] Fix double-compression; fix missing deletion reason; fix html
 insertion attack; fix deletion text check for non-0 namespaces

---
 includes/Article.php | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/includes/Article.php b/includes/Article.php
index 7592c7b3a6..3d99d4eb14 100644
--- a/includes/Article.php
+++ b/includes/Article.php
@@ -314,8 +314,6 @@ class Article {
 			$s = wfMsg( "redirectedfrom", $redir );
 			$wgOut->setSubtitle( $s );
 		}
-		$wgOut->checkLastModified( $this->mTouched );
-		$this->tryFileCache();
 		$wgLinkCache->preFill( $this->mTitle );
 		$wgOut->addWikiText( $text );
 
@@ -720,7 +718,7 @@ class Article {
 			return;
 		}
 
-		if ( $wpConfirm ) {
+		if ( $_POST["wpConfirm"] ) {
 			$this->doDelete();
 			return;
 		}
@@ -728,15 +726,18 @@ class Article {
 		# determine whether this page has earlier revisions
 		# and insert a warning if it does
 		# we select the text because it might be useful below
-		$sql="SELECT old_text FROM old WHERE old_namespace=0 and old_title='" . wfStrencode($this->mTitle->getPrefixedDBkey())."' ORDER BY inverse_timestamp LIMIT 1";
-		$res=wfQuery($sql, DB_READ, $fname);
+		$ns = $this->mTitle->getNamespace();
+		$title = $this->mTitle->getDBkey();
+		$etitle = wfStrencode( $title );
+		$sql = "SELECT old_text FROM old WHERE old_namespace=$ns and old_title='$etitle' ORDER BY inverse_timestamp LIMIT 1";
+		$res = wfQuery( $sql, DB_READ, $fname );
 		if( ($old=wfFetchObject($res)) && !$wpConfirm ) {
 			$skin=$wgUser->getSkin();
 			$wgOut->addHTML("<B>".wfMsg("historywarning"));
 			$wgOut->addHTML( $skin->historyLink() ."</B><P>");
 		}
 
-		$sql="SELECT cur_text FROM cur WHERE cur_namespace=0 and cur_title='" . wfStrencode($this->mTitle->getPrefixedDBkey())."'";
+		$sql="SELECT cur_text FROM cur WHERE cur_namespace=$ns and cur_title='$etitle'";
 		$res=wfQuery($sql, DB_READ, $fname);
 		if( ($s=wfFetchObject($res))) {
 
@@ -786,6 +787,7 @@ class Article {
 	function confirmDelete( $par = "" )
 	{
 		global $wgOut;
+		global $wpReason;
 
 		wfDebug( "Article::confirmDelete\n" );
 		
@@ -805,7 +807,7 @@ class Article {
 <form id=\"deleteconfirm\" method=\"post\" action=\"{$formaction}\">
 <table border=0><tr><td align=right>
 {$delcom}:</td><td align=left>
-<input type=text size=60 name=\"wpReason\" value=\"{$wpReason}\">
+<input type=text size=60 name=\"wpReason\" value=\"" . htmlspecialchars( $wpReason ) . "\">
 </td></tr><tr><td>&nbsp;</td></tr>
 <tr><td align=right>
 <input type=checkbox name=\"wpConfirm\" value='1' id=\"wpConfirm\">
@@ -1165,6 +1167,12 @@ class Article {
 	/* Caching functions */
 	
 	function tryFileCache() {
+		static $called = false;
+		if( $called ) {
+			wfDebug( " tryFileCache() -- called twice!?\n" );
+			return;
+		}
+		$called = true;
 		if($this->isFileCacheable()) {
 			$touched = $this->mTouched;
 			if( strpos( $this->mContent, "{{" ) !== false ) {
-- 
2.20.1


{$delcom}:	- +

@@ -1165,6 +1167,12 @@ class Article { /* Caching functions */ function tryFileCache() { + static $called = false; + if( $called ) { + wfDebug( " tryFileCache() -- called twice!?\n" ); + return; + } + $called = true; if($this->isFileCacheable()) { $touched = $this->mTouched; if( strpos( $this->mContent, "{{" ) !== false ) { -- 2.20.1