dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
(bug 15641) prevent blocked administrators from accessing deleted revisions.
[lhc/web/wiklou.git] / includes / specials / SpecialDeletedContributions.php
1 <?php
2 /**
3 * Implements Special:DeletedContributions
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup SpecialPage
22 */
23
24 /**
25 * Implements Special:DeletedContributions to display archived revisions
26 * @ingroup SpecialPage
27 */
28
29 class DeletedContribsPager extends IndexPager {
30 public $mDefaultDirection = true;
31 var $messages, $target;
32 var $namespace = '', $mDb;
33
34 function __construct( $target, $namespace = false ) {
35 parent::__construct();
36 $msgs = array( 'deletionlog', 'undeleteviewlink', 'diff' );
37 foreach( $msgs as $msg ) {
38 $this->messages[$msg] = wfMsgExt( $msg, array( 'escapenoentities') );
39 }
40 $this->target = $target;
41 $this->namespace = $namespace;
42 $this->mDb = wfGetDB( DB_SLAVE, 'contributions' );
43 }
44
45 function getDefaultQuery() {
46 $query = parent::getDefaultQuery();
47 $query['target'] = $this->target;
48 return $query;
49 }
50
51 function getQueryInfo() {
52 global $wgUser;
53 list( $index, $userCond ) = $this->getUserCond();
54 $conds = array_merge( $userCond, $this->getNamespaceCond() );
55 // Paranoia: avoid brute force searches (bug 17792)
56 if( !$wgUser->isAllowed( 'deletedhistory' ) ) {
57 $conds[] = $this->mDb->bitAnd('ar_deleted',Revision::DELETED_USER) . ' = 0';
58 } elseif( !$wgUser->isAllowed( 'suppressrevision' ) ) {
59 $conds[] = $this->mDb->bitAnd('ar_deleted',Revision::SUPPRESSED_USER) .
60 ' != ' . Revision::SUPPRESSED_USER;
61 }
62 return array(
63 'tables' => array( 'archive' ),
64 'fields' => array(
65 'ar_rev_id', 'ar_namespace', 'ar_title', 'ar_timestamp', 'ar_comment', 'ar_minor_edit',
66 'ar_user', 'ar_user_text', 'ar_deleted', 'ar_len'
67 ),
68 'conds' => $conds,
69 'options' => array( 'USE INDEX' => $index )
70 );
71 }
72
73 function getUserCond() {
74 $condition = array();
75
76 $condition['ar_user_text'] = $this->target;
77 $index = array( 'archive' => 'ar_usertext_timestamp' );
78
79 return array( $index, $condition );
80 }
81
82 function getIndexField() {
83 return 'ar_timestamp';
84 }
85
86 function getStartBody() {
87 return "<ul>\n";
88 }
89
90 function getEndBody() {
91 return "</ul>\n";
92 }
93
94 function getNavigationBar() {
95 global $wgLang;
96
97 if ( isset( $this->mNavigationBar ) ) {
98 return $this->mNavigationBar;
99 }
100 $fmtLimit = $wgLang->formatNum( $this->mLimit );
101 $linkTexts = array(
102 'prev' => wfMsgExt( 'pager-newer-n', array( 'escape', 'parsemag' ), $fmtLimit ),
103 'next' => wfMsgExt( 'pager-older-n', array( 'escape', 'parsemag' ), $fmtLimit ),
104 'first' => wfMsgHtml( 'histlast' ),
105 'last' => wfMsgHtml( 'histfirst' )
106 );
107
108 $pagingLinks = $this->getPagingLinks( $linkTexts );
109 $limitLinks = $this->getLimitLinks();
110 $limits = $wgLang->pipeList( $limitLinks );
111
112 $this->mNavigationBar = "(" . $wgLang->pipeList( array( $pagingLinks['first'], $pagingLinks['last'] ) ) . ") " .
113 wfMsgExt( 'viewprevnext', array( 'parsemag', 'escape', 'replaceafter' ), $pagingLinks['prev'], $pagingLinks['next'], $limits );
114 return $this->mNavigationBar;
115 }
116
117 function getNamespaceCond() {
118 if ( $this->namespace !== '' ) {
119 return array( 'ar_namespace' => (int)$this->namespace );
120 } else {
121 return array();
122 }
123 }
124
125 /**
126 * Generates each row in the contributions list.
127 *
128 * Contributions which are marked "top" are currently on top of the history.
129 * For these contributions, a [rollback] link is shown for users with sysop
130 * privileges. The rollback link restores the most recent version that was not
131 * written by the target user.
132 *
133 * @todo This would probably look a lot nicer in a table.
134 */
135 function formatRow( $row ) {
136 global $wgUser, $wgLang;
137 wfProfileIn( __METHOD__ );
138
139 $sk = $this->getSkin();
140
141 $rev = new Revision( array(
142 'id' => $row->ar_rev_id,
143 'comment' => $row->ar_comment,
144 'user' => $row->ar_user,
145 'user_text' => $row->ar_user_text,
146 'timestamp' => $row->ar_timestamp,
147 'minor_edit' => $row->ar_minor_edit,
148 'deleted' => $row->ar_deleted,
149 ) );
150
151 $page = Title::makeTitle( $row->ar_namespace, $row->ar_title );
152
153 $undelete = SpecialPage::getTitleFor( 'Undelete' );
154
155 $logs = SpecialPage::getTitleFor( 'Log' );
156 $dellog = $sk->linkKnown(
157 $logs,
158 $this->messages['deletionlog'],
159 array(),
160 array(
161 'type' => 'delete',
162 'page' => $page->getPrefixedText()
163 )
164 );
165
166 $reviewlink = $sk->linkKnown(
167 SpecialPage::getTitleFor( 'Undelete', $page->getPrefixedDBkey() ),
168 $this->messages['undeleteviewlink']
169 );
170
171 if( $wgUser->isAllowed('deletedtext') ) {
172 $last = $sk->linkKnown(
173 $undelete,
174 $this->messages['diff'],
175 array(),
176 array(
177 'target' => $page->getPrefixedText(),
178 'timestamp' => $rev->getTimestamp(),
179 'diff' => 'prev'
180 )
181 );
182 } else {
183 $last = $this->messages['diff'];
184 }
185
186 $comment = $sk->revComment( $rev );
187 $date = htmlspecialchars( $wgLang->timeanddate( $rev->getTimestamp(), true ) );
188
189 if( !$wgUser->isAllowed('undelete') || !$rev->userCan(Revision::DELETED_TEXT) ) {
190 $link = $date; // unusable link
191 } else {
192 $link = $sk->linkKnown(
193 $undelete,
194 $date,
195 array(),
196 array(
197 'target' => $page->getPrefixedText(),
198 'timestamp' => $rev->getTimestamp()
199 )
200 );
201 }
202 // Style deleted items
203 if( $rev->isDeleted( Revision::DELETED_TEXT ) ) {
204 $link = '<span class="history-deleted">' . $link . '</span>';
205 }
206
207 $pagelink = $sk->link( $page );
208
209 if( $rev->isMinor() ) {
210 $mflag = ChangesList::flag( 'minor' );
211 } else {
212 $mflag = '';
213 }
214
215 // Revision delete link
216 $canHide = $wgUser->isAllowed( 'deleterevision' );
217 if( $canHide || ($rev->getVisibility() && $wgUser->isAllowed('deletedhistory')) ) {
218 if( !$rev->userCan( Revision::DELETED_RESTRICTED ) ) {
219 $del = $this->mSkin->revDeleteLinkDisabled( $canHide ); // revision was hidden from sysops
220 } else {
221 $query = array(
222 'type' => 'archive',
223 'target' => $page->getPrefixedDbkey(),
224 'ids' => $rev->getTimestamp() );
225 $del = $this->mSkin->revDeleteLink( $query,
226 $rev->isDeleted( Revision::DELETED_RESTRICTED ), $canHide ) . ' ';
227 }
228 } else {
229 $del = '';
230 }
231
232 $tools = Html::rawElement(
233 'span',
234 array( 'class' => 'mw-deletedcontribs-tools' ),
235 wfMsg( 'parentheses', $wgLang->pipeList( array( $last, $dellog, $reviewlink ) ) )
236 );
237
238 $diffOut = Linker::formatRevisionSize( $row->ar_len );
239 $ret = "{$del}{$link} {$tools} . . {$mflag} {$diffOut} {$pagelink} {$comment}";
240
241 # Denote if username is redacted for this edit
242 if( $rev->isDeleted( Revision::DELETED_USER ) ) {
243 $ret .= " <strong>" . wfMsgHtml('rev-deleted-user-contribs') . "</strong>";
244 }
245
246 $ret = Html::rawElement( 'li', array(), $ret ) . "\n";
247
248 wfProfileOut( __METHOD__ );
249 return $ret;
250 }
251
252 /**
253 * Get the Database object in use
254 *
255 * @return Database
256 */
257 public function getDatabase() {
258 return $this->mDb;
259 }
260 }
261
262 class DeletedContributionsPage extends SpecialPage {
263 function __construct() {
264 parent::__construct( 'DeletedContributions', 'deletedhistory',
265 /*listed*/ true, /*function*/ false, /*file*/ false );
266 }
267
268 /**
269 * Special page "deleted user contributions".
270 * Shows a list of the deleted contributions of a user.
271 *
272 * @return none
273 * @param $par String: (optional) user name of the user for which to show the contributions
274 */
275 function execute( $par ) {
276 global $wgUser;
277 $this->setHeaders();
278
279 if ( !$this->userCanExecute( $wgUser ) ) {
280 $this->displayRestrictionError();
281 return;
282 }
283
284 if( $wgUser->isBlocked() ){
285 throw new UserBlockedError( $wgUser->getBlock() );
286 }
287
288 global $wgOut, $wgRequest;
289
290 $wgOut->setPageTitle( wfMsgExt( 'deletedcontributions-title', array( 'parsemag' ) ) );
291
292 $options = array();
293
294 if ( isset( $par ) ) {
295 $target = $par;
296 } else {
297 $target = $wgRequest->getVal( 'target' );
298 }
299
300 if ( !strlen( $target ) ) {
301 $wgOut->addHTML( $this->getForm( '' ) );
302 return;
303 }
304
305 $options['limit'] = $wgRequest->getInt( 'limit', 50 );
306 $options['target'] = $target;
307
308 $nt = Title::makeTitleSafe( NS_USER, $target );
309 if ( !$nt ) {
310 $wgOut->addHTML( $this->getForm( '' ) );
311 return;
312 }
313 $id = User::idFromName( $nt->getText() );
314
315 $target = $nt->getText();
316 $wgOut->setSubtitle( $this->getSubTitle( $nt, $id ) );
317
318 if ( ( $ns = $wgRequest->getVal( 'namespace', null ) ) !== null && $ns !== '' ) {
319 $options['namespace'] = intval( $ns );
320 } else {
321 $options['namespace'] = '';
322 }
323
324 $wgOut->addHTML( $this->getForm( $options ) );
325
326 $pager = new DeletedContribsPager( $target, $options['namespace'] );
327 if ( !$pager->getNumRows() ) {
328 $wgOut->addWikiMsg( 'nocontribs' );
329 return;
330 }
331
332 # Show a message about slave lag, if applicable
333 if( ( $lag = $pager->getDatabase()->getLag() ) > 0 )
334 $wgOut->showLagWarning( $lag );
335
336 $wgOut->addHTML(
337 '<p>' . $pager->getNavigationBar() . '</p>' .
338 $pager->getBody() .
339 '<p>' . $pager->getNavigationBar() . '</p>' );
340
341 # If there were contributions, and it was a valid user or IP, show
342 # the appropriate "footer" message - WHOIS tools, etc.
343 if( $target != 'newbies' ) {
344 $message = IP::isIPAddress( $target )
345 ? 'sp-contributions-footer-anon'
346 : 'sp-contributions-footer';
347
348 if( !wfMessage( $message )->isDisabled() ) {
349 $wgOut->wrapWikiMsg( "<div class='mw-contributions-footer'>\n$1\n</div>", array( $message, $target ) );
350 }
351 }
352 }
353
354 /**
355 * Generates the subheading with links
356 * @param $nt Title object for the target
357 * @param $id Integer: User ID for the target
358 * @return String: appropriately-escaped HTML to be output literally
359 * @todo FIXME: Almost the same as contributionsSub in SpecialContributions.php. Could be combined.
360 */
361 function getSubTitle( $nt, $id ) {
362 global $wgLang, $wgUser, $wgOut;
363
364 $sk = $this->getSkin();
365
366 if ( $id === null ) {
367 $user = htmlspecialchars( $nt->getText() );
368 } else {
369 $user = $sk->link( $nt, htmlspecialchars( $nt->getText() ) );
370 }
371 $userObj = User::newFromName( $nt->getText(), /* check for username validity not needed */ false );
372 $talk = $nt->getTalkPage();
373 if( $talk ) {
374 # Talk page link
375 $tools[] = $sk->link( $talk, wfMsgHtml( 'sp-contributions-talk' ) );
376 if( ( $id !== null ) || ( $id === null && IP::isIPAddress( $nt->getText() ) ) ) {
377 if( $wgUser->isAllowed( 'block' ) ) { # Block / Change block / Unblock links
378 if ( $userObj->isBlocked() ) {
379 $tools[] = $sk->linkKnown( # Change block link
380 SpecialPage::getTitleFor( 'Block', $nt->getDBkey() ),
381 wfMsgHtml( 'change-blocklink' )
382 );
383 $tools[] = $sk->linkKnown( # Unblock link
384 SpecialPage::getTitleFor( 'BlockList' ),
385 wfMsgHtml( 'unblocklink' ),
386 array(),
387 array(
388 'action' => 'unblock',
389 'ip' => $nt->getDBkey()
390 )
391 );
392 }
393 else { # User is not blocked
394 $tools[] = $sk->linkKnown( # Block link
395 SpecialPage::getTitleFor( 'Block', $nt->getDBkey() ),
396 wfMsgHtml( 'blocklink' )
397 );
398 }
399 }
400 # Block log link
401 $tools[] = $sk->linkKnown(
402 SpecialPage::getTitleFor( 'Log' ),
403 wfMsgHtml( 'sp-contributions-blocklog' ),
404 array(),
405 array(
406 'type' => 'block',
407 'page' => $nt->getPrefixedText()
408 )
409 );
410 }
411 # Other logs link
412 $tools[] = $sk->linkKnown(
413 SpecialPage::getTitleFor( 'Log' ),
414 wfMsgHtml( 'sp-contributions-logs' ),
415 array(),
416 array( 'user' => $nt->getText() )
417 );
418 # Link to contributions
419 $tools[] = $sk->linkKnown(
420 SpecialPage::getTitleFor( 'Contributions', $nt->getDBkey() ),
421 wfMsgHtml( 'sp-deletedcontributions-contribs' )
422 );
423
424 # Add a link to change user rights for privileged users
425 $userrightsPage = new UserrightsPage();
426 if( $id !== null && $userrightsPage->userCanChangeRights( User::newFromId( $id ) ) ) {
427 $tools[] = $sk->linkKnown(
428 SpecialPage::getTitleFor( 'Userrights', $nt->getDBkey() ),
429 wfMsgHtml( 'sp-contributions-userrights' )
430 );
431 }
432
433 wfRunHooks( 'ContributionsToolLinks', array( $id, $nt, &$tools ) );
434
435 $links = $wgLang->pipeList( $tools );
436
437 // Show a note if the user is blocked and display the last block log entry.
438 if ( $userObj->isBlocked() ) {
439 LogEventsList::showLogExtract(
440 $wgOut,
441 'block',
442 $nt->getPrefixedText(),
443 '',
444 array(
445 'lim' => 1,
446 'showIfEmpty' => false,
447 'msgKey' => array(
448 'sp-contributions-blocked-notice',
449 $nt->getText() # Support GENDER in 'sp-contributions-blocked-notice'
450 ),
451 'offset' => '' # don't use $wgRequest parameter offset
452 )
453 );
454 }
455 }
456
457 // Old message 'contribsub' had one parameter, but that doesn't work for
458 // languages that want to put the "for" bit right after $user but before
459 // $links. If 'contribsub' is around, use it for reverse compatibility,
460 // otherwise use 'contribsub2'.
461 if( wfEmptyMsg( 'contribsub' ) ) {
462 return wfMsgHtml( 'contribsub2', $user, $links );
463 } else {
464 return wfMsgHtml( 'contribsub', "$user ($links)" );
465 }
466 }
467
468 /**
469 * Generates the namespace selector form with hidden attributes.
470 * @param $options Array: the options to be included.
471 */
472 function getForm( $options ) {
473 global $wgScript;
474
475 $options['title'] = SpecialPage::getTitleFor( 'DeletedContributions' )->getPrefixedText();
476 if ( !isset( $options['target'] ) ) {
477 $options['target'] = '';
478 } else {
479 $options['target'] = str_replace( '_' , ' ' , $options['target'] );
480 }
481
482 if ( !isset( $options['namespace'] ) ) {
483 $options['namespace'] = '';
484 }
485
486 if ( !isset( $options['contribs'] ) ) {
487 $options['contribs'] = 'user';
488 }
489
490 if ( $options['contribs'] == 'newbie' ) {
491 $options['target'] = '';
492 }
493
494 $f = Xml::openElement( 'form', array( 'method' => 'get', 'action' => $wgScript ) );
495
496 foreach ( $options as $name => $value ) {
497 if ( in_array( $name, array( 'namespace', 'target', 'contribs' ) ) ) {
498 continue;
499 }
500 $f .= "\t" . Html::hidden( $name, $value ) . "\n";
501 }
502
503 $f .= Xml::openElement( 'fieldset' ) .
504 Xml::element( 'legend', array(), wfMsg( 'sp-contributions-search' ) ) .
505 Xml::tags( 'label', array( 'for' => 'target' ), wfMsgExt( 'sp-contributions-username', 'parseinline' ) ) . ' ' .
506 Html::input( 'target', $options['target'], 'text', array(
507 'size' => '20',
508 'required' => ''
509 ) + ( $options['target'] ? array() : array( 'autofocus' ) ) ) . ' '.
510 Xml::label( wfMsg( 'namespace' ), 'namespace' ) . ' ' .
511 Xml::namespaceSelector( $options['namespace'], '' ) . ' ' .
512 Xml::submitButton( wfMsg( 'sp-contributions-submit' ) ) .
513 Xml::closeElement( 'fieldset' ) .
514 Xml::closeElement( 'form' );
515 return $f;
516 }
517 }
Wiklou, le Wiki du Wiklou