X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=includes%2FParser.php;h=5d5c4b4a111590dea58bfd75a41d5eb5584b0e99;hb=8da9fca6c03fa8b2ca8bc83f8704e1219aa3904d;hp=dbab5c239ff8e5c0c1b237683566afd7c0963cbe;hpb=11eca563edfff1e4df2f059f2e051bcb2616132c;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Parser.php b/includes/Parser.php index dbab5c239f..5d5c4b4a11 100644 --- a/includes/Parser.php +++ b/includes/Parser.php @@ -157,6 +157,15 @@ class Parser wfRunHooks( 'ParserClearState', array( &$this ) ); } + /** + * Accessor for mUniqPrefix. + * + * @access public + */ + function UniqPrefix() { + return $this->mUniqPrefix; + } + /** * Convert wikitext to HTML * Do not call this function recursively. @@ -176,7 +185,7 @@ class Parser * to internalParse() which does all the real work. */ - global $wgUseTidy, $wgContLang; + global $wgUseTidy, $wgAlwaysUseTidy, $wgContLang; $fname = 'Parser::parse'; wfProfileIn( $fname ); @@ -237,7 +246,7 @@ class Parser $text = Sanitizer::normalizeCharReferences( $text ); - if ($wgUseTidy) { + if (($wgUseTidy and $this->mOptions->mTidy) or $wgAlwaysUseTidy) { $text = Parser::tidy($text); } @@ -1112,19 +1121,23 @@ class Parser # Replace & from obsolete syntax with &. # All HTML entities will be escaped by makeExternalLink() - # or maybeMakeExternalImage() $url = str_replace( '&', '&', $url ); + # Replace unnecessary URL escape codes with the referenced character + # This prevents spammers from hiding links from the filters + $url = Parser::replaceUnusualEscapes( $url ); # Process the trail (i.e. everything after this link up until start of the next link), # replacing any non-bracketed links $trail = $this->replaceFreeExternalLinks( $trail ); - # Use the encoded URL # This means that users can paste URLs directly into the text # Funny characters like ö aren't valid in URLs anyway # This was changed in August 2004 $s .= $sk->makeExternalLink( $url, $text, false, $linktype ) . $dtrail . $trail; + + # Register link in the output object + $this->mOutput->addExternalLink( $url ); } wfProfileOut( $fname ); @@ -1180,12 +1193,16 @@ class Parser # All HTML entities will be escaped by makeExternalLink() # or maybeMakeExternalImage() $url = str_replace( '&', '&', $url ); + # Replace unnecessary URL escape codes with their equivalent characters + $url = Parser::replaceUnusualEscapes( $url ); # Is this an external image? $text = $this->maybeMakeExternalImage( $url ); if ( $text === false ) { # Not an image, make a link $text = $sk->makeExternalLink( $url, $wgContLang->markNoConversion($url), true, 'free' ); + # Register it in the output object + $this->mOutput->addExternalLink( $url ); } $s .= $text . $trail; } else { @@ -1196,6 +1213,36 @@ class Parser return $s; } + /** + * Replace unusual URL escape codes with their equivalent characters + * @param string + * @return string + * @static + */ + function replaceUnusualEscapes( $url ) { + return preg_replace_callback( '/%[0-9A-Fa-f]{2}/', + array( 'Parser', 'replaceUnusualEscapesCallback' ), $url ); + } + + /** + * Callback function used in replaceUnusualEscapes(). + * Replaces unusual URL escape codes with their equivalent character + * @static + * @access private + */ + function replaceUnusualEscapesCallback( $matches ) { + $char = urldecode( $matches[0] ); + $ord = ord( $char ); + // Is it an unsafe or HTTP reserved character according to RFC 1738? + if ( $ord > 32 && $ord < 127 && strpos( '<>"#{}|\^~[]`;/?', $char ) === false ) { + // No, shouldn't be escaped + return $char; + } else { + // Yes, leave it escaped + return $matches[0]; + } + } + /** * make an image if it's allowed, either through the global * option or through the exception @@ -1977,7 +2024,9 @@ class Parser case MAG_CURRENTTIME: return $varCache[$index] = $wgContLang->time( wfTimestamp( TS_MW, $ts ), false, false ); case MAG_CURRENTWEEK: - return $varCache[$index] = $wgContLang->formatNum( date( 'W', $ts ) ); + // @bug 4594 PHP5 has it zero padded, PHP4 does not, cast to + // int to remove the padding + return $varCache[$index] = $wgContLang->formatNum( (int)date( 'W', $ts ) ); case MAG_CURRENTDOW: return $varCache[$index] = $wgContLang->formatNum( date( 'w', $ts ) ); case MAG_NUMBEROFARTICLES: @@ -2310,6 +2359,8 @@ class Parser $found = false; $nowiki = false; $noparse = false; + $replaceHeadings = false; + $isHTML = false; $title = NULL; @@ -2374,7 +2425,7 @@ class Parser # Check for NS: (namespace expansion) $mwNs = MagicWord::get( MAG_NS ); if ( $mwNs->matchStartAndRemove( $part1 ) ) { - if ( intval( $part1 ) ) { + if ( intval( $part1 ) || $part1 == "0" ) { $text = $linestart . $wgContLang->getNsText( intval( $part1 ) ); $found = true; } else { @@ -2482,8 +2533,6 @@ class Parser } # Load from database - $replaceHeadings = false; - $isHTML = false; $lastPathLevel = $this->mTemplatePath; if ( !$found ) { $ns = NS_TEMPLATE; @@ -2493,49 +2542,51 @@ class Parser } $title = Title::newFromText( $part1, $ns ); - if ($title) { - $interwiki = Title::getInterwikiLink($title->getInterwiki()); - if ($interwiki != '' && $title->isTrans()) { - return $this->scarytransclude($title, $interwiki); - } - } - - if ( !is_null( $title ) && !$title->isExternal() ) { - # Check for excessive inclusion - $dbk = $title->getPrefixedDBkey(); - if ( $this->incrementIncludeCount( $dbk ) ) { - if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() ) { - # Capture special page output - $text = SpecialPage::capturePath( $title ); - if ( is_string( $text ) ) { - $found = true; - $noparse = true; - $isHTML = true; - $this->disableCache(); - } - } else { - $article = new Article( $title ); - $articleContent = $article->fetchContent(0, false); - if ( $articleContent !== false ) { - $found = true; - $text = $articleContent; - $replaceHeadings = true; + if ( !is_null( $title ) ) { + if ( !$title->isExternal() ) { + # Check for excessive inclusion + $dbk = $title->getPrefixedDBkey(); + if ( $this->incrementIncludeCount( $dbk ) ) { + if ( $title->getNamespace() == NS_SPECIAL && $this->mOptions->getAllowSpecialInclusion() ) { + # Capture special page output + $text = SpecialPage::capturePath( $title ); + if ( is_string( $text ) ) { + $found = true; + $noparse = true; + $isHTML = true; + $this->disableCache(); + } + } else { + $articleContent = $this->fetchTemplate( $title ); + if ( $articleContent !== false ) { + $found = true; + $text = $articleContent; + $replaceHeadings = true; + } } - # Register a template reference whether or not the template exists - $this->mOutput->addTemplate( $title, $article->getID() ); } - } - # If the title is valid but undisplayable, make a link to it - if ( $this->mOutputType == OT_HTML && !$found ) { - $text = '[['.$title->getPrefixedText().']]'; - $found = true; - } + # If the title is valid but undisplayable, make a link to it + if ( $this->mOutputType == OT_HTML && !$found ) { + $text = '[['.$title->getPrefixedText().']]'; + $found = true; + } - # Template cache array insertion - if( $found ) { - $this->mTemplates[$part1] = $text; - $text = $linestart . $text; + # Template cache array insertion + if( $found ) { + $this->mTemplates[$part1] = $text; + $text = $linestart . $text; + } + } elseif ( $title->isTrans() ) { + // Interwiki transclusion + if ( $this->mOutputType == OT_HTML ) { + $text = $this->interwikiTransclude( $title, 'render' ); + $isHTML = true; + $noparse = true; + } else { + $text = $this->interwikiTransclude( $title, 'raw' ); + } + $found = true; } } } @@ -2646,41 +2697,71 @@ class Parser } /** - * Translude an interwiki link. + * Fetch the unparsed text of a template and register a reference to it. */ - function scarytransclude($title, $interwiki) { - global $wgEnableScaryTranscluding; + function fetchTemplate( $title ) { + $text = false; + // Loop to fetch the article, with up to 1 redirect + for ( $i = 0; $i < 2 && is_object( $title ); $i++ ) { + $rev = Revision::newFromTitle( $title ); + $this->mOutput->addTemplate( $title, $title->getArticleID() ); + if ( !$rev ) { + break; + } + $text = $rev->getText(); + if ( $text === false ) { + break; + } + // Redirect? + $title = Title::newFromRedirect( $text ); + } + return $text; + } + + /** + * Transclude an interwiki link. + */ + function interwikiTransclude( $title, $action ) { + global $wgEnableScaryTranscluding, $wgCanonicalNamespaceNames; if (!$wgEnableScaryTranscluding) return wfMsg('scarytranscludedisabled'); - $articlename = "Template:" . $title->getDBkey(); - $url = str_replace('$1', urlencode($articlename), $interwiki); + // The namespace will actually only be 0 or 10, depending on whether there was a leading : + // But we'll handle it generally anyway + if ( $title->getNamespace() ) { + // Use the canonical namespace, which should work anywhere + $articleName = $wgCanonicalNamespaceNames[$title->getNamespace()] . ':' . $title->getDBkey(); + } else { + $articleName = $title->getDBkey(); + } + + $url = str_replace('$1', urlencode($articleName), Title::getInterwikiLink($title->getInterwiki())); + $url .= "?action=$action"; if (strlen($url) > 255) return wfMsg('scarytranscludetoolong'); - $text = $this->fetchScaryTemplateMaybeFromCache($url); - $this->mIWTransData[] = $text; - return ""; + return $this->fetchScaryTemplateMaybeFromCache($url); } function fetchScaryTemplateMaybeFromCache($url) { + global $wgTranscludeCacheExpiry; $dbr =& wfGetDB(DB_SLAVE); $obj = $dbr->selectRow('transcache', array('tc_time', 'tc_contents'), array('tc_url' => $url)); if ($obj) { $time = $obj->tc_time; $text = $obj->tc_contents; - if ($time && $time < (time() + (60*60))) { + if ($time && time() < $time + $wgTranscludeCacheExpiry ) { return $text; } } - $text = wfGetHTTP($url . '?action=render'); + $text = wfGetHTTP($url); if (!$text) return wfMsg('scarytranscludefailed', $url); $dbw =& wfGetDB(DB_MASTER); - $dbw->replace('transcache', array(), array( + $dbw->replace('transcache', array('tc_url'), array( 'tc_url' => $url, 'tc_time' => time(), 'tc_contents' => $text)); @@ -3133,14 +3214,6 @@ class Parser function pstPass2( $text, &$user ) { global $wgContLang, $wgLocaltimezone; - # Variable replacement - # Because mOutputType is OT_WIKI, this will only process {{subst:xxx}} type tags - $text = $this->replaceVariables( $text ); - - # Signatures - # - $sigText = $this->getUserSig( $user ); - /* Note: This is the timestamp saved as hardcoded wikitext to * the database, we use $wgContLang here in order to give * everyone the same signiture and use the default one rather @@ -3156,9 +3229,17 @@ class Parser putenv( 'TZ='.$oldtz ); } - $text = preg_replace( '/~~~~~/', $d, $text ); - $text = preg_replace( '/~~~~/', "$sigText $d", $text ); - $text = preg_replace( '/~~~/', $sigText, $text ); + # Variable replacement + # Because mOutputType is OT_WIKI, this will only process {{subst:xxx}} type tags + $text = $this->replaceVariables( $text ); + + # Signatures + $sigText = $this->getUserSig( $user ); + $text = strtr( $text, array( + '~~~~~' => $d, + '~~~~' => "$sigText $d", + '~~~' => $sigText + ) ); # Context links: [[|name]] and [[name (context)|]] # @@ -3207,53 +3288,60 @@ class Parser * @access private */ function getUserSig( &$user ) { - $name = $user->getName(); - $nick = trim( $user->getOption( 'nickname' ) ); - if ( '' == $nick ) { - $nick = $name; - } - - if( $user->getOption( 'fancysig' ) ) { - // A wikitext signature. - $valid = $this->validateSig( $nick ); - if( $valid === false ) { - // Fall back to default sig - $nick = $name; - wfDebug( "Parser::getUserSig: $name has bad XML tags in signature.\n" ); + global $wgContLang; + + $username = $user->getName(); + $nickname = $user->getOption( 'nickname' ); + $nickname = $nickname === '' ? $username : $nickname; + + if( $user->getBoolOption( 'fancysig' ) !== false ) { + # Sig. might contain markup; validate this + if( $this->validateSig( $nickname ) !== false ) { + # Validated; clean up (if needed) and return it + return( $this->cleanSig( $nickname ) ); } else { - return $nick; + # Failed to validate; fall back to the default + $nickname = $username; + wfDebug( "Parser::getUserSig: $username has bad XML tags in signature.\n" ); } } - // Plain text linking to the user's homepage - global $wgContLang; - $page = $user->getUserPage(); - return '[[' . - $page->getPrefixedText() . - "|" . - wfEscapeWikIText( $nick ) . - "]]"; + # If we're still here, make it a link to the user page + $userpage = $user->getUserPage(); + return( '[[' . $userpage->getPrefixedText() . '|' . wfEscapeWikiText( $nickname ) . ']]' ); } /** - * We want to enforce two rules on wikitext sigs here: - * 1) Expand any templates at save time (forced subst:) - * 2) Check for unbalanced XML tags, and reject if so. + * Check that the user's signature contains no bad XML * * @param string $text * @return mixed An expanded string, or false if invalid. - * - * @todo Run brace substitutions - * @todo ?? Check for unbalanced '' and ''' quotes, etc */ function validateSig( $text ) { - if( wfIsWellFormedXmlFragment( $text ) ) { - return $text; - } else { - return false; - } + return( wfIsWellFormedXmlFragment( $text ) ? $text : false ); } + + /** + * Clean up signature text + * + * 1) Strip ~~~, ~~~~ and ~~~~~ out of signatures + * 2) Substitute all transclusions + * + * @param string $text + * @return string Signature text + */ + function cleanSig( $text ) { + $substWord = MagicWord::get( MAG_SUBST ); + $substRegex = '/\{\{(?!(?:' . $substWord->getBaseRegex() . '))/x' . $substWord->getRegexCase(); + $substText = '{{' . $substWord->getSynonym( 0 ); + $text = preg_replace( $substRegex, $substText, $text ); + $text = preg_replace( '/~{3,5}/', '', $text ); + $text = $this->replaceVariables( $text ); + + return $text; + } + /** * Set up some variables which are usually set up in parse() * so that an external function can call some class members with confidence @@ -3280,12 +3368,16 @@ class Parser global $wgTitle; static $executing = false; + $fname = "Parser::transformMsg"; + # Guard against infinite recursion if ( $executing ) { return $text; } $executing = true; + wfProfileIn($fname); + $this->mTitle = $wgTitle; $this->mOptions = $options; $this->mOutputType = OT_MSG; @@ -3293,6 +3385,7 @@ class Parser $text = $this->replaceVariables( $text ); $executing = false; + wfProfileOut($fname); return $text; } @@ -3649,7 +3742,7 @@ class Parser $this->mOutput->mCacheTime = -1; } - /** + /**#@+ * Callback from the Sanitizer for expanding items found in HTML attribute * values, so they can be safely tested and escaped. * @param string $text @@ -3668,10 +3761,21 @@ class Parser $text = $this->unstripNoWiki( $text, $this->mStripState ); return $text; } + /**#@-*/ + /**#@+ + * Accessor/mutator + */ function Title( $x = NULL ) { return wfSetVar( $this->mTitle, $x ); } function Options( $x = NULL ) { return wfSetVar( $this->mOptions, $x ); } function OutputType( $x = NULL ) { return wfSetVar( $this->mOutputType, $x ); } + /**#@-*/ + + /**#@+ + * Accessor + */ + function getTags() { return array_keys( $this->mTagHooks ); } + /**#@-*/ } /** @@ -3689,7 +3793,8 @@ class ParserOutput $mTitleText, # title text of the chosen language variant $mLinks, # 2-D map of NS/DBK to ID for the links in the document. ID=zero for broken. $mTemplates, # 2-D map of NS/DBK to ID for the template references. ID=zero for broken. - $mImages; # DB keys of the images used, in the array key only + $mImages, # DB keys of the images used, in the array key only + $mExternalLinks; # External link URLs, in the key only function ParserOutput( $text = '', $languageLinks = array(), $categoryLinks = array(), $containsOldMagic = false, $titletext = '' ) @@ -3704,6 +3809,7 @@ class ParserOutput $this->mLinks = array(); $this->mTemplates = array(); $this->mImages = array(); + $this->mExternalLinks = array(); } function getText() { return $this->mText; } @@ -3715,6 +3821,7 @@ class ParserOutput function &getLinks() { return $this->mLinks; } function &getTemplates() { return $this->mTemplates; } function &getImages() { return $this->mImages; } + function &getExternalLinks() { return $this->mExternalLinks; } function containsOldMagic() { return $this->mContainsOldMagic; } function setText( $text ) { return wfSetVar( $this->mText, $text ); } @@ -3727,6 +3834,7 @@ class ParserOutput function addCategory( $c, $sort ) { $this->mCategories[$c] = $sort; } function addImage( $name ) { $this->mImages[$name] = 1; } function addLanguageLink( $t ) { $this->mLanguageLinks[] = $t; } + function addExternalLink( $url ) { $this->mExternalLinks[$url] = 1; } function addLink( $title, $id ) { $ns = $title->getNamespace(); @@ -3793,6 +3901,7 @@ class ParserOptions var $mEditSection; # Create "edit section" links var $mNumberHeadings; # Automatically number headings var $mAllowSpecialInclusion; # Allow inclusion of special pages + var $mTidy; # Ask for tidy cleanup function getUseTeX() { return $this->mUseTeX; } function getUseDynamicDates() { return $this->mUseDynamicDates; } @@ -3804,7 +3913,7 @@ class ParserOptions function getEditSection() { return $this->mEditSection; } function getNumberHeadings() { return $this->mNumberHeadings; } function getAllowSpecialInclusion() { return $this->mAllowSpecialInclusion; } - + function getTidy() { return $this->mTidy; } function setUseTeX( $x ) { return wfSetVar( $this->mUseTeX, $x ); } function setUseDynamicDates( $x ) { return wfSetVar( $this->mUseDynamicDates, $x ); } @@ -3815,7 +3924,7 @@ class ParserOptions function setEditSection( $x ) { return wfSetVar( $this->mEditSection, $x ); } function setNumberHeadings( $x ) { return wfSetVar( $this->mNumberHeadings, $x ); } function setAllowSpecialInclusion( $x ) { return wfSetVar( $this->mAllowSpecialInclusion, $x ); } - + function setTidy( $x ) { return wfSetVar( $this->mTidy, $x); } function setSkin( &$x ) { $this->mSkin =& $x; } function ParserOptions() { @@ -3858,6 +3967,7 @@ class ParserOptions $this->mEditSection = true; $this->mNumberHeadings = $user->getOption( 'numberheadings' ); $this->mAllowSpecialInclusion = $wgAllowSpecialInclusion; + $this->mTidy = false; wfProfileOut( $fname ); } }