dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
* (bug 11158) Fix escaping in API HTML-formatted JSON
[lhc/web/wiklou.git] / includes / api / ApiFormatBase.php
1 <?php
2
3 /*
4 * Created on Sep 19, 2006
5 *
6 * API for MediaWiki 1.8+
7 *
8 * Copyright (C) 2006 Yuri Astrakhan <Firstname><Lastname>@gmail.com
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 * http://www.gnu.org/copyleft/gpl.html
24 */
25
26 if (!defined('MEDIAWIKI')) {
27 // Eclipse helper - will be ignored in production
28 require_once ('ApiBase.php');
29 }
30
31 /**
32 * This is the abstract base class for API formatters.
33 *
34 * @addtogroup API
35 */
36 abstract class ApiFormatBase extends ApiBase {
37
38 private $mIsHtml, $mFormat;
39
40 /**
41 * Create a new instance of the formatter.
42 * If the format name ends with 'fm', wrap its output in the proper HTML.
43 */
44 public function __construct($main, $format) {
45 parent :: __construct($main, $format);
46
47 $this->mIsHtml = (substr($format, -2, 2) === 'fm'); // ends with 'fm'
48 if ($this->mIsHtml)
49 $this->mFormat = substr($format, 0, -2); // remove ending 'fm'
50 else
51 $this->mFormat = $format;
52 $this->mFormat = strtoupper($this->mFormat);
53 }
54
55 /**
56 * Overriding class returns the mime type that should be sent to the client.
57 * This method is not called if getIsHtml() returns true.
58 * @return string
59 */
60 public abstract function getMimeType();
61
62 /**
63 * If formatter outputs data results as is, the results must first be sanitized.
64 * An XML formatter on the other hand uses special tags, such as "_element" for special handling,
65 * and thus needs to override this function to return true.
66 */
67 public function getNeedsRawData() {
68 return false;
69 }
70
71 /**
72 * Returns true when an HTML filtering printer should be used.
73 * The default implementation assumes that formats ending with 'fm'
74 * should be formatted in HTML.
75 */
76 public function getIsHtml() {
77 return $this->mIsHtml;
78 }
79
80 /**
81 * Initialize the printer function and prepares the output headers, etc.
82 * This method must be the first outputing method during execution.
83 * A help screen's header is printed for the HTML-based output
84 */
85 function initPrinter($isError) {
86 $isHtml = $this->getIsHtml();
87 $mime = $isHtml ? 'text/html' : $this->getMimeType();
88 $script = wfScript( 'api' );
89
90 // Some printers (ex. Feed) do their own header settings,
91 // in which case $mime will be set to null
92 if (is_null($mime))
93 return; // skip any initialization
94
95 header("Content-Type: $mime; charset=utf-8");
96
97 if ($isHtml) {
98 ?>
99 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
100 <html>
101 <head>
102 <title>MediaWiki API</title>
103 </head>
104 <body>
105 <?php
106
107
108 if( !$isError ) {
109 ?>
110 <br/>
111 <small>
112 You are looking at the HTML representation of the <?php echo( $this->mFormat ); ?> format.<br/>
113 HTML is good for debugging, but probably is not suitable for your application.<br/>
114 See <a href='http://www.mediawiki.org/wiki/API'>complete documentation</a>, or
115 <a href='<?php echo( $script ); ?>'>API help</a> for more information.
116 </small>
117 <?php
118
119
120 }
121 ?>
122 <pre>
123 <?php
124
125
126 }
127 }
128
129 /**
130 * Finish printing. Closes HTML tags.
131 */
132 public function closePrinter() {
133 if ($this->getIsHtml()) {
134 ?>
135
136 </pre>
137 </body>
138 </html>
139 <?php
140
141
142 }
143 }
144
145 /**
146 * The main format printing function. Call it to output the result string to the user.
147 * This function will automatically output HTML when format name ends in 'fm'.
148 */
149 public function printText($text) {
150 if ($this->getIsHtml())
151 echo $this->formatHTML($text);
152 else
153 echo $text;
154 }
155
156 /**
157 * Prety-print various elements in HTML format, such as xml tags and URLs.
158 * This method also replaces any '<' with &lt;
159 */
160 protected function formatHTML($text) {
161 // Escape everything first for full coverage
162 $text = htmlspecialchars($text);
163
164 // encode all comments or tags as safe blue strings
165 $text = preg_replace('/\&lt;(!--.*?--|.*?)\&gt;/', '<span style="color:blue;">&lt;\1&gt;</span>', $text);
166 // identify URLs
167 $protos = "http|https|ftp|gopher";
168 $text = ereg_replace("($protos)://[^ \\'\"()<\n]+", '<a href="\\0">\\0</a>', $text);
169 // identify requests to api.php
170 $text = ereg_replace("api\\.php\\?[^ \\()<\n\t]+", '<a href="\\0">\\0</a>', $text);
171 // make strings inside * bold
172 $text = ereg_replace("\\*[^<>\n]+\\*", '<b>\\0</b>', $text);
173 // make strings inside $ italic
174 $text = ereg_replace("\\$[^<>\n]+\\$", '<b><i>\\0</i></b>', $text);
175
176 return $text;
177 }
178
179 /**
180 * Returns usage examples for this format.
181 */
182 protected function getExamples() {
183 return 'api.php?action=query&meta=siteinfo&siprop=namespaces&format=' . $this->getModuleName();
184 }
185
186 protected function getDescription() {
187 return $this->getIsHtml() ? ' (pretty-print in HTML)' : '';
188 }
189
190 public static function getBaseVersion() {
191 return __CLASS__ . ': $Id$';
192 }
193 }
194
195 /**
196 * This printer is used to wrap an instance of the Feed class
197 * @addtogroup API
198 */
199 class ApiFormatFeedWrapper extends ApiFormatBase {
200
201 public function __construct($main) {
202 parent :: __construct($main, 'feed');
203 }
204
205 /**
206 * Call this method to initialize output data. See self::execute()
207 */
208 public static function setResult($result, $feed, $feedItems) {
209 // Store output in the Result data.
210 // This way we can check during execution if any error has occured
211 $data = & $result->getData();
212 $data['_feed'] = $feed;
213 $data['_feeditems'] = $feedItems;
214 }
215
216 /**
217 * Feed does its own headers
218 */
219 public function getMimeType() {
220 return null;
221 }
222
223 /**
224 * Optimization - no need to sanitize data that will not be needed
225 */
226 public function getNeedsRawData() {
227 return true;
228 }
229
230 /**
231 * This class expects the result data to be in a custom format set by self::setResult()
232 * $result['_feed'] - an instance of one of the $wgFeedClasses classes
233 * $result['_feeditems'] - an array of FeedItem instances
234 */
235 public function execute() {
236 $data = $this->getResultData();
237 if (isset ($data['_feed']) && isset ($data['_feeditems'])) {
238 $feed = $data['_feed'];
239 $items = $data['_feeditems'];
240
241 $feed->outHeader();
242 foreach ($items as & $item)
243 $feed->outItem($item);
244 $feed->outFooter();
245 } else {
246 // Error has occured, print something usefull
247 // TODO: make this error more informative using ApiBase :: dieDebug() or similar
248 wfHttpError(500, 'Internal Server Error', '');
249 }
250 }
251
252 public function getVersion() {
253 return __CLASS__ . ': $Id$';
254 }
255 }
Wiklou, le Wiki du Wiklou