X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FWiki.php;h=b20cb958378b160a182c9c7c30bfe4e61cedb6dd;hb=0c2a0e4d6bbda94f5411fbb13432f8f3dd52eaa3;hp=dc24c84eeb3e419ff3e1bb6e7a64568c5466eb42;hpb=381309f4743f07a00cd191aeaee02483e65a827c;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/Wiki.php b/includes/Wiki.php index dc24c84eeb..b20cb95837 100644 --- a/includes/Wiki.php +++ b/includes/Wiki.php @@ -33,18 +33,29 @@ class MediaWiki { */ private $context; - public function request( WebRequest $x = null ){ + /** + * @param $x null|WebRequest + * @return WebRequest + */ + public function request( WebRequest $x = null ) { $old = $this->context->getRequest(); $this->context->setRequest( $x ); return $old; } - public function output( OutputPage $x = null ){ + /** + * @param $x null|OutputPage + * @return OutputPage + */ + public function output( OutputPage $x = null ) { $old = $this->context->getOutput(); $this->context->setOutput( $x ); return $old; } + /** + * @param IContextSource|null $context + */ public function __construct( IContextSource $context = null ) { if ( !$context ) { $context = RequestContext::getMain(); @@ -65,6 +76,7 @@ class MediaWiki { $request = $this->context->getRequest(); $curid = $request->getInt( 'curid' ); $title = $request->getVal( 'title' ); + $action = $request->getVal( 'action', 'view' ); if ( $request->getCheck( 'search' ) ) { // Compatibility with old search URLs which didn't use Special:Search @@ -74,7 +86,7 @@ class MediaWiki { } elseif ( $curid ) { // URLs like this are generated by RC, because rc_title isn't always accurate $ret = Title::newFromID( $curid ); - } elseif ( $title == '' && $this->getAction() != 'delete' ) { + } elseif ( $title == '' && $action != 'delete' ) { $ret = Title::newMainPage(); } else { $ret = Title::newFromURL( $title ); @@ -114,7 +126,7 @@ class MediaWiki { * Get the Title object that we'll be acting on, as specified in the WebRequest * @return Title */ - public function getTitle(){ + public function getTitle() { if( $this->context->getTitle() === null ){ $this->context->setTitle( $this->parseTitle() ); } @@ -133,7 +145,7 @@ class MediaWiki { * @return void */ private function performRequest() { - global $wgServer, $wgUsePathInfo; + global $wgServer, $wgUsePathInfo, $wgTitle; wfProfileIn( __METHOD__ ); @@ -146,8 +158,8 @@ class MediaWiki { $output->setPrintable(); } - wfRunHooks( 'BeforeInitialize', - array( &$title, null, &$output, &$user, $request, $this ) ); + $unused = null; // To pass it by reference + wfRunHooks( 'BeforeInitialize', array( &$title, &$unused, &$output, &$user, $request, $this ) ); // Invalid titles. Bug 21776: The interwikis must redirect even if the page name is empty. if ( is_null( $title ) || ( $title->getDBkey() == '' && $title->getInterwiki() == '' ) || @@ -155,7 +167,7 @@ class MediaWiki { { $this->context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) ); wfProfileOut( __METHOD__ ); - throw new ErrorPageError( 'badtitle', 'badtitletext' ); + throw new BadTitleError(); } // Check user's permissions to read this page. @@ -163,6 +175,20 @@ class MediaWiki { // We will check again in Article::view(). $permErrors = $title->getUserPermissionsErrors( 'read', $user ); if ( count( $permErrors ) ) { + // Bug 32276: allowing the skin to generate output with $wgTitle or + // $this->context->title set to the input title would allow anonymous users to + // determine whether a page exists, potentially leaking private data. In fact, the + // curid and oldid request parameters would allow page titles to be enumerated even + // when they are not guessable. So we reset the title to Special:Badtitle before the + // permissions error is displayed. + // + // The skin mostly uses $this->context->getTitle() these days, but some extensions + // still use $wgTitle. + + $badTitle = SpecialPage::getTitleFor( 'Badtitle' ); + $this->context->setTitle( $badTitle ); + $wgTitle = $badTitle; + wfProfileOut( __METHOD__ ); throw new PermissionsError( 'read', $permErrors ); } @@ -188,7 +214,7 @@ class MediaWiki { } else { $this->context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) ); wfProfileOut( __METHOD__ ); - throw new ErrorPageError( 'badtitle', 'badtitletext' ); + throw new BadTitleError(); } // Redirect loops, no title in URL, $wgUsePathInfo URLs, and URLs with a variant } elseif ( $request->getVal( 'action', 'view' ) == 'view' && !$request->wasPosted() @@ -242,12 +268,11 @@ class MediaWiki { if ( is_object( $article ) ) { $pageView = true; /** - * $wgArticle is deprecated, do not use it. This will possibly be removed - * entirely in 1.20 or 1.21 + * $wgArticle is deprecated, do not use it. * @deprecated since 1.18 */ global $wgArticle; - $wgArticle = $article; + $wgArticle = new DeprecatedGlobal( 'wgArticle', $article, '1.18' ); $this->performAction( $article ); } elseif ( is_string( $article ) ) { @@ -275,37 +300,20 @@ class MediaWiki { * @return Article object */ public static function articleFromTitle( $title, IContextSource $context ) { + wfDeprecated( __METHOD__, '1.18' ); return Article::newFromTitle( $title, $context ); } /** - * Returns the action that will be executed, not necessarily the one passed - * passed through the "action" parameter. Actions disabled in - * $wgDisabledActions will be replaced by "nosuchaction" + * Returns the name of the action that will be executed. * - * @return String: action + * @return string: action */ public function getAction() { - global $wgDisabledActions; - - $request = $this->context->getRequest(); - $action = $request->getVal( 'action', 'view' ); - - // Check for disabled actions - if ( in_array( $action, $wgDisabledActions ) ) { - return 'nosuchaction'; - } - - // Workaround for bug #20966: inability of IE to provide an action dependent - // on which submit button is clicked. - if ( $action === 'historysubmit' ) { - if ( $request->getBool( 'revisiondelete' ) ) { - return 'revisiondelete'; - } else { - return 'view'; - } - } elseif ( $action == 'editredlink' ) { - return 'edit'; + static $action = null; + + if ( $action === null ) { + $action = Action::getActionName( $this->context ); } return $action; @@ -322,19 +330,21 @@ class MediaWiki { wfProfileIn( __METHOD__ ); - $request = $this->context->getRequest(); $title = $this->context->getTitle(); - - $action = $request->getVal( 'action', 'view' ); $article = Article::newFromTitle( $title, $this->context ); + $this->context->setWikiPage( $article->getPage() ); // NS_MEDIAWIKI has no redirects. // It is also used for CSS/JS, so performance matters here... if ( $title->getNamespace() == NS_MEDIAWIKI ) { wfProfileOut( __METHOD__ ); return $article; } + + $request = $this->context->getRequest(); + // Namespace might change when using redirects // Check for redirects ... + $action = $request->getVal( 'action', 'view' ); $file = ( $title->getNamespace() == NS_FILE ) ? $article->getFile() : null; if ( ( $action == 'view' || $action == 'render' ) // ... for actions that show content && !$request->getVal( 'oldid' ) && // ... and are not old revisions @@ -369,10 +379,12 @@ class MediaWiki { $rarticle->setRedirectedFrom( $title ); $article = $rarticle; $this->context->setTitle( $target ); + $this->context->setWikiPage( $article->getPage() ); } } } else { $this->context->setTitle( $article->getTitle() ); + $this->context->setWikiPage( $article->getPage() ); } } @@ -418,9 +430,9 @@ class MediaWiki { while ( $n-- && false != ( $job = Job::pop() ) ) { $output = $job->toString() . "\n"; - $t = -wfTime(); + $t = - microtime( true ); $success = $job->run(); - $t += wfTime(); + $t += microtime( true ); $t = round( $t * 1000 ); if ( !$success ) { $output .= "Error: " . $job->getLastError() . ", Time: $t ms\n"; @@ -447,11 +459,9 @@ class MediaWiki { /** * Perform one of the "standard" actions * - * @param $article Article + * @param $page Page */ - private function performAction( Page $article ) { - global $wgSquidMaxage, $wgUseExternalEditor; - + private function performAction( Page $page ) { wfProfileIn( __METHOD__ ); $request = $this->context->getRequest(); @@ -460,7 +470,7 @@ class MediaWiki { $user = $this->context->getUser(); if ( !wfRunHooks( 'MediaWikiPerformAction', - array( $output, $article, $title, $user, $request, $this ) ) ) + array( $output, $page, $title, $user, $request, $this ) ) ) { wfProfileOut( __METHOD__ ); return; @@ -468,56 +478,17 @@ class MediaWiki { $act = $this->getAction(); - $action = Action::factory( $act, $article ); + $action = Action::factory( $act, $page ); if ( $action instanceof Action ) { $action->show(); wfProfileOut( __METHOD__ ); return; } - switch( $act ) { - case 'view': - $output->setSquidMaxage( $wgSquidMaxage ); - $article->view(); - break; - case 'delete': - case 'protect': - case 'unprotect': - case 'render': - $article->$act(); - break; - case 'submit': - if ( session_id() == '' ) { - // Send a cookie so anons get talk message notifications - wfSetupSession(); - } - // Continue... - case 'edit': - if ( wfRunHooks( 'CustomEditor', array( $article, $user ) ) ) { - $internal = $request->getVal( 'internaledit' ); - $external = $request->getVal( 'externaledit' ); - $section = $request->getVal( 'section' ); - $oldid = $request->getVal( 'oldid' ); - if ( !$wgUseExternalEditor || $act == 'submit' || $internal || - $section || $oldid || - ( !$user->getOption( 'externaleditor' ) && !$external ) ) - { - $editor = new EditPage( $article ); - $editor->submit(); - } elseif ( $wgUseExternalEditor - && ( $external || $user->getOption( 'externaleditor' ) ) ) - { - $mode = $request->getVal( 'mode' ); - $extedit = new ExternalEdit( $article->getTitle(), $mode ); - $extedit->edit(); - } - } - break; - default: - if ( wfRunHooks( 'UnknownAction', array( $act, $article ) ) ) { - $output->showErrorPage( 'nosuchaction', 'nosuchactiontext' ); - } + if ( wfRunHooks( 'UnknownAction', array( $request->getVal( 'action', 'view' ), $page ) ) ) { + $output->showErrorPage( 'nosuchaction', 'nosuchactiontext' ); } + wfProfileOut( __METHOD__ ); } @@ -538,6 +509,7 @@ class MediaWiki { /** * Checks if the request should abort due to a lagged server, * for given maxlag parameter. + * @return bool */ private function checkMaxLag() { global $wgShowHostnames; @@ -572,34 +544,42 @@ class MediaWiki { wfProfileIn( __METHOD__ ); - # Set title from request parameters - $wgTitle = $this->getTitle(); - $action = $this->getAction(); - $user = $this->context->getUser(); + $request = $this->context->getRequest(); + + // Send Ajax requests to the Ajax dispatcher. + if ( $wgUseAjax && $request->getVal( 'action', 'view' ) == 'ajax' ) { + + // Set a dummy title, because $wgTitle == null might break things + $title = Title::makeTitle( NS_MAIN, 'AJAX' ); + $this->context->setTitle( $title ); + $wgTitle = $title; - # Send Ajax requests to the Ajax dispatcher. - if ( $wgUseAjax && $action == 'ajax' ) { $dispatcher = new AjaxDispatcher(); $dispatcher->performAction(); wfProfileOut( __METHOD__ ); return; } - if ( $wgUseFileCache && $wgTitle->getNamespace() >= 0 ) { + // Get title from request parameters, + // is set on the fly by parseTitle the first time. + $title = $this->getTitle(); + $action = $this->getAction(); + $wgTitle = $title; + + if ( $wgUseFileCache && $title->getNamespace() >= 0 ) { wfProfileIn( 'main-try-filecache' ); if ( HTMLFileCache::useFileCache( $this->context ) ) { - /* Try low-level file cache hit */ - $cache = HTMLFileCache::newFromTitle( $wgTitle, $action ); + // Try low-level file cache hit + $cache = HTMLFileCache::newFromTitle( $title, $action ); if ( $cache->isCacheGood( /* Assume up to date */ ) ) { - /* Check incoming headers to see if client has this cached */ + // Check incoming headers to see if client has this cached $timestamp = $cache->cacheTimestamp(); if ( !$this->context->getOutput()->checkLastModified( $timestamp ) ) { $cache->loadFromFileCache( $this->context ); } - # Do any stats increment/watchlist stuff - $article = WikiPage::factory( $wgTitle ); - $article->doViewUpdates( $user ); - # Tell OutputPage that output is taken care of + // Do any stats increment/watchlist stuff + $this->context->getWikiPage()->doViewUpdates( $this->context->getUser() ); + // Tell OutputPage that output is taken care of $this->context->getOutput()->disable(); wfProfileOut( 'main-try-filecache' ); wfProfileOut( __METHOD__ );