dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SECURITY: Add permission check for user is permitted to view the log type
[lhc/web/wiklou.git] / includes / specials / SpecialEditTags.php
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 * @ingroup SpecialPage
20 */
21
22 /**
23 * Special page for adding and removing change tags to individual revisions.
24 * A lot of this is copied out of SpecialRevisiondelete.
25 *
26 * @ingroup SpecialPage
27 * @since 1.25
28 */
29 class SpecialEditTags extends UnlistedSpecialPage {
30 /** @var bool Was the DB modified in this request */
31 protected $wasSaved = false;
32
33 /** @var bool True if the submit button was clicked, and the form was posted */
34 private $submitClicked;
35
36 /** @var array Target ID list */
37 private $ids;
38
39 /** @var Title Title object for target parameter */
40 private $targetObj;
41
42 /** @var string Deletion type, may be revision or logentry */
43 private $typeName;
44
45 /** @var ChangeTagsList Storing the list of items to be tagged */
46 private $revList;
47
48 /** @var bool Whether user is allowed to perform the action */
49 private $isAllowed;
50
51 /** @var string */
52 private $reason;
53
54 public function __construct() {
55 parent::__construct( 'EditTags', 'changetags' );
56 }
57
58 public function doesWrites() {
59 return true;
60 }
61
62 public function execute( $par ) {
63 $this->checkPermissions();
64 $this->checkReadOnly();
65
66 $output = $this->getOutput();
67 $user = $this->getUser();
68 $request = $this->getRequest();
69
70 // Check blocks
71 if ( $user->isBlocked() ) {
72 throw new UserBlockedError( $user->getBlock() );
73 }
74
75 $this->setHeaders();
76 $this->outputHeader();
77
78 $this->getOutput()->addModules( [ 'mediawiki.special.edittags',
79 'mediawiki.special.edittags.styles' ] );
80
81 $this->submitClicked = $request->wasPosted() && $request->getBool( 'wpSubmit' );
82
83 // Handle our many different possible input types
84 $ids = $request->getVal( 'ids' );
85 if ( !is_null( $ids ) ) {
86 // Allow CSV from the form hidden field, or a single ID for show/hide links
87 $this->ids = explode( ',', $ids );
88 } else {
89 // Array input
90 $this->ids = array_keys( $request->getArray( 'ids', [] ) );
91 }
92 $this->ids = array_unique( array_filter( $this->ids ) );
93
94 // No targets?
95 if ( count( $this->ids ) == 0 ) {
96 throw new ErrorPageError( 'tags-edit-nooldid-title', 'tags-edit-nooldid-text' );
97 }
98
99 $this->typeName = $request->getVal( 'type' );
100 $this->targetObj = Title::newFromText( $request->getText( 'target' ) );
101
102 // sanity check of parameter
103 switch ( $this->typeName ) {
104 case 'logentry':
105 case 'logging':
106 $this->typeName = 'logentry';
107 break;
108 default:
109 $this->typeName = 'revision';
110 break;
111 }
112
113 // Allow the list type to adjust the passed target
114 // Yuck! Copied straight out of SpecialRevisiondelete, but it does exactly
115 // what we want
116 $this->targetObj = RevisionDeleter::suggestTarget(
117 $this->typeName === 'revision' ? 'revision' : 'logging',
118 $this->targetObj,
119 $this->ids
120 );
121
122 $this->isAllowed = $user->isAllowed( 'changetags' );
123
124 $this->reason = $request->getVal( 'wpReason' );
125 // We need a target page!
126 if ( is_null( $this->targetObj ) ) {
127 $output->addWikiMsg( 'undelete-header' );
128 return;
129 }
130 // Give a link to the logs/hist for this page
131 $this->showConvenienceLinks();
132
133 // Either submit or create our form
134 if ( $this->isAllowed && $this->submitClicked ) {
135 $this->submit();
136 } else {
137 $this->showForm();
138 }
139
140 // Show relevant lines from the tag log
141 $tagLogPage = new LogPage( 'tag' );
142 $output->addHTML( "<h2>" . $tagLogPage->getName()->escaped() . "</h2>\n" );
143 LogEventsList::showLogExtract(
144 $output,
145 'tag',
146 $this->targetObj,
147 '', /* user */
148 [ 'lim' => 25, 'conds' => [], 'useMaster' => $this->wasSaved ]
149 );
150 }
151
152 /**
153 * Show some useful links in the subtitle
154 */
155 protected function showConvenienceLinks() {
156 // Give a link to the logs/hist for this page
157 if ( $this->targetObj ) {
158 // Also set header tabs to be for the target.
159 $this->getSkin()->setRelevantTitle( $this->targetObj );
160
161 $linkRenderer = $this->getLinkRenderer();
162 $links = [];
163 $links[] = $linkRenderer->makeKnownLink(
164 SpecialPage::getTitleFor( 'Log' ),
165 $this->msg( 'viewpagelogs' )->text(),
166 [],
167 [
168 'page' => $this->targetObj->getPrefixedText(),
169 'hide_tag_log' => '0',
170 ]
171 );
172 if ( !$this->targetObj->isSpecialPage() ) {
173 // Give a link to the page history
174 $links[] = $linkRenderer->makeKnownLink(
175 $this->targetObj,
176 $this->msg( 'pagehist' )->text(),
177 [],
178 [ 'action' => 'history' ]
179 );
180 }
181 // Link to Special:Tags
182 $links[] = $linkRenderer->makeKnownLink(
183 SpecialPage::getTitleFor( 'Tags' ),
184 $this->msg( 'tags-edit-manage-link' )->text()
185 );
186 // Logs themselves don't have histories or archived revisions
187 $this->getOutput()->addSubtitle( $this->getLanguage()->pipeList( $links ) );
188 }
189 }
190
191 /**
192 * Get the list object for this request
193 * @return ChangeTagsList
194 */
195 protected function getList() {
196 if ( is_null( $this->revList ) ) {
197 $this->revList = ChangeTagsList::factory( $this->typeName, $this->getContext(),
198 $this->targetObj, $this->ids );
199 }
200
201 return $this->revList;
202 }
203
204 /**
205 * Show a list of items that we will operate on, and show a form which allows
206 * the user to modify the tags applied to those items.
207 */
208 protected function showForm() {
209 $userAllowed = true;
210
211 $out = $this->getOutput();
212 // Messages: tags-edit-revision-selected, tags-edit-logentry-selected
213 $out->wrapWikiMsg( "<strong>$1</strong>", [
214 "tags-edit-{$this->typeName}-selected",
215 $this->getLanguage()->formatNum( count( $this->ids ) ),
216 $this->targetObj->getPrefixedText()
217 ] );
218
219 $this->addHelpLink( 'Help:Tags' );
220 $out->addHTML( "<ul>" );
221
222 $numRevisions = 0;
223 // Live revisions...
224 $list = $this->getList();
225 // phpcs:ignore Generic.CodeAnalysis.ForLoopWithTestFunctionCall
226 for ( $list->reset(); $list->current(); $list->next() ) {
227 $item = $list->current();
228 if ( !$item->canView() ) {
229 throw new ErrorPageError( 'permissionserrors', 'tags-update-no-permission' );
230 }
231 $numRevisions++;
232 $out->addHTML( $item->getHTML() );
233 }
234
235 if ( !$numRevisions ) {
236 throw new ErrorPageError( 'tags-edit-nooldid-title', 'tags-edit-nooldid-text' );
237 }
238
239 $out->addHTML( "</ul>" );
240 // Explanation text
241 $out->wrapWikiMsg( '<p>$1</p>', "tags-edit-{$this->typeName}-explanation" );
242
243 // Show form if the user can submit
244 if ( $this->isAllowed ) {
245 $conf = $this->getConfig();
246 $oldCommentSchema = $conf->get( 'CommentTableSchemaMigrationStage' ) === MIGRATION_OLD;
247
248 $form = Xml::openElement( 'form', [ 'method' => 'post',
249 'action' => $this->getPageTitle()->getLocalURL( [ 'action' => 'submit' ] ),
250 'id' => 'mw-revdel-form-revisions' ] ) .
251 Xml::fieldset( $this->msg( "tags-edit-{$this->typeName}-legend",
252 count( $this->ids ) )->text() ) .
253 $this->buildCheckBoxes() .
254 Xml::openElement( 'table' ) .
255 "<tr>\n" .
256 '<td class="mw-label">' .
257 Xml::label( $this->msg( 'tags-edit-reason' )->text(), 'wpReason' ) .
258 '</td>' .
259 '<td class="mw-input">' .
260 Xml::input( 'wpReason', 60, $this->reason, [
261 'id' => 'wpReason',
262 // HTML maxlength uses "UTF-16 code units", which means that characters outside BMP
263 // (e.g. emojis) count for two each. This limit is overridden in JS to instead count
264 // Unicode codepoints (or 255 UTF-8 bytes for old schema).
265 // "- 155" is to leave room for the auto-generated part of the log entry.
266 'maxlength' => $oldCommentSchema ? 100 : CommentStore::COMMENT_CHARACTER_LIMIT - 155,
267 ] ) .
268 '</td>' .
269 "</tr><tr>\n" .
270 '<td></td>' .
271 '<td class="mw-submit">' .
272 Xml::submitButton( $this->msg( "tags-edit-{$this->typeName}-submit",
273 $numRevisions )->text(), [ 'name' => 'wpSubmit' ] ) .
274 '</td>' .
275 "</tr>\n" .
276 Xml::closeElement( 'table' ) .
277 Html::hidden( 'wpEditToken', $this->getUser()->getEditToken() ) .
278 Html::hidden( 'target', $this->targetObj->getPrefixedText() ) .
279 Html::hidden( 'type', $this->typeName ) .
280 Html::hidden( 'ids', implode( ',', $this->ids ) ) .
281 Xml::closeElement( 'fieldset' ) . "\n" .
282 Xml::closeElement( 'form' ) . "\n";
283 } else {
284 $form = '';
285 }
286 $out->addHTML( $form );
287 }
288
289 /**
290 * @return string HTML
291 */
292 protected function buildCheckBoxes() {
293 // If there is just one item, provide the user with a multi-select field
294 $list = $this->getList();
295 $tags = [];
296 if ( $list->length() == 1 ) {
297 $list->reset();
298 $tags = $list->current()->getTags();
299 if ( $tags ) {
300 $tags = explode( ',', $tags );
301 } else {
302 $tags = [];
303 }
304
305 $html = '<table id="mw-edittags-tags-selector">';
306 $html .= '<tr><td>' . $this->msg( 'tags-edit-existing-tags' )->escaped() .
307 '</td><td>';
308 if ( $tags ) {
309 $html .= $this->getLanguage()->commaList( array_map( 'htmlspecialchars', $tags ) );
310 } else {
311 $html .= $this->msg( 'tags-edit-existing-tags-none' )->parse();
312 }
313 $html .= '</td></tr>';
314 $tagSelect = $this->getTagSelect( $tags, $this->msg( 'tags-edit-new-tags' )->plain() );
315 $html .= '<tr><td>' . $tagSelect[0] . '</td><td>' . $tagSelect[1];
316 } else {
317 // Otherwise, use a multi-select field for adding tags, and a list of
318 // checkboxes for removing them
319
320 // phpcs:ignore Generic.CodeAnalysis.ForLoopWithTestFunctionCall
321 for ( $list->reset(); $list->current(); $list->next() ) {
322 $currentTags = $list->current()->getTags();
323 if ( $currentTags ) {
324 $tags = array_merge( $tags, explode( ',', $currentTags ) );
325 }
326 }
327 $tags = array_unique( $tags );
328
329 $html = '<table id="mw-edittags-tags-selector-multi"><tr><td>';
330 $tagSelect = $this->getTagSelect( [], $this->msg( 'tags-edit-add' )->plain() );
331 $html .= '<p>' . $tagSelect[0] . '</p>' . $tagSelect[1] . '</td><td>';
332 $html .= Xml::element( 'p', null, $this->msg( 'tags-edit-remove' )->plain() );
333 $html .= Xml::checkLabel( $this->msg( 'tags-edit-remove-all-tags' )->plain(),
334 'wpRemoveAllTags', 'mw-edittags-remove-all' );
335 $i = 0; // used for generating checkbox IDs only
336 foreach ( $tags as $tag ) {
337 $html .= Xml::element( 'br' ) . "\n" . Xml::checkLabel( $tag,
338 'wpTagsToRemove[]', 'mw-edittags-remove-' . $i++, false, [
339 'value' => $tag,
340 'class' => 'mw-edittags-remove-checkbox',
341 ] );
342 }
343 }
344
345 // also output the tags currently applied as a hidden form field, so we
346 // know what to remove from the revision/log entry when the form is submitted
347 $html .= Html::hidden( 'wpExistingTags', implode( ',', $tags ) );
348 $html .= '</td></tr></table>';
349
350 return $html;
351 }
352
353 /**
354 * Returns a <select multiple> element with a list of change tags that can be
355 * applied by users.
356 *
357 * @param array $selectedTags The tags that should be preselected in the
358 * list. Any tags in this list, but not in the list returned by
359 * ChangeTags::listExplicitlyDefinedTags, will be appended to the <select>
360 * element.
361 * @param string $label The text of a <label> to precede the <select>
362 * @return array HTML <label> element at index 0, HTML <select> element at
363 * index 1
364 */
365 protected function getTagSelect( $selectedTags, $label ) {
366 $result = [];
367 $result[0] = Xml::label( $label, 'mw-edittags-tag-list' );
368
369 $select = new XmlSelect( 'wpTagList[]', 'mw-edittags-tag-list', $selectedTags );
370 $select->setAttribute( 'multiple', 'multiple' );
371 $select->setAttribute( 'size', '8' );
372
373 $tags = ChangeTags::listExplicitlyDefinedTags();
374 $tags = array_unique( array_merge( $tags, $selectedTags ) );
375
376 // Values of $tags are also used as <option> labels
377 $select->addOptions( array_combine( $tags, $tags ) );
378
379 $result[1] = $select->getHTML();
380 return $result;
381 }
382
383 /**
384 * UI entry point for form submission.
385 * @throws PermissionsError
386 * @return bool
387 */
388 protected function submit() {
389 // Check edit token on submission
390 $request = $this->getRequest();
391 $token = $request->getVal( 'wpEditToken' );
392 if ( $this->submitClicked && !$this->getUser()->matchEditToken( $token ) ) {
393 $this->getOutput()->addWikiMsg( 'sessionfailure' );
394 return false;
395 }
396
397 // Evaluate incoming request data
398 $tagList = $request->getArray( 'wpTagList' );
399 if ( is_null( $tagList ) ) {
400 $tagList = [];
401 }
402 $existingTags = $request->getVal( 'wpExistingTags' );
403 if ( is_null( $existingTags ) || $existingTags === '' ) {
404 $existingTags = [];
405 } else {
406 $existingTags = explode( ',', $existingTags );
407 }
408
409 if ( count( $this->ids ) > 1 ) {
410 // multiple revisions selected
411 $tagsToAdd = $tagList;
412 if ( $request->getBool( 'wpRemoveAllTags' ) ) {
413 $tagsToRemove = $existingTags;
414 } else {
415 $tagsToRemove = $request->getArray( 'wpTagsToRemove' );
416 }
417 } else {
418 // single revision selected
419 // The user tells us which tags they want associated to the revision.
420 // We have to figure out which ones to add, and which to remove.
421 $tagsToAdd = array_diff( $tagList, $existingTags );
422 $tagsToRemove = array_diff( $existingTags, $tagList );
423 }
424
425 if ( !$tagsToAdd && !$tagsToRemove ) {
426 $status = Status::newFatal( 'tags-edit-none-selected' );
427 } else {
428 $status = $this->getList()->updateChangeTagsOnAll( $tagsToAdd,
429 $tagsToRemove, null, $this->reason, $this->getUser() );
430 }
431
432 if ( $status->isGood() ) {
433 $this->success();
434 return true;
435 } else {
436 $this->failure( $status );
437 return false;
438 }
439 }
440
441 /**
442 * Report that the submit operation succeeded
443 */
444 protected function success() {
445 $this->getOutput()->setPageTitle( $this->msg( 'actioncomplete' ) );
446 $this->getOutput()->wrapWikiMsg( "<div class=\"successbox\">\n$1\n</div>",
447 'tags-edit-success' );
448 $this->wasSaved = true;
449 $this->revList->reloadFromMaster();
450 $this->reason = ''; // no need to spew the reason back at the user
451 $this->showForm();
452 }
453
454 /**
455 * Report that the submit operation failed
456 * @param Status $status
457 */
458 protected function failure( $status ) {
459 $this->getOutput()->setPageTitle( $this->msg( 'actionfailed' ) );
460 $this->getOutput()->addWikiText(
461 Html::errorBox( $status->getWikiText( 'tags-edit-failure' ) )
462 );
463 $this->showForm();
464 }
465
466 public function getDescription() {
467 return $this->msg( 'tags-edit-title' )->text();
468 }
469
470 protected function getGroupName() {
471 return 'pagetools';
472 }
473 }
Wiklou, le Wiki du Wiklou