/** @var array */
protected $mCategories = array();
+ /** @var array */
+ protected $mIndicators = array();
+
/** @var array Array of Interwiki Prefixed (non DB key) Titles (e.g. 'fr:Test page') */
private $mLanguageLinks = array();
protected $mFeedLinksAppendQuery = null;
- /**
- * @var int
- * The level of 'untrustworthiness' allowed for modules loaded on this page.
+ /** @var array
+ * What level of 'untrustworthiness' is allowed in CSS/JS modules loaded on this page?
* @see ResourceLoaderModule::$origin
+ * ResourceLoaderModule::ORIGIN_ALL is assumed unless overridden;
*/
- protected $mAllowedModuleOrigin = ResourceLoaderModule::ORIGIN_ALL;
+ protected $mAllowedModules = array(
+ ResourceLoaderModule::TYPE_COMBINED => ResourceLoaderModule::ORIGIN_ALL,
+ );
/** @var bool Whether output is disabled. If this is true, the 'output' method will do nothing. */
protected $mDoNothing = false;
}
/**
- * Restrict the page to loading modules bundled the software.
+ * Add an array of indicators, with their identifiers as array keys and HTML contents as values.
*
- * Disallows the queue to contain any modules which can be modified by wiki
- * users to load on this page.
+ * In case of duplicate keys, existing values are overwritten.
+ *
+ * @param array $indicators
+ * @since 1.25
*/
- public function disallowUserJs() {
- $this->reduceAllowedModuleOrigin( ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL );
+ public function setIndicators( array $indicators ) {
+ $this->mIndicators = $indicators + $this->mIndicators;
+ // Keep ordered by key
+ ksort( $this->mIndicators );
}
/**
- * Get the level of JavaScript / CSS untrustworthiness allowed on this page.
+ * Get the indicators associated with this page.
*
- * @see ResourceLoaderModule::$origin
- * @param string $type Unused: Module origin allowance used to be fragmented by
- * ResourceLoaderModule TYPE_ constants.
- * @return int ResourceLoaderModule ORIGIN_ class constant
+ * The array will be internally ordered by item keys.
+ *
+ * @return array Keys: identifiers, values: HTML contents
+ * @since 1.25
*/
- public function getAllowedModules( $type = null ) {
- return $this->mAllowedModuleOrigin;
+ public function getIndicators() {
+ return $this->mIndicators;
}
/**
- * Set the highest level of CSS/JS untrustworthiness allowed
- *
- * @deprecated since 1.24 Raising level of allowed untrusted content is no longer supported.
- * Use reduceAllowedModuleOrigin() instead.
+ * Do not allow scripts which can be modified by wiki users to load on this page;
+ * only allow scripts bundled with, or generated by, the software.
+ * Site-wide styles are controlled by a config setting, since they can be
+ * used to create a custom skin/theme, but not user-specific ones.
*
+ * @todo this should be given a more accurate name
+ */
+ public function disallowUserJs() {
+ $this->reduceAllowedModules(
+ ResourceLoaderModule::TYPE_SCRIPTS,
+ ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL
+ );
+
+ // Site-wide styles are controlled by a config setting, see bug 71621
+ // for background on why. User styles are never allowed.
+ if ( $this->getConfig()->get( 'AllowSiteCSSOnRestrictedPages' ) ) {
+ $styleOrigin = ResourceLoaderModule::ORIGIN_USER_SITEWIDE;
+ } else {
+ $styleOrigin = ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL;
+ }
+ $this->reduceAllowedModules(
+ ResourceLoaderModule::TYPE_STYLES,
+ $styleOrigin
+ );
+ }
+
+ /**
+ * Show what level of JavaScript / CSS untrustworthiness is allowed on this page
+ * @see ResourceLoaderModule::$origin
* @param string $type ResourceLoaderModule TYPE_ constant
- * @param int $level ResourceLoaderModule ORIGIN_ constant
+ * @return int ResourceLoaderModule ORIGIN_ class constant
*/
- public function setAllowedModules( $type, $level ) {
- wfDeprecated( __METHOD__, '1.24' );
- $this->reduceAllowedModuleOrigin( $level );
+ public function getAllowedModules( $type ) {
+ if ( $type == ResourceLoaderModule::TYPE_COMBINED ) {
+ return min( array_values( $this->mAllowedModules ) );
+ } else {
+ return isset( $this->mAllowedModules[$type] )
+ ? $this->mAllowedModules[$type]
+ : ResourceLoaderModule::ORIGIN_ALL;
+ }
}
/**
- * Limit the highest level of CSS/JS untrustworthiness allowed.
- *
- * @deprecated since 1.24 Module allowance is no longer fragmented by content type.
- * Use reduceAllowedModuleOrigin() instead.
+ * Set the highest level of CSS/JS untrustworthiness allowed
*
+ * @deprecated since 1.24 Raising level of allowed untrusted content is no longer supported.
+ * Use reduceAllowedModules() instead
* @param string $type ResourceLoaderModule TYPE_ constant
- * @param int $level ResourceLoaderModule ORIGIN_ class constant
+ * @param int $level ResourceLoaderModule class constant
*/
- public function reduceAllowedModules( $type, $level ) {
+ public function setAllowedModules( $type, $level ) {
wfDeprecated( __METHOD__, '1.24' );
- $this->reduceAllowedModuleOrigin( $level );
+ $this->reduceAllowedModules( $type, $level );
}
/**
* If passed the same or a higher level than the current level of untrustworthiness set, the
* level will remain unchanged.
*
+ * @param string $type
* @param int $level ResourceLoaderModule class constant
*/
- public function reduceAllowedModuleOrigin( $level ) {
- $this->mAllowedModuleOrigin = min( $this->mAllowedModuleOrigin, $level );
+ public function reduceAllowedModules( $type, $level ) {
+ $this->mAllowedModules[$type] = min( $this->getAllowedModules( $type ), $level );
}
/**
public function addParserOutputMetadata( $parserOutput ) {
$this->mLanguageLinks += $parserOutput->getLanguageLinks();
$this->addCategoryLinks( $parserOutput->getCategories() );
+ $this->setIndicators( $parserOutput->getIndicators() );
$this->mNewSectionLink = $parserOutput->getNewSection();
$this->mHideNewSectionLink = $parserOutput->getHideNewSection();
$moduleStyles[] = 'user.groups';
// Per-user custom styles
- if ( $this->getConfig()->get( 'AllowUserCss' ) && $this->getTitle()->isCssSubpage() && $this->userCanPreview() ) {
+ if ( $this->getConfig()->get( 'AllowUserCss' ) && $this->getTitle()->isCssSubpage()
+ && $this->userCanPreview()
+ ) {
// We're on a preview of a CSS subpage
// Exclude this page from the user module in case it's in there (bug 26283)
$link = $this->makeResourceLoaderLink( 'user', ResourceLoaderModule::TYPE_STYLES, false,
dépôts / lhc / web / wiklou.git / blobdiff