var $mCategoryLinks = array();
var $mCategories = array();
- /// Should be private. Associative array mapping language code to the page name
+ /// Should be private. Array of Interwiki Prefixed (non DB key) Titles (e.g. 'fr:Test page')
var $mLanguageLinks = array();
/**
var $mTemplateIds = array();
- /** Initialized with a global value. Let us override it.
- * Should probably get deleted / rewritten ... */
- var $mAllowUserJs;
-
- /**
- * This was for the old skins and for users with 640x480 screen.
- * Please note old skins are still used and might prove useful for
- * users having old computers or visually impaired.
- */
- var $mSuppressQuickbar = false;
+ # What level of 'untrustworthiness' is allowed in CSS/JS modules loaded on this page?
+ # @see ResourceLoaderModule::$origin
+ # ResourceLoaderModule::ORIGIN_ALL is assumed unless overridden;
+ protected $mAllowedModules = array(
+ ResourceLoaderModule::TYPE_COMBINED => ResourceLoaderModule::ORIGIN_ALL,
+ );
/**
* @EasterEgg I just love the name for this self documenting variable.
'Cookie' => null
);
- /**
- * Constructor
- * Initialise private variables
- */
- function __construct() {
- global $wgAllowUserJs;
- $this->mAllowUserJs = $wgAllowUserJs;
- }
-
/**
* Redirect to $url rather than displaying the normal page
*
return $this->mScripts . $this->getHeadItems();
}
+ /**
+ * Filter an array of modules to remove insufficiently trustworthy members
+ * @param $modules Array
+ * @return Array
+ */
+ protected function filterModules( $modules, $type = ResourceLoaderModule::TYPE_COMBINED ){
+ $resourceLoader = $this->getResourceLoader();
+ $filteredModules = array();
+ foreach( $modules as $val ){
+ $module = $resourceLoader->getModule( $val );
+ if( $module->getOrigin() <= $this->getAllowedModules( $type ) ) {
+ $filteredModules[] = $val;
+ }
+ }
+ return $filteredModules;
+ }
+
/**
* Get the list of modules to include on this page
*
+ * @param $filter Bool whether to filter out insufficiently trustworthy modules
* @return Array of module names
*/
- public function getModules() {
- return array_values( array_unique( $this->mModules ) );
+ public function getModules( $filter = false, $param = 'mModules' ) {
+ $modules = array_values( array_unique( $this->$param ) );
+ return $filter
+ ? $this->filterModules( $modules )
+ : $modules;
}
/**
* Get the list of module JS to include on this page
* @return array of module names
*/
- public function getModuleScripts() {
- return array_values( array_unique( $this->mModuleScripts ) );
+ public function getModuleScripts( $filter = false ) {
+ return $this->getModules( $filter, 'mModuleScripts' );
}
/**
*
* @return Array of module names
*/
- public function getModuleStyles() {
- return array_values( array_unique( $this->mModuleStyles ) );
+ public function getModuleStyles( $filter = false ) {
+ return $this->getModules( $filter, 'mModuleStyles' );
}
/**
*
* @return Array of module names
*/
- public function getModuleMessages() {
- return array_values( array_unique( $this->mModuleMessages ) );
+ public function getModuleMessages( $filter = false ) {
+ return $this->getModules( $filter, 'mModuleMessages' );
}
/**
/**
* Get the list of language links
*
- * @return Associative array mapping language code to the page name
+ * @return Array of Interwiki Prefixed (non DB key) Titles (e.g. 'fr:Test page')
*/
public function getLanguageLinks() {
return $this->mLanguageLinks;
/**
* Add an array of categories, with names in the keys
*
- * @param $categories Associative array mapping category name to its sort key
+ * @param $categories Array mapping category name => sort key
*/
public function addCategoryLinks( $categories ) {
global $wgUser, $wgContLang;
/**
* Reset the category links (but not the category list) and add $categories
*
- * @param $categories Associative array mapping category name to its sort key
+ * @param $categories Array mapping category name => sort key
*/
public function setCategoryLinks( $categories ) {
$this->mCategoryLinks = array();
}
/**
- * Suppress the quickbar from the output, only for skin supporting
- * the quickbar
+ * Do not allow scripts which can be modified by wiki users to load on this page;
+ * only allow scripts bundled with, or generated by, the software.
*/
- public function suppressQuickbar() {
- $this->mSuppressQuickbar = true;
+ public function disallowUserJs() {
+ $this->reduceAllowedModules(
+ ResourceLoaderModule::TYPE_SCRIPTS,
+ ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL
+ );
}
/**
- * Return whether the quickbar should be suppressed from the output
- *
+ * Return whether user JavaScript is allowed for this page
+ * @deprecated @since 1.18 Load modules with ResourceLoader, and origin and
+ * trustworthiness is identified and enforced automagically.
* @return Boolean
*/
- public function isQuickbarSuppressed() {
- return $this->mSuppressQuickbar;
+ public function isUserJsAllowed() {
+ return $this->getAllowedModules( ResourceLoaderModule::TYPE_SCRIPTS ) >= ResourceLoaderModule::ORIGIN_USER_INDIVIDUAL;
}
/**
- * Remove user JavaScript from scripts to load
+ * Show what level of JavaScript / CSS untrustworthiness is allowed on this page
+ * @see ResourceLoaderModule::$origin
+ * @param $type String ResourceLoaderModule TYPE_ constant
+ * @return Int ResourceLoaderModule ORIGIN_ class constant
*/
- public function disallowUserJs() {
- $this->mAllowUserJs = false;
+ public function getAllowedModules( $type ){
+ if( $type == ResourceLoaderModule::TYPE_COMBINED ){
+ return min( array_values( $this->mAllowedModules ) );
+ } else {
+ return isset( $this->mAllowedModules[$type] )
+ ? $this->mAllowedModules[$type]
+ : ResourceLoaderModule::ORIGIN_ALL;
+ }
}
/**
- * Return whether user JavaScript is allowed for this page
- *
- * @return Boolean
+ * Set the highest level of CSS/JS untrustworthiness allowed
+ * @param $type String ResourceLoaderModule TYPE_ constant
+ * @param $level Int ResourceLoaderModule class constant
*/
- public function isUserJsAllowed() {
- return $this->mAllowUserJs;
+ public function setAllowedModules( $type, $level ){
+ $this->mAllowedModules[$type] = $level;
+ }
+
+ /**
+ * As for setAllowedModules(), but don't inadvertantly make the page more accessible
+ * @param $type String
+ * @param $level Int ResourceLoaderModule class constant
+ */
+ public function reduceAllowedModules( $type, $level ){
+ $this->mAllowedModules[$type] = min( $this->getAllowedModules($type), $level );
}
/**
* Add an HTTP header that will influence on the cache
*
* @param $header String: header name
- * @param $option either an Array or null
+ * @param $option Array|null
* @fixme Document the $option parameter; it appears to be for
* X-Vary-Options but what format is acceptable?
*/
array( 'returnto' => $this->getTitle()->getPrefixedText() ),
array( 'known', 'noclasses' )
);
- $this->addHTML( wfMsgWikiHtml( 'loginreqpagetext', $loginLink ) );
+ $this->addWikiMsgArray( 'loginreqpagetext', array( $loginLink ), array( 'replaceafter' ) );
$this->addHTML( "\n<!--" . $this->getTitle()->getPrefixedUrl() . '-->' );
# Don't return to the main page if the user can't read it
/**
* Format a list of error messages
*
- * @param $errors An array of arrays returned by Title::getUserPermissionsErrors
+ * @param $errors Array of arrays returned by Title::getUserPermissionsErrors
* @param $action String: action that was denied or null if unknown
* @return String: the wikitext error-messages, formatted into a list.
*/
}
$sk->setupUserCss( $this );
- $ret = Html::htmlHeader( array( 'lang' => wfUILang()->getCode() ) );
+ $lang = wfUILang();
+ $ret = Html::htmlHeader( array( 'lang' => $lang->getCode(), 'dir' => $lang->getDir() ) );
if ( $this->getHTMLTitle() == '' ) {
$this->setHTMLTitle( wfMsg( 'pagetitle', $this->getPageTitle() ) );
# A <body> class is probably not the best way to do this . . .
$bodyAttrs['class'] .= ' capitalize-all-nouns';
}
- $bodyAttrs['class'] .= ' ns-' . $this->getTitle()->getNamespace();
- if ( $this->getTitle()->getNamespace() == NS_SPECIAL ) {
- $bodyAttrs['class'] .= ' ns-special';
- } elseif ( $this->getTitle()->isTalkPage() ) {
- $bodyAttrs['class'] .= ' ns-talk';
- } else {
- $bodyAttrs['class'] .= ' ns-subject';
- }
- $bodyAttrs['class'] .= ' ' . Sanitizer::escapeClass( 'page-' . $this->getTitle()->getPrefixedText() );
- $bodyAttrs['class'] .= ' skin-' . Sanitizer::escapeClass( $wgUser->getSkin()->getSkinName() );
+ $bodyAttrs['class'] .= ' ' . $sk->getPageClasses( $this->getTitle() );
+ $bodyAttrs['class'] .= ' skin-' . Sanitizer::escapeClass( $sk->getSkinName() );
$sk->addToBodyAttributes( $this, $bodyAttrs ); // Allow skins to add body attributes they need
wfRunHooks( 'OutputPageBodyAttributes', array( $this, $sk, &$bodyAttrs ) );
* TODO: Document
* @param $skin Skin
* @param $modules Array/string with the module name
- * @param $only string May be styles, messages or scripts
+ * @param $only String ResourceLoaderModule TYPE_ class constant
* @param $useESI boolean
* @return string html <script> and <style> tags
*/
// Lazy-load ResourceLoader
// TODO: Should this be a static function of ResourceLoader instead?
// TODO: Divide off modules starting with "user", and add the user parameter to them
- $query = array(
+ $baseQuery = array(
'lang' => $wgLang->getCode(),
'debug' => ResourceLoader::inDebugMode() ? 'true' : 'false',
'skin' => $skin->getSkinName(),
'only' => $only,
);
// Propagate printable and handheld parameters if present
- if ( $wgRequest->getBool( 'printable' ) ) {
- $query['printable'] = 1;
+ if ( $this->isPrintable() ) {
+ $baseQuery['printable'] = 1;
}
if ( $wgRequest->getBool( 'handheld' ) ) {
- $query['handheld'] = 1;
+ $baseQuery['handheld'] = 1;
}
if ( !count( $modules ) ) {
$resourceLoader = $this->getResourceLoader();
foreach ( (array) $modules as $name ) {
$module = $resourceLoader->getModule( $name );
+ # Check that we're allowed to include this module on this page
+ if ( ( $module->getOrigin() > $this->getAllowedModules( ResourceLoaderModule::TYPE_SCRIPTS )
+ && $only == ResourceLoaderModule::TYPE_SCRIPTS )
+ || ( $module->getOrigin() > $this->getAllowedModules( ResourceLoaderModule::TYPE_STYLES )
+ && $only == ResourceLoaderModule::TYPE_STYLES )
+ )
+ {
+ continue;
+ }
+
$group = $module->getGroup();
if ( !isset( $groups[$group] ) ) {
$groups[$group] = array();
}
$groups[$group][$name] = $module;
}
+
$links = '';
foreach ( $groups as $group => $modules ) {
- $query['modules'] = implode( '|', array_keys( $modules ) );
+ $query = $baseQuery;
// Special handling for user-specific groups
if ( ( $group === 'user' || $group === 'private' ) && $wgUser->isLoggedIn() ) {
$query['user'] = $wgUser->getName();
}
+
+ // Create a fake request based on the one we are about to make so modules return
+ // correct timestamp and emptiness data
+ $context = new ResourceLoaderContext( $resourceLoader, new FauxRequest( $query ) );
+ // Drop modules that know they're empty
+ foreach ( $modules as $key => $module ) {
+ if ( $module->isKnownEmpty( $context ) ) {
+ unset( $modules[$key] );
+ }
+ }
+ // If there are no modules left, skip this group
+ if ( $modules === array() ) {
+ continue;
+ }
+
+ $query['modules'] = implode( '|', array_keys( $modules ) );
+
// Support inlining of private modules if configured as such
if ( $group === 'private' && $wgResourceLoaderInlinePrivateModules ) {
- $context = new ResourceLoaderContext( $resourceLoader, new FauxRequest( $query ) );
- if ( $only == 'styles' ) {
+ if ( $only == ResourceLoaderModule::TYPE_STYLES ) {
$links .= Html::inlineStyle(
$resourceLoader->makeModuleResponse( $context, $modules )
);
// on-wiki like site or user pages, or user preferences; we need to find the highest
// timestamp of these user-changable modules so we can ensure cache misses on change
if ( $group === 'user' || $group === 'site' ) {
- // Create a fake request based on the one we are about to make so modules return
- // correct times
- $context = new ResourceLoaderContext( $resourceLoader, new FauxRequest( $query ) );
// Get the maximum timestamp
$timestamp = 1;
foreach ( $modules as $module ) {
$timestamp = max( $timestamp, $module->getModifiedTime( $context ) );
}
// Add a version parameter so cache will break when things change
- $query['version'] = wfTimestamp( TS_ISO_8601_BASIC, round( $timestamp, -2 ) );
+ $query['version'] = wfTimestamp( TS_ISO_8601_BASIC, $timestamp );
}
// Make queries uniform in order
ksort( $query );
$url = wfAppendQuery( $wgLoadScript, $query );
if ( $useESI && $wgResourceLoaderUseESI ) {
$esi = Xml::element( 'esi:include', array( 'src' => $url ) );
- if ( $only == 'styles' ) {
+ if ( $only == ResourceLoaderModule::TYPE_STYLES ) {
$links .= Html::inlineStyle( $esi );
} else {
$links .= Html::inlineScript( $esi );
}
} else {
// Automatically select style/script elements
- if ( $only === 'styles' ) {
+ if ( $only === ResourceLoaderModule::TYPE_STYLES ) {
$links .= Html::linkedStyle( wfAppendQuery( $wgLoadScript, $query ) ) . "\n";
} else {
$links .= Html::linkedScript( wfAppendQuery( $wgLoadScript, $query ) ) . "\n";
* @return String: HTML fragment
*/
function getHeadScripts( Skin $sk ) {
- global $wgUser, $wgRequest, $wgUseSiteJs;
+ global $wgUser, $wgRequest, $wgUseSiteJs, $wgAllowUserJs;
// Startup - this will immediately load jquery and mediawiki modules
- $scripts = $this->makeResourceLoaderLink( $sk, 'startup', 'scripts', true );
-
- // Configuration -- This could be merged together with the load and go, but
- // makeGlobalVariablesScript returns a whole script tag -- grumble grumble...
- $scripts .= Skin::makeGlobalVariablesScript( $sk->getSkinName() ) . "\n";
+ $scripts = $this->makeResourceLoaderLink( $sk, 'startup', ResourceLoaderModule::TYPE_SCRIPTS, true );
// Script and Messages "only" requests
- $scripts .= $this->makeResourceLoaderLink( $sk, $this->getModuleScripts(), 'scripts' );
- $scripts .= $this->makeResourceLoaderLink( $sk, $this->getModuleMessages(), 'messages' );
+ $scripts .= $this->makeResourceLoaderLink( $sk, $this->getModuleScripts( true ), ResourceLoaderModule::TYPE_SCRIPTS );
+ $scripts .= $this->makeResourceLoaderLink( $sk, $this->getModuleMessages( true ), ResourceLoaderModule::TYPE_MESSAGES );
// Modules requests - let the client calculate dependencies and batch requests as it likes
- if ( $this->getModules() ) {
- $scripts .= Html::inlineScript(
- ResourceLoader::makeLoaderConditionalScript(
- Xml::encodeJsCall( 'mediaWiki.loader.load', array( $this->getModules() ) ) .
- Xml::encodeJsCall( 'mediaWiki.loader.go', array() )
- )
- ) . "\n";
- }
+ $loader = '';
+ if ( $this->getModules( true ) ) {
+ $loader = Xml::encodeJsCall( 'mw.loader.load', array( $this->getModules( true ) ) ) .
+ Xml::encodeJsCall( 'mw.loader.go', array() );
+ }
+
+ $scripts .= Html::inlineScript(
+ ResourceLoader::makeLoaderConditionalScript(
+ ResourceLoader::makeConfigSetScript( $this->getJSVars() ) . $loader
+ )
+ );
// Legacy Scripts
$scripts .= "\n" . $this->mScripts;
+ $userScripts = array( 'user.options' );
+
// Add site JS if enabled
if ( $wgUseSiteJs ) {
- $scripts .= $this->makeResourceLoaderLink( $sk, 'site', 'scripts' );
+ $scripts .= $this->makeResourceLoaderLink( $sk, 'site', ResourceLoaderModule::TYPE_SCRIPTS );
+ if( $wgUser->isLoggedIn() ){
+ $userScripts[] = 'user.groups';
+ }
}
- // Add user JS if enabled - trying to load user.options as a bundle if possible
- $userOptionsAdded = false;
- if ( $this->isUserJsAllowed() && $wgUser->isLoggedIn() ) {
+ // Add user JS if enabled
+ if ( $wgAllowUserJs && $wgUser->isLoggedIn() ) {
$action = $wgRequest->getVal( 'action', 'view' );
if( $this->mTitle && $this->mTitle->isJsSubpage() && $sk->userCanPreview( $action ) ) {
# XXX: additional security check/prompt?
$scripts .= Html::inlineScript( "\n" . $wgRequest->getText( 'wpTextbox1' ) . "\n" ) . "\n";
} else {
- $scripts .= $this->makeResourceLoaderLink(
- $sk, array( 'user', 'user.options' ), 'scripts'
- );
- $userOptionsAdded = true;
+ # FIXME: this means that User:Me/Common.js doesn't load when previewing
+ # User:Me/Vector.js, and vice versa (bug26283)
+ $userScripts[] = 'user';
}
}
- if ( !$userOptionsAdded ) {
- $scripts .= $this->makeResourceLoaderLink( $sk, 'user.options', 'scripts' );
- }
+ $scripts .= $this->makeResourceLoaderLink( $sk, $userScripts, ResourceLoaderModule::TYPE_SCRIPTS );
return $scripts;
}
+ /**
+ * Get an array containing global JS variables
+ *
+ * Do not add things here which can be evaluated in
+ * ResourceLoaderStartupScript - in other words, without state.
+ * You will only be adding bloat to the page and causing page caches to
+ * have to be purged on configuration changes.
+ */
+ protected function getJSVars() {
+ global $wgUser, $wgRequest, $wgUseAjax, $wgEnableMWSuggest, $wgContLang;
+
+ $title = $this->getTitle();
+ $ns = $title->getNamespace();
+ $nsname = MWNamespace::exists( $ns ) ? MWNamespace::getCanonicalName( $ns ) : $title->getNsText();
+
+ $vars = array(
+ 'wgCanonicalNamespace' => $nsname,
+ 'wgCanonicalSpecialPageName' => $ns == NS_SPECIAL ?
+ SpecialPage::resolveAlias( $title->getDBkey() ) : false, # bug 21115
+ 'wgNamespaceNumber' => $title->getNamespace(),
+ 'wgPageName' => $title->getPrefixedDBKey(),
+ 'wgTitle' => $title->getText(),
+ 'wgCurRevisionId' => $title->getLatestRevID(),
+ 'wgArticleId' => $title->getArticleId(),
+ 'wgIsArticle' => $this->isArticle(),
+ 'wgAction' => $wgRequest->getText( 'action', 'view' ),
+ 'wgUserName' => $wgUser->isAnon() ? null : $wgUser->getName(),
+ 'wgUserGroups' => $wgUser->getEffectiveGroups(),
+ 'wgCategories' => $this->getCategories(),
+ 'wgBreakFrames' => $this->getFrameOptions() == 'DENY',
+ );
+ if ( $wgContLang->hasVariants() ) {
+ $vars['wgUserVariant'] = $wgContLang->getPreferredVariant();
+ }
+ foreach ( $title->getRestrictionTypes() as $type ) {
+ $vars['wgRestriction' . ucfirst( $type )] = $title->getRestrictions( $type );
+ }
+ if ( $wgUseAjax && $wgEnableMWSuggest && !$wgUser->getOption( 'disablesuggest', false ) ) {
+ $vars['wgSearchNamespaces'] = SearchEngine::userNamespaces( $wgUser );
+ }
+
+ // Allow extensions to add their custom variables to the global JS variables
+ wfRunHooks( 'MakeGlobalVariablesScript', array( &$vars ) );
+
+ return $vars;
+ }
+
/**
* Add default \<meta\> tags
*/
public function buildCssLinks( $sk ) {
$ret = '';
// Add ResourceLoader styles
- // Split the styles into three groups
- $styles = array( 'other' => array(), 'user' => array(), 'site' => array() );
+ // Split the styles into four groups
+ $styles = array( 'other' => array(), 'user' => array(), 'site' => array(), 'private' => array() );
$resourceLoader = $this->getResourceLoader();
foreach ( $this->getModuleStyles() as $name ) {
$group = $resourceLoader->getModule( $name )->getGroup();
- // Modules in groups named "other" or anything different than "user" or "site" will
- // be placed in the "other" group
+ // Modules in groups named "other" or anything different than "user", "site" or "private"
+ // will be placed in the "other" group
$styles[isset( $styles[$group] ) ? $group : 'other'][] = $name;
}
- // We want site and user styles to override dynamically added styles from modules, but we want
+ // We want site, private and user styles to override dynamically added styles from modules, but we want
// dynamically added styles to override statically added styles from other modules. So the order
- // has to be other, dynamic, site, user
+ // has to be other, dynamic, site, private, user
// Add statically added styles for other modules
- $ret .= $this->makeResourceLoaderLink( $sk, $styles['other'], 'styles' );
+ $ret .= $this->makeResourceLoaderLink( $sk, $styles['other'], ResourceLoaderModule::TYPE_STYLES );
// Add normal styles added through addStyle()/addInlineStyle() here
$ret .= implode( "\n", $this->buildCssLinksArray() ) . $this->mInlineStyles;
// Add marker tag to mark the place where the client-side loader should inject dynamic styles
// We use a <meta> tag with a made-up name for this because that's valid HTML
$ret .= Html::element( 'meta', array( 'name' => 'ResourceLoaderDynamicStyles', 'content' => '' ) );
- // Add site and user styles
- $ret .= $this->makeResourceLoaderLink(
- $sk, array_merge( $styles['site'], $styles['user'] ), 'styles'
- );
+
+ // Add site, private and user styles
+ // 'private' at present only contains user.options, so put that before 'user'
+ // Any future private modules will likely have a similar user-specific character
+ foreach ( array( 'site', 'private', 'user' ) as $group ) {
+ $ret .= $this->makeResourceLoaderLink( $sk, $styles[$group],
+ ResourceLoaderModule::TYPE_STYLES
+ );
+ }
return $ret;
}
}
$s = str_replace( '$' . ( $n + 1 ), wfMsgExt( $name, $options, $args ), $s );
}
- $this->addHTML( $this->parse( $s, /*linestart*/true, /*uilang*/true ) );
+ $this->addWikiText( $s );
}
/**