dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Revert r28215: incorrectly moved files
[lhc/web/wiklou.git] / includes / SpecialPreferences.php
diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index 292ebce..0bc362a 100644 (file)
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -97,6 +97,8 @@ class PreferencesForm {
                if ( !preg_match( '/^[a-z\-]*$/', $this->mUserLanguage ) ) {
                        $this->mUserLanguage = 'nolanguage';
                }
+
+               wfRunHooks( 'InitPreferencesForm', array( $this, $request ) );
        }
 
        function execute() {
@@ -205,29 +207,29 @@ class PreferencesForm {
        function savePreferences() {
                global $wgUser, $wgOut, $wgParser;
                global $wgEnableUserEmail, $wgEnableEmail;
-               global $wgEmailAuthentication;
-               global $wgAuth;
+               global $wgEmailAuthentication, $wgRCMaxAge;
+               global $wgAuth, $wgEmailConfirmToEdit;
 
 
                if ( '' != $this->mNewpass && $wgAuth->allowPasswordChange() ) {
                        if ( $this->mNewpass != $this->mRetypePass ) {
-                               wfRunHooks( "PrefsPasswordAudit", array( $wgUser, $this->mNewpass, 'badretype' ) );
+                               wfRunHooks( 'PrefsPasswordAudit', array( $wgUser, $this->mNewpass, 'badretype' ) );
                                $this->mainPrefsForm( 'error', wfMsg( 'badretype' ) );
                                return;
                        }
 
                        if (!$wgUser->checkPassword( $this->mOldpass )) {
-                               wfRunHooks( "PrefsPasswordAudit", array( $wgUser, $this->mNewpass, 'wrongpassword' ) );
+                               wfRunHooks( 'PrefsPasswordAudit', array( $wgUser, $this->mNewpass, 'wrongpassword' ) );
                                $this->mainPrefsForm( 'error', wfMsg( 'wrongpassword' ) );
                                return;
                        }
                        
                        try {
                                $wgUser->setPassword( $this->mNewpass );
-                               wfRunHooks( "PrefsPasswordAudit", array( $wgUser, $this->mNewpass, 'success' ) );
+                               wfRunHooks( 'PrefsPasswordAudit', array( $wgUser, $this->mNewpass, 'success' ) );
                                $this->mNewpass = $this->mOldpass = $this->mRetypePass = '';
                        } catch( PasswordError $e ) {
-                               wfRunHooks( "PrefsPasswordAudit", array( $wgUser, $this->mNewpass, 'error' ) );
+                               wfRunHooks( 'PrefsPasswordAudit', array( $wgUser, $this->mNewpass, 'error' ) );
                                $this->mainPrefsForm( 'error', $e->getMessage() );
                                return;
                        }
@@ -241,8 +243,14 @@ class PreferencesForm {
                }
 
                # Validate the signature and clean it up as needed
-               if( $this->mToggles['fancysig'] ) {
-                       if( Parser::validateSig( $this->mNick ) !== false ) {
+               global $wgMaxSigChars;
+               if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       global $wgLang;
+                       $this->mainPrefsForm( 'error',
+                               wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+                       return;
+               } elseif( $this->mToggles['fancysig'] ) {
+                       if( $wgParser->validateSig( $this->mNick ) !== false ) {
                                $this->mNick = $wgParser->cleanSig( $this->mNick );
                        } else {
                                $this->mainPrefsForm( 'error', wfMsg( 'badsig' ) );
@@ -267,7 +275,7 @@ class PreferencesForm {
                $wgUser->setOption( 'contextlines', $this->validateIntOrNull( $this->mSearchLines ) );
                $wgUser->setOption( 'contextchars', $this->validateIntOrNull( $this->mSearchChars ) );
                $wgUser->setOption( 'rclimit', $this->validateIntOrNull( $this->mRecent ) );
-               $wgUser->setOption( 'rcdays', $this->validateInt( $this->mRecentDays, 1, 7 ) );
+               $wgUser->setOption( 'rcdays', $this->validateInt($this->mRecentDays, 1, ceil($wgRCMaxAge / (3600*24))));
                $wgUser->setOption( 'wllimit', $this->validateIntOrNull( $this->mWatchlistEdits, 0, 1000 ) );
                $wgUser->setOption( 'rows', $this->validateInt( $this->mRows, 4, 1000 ) );
                $wgUser->setOption( 'cols', $this->validateInt( $this->mCols, 4, 1000 ) );
@@ -291,12 +299,6 @@ class PreferencesForm {
                foreach ( $this->mToggles as $tname => $tvalue ) {
                        $wgUser->setOption( $tname, $tvalue );
                }
-               if (!$wgAuth->updateExternalDB($wgUser)) {
-                       $this->mainPrefsForm( wfMsg( 'externaldberror' ) );
-                       return;
-               }
-               $wgUser->setCookies();
-               $wgUser->saveSettings();
 
                $error = false;
                if( $wgEnableEmail ) {
@@ -307,7 +309,6 @@ class PreferencesForm {
                                if( $wgUser->isValidEmailAddr( $newadr ) ) {
                                        $wgUser->mEmail = $newadr; # new behaviour: set this new emailaddr from login-page into user database record
                                        $wgUser->mEmailAuthenticated = null; # but flag as "dirty" = unauthenticated
-                                       $wgUser->saveSettings();
                                        if ($wgEmailAuthentication) {
                                                # Mail a temporary password to the dirty address.
                                                # User can come back through the confirmation URL to re-enable email.
@@ -322,17 +323,34 @@ class PreferencesForm {
                                        $error = wfMsg( 'invalidemailaddress' );
                                }
                        } else {
+                               if( $wgEmailConfirmToEdit && empty( $newadr ) ) {
+                                       $this->mainPrefsForm( 'error', wfMsg( 'noemailtitle' ) );
+                                       return;
+                               }
                                $wgUser->setEmail( $this->mUserEmail );
-                               $wgUser->setCookies();
-                               $wgUser->saveSettings();
                        }
                        if( $oldadr != $newadr ) {
-                               wfRunHooks( "PrefsEmailAudit", array( $wgUser, $oldadr, $newadr ) );
+                               wfRunHooks( 'PrefsEmailAudit', array( $wgUser, $oldadr, $newadr ) );
                        }
                }
 
+               if (!$wgAuth->updateExternalDB($wgUser)) {
+                       $this->mainPrefsForm( 'error', wfMsg( 'externaldberror' ) );
+                       return;
+               }
+
+               $msg = '';
+               if ( !wfRunHooks( 'SavePreferences', array( $this, $wgUser, &$msg ) ) ) {
+                       print "(($msg))";
+                       $this->mainPrefsForm( 'error', $msg );
+                       return;
+               }
+
+               $wgUser->setCookies();
+               $wgUser->saveSettings();
+
                if( $needRedirect && $error === false ) {
-                       $title =& SpecialPage::getTitleFor( "Preferences" );
+                       $title = SpecialPage::getTitleFor( 'Preferences' );
                        $wgOut->redirect($title->getFullURL('success'));
                        return;
                }
@@ -389,6 +407,8 @@ class PreferencesForm {
                                $this->mSearchNs[$i] = $wgUser->getOption( 'searchNs'.$i );
                        }
                }
+
+               wfRunHooks( 'ResetPreferences', array( $this, $wgUser ) );
        }
 
        /**
@@ -492,6 +512,7 @@ class PreferencesForm {
                global $wgRCShowWatchingUsers, $wgEnotifRevealEditorAddress;
                global $wgEnableEmail, $wgEnableUserEmail, $wgEmailAuthentication;
                global $wgContLanguageCode, $wgDefaultSkin, $wgSkipSkins, $wgAuth;
+               global $wgEmailConfirmToEdit;
 
                $wgOut->setPageTitle( wfMsg( 'preferences' ) );
                $wgOut->setArticleRelated( false );
@@ -540,7 +561,7 @@ class PreferencesForm {
                                $skin = $wgUser->getSkin();
                                $emailauthenticated = wfMsg('emailnotauthenticated').'<br />' .
                                        $skin->makeKnownLinkObj( SpecialPage::getTitleFor( 'Confirmemail' ),
-                                               wfMsg( 'emailconfirmlink' ) );
+                                               wfMsg( 'emailconfirmlink' ) ) . '<br />';
                        }
                } else {
                        $emailauthenticated = '';
@@ -548,7 +569,7 @@ class PreferencesForm {
                }
 
                if ($this->mUserEmail == '') {
-                       $emailauthenticated = wfMsg( 'noemailprefs' );
+                       $emailauthenticated = wfMsg( 'noemailprefs' ) . '<br />';
                }
 
                $ps = $this->namespacesCheckboxes();
@@ -574,7 +595,11 @@ class PreferencesForm {
 
                $userInformationHtml =
                        $this->tableRow( wfMsgHtml( 'username' ), htmlspecialchars( $wgUser->getName() ) ) .
-                       $this->tableRow( wfMsgHtml( 'uid' ), htmlspecialchars( $wgUser->getID() ) );
+                       $this->tableRow( wfMsgHtml( 'uid' ), htmlspecialchars( $wgUser->getID() ) ) .
+                       $this->tableRow(
+                               wfMsgHtml( 'prefs-edits' ),
+                               $wgLang->formatNum( User::edits( $wgUser->getId() ) )
+                       );
 
                if( wfRunHooks( 'PreferencesUserInformationPanel', array( $this, &$userInformationHtml ) ) ) {
                        $wgOut->addHtml( $userInformationHtml );
@@ -597,14 +622,20 @@ class PreferencesForm {
                                        Xml::label( wfMsg('youremail'), 'wpUserEmail' ),
                                        Xml::input( 'wpUserEmail', 25, $this->mUserEmail, array( 'id' => 'wpUserEmail' ) ),
                                        Xml::tags('div', array( 'class' => 'prefsectiontip' ),
-                                               wfMsgExt( 'prefs-help-email', 'parseinline' )
+                                               wfMsgExt( $wgEmailConfirmToEdit ? 'prefs-help-email-required' : 'prefs-help-email', 'parseinline' )
                                        )
                                )
                        );
                }
 
-               global $wgParser;
-               if( !empty( $this->mToggles['fancysig'] ) &&
+               global $wgParser, $wgMaxSigChars;
+               if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       $invalidSig = $this->tableRow(
+                               '&nbsp;',
+                               Xml::element( 'span', array( 'class' => 'error' ),
+                                       wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+                       );
+               } elseif( !empty( $this->mToggles['fancysig'] ) &&
                        false === $wgParser->validateSig( $this->mNick ) ) {
                        $invalidSig = $this->tableRow(
                                '&nbsp;',
@@ -617,7 +648,14 @@ class PreferencesForm {
                $wgOut->addHTML(
                        $this->tableRow(
                                Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
-                               Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+                               Xml::input( 'wpNick', 25, $this->mNick,
+                                       array(
+                                               'id' => 'wpNick',
+                                               // Note: $wgMaxSigChars is enforced in Unicode characters,
+                                               // both on the backend and now in the browser.
+                                               // Badly-behaved requests may still try to submit
+                                               // an overlong string, however.
+                                               'maxlength' => $wgMaxSigChars ) )
                        ) .
                        $invalidSig .
                        $this->tableRow( '&nbsp;', $this->getToggle( 'fancysig' ) )
@@ -975,7 +1013,9 @@ class PreferencesForm {
                }
                $wgOut->addHTML( '</fieldset>' );
 
-               $token = $wgUser->editToken();
+               wfRunHooks( 'RenderPreferencesForm', array( $this, $wgOut ) );
+
+               $token = htmlspecialchars( $wgUser->editToken() );
                $skin = $wgUser->getSkin();
                $wgOut->addHTML( "
        <div id='prefsubmit'>
@@ -986,7 +1026,7 @@ class PreferencesForm {
 
        </div>
 
-       <input type='hidden' name='wpEditToken' value='{$token}' />
+       <input type='hidden' name='wpEditToken' value=\"{$token}\" />
        </div></form>\n" );
 
                $wgOut->addHtml( Xml::tags( 'div', array( 'class' => "prefcache" ),
@@ -995,4 +1035,4 @@ class PreferencesForm {
 
        }
 }
-?>
+
Wiklou, le Wiki du Wiklou