Added iterator interface to ResultWrapper. No support in Oracle yet. Updated document...

[lhc/web/wiklou.git] / includes / SpecialPreferences.php

diff --git a/includes/SpecialPreferences.php b/includes/SpecialPreferences.php
index 292ebce..50d9212 100644 (file)
--- a/includes/SpecialPreferences.php
+++ b/includes/SpecialPreferences.php
@@ -241,7 +241,13 @@ class PreferencesForm {
                }
 
                # Validate the signature and clean it up as needed
-               if( $this->mToggles['fancysig'] ) {
+               global $wgMaxSigChars;
+               if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       global $wgLang;
+                       $this->mainPrefsForm( 'error',
+                               wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+                       return;
+               } elseif( $this->mToggles['fancysig'] ) {
                        if( Parser::validateSig( $this->mNick ) !== false ) {
                                $this->mNick = $wgParser->cleanSig( $this->mNick );
                        } else {
@@ -603,8 +609,14 @@ class PreferencesForm {
                        );
                }
 
-               global $wgParser;
-               if( !empty( $this->mToggles['fancysig'] ) &&
+               global $wgParser, $wgMaxSigChars;
+               if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+                       $invalidSig = $this->tableRow(
+                               ' ',
+                               Xml::element( 'span', array( 'class' => 'error' ),
+                                       wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+                       );
+               } elseif( !empty( $this->mToggles['fancysig'] ) &&
                        false === $wgParser->validateSig( $this->mNick ) ) {
                        $invalidSig = $this->tableRow(
                                ' ',
@@ -617,7 +629,14 @@ class PreferencesForm {
                $wgOut->addHTML(
                        $this->tableRow(
                                Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
-                               Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+                               Xml::input( 'wpNick', 25, $this->mNick,
+                                       array(
+                                               'id' => 'wpNick',
+                                               // Note: $wgMaxSigChars is enforced in Unicode characters,
+                                               // both on the backend and now in the browser.
+                                               // Badly-behaved requests may still try to submit
+                                               // an overlong string, however.
+                                               'maxlength' => $wgMaxSigChars ) )
                        ) .
                        $invalidSig .
                        $this->tableRow( ' ', $this->getToggle( 'fancysig' ) )
@@ -975,7 +994,7 @@ class PreferencesForm {
                }
                $wgOut->addHTML( '</fieldset>' );
 
-               $token = $wgUser->editToken();
+               $token = htmlspecialchars( $wgUser->editToken() );
                $skin = $wgUser->getSkin();
                $wgOut->addHTML( "
        <div id='prefsubmit'>
@@ -986,7 +1005,7 @@ class PreferencesForm {
 
        </div>
 
-       <input type='hidden' name='wpEditToken' value='{$token}' />
+       <input type='hidden' name='wpEditToken' value=\"{$token}\" />
        </div></form>\n" );
 
                $wgOut->addHtml( Xml::tags( 'div', array( 'class' => "prefcache" ),
@@ -995,4 +1014,4 @@ class PreferencesForm {
 
        }
 }
-?>
+