}
# Validate the signature and clean it up as needed
- if( $this->mToggles['fancysig'] ) {
+ global $wgMaxSigChars;
+ if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+ global $wgLang;
+ $this->mainPrefsForm( 'error',
+ wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+ return;
+ } elseif( $this->mToggles['fancysig'] ) {
if( Parser::validateSig( $this->mNick ) !== false ) {
$this->mNick = $wgParser->cleanSig( $this->mNick );
} else {
);
}
- global $wgParser;
- if( !empty( $this->mToggles['fancysig'] ) &&
+ global $wgParser, $wgMaxSigChars;
+ if( mb_strlen( $this->mNick ) > $wgMaxSigChars ) {
+ $invalidSig = $this->tableRow(
+ ' ',
+ Xml::element( 'span', array( 'class' => 'error' ),
+ wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+ );
+ } elseif( !empty( $this->mToggles['fancysig'] ) &&
false === $wgParser->validateSig( $this->mNick ) ) {
$invalidSig = $this->tableRow(
' ',
$wgOut->addHTML(
$this->tableRow(
Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
- Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+ Xml::input( 'wpNick', 25, $this->mNick,
+ array(
+ 'id' => 'wpNick',
+ // Note: $wgMaxSigChars is enforced in Unicode characters,
+ // both on the backend and now in the browser.
+ // Badly-behaved requests may still try to submit
+ // an overlong string, however.
+ 'maxlength' => $wgMaxSigChars ) )
) .
$invalidSig .
$this->tableRow( ' ', $this->getToggle( 'fancysig' ) )
}
$wgOut->addHTML( '</fieldset>' );
- $token = $wgUser->editToken();
+ $token = htmlspecialchars( $wgUser->editToken() );
$skin = $wgUser->getSkin();
$wgOut->addHTML( "
<div id='prefsubmit'>
</div>
- <input type='hidden' name='wpEditToken' value='{$token}' />
+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
</div></form>\n" );
$wgOut->addHtml( Xml::tags( 'div', array( 'class' => "prefcache" ),
}
}
-?>
+