dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
API: Filter lists of IDs before sending them to the database
[lhc/web/wiklou.git] / includes / api / ApiQueryBase.php
1 <?php
2 /**
3 * Copyright © 2006 Yuri Astrakhan "<Firstname><Lastname>@gmail.com"
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 use Wikimedia\Rdbms\IDatabase;
24 use Wikimedia\Rdbms\ResultWrapper;
25
26 /**
27 * This is a base class for all Query modules.
28 * It provides some common functionality such as constructing various SQL
29 * queries.
30 *
31 * @ingroup API
32 */
33 abstract class ApiQueryBase extends ApiBase {
34
35 private $mQueryModule, $mDb, $tables, $where, $fields, $options, $join_conds;
36
37 /**
38 * @param ApiQuery $queryModule
39 * @param string $moduleName
40 * @param string $paramPrefix
41 */
42 public function __construct( ApiQuery $queryModule, $moduleName, $paramPrefix = '' ) {
43 parent::__construct( $queryModule->getMain(), $moduleName, $paramPrefix );
44 $this->mQueryModule = $queryModule;
45 $this->mDb = null;
46 $this->resetQueryParams();
47 }
48
49 /************************************************************************//**
50 * @name Methods to implement
51 * @{
52 */
53
54 /**
55 * Get the cache mode for the data generated by this module. Override
56 * this in the module subclass. For possible return values and other
57 * details about cache modes, see ApiMain::setCacheMode()
58 *
59 * Public caching will only be allowed if *all* the modules that supply
60 * data for a given request return a cache mode of public.
61 *
62 * @param array $params
63 * @return string
64 */
65 public function getCacheMode( $params ) {
66 return 'private';
67 }
68
69 /**
70 * Override this method to request extra fields from the pageSet
71 * using $pageSet->requestField('fieldName')
72 *
73 * Note this only makes sense for 'prop' modules, as 'list' and 'meta'
74 * modules should not be using the pageset.
75 *
76 * @param ApiPageSet $pageSet
77 */
78 public function requestExtraData( $pageSet ) {
79 }
80
81 /**@}*/
82
83 /************************************************************************//**
84 * @name Data access
85 * @{
86 */
87
88 /**
89 * Get the main Query module
90 * @return ApiQuery
91 */
92 public function getQuery() {
93 return $this->mQueryModule;
94 }
95
96 /** @inheritDoc */
97 public function getParent() {
98 return $this->getQuery();
99 }
100
101 /**
102 * Get the Query database connection (read-only)
103 * @return IDatabase
104 */
105 protected function getDB() {
106 if ( is_null( $this->mDb ) ) {
107 $this->mDb = $this->getQuery()->getDB();
108 }
109
110 return $this->mDb;
111 }
112
113 /**
114 * Selects the query database connection with the given name.
115 * See ApiQuery::getNamedDB() for more information
116 * @param string $name Name to assign to the database connection
117 * @param int $db One of the DB_* constants
118 * @param string|string[] $groups Query groups
119 * @return IDatabase
120 */
121 public function selectNamedDB( $name, $db, $groups ) {
122 $this->mDb = $this->getQuery()->getNamedDB( $name, $db, $groups );
123 return $this->mDb;
124 }
125
126 /**
127 * Get the PageSet object to work on
128 * @return ApiPageSet
129 */
130 protected function getPageSet() {
131 return $this->getQuery()->getPageSet();
132 }
133
134 /**@}*/
135
136 /************************************************************************//**
137 * @name Querying
138 * @{
139 */
140
141 /**
142 * Blank the internal arrays with query parameters
143 */
144 protected function resetQueryParams() {
145 $this->tables = [];
146 $this->where = [];
147 $this->fields = [];
148 $this->options = [];
149 $this->join_conds = [];
150 }
151
152 /**
153 * Add a set of tables to the internal array
154 * @param string|string[] $tables Table name or array of table names
155 * @param string|null $alias Table alias, or null for no alias. Cannot be
156 * used with multiple tables
157 */
158 protected function addTables( $tables, $alias = null ) {
159 if ( is_array( $tables ) ) {
160 if ( !is_null( $alias ) ) {
161 ApiBase::dieDebug( __METHOD__, 'Multiple table aliases not supported' );
162 }
163 $this->tables = array_merge( $this->tables, $tables );
164 } else {
165 if ( !is_null( $alias ) ) {
166 $this->tables[$alias] = $tables;
167 } else {
168 $this->tables[] = $tables;
169 }
170 }
171 }
172
173 /**
174 * Add a set of JOIN conditions to the internal array
175 *
176 * JOIN conditions are formatted as [ tablename => [ jointype, conditions ] ]
177 * e.g. [ 'page' => [ 'LEFT JOIN', 'page_id=rev_page' ] ].
178 * Conditions may be a string or an addWhere()-style array.
179 * @param array $join_conds JOIN conditions
180 */
181 protected function addJoinConds( $join_conds ) {
182 if ( !is_array( $join_conds ) ) {
183 ApiBase::dieDebug( __METHOD__, 'Join conditions have to be arrays' );
184 }
185 $this->join_conds = array_merge( $this->join_conds, $join_conds );
186 }
187
188 /**
189 * Add a set of fields to select to the internal array
190 * @param array|string $value Field name or array of field names
191 */
192 protected function addFields( $value ) {
193 if ( is_array( $value ) ) {
194 $this->fields = array_merge( $this->fields, $value );
195 } else {
196 $this->fields[] = $value;
197 }
198 }
199
200 /**
201 * Same as addFields(), but add the fields only if a condition is met
202 * @param array|string $value See addFields()
203 * @param bool $condition If false, do nothing
204 * @return bool $condition
205 */
206 protected function addFieldsIf( $value, $condition ) {
207 if ( $condition ) {
208 $this->addFields( $value );
209
210 return true;
211 }
212
213 return false;
214 }
215
216 /**
217 * Add a set of WHERE clauses to the internal array.
218 * Clauses can be formatted as 'foo=bar' or [ 'foo' => 'bar' ],
219 * the latter only works if the value is a constant (i.e. not another field)
220 *
221 * If $value is an empty array, this function does nothing.
222 *
223 * For example, [ 'foo=bar', 'baz' => 3, 'bla' => 'foo' ] translates
224 * to "foo=bar AND baz='3' AND bla='foo'"
225 * @param string|array $value
226 */
227 protected function addWhere( $value ) {
228 if ( is_array( $value ) ) {
229 // Sanity check: don't insert empty arrays,
230 // Database::makeList() chokes on them
231 if ( count( $value ) ) {
232 $this->where = array_merge( $this->where, $value );
233 }
234 } else {
235 $this->where[] = $value;
236 }
237 }
238
239 /**
240 * Same as addWhere(), but add the WHERE clauses only if a condition is met
241 * @param string|array $value
242 * @param bool $condition If false, do nothing
243 * @return bool $condition
244 */
245 protected function addWhereIf( $value, $condition ) {
246 if ( $condition ) {
247 $this->addWhere( $value );
248
249 return true;
250 }
251
252 return false;
253 }
254
255 /**
256 * Equivalent to addWhere(array($field => $value))
257 * @param string $field Field name
258 * @param string|string[] $value Value; ignored if null or empty array
259 */
260 protected function addWhereFld( $field, $value ) {
261 if ( $value !== null && !( is_array( $value ) && !$value ) ) {
262 $this->where[$field] = $value;
263 }
264 }
265
266 /**
267 * Like addWhereFld for an integer list of IDs
268 * @since 1.33
269 * @param string $table Table name
270 * @param string $field Field name
271 * @param int[] $ids IDs
272 * @return int Count of IDs actually included
273 */
274 protected function addWhereIDsFld( $table, $field, $ids ) {
275 // Use count() to its full documented capabilities to simultaneously
276 // test for null, empty array or empty countable object
277 if ( count( $ids ) ) {
278 $ids = $this->filterIDs( [ [ $table, $field ] ], $ids );
279
280 if ( !count( $ids ) ) {
281 // Return nothing, no IDs are valid
282 $this->where[] = '0 = 1';
283 } else {
284 $this->where[$field] = $ids;
285 }
286 }
287 return count( $ids );
288 }
289
290 /**
291 * Add a WHERE clause corresponding to a range, and an ORDER BY
292 * clause to sort in the right direction
293 * @param string $field Field name
294 * @param string $dir If 'newer', sort in ascending order, otherwise
295 * sort in descending order
296 * @param string $start Value to start the list at. If $dir == 'newer'
297 * this is the lower boundary, otherwise it's the upper boundary
298 * @param string $end Value to end the list at. If $dir == 'newer' this
299 * is the upper boundary, otherwise it's the lower boundary
300 * @param bool $sort If false, don't add an ORDER BY clause
301 */
302 protected function addWhereRange( $field, $dir, $start, $end, $sort = true ) {
303 $isDirNewer = ( $dir === 'newer' );
304 $after = ( $isDirNewer ? '>=' : '<=' );
305 $before = ( $isDirNewer ? '<=' : '>=' );
306 $db = $this->getDB();
307
308 if ( !is_null( $start ) ) {
309 $this->addWhere( $field . $after . $db->addQuotes( $start ) );
310 }
311
312 if ( !is_null( $end ) ) {
313 $this->addWhere( $field . $before . $db->addQuotes( $end ) );
314 }
315
316 if ( $sort ) {
317 $order = $field . ( $isDirNewer ? '' : ' DESC' );
318 // Append ORDER BY
319 $optionOrderBy = isset( $this->options['ORDER BY'] )
320 ? (array)$this->options['ORDER BY']
321 : [];
322 $optionOrderBy[] = $order;
323 $this->addOption( 'ORDER BY', $optionOrderBy );
324 }
325 }
326
327 /**
328 * Add a WHERE clause corresponding to a range, similar to addWhereRange,
329 * but converts $start and $end to database timestamps.
330 * @see addWhereRange
331 * @param string $field
332 * @param string $dir
333 * @param string $start
334 * @param string $end
335 * @param bool $sort
336 */
337 protected function addTimestampWhereRange( $field, $dir, $start, $end, $sort = true ) {
338 $db = $this->getDB();
339 $this->addWhereRange( $field, $dir,
340 $db->timestampOrNull( $start ), $db->timestampOrNull( $end ), $sort );
341 }
342
343 /**
344 * Add an option such as LIMIT or USE INDEX. If an option was set
345 * before, the old value will be overwritten
346 * @param string $name Option name
347 * @param string|string[]|null $value Option value
348 */
349 protected function addOption( $name, $value = null ) {
350 if ( is_null( $value ) ) {
351 $this->options[] = $name;
352 } else {
353 $this->options[$name] = $value;
354 }
355 }
356
357 /**
358 * Execute a SELECT query based on the values in the internal arrays
359 * @param string $method Function the query should be attributed to.
360 * You should usually use __METHOD__ here
361 * @param array $extraQuery Query data to add but not store in the object
362 * Format is [
363 * 'tables' => ...,
364 * 'fields' => ...,
365 * 'where' => ...,
366 * 'options' => ...,
367 * 'join_conds' => ...
368 * ]
369 * @param array|null &$hookData If set, the ApiQueryBaseBeforeQuery and
370 * ApiQueryBaseAfterQuery hooks will be called, and the
371 * ApiQueryBaseProcessRow hook will be expected.
372 * @return ResultWrapper
373 */
374 protected function select( $method, $extraQuery = [], array &$hookData = null ) {
375 $tables = array_merge(
376 $this->tables,
377 isset( $extraQuery['tables'] ) ? (array)$extraQuery['tables'] : []
378 );
379 $fields = array_merge(
380 $this->fields,
381 isset( $extraQuery['fields'] ) ? (array)$extraQuery['fields'] : []
382 );
383 $where = array_merge(
384 $this->where,
385 isset( $extraQuery['where'] ) ? (array)$extraQuery['where'] : []
386 );
387 $options = array_merge(
388 $this->options,
389 isset( $extraQuery['options'] ) ? (array)$extraQuery['options'] : []
390 );
391 $join_conds = array_merge(
392 $this->join_conds,
393 isset( $extraQuery['join_conds'] ) ? (array)$extraQuery['join_conds'] : []
394 );
395
396 if ( $hookData !== null ) {
397 Hooks::run( 'ApiQueryBaseBeforeQuery',
398 [ $this, &$tables, &$fields, &$where, &$options, &$join_conds, &$hookData ]
399 );
400 }
401
402 $res = $this->getDB()->select( $tables, $fields, $where, $method, $options, $join_conds );
403
404 if ( $hookData !== null ) {
405 Hooks::run( 'ApiQueryBaseAfterQuery', [ $this, $res, &$hookData ] );
406 }
407
408 return $res;
409 }
410
411 /**
412 * Call the ApiQueryBaseProcessRow hook
413 *
414 * Generally, a module that passed $hookData to self::select() will call
415 * this just before calling ApiResult::addValue(), and treat a false return
416 * here in the same way it treats a false return from addValue().
417 *
418 * @since 1.28
419 * @param object $row Database row
420 * @param array &$data Data to be added to the result
421 * @param array &$hookData Hook data from ApiQueryBase::select()
422 * @return bool Return false if row processing should end with continuation
423 */
424 protected function processRow( $row, array &$data, array &$hookData ) {
425 return Hooks::run( 'ApiQueryBaseProcessRow', [ $this, $row, &$data, &$hookData ] );
426 }
427
428 /**
429 * @deprecated since 1.33, use LinkFilter::getQueryConditions() instead
430 * @param string|null $query
431 * @param string|null $protocol
432 * @return null|string
433 */
434 public function prepareUrlQuerySearchString( $query = null, $protocol = null ) {
435 wfDeprecated( __METHOD__, '1.33' );
436 $db = $this->getDB();
437 if ( $query !== null && $query !== '' ) {
438 if ( is_null( $protocol ) ) {
439 $protocol = 'http://';
440 }
441
442 $likeQuery = LinkFilter::makeLikeArray( $query, $protocol );
443 if ( !$likeQuery ) {
444 $this->dieWithError( 'apierror-badquery' );
445 }
446
447 $likeQuery = LinkFilter::keepOneWildcard( $likeQuery );
448
449 return 'el_index ' . $db->buildLike( $likeQuery );
450 } elseif ( !is_null( $protocol ) ) {
451 return 'el_index ' . $db->buildLike( "$protocol", $db->anyString() );
452 }
453
454 return null;
455 }
456
457 /**
458 * Filters hidden users (where the user doesn't have the right to view them)
459 * Also adds relevant block information
460 *
461 * @param bool $showBlockInfo
462 * @return void
463 */
464 public function showHiddenUsersAddBlockInfo( $showBlockInfo ) {
465 $db = $this->getDB();
466
467 $this->addTables( 'ipblocks' );
468 $this->addJoinConds( [
469 'ipblocks' => [ 'LEFT JOIN', [
470 'ipb_user=user_id',
471 'ipb_expiry > ' . $db->addQuotes( $db->timestamp() ),
472 ] ],
473 ] );
474
475 $this->addFields( 'ipb_deleted' );
476
477 if ( $showBlockInfo ) {
478 $this->addFields( [
479 'ipb_id',
480 'ipb_expiry',
481 'ipb_timestamp'
482 ] );
483 $actorQuery = ActorMigration::newMigration()->getJoin( 'ipb_by' );
484 $this->addTables( $actorQuery['tables'] );
485 $this->addFields( $actorQuery['fields'] );
486 $this->addJoinConds( $actorQuery['joins'] );
487 $commentQuery = CommentStore::getStore()->getJoin( 'ipb_reason' );
488 $this->addTables( $commentQuery['tables'] );
489 $this->addFields( $commentQuery['fields'] );
490 $this->addJoinConds( $commentQuery['joins'] );
491 }
492
493 // Don't show hidden names
494 if ( !$this->getUser()->isAllowed( 'hideuser' ) ) {
495 $this->addWhere( 'ipb_deleted = 0 OR ipb_deleted IS NULL' );
496 }
497 }
498
499 /**@}*/
500
501 /************************************************************************//**
502 * @name Utility methods
503 * @{
504 */
505
506 /**
507 * Add information (title and namespace) about a Title object to a
508 * result array
509 * @param array &$arr Result array à la ApiResult
510 * @param Title $title
511 * @param string $prefix Module prefix
512 */
513 public static function addTitleInfo( &$arr, $title, $prefix = '' ) {
514 $arr[$prefix . 'ns'] = intval( $title->getNamespace() );
515 $arr[$prefix . 'title'] = $title->getPrefixedText();
516 }
517
518 /**
519 * Add a sub-element under the page element with the given page ID
520 * @param int $pageId Page ID
521 * @param array $data Data array à la ApiResult
522 * @return bool Whether the element fit in the result
523 */
524 protected function addPageSubItems( $pageId, $data ) {
525 $result = $this->getResult();
526 ApiResult::setIndexedTagName( $data, $this->getModulePrefix() );
527
528 return $result->addValue( [ 'query', 'pages', intval( $pageId ) ],
529 $this->getModuleName(),
530 $data );
531 }
532
533 /**
534 * Same as addPageSubItems(), but one element of $data at a time
535 * @param int $pageId Page ID
536 * @param array $item Data array à la ApiResult
537 * @param string|null $elemname XML element name. If null, getModuleName()
538 * is used
539 * @return bool Whether the element fit in the result
540 */
541 protected function addPageSubItem( $pageId, $item, $elemname = null ) {
542 if ( is_null( $elemname ) ) {
543 $elemname = $this->getModulePrefix();
544 }
545 $result = $this->getResult();
546 $fit = $result->addValue( [ 'query', 'pages', $pageId,
547 $this->getModuleName() ], null, $item );
548 if ( !$fit ) {
549 return false;
550 }
551 $result->addIndexedTagName( [ 'query', 'pages', $pageId,
552 $this->getModuleName() ], $elemname );
553
554 return true;
555 }
556
557 /**
558 * Set a query-continue value
559 * @param string $paramName Parameter name
560 * @param string|array $paramValue Parameter value
561 */
562 protected function setContinueEnumParameter( $paramName, $paramValue ) {
563 $this->getContinuationManager()->addContinueParam( $this, $paramName, $paramValue );
564 }
565
566 /**
567 * Convert an input title or title prefix into a dbkey.
568 *
569 * $namespace should always be specified in order to handle per-namespace
570 * capitalization settings.
571 *
572 * @param string $titlePart Title part
573 * @param int $namespace Namespace of the title
574 * @return string DBkey (no namespace prefix)
575 */
576 public function titlePartToKey( $titlePart, $namespace = NS_MAIN ) {
577 $t = Title::makeTitleSafe( $namespace, $titlePart . 'x' );
578 if ( !$t || $t->hasFragment() ) {
579 // Invalid title (e.g. bad chars) or contained a '#'.
580 $this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $titlePart ) ] );
581 }
582 if ( $namespace != $t->getNamespace() || $t->isExternal() ) {
583 // This can happen in two cases. First, if you call titlePartToKey with a title part
584 // that looks like a namespace, but with $defaultNamespace = NS_MAIN. It would be very
585 // difficult to handle such a case. Such cases cannot exist and are therefore treated
586 // as invalid user input. The second case is when somebody specifies a title interwiki
587 // prefix.
588 $this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $titlePart ) ] );
589 }
590
591 return substr( $t->getDBkey(), 0, -1 );
592 }
593
594 /**
595 * Convert an input title or title prefix into a namespace constant and dbkey.
596 *
597 * @since 1.26
598 * @param string $titlePart Title part
599 * @param int $defaultNamespace Default namespace if none is given
600 * @return array (int, string) Namespace number and DBkey
601 */
602 public function prefixedTitlePartToKey( $titlePart, $defaultNamespace = NS_MAIN ) {
603 $t = Title::newFromText( $titlePart . 'x', $defaultNamespace );
604 if ( !$t || $t->hasFragment() || $t->isExternal() ) {
605 // Invalid title (e.g. bad chars) or contained a '#'.
606 $this->dieWithError( [ 'apierror-invalidtitle', wfEscapeWikiText( $titlePart ) ] );
607 }
608
609 return [ $t->getNamespace(), substr( $t->getDBkey(), 0, -1 ) ];
610 }
611
612 /**
613 * @param string $hash
614 * @return bool
615 */
616 public function validateSha1Hash( $hash ) {
617 return (bool)preg_match( '/^[a-f0-9]{40}$/', $hash );
618 }
619
620 /**
621 * @param string $hash
622 * @return bool
623 */
624 public function validateSha1Base36Hash( $hash ) {
625 return (bool)preg_match( '/^[a-z0-9]{31}$/', $hash );
626 }
627
628 /**
629 * Check whether the current user has permission to view revision-deleted
630 * fields.
631 * @return bool
632 */
633 public function userCanSeeRevDel() {
634 return $this->getUser()->isAllowedAny(
635 'deletedhistory',
636 'deletedtext',
637 'suppressrevision',
638 'viewsuppressed'
639 );
640 }
641
642 /**@}*/
643 }
Wiklou, le Wiki du Wiklou