Legoktm has uploaded a new change for review.
https://gerrit.wikimedia.org/r/85956
Change subject: Throw errors if user input for the parser function is not valid
......................................................................
Throw errors if user input for the parser function is not valid
If the user provides a site, check that it is a valid url. For the page
title the user provides, ensure that it is a valid page title.
An error message is returned rather than the normal output, and that
page/site combo will not be added to the list of targets.
Change-Id: I115955de5425becbb4798bb0a2c15ed6e7f37ff3
---
M MassMessage.body.php
M MassMessage.hooks.php
M MassMessage.i18n.php
3 files changed, 30 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MassMessage
refs/changes/56/85956/1
diff --git a/MassMessage.body.php b/MassMessage.body.php
index c3671c1..5b5fdd7 100644
--- a/MassMessage.body.php
+++ b/MassMessage.body.php
@@ -181,4 +181,20 @@
return array(); // No parser functions on page
}
}
+
+ /**
+ * Helper function for MassMessageHooks::ParserFunction
+ * Inspired from the Cite extension
+ * @param $msg string message key
+ * @param $param string parameter for the message
+ * @return array
+ */
+ public static function parserError( $msg, $param ) {
+ return array (
+ '<strong class="error">' .
+ wfMessage( $msg )->params( $param )->plain() .
+ '</strong>',
+ 'noparse' => false
+ );
+ }
}
diff --git a/MassMessage.hooks.php b/MassMessage.hooks.php
index 0c0d064..76115a0 100644
--- a/MassMessage.hooks.php
+++ b/MassMessage.hooks.php
@@ -33,6 +33,14 @@
$site = MassMessage::getBaseUrl( $wgServer );
$data['site'] = $site;
$data['dbname'] = $wgDBname;
+ } elseif ( filter_var( 'http://' . $site, FILTER_VALIDATE_URL )
=== false ) {
+ // Try and see if the site provided is not valid
+ // We can just prefix http:// in front since it needs
some kind of protocol
+ return MassMessage::parserError(
'massmessage-parse-badurl', $site );
+ }
+ if ( is_null( Title::newFromText( $page ) ) ) {
+ // Check if the page provided is not valid
+ return MassMessage::parserError(
'massmessage-parse-badpage', $page );
}
// Use a message so wikis can customize the output
$msg = wfMessage( 'massmessage-target' )->params( $site,
$wgScript, $page )->plain();
diff --git a/MassMessage.i18n.php b/MassMessage.i18n.php
index b93837b..5e2c260 100644
--- a/MassMessage.i18n.php
+++ b/MassMessage.i18n.php
@@ -32,6 +32,8 @@
'massmessage-hidden-comment' => '<!-- Message sent by User:$1@$2 using
the list at $3 -->',
'massmessage-optout-category' => 'Opted-out of message delivery',
'massmessage-badhtml' => 'Your message may have {{PLURAL:$2|an unclosed
HTML tag|unclosed HTML tags}}: $1.',
+ 'massmessage-parse-badurl' => '"$1" is not a valid site',
+ 'massmessage-parse-badpage' => '"$1" is not a valid page title',
'right-massmessage' => 'Send a message to multiple users at once',
'action-massmessage' => 'send a message to multiple users at once',
'log-name-massmessage' => 'Mass message log',
@@ -92,6 +94,10 @@
* $1 - comma separated list of unclosed HTML tags
* $2 - number of unclosed HTML tags',
+ 'massmessage-parse-badurl' => 'Error message shown when the url that
the user provides is invalid.
+* $1 is the url the user provided',
+ 'massmessage-parse-badpage' => 'Error message shown when the page name
that the user provides is invalid.
+* $1 is the page title the user provided',
'right-massmessage' => '{{doc-right|massmessage}}
See also:
* {{msg-mw|Right-massmessage-global}}',
--
To view, visit https://gerrit.wikimedia.org/r/85956
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I115955de5425becbb4798bb0a2c15ed6e7f37ff3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MassMessage
Gerrit-Branch: master
Gerrit-Owner: Legoktm <legoktm.wikipe...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
