Legoktm has uploaded a new change for review. https://gerrit.wikimedia.org/r/85956
Change subject: Throw errors if user input for the parser function is not valid ...................................................................... Throw errors if user input for the parser function is not valid If the user provides a site, check that it is a valid url. For the page title the user provides, ensure that it is a valid page title. An error message is returned rather than the normal output, and that page/site combo will not be added to the list of targets. Change-Id: I115955de5425becbb4798bb0a2c15ed6e7f37ff3 --- M MassMessage.body.php M MassMessage.hooks.php M MassMessage.i18n.php 3 files changed, 30 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MassMessage refs/changes/56/85956/1 diff --git a/MassMessage.body.php b/MassMessage.body.php index c3671c1..5b5fdd7 100644 --- a/MassMessage.body.php +++ b/MassMessage.body.php @@ -181,4 +181,20 @@ return array(); // No parser functions on page } } + + /** + * Helper function for MassMessageHooks::ParserFunction + * Inspired from the Cite extension + * @param $msg string message key + * @param $param string parameter for the message + * @return array + */ + public static function parserError( $msg, $param ) { + return array ( + '<strong class="error">' . + wfMessage( $msg )->params( $param )->plain() . + '</strong>', + 'noparse' => false + ); + } } diff --git a/MassMessage.hooks.php b/MassMessage.hooks.php index 0c0d064..76115a0 100644 --- a/MassMessage.hooks.php +++ b/MassMessage.hooks.php @@ -33,6 +33,14 @@ $site = MassMessage::getBaseUrl( $wgServer ); $data['site'] = $site; $data['dbname'] = $wgDBname; + } elseif ( filter_var( 'http://' . $site, FILTER_VALIDATE_URL ) === false ) { + // Try and see if the site provided is not valid + // We can just prefix http:// in front since it needs some kind of protocol + return MassMessage::parserError( 'massmessage-parse-badurl', $site ); + } + if ( is_null( Title::newFromText( $page ) ) ) { + // Check if the page provided is not valid + return MassMessage::parserError( 'massmessage-parse-badpage', $page ); } // Use a message so wikis can customize the output $msg = wfMessage( 'massmessage-target' )->params( $site, $wgScript, $page )->plain(); diff --git a/MassMessage.i18n.php b/MassMessage.i18n.php index b93837b..5e2c260 100644 --- a/MassMessage.i18n.php +++ b/MassMessage.i18n.php @@ -32,6 +32,8 @@ 'massmessage-hidden-comment' => '<!-- Message sent by User:$1@$2 using the list at $3 -->', 'massmessage-optout-category' => 'Opted-out of message delivery', 'massmessage-badhtml' => 'Your message may have {{PLURAL:$2|an unclosed HTML tag|unclosed HTML tags}}: $1.', + 'massmessage-parse-badurl' => '"$1" is not a valid site', + 'massmessage-parse-badpage' => '"$1" is not a valid page title', 'right-massmessage' => 'Send a message to multiple users at once', 'action-massmessage' => 'send a message to multiple users at once', 'log-name-massmessage' => 'Mass message log', @@ -92,6 +94,10 @@ * $1 - comma separated list of unclosed HTML tags * $2 - number of unclosed HTML tags', + 'massmessage-parse-badurl' => 'Error message shown when the url that the user provides is invalid. +* $1 is the url the user provided', + 'massmessage-parse-badpage' => 'Error message shown when the page name that the user provides is invalid. +* $1 is the page title the user provided', 'right-massmessage' => '{{doc-right|massmessage}} See also: * {{msg-mw|Right-massmessage-global}}', -- To view, visit https://gerrit.wikimedia.org/r/85956 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I115955de5425becbb4798bb0a2c15ed6e7f37ff3 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/MassMessage Gerrit-Branch: master Gerrit-Owner: Legoktm <legoktm.wikipe...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits