http://www.mediawiki.org/wiki/Special:Code/MediaWiki/98785
Revision: 98785
Author: ashley
Date: 2011-10-03 17:55:59 +0000 (Mon, 03 Oct 2011)
Log Message:
-----------
FreqPatternTagCloud: initial cleanup to Special:FreqPatternTagCloud file + add
a bunch of FIXMEs (register_globals, SQL injection, XSS...)
Modified Paths:
--------------
trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php
trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php
Modified: trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php
===================================================================
--- trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php
2011-10-03 17:49:24 UTC (rev 98784)
+++ trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.body.php
2011-10-03 17:55:59 UTC (rev 98785)
@@ -1,301 +1,360 @@
<?php
-
/**
* Frequent Pattern Tag Cloud Plug-in
* Special page
- *
+ *
* @author Tobias Beck, University of Heidelberg
* @author Andreas Fay, University of Heidelberg
* @version 1.0
*/
-include_once(FPTC_PATH_INCLUDES."TagCloud.php");
-include_once(FPTC_PATH_INCLUDES."Proposal.php");
+include_once( FPTC_PATH_INCLUDES . 'TagCloud.php' );
+include_once( FPTC_PATH_INCLUDES . 'Proposal.php' );
class FreqPatternTagCloud extends SpecialPage {
-
- const ATTRIBUTE_VALUE_INDEX_SPECIALPAGE = "SearchByProperty";
-
- const CATEGORY_PAGE = "Category";
-
+
+ const ATTRIBUTE_VALUE_INDEX_SPECIALPAGE = 'SearchByProperty';
+
+ const CATEGORY_PAGE = 'Category';
+
/**
* Maximum font size of tags in px
*
* @var int
*/
private $fontSizeMax = 70;
-
+
/**
* Minimum font size of tags in px
- *
+ *
* @var int
*/
private $fontSizeMin = 8;
-
- const MAINTENANCE_SPECIALPAGE = "FreqPatternTagCloudMaintenance";
-
- const SPECIALPAGE_PREFIX = "Special";
-
+
+ const MAINTENANCE_SPECIALPAGE = 'FreqPatternTagCloudMaintenance';
+
+ const SPECIALPAGE_PREFIX = 'Special';
+
/**
- * Constructor
- *
- * @return void
+ * Constructor -- set up the new special page
*/
public function __construct() {
- parent::__construct("FreqPatternTagCloud");
- $this->includable(true);
+ parent::__construct( 'FreqPatternTagCloud' );
+ $this->includable( true );
}
/**
* Executes special page (will be called when accessing special page)
*
- * @param string $par Content of GET-Parameter
- * @return void
+ * @param $par Mixed: parameter passed to the special page or null
*/
- public function execute($par) {
- global $wgFreqPatternTagCloudMaxFontSize,
$wgFreqPatternTagCloudMinFontSize, $wgRequest, $wgOut, $searchAttribut,
$wgScriptPath;
-
- include_once("includes/FrequentPattern.php");
+ public function execute( $par ) {
+ global $wgFreqPatternTagCloudMaxFontSize,
$wgFreqPatternTagCloudMinFontSize;
+
+ include_once( "includes/FrequentPattern.php" );
/*
FrequentPattern::deleteAllRules();
FrequentPattern::computeAllRules();
FrequentPattern::showAllRules();
*/
-
+
$this->setHeaders();
-
+
// Configuration
+ // @todo FIXME: register_globals...
if (isset($wgFreqPatternTagCloudMaxFontSize)) {
$this->fontSizeMax = $wgFreqPatternTagCloudMaxFontSize;
}
if (isset($wgFreqPatternTagCloudMinFontSize)) {
$this->fontSizeMin = $wgFreqPatternTagCloudMinFontSize;
}
-
+
// Check whether special page is included
// Show attribute-selection form only if special page is not
included and $par was given
-
- if (!$this->including() || !strlen($par)) {
+ if ( !$this->including() || !strlen( $par ) ) {
// Print form
- $this->printForm($par);
-
+ $this->printForm( $par );
+
// Print search result with suggestions
- $this->printSearchResult($par);
+ $this->printSearchResult( $par );
}
- $this->printTagCloud($par);
+
+ $this->printTagCloud( $par );
}
-
+
/**
* Gets suggestions for current attribute value
*
- * @param string $currentAttributeValue
+ * @param $currentAttributeValue String
* @return string JSON Array of attributes
*/
- public static function getAttributeSuggestions($currentAttributeValue) {
- $dbr =& wfGetDB( DB_SLAVE );
-
- $res = $dbr->select("smw_ids", "smw_title", "smw_namespace =
102 AND LENGTH(smw_iw) = 0 AND smw_title LIKE
'%".mysql_real_escape_string($currentAttributeValue)."%'", __METHOD__,
array("ORDER BY" => "smw_title", "LIMIT" => 20));
-
+ public static function getAttributeSuggestions( $currentAttributeValue
) {
+ $dbr = wfGetDB( DB_SLAVE );
+
+ $res = $dbr->select(
+ 'smw_ids',
+ 'smw_title',
+ array(
+ 'smw_namespace' => 102,
+ 'LENGTH(smw_iw) = 0',
+ 'smw_title ' . $dbr->buildLike(
+ $dbr->anyString(),
+ $currentAttributeValue,
+ $dbr->anyString()
+ )
+ ),
+ __METHOD__,
+ array( 'ORDER BY' => 'smw_title', 'LIMIT' => 20 )
+ );
+
$attributes = array();
- while ($row = $res->fetchRow()) {
- $attributes[] = sprintf('"%s"',
addcslashes($row['smw_title'], '"'));
+ while ( $row = $res->fetchRow() ) {
+ $attributes[] = sprintf( '"%s"', addcslashes(
$row['smw_title'], '"' ) );
}
-
+
// Category
- if (strpos(wfMsg("fptc-categoryname"), $currentAttributeValue)
!== false) {
- $attributes[] = sprintf('"%s"',
wfMsg("fptc-categoryname"));
+ if ( strpos( wfMsg( 'fptc-categoryname' ),
$currentAttributeValue ) !== false ) {
+ $attributes[] = sprintf( '"%s"', wfMsg(
'fptc-categoryname' ) );
}
-
- $res->free();
-
- return sprintf("[%s]", implode(", ", $attributes));
+
+ return sprintf( '[%s]', implode( ', ', $attributes ) );
}
-
+
/**
* Gets suggestions for current search value
*
- * @param string $currentSearchValue
+ * @param $currentSearchValue String
* @return string JSON Array of values
*/
- public static function getSearchSuggestions($currentSearchValue) {
- $dbr =& wfGetDB( DB_SLAVE );
-
+ public static function getSearchSuggestions( $currentSearchValue ) {
+ $dbr = wfGetDB( DB_SLAVE );
+
// Get possible attribute values
- $res = $dbr->query("(SELECT DISTINCT vals.smw_title AS val,
atts.smw_title AS att
- FROM
".$dbr->tableName("smw_ids")." vals, ".$dbr->tableName("smw_ids")." atts,
".$dbr->tableName("smw_rels2")." rels
- WHERE vals.smw_id =
rels.o_id
- AND atts.smw_id =
rels.p_id
- AND vals.smw_namespace
= 0
- AND atts.smw_namespace
= 102
- AND LENGTH(vals.smw_iw)
= 0
- AND LENGTH(atts.smw_iw)
= 0
- AND vals.smw_title LIKE
'%".mysql_real_escape_string($currentSearchValue)."%'
- ORDER BY vals.smw_title
- LIMIT 20) UNION (
- SELECT smw_title AS
val, '".wfMsg("fptc-categoryname")."' AS att
- FROM
".$dbr->tableName("smw_ids")."
- WHERE smw_title LIKE
'%".mysql_real_escape_string($currentSearchValue)."%'
- AND smw_namespace = 14
- ORDER BY smw_title
- LIMIT 10
- )");
-
+ // @todo FIXME: ugly + SQL INJECTION POINT!
+ $res = $dbr->query(
+ "(SELECT DISTINCT vals.smw_title AS val, atts.smw_title
AS att
+ FROM ".$dbr->tableName("smw_ids")." vals,
".$dbr->tableName("smw_ids")." atts, ".$dbr->tableName("smw_rels2")." rels
+ WHERE vals.smw_id = rels.o_id
+ AND atts.smw_id = rels.p_id
+ AND vals.smw_namespace = 0
+ AND atts.smw_namespace = 102
+ AND LENGTH(vals.smw_iw) = 0
+ AND LENGTH(atts.smw_iw) = 0
+ AND vals.smw_title LIKE
'%".mysql_real_escape_string($currentSearchValue)."%'
+ ORDER BY vals.smw_title
+ LIMIT 20) UNION (
+ SELECT smw_title AS val,
'".wfMsg("fptc-categoryname")."' AS att
+ FROM ".$dbr->tableName("smw_ids")."
+ WHERE smw_title LIKE
'%".mysql_real_escape_string($currentSearchValue)."%'
+ AND smw_namespace = 14
+ ORDER BY smw_title
+ LIMIT 10
+ )"
+ );
+
$suggestions = array();
- while ($row = $res->fetchRow()) {
+ while ( $row = $res->fetchRow() ) {
// Apply frequent pattern rules
- $conclusions =
FrequentPattern::getConclusions($row['att'], $row['val']);
-
- if (!count($conclusions)) {
+ $conclusions = FrequentPattern::getConclusions(
$row['att'], $row['val'] );
+
+ if ( !count( $conclusions ) ) {
continue;
} else {
- foreach ($conclusions as $conclusion) {
- $suggestions[] = sprintf('{ "label":
"%s", "category": "'.addcslashes(wfMsg("fptc-search-suggestion-value"), '"').'"
}', addcslashes($conclusion, '"'), addcslashes($row['val'], '"'));
+ foreach ( $conclusions as $conclusion ) {
+ $suggestions[] = sprintf(
+ '{ "label": "%s", "category":
"' .
+ addcslashes( wfMsg(
'fptc-search-suggestion-value' ), '"' ) .
+ '" }', addcslashes(
$conclusion, '"' ), addcslashes( $row['val'], '"' )
+ );
}
}
}
-
- $res->free();
-
- return sprintf("[%s]", implode(", ", $suggestions));
+
+ return sprintf( '[%s]', implode( ', ', $suggestions ) );
}
-
+
/**
* Gets suggestions
*
- * @param string $attribute Attribute
- * @param string $value Chosen value
- * @return string
- *
+ * @param $attribute String: attribute
+ * @param $value String: chosen value
+ * @return string
*/
- public static function getSuggestions($attribute, $value) {
+ public static function getSuggestions( $attribute, $value ) {
// Get similar tags, sorted by priority
- $tags = FrequentPattern::getConclusions($attribute, $value);
-
- if (!count($tags)) {
+ $tags = FrequentPattern::getConclusions( $attribute, $value );
+
+ if ( !count( $tags ) ) {
return '<li class="no_entries">-</li>';
} else {
$suggestions = array();
- foreach ($tags as $number => $tag) {
- $suggestions[] = sprintf('<li
class="similar_tag"><a href="#browse_similar_tag" title="%2$s">%1$d.
%2$s</a></li>', $number + 1, $tag);
+ foreach ( $tags as $number => $tag ) {
+ $suggestions[] = sprintf(
+ '<li class="similar_tag"><a
href="#browse_similar_tag" title="%2$s">%1$d. %2$s</a></li>',
+ $number + 1, $tag
+ );
}
-
- return implode("\n", $suggestions);
+
+ return implode( "\n", $suggestions );
}
}
-
+
/**
* Prints form to <code>$wgOut</code>
*
- * @param string $defaultAttribute (optional)Default value for
attribute to be tagged
- * @return void
+ * @param $defaultAttribute String: (optional)Default value for
attribute to be tagged
*/
- private function printForm($defaultAttribute) {
+ private function printForm( $defaultAttribute ) {
global $wgOut, $wgUser;
-
+
// Add input field
- if ($wgUser->isAllowed("protect")) {
- $refreshData = sprintf('<div
id="fptc_refresh">%s</div>',
-
$wgOut->parseInline(sprintf('[[:%s:%s|%s]]', self::SPECIALPAGE_PREFIX,
self::MAINTENANCE_SPECIALPAGE, wfMsg("fptc-refresh-frequent-patterns"))));
+ if ( $wgUser->isAllowed( 'protect' ) ) {
+ $refreshData = sprintf(
+ '<div id="fptc_refresh">%s</div>',
+ $wgOut->parseInline(
+ sprintf(
+ '[[:%s:%s|%s]]',
+ self::SPECIALPAGE_PREFIX,
+ self::MAINTENANCE_SPECIALPAGE,
+ wfMsg(
'fptc-refresh-frequent-patterns' )
+ )
+ )
+ );
} else {
- $refreshData = "";
+ $refreshData = '';
}
-
$wgOut->addHTML($refreshData.wfMsg("fptc-form-attribute-name").': <input
type="text" name="fptc_attributeName" id="fptc_attributeName"
value="'.$defaultAttribute.'"><input type="submit"
value="'.wfMsg("fptc-form-submit-button").'" onClick="fptc_relocate();">
- ');
-
- $wgOut->addHTML("<br><br>");
+
+ $wgOut->addHTML(
+ $refreshData .
+ wfMsg( 'fptc-form-attribute-name' ) .
+ ' <input type="text" name="fptc_attributeName"
id="fptc_attributeName" value="' .
+ $defaultAttribute . '"><input type="submit"
value="' .
+ wfMsg( 'fptc-form-submit-button' ) . '"
onclick="fptc_relocate();">'
+ );
+
+ $wgOut->addHTML( '<br /><br />' );
}
-
+
/**
* Prints tag cloud for attribute <code>attribute</code> to
<code>$wgOut</code>
*
- * @param string $attribute Attribute
- * @return void
+ * @param $attribute String: attribute
*/
- private function printTagCloud($attribute) {
+ private function printTagCloud( $attribute ) {
global $wgOut;
-
+
try {
- $tagCloud = new TagCloud($attribute);
-
+ $tagCloud = new TagCloud( $attribute );
+
// Context menu
- $wgOut->addHTML('<ul id="fptc_contextMenu"
class="contextMenu">
- <li class="browse">
- <a
href="#browse">'.wfMsg("fptc-context-menu-browse").'</a>
- </li>
- <li class="suggestions
separator">
-
'.wfMsg("fptc-context-menu-similar-tags").':
- </li>
- </ul>');
-
+ $wgOut->addHTML(
+ '<ul id="fptc_contextMenu" class="contextMenu">
+ <li class="browse">
+ <a href="#browse">' . wfMsg(
'fptc-context-menu-browse' ) . '</a>
+ </li>
+ <li class="suggestions separator">
+ ' . wfMsg(
'fptc-context-menu-similar-tags' ) . '
+ </li>
+ </ul>'
+ );
+
// Print tags
- foreach ($tagCloud->getTags() as $tag) {
- $this->printTag($tag, $attribute);
+ foreach ( $tagCloud->getTags() as $tag ) {
+ $this->printTag( $tag, $attribute );
}
-
- $wgOut->addHTML('<div style="clear:both"></div>');
- } catch (InvalidAttributeException $e) {
- if ($attribute) {
+
+ $wgOut->addHTML( '<div style="clear:both"></div>' );
+ } catch ( InvalidAttributeException $e ) {
+ if ( $attribute ) {
// Attribute not found -> show error
- $wgOut->addHTML('<span style="color:red;
font-weight:bold;">'.wfMsg("fptc-invalid-attribute").'</span>');
+ $wgOut->addHTML(
+ '<span style="color:red;
font-weight:bold;">' .
+ wfMsg( 'fptc-invalid-attribute' ) .
+ '</span>'
+ );
}
}
}
-
+
/**
* Prints tag to <code>$wgOut</code>
*
- * @param Tag $tag
- * @return void
- *
+ * @param $tag Tag
+ * @param $attribute
*/
- private function printTag(Tag $tag, $attribute) {
+ private function printTag( Tag $tag, $attribute ) {
global $wgOut;
-
- $wgOut->addHTML(sprintf('<div class="fptc_tag"
style="font-size:%dpx;">%s</div>',
- $this->fontSizeMin +
($this->fontSizeMax - $this->fontSizeMin) * $tag->getRate(),
- $attribute ==
wfMsg("fptc-categoryname")
- ?
$wgOut->parseInline(sprintf("[[:%s:%s|%s]]", self::CATEGORY_PAGE,
$tag->getValue(), $tag->getValue()))
- :
$wgOut->parseInline(sprintf("[[:%s:%s/%s/%s|%s]]", self::SPECIALPAGE_PREFIX,
self::ATTRIBUTE_VALUE_INDEX_SPECIALPAGE, $attribute, $tag->getValue(),
$tag->getValue()))));
+
+ $wgOut->addHTML(
+ sprintf(
+ '<div class="fptc_tag"
style="font-size:%dpx;">%s</div>',
+ $this->fontSizeMin + ( $this->fontSizeMax -
$this->fontSizeMin ) * $tag->getRate(),
+ $attribute == wfMsg( 'fptc-categoryname' )
+ ? $wgOut->parseInline(
+ sprintf(
+ '[[:%s:%s|%s]]',
+ self::CATEGORY_PAGE,
+ $tag->getValue(),
+ $tag->getValue()
+ )
+ )
+ : $wgOut->parseInline(
+ sprintf(
+ '[[:%s:%s/%s/%s|%s]]',
+
self::SPECIALPAGE_PREFIX,
+
self::ATTRIBUTE_VALUE_INDEX_SPECIALPAGE,
+ $attribute,
+ $tag->getValue(),
+ $tag->getValue()
+ )
+ )
+ )
+ );
}
-
- /** Prints the result of the search for attribute
<code>attribute</code> to <code>$wgOut</code>
+
+ /**
+ * Prints the result of the search for attribute <code>attribute</code>
to
+ * <code>$wgOut</code>
*
- * @param string $attribute Attribute
- * @return void
+ * @param $attribute String: attribute
*/
- private function printSearchResult($attribute) {
+ private function printSearchResult( $attribute ) {
global $wgOut;
-
- if (strlen($attribute)) {
+
+ if ( strlen( $attribute ) ) {
try {
- $searchResult = new TagCloud($attribute);
-
- } catch (InvalidAttributeException $e) {
-
- if ($attribute) {
- $proposal = new Proposal($attribute);
+ $searchResult = new TagCloud( $attribute );
+
+ } catch ( InvalidAttributeException $e ) {
+
+ if ( $attribute ) {
+ $proposal = new Proposal( $attribute );
// Attribute not found -> show
attributes that are related
try {
// Only if suggestions found
- if ($proposal->getProposal()) {
-
$wgOut->addHTML(wfMsg("fptc-suggestion"));
- $wgOut->addHTML(" ");
+ if ( $proposal->getProposal() )
{
+ $wgOut->addHTML( wfMsg(
'fptc-suggestion' ) );
+ $wgOut->addHTML( ' ' );
}
- $w=1;
- foreach
($proposal->getProposal() as $possibleAttribute) {
-
- $wgOut->addHTML('<a
href='.$possibleAttribute.'>'.$possibleAttribute.'</a>');
- if ($w <
count($proposal->getProposal())) {
-
$wgOut->addHTML(", ");
+
+ $w = 1;
+ foreach (
$proposal->getProposal() as $possibleAttribute ) {
+ $wgOut->addHTML(
+ // @todo FIXME:
oh hello there XSS
+ '<a href=' .
$possibleAttribute . '>' .
+
$possibleAttribute . '</a>'
+ );
+ if ( $w < count(
$proposal->getProposal() ) ) {
+
$wgOut->addHTML( ', ' );
}
$w++;
}
-
- } catch (InvalidAttributeException $e) {
-
$wgOut->addHTML(wfMsg("fptc-no-suggestion"));
+
+ } catch ( InvalidAttributeException $e
) {
+ $wgOut->addHTML( wfMsg(
'fptc-no-suggestion' ) );
}
- if ($proposal->getProposal()) {
- $wgOut->addHTML("<br><br>");
+ if ( $proposal->getProposal() ) {
+ $wgOut->addHTML( '<br /><br />'
);
}
}
}
Modified: trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php
===================================================================
--- trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php
2011-10-03 17:49:24 UTC (rev 98784)
+++ trunk/extensions/FreqPatternTagCloud/FreqPatternTagCloud.i18n.php
2011-10-03 17:55:59 UTC (rev 98785)
@@ -16,8 +16,8 @@
'freqpatterntagcloudmaintenance' => 'Frequent Pattern Tag Cloud
Maintenance',
'fptc-categoryname' => 'Category',
'fptc-context-menu-browse' => 'Browse pages with this value',
- 'fptc-context-menu-similar-tags' => 'Similar tags',
- 'fptc-form-attribute-name' => 'Property',
+ 'fptc-context-menu-similar-tags' => 'Similar tags:',
+ 'fptc-form-attribute-name' => 'Property:',
'fptc-form-submit-button' => 'Submit',
'fptc-invalid-attribute' => 'The entered property is invalid.',
'fptc-insufficient-rights-for-maintenance' => 'You have to log in as
system administrator to view this page.',
@@ -39,8 +39,8 @@
'freqpatterntagcloudmaintenance' => 'Frequent Pattern Tag Cloud
Maintenance',
'fptc-categoryname' => 'Kategorie',
'fptc-context-menu-browse' => 'Durchsuche Seiten mit diesem Wert',
- 'fptc-context-menu-similar-tags' => 'Ähnliche Tags',
- 'fptc-form-attribute-name' => 'Attribut',
+ 'fptc-context-menu-similar-tags' => 'Ähnliche Tags:',
+ 'fptc-form-attribute-name' => 'Attribut:',
'fptc-form-submit-button' => 'Eingabe',
'fptc-invalid-attribute' => 'Das eingegebene Attribut ist ungültig.',
'fptc-insufficient-rights-for-maintenance' => 'Um diese Seite sehen zu
können müssen Sie als Systemadministrator angemeldet sein.',
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
