https://www.mediawiki.org/wiki/Special:Code/MediaWiki/114008
Revision: 114008
Author: santhosh
Date: 2012-03-16 11:14:50 +0000 (Fri, 16 Mar 2012)
Log Message:
-----------
More validations , limit the maxlength of aggregate group name.
Ping 113709
Modified Paths:
--------------
trunk/extensions/Translate/api/ApiAggregateGroups.php
trunk/extensions/Translate/specials/SpecialAggregateGroups.php
Modified: trunk/extensions/Translate/api/ApiAggregateGroups.php
===================================================================
--- trunk/extensions/Translate/api/ApiAggregateGroups.php 2012-03-16
10:59:23 UTC (rev 114007)
+++ trunk/extensions/Translate/api/ApiAggregateGroups.php 2012-03-16
11:14:50 UTC (rev 114008)
@@ -43,7 +43,11 @@
if ( $subgroups ) {
$subgroups = array_map( 'trim', explode( ',',
$subgroups ) );
} else {
- // For newly created groups the subgroups value
might be empty
+ // For newly created groups the subgroups value
might be empty,
+ // but check that.
+ if ( !TranslateMetadata::get( $aggregateGroup,
'name' ) ) {
+ $this->dieUsage( 'Invalid Aggregate
message group', 'invalidaggregategroup' );
+ } ;
$subgroups = array();
}
$group = MessageGroups::getGroup( $groupId );
@@ -51,8 +55,9 @@
$this->dieUsage( 'Group does not exist or
invalid', 'invalidgroup' );
}
- // @FIXME: handle pages with a comma in their name
-
+ if ( !self::isValid( $aggregateGroup ) ) {
+ $this->dieUsage( 'Invalid Aggregate message
group', 'invalidaggregategroup' );
+ }
// Add or remove from the list
if ( $action === 'associate' ) {
$subgroups[] = $groupId;
@@ -77,7 +82,9 @@
if ( TranslateMetadata::get( $aggregateGroup,
'subgroups' ) ) {
$this->dieUsage( 'Aggregate message group
already exists', 'duplicateaggregategroup' );
}
- // @FIXME: check that the group id is valid (like, no
commas)
+ if ( !self::isValid ( $aggregateGroup ) ) {
+ $this->dieUsage( 'Invalid Aggregate message
group name', 'invalidaggregategroup' );
+ }
TranslateMetadata::set( $aggregateGroup, 'subgroups',
'' ) ;
$name = trim( $params['groupname'] );
$desc = trim( $params['groupdescription'] );
@@ -99,6 +106,13 @@
MessageGroups::clearCache();
}
+ protected function isValid( $aggregateGroup ) {
+ if ( !$aggregateGroup || preg_match(
'/[\x00-\x1f\x22\x23\x2c\x2e\x3c\x3e\x5b\x5d\x7b\x7c\x7d\x7f\s]+/i',
$aggregateGroup ) ) {
+ return false;
+ }
+ return true;
+ }
+
public function isWriteMode() {
return true;
}
Modified: trunk/extensions/Translate/specials/SpecialAggregateGroups.php
===================================================================
--- trunk/extensions/Translate/specials/SpecialAggregateGroups.php
2012-03-16 10:59:23 UTC (rev 114007)
+++ trunk/extensions/Translate/specials/SpecialAggregateGroups.php
2012-03-16 11:14:50 UTC (rev 114008)
@@ -40,7 +40,7 @@
$out->permissionRequired( 'translate-manage' );
return;
}
-
+
$groups = MessageGroups::getAllGroups();
$aggregates = array();
$pages = array();
@@ -106,7 +106,7 @@
wfMsg( 'tpt-aggregategroup-add-new' ) .
"</a>" );
$newGroupNameLabel = wfMsg( 'tpt-aggregategroup-new-name' );
- $newGroupName = Html::element( 'input', array( 'class' =>
'tp-aggregategroup-add-name' ) );
+ $newGroupName = Html::element( 'input', array( 'class' =>
'tp-aggregategroup-add-name', 'maxlength' => '200' ) );
$newGroupDescriptionLabel = wfMsg(
'tpt-aggregategroup-new-description' );
$newGroupDescription = Html::element( 'input',
array( 'class' =>
'tp-aggregategroup-add-description' )
@@ -125,7 +125,7 @@
protected function listSubgroups( AggregateMessageGroup $parent ) {
$out = $this->getOutput();
$sanid = Sanitizer::escapeId( $parent->getId() );
-
+
$id = $this->htmlIdForGroup( $parent, 'mw-tpa-grouplist-' );
$out->addHtml( Html::openElement( 'ol', array( 'id' => $id ) )
);
@@ -154,7 +154,7 @@
if ( isset( $subgroups[$groupId] ) ) continue;
$select->addOption( $group->getLabel(), $groupId );
}
-
+
return $select;
}
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
