static function lqtThread($parser, $args, $parser, $frame)
{
$pout = $parser->getOutput();
// Prepare information.
$title = Title::newFromText($args['thread']);
$thread = null;
if ($args['thread']) {
if (is_numeric($args['thread'])) {
$thread = Threads::withId($args['thread']);
} elseif ($title) {
$article = new Article($title, 0);
$thread = Threads::withRoot($article);
}
}
if (is_null($thread)) {
return '';
}
$data = array('type' => 'thread', 'args' => $args, 'thread' => $thread->id(), 'title' => $thread->title());
if (!isset($pout->mLqtReplacements)) {
$pout->mLqtReplacements = array();
}
// Generate a token
$tok = wfGenerateToken();
$text = '<!--LQT-THREAD-' . $tok . '-->';
$pout->mLqtReplacements[$text] = $data;
return $text;
}
/**
* Tracking code that calls ClickTracking
* @param $event string the event name
* @param $title Object
*/
private static function clickTracking($event, $title)
{
// check if ClickTracking API is enabled
if (!self::trackingEnabled()) {
return;
}
$params = new FauxRequest(array('action' => 'clicktracking', 'eventid' => self::trackingCodePrefix() . $event, 'token' => wfGenerateToken(), 'namespacenumber' => $title->getNamespace()));
$api = new ApiMain($params, true);
$api->execute();
}
public static function generateHoneypotLink($randomText = null)
{
global $wgHoneypotTemplates;
$urls = self::getHoneypotURLs();
$index = rand(0, count($urls) - 1);
$url = $urls[$index];
$index = rand(0, count($wgHoneypotTemplates) - 1);
$template = $wgHoneypotTemplates[$index];
if (!$randomText) {
$randomText = wfGenerateToken();
}
// Variable replacement
$output = strtr($template, array('honeypoturl' => $url, 'randomtext' => htmlspecialchars($randomText)));
return "{$output}\n";
}
#!/opt/webenabled/config/os/pathnames/bin/php -q
<?php
// integrated by Vinicius Mello http://vmmello.eti.br/
// from includes/GlobalFunctions.php
function wfGenerateToken($salt = '')
{
$salt = serialize($salt);
return md5(mt_rand(0, 0x7fffffff) . $salt);
}
// from includes/User.php :: function crypt()
// not copied verbatim
function mediawiki_crypt($password, $salt)
{
return ':B:' . $salt . ':' . md5($salt . '-' . md5($password));
}
$f = STDIN;
$password = fgets($f);
$salt = substr(wfGenerateToken(), 0, 8);
$value = mediawiki_crypt($password, $salt);
echo "{$value}\n";
/**
* Set the central session data
*
* @param $data Array
* @return ID
*/
static function setSession($data)
{
global $wgCentralAuthCookies, $wgCentralAuthCookiePrefix;
global $wgMemc;
if (!$wgCentralAuthCookies) {
return null;
}
if (!isset($_COOKIE[$wgCentralAuthCookiePrefix . 'Session'])) {
$id = wfGenerateToken();
self::setCookie('Session', $id, 0);
} else {
$id = $_COOKIE[$wgCentralAuthCookiePrefix . 'Session'];
}
$key = self::memcKey('session', $id);
$wgMemc->set($key, $data, 86400);
return $id;
}
/**
* @param $source
* @return string
*/
static function registerSource($source)
{
$id = wfGenerateToken();
self::$sourceRegistrations[$id] = $source;
return $id;
}
/**
* Make a new-style password hash
*
* @param $password \string Plain-text password
* @param $salt \string Optional salt, may be random or the user ID.
* If unspecified or false, will generate one automatically
* @return \string Password hash
*/
static function crypt($password, $salt = false)
{
global $wgPasswordSalt;
$hash = '';
if (!wfRunHooks('UserCryptPassword', array(&$password, &$salt, &$wgPasswordSalt, &$hash))) {
return $hash;
}
if ($wgPasswordSalt) {
if ($salt === false) {
$salt = substr(wfGenerateToken(), 0, 8);
}
return ':B:' . $salt . ':' . md5($salt . '-' . md5($password));
} else {
return ':A:' . md5($password);
}
}
function efSecurePasswordsCrypt(&$password, &$salt, &$wgPasswordSalt, &$hash)
{
global $wgSecurePasswordsSecretKeys, $wgUser;
if ($wgSecurePasswordsSecretKeys == array(false, false, false)) {
die('You need to customize $wgSecurePasswordsSecretKeys in your LocalSettings.php file.
See http://www.mediawiki.org/wiki/Extension:SecurePasswords for more information');
}
$hash = 'S2:';
if ($salt === false) {
$salt = substr(wfGenerateToken(), 0, 8);
}
$a = efSecurePasswordsHashOrder($wgUser->getId());
$hash_algos = hash_algos();
$algos = array();
//only use algorithms deemed "secure"
foreach ($hash_algos as $algo) {
switch ($algo) {
case 'sha512':
$algos[] = array($a[0], 'sha512');
break;
case 'ripemd160':
$algos[] = array($a[1], 'ripemd160');
break;
case 'ripemd320':
$algos[] = array($a[2], 'ripemd320');
break;
case 'whirlpool':
$algos[] = array($a[3], 'whirlpool');
break;
case 'gost':
$algos[] = array($a[4], 'gost');
break;
case 'tiger192,4':
$algos[] = array($a[5], 'tiger192,4');
break;
case 'haval256,5':
$algos[] = array($a[6], 'haval256,5');
break;
case 'sha256':
$algos[] = array($a[7], 'sha256');
break;
case 'sha384':
$algos[] = array($a[8], 'sha384');
break;
case 'ripemd128':
$algos[] = array($a[9], 'ripemd128');
break;
case 'ripemd256':
$algos[] = array($a[10], 'ripemd256');
break;
}
}
$r1 = rand(0, count($algos) - 1);
$r2 = rand(0, count($algos) - 1);
$type = $algos[$r1][0] . $algos[$r2][0];
$pw1 = hash_hmac($algos[$r2][1], $salt . '-' . hash_hmac($algos[$r1][1], $password, $wgSecurePasswordsSecretKeys[0]), $wgSecurePasswordsSecretKeys[1]);
$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$ksize = mcrypt_get_key_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_RAND);
$key = substr($wgSecurePasswordsSecretKeys[2], 0, $ksize - 1) . "";
$pw2 = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $pw1, MCRYPT_MODE_CBC, $iv);
$pwf = base64_encode(gzcompress(base64_encode($pw2) . '|' . base64_encode($iv)));
$hash .= $type . ':' . $salt . ':' . $pwf;
// sometimes the mcrypt is invalid, so we need to do a quick check to make sure that comparing will work in the future
// otherwise the password won't work... and that would suck
$hash = efSecurePasswordsRecursiveCheck($hash, $password, $salt);
return false;
}
function execute($par)
{
global $wgOut, $wgRequest, $wgParser, $wgUser, $wgFilterCallback, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
$wgOut->disable();
// build the article which we are about to save
$t = Title::newFromUrl($wgRequest->getVal('target'));
$a = new Article($t);
$action = $wgRequest->getVal('eaction');
wfDebug("Html5Editor::execute called with {$action}\n");
// process the edit update
if ($action == 'get-vars') {
$wgOut->disable();
$response = array('edittoken' => $wgUser->editToken(), 'edittime' => $a->getTimestamp(true), 'drafttoken' => wfGenerateToken(), 'olddraftid' => 0);
// do they already have a draft saved?
$drafts = Draft::getDrafts($t, $wgUser->getID());
if ($drafts) {
// do we only select an html5 draft? probably not.
// for loop here in case we want to display multiple drafts of same article
$response['olddraftid'] = $drafts[0]->getID();
}
print json_encode($response);
return;
} else {
if ($action == 'load-draft') {
$draftid = $wgRequest->getVal('draftid');
$draft = new Draft($draftid);
if (!$draft->exists()) {
wfLoadExtensionMessages("Html5editor");
$response = array('error' => wfMsg('h5e-draft-does-not-exist', $draftid), 'html' => '');
wfDebug("DRAFT: {$draftid} does not exist \n");
} else {
$text = $draft->getText();
$html = $this->parse($t, $a, $text);
$response = array(error => '', 'html' => $html);
}
print json_encode($response);
return;
} else {
if ($action == 'save-draft') {
$token = $wgRequest->getVal('edittoken');
if ($wgUser->matchEditToken($token)) {
wfDebug("Html5Editor::execute save-draft edit token ok!\n");
$oldtext = $a->getContent();
$html = $wgRequest->getVal('html');
$newtext = $this->convertHTML2Wikitext($html, $oldtext);
$draftid = $wgRequest->getVal('draftid', null);
$draft = null;
// 'null' apparently is what javascript is giving us. doh.
if (!$draftid || preg_match("@[^0-9]@", $draftid)) {
wfDebug("Html5Editor::execute getting draft id from title \n");
$draftid = self::getDraftIDFromTitle($t);
}
if (!$draftid || $draftid == 'null') {
$draft = new Draft();
} else {
$draft = Draft::newFromID($draftid);
}
wfDebug("Html5Editor::execute got draft id {$draftid} \n");
$draft->setTitle($t);
//$draft->setStartTime( $wgRequest->getText( 'wpStarttime' ) );
$draft->setEditTime($wgRequest->getText('edittime'));
$draft->setSaveTime(wfTimestampNow());
$draft->setText($newtext);
$draft->setSummary($wgRequest->getText('editsummary'));
$draft->setHtml5(true);
//$draft->setMinorEdit( $wgRequest->getInt( 'wpMinoredit', 0 ) );
// Save draft
$draft->save();
wfDebug("Html5Editor::execute saved draft with id {$draft->getID()} and text {$newtext} \n");
$response = array('draftid' => $draft->getID());
print json_encode($response);
return;
} else {
wfDebug("Html5Editor::execute save-draft edit token BAD {$token} \n");
$response = array('error' => 'edit token bad');
print json_encode($response);
return;
}
return;
} else {
if ($action == 'save-summary') {
// this implementation could have a few problems
// 1. if a user is editing the article in separate windows, it will
// only update the last edit
// 2. Could be easy to fake an edit summary save, but is limited to
// edits made by the user
/// 3. There's no real 'paper' trail of the saved summary
// grab the cookie with the rev_id
global $wgCookiePrefix;
if (isset($_COOKIE["{$wgCookiePrefix}RevId" . $t->getArticleID()])) {
$revid = $_COOKIE["{$wgCookiePrefix}RevId" . $t->getArticleID()];
wfDebug("AXX: updating revcomment {$revid} \n");
$dbw = wfGetDB(DB_MASTER);
$summary = "updating from html5 editor, " . $wgRequest->getVal('summary');
$dbw->update('revision', array('rev_comment' => $summary), array('rev_id' => $revid, 'rev_user_text' => $wgUser->getName()), "Html5Editor::saveComment", array("LIMIT" => 1));
$dbw->update('recentchanges', array('rc_comment' => $summary), array('rc_this_oldid' => $revid, 'rc_user_text' => $wgUser->getName()), "Html5Editor::saveComment", array("LIMIT" => 1));
} else {
wfDebug("AXX: NOT updating revcomment, why\n");
}
return;
} else {
if ($action == 'publish-html') {
// check the edit token
$token = $wgRequest->getVal('edittoken');
if (!$wgUser->matchEditToken($token)) {
$response = array('error' => wfMsg('sessionfailure'));
print json_encode($response);
return;
}
// check the edit time and check for a conflict
$edittime = $wgRequest->getVal('edittime');
if (!preg_match('/^\\d{14}$/', $edittime)) {
$edittime = null;
}
if (!$edittime) {
$response = array('error' => 'missing or invalid edit time');
print json_encode($response);
return;
}
if ($response = $this->getPermissionErrors($t)) {
print json_encode($response);
return;
}
$newArticle = !$t->exists();
$a = new Article($t);
// check for edit conflict
// if( $this->mArticle->getTimestamp() != $this->edittime ) {
// $this->isConflict = true;
// }
// now ... let's convert the HTML back into wikitext... holy crap, we are nuts
$oldtext = $a->getContent();
$html = $wgRequest->getVal('html');
$newtext = $this->convertHTML2Wikitext($html, $oldtext);
// filter callback?
if ($wgFilterCallback && $wgFilterCallback($t, $newtext, null)) {
# Error messages or other handling should be performed by the filter function
$response = array('error' => self::$spam_message, 'html' => $html);
print json_encode($response);
return;
}
// do the save
// TODO: check for conflicts (obviously)
if ($a->doEdit($newtext, $wgRequest->getVal('summary') . " (HTML5) ")) {
//$alerts = new MailAddress("*****@*****.**");
//UserMailer::send($alerts, $alerts, "HTML5 Ouput for {$t->getText()}", "{$t->getFullURL()}?action=history \n HTML: " . trim($html) . "\n\nwikitext:\n $newtext\n\n\nUser: "******"\n\n\n\nPOST: " . print_r($_POST, true) );
$r = Revision::newFromTitle($t);
$this->setRevCookie($t, $r);
#$html = WikihowArticleHTML::postProcess($wgOut->parse($newtext));
$html = $this->parse($t, $a, $newtext);
// Create an anon attribution cookie
if ($newArticle && $wgUser->getId() == 0) {
setcookie('aen_anon_newarticleid', $a->getId(), time() + 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
}
$response = array(error => '', 'html' => $html);
print json_encode($response);
return;
} else {
$response = array(error => 'Error saving', 'html' => '');
print json_encode($response);
return;
}
}
}
}
}
}
return;
}
/**
* Build the link for Email, add clickTracking if available
* @return array - the links to be tracked in email
*/
protected function buildEmailLink()
{
$pageObject = array('feedbackPage' => array('obj' => SpecialPage::getTitleFor('FeedbackDashboard', $this->feedback), 'clicktracking' => false), 'editorTalkPage' => array('obj' => $this->editor->getTalkPage(), 'clicktracking' => false), 'targetUserTalkPage' => array('obj' => $this->targetUser->getTalkPage(), 'clicktracking' => true));
$links = array();
// if clickTracking is not enabled, return the full canonical url for email
if (!class_exists('ApiClickTracking')) {
foreach ($pageObject as $key => $value) {
$links[$key . 'Url'] = $value['obj']->getCanonicalURL();
}
} else {
global $wgMoodBarConfig;
$token = wfGenerateToken();
$eventid = 'ext.feedbackDashboard@' . $wgMoodBarConfig['bucketConfig']['version'] . '-email-response_link-' . $this->type;
$clickTrackingLink = wfAppendQuery(wfScript('api'), array('action' => 'clicktracking', 'eventid' => $eventid, 'token' => $token));
foreach ($pageObject as $key => $value) {
if ($value['clicktracking']) {
$links[$key . 'Url'] = wfExpandUrl(wfAppendQuery($clickTrackingLink, array('redirectto' => $value['obj']->getLinkURL(), 'namespacenumber' => $value['obj']->getNamespace())), PROTO_CANONICAL);
} else {
$links[$key . 'Url'] = $value['obj']->getCanonicalURL();
}
}
}
return $links;
}
public static function newToken()
{
return wfGenerateToken();
}
/**
* Gets the session ID...we just want a unique random ID for the page load
* @return session ID
*/
public static function get_session_id()
{
global $wgUser;
return wfGenerateToken(array($wgUser->getName(), time()));
}
/**
* MakeGlobalVariablesScript hook
* Generates the random wgTrackingToken JS global variable
*
* @param $vars Array: existing JS globals
* @return Boolean: always true
*/
public static function makeGlobalVariablesScript(&$vars)
{
global $wgUser;
$vars['wgTrackingToken'] = wfGenerateToken(array($wgUser->getName(), time()));
return true;
}
function scratchTitle()
{
return Title::makeTitle(NS_LQT_THREAD, wfGenerateToken());
}
/**
* @param $user
* @param $inject_html
* @param $userName
* @return bool
*/
static function onUserLogoutComplete(&$user, &$inject_html, $userName)
{
global $wgCentralAuthCookies, $wgCentralAuthAutoLoginWikis;
if (!$wgCentralAuthCookies) {
// Nothing to do.
return true;
} elseif (!$wgCentralAuthAutoLoginWikis) {
$inject_html .= wfMsgExt('centralauth-logout-no-others', 'parse');
return true;
}
$centralUser = CentralAuthUser::getInstance($user);
if (!$centralUser->exists() || !$centralUser->isAttached()) {
return true;
} elseif (!$wgCentralAuthAutoLoginWikis) {
$inject_html .= wfMsgExt('centralauth-logout-no-others', 'parse');
return true;
}
// Generate the images
$inject_html .= '<div class="centralauth-logout-box"><p>' . wfMsg('centralauth-logout-progress') . "</p>\n<p>";
$centralUser = new CentralAuthUser($userName);
foreach ($wgCentralAuthAutoLoginWikis as $alt => $wiki) {
$data = array('userName' => $userName, 'token' => $centralUser->getAuthToken(), 'remember' => false, 'wiki' => $wiki);
$loginToken = wfGenerateToken($centralUser->getId());
global $wgMemc;
$wgMemc->set(CentralAuthUser::memcKey('login-token', $loginToken), $data, 600);
$wiki = WikiMap::getWiki($wiki);
// Use WikiReference::getFullUrl(), returns a protocol-relative URL if needed
$url = $wiki->getFullUrl('Special:AutoLogin');
if (strpos($url, '?') > 0) {
$url .= "&logout=1&token={$loginToken}";
} else {
$url .= "?logout=1&token={$loginToken}";
}
$inject_html .= Xml::element('img', array('src' => $url, 'alt' => $alt, 'title' => $alt, 'width' => 20, 'height' => 20, 'style' => 'border: 1px solid #ccc;'));
}
$inject_html .= '</p></div>';
return true;
}
/**
* Returns a random password which conforms to our password requirements and is
* not easily guessable.
*/
public static function generateRandomScrambledPassword()
{
// Password requirements need a captial letter, a digit, and a lowercase letter.
// wfGenerateToken() returns a 32 char hex string, which will almost always satisfy the digit/letter but not always.
// This suffix shouldn't reduce the entropy of the intentionally scrambled password.
$REQUIRED_CHARS = "A1a";
return wfGenerateToken() . $REQUIRED_CHARS;
}
/**
* EditPageBeforeEditButtons hook
* Add draft saving controls
*/
public static function controls($editpage, $buttons)
{
global $wgUser, $wgTitle, $wgRequest;
global $egDraftsAutoSaveWait, $egDraftsAutoSaveTimeout;
// Check permissions
if ($wgUser->isAllowed('edit') && $wgUser->isLoggedIn()) {
// Internationalization
// Build XML
$buttons['savedraft'] = Xml::openElement('script', array('type' => 'text/javascript', 'language' => 'javascript'));
$buttonAttribs = array('id' => 'wpDraftSave', 'name' => 'wpDraftSave', 'tabindex' => 8, 'value' => wfMsg('drafts-save-save'));
$accesskey = $wgUser->getSkin()->accesskey('drafts-save');
if ($accesskey !== false) {
$buttonAttribs['accesskey'] = $accesskey;
}
$tooltip = $wgUser->getSkin()->titleAttrib('drafts-save', 'withaccess');
if ($tooltip !== false) {
$buttonAttribs['title'] = $tooltip;
}
$ajaxButton = Xml::escapeJsString(Xml::element('input', array('type' => 'button') + $buttonAttribs + ($wgRequest->getText('action') !== 'submit' ? array('disabled' => 'disabled') : array())));
$buttons['savedraft'] .= "document.write( '{$ajaxButton}' );";
$buttons['savedraft'] .= Xml::closeElement('script');
$buttons['savedraft'] .= Xml::openElement('noscript');
$buttons['savedraft'] .= Xml::element('input', array('type' => 'submit') + $buttonAttribs);
$buttons['savedraft'] .= Xml::closeElement('noscript');
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftAutoSaveWait', 'value' => $egDraftsAutoSaveWait));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftAutoSaveTimeout', 'value' => $egDraftsAutoSaveTimeout));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftToken', 'value' => wfGenerateToken()));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftID', 'value' => $wgRequest->getInt('draft', '')));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpDraftTitle', 'value' => $wgTitle->getPrefixedText()));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaved', 'value' => wfMsg('drafts-save-saved')));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaving', 'value' => wfMsg('drafts-save-saving')));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgSaveDraft', 'value' => wfMsg('drafts-save-save')));
$buttons['savedraft'] .= Xml::element('input', array('type' => 'hidden', 'name' => 'wpMsgError', 'value' => wfMsg('drafts-save-error')));
}
// Continue
return true;
}
/**
* creates a random token
* @return a random token
*/
public static function generateRandomCookieID() {
global $wgUser;
return wfGenerateToken( array( $wgUser, time() ) );
}
public function setToken() {
$this->tokenToCheck = wfGenerateToken( array( $this, time() ) );
wfSetupSession();
$_SESSION['wsSimpleSurveyToken'] = $this->tokenToCheck;
}
