public function testUserBlock() { global $wgEmailConfirmToEdit, $wgEmailAuthentication; $wgEmailConfirmToEdit = true; $wgEmailAuthentication = true; $this->setUserPerm(array("createpage", "move")); $this->setTitle(NS_HELP, "test page"); # $short $this->assertEquals(array(array('confirmedittext')), $this->title->getUserPermissionsErrors('move-target', $this->user)); $wgEmailConfirmToEdit = false; $this->assertEquals(true, $this->title->userCan('move-target', $this->user)); # $wgEmailConfirmToEdit && !$user->isEmailConfirmed() && $action != 'createaccount' $this->assertEquals(array(), $this->title->getUserPermissionsErrors('move-target', $this->user)); global $wgLang; $prev = time(); $now = time() + 120; $this->user->mBlockedby = $this->user->getId(); $this->user->mBlock = new Block('127.0.8.1', 0, $this->user->getId(), 'no reason given', $prev + 3600, 1, 0); $this->user->mBlock->mTimestamp = 0; $this->assertEquals(array(array('autoblockedtext', '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1', 'Useruser', null, 'infinite', '127.0.8.1', $wgLang->timeanddate(wfTimestamp(TS_MW, $prev), true))), $this->title->getUserPermissionsErrors('move-target', $this->user)); $this->assertEquals(false, $this->title->userCan('move-target', $this->user)); // quickUserCan should ignore user blocks $this->assertEquals(true, $this->title->quickUserCan('move-target', $this->user)); global $wgLocalTZoffset; $wgLocalTZoffset = -60; $this->user->mBlockedby = $this->user->getName(); $this->user->mBlock = new Block('127.0.8.1', 0, $this->user->getId(), 'no reason given', $now, 0, 10); $this->assertEquals(array(array('blockedtext', '[[User:Useruser|Useruser]]', 'no reason given', '127.0.0.1', 'Useruser', null, '23:00, 31 December 1969', '127.0.8.1', $wgLang->timeanddate(wfTimestamp(TS_MW, $now), true))), $this->title->getUserPermissionsErrors('move-target', $this->user)); # $action != 'read' && $action != 'createaccount' && $user->isBlockedFrom( $this ) # $user->blockedFor() == '' # $user->mBlock->mExpiry == 'infinity' }
/** * Performs all actions required to log all information required to have a given template * classified and have them stored in an accessible way. * @param string $type A type that you want to classify the template as. * @param bool $value Value of the classification. If false, the type will be set to unclassified. * @param int $actor Specifies if the recognition was made by a machine or a human * @return bool * @throws MWException */ public function classifyTemplate($type, $value, $actor = self::CLASSIFICATION_ACTOR_HUMAN) { /** * Check if the fetched $type is valid * and if the user is permitted to perform templatedraft related actions. */ $prop = self::getClassificationProp($type); if (!$prop || !$this->title->userCan('templatedraft')) { return false; } /** * SET THE PRIMARY PAGE PROPERTY * * If the $value equals false it means somebody has just made a negative recognition * (e.g. the template is NOT an infobox). In this case, we set the primary property to * unclassified to mark that the template has been reviewed, but we do not have a definite * information on its type. */ if (!$value) { $type = self::TEMPLATE_UNCLASSIFIED; } Wikia::setProps($this->title->getArticleID(), [self::TEMPLATE_CLASSIFICATION_MAIN_PROP => $type]); /** * SET THE SECONDARY PAGE PROPERTY * * This property is used to log more detailed information on the performed action. */ $data = ['value' => (bool) $value, 'actor' => $actor, 'actor-id' => $this->wg->User->getId(), 'timestamp' => wfTimestamp()]; Wikia::setProps($this->title->getArticleID(), [$prop => json_encode($data)]); /** * Since Wikia::setProps fails silently we can return true at this point. */ return true; }
/** * check if current user can edit comment */ public function canEdit() { global $wgUser; $isAuthor = false; if ($this->mFirstRevision) { $isAuthor = $this->mFirstRevision->getUser(Revision::RAW) == $wgUser->getId() && !$wgUser->isAnon(); } // prevent infinite loop for blogs - userCan hooked up in BlogLockdown $canEdit = self::isBlog($this->mTitle) || $this->mTitle->userCan("edit"); $isAllowed = $wgUser->isAllowed('commentedit'); $res = $isAuthor || $isAllowed && $canEdit; return $res; }
/** * Dispatched from execute(); */ private function processParameter($sParameter) { try { $this->oRequestedTitle = Title::newFromText($sParameter); /*if( !$this->oRequestedTitle->exists() && $this->oRequestedTitle->getNamespace() != NS_SPECIAL ) { //!$this->mRequestedTitle->isSpecialPage() does not work in MW 1.13 throw new Exception( 'error-requested-title-does-not-exist' ); }*/ //Get relevant page props $dbr = wfGetDB(DB_SLAVE); $res = $dbr->selectField('page_props', 'pp_value', array('pp_propname' => 'bs-universalexport-params', 'pp_page' => $this->oRequestedTitle->getArticleID())); if ($res != false) { $res = FormatJson::decode($res, true); if (is_array($res)) { $this->aParams = array_merge($this->aParams, $res); } } BsUniversalExportHelper::getParamsFromQueryString($this->aParams); //Title::userCan always returns false on special pages (exept for createaccount action) if ($this->oRequestedTitle->getNamespace() === NS_SPECIAL) { if ($this->getUser()->isAllowed('universalexport-export') !== true) { throw new Exception('bs-universalexport-error-permission'); } } elseif ($this->oRequestedTitle->userCan('universalexport-export') === false) { throw new Exception('bs-universalexport-error-permission'); } // TODO RBV (24.01.11 17:37): array_intersect(), may be better? $aCategoryNames = BsUniversalExportHelper::getCategoriesForTitle($this->oRequestedTitle); foreach ($aCategoryNames as $sCategoryName) { if (in_array($sCategoryName, $this->aCategoryBlacklist)) { throw new Exception('bs-universalexport-error-requested-title-in-category-blacklist'); } } BsUniversalExportHelper::checkPermissionForTitle($this->oRequestedTitle, $this->aParams); //Throws Exception $sModuleKey = $this->aParams['module']; if (!isset($this->aModules[$sModuleKey]) || !$this->aModules[$sModuleKey] instanceof BsUniversalExportModule) { throw new Exception('bs-universalexport-error-requested-export-module-not-found'); } $oExportModule = $this->aModules[$sModuleKey]; $aFile = $oExportModule->createExportFile($this); $this->returnFile($aFile); } catch (Exception $oException) { //Display Exception-Message and Stacktrace $this->oOutputPage->setPageTitle(wfMessage('bs-universalexport-page-title-on-error')->text()); $oExceptionView = new ViewException($oException); $this->oOutputPage->addHtml($oExceptionView->execute()); } }
/** * Modify edit section link markup (for Oasis only) */ public static function onDoEditSectionLink( $skin, Title $title, $section, $tooltip, &$result, $lang = false ) { global $wgBlankImgUrl, $wgUser; wfProfileIn(__METHOD__); // modify Oasis only (BugId:8444) if (!$skin instanceof SkinOasis) { wfProfileOut(__METHOD__); return true; } $result = ''; // reset result first $editUrl = $title->getLocalUrl( array( 'action' => 'edit', 'section' => $section ) ); $class = 'editsection'; // RT#84733 - prompt to login if the user is an anon and can't edit right now (protected pages and wgDisableAnonEditing wikis). if ( !$title->userCan('edit') && $wgUser->isAnon() ) { $class .= " loginToEditProtectedPage"; } $result .= Xml::openElement( 'span', array( 'class' => $class ) ); $result .= Xml::openElement( 'a', array( 'href' => $editUrl, 'title' => wfMsg( 'oasis-section-edit-alt', $tooltip ), )); $result .= Xml::element( 'img', array( 'src' => $wgBlankImgUrl, 'class' => 'sprite edit-pencil', )); $result .= wfMsg( 'oasis-section-edit' ); $result .= Xml::closeElement( 'a' ); $result .= Xml::closeElement( 'span' ); wfProfileOut(__METHOD__); return true; }
public function showDiffPage($diffOnly = false) { # Allow frames except in certain special cases $out = $this->getOutput(); $out->allowClickjacking(); $out->setRobotPolicy('noindex,nofollow'); if (!$this->loadRevisionData()) { $this->showMissingRevision(); return; } $user = $this->getUser(); $permErrors = $this->mNewPage->getUserPermissionsErrors('read', $user); if ($this->mOldPage) { # mOldPage might not be set, see below. $permErrors = wfMergeErrorArrays($permErrors, $this->mOldPage->getUserPermissionsErrors('read', $user)); } if (count($permErrors)) { throw new PermissionsError('read', $permErrors); } $rollback = ''; $query = array(); # Carry over 'diffonly' param via navigation links if ($diffOnly != $user->getBoolOption('diffonly')) { $query['diffonly'] = $diffOnly; } # Cascade unhide param in links for easy deletion browsing if ($this->unhide) { $query['unhide'] = 1; } # Check if one of the revisions is deleted/suppressed $deleted = $suppressed = false; $allowed = $this->mNewRev->userCan(Revision::DELETED_TEXT, $user); $revisionTools = array(); # mOldRev is false if the difference engine is called with a "vague" query for # a diff between a version V and its previous version V' AND the version V # is the first version of that article. In that case, V' does not exist. if ($this->mOldRev === false) { $out->setPageTitle($this->msg('difference-title', $this->mNewPage->getPrefixedText())); $samePage = true; $oldHeader = ''; } else { Hooks::run('DiffViewHeader', array($this, $this->mOldRev, $this->mNewRev)); if ($this->mNewPage->equals($this->mOldPage)) { $out->setPageTitle($this->msg('difference-title', $this->mNewPage->getPrefixedText())); $samePage = true; } else { $out->setPageTitle($this->msg('difference-title-multipage', $this->mOldPage->getPrefixedText(), $this->mNewPage->getPrefixedText())); $out->addSubtitle($this->msg('difference-multipage')); $samePage = false; } if ($samePage && $this->mNewPage->quickUserCan('edit', $user)) { if ($this->mNewRev->isCurrent() && $this->mNewPage->userCan('rollback', $user)) { $rollbackLink = Linker::generateRollback($this->mNewRev, $this->getContext()); if ($rollbackLink) { $out->preventClickjacking(); $rollback = '   ' . $rollbackLink; } } if (!$this->mOldRev->isDeleted(Revision::DELETED_TEXT) && !$this->mNewRev->isDeleted(Revision::DELETED_TEXT)) { $undoLink = Html::element('a', array('href' => $this->mNewPage->getLocalURL(array('action' => 'edit', 'undoafter' => $this->mOldid, 'undo' => $this->mNewid)), 'title' => Linker::titleAttrib('undo')), $this->msg('editundo')->text()); $revisionTools['mw-diff-undo'] = $undoLink; } } # Make "previous revision link" if ($samePage && $this->mOldRev->getPrevious()) { $prevlink = Linker::linkKnown($this->mOldPage, $this->msg('previousdiff')->escaped(), array('id' => 'differences-prevlink'), array('diff' => 'prev', 'oldid' => $this->mOldid) + $query); } else { $prevlink = ' '; } if ($this->mOldRev->isMinor()) { $oldminor = ChangesList::flag('minor'); } else { $oldminor = ''; } $ldel = $this->revisionDeleteLink($this->mOldRev); $oldRevisionHeader = $this->getRevisionHeader($this->mOldRev, 'complete'); $oldChangeTags = ChangeTags::formatSummaryRow($this->mOldTags, 'diff'); $oldHeader = '<div id="mw-diff-otitle1"><strong>' . $oldRevisionHeader . '</strong></div>' . '<div id="mw-diff-otitle2">' . Linker::revUserTools($this->mOldRev, !$this->unhide) . '</div>' . '<div id="mw-diff-otitle3">' . $oldminor . Linker::revComment($this->mOldRev, !$diffOnly, !$this->unhide) . $ldel . '</div>' . '<div id="mw-diff-otitle5">' . $oldChangeTags[0] . '</div>' . '<div id="mw-diff-otitle4">' . $prevlink . '</div>'; if ($this->mOldRev->isDeleted(Revision::DELETED_TEXT)) { $deleted = true; // old revisions text is hidden if ($this->mOldRev->isDeleted(Revision::DELETED_RESTRICTED)) { $suppressed = true; // also suppressed } } # Check if this user can see the revisions if (!$this->mOldRev->userCan(Revision::DELETED_TEXT, $user)) { $allowed = false; } } # Make "next revision link" # Skip next link on the top revision if ($samePage && !$this->mNewRev->isCurrent()) { $nextlink = Linker::linkKnown($this->mNewPage, $this->msg('nextdiff')->escaped(), array('id' => 'differences-nextlink'), array('diff' => 'next', 'oldid' => $this->mNewid) + $query); } else { $nextlink = ' '; } if ($this->mNewRev->isMinor()) { $newminor = ChangesList::flag('minor'); } else { $newminor = ''; } # Handle RevisionDelete links... $rdel = $this->revisionDeleteLink($this->mNewRev); # Allow extensions to define their own revision tools Hooks::run('DiffRevisionTools', array($this->mNewRev, &$revisionTools, $this->mOldRev, $user)); $formattedRevisionTools = array(); // Put each one in parentheses (poor man's button) foreach ($revisionTools as $key => $tool) { $toolClass = is_string($key) ? $key : 'mw-diff-tool'; $element = Html::rawElement('span', array('class' => $toolClass), $this->msg('parentheses')->rawParams($tool)->escaped()); $formattedRevisionTools[] = $element; } $newRevisionHeader = $this->getRevisionHeader($this->mNewRev, 'complete') . ' ' . implode(' ', $formattedRevisionTools); $newChangeTags = ChangeTags::formatSummaryRow($this->mNewTags, 'diff'); $newHeader = '<div id="mw-diff-ntitle1"><strong>' . $newRevisionHeader . '</strong></div>' . '<div id="mw-diff-ntitle2">' . Linker::revUserTools($this->mNewRev, !$this->unhide) . " {$rollback}</div>" . '<div id="mw-diff-ntitle3">' . $newminor . Linker::revComment($this->mNewRev, !$diffOnly, !$this->unhide) . $rdel . '</div>' . '<div id="mw-diff-ntitle5">' . $newChangeTags[0] . '</div>' . '<div id="mw-diff-ntitle4">' . $nextlink . $this->markPatrolledLink() . '</div>'; if ($this->mNewRev->isDeleted(Revision::DELETED_TEXT)) { $deleted = true; // new revisions text is hidden if ($this->mNewRev->isDeleted(Revision::DELETED_RESTRICTED)) { $suppressed = true; // also suppressed } } # If the diff cannot be shown due to a deleted revision, then output # the diff header and links to unhide (if available)... if ($deleted && (!$this->unhide || !$allowed)) { $this->showDiffStyle(); $multi = $this->getMultiNotice(); $out->addHTML($this->addHeader('', $oldHeader, $newHeader, $multi)); if (!$allowed) { $msg = $suppressed ? 'rev-suppressed-no-diff' : 'rev-deleted-no-diff'; # Give explanation for why revision is not visible $out->wrapWikiMsg("<div id='mw-{$msg}' class='mw-warning plainlinks'>\n\$1\n</div>\n", array($msg)); } else { # Give explanation and add a link to view the diff... $query = $this->getRequest()->appendQueryValue('unhide', '1'); $link = $this->getTitle()->getFullURL($query); $msg = $suppressed ? 'rev-suppressed-unhide-diff' : 'rev-deleted-unhide-diff'; $out->wrapWikiMsg("<div id='mw-{$msg}' class='mw-warning plainlinks'>\n\$1\n</div>\n", array($msg, $link)); } # Otherwise, output a regular diff... } else { # Add deletion notice if the user is viewing deleted content $notice = ''; if ($deleted) { $msg = $suppressed ? 'rev-suppressed-diff-view' : 'rev-deleted-diff-view'; $notice = "<div id='mw-{$msg}' class='mw-warning plainlinks'>\n" . $this->msg($msg)->parse() . "</div>\n"; } $this->showDiff($oldHeader, $newHeader, $notice); if (!$diffOnly) { $this->renderNewRevision(); } } }
/** * Checks whether a user is allowed the permission for the * specific title if one is set. * * @param string $permission * @param User $user * @return bool */ protected function isAllowed($permission, User $user = null) { $user = $user ?: $this->getUser(); if ($this->mTargetObj !== null) { return $this->mTargetObj->userCan($permission, $user); } else { return $user->isAllowed($permission); } }
private function checkReadPermissions(Title $title) { if (!$title->userCan('read', $this->getUser())) { $this->dieUsage("You don't have permission to view this page", 'permissiondenied'); } }
/** * Attempt submission (no UI) * * @param $result * @param $bot bool * * @return Status object, possibly with a message, but always with one of the AS_* constants in $status->value, * * FIXME: This interface is TERRIBLE, but hard to get rid of due to various error display idiosyncrasies. There are * also lots of cases where error metadata is set in the object and retrieved later instead of being returned, e.g. * AS_CONTENT_TOO_BIG and AS_BLOCKED_PAGE_FOR_USER. All that stuff needs to be cleaned up some time. */ function internalAttemptSave(&$result, $bot = false) { global $wgFilterCallback, $wgUser, $wgRequest, $wgParser; global $wgMaxArticleSize; $status = Status::newGood(); wfProfileIn(__METHOD__); wfProfileIn(__METHOD__ . '-checks'); if (!wfRunHooks('EditPage::attemptSave', array($this))) { wfDebug("Hook 'EditPage::attemptSave' aborted article saving\n"); $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # Check image redirect if ($this->mTitle->getNamespace() == NS_FILE && Title::newFromRedirect($this->textbox1) instanceof Title && !$wgUser->isAllowed('upload')) { $code = $wgUser->isAnon() ? self::AS_IMAGE_REDIRECT_ANON : self::AS_IMAGE_REDIRECT_LOGGED; $status->setResult(false, $code); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # Check for spam $match = self::matchSummarySpamRegex($this->summary); if ($match === false) { $match = self::matchSpamRegex($this->textbox1); } if ($match !== false) { $result['spam'] = $match; $ip = $wgRequest->getIP(); $pdbk = $this->mTitle->getPrefixedDBkey(); $match = str_replace("\n", '', $match); wfDebugLog('SpamRegex', "{$ip} spam regex hit [[{$pdbk}]]: \"{$match}\""); $status->fatal('spamprotectionmatch', $match); $status->value = self::AS_SPAM_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if ($wgFilterCallback && is_callable($wgFilterCallback) && $wgFilterCallback($this->mTitle, $this->textbox1, $this->section, $this->hookError, $this->summary)) { # Error messages or other handling should be performed by the filter function $status->setResult(false, self::AS_FILTERING); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if (!wfRunHooks('EditFilter', array($this, $this->textbox1, $this->section, &$this->hookError, $this->summary))) { # Error messages etc. could be handled within the hook... $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } elseif ($this->hookError != '') { # ...or the hook could be expecting us to produce an error $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR_EXPECTED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if ($wgUser->isBlockedFrom($this->mTitle, false)) { // Auto-block user's IP if the account was "hard" blocked $wgUser->spreadAnyEditBlock(); # Check block state against master, thus 'false'. $status->setResult(false, self::AS_BLOCKED_PAGE_FOR_USER); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } $this->kblength = (int) (strlen($this->textbox1) / 1024); if ($this->kblength > $wgMaxArticleSize) { // Error will be displayed by showEditForm() $this->tooBig = true; $status->setResult(false, self::AS_CONTENT_TOO_BIG); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if (!$wgUser->isAllowed('edit')) { if ($wgUser->isAnon()) { $status->setResult(false, self::AS_READ_ONLY_PAGE_ANON); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } else { $status->fatal('readonlytext'); $status->value = self::AS_READ_ONLY_PAGE_LOGGED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } } if (wfReadOnly()) { $status->fatal('readonlytext'); $status->value = self::AS_READ_ONLY_PAGE; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if ($wgUser->pingLimiter()) { $status->fatal('actionthrottledtext'); $status->value = self::AS_RATE_LIMITED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # If the article has been deleted while editing, don't save it without # confirmation if ($this->wasDeletedSinceLastEdit() && !$this->recreate) { $status->setResult(false, self::AS_ARTICLE_WAS_DELETED); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } wfProfileOut(__METHOD__ . '-checks'); # If article is new, insert it. $aid = $this->mTitle->getArticleID(Title::GAID_FOR_UPDATE); $new = $aid == 0; if ($new) { // Late check for create permission, just in case *PARANOIA* if (!$this->mTitle->userCan('create')) { $status->fatal('nocreatetext'); $status->value = self::AS_NO_CREATE_PERMISSION; wfDebug(__METHOD__ . ": no create permission\n"); wfProfileOut(__METHOD__); return $status; } # Don't save a new article if it's blank. if ($this->textbox1 == '') { $status->setResult(false, self::AS_BLANK_ARTICLE); wfProfileOut(__METHOD__); return $status; } // Run post-section-merge edit filter if (!wfRunHooks('EditFilterMerged', array($this, $this->textbox1, &$this->hookError, $this->summary))) { # Error messages etc. could be handled within the hook... $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__); return $status; } elseif ($this->hookError != '') { # ...or the hook could be expecting us to produce an error $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR_EXPECTED; wfProfileOut(__METHOD__); return $status; } # Handle the user preference to force summaries here. Check if it's not a redirect. if (!$this->allowBlankSummary && !Title::newFromRedirect($this->textbox1)) { if (md5($this->summary) == $this->autoSumm) { $this->missingSummary = true; $status->fatal('missingsummary'); // or 'missingcommentheader' if $section == 'new'. Blegh $status->value = self::AS_SUMMARY_NEEDED; wfProfileOut(__METHOD__); return $status; } } $text = $this->textbox1; $result['sectionanchor'] = ''; if ($this->section == 'new') { if ($this->sectiontitle !== '') { // Insert the section title above the content. $text = wfMsgForContent('newsectionheaderdefaultlevel', $this->sectiontitle) . "\n\n" . $text; // Jump to the new section $result['sectionanchor'] = $wgParser->guessLegacySectionNameFromWikiText($this->sectiontitle); // If no edit summary was specified, create one automatically from the section // title and have it link to the new section. Otherwise, respect the summary as // passed. if ($this->summary === '') { $cleanSectionTitle = $wgParser->stripSectionName($this->sectiontitle); $this->summary = wfMsgForContent('newsectionsummary', $cleanSectionTitle); } } elseif ($this->summary !== '') { // Insert the section title above the content. $text = wfMsgForContent('newsectionheaderdefaultlevel', $this->summary) . "\n\n" . $text; // Jump to the new section $result['sectionanchor'] = $wgParser->guessLegacySectionNameFromWikiText($this->summary); // Create a link to the new section from the edit summary. $cleanSummary = $wgParser->stripSectionName($this->summary); $this->summary = wfMsgForContent('newsectionsummary', $cleanSummary); } } $status->value = self::AS_SUCCESS_NEW_ARTICLE; } else { # Article exists. Check for edit conflict. $this->mArticle->clear(); # Force reload of dates, etc. $timestamp = $this->mArticle->getTimestamp(); wfDebug("timestamp: {$timestamp}, edittime: {$this->edittime}\n"); if ($timestamp != $this->edittime) { $this->isConflict = true; if ($this->section == 'new') { if ($this->mArticle->getUserText() == $wgUser->getName() && $this->mArticle->getComment() == $this->summary) { // Probably a duplicate submission of a new comment. // This can happen when squid resends a request after // a timeout but the first one actually went through. wfDebug(__METHOD__ . ": duplicate new section submission; trigger edit conflict!\n"); } else { // New comment; suppress conflict. $this->isConflict = false; wfDebug(__METHOD__ . ": conflict suppressed; new section\n"); } } elseif ($this->section == '' && $this->userWasLastToEdit($wgUser->getId(), $this->edittime)) { # Suppress edit conflict with self, except for section edits where merging is required. wfDebug(__METHOD__ . ": Suppressing edit conflict, same user.\n"); $this->isConflict = false; } } // If sectiontitle is set, use it, otherwise use the summary as the section title (for // backwards compatibility with old forms/bots). if ($this->sectiontitle !== '') { $sectionTitle = $this->sectiontitle; } else { $sectionTitle = $this->summary; } if ($this->isConflict) { wfDebug(__METHOD__ . ": conflict! getting section '{$this->section}' for time '{$this->edittime}' (article time '{$timestamp}')\n"); $text = $this->mArticle->replaceSection($this->section, $this->textbox1, $sectionTitle, $this->edittime); } else { wfDebug(__METHOD__ . ": getting section '{$this->section}'\n"); $text = $this->mArticle->replaceSection($this->section, $this->textbox1, $sectionTitle); } if (is_null($text)) { wfDebug(__METHOD__ . ": activating conflict; section replace failed.\n"); $this->isConflict = true; $text = $this->textbox1; // do not try to merge here! } elseif ($this->isConflict) { # Attempt merge if ($this->mergeChangesInto($text)) { // Successful merge! Maybe we should tell the user the good news? $this->isConflict = false; wfDebug(__METHOD__ . ": Suppressing edit conflict, successful merge.\n"); } else { $this->section = ''; $this->textbox1 = $text; wfDebug(__METHOD__ . ": Keeping edit conflict, failed merge.\n"); } } if ($this->isConflict) { $status->setResult(false, self::AS_CONFLICT_DETECTED); wfProfileOut(__METHOD__); return $status; } // Run post-section-merge edit filter if (!wfRunHooks('EditFilterMerged', array($this, $text, &$this->hookError, $this->summary))) { # Error messages etc. could be handled within the hook... $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__); return $status; } elseif ($this->hookError != '') { # ...or the hook could be expecting us to produce an error $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR_EXPECTED; wfProfileOut(__METHOD__); return $status; } # Handle the user preference to force summaries here, but not for null edits if ($this->section != 'new' && !$this->allowBlankSummary && $this->getOriginalContent() != $text && !Title::newFromRedirect($text)) { if (md5($this->summary) == $this->autoSumm) { $this->missingSummary = true; $status->fatal('missingsummary'); $status->value = self::AS_SUMMARY_NEEDED; wfProfileOut(__METHOD__); return $status; } } # And a similar thing for new sections if ($this->section == 'new' && !$this->allowBlankSummary) { if (trim($this->summary) == '') { $this->missingSummary = true; $status->fatal('missingsummary'); // or 'missingcommentheader' if $section == 'new'. Blegh $status->value = self::AS_SUMMARY_NEEDED; wfProfileOut(__METHOD__); return $status; } } # All's well wfProfileIn(__METHOD__ . '-sectionanchor'); $sectionanchor = ''; if ($this->section == 'new') { if ($this->textbox1 == '') { $this->missingComment = true; $status->fatal('missingcommenttext'); $status->value = self::AS_TEXTBOX_EMPTY; wfProfileOut(__METHOD__ . '-sectionanchor'); wfProfileOut(__METHOD__); return $status; } if ($this->sectiontitle !== '') { $sectionanchor = $wgParser->guessLegacySectionNameFromWikiText($this->sectiontitle); // If no edit summary was specified, create one automatically from the section // title and have it link to the new section. Otherwise, respect the summary as // passed. if ($this->summary === '') { $cleanSectionTitle = $wgParser->stripSectionName($this->sectiontitle); $this->summary = wfMsgForContent('newsectionsummary', $cleanSectionTitle); } } elseif ($this->summary !== '') { $sectionanchor = $wgParser->guessLegacySectionNameFromWikiText($this->summary); # This is a new section, so create a link to the new section # in the revision summary. $cleanSummary = $wgParser->stripSectionName($this->summary); $this->summary = wfMsgForContent('newsectionsummary', $cleanSummary); } } elseif ($this->section != '') { # Try to get a section anchor from the section source, redirect to edited section if header found # XXX: might be better to integrate this into Article::replaceSection # for duplicate heading checking and maybe parsing $hasmatch = preg_match("/^ *([=]{1,6})(.*?)(\\1) *\\n/i", $this->textbox1, $matches); # we can't deal with anchors, includes, html etc in the header for now, # headline would need to be parsed to improve this if ($hasmatch && strlen($matches[2]) > 0) { $sectionanchor = $wgParser->guessLegacySectionNameFromWikiText($matches[2]); } } $result['sectionanchor'] = $sectionanchor; wfProfileOut(__METHOD__ . '-sectionanchor'); // Save errors may fall down to the edit form, but we've now // merged the section into full text. Clear the section field // so that later submission of conflict forms won't try to // replace that into a duplicated mess. $this->textbox1 = $text; $this->section = ''; $status->value = self::AS_SUCCESS_UPDATE; } // Check for length errors again now that the section is merged in $this->kblength = (int) (strlen($text) / 1024); if ($this->kblength > $wgMaxArticleSize) { $this->tooBig = true; $status->setResult(false, self::AS_MAX_ARTICLE_SIZE_EXCEEDED); wfProfileOut(__METHOD__); return $status; } $flags = EDIT_DEFER_UPDATES | EDIT_AUTOSUMMARY | ($new ? EDIT_NEW : EDIT_UPDATE) | ($this->minoredit && !$this->isNew ? EDIT_MINOR : 0) | ($bot ? EDIT_FORCE_BOT : 0); $doEditStatus = $this->mArticle->doEdit($text, $this->summary, $flags); if ($doEditStatus->isOK()) { $result['redirect'] = Title::newFromRedirect($text) !== null; $this->commitWatch(); wfProfileOut(__METHOD__); return $status; } else { $this->isConflict = true; $doEditStatus->value = self::AS_END; // Destroys data doEdit() put in $status->value but who cares wfProfileOut(__METHOD__); return $doEditStatus; } }
/** * Determine if the current user is allowed to view a particular * field of this revision, if it's marked as deleted. This is used * by various classes to avoid duplication. * * @param int $bitfield Current field * @param int $field One of self::DELETED_TEXT = File::DELETED_FILE, * self::DELETED_COMMENT = File::DELETED_COMMENT, * self::DELETED_USER = File::DELETED_USER * @param User|null $user User object to check, or null to use $wgUser * @param Title|null $title A Title object to check for per-page restrictions on, * instead of just plain userrights * @return bool */ public static function userCanBitfield($bitfield, $field, User $user = null, Title $title = null) { if ($bitfield & $field) { // aspect is deleted if ($user === null) { global $wgUser; $user = $wgUser; } if ($bitfield & self::DELETED_RESTRICTED) { $permissions = array('suppressrevision', 'viewsuppressed'); } elseif ($field & self::DELETED_TEXT) { $permissions = array('deletedtext'); } else { $permissions = array('deletedhistory'); } $permissionlist = implode(', ', $permissions); if ($title === null) { wfDebug("Checking for {$permissionlist} due to {$field} match on {$bitfield}\n"); return call_user_func_array(array($user, 'isAllowedAny'), $permissions); } else { $text = $title->getPrefixedText(); wfDebug("Checking for {$permissionlist} on {$text} due to {$field} match on {$bitfield}\n"); foreach ($permissions as $perm) { if ($title->userCan($perm, $user)) { return true; } } return false; } } else { return true; } }
/** * Attempt submission (no UI) * * @param array $result Array to add statuses to, currently with the * possible keys: * - spam (string): Spam string from content if any spam is detected by * matchSpamRegex. * - sectionanchor (string): Section anchor for a section save. * - nullEdit (boolean): Set if doEditContent is OK. True if null edit, * false otherwise. * - redirect (bool): Set if doEditContent is OK. True if resulting * revision is a redirect. * @param bool $bot True if edit is being made under the bot right. * * @return Status Status object, possibly with a message, but always with * one of the AS_* constants in $status->value, * * @todo FIXME: This interface is TERRIBLE, but hard to get rid of due to * various error display idiosyncrasies. There are also lots of cases * where error metadata is set in the object and retrieved later instead * of being returned, e.g. AS_CONTENT_TOO_BIG and * AS_BLOCKED_PAGE_FOR_USER. All that stuff needs to be cleaned up some * time. */ function internalAttemptSave(&$result, $bot = false) { global $wgUser, $wgRequest, $wgParser, $wgMaxArticleSize; $status = Status::newGood(); wfProfileIn(__METHOD__); wfProfileIn(__METHOD__ . '-checks'); if (!wfRunHooks('EditPage::attemptSave', array($this))) { wfDebug("Hook 'EditPage::attemptSave' aborted article saving\n"); $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } $spam = $wgRequest->getText('wpAntispam'); if ($spam !== '') { wfDebugLog('SimpleAntiSpam', $wgUser->getName() . ' editing "' . $this->mTitle->getPrefixedText() . '" submitted bogus field "' . $spam . '"'); $status->fatal('spamprotectionmatch', false); $status->value = self::AS_SPAM_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } try { # Construct Content object $textbox_content = $this->toEditContent($this->textbox1); } catch (MWContentSerializationException $ex) { $status->fatal('content-failed-to-parse', $this->contentModel, $this->contentFormat, $ex->getMessage()); $status->value = self::AS_PARSE_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # Check image redirect if ($this->mTitle->getNamespace() == NS_FILE && $textbox_content->isRedirect() && !$wgUser->isAllowed('upload')) { $code = $wgUser->isAnon() ? self::AS_IMAGE_REDIRECT_ANON : self::AS_IMAGE_REDIRECT_LOGGED; $status->setResult(false, $code); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # Check for spam $match = self::matchSummarySpamRegex($this->summary); if ($match === false && $this->section == 'new') { # $wgSpamRegex is enforced on this new heading/summary because, unlike # regular summaries, it is added to the actual wikitext. if ($this->sectiontitle !== '') { # This branch is taken when the API is used with the 'sectiontitle' parameter. $match = self::matchSpamRegex($this->sectiontitle); } else { # This branch is taken when the "Add Topic" user interface is used, or the API # is used with the 'summary' parameter. $match = self::matchSpamRegex($this->summary); } } if ($match === false) { $match = self::matchSpamRegex($this->textbox1); } if ($match !== false) { $result['spam'] = $match; $ip = $wgRequest->getIP(); $pdbk = $this->mTitle->getPrefixedDBkey(); $match = str_replace("\n", '', $match); wfDebugLog('SpamRegex', "{$ip} spam regex hit [[{$pdbk}]]: \"{$match}\""); $status->fatal('spamprotectionmatch', $match); $status->value = self::AS_SPAM_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if (!wfRunHooks('EditFilter', array($this, $this->textbox1, $this->section, &$this->hookError, $this->summary))) { # Error messages etc. could be handled within the hook... $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } elseif ($this->hookError != '') { # ...or the hook could be expecting us to produce an error $status->fatal('hookaborted'); $status->value = self::AS_HOOK_ERROR_EXPECTED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if ($wgUser->isBlockedFrom($this->mTitle, false)) { // Auto-block user's IP if the account was "hard" blocked $wgUser->spreadAnyEditBlock(); # Check block state against master, thus 'false'. $status->setResult(false, self::AS_BLOCKED_PAGE_FOR_USER); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } $this->kblength = (int) (strlen($this->textbox1) / 1024); if ($this->kblength > $wgMaxArticleSize) { // Error will be displayed by showEditForm() $this->tooBig = true; $status->setResult(false, self::AS_CONTENT_TOO_BIG); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if (!$wgUser->isAllowed('edit')) { if ($wgUser->isAnon()) { $status->setResult(false, self::AS_READ_ONLY_PAGE_ANON); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } else { $status->fatal('readonlytext'); $status->value = self::AS_READ_ONLY_PAGE_LOGGED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } } if ($this->contentModel !== $this->mTitle->getContentModel() && !$wgUser->isAllowed('editcontentmodel')) { $status->setResult(false, self::AS_NO_CHANGE_CONTENT_MODEL); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if (wfReadOnly()) { $status->fatal('readonlytext'); $status->value = self::AS_READ_ONLY_PAGE; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } if ($wgUser->pingLimiter() || $wgUser->pingLimiter('linkpurge', 0)) { $status->fatal('actionthrottledtext'); $status->value = self::AS_RATE_LIMITED; wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } # If the article has been deleted while editing, don't save it without # confirmation if ($this->wasDeletedSinceLastEdit() && !$this->recreate) { $status->setResult(false, self::AS_ARTICLE_WAS_DELETED); wfProfileOut(__METHOD__ . '-checks'); wfProfileOut(__METHOD__); return $status; } wfProfileOut(__METHOD__ . '-checks'); # Load the page data from the master. If anything changes in the meantime, # we detect it by using page_latest like a token in a 1 try compare-and-swap. $this->mArticle->loadPageData('fromdbmaster'); $new = !$this->mArticle->exists(); if ($new) { // Late check for create permission, just in case *PARANOIA* if (!$this->mTitle->userCan('create', $wgUser)) { $status->fatal('nocreatetext'); $status->value = self::AS_NO_CREATE_PERMISSION; wfDebug(__METHOD__ . ": no create permission\n"); wfProfileOut(__METHOD__); return $status; } // Don't save a new page if it's blank or if it's a MediaWiki: // message with content equivalent to default (allow empty pages // in this case to disable messages, see bug 50124) $defaultMessageText = $this->mTitle->getDefaultMessageText(); if ($this->mTitle->getNamespace() === NS_MEDIAWIKI && $defaultMessageText !== false) { $defaultText = $defaultMessageText; } else { $defaultText = ''; } if (!$this->allowBlankArticle && $this->textbox1 === $defaultText) { $this->blankArticle = true; $status->fatal('blankarticle'); $status->setResult(false, self::AS_BLANK_ARTICLE); wfProfileOut(__METHOD__); return $status; } if (!$this->runPostMergeFilters($textbox_content, $status, $wgUser)) { wfProfileOut(__METHOD__); return $status; } $content = $textbox_content; $result['sectionanchor'] = ''; if ($this->section == 'new') { if ($this->sectiontitle !== '') { // Insert the section title above the content. $content = $content->addSectionHeader($this->sectiontitle); } elseif ($this->summary !== '') { // Insert the section title above the content. $content = $content->addSectionHeader($this->summary); } $this->summary = $this->newSectionSummary($result['sectionanchor']); } $status->value = self::AS_SUCCESS_NEW_ARTICLE; } else { # not $new # Article exists. Check for edit conflict. $this->mArticle->clear(); # Force reload of dates, etc. $timestamp = $this->mArticle->getTimestamp(); wfDebug("timestamp: {$timestamp}, edittime: {$this->edittime}\n"); if ($timestamp != $this->edittime) { $this->isConflict = true; if ($this->section == 'new') { if ($this->mArticle->getUserText() == $wgUser->getName() && $this->mArticle->getComment() == $this->newSectionSummary()) { // Probably a duplicate submission of a new comment. // This can happen when squid resends a request after // a timeout but the first one actually went through. wfDebug(__METHOD__ . ": duplicate new section submission; trigger edit conflict!\n"); } else { // New comment; suppress conflict. $this->isConflict = false; wfDebug(__METHOD__ . ": conflict suppressed; new section\n"); } } elseif ($this->section == '' && Revision::userWasLastToEdit(DB_MASTER, $this->mTitle->getArticleID(), $wgUser->getId(), $this->edittime)) { # Suppress edit conflict with self, except for section edits where merging is required. wfDebug(__METHOD__ . ": Suppressing edit conflict, same user.\n"); $this->isConflict = false; } } // If sectiontitle is set, use it, otherwise use the summary as the section title. if ($this->sectiontitle !== '') { $sectionTitle = $this->sectiontitle; } else { $sectionTitle = $this->summary; } $content = null; if ($this->isConflict) { wfDebug(__METHOD__ . ": conflict! getting section '{$this->section}' for time '{$this->edittime}'" . " (article time '{$timestamp}')\n"); $content = $this->mArticle->replaceSectionContent($this->section, $textbox_content, $sectionTitle, $this->edittime); } else { wfDebug(__METHOD__ . ": getting section '{$this->section}'\n"); $content = $this->mArticle->replaceSectionContent($this->section, $textbox_content, $sectionTitle); } if (is_null($content)) { wfDebug(__METHOD__ . ": activating conflict; section replace failed.\n"); $this->isConflict = true; $content = $textbox_content; // do not try to merge here! } elseif ($this->isConflict) { # Attempt merge if ($this->mergeChangesIntoContent($content)) { // Successful merge! Maybe we should tell the user the good news? $this->isConflict = false; wfDebug(__METHOD__ . ": Suppressing edit conflict, successful merge.\n"); } else { $this->section = ''; $this->textbox1 = ContentHandler::getContentText($content); wfDebug(__METHOD__ . ": Keeping edit conflict, failed merge.\n"); } } if ($this->isConflict) { $status->setResult(false, self::AS_CONFLICT_DETECTED); wfProfileOut(__METHOD__); return $status; } if (!$this->runPostMergeFilters($content, $status, $wgUser)) { wfProfileOut(__METHOD__); return $status; } if ($this->section == 'new') { // Handle the user preference to force summaries here if (!$this->allowBlankSummary && trim($this->summary) == '') { $this->missingSummary = true; $status->fatal('missingsummary'); // or 'missingcommentheader' if $section == 'new'. Blegh $status->value = self::AS_SUMMARY_NEEDED; wfProfileOut(__METHOD__); return $status; } // Do not allow the user to post an empty comment if ($this->textbox1 == '') { $this->missingComment = true; $status->fatal('missingcommenttext'); $status->value = self::AS_TEXTBOX_EMPTY; wfProfileOut(__METHOD__); return $status; } } elseif (!$this->allowBlankSummary && !$content->equals($this->getOriginalContent($wgUser)) && !$content->isRedirect() && md5($this->summary) == $this->autoSumm) { $this->missingSummary = true; $status->fatal('missingsummary'); $status->value = self::AS_SUMMARY_NEEDED; wfProfileOut(__METHOD__); return $status; } # All's well wfProfileIn(__METHOD__ . '-sectionanchor'); $sectionanchor = ''; if ($this->section == 'new') { $this->summary = $this->newSectionSummary($sectionanchor); } elseif ($this->section != '') { # Try to get a section anchor from the section source, redirect # to edited section if header found. # XXX: Might be better to integrate this into Article::replaceSection # for duplicate heading checking and maybe parsing. $hasmatch = preg_match("/^ *([=]{1,6})(.*?)(\\1) *\\n/i", $this->textbox1, $matches); # We can't deal with anchors, includes, html etc in the header for now, # headline would need to be parsed to improve this. if ($hasmatch && strlen($matches[2]) > 0) { $sectionanchor = $wgParser->guessLegacySectionNameFromWikiText($matches[2]); } } $result['sectionanchor'] = $sectionanchor; wfProfileOut(__METHOD__ . '-sectionanchor'); // Save errors may fall down to the edit form, but we've now // merged the section into full text. Clear the section field // so that later submission of conflict forms won't try to // replace that into a duplicated mess. $this->textbox1 = $this->toEditText($content); $this->section = ''; $status->value = self::AS_SUCCESS_UPDATE; } // Check for length errors again now that the section is merged in $this->kblength = (int) (strlen($this->toEditText($content)) / 1024); if ($this->kblength > $wgMaxArticleSize) { $this->tooBig = true; $status->setResult(false, self::AS_MAX_ARTICLE_SIZE_EXCEEDED); wfProfileOut(__METHOD__); return $status; } $flags = EDIT_DEFER_UPDATES | EDIT_AUTOSUMMARY | ($new ? EDIT_NEW : EDIT_UPDATE) | ($this->minoredit && !$this->isNew ? EDIT_MINOR : 0) | ($bot ? EDIT_FORCE_BOT : 0); $doEditStatus = $this->mArticle->doEditContent($content, $this->summary, $flags, false, null, $content->getDefaultFormat()); if (!$doEditStatus->isOK()) { // Failure from doEdit() // Show the edit conflict page for certain recognized errors from doEdit(), // but don't show it for errors from extension hooks $errors = $doEditStatus->getErrorsArray(); if (in_array($errors[0][0], array('edit-gone-missing', 'edit-conflict', 'edit-already-exists'))) { $this->isConflict = true; // Destroys data doEdit() put in $status->value but who cares $doEditStatus->value = self::AS_END; } wfProfileOut(__METHOD__); return $doEditStatus; } $result['nullEdit'] = $doEditStatus->hasMessage('edit-no-change'); if ($result['nullEdit']) { // We don't know if it was a null edit until now, so increment here $wgUser->pingLimiter('linkpurge'); } $result['redirect'] = $content->isRedirect(); $this->updateWatchlist(); wfProfileOut(__METHOD__); return $status; }
/** * @param $iscur * @param $file File * @return string */ public function imageHistoryLine($iscur, $file) { global $wgUser, $wgLang, $wgContLang; $timestamp = wfTimestamp(TS_MW, $file->getTimestamp()); $img = $iscur ? $file->getName() : $file->getArchiveName(); $user = $file->getUser('id'); $usertext = $file->getUser('text'); $description = $file->getDescription(); $local = $this->current->isLocal(); $row = $selected = ''; // Deletion link if ($local && $wgUser->isAllowedAny('delete', 'deletedhistory')) { $row .= '<td>'; # Link to remove from history if ($wgUser->isAllowed('delete')) { $q = array('action' => 'delete'); if (!$iscur) { $q['oldimage'] = $img; } $row .= Linker::link($this->title, wfMsgHtml($iscur ? 'filehist-deleteall' : 'filehist-deleteone'), array(), $q, array('known')); } # Link to hide content. Don't show useless link to people who cannot hide revisions. $canHide = $wgUser->isAllowed('deleterevision'); if ($canHide || $wgUser->isAllowed('deletedhistory') && $file->getVisibility()) { if ($wgUser->isAllowed('delete')) { $row .= '<br />'; } // If file is top revision or locked from this user, don't link if ($iscur || !$file->userCan(File::DELETED_RESTRICTED)) { $del = Linker::revDeleteLinkDisabled($canHide); } else { list($ts, $name) = explode('!', $img, 2); $query = array('type' => 'oldimage', 'target' => $this->title->getPrefixedText(), 'ids' => $ts); $del = Linker::revDeleteLink($query, $file->isDeleted(File::DELETED_RESTRICTED), $canHide); } $row .= $del; } $row .= '</td>'; } // Reversion link/current indicator $row .= '<td>'; if ($iscur) { $row .= wfMsgHtml('filehist-current'); } elseif ($local && $wgUser->isLoggedIn() && $this->title->userCan('edit')) { if ($file->isDeleted(File::DELETED_FILE)) { $row .= wfMsgHtml('filehist-revert'); } else { $row .= Linker::link($this->title, wfMsgHtml('filehist-revert'), array(), array('action' => 'revert', 'oldimage' => $img, 'wpEditToken' => $wgUser->getEditToken($img)), array('known', 'noclasses')); } } $row .= '</td>'; // Date/time and image link if ($file->getTimestamp() === $this->img->getTimestamp()) { $selected = "class='filehistory-selected'"; } $row .= "<td {$selected} style='white-space: nowrap;'>"; if (!$file->userCan(File::DELETED_FILE)) { # Don't link to unviewable files $row .= '<span class="history-deleted">' . $wgLang->timeanddate($timestamp, true) . '</span>'; } elseif ($file->isDeleted(File::DELETED_FILE)) { if ($local) { $this->preventClickjacking(); $revdel = SpecialPage::getTitleFor('Revisiondelete'); # Make a link to review the image $url = Linker::link($revdel, $wgLang->timeanddate($timestamp, true), array(), array('target' => $this->title->getPrefixedText(), 'file' => $img, 'token' => $wgUser->getEditToken($img)), array('known', 'noclasses')); } else { $url = $wgLang->timeanddate($timestamp, true); } $row .= '<span class="history-deleted">' . $url . '</span>'; } else { $url = $iscur ? $this->current->getUrl() : $this->current->getArchiveUrl($img); $row .= Xml::element('a', array('href' => $url), $wgLang->timeanddate($timestamp, true)); } $row .= "</td>"; // Thumbnail if ($this->showThumb) { $row .= '<td>' . $this->getThumbForLine($file) . '</td>'; } // Image dimensions + size $row .= '<td>'; $row .= htmlspecialchars($file->getDimensionsString()); $row .= ' <span style="white-space: nowrap;">(' . Linker::formatSize($file->getSize()) . ')</span>'; $row .= '</td>'; // Uploading user $row .= '<td>'; // Hide deleted usernames if ($file->isDeleted(File::DELETED_USER)) { $row .= '<span class="history-deleted">' . wfMsgHtml('rev-deleted-user') . '</span>'; } else { if ($local) { $row .= Linker::userLink($user, $usertext) . ' <span style="white-space: nowrap;">' . Linker::userToolLinks($user, $usertext) . '</span>'; } else { $row .= htmlspecialchars($usertext); } } $row .= '</td>'; // Don't show deleted descriptions if ($file->isDeleted(File::DELETED_COMMENT)) { $row .= '<td><span class="history-deleted">' . wfMsgHtml('rev-deleted-comment') . '</span></td>'; } else { $row .= '<td dir="' . $wgContLang->getDir() . '">' . Linker::formatComment($description, $this->title) . '</td>'; } $rowClass = null; wfRunHooks('ImagePageFileHistoryLine', array($this, $file, &$row, &$rowClass)); $classAttr = $rowClass ? " class='{$rowClass}'" : ''; return "<tr{$classAttr}>{$row}</tr>\n"; }
/** * Should the editor links trigger on this page? * * @param Title $title * @return boolean */ private static function trigger($title) { return $title && $title->getNamespace() == NS_FILE && $title->userCan('edit') && $title->userCan('upload') && preg_match('/\\.popcorn$/', $title->getText()); }
/** * Helper function for getParsedcontent for making subpage section headers * @param $contentItem array of data for the content item we're generating the header for * @return string html (NOTE THIS IS AN OPEN DIV) */ protected function makeHeader(Title $title, array $contentItem) { global $wgParser; static $tocLinks = []; // All used ids for the sections for the toc $linkRenderer = $wgParser->getLinkRenderer(); $spTitle = Title::newFromText($contentItem['title']); $spRev = Revision::newFromTitle($spTitle); // Get display name if (isset($contentItem['displayTitle'])) { $spPage = $contentItem['displayTitle']; } else { $spPage = $spTitle->getSubpageText(); } // Generate an id for the section for anchors // Make sure this matches the ToC anchor generation $spPageLink = Sanitizer::escapeId(htmlspecialchars($spPage)); $spPageLink2 = $spPageLink; $spPageLinkCounter = 1; while (in_array($spPageLink2, $tocLinks)) { $spPageLink2 = $spPageLink . $spPageLinkCounter; $spPageLinkCounter++; } $tocLinks[] = $spPageLink2; // Get editsection-style links for the subpage $sectionLinks = []; $sectionLinksText = ''; if (isset($spRev)) { $sectionLinks['viewLink'] = $linkRenderer->makeLink($spTitle, wfMessage('collaborationkit-hub-subpage-view')->inContentLanguage()->text()); } if ($spTitle->userCan('edit')) { if (isset($spRev)) { $linkString = 'edit'; // TODO get appropriate edit link if it's something weird $sectionLinks['edit'] = $linkRenderer->makeLink($spTitle, wfMessage($linkString)->inContentLanguage()->text(), [], ['action' => 'edit']); } else { $linkString = 'create'; $sectionLinks['edit'] = $linkRenderer->makeLink(SpecialPage::getTitleFor('CreateHubFeature'), wfMessage($linkString)->inContentLanguage()->text(), [], ['collaborationhub' => $title->getPrefixedDBKey(), 'feature' => $spTitle->getSubpageText()]); } } if ($title->userCan('edit')) { $sectionLinks['removeLink'] = $linkRenderer->makeLink($title, wfMessage('collaborationkit-hub-subpage-remove')->inContentLanguage()->text(), [], ['action' => 'edit']); } foreach ($sectionLinks as $sectionLink) { $sectionLinksText .= $this->makeEditSectionLink($sectionLink); } $sectionLinksText = Html::rawElement('span', ['class' => 'mw-editsection'], $sectionLinksText); // Assemble header // Open general section here since we have the id here $html = Html::openElement('div', ['class' => 'mw-ck-hub-section', 'id' => $spPageLink2]); $html .= Html::rawElement('h2', [], Html::element('span', ['class' => 'mw-headline'], $spPage) . $sectionLinksText); OutputPage::setupOOUI(); return $html; }
/** * Encapsulated permission check. * @param User $oCurrentUser The requested MediaWiki User. * @param Title $oCurrentTitle The MediaWiki Title to check against. * @return boolean Wether the user is allowed to change responsibility or not. */ public function userIsAllowedToChangeResponsibility($oCurrentUser, $oCurrentTitle) { //Check users permissions and/or if he is assigned as a responsible editor $bUserIsAllowedToChangeResponsiblity = false; $aResponsibleEditorIds = $this->getResponsibleEditorIdsByArticleId($oCurrentTitle->getArticleId()); if ($oCurrentTitle->userCan('responsibleeditors-changeresponsibility') === true) { $bUserIsAllowedToChangeResponsiblity = true; } else { if (BsConfig::get('MW::ResponsibleEditors::ResponsibleEditorMayChangeAssignment') && in_array($oCurrentUser->getId(), $aResponsibleEditorIds)) { $bUserIsAllowedToChangeResponsiblity = true; } } return $bUserIsAllowedToChangeResponsiblity; }
/** * Should the editor links trigger on this page? * * @param Title $title * @return boolean */ private static function trigger( $title ) { return $title && $title->getNamespace() == NS_FILE && $title->userCan( 'edit' ) && $title->userCan( 'upload' ); }