/** * Renders the blog. Called by parser function for bs:blog tag and also from Blog::onUnknownAction. * @param string $input Inner HTML of bs:blog tag. Not used. * @param array $args List of tag attributes. * @param Parser $parser MediaWiki parser object * @return string HTML output that is to be displayed. */ public function onBlog($input, $args, $parser) { $oTitle = null; if ($parser instanceof Parser) { $oTitle = $parser->getTitle(); $parser->disableCache(); } else { $oTitle = $this->getTitle(); } $sKey = BsCacheHelper::getCacheKey('BlueSpice', 'Blog', $oTitle->getArticleID()); $aData = BsCacheHelper::get($sKey); if ($aData !== false) { return $aData; } // initialize local variables $oErrorListView = new ViewTagErrorList($this); BsExtensionManager::setContext('MW::Blog::ShowBlog'); // get all config options $iShowLimit = BsConfig::get('MW::Blog::ShowLimit'); //$blogShowTrackback = BsConfig::get('MW::Blog::ShowTrackback'); // see comment below $bShowPermalink = BsConfig::get('MW::Blog::ShowPermalink'); $bShowInfo = BsConfig::get('MW::Blog::ShowInfo'); $sSortBy = BsConfig::get('MW::Blog::SortBy'); $bMoreInNewWindow = BsConfig::get('MW::Blog::MoreInNewWindow'); $bShowAll = BsConfig::get('MW::Blog::ShowAll'); $bMoreAtEndOfEntry = BsConfig::get('MW::Blog::MoreAtEndOfEntry'); $bShowNewEntryField = BsConfig::get('MW::Blog::ShowNewEntryField'); $bNewEntryFieldPosition = BsConfig::get('MW::Blog::NewEntryFieldPosition'); $sImageRenderMode = BsConfig::get('MW::Blog::ImageRenderMode'); $sImageFloatDirection = BsConfig::get('MW::Blog::ThumbFloatDirection'); $iMaxEntryCharacters = BsConfig::get('MW::Blog::MaxEntryCharacters'); // Trackbacks are not supported the way we intend it to be. From http://www.mediawiki.org/wiki/Manual:$wgUseTrackbacks // When MediaWiki receives a trackback ping, a box will show up at the bottom of the article containing a link to the originating page //if (!$wgUseTrackbacks) $bShowTrackback = false; // get tag attributes $argsIShowLimit = BsCore::sanitizeArrayEntry($args, 'count', $iShowLimit, BsPARAMTYPE::NUMERIC | BsPARAMOPTION::DEFAULT_ON_ERROR); $argsSCategory = BsCore::sanitizeArrayEntry($args, 'cat', false, BsPARAMTYPE::STRING); $argsINamespace = BsNamespaceHelper::getNamespaceIndex(BsCore::sanitizeArrayEntry($args, 'ns', NS_BLOG, BsPARAMTYPE::STRING)); $argsBNewEntryField = BsCore::sanitizeArrayEntry($args, 'newentryfield', $bShowNewEntryField, BsPARAMTYPE::BOOL); $argsSNewEntryFieldPosition = BsCore::sanitizeArrayEntry($args, 'newentryfieldposition', $bNewEntryFieldPosition, BsPARAMTYPE::STRING); $argsSImageRenderMode = BsCore::sanitizeArrayEntry($args, 'imagerendermode', $sImageRenderMode, BsPARAMTYPE::STRING); $argsSImageFloatDirection = BsCore::sanitizeArrayEntry($args, 'imagefloatdirection', $sImageFloatDirection, BsPARAMTYPE::STRING); $argsIMaxEntryCharacters = BsCore::sanitizeArrayEntry($args, 'maxchars', $iMaxEntryCharacters, BsPARAMTYPE::INT); $argsSSortBy = BsCore::sanitizeArrayEntry($args, 'sort', $sSortBy, BsPARAMTYPE::STRING); $argsBShowInfo = BsCore::sanitizeArrayEntry($args, 'showinfo', $bShowInfo, BsPARAMTYPE::BOOL); $argsBMoreInNewWindow = BsCore::sanitizeArrayEntry($args, 'moreinnewwindow', $bMoreInNewWindow, BsPARAMTYPE::BOOL); $argsBShowPermalink = BsCore::sanitizeArrayEntry($args, 'showpermalink', $bShowPermalink, BsPARAMTYPE::BOOL); $argsModeNamespace = BsCore::sanitizeArrayEntry($args, 'mode', null, BsPARAMTYPE::STRING); if ($argsModeNamespace === 'ns' && is_object($oTitle)) { $argsINamespace = $oTitle->getNamespace(); } // validate tag attributes $validateIShowLimit = BsValidator::isValid('ArgCount', $argsIShowLimit, array('fullResponse' => true)); if ($validateIShowLimit->getErrorCode()) { $oErrorListView->addItem(new ViewTagError($validateIShowLimit->getI18N())); } if ($argsSCategory) { $validateSCategory = BsValidator::isValid('Category', $argsSCategory, array('fullResponse' => true)); if ($validateSCategory->getErrorCode()) { $oErrorListView->addItem(new ViewTagError($validateSCategory->getI18N())); } } $oValidationResult = BsValidator::isValid('SetItem', $argsSImageRenderMode, array('fullResponse' => true, 'setname' => 'imagerendermode', 'set' => array('full', 'thumb', 'none'))); if ($oValidationResult->getErrorCode()) { $oErrorListView->addItem(new ViewTagError($oValidationResult->getI18N())); } $oValidationResult = BsValidator::isValid('SetItem', $argsSImageFloatDirection, array('fullResponse' => true, 'setname' => 'imagefloatdirection', 'set' => array('left', 'right', 'none'))); if ($oValidationResult->getErrorCode()) { $oErrorListView->addItem(new ViewTagError($oValidationResult->getI18N())); } $oValidationResult = BsValidator::isValid('SetItem', $argsSSortBy, array('fullResponse' => true, 'setname' => 'sort', 'set' => array('title', 'creation'))); if ($oValidationResult->getErrorCode()) { $oErrorListView->addItem(new ViewTagError($oValidationResult->getI18N())); } // if there are errors, abort with a message if ($oErrorListView->hasEntries()) { return $oErrorListView->execute(); } if (BsConfig::get('MW::Blog::ShowTagFormWhenNotLoggedIn') != true) { $oPermissionTest = Title::newFromText('PermissionTest', $argsINamespace); if (!$oPermissionTest->userCan('edit')) { $argsBNewEntryField = false; } } // get array of article ids from Blog/subpages $oBlogTitle = Title::makeTitleSafe($oTitle->getNamespace(), 'Blog'); $aSubpages = $oBlogTitle->getSubpages(); $iLimit = 0; // for later use $aArticleIds = array(); foreach ($aSubpages as $oSubpage) { $aArticleIds[] = $oSubpage->getArticleID(); $iLimit++; // for later use } if (count($aArticleIds) < 1) { $aArticleIds = 0; } $aTables = array('page'); $aFields = array('entry_page_id' => 'page_id'); $aConditions = array(); $aOptions = array(); $aJoins = array(); $dbr = wfGetDB(DB_SLAVE); // get blog entries if ($argsSSortBy == 'title') { $aOptions['ORDER BY'] = 'page_title ASC'; } else { //Creation: Also fetch possible custom timestamps from page_props table $aOptions['ORDER BY'] = 'entry_timestamp DESC'; $aOptions['GROUP BY'] = 'page_id'; global $wgDBtype; switch ($wgDBtype) { case 'oracle': $aFields['entry_timestamp'] = "NVL( pp_value, rev_timestamp )"; $aConditions[] = "NVL( pp_value, rev_timestamp ) < " . wfTimestampNow(); break; case 'mssql': $aFields['entry_timestamp'] = "ISNULL( pp_value, rev_timestamp )"; $aConditions[] = "ISNULL( pp_value, rev_timestamp ) < " . wfTimestampNow(); break; case 'postgres': $aFields['entry_timestamp'] = "NULLIF( pp_value, rev_timestamp )"; $aConditions[] = "NULLIF( pp_value, rev_timestamp ) < " . wfTimestampNow(); break; default: //MySQL, SQLite //use pp_value if exists $aFields['entry_timestamp'] = "IFNULL( pp_value, rev_timestamp )"; //also do not list future entries $aConditions[] = "IFNULL( pp_value, rev_timestamp ) < " . wfTimestampNow(); } $aTables[] = 'revision'; $aTables[] = 'page_props'; $aConditions[] = 'rev_page = page_id'; $aJoins['page_props'] = array('LEFT JOIN', "pp_page = rev_page AND pp_propname = 'blogtime'"); } if ($argsSCategory) { $aTables[] = 'categorylinks'; $aConditions['cl_to'] = $argsSCategory; $aConditions[] = 'cl_from = page_id'; } else { if ($argsModeNamespace === 'ns') { $aConditions['page_id'] = $aArticleIds; } $aConditions['page_namespace'] = $argsINamespace; } $res = $dbr->select($aTables, $aFields, $aConditions, __METHOD__, $aOptions, $aJoins); $iNumberOfEntries = $dbr->numRows($res); $iLimit = $iNumberOfEntries; //All // Sole importance is the existence of param 'showall' $paramBShowAll = $this->getRequest()->getFuzzyBool('showall', false); if ($paramBShowAll == false) { $iLimit = $argsIShowLimit; } // abort if there are no entries if ($iNumberOfEntries < 1) { $oBlogView = new ViewBlog(); $oBlogView->setOption('shownewentryfield', $argsBNewEntryField); $oBlogView->setOption('newentryfieldposition', $argsSNewEntryFieldPosition); $oBlogView->setOption('namespace', BsNamespaceHelper::getNamespaceName($argsINamespace)); if ($argsSCategory) { $oBlogView->setOption('blogcat', $argsSCategory); } // actually create blog output $sOut = $oBlogView->execute(); $sOut .= wfMessage('bs-blog-no-entries')->plain(); return $sOut; } $oBlogView = new ViewBlog(); // prepare views per blog item $iLoop = 0; foreach ($res as $row) { // prepare data for view class $oEntryTitle = Title::newFromID($row->entry_page_id); if (!$oEntryTitle->userCan('read')) { $iNumberOfEntries--; continue; } $bMore = false; $aContent = preg_split('#<(bs:blog:)?more */>#', BsPageContentProvider::getInstance()->getContentFromTitle($oEntryTitle)); if (sizeof($aContent) > 1) { $bMore = true; } $aContent = trim($aContent[0]); // Prevent recursive rendering of blog tag $aContent = preg_replace('/<(bs:)blog[^>]*?>/', '', $aContent); // Thumbnail images $sNamespaceRegEx = implode('|', BsNamespaceHelper::getNamespaceNamesAndAliases(NS_IMAGE)); switch ($argsSImageRenderMode) { case 'none': $aContent = preg_replace('/(\\[\\[(' . $sNamespaceRegEx . '):[^\\|\\]]*)(\\|)?(.*?)(\\]\\])/', '', $aContent); break; case 'full': // do nothing break; case 'thumb': default: $aContent = preg_replace('/(\\[\\[(' . $sNamespaceRegEx . '):[^\\|\\]]*)(\\|)?(.*?)(\\]\\])/', "\$1|thumb|{$argsSImageFloatDirection}\$3\$4|150px\$5", $aContent); break; } if (strlen($aContent) > $argsIMaxEntryCharacters) { $bMore = true; } $aContent = BsStringHelper::shorten($aContent, array('max-length' => $argsIMaxEntryCharacters, 'ignore-word-borders' => false, 'position' => 'end')); $resComment = $dbr->selectRow('revision', 'COUNT( rev_id ) AS cnt', array('rev_page' => $oEntryTitle->getTalkPage()->getArticleID())); $iCount = $resComment->cnt; // set data for view class $oBlogItemView = new ViewBlogItem(); // use magic set $oBlogItemView->setOption('showInfo', $argsBShowInfo); $oBlogItemView->setOption('showLimit', $argsIShowLimit); $oBlogItemView->setOption('showTrackback', $bShowTrackback); $oBlogItemView->setOption('showPermalink', $argsBShowPermalink); $oBlogItemView->setOption('moreInNewWindow', $argsBMoreInNewWindow); $oBlogItemView->setOption('showAll', $bShowAll); $oBlogItemView->setOption('moreAtEndOfEntry', $bMoreAtEndOfEntry); $oBlogItemView->setOption('more', $bMore); //TODO: magic_call? if ($argsModeNamespace === 'ns') { $sTitle = substr($oEntryTitle->getText(), 5); } else { $sTitle = $oEntryTitle->getText(); } $aTalkParams = array(); if (!$oEntryTitle->getTalkPage()->exists()) { $aTalkParams = array('action' => 'edit'); } $oRevision = Revision::newFromTitle($oEntryTitle); $oBlogItemView->setTitle($sTitle); $oBlogItemView->setRevId($oRevision->getId()); $oBlogItemView->setURL($oEntryTitle->getLocalURL()); $oBlogItemView->setTalkURL($oEntryTitle->getTalkPage()->getLocalURL($aTalkParams)); $oBlogItemView->setTalkCount($iCount); $oBlogItemView->setTrackbackUrl($oEntryTitle->getLocalURL()); if ($bShowInfo) { $oFirstRevision = $oEntryTitle->getFirstRevision(); $sTimestamp = $oFirstRevision->getTimestamp(); $sLocalDateTimeString = BsFormatConverter::timestampToAgeString(wfTimestamp(TS_UNIX, $sTimestamp)); $oBlogItemView->setEntryDate($sLocalDateTimeString); $iUserId = $oFirstRevision->getUser(); if ($iUserId != 0) { $oAuthorUser = User::newFromId($iUserId); $oBlogItemView->setAuthorPage($oAuthorUser->getUserPage()->getPrefixedText()); $oBlogItemView->setAuthorName($this->mCore->getUserDisplayName($oAuthorUser)); } else { $oBlogItemView->setAuthorName($oFirstRevision->getUserText()); } } $oBlogItemView->setContent($aContent); $oBlogView->addItem($oBlogItemView); $iLoop++; if ($iLoop >= $iLimit) { break; } } $dbr->freeResult($res); // prepare complete blog output if ($bShowAll && !$paramBShowAll && $iNumberOfEntries > $argsIShowLimit) { $oBlogView->setOption('showall', true); } $oBlogView->setOption('shownewentryfield', $argsBNewEntryField); $oBlogView->setOption('newentryfieldposition', $argsSNewEntryFieldPosition); $oBlogView->setOption('namespace', BsNamespaceHelper::getNamespaceName($argsINamespace, false)); $oBlogView->setOption('blogcat', $argsSCategory); if ($argsModeNamespace === 'ns') { $oBlogView->setOption('parentpage', 'Blog/'); } // actually create blog output $sOut = $oBlogView->execute(); //Use cache only in NS_BLOG - there is curently no functionality to //figure out in what type of blog tag a entry is showen and why //(coditions). Possible blog by categories or subpages... //Needs rework. if (in_array($oTitle->getNamespace(), array(NS_BLOG, NS_BLOG_TALK))) { $aKey = array($sKey); $sTagsKey = BsCacheHelper::getCacheKey('BlueSpice', 'Blog', 'Tags'); $aTagsData = BsCacheHelper::get($sTagsKey); if ($aTagsData !== false) { if (!in_array($sKey, $aTagsData)) { $aTagsData = array_merge($aTagsData, $aKey); } } else { $aTagsData = $aKey; } BsCacheHelper::set($sTagsKey, $aTagsData, 60 * 1440); // one day BsCacheHelper::set($sKey, $sOut, 60 * 1440); // one day } return $sOut; }
/** * Send file via HTTP. */ public static function getFile() { global $wgUploadDirectory; $sRawFilePath = RequestContext::getMain()->getRequest()->getVal('f'); // Some extensions (e.g. Social Profile) add params with ? to filename $aRawFilePathPcs = preg_split("/\\?.*=/", $sRawFilePath); $sRawFilePath = $aRawFilePathPcs[0]; $sUploadDirectory = realpath($wgUploadDirectory); if (empty($sUploadDirectory)) { throw new MWException('$wgUploadDirectory is empty. This should never happen!'); } // Switch between f=File:Foo.png and f=/3/33/Foo.png style requests $aFileNamespaceNames = BsNamespaceHelper::getNamespaceNamesAndAliases(NS_FILE); if (preg_match('#^(.*?):(.*)$#', $sRawFilePath, $aMatch) && in_array($aMatch[1], $aFileNamespaceNames)) { $oTitle = Title::newFromText($aMatch[2], NS_FILE); $oImg = wfLocalFile($oTitle); if (!is_null($oImg)) { $oImgRepoLocalRef = $oImg->getRepo()->getLocalReference($oImg->getPath()); if (!is_null($oImgRepoLocalRef)) { $sFilePath = realpath($oImgRepoLocalRef->getPath()); } } } else { $sFilePath = realpath($sUploadDirectory . $sRawFilePath); } $aPathParts = pathinfo($sFilePath); $sFileName = $aPathParts['basename']; $sFileExt = isset($aPathParts['extension']) ? strtolower($aPathParts['extension']) : ''; if (strpos($sFilePath, $sUploadDirectory) !== 0 || preg_match('/^\\.ht/', $sFileName) || empty($sFilePath) || !is_file($sFilePath) || !is_readable($sFilePath)) { header('HTTP/1.0 404 Not Found'); exit; } // At this point we have a valid and readable file path in $sFilePath. // Now create a File object to get some properties if (strstr($sFilePath, 'thumb')) { $sFindFileName = preg_replace("#(\\d*px-)#", '', $sFileName); } else { $sFindFileName = $sFileName; } $aOptions = array('time' => false); //TODO: maybe check for "/archive" in $sFilePath, too. But this migth be a config setting, so do not hardcode $isArchive = preg_match('#^\\d{14}!#si', $sFindFileName); //i.e. "20120724112914!Adobe-reader-x-tco-de.pdf" if ($isArchive) { $aFilenameParts = explode('!', $sFindFileName, 2); $sFindFileName = $aFilenameParts[1]; $aOptions['time'] = $aFilenameParts[0]; } $oFile = RepoGroup::singleton()->findFile($sFindFileName, $aOptions); // We need to do some additional checks if file extension is not on whitelist if (!in_array($sFileExt, BsConfig::get('MW::SecureFileStore::FileExtensionWhitelist'))) { // Check for MediaWiki right 'viewfiles' global $wgUser; if (!$wgUser->isAllowed('viewfiles')) { header('HTTP/1.0 403 Forbidden'); exit; } // Check if user has access to file's meta page if ($oFile) { if (!$oFile->getTitle()->userCan('read')) { header('HTTP/1.0 403 Forbidden'); exit; } } } // User is allowed to retrieve file. Get things going. # If file is not in MW's repo try to guess MIME type $sFileMime = $oFile ? $oFile->getMimeType() : MimeMagic::singleton()->guessMimeType($sFilePath, false); $sFileDispo = BsConfig::get('MW::SecureFileStore::DefaultDisposition'); if (in_array($sFileExt, BsConfig::get('MW::SecureFileStore::DispositionAttachment'))) { $sFileDispo = 'attachment'; } if (in_array($sFileExt, BsConfig::get('MW::SecureFileStore::DispositionInline'))) { $sFileDispo = 'inline'; } $aFileStat = stat($sFilePath); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $aFileStat['mtime']) . ' GMT'); header("Content-Type: {$sFileMime}"); header("Content-Disposition: {$sFileDispo}; filename=\"{$sFileName}\""); header("Cache-Control: no-cache,must-revalidate", true); //Otherwise IE might deliver old version if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { $sModSince = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']); $sSinceTime = strtotime($sModSince); if ($aFileStat['mtime'] <= $sSinceTime) { ini_set('zlib.output_compression', 0); header("HTTP/1.0 304 Not Modified"); exit; } } // IE6/IE7 cannot handle download of zip-files that are aditionally gzipped by the Apache // just put it in the header and tell apache to immediately flush => and gzip is disabled if ($sFileMime == 'application/zip') { header('Content-Length: ' . $aFileStat['size']); flush(); } // Send the file already ;-) readfile($sFilePath); exit; }