r22960 - Code Review

From MediaWiki.org

Jump to: navigation, search
Repository:MediaWiki
Revision:r22959 | r22960 (on ViewVC) | r22961 >
Date:16:28, 13 June 2007
Author:brion
Status:ok
Tags:
Comment:* (bug 8458) Limit custom signature length to $wgMaxSigChars bytes
Modified paths:

Diff [purge]

Index: trunk/phase3/includes/Parser.php
===================================================================
--- trunk/phase3/includes/Parser.php	(revision 22959)
+++ trunk/phase3/includes/Parser.php	(revision 22960)
@@ -3803,11 +3803,16 @@
 	 * @private
 	 */
 	function getUserSig( &$user ) {
+		global $wgMaxSigChars;
+		
 		$username = $user->getName();
 		$nickname = $user->getOption( 'nickname' );
 		$nickname = $nickname === '' ? $username : $nickname;
-
-		if( $user->getBoolOption( 'fancysig' ) !== false ) {
+		
+		if( strlen( $nickname ) > $wgMaxSigChars ) {
+			$nickname = $username;
+			wfDebug( __METHOD__ . ": $username has overlong signature.\n" );
+		} elseif( $user->getBoolOption( 'fancysig' ) !== false ) {
 			# Sig. might contain markup; validate this
 			if( $this->validateSig( $nickname ) !== false ) {
 				# Validated; clean up (if needed) and return it
Index: trunk/phase3/includes/SpecialPreferences.php
===================================================================
--- trunk/phase3/includes/SpecialPreferences.php	(revision 22959)
+++ trunk/phase3/includes/SpecialPreferences.php	(revision 22960)
@@ -241,7 +241,13 @@
 		}
 
 		# Validate the signature and clean it up as needed
-		if( $this->mToggles['fancysig'] ) {
+		global $wgMaxSigChars;
+		if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+			global $wgLang;
+			$this->mainPrefsForm( 'error',
+				wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) );
+			return;
+		} elseif( $this->mToggles['fancysig'] ) {
 			if( Parser::validateSig( $this->mNick ) !== false ) {
 				$this->mNick = $wgParser->cleanSig( $this->mNick );
 			} else {
@@ -603,8 +609,14 @@
 			);
 		}
 
-		global $wgParser;
-		if( !empty( $this->mToggles['fancysig'] ) &&
+		global $wgParser, $wgMaxSigChars;
+		if( strlen( $this->mNick ) > $wgMaxSigChars ) {
+			$invalidSig = $this->tableRow(
+				' ',
+				Xml::element( 'span', array( 'class' => 'error' ),
+					wfMsg( 'badsiglength', $wgLang->formatNum( $wgMaxSigChars ) ) )
+			);
+		} elseif( !empty( $this->mToggles['fancysig'] ) &&
 			false === $wgParser->validateSig( $this->mNick ) ) {
 			$invalidSig = $this->tableRow(
 				' ',
@@ -617,7 +629,14 @@
 		$wgOut->addHTML(
 			$this->tableRow(
 				Xml::label( wfMsg( 'yournick' ), 'wpNick' ),
-				Xml::input( 'wpNick', 25, $this->mNick, array( 'id' => 'wpNick' ) )
+				Xml::input( 'wpNick', 25, $this->mNick,
+					array(
+						'id' => 'wpNick',
+						// Note: $wgMaxSigChars is currently enforced in UTF-8 bytes,
+						// but 'maxlength' attribute is enforced in characters.
+						// It's still possible to put in an overlong string
+						// 'legitimately' by typing non-ASCII chars.
+						'maxlength' => $wgMaxSigChars ) )
 			) .
 			$invalidSig .
 			$this->tableRow( ' ', $this->getToggle( 'fancysig' ) )
Index: trunk/phase3/includes/DefaultSettings.php
===================================================================
--- trunk/phase3/includes/DefaultSettings.php	(revision 22959)
+++ trunk/phase3/includes/DefaultSettings.php	(revision 22960)
@@ -857,6 +857,7 @@
 
 $wgShowIPinHeader	= true; # For non-logged in users
 $wgMaxNameChars		= 255;  # Maximum number of bytes in username
+$wgMaxSigChars      = 255;  # Maximum number of bytes in signature
 $wgMaxArticleSize	= 2048; # Maximum article size in kilobytes
 
 $wgExtraSubtitle	= '';
Index: trunk/phase3/languages/messages/MessagesEn.php
===================================================================
--- trunk/phase3/languages/messages/MessagesEn.php	(revision 22959)
+++ trunk/phase3/languages/messages/MessagesEn.php	(revision 22960)
@@ -830,6 +830,7 @@
 'yourvariant'                => 'Variant',
 'yournick'                   => 'Nickname:',
 'badsig'                     => 'Invalid raw signature; check HTML tags.',
+'badsiglength'               => 'Nickname too long; must be under $1 characters.',
 'email'                      => 'E-mail',
 'prefs-help-realname'        => 'Real name is optional and if you choose to provide it this will be used for giving you attribution for your work.',
 'loginerror'                 => 'Login error',
Index: trunk/phase3/RELEASE-NOTES
===================================================================
--- trunk/phase3/RELEASE-NOTES	(revision 22959)
+++ trunk/phase3/RELEASE-NOTES	(revision 22960)
@@ -82,7 +82,9 @@
   Common.css and MediaWiki:Monobook.css.
 * (bug 8869) Introduce Special:Uncategorizedtemplates
 * (bug 8734) Different log message when article protection level is changed
+* (bug 8458) Limit custom signature length to $wgMaxSigChars bytes
 
+
 == Bugfixes since 1.10 ==
 
 * (bug 9712) Use Arabic comma in date/time formats for Arabic and Farsi

Follow-up revisions

RevisionCommit summaryAuthorDate
r22967Merged revisions 22935-22966 via svnmerge fromdavid18:35, 13 June 2007
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/22960"
Views
Toolbox