MediaWiki r7474 - Code Review

Jump to: navigation, search
Repository:MediaWiki
Revision:r7473‎ | r7474 (on ViewVC)‎ | r7475 >
Date:12:22, 18 February 2005
Author:vibber
Status:old
Tags:
Comment:
Remove Special:Asksql; moving it out to an extension.
Modified paths:

Diff [purge]

Index: trunk/phase3/index.php
@@ -87,7 +87,6 @@
8888 } else if ( Namespace::getSpecial() == $wgTitle->getNamespace() ) {
8989 # actions that need to be made when we have a special pages
9090 require_once( 'includes/SpecialPage.php' );
91 - if ( !$wgAllowSysopQueries ) {SpecialPage::removePage( 'Asksql' ); }
9291 SpecialPage::executePath( $wgTitle );
9392 } else {
9493 if ( Namespace::getMedia() == $wgTitle->getNamespace() ) {
Index: trunk/phase3/config/index.php
@@ -1065,16 +1065,6 @@
10661066 \$wgDBpassword = \"{$slconf['DBpassword']}\";
10671067 \$wgDBprefix = \"{$slconf['DBprefix']}\";
10681068
1069 -## To allow SQL queries through the wiki's Special:Askaql page,
1070 -## uncomment the next lines. THIS IS VERY INSECURE. If you want
1071 -## to allow semipublic read-only SQL access for your sysops,
1072 -## you should define a MySQL user with limited privileges.
1073 -## See MySQL docs: http://www.mysql.com/doc/en/GRANT.html
1074 -#
1075 -# \$wgAllowSysopQueries = true;
1076 -# \$wgDBsqluser = \"sqluser\";
1077 -# \$wgDBsqlpassword = \"sqlpass\";
1078 -
10791069 # If you're on MySQL 3.x, this next line must be FALSE:
10801070 \$wgDBmysql4 = \$wgEnablePersistentLC = {$conf->DBmysql4};
10811071
Index: trunk/phase3/includes/SpecialAsksql.php
@@ -1,203 +0,0 @@
2 -<?php
3 -/**
4 - * If enabled through $wgAllowSysopQueries = true, this class
5 - * let users with sysop right the possibility to make sql queries
6 - * against the cur table.
7 - * Heavy queries could slow down the database specially for the
8 - * biggest wikis.
9 - *
10 - * @package MediaWiki
11 - * @subpackage SpecialPage
12 - */
13 -
14 -/**
15 - *
16 - */
17 -function wfSpecialAsksql() {
18 - global $wgUser, $wgOut, $wgRequest, $wgAllowSysopQueries;
19 -
20 - if( !$wgAllowSysopQueries ) {
21 - $wgOut->errorpage( 'nosuchspecialpage', 'nospecialpagetext' );
22 - return;
23 - }
24 - if( !$wgUser->isAllowed('asksql') ) {
25 - $wgOut->sysopRequired();
26 - return;
27 - }
28 -
29 - if( $wgRequest->wasPosted() ) {
30 - $query = $wgRequest->getVal( 'wpSqlQuery' );
31 - $action = $wgRequest->getVal( 'action' );
32 - } else {
33 - $query = '';
34 - $action = '';
35 - }
36 - $f = new SqlQueryForm( $query);
37 -
38 - if ( "submit" == $action ) {
39 - $f->doSubmit();
40 - } else {
41 - $f->showForm( '' );
42 - }
43 -}
44 -
45 -/**
46 - * @access private
47 - * @package MediaWiki
48 - * @subpackage SpecialPage
49 - */
50 -class SqlQueryForm {
51 - var $query = '';
52 -
53 - function SqlQueryForm( $query ) {
54 - $this->query = $query;
55 - }
56 -
57 - function showForm( $err ) {
58 - global $wgOut, $wgUser, $wgLang;
59 - global $wgLogQueries;
60 -
61 - $wgOut->setPagetitle( wfMsg( 'asksql' ) );
62 - $note = wfMsg( 'asksqltext' );
63 - if($wgLogQueries)
64 - $note .= ' ' . wfMsg( 'sqlislogged' );
65 - $wgOut->addWikiText( $note );
66 -
67 - if ( '' != $err ) {
68 - $wgOut->addHTML( '<p><font color="red" size="+1">' . htmlspecialchars($err) . "</font>\n" );
69 - }
70 - if ( ! $this->query ) { $this->query = 'SELECT ... FROM ... WHERE ...'; }
71 - $q = wfMsg( 'sqlquery' );
72 - $qb = wfMsg( 'querybtn' );
73 - $titleObj = Title::makeTitle( NS_SPECIAL, 'Asksql' );
74 - $action = $titleObj->escapeLocalURL( 'action=submit' );
75 -
76 - $wgOut->addHTML( "<p>
77 -<form id=\"asksql\" method=\"post\" action=\"{$action}\">
78 -<table border=0><tr>
79 -<td align=right>{$q}:</td>
80 -<td align=left>
81 -<textarea name=\"wpSqlQuery\" cols=80 rows=4 wrap=\"virtual\">"
82 -. htmlspecialchars($this->query) ."
83 -</textarea>
84 -</td>
85 -</tr><tr>
86 -<td>&nbsp;</td><td align=\"left\">
87 -<input type=submit name=\"wpQueryBtn\" value=\"{$qb}\">
88 -</td></tr></table>
89 -</form>\n" );
90 -
91 - }
92 -
93 - function doSubmit() {
94 - global $wgOut, $wgUser, $wgServer, $wgScript, $wgArticlePath, $wgLang, $wgContLang;
95 - global $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname, $wgSqlTimeout;
96 -
97 - # Use a limit, folks!
98 - $this->query = trim( $this->query );
99 - if( preg_match( '/^SELECT/i', $this->query )
100 - and !preg_match( '/LIMIT/i', $this->query ) ) {
101 - $this->query .= ' LIMIT 100';
102 - }
103 - $conn = Database::newFromParams( $wgDBserver, $wgDBsqluser, $wgDBsqlpassword, $wgDBname );
104 -
105 - $this->logQuery( $this->query );
106 -
107 - # Start timer, will kill the DB thread in $wgSqlTimeout seconds
108 - $conn->startTimer( $wgSqlTimeout );
109 - $res = $conn->query( $this->query, 'SpecialAsksql::doSubmit' );
110 - $conn->stopTimer();
111 - $this->logFinishedQuery();
112 -
113 - $n = 0;
114 - @$n = $conn->numFields( $res );
115 - $titleList = false;
116 -
117 - if ( $n ) {
118 - $k = array();
119 - for ( $x = 0; $x < $n; ++$x ) {
120 - array_push( $k, $conn->fieldName( $res, $x ) );
121 - }
122 -
123 - if ( $n == 2 && in_array( 'page_title', $k ) && in_array( 'page_namespace', $k ) ) {
124 - $titleList = true;
125 - }
126 -
127 - $a = array();
128 - while ( $s = $conn->fetchObject( $res ) ) {
129 - array_push( $a, $s );
130 - }
131 - $conn->freeResult( $res );
132 -
133 - if ( $titleList ) {
134 - $r = "";
135 - foreach ( $a as $y ) {
136 - $sTitle = htmlspecialchars( $y->page_title );
137 - if ( $y->page_namespace ) {
138 - $sNamespace = $wgContLang->getNsText( $y->page_namespace );
139 - $link = "$sNamespace:$sTitle";
140 - } else {
141 - $link = "$sTitle";
142 - }
143 - $skin = $wgUser->getSkin();
144 - $link = $skin->makeLink( $link );
145 - $r .= "* [[$link]]<br />\n";
146 - }
147 - } else {
148 -
149 - $r = "<table border=1 bordercolor=black cellspacing=0 " .
150 - "cellpadding=2><tr>\n";
151 - foreach ( $k as $x ) $r .= "<th>" . htmlspecialchars( $x ) . "</th>";
152 - $r .= "</tr>\n";
153 -
154 - foreach ( $a as $y ) {
155 - $r .= '<tr>';
156 - foreach ( $k as $x ) {
157 - $o = $y->$x ;
158 - if ( $x == 'page_title' or $x == 'rc_title') {
159 - $namespace = 0;
160 - if( $x == 'page_title' && isset( $y->page_namespace ) ) $namespace = $y->page_namespace;
161 - if( $x == 'rc_title' && isset( $y->rc_namespace ) ) $namespace = $y->rc_namespace;
162 - $title =& Title::makeTitle( $namespace, $o );
163 - $o = "<a href=\"" . $title->escapeLocalUrl() . "\" class='internal'>" .
164 - htmlspecialchars( $y->$x ) . '</a>' ;
165 - } else {
166 - $o = htmlspecialchars( $o );
167 - }
168 - $r .= '<td>' . $o . "</td>\n";
169 - }
170 - $r .= "</tr>\n";
171 - }
172 - $r .= "</table>\n";
173 - }
174 - }
175 - $this->showForm( wfMsg( "querysuccessful" ) );
176 - $wgOut->addHTML( "<hr>{$r}\n" );
177 - }
178 -
179 - function logQuery( $q ) {
180 - global $wgSqlLogFile, $wgLogQueries, $wgUser;
181 - if(!$wgLogQueries) return;
182 -
183 - $f = fopen( $wgSqlLogFile, 'a' );
184 - fputs( $f, "\n\n" . wfTimestampNow() .
185 - " query by " . $wgUser->getName() .
186 - ":\n$q\n" );
187 - fclose( $f );
188 - $this->starttime = wfTime();
189 - }
190 -
191 - function logFinishedQuery() {
192 - global $wgSqlLogFile, $wgLogQueries;
193 - if(!$wgLogQueries) return;
194 -
195 - $interval = wfTime() - $this->starttime;
196 -
197 - $f = fopen( $wgSqlLogFile, 'a' );
198 - fputs( $f, 'finished at ' . wfTimestampNow() . "; took $interval secs\n" );
199 - fclose( $f );
200 - }
201 -
202 -}
203 -
204 -?>
Index: trunk/phase3/includes/SpecialSpecialpages.php
@@ -58,7 +58,7 @@
5959 * @param $sk skin object ???
6060 */
6161 function wfSpecialSpecialpages_gen($pages,$heading,$sk) {
62 - global $wgLang, $wgOut, $wgAllowSysopQueries;
 62+ global $wgLang, $wgOut;
6363
6464 $wgOut->addHTML( '<h2>' . wfMsg( $heading ) . "</h2>\n<ul>" );
6565 foreach ( $pages as $name => $page ) {
Index: trunk/phase3/includes/DefaultSettings.php
@@ -259,16 +259,6 @@
260260 /** How long to wait for a slave to catch up to the master */
261261 $wgMasterWaitTimeout = 10;
262262
263 -# Sysop SQL queries
264 -# The sql user shouldn't have too many rights other the database, restrict
265 -# it to SELECT only on 'page', 'revision' and 'text' tables for example
266 -#
267 -/** Dangerous if not configured properly. */
268 -$wgAllowSysopQueries = false;
269 -$wgDBsqluser = 'sqluser';
270 -$wgDBsqlpassword = 'sqlpass';
271 -$wgDBpassword = 'userpass';
272 -$wgSqlLogFile = "{$wgUploadDirectory}/sqllog_mFhyRe6";
273263 /** File to log MySQL errors to */
274264 $wgDBerrorLog = false;
275265
Index: trunk/phase3/includes/SpecialPage.php
@@ -85,7 +85,6 @@
8686 'Allmessages' => new SpecialPage( 'Allmessages' ),
8787 'Log' => new SpecialPage( 'Log' ),
8888 'Blockip' => new SpecialPage( 'Blockip', 'block' ),
89 - 'Asksql' => new SpecialPage( 'Asksql', 'asksql' ),
9089 'Undelete' => new SpecialPage( 'Undelete', 'delete' ),
9190 // Makesysop is obsolete, replaced by Special:Userlevels [av]
9291 # 'Makesysop' => new SpecialPage( 'Makesysop', 'userrights' ),

Status & tagging log

  • 01:56, 13 October 2010 ^demon (Talk | contribs) changed the status of r7474 [removed: new added: old]
Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/7474"
Personal tools
Namespaces

Variants
Views
Actions
Navigation
Support
Download
Development
Communication
Toolbox