[MediaWiki-commits] [Gerrit] mediawiki...TemplateStyles[master]: [POC] Warn when using tags in non-template ...

Thu, 18 Jan 2018 17:55:35 -0800 

Gergő Tisza has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/405236 )

Change subject: [POC] Warn when using <templatestyles> tags in non-template 
namespaces
......................................................................

[POC] Warn when using <templatestyles> tags in non-template namespaces

Bug: T176269
Change-Id: Ifc3c81f3e46e86603d5bfc5bb048e172080c8d50
---
M TemplateStylesHooks.php
M extension.json
M i18n/en.json
M i18n/qqq.json
4 files changed, 16 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TemplateStyles 
refs/changes/36/405236/1

diff --git a/TemplateStylesHooks.php b/TemplateStylesHooks.php
index 837105f..70eb8c6 100644
--- a/TemplateStylesHooks.php
+++ b/TemplateStylesHooks.php
@@ -193,6 +193,18 @@
                        return '';
                }
 
+               $allowedNamespaces = self::getConfig()->get( 
'TemplateStylesAllowedNamespaces' );
+               if ( !in_array( $frame->getTitle()->getNamespace(), 
$allowedNamespaces, true ) ) {
+                       $targetLanguage = $parser->getTargetLanguage();
+                       $allowedNamespacesText = $targetLanguage->listToText( 
array_map(
+                               function ( $ns ) use ( $targetLanguage ) {
+                                       return 
$targetLanguage->convertNamespace( $ns );
+                               }, $allowedNamespaces ) );
+                       $error = wfMessage( 'templatestyles-wrong-namespace', 
$allowedNamespacesText,
+                               count( $allowedNamespaces ) 
)->inContentLanguage()->parse();
+                       return '<strong class="error">' . $error . '</strong>';
+               }
+
                if ( !isset( $params['src'] ) || trim( $params['src'] ) === '' 
) {
                        return '<strong class="error">' .
                                wfMessage( 'templatestyles-missing-src' 
)->inContentLanguage()->parse() .
diff --git a/extension.json b/extension.json
index a704a2f..a3bdb0e 100644
--- a/extension.json
+++ b/extension.json
@@ -48,6 +48,8 @@
        "config": {
                "@TemplateStylesDisable": "When set to true, no styles are 
output. This flag is for development and will be removed.",
                "TemplateStylesDisable": false,
+               "@TemplateStylesAllowedNamespaces": "Namespaces in which 
<templatestyles> tags can be present in the wikitext. The setting is for 
development and will be removed. It does not prevent the tags from working in 
other namespaces when transcluded. Defaults to NS_TEMPLATE.",
+               "TemplateStylesAllowedNamespaces": [ 10 ],
                "@TemplateStylesAllowedUrls": "PCRE regexes to match allowed 
URLs for various types of external references. Known types are:\n; audio: Sound 
files\n; image: Images\n; svg: SVGs for the Filter and Masking modules\n; font: 
External fonts\n; namespace: @namespace declarations\n; css: @import 
declarations\nIf you want to allow an entire domain, be sure to include a 
trailing '/', e.g. \"<^https://allowed\\.example\\.org/>\" rather than 
\"<^https://allowed\\.example\\.org>\", so people can't bypass your filter by 
creating a subdomain like \"https://allowed.example.org.evil.com\".";,
                "TemplateStylesAllowedUrls": {
                        "audio": [
diff --git a/i18n/en.json b/i18n/en.json
index d688d06..d5fc68d 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -7,6 +7,7 @@
        },
        "templatestyles": "TemplateStyles",
        "templatestyles-desc": "Implement per-template style sheets",
+       "templatestyles-wrong-namespace": 
"<code><nowiki><templatestyles></nowiki></code> tags can only be used in the $1 
{{PLURAL:$2|namespace|namespaces}}.",
        "templatestyles-missing-src": "TemplateStyles' <code>src</code> 
attribute must not be empty.",
        "templatestyles-invalid-src": "Invalid title for TemplateStyles' 
<code>src</code> attribute.",
        "templatestyles-bad-src-missing": "Page [[:$1|$2]] has no content.",
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 25e2edd..b7ead98 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -9,6 +9,7 @@
        },
        "templatestyles": "{{name}}",
        "templatestyles-desc": 
"{{desc|name=TemplateStyles|url=https://www.mediawiki.org/wiki/Extension:TemplateStyles}}";,
+       "templatestyles-wrong-namespace": "Error message displayed when a 
<code><nowiki><templatestyles></nowiki></code> tag is used in a disallowed 
namespace.\n\nParameters:\n* $1 - The list of allowed namespaces (as 
human-readable text).\n* $2 - The number of allowed namespaces.",
        "templatestyles-missing-src": "Error message displayed when the 
<code>src</code> attribute is not present on 
<code><nowiki><templatestyles></nowiki></code>.",
        "templatestyles-invalid-src": "Error message displayed when the 
<code>src</code> attribute is not a valid title.",
        "templatestyles-bad-src-missing": "Error message displayed when the 
title specified has no content. Parameters:\n* $1 - The title specified.\n* $2 
- The title with wikitext escaped.",

-- 
To view, visit https://gerrit.wikimedia.org/r/405236
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifc3c81f3e46e86603d5bfc5bb048e172080c8d50
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TemplateStyles
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to