http://www.mediawiki.org/wiki/Special:Code/MediaWiki/67245
Revision: 67245
Author: daniel
Date: 2010-06-02 20:57:53 +0000 (Wed, 02 Jun 2010)
Log Message:
-----------
added value sanatization; moved some static funtions to instance, to have
context handy
Modified Paths:
--------------
trunk/extensions/DataTransclusion/DataTransclusionHandler.php
Modified: trunk/extensions/DataTransclusion/DataTransclusionHandler.php
===================================================================
--- trunk/extensions/DataTransclusion/DataTransclusionHandler.php
2010-06-02 20:50:44 UTC (rev 67244)
+++ trunk/extensions/DataTransclusion/DataTransclusionHandler.php
2010-06-02 20:57:53 UTC (rev 67245)
@@ -109,13 +109,15 @@
$record = $source->fetchRecord( $by, $key );
if ( empty( $record ) ) return
DataTransclusionHandler::errorMessage( 'datatransclusion-record-not-found',
$asHTML, $sourceName, $by, $key );
- $record = DataTransclusionHandler::normalizeRecord( $record,
$source );
-
//render the record into wiki text
$t = Title::newFromText( $template, NS_TEMPLATE );
if ( empty( $t ) ) return DataTransclusionHandler::errorMessage(
'datatransclusion-bad-template-name', $asHTML, $template );
- $text = DataTransclusionHandler::renderTemplate( $parser, $t,
$record );
+ $handler = new DataTransclusionHandler( $parser, $source, $t );
+
+ $record = $handler->normalizeRecord( $record );
+ $text = $handler->render( $record );
+
if ( $text === false ) return
DataTransclusionHandler::errorMessage( 'datatransclusion-unknown-template',
$asHTML, $template );
//set parser output expiry
@@ -132,65 +134,94 @@
}
}
- static function renderTemplate( $parser, $title, $record ) {
+ function __construct( $parser, $source, $template ) {
+ $this->template = $template;
+ $this->source = $source;
+ $this->parser = $parser;
+ }
+
+ function render( $record ) {
//XXX: use cached & preparsed template. $template doesn't have the
right type, it seems
/*
- list( $text, $title ) = $parser->getTemplateDom( $title );
- $frame = $parser->getPreprocessor()->newCustomFrame( $record );
+ list( $text, $this->template ) = $this->parser->getTemplateDom(
$this->template );
+ $frame = $this->parser->getPreprocessor()->newCustomFrame( $record
);
$text = $frame->expand( $template );
*/
//XXX: trying another way. but $piece['parts'] needs to be a
PPNode. how to do that?
/*
- $frame = $parser->getPreprocessor()->newCustomFrame( $record );
+ $frame = $this->parser->getPreprocessor()->newCustomFrame( $record
);
$piece = array();
- if ( $title->getNamespace() == NS_TEMPLATE ) $n = "";
- else $n = $title->getNsText() . ":";
+ if ( $this->template->getNamespace() == NS_TEMPLATE ) $n = "";
+ else $n = $this->template->getNsText() . ":";
- $piece ['title'] = $n . $title->getText();
+ $piece ['title'] = $n . $this->template->getText();
$piece['parts'] = $record;
$piece['lineStart'] = false; //XXX: ugly. can't know here whether
the brace was at the start of a line
- $ret = $parser->braceSubstitution( $piece, $frame );
+ $ret = $this->parser->braceSubstitution( $piece, $frame );
$text = $ret[ 'text' ];
*/
//dumb and slow, but works
- $p = new Article( $title );
+ $p = new Article( $this->template );
if ( !$p->exists() ) return false;
$text = $p->getContent();
- $text = $parser->replaceVariables( $text, $record, true );
+ $text = $this->parser->replaceVariables( $text, $record, true );
return $text;
}
- static function normalizeRecord( $record, $source ) {
+ function normalizeRecord( $record ) {
$rec = array();
//keep record fields, add missing values
- $fields = $source->getFieldNames();
+ $fields = $this->source->getFieldNames();
foreach ( $fields as $f ) {
if ( isset( $record[ $f ] ) ) $v = $record[ $f ];
else $v = '';
- $rec[ $f ] = $v;
+ $rec[ $f ] = $this->sanitizeValue( $v );
}
//add source meta info, so we can render links back to the source,
//provide license info, etc
- $info = $source->getSourceInfo();
+ $info = $this->source->getSourceInfo();
foreach ( $info as $f => $v ) {
if ( is_array( $v ) || is_object( $v ) || is_resource( $v ) )
continue;
- $rec[ "source.$f" ] = $v;
+ $rec[ "source.$f" ] = $this->sanitizeValue( $v );
}
return $rec;
}
-
+ protected static $sanitizerSubstitution = array(
+ '!\[!' => '[',
+ '!\]!' => ']',
+ '!\{!' => '{',
+ '!\}!' => '}',
+ '!\'!' => '&#apos;',
+ '!\|!' => '|',
+ '!^\*!m' => '*',
+ '!^#!m' => '#',
+ '!^:!m' => ':',
+ '!^;!m' => ';',
+ '!^ !m' => ' ',
+ );
+
+ function sanitizeValue( $v ) {
+ $v = htmlspecialchars( $v );
+
+ $find = array_keys( self::$sanitizerSubstitution );
+ $subst = array_values( self::$sanitizerSubstitution );
+
+ $v = preg_replace( $find, $subst, $v );
+ return $v;
+ }
+
static function getDataSource( $name ) {
global $wgDataTransclusionSources;
if ( empty( $wgDataTransclusionSources[ $name ] ) ) return false;
_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
