http://www.mediawiki.org/wiki/Special:Code/MediaWiki/88591
Revision: 88591 Author: ashley Date: 2011-05-22 18:09:59 +0000 (Sun, 22 May 2011) Log Message: ----------- WhosOnline: register_globals fix in main setup file, coding style tweaks everywhere + applied patch from http://www.mediawiki.org/wiki/Extension_talk:WhosOnline#Allow_inclusion_of_the_page Modified Paths: -------------- trunk/extensions/WhosOnline/WhosOnline.php trunk/extensions/WhosOnline/WhosOnlineSpecialPage.php Modified: trunk/extensions/WhosOnline/WhosOnline.php =================================================================== --- trunk/extensions/WhosOnline/WhosOnline.php 2011-05-22 18:05:17 UTC (rev 88590) +++ trunk/extensions/WhosOnline/WhosOnline.php 2011-05-22 18:09:59 UTC (rev 88591) @@ -5,56 +5,65 @@ * * @file * @ingroup Extensions - * * @author Maciej Brencz <macbre(at)-spam-wikia.com> - minor fixes and improvements * @author ChekMate Security Group - original code * @see http://www.chekmate.org/wiki/index.php/MW:_Whos_Online_Extension * @license http://www.gnu.org/copyleft/gpl.html GNU General Public License 2.0 or later */ -$wgWhosOnlineShowAnons = FALSE; // Showing anonymous users IP addresses can be a security threat! +/** + * Protect against arbitrary execution + * This line must be present before any global variable is referenced. + */ +if ( !defined( 'MEDIAWIKI' ) ) { + die( 'This is not a valid entry point.' ); +} -$wgHooks['BeforePageDisplay'][] = 'wfWhosOnline_update_data'; - +// Extension credits that show up on Special:Version $wgExtensionCredits['other'][] = array( 'path' => __FILE__, 'name' => 'WhosOnline', - 'version' => '1.3', + 'version' => '1.3.1', 'author' => 'Maciej Brencz', 'descriptionmsg' => 'whosonline-desc', 'url' => 'http://www.mediawiki.org/wiki/Extension:WhosOnline', ); -$dir = dirname(__FILE__) . '/'; +// Showing anonymous users' IP addresses can be a security threat! +$wgWhosOnlineShowAnons = false; + +// Set up the special page +$dir = dirname( __FILE__ ) . '/'; $wgAutoloadClasses['SpecialWhosOnline'] = $dir . 'WhosOnlineSpecialPage.php'; $wgExtensionMessagesFiles['WhosOnline'] = $dir . 'WhosOnline.i18n.php'; $wgExtensionAliasesFiles['WhosOnline'] = $dir . 'WhosOnline.alias.php'; $wgSpecialPages['WhosOnline'] = 'SpecialWhosOnline'; +$wgHooks['BeforePageDisplay'][] = 'wfWhosOnline_update_data'; // update online data function wfWhosOnline_update_data() { global $wgUser, $wgDBname; - wfProfileIn(__METHOD__); + wfProfileIn( __METHOD__ ); // write to DB (use master) - $db = wfGetDB(DB_MASTER); + $db = wfGetDB( DB_MASTER ); $db->selectDB( $wgDBname ); - $now = gmdate("YmdHis", time()); + $now = gmdate( 'YmdHis', time() ); // row to insert to table - $row = array ( + $row = array( 'userid' => $wgUser->getID(), 'username' => $wgUser->getName(), 'timestamp' => $now ); $ignore = $db->ignoreErrors( true ); - $db->insert('online', $row, __METHOD__, 'DELAYED'); + $db->insert( 'online', $row, __METHOD__, 'DELAYED' ); $db->ignoreErrors( $ignore ); - wfProfileOut(__METHOD__); + wfProfileOut( __METHOD__ ); return true; } Modified: trunk/extensions/WhosOnline/WhosOnlineSpecialPage.php =================================================================== --- trunk/extensions/WhosOnline/WhosOnlineSpecialPage.php 2011-05-22 18:05:17 UTC (rev 88590) +++ trunk/extensions/WhosOnline/WhosOnlineSpecialPage.php 2011-05-22 18:09:59 UTC (rev 88591) @@ -1,31 +1,30 @@ <?php /** + * @file * @ingroup Extensions - * * @author Maciej Brencz <macbre(at)-spam-wikia.com> */ -if (!defined('MEDIAWIKI')) { +if ( !defined( 'MEDIAWIKI' ) ) { exit( 1 ); } class PagerWhosOnline extends IndexPager { function __construct() { parent::__construct(); - $this->mLimit = $this->mDefaultLimit; } function getQueryInfo() { global $wgWhosOnlineShowAnons; - return array ( - 'tables' => array('online'), - 'fields' => array('username'), - 'options' => array('ORDER BY' => 'timestamp DESC'), + return array( + 'tables' => array( 'online' ), + 'fields' => array( 'username' ), + 'options' => array( 'ORDER BY' => 'timestamp DESC' ), 'conds' => $wgWhosOnlineShowAnons ? array() - : array('userid != 0') + : array( 'userid != 0' ) ); } @@ -37,8 +36,8 @@ $conds = isset( $info['conds'] ) ? $info['conds'] : array(); $options = isset( $info['options'] ) ? $info['options'] : array(); - $options['LIMIT'] = intval($limit); - $options['OFFSET'] = intval($offset); + $options['LIMIT'] = intval( $limit ); + $options['OFFSET'] = intval( $offset ); $res = $this->mDb->select( $tables, $fields, $conds, __METHOD__, $options ); @@ -49,20 +48,26 @@ return 'username'; // dummy } - function formatRow($row) { - $userPageLink = Title::makeTitle(NS_USER, $row->username)->getFullURL(); + function formatRow( $row ) { + $userPageLink = Title::makeTitle( NS_USER, $row->username )->getFullURL(); - return '<li><a href="'.htmlspecialchars($userPageLink).'">' . htmlspecialchars($row->username) . '</a></li>'; + return '<li><a href="' . htmlspecialchars( $userPageLink ) . '">' . + htmlspecialchars( $row->username ) . '</a></li>'; } // extra methods function countUsersOnline() { - wfProfileIn(__METHOD__); + wfProfileIn( __METHOD__ ); - $row = $this->mDb->selectRow('online', 'count(*) as cnt', 'userid != 0', __METHOD__); + $row = $this->mDb->selectRow( + 'online', + 'COUNT(*) AS cnt', + 'userid != 0', + __METHOD__ + ); $users = (int) $row->cnt; - wfProfileOut(__METHOD__); + wfProfileOut( __METHOD__ ); return $users; } @@ -73,50 +78,73 @@ return wfViewPrevNext( $this->mOffset, $this->mLimit, - $wgContLang->specialpage('WhosOnline'), + $wgContLang->specialpage( 'WhosOnline' ), '', - $this->countUsersOnline() < ($this->mLimit + $this->mOffset) // show next link + $this->countUsersOnline() < ( $this->mLimit + $this->mOffset ) // show next link ); } } -class SpecialWhosOnline extends SpecialPage { - public function SpecialWhosOnline() { - parent::__construct('WhosOnline' ); +class SpecialWhosOnline extends IncludableSpecialPage { + public function __construct() { + parent::__construct( 'WhosOnline' ); } - // get list of logged-in users being online protected function getAnonsOnline() { - wfProfileIn(__METHOD__); + wfProfileIn( __METHOD__ ); - $dbr = wfGetDB(DB_SLAVE); + $dbr = wfGetDB( DB_SLAVE ); - $row = $dbr->selectRow('online', 'count(*) as cnt', 'userid = 0', __METHOD__); + $row = $dbr->selectRow( + 'online', + 'COUNT(*) AS cnt', + 'userid = 0', + __METHOD__ + ); $guests = (int) $row->cnt; - wfProfileOut(__METHOD__); + wfProfileOut( __METHOD__ ); return $guests; } public function execute( $para ) { - global $wgRequest, $wgOut, $wgDBname; + global $wgOut, $wgDBname; - - $db = wfGetDB( DB_MASTER ); $db->selectDB( $wgDBname ); - $old = gmdate("YmdHis", time() - 3600); - $db->delete('online', array('timestamp < "'.$old.'"'), __METHOD__); + $old = gmdate( 'YmdHis', time() - 3600 ); + $db->delete( 'online', array( 'timestamp < "' . $old . '"' ), __METHOD__ ); $this->setHeaders(); $pager = new PagerWhosOnline(); + $showNavigation = !$this->including(); + if ( $para ) { + $bits = preg_split( '/\s*,\s*/', trim( $para ) ); + foreach ( $bits as $bit ) { + if ( $bit == 'shownav' ) { + $showNavigation = true; + } + if ( is_numeric( $bit ) ) { + $pager->mLimit = $bit; + } + + $m = array(); + if ( preg_match( '/^limit=(\d+)$/', $bit, $m ) ) { + $pager->mLimit = intval( $m[1] ); + } + } + } + $body = $pager->getBody(); - $wgOut->addHTML($pager->getNavigationBar()); - $wgOut->addHTML('<ul>'.$body.'</ul>'); + if ( $showNavigation ) { + $wgOut->addHTML( $pager->getNavigationBar() ); + } + + $wgOut->addHTML( '<ul>' . $body . '</ul>' ); } } _______________________________________________ MediaWiki-CVS mailing list MediaWiki-CVS@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs