From 4c0666fd193868ab529071d048f7736c671c79f1 Mon Sep 17 00:00:00 2001 From: Andrew Kostka Date: Fri, 3 Sep 2021 17:37:30 +0200 Subject: [PATCH] Don't allow users to add parameters that contain forbidden chars Bug: T285869 Change-Id: I1011949c2724939f3cec1e1a2ae1c821c33eff84 --- extension.json | 1 + i18n/ve-mw/en.json | 1 + i18n/ve-mw/qqq.json | 1 + .../tests/ui/pages/ve.ui.MWAddParameterPage.test.js | 2 ++ modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js | 9 +++++++-- 5 files changed, 12 insertions(+), 2 deletions(-) diff --git a/extension.json b/extension.json index 1dbe022273..bbc0b53119 100644 --- a/extension.json +++ b/extension.json @@ -2206,6 +2206,7 @@ "visualeditor-dialog-transclusion-add-param-error-deprecated", "visualeditor-dialog-transclusion-add-param-error-exists-selected", "visualeditor-dialog-transclusion-add-param-error-exists-unselected", + "visualeditor-dialog-transclusion-add-param-error-forbidden-char", "visualeditor-dialog-transclusion-add-param-help", "visualeditor-dialog-transclusion-add-param-placeholder", "visualeditor-dialog-transclusion-add-param-save", diff --git a/i18n/ve-mw/en.json b/i18n/ve-mw/en.json index 8381ed2e34..254d24f7f3 100644 --- a/i18n/ve-mw/en.json +++ b/i18n/ve-mw/en.json @@ -178,6 +178,7 @@ "visualeditor-dialog-transclusion-add-param-error-deprecated": "\"$1\" cannot be added because the parameter has been marked as [//www.mediawiki.org/wiki/Help:TemplateData#deprecated deprecated].", "visualeditor-dialog-transclusion-add-param-error-exists-selected": "Cannot add two parameters of the same name.", "visualeditor-dialog-transclusion-add-param-error-exists-unselected": "This parameter is already available for use. Please check the options in the sidebar.", + "visualeditor-dialog-transclusion-add-param-error-forbidden-char": "$1 is a forbidden character. Please remove it to add the parameter.", "visualeditor-dialog-transclusion-add-param-help": "If known, enter undocumented parameter names. Note that only parameters known by the template will have an effect. You may find information about existing parameters on the [[$1|template's page]].", "visualeditor-dialog-transclusion-add-param-placeholder": "Parameter name", "visualeditor-dialog-transclusion-add-param-save": "Add parameter", diff --git a/i18n/ve-mw/qqq.json b/i18n/ve-mw/qqq.json index 8d0cbae106..3471421046 100644 --- a/i18n/ve-mw/qqq.json +++ b/i18n/ve-mw/qqq.json @@ -196,6 +196,7 @@ "visualeditor-dialog-transclusion-add-param-error-deprecated": "Message shown to an editor when they attempt adding a parameter which is deprecated.\n\nParameters:\n* $1 - The name of the parameter.", "visualeditor-dialog-transclusion-add-param-error-exists-selected": "Message shown to an editor when they attempt adding a parameter which is already present and checked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.", "visualeditor-dialog-transclusion-add-param-error-exists-unselected": "Message shown to an editor when they attempt adding a parameter which is already present and unchecked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.", + "visualeditor-dialog-transclusion-add-param-error-forbidden-char": "Message shown to an editor when they attempt adding a parameter which contains forbidden characters.\n\nParameters:\n* $1 - The forbidden character.", "visualeditor-dialog-transclusion-add-param-help": "Help text for new undocumented parameter input field.\n\nParameters:\n* $1 - The title of the template.", "visualeditor-dialog-transclusion-add-param-placeholder": "Placeholder in the input field that adds a new undocumented parameter to a transcluded template.", "visualeditor-dialog-transclusion-add-param-save": "Label for save button that adds a new undocumented parameter to a transcluded template.", diff --git a/modules/ve-mw/tests/ui/pages/ve.ui.MWAddParameterPage.test.js b/modules/ve-mw/tests/ui/pages/ve.ui.MWAddParameterPage.test.js index 35af602a93..4d95ac435f 100644 --- a/modules/ve-mw/tests/ui/pages/ve.ui.MWAddParameterPage.test.js +++ b/modules/ve-mw/tests/ui/pages/ve.ui.MWAddParameterPage.test.js @@ -45,6 +45,8 @@ QUnit.test( 'Outline item initialization', ( assert ) => { [ [ '', 0 ], [ 'a', 0 ], + [ 'a=b', '(visualeditor-dialog-transclusion-add-param-error-forbidden-char: =)' ], + [ 'x|a=b', '(visualeditor-dialog-transclusion-add-param-error-forbidden-char: |)' ], [ 'used', '(visualeditor-dialog-transclusion-add-param-error-exists-selected: used, used)' ], [ 'unused', '(visualeditor-dialog-transclusion-add-param-error-exists-unselected: unused, unused)' ], [ 'usedAlias', '(visualeditor-dialog-transclusion-add-param-error-alias: usedAlias, x)' ], diff --git a/modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js b/modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js index cab32960ab..c78d425c61 100644 --- a/modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js +++ b/modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js @@ -89,11 +89,10 @@ OO.inheritClass( ve.ui.MWAddParameterPage, OO.ui.PageLayout ); */ ve.ui.MWAddParameterPage.prototype.onParameterNameChanged = function ( value ) { var paramName = value.trim(), - isValid = /^[^={|}]+$/.test( paramName ), errors = this.getValidationErrors( paramName ); this.addParameterInputField.setErrors( errors ); - this.saveButton.setDisabled( !isValid || errors.length ); + this.saveButton.setDisabled( !paramName || errors.length ); }; ve.ui.MWAddParameterPage.prototype.onParameterNameSubmitted = function () { @@ -120,6 +119,12 @@ ve.ui.MWAddParameterPage.prototype.getValidationErrors = function ( name ) { return []; } + var forbiddenCharacter = name.match( /[={|}]/ ); + if ( forbiddenCharacter ) { + return [ mw.message( 'visualeditor-dialog-transclusion-add-param-error-forbidden-char', + forbiddenCharacter[ 0 ] ).parseDom() ]; + } + var key, spec = this.template.getSpec();