wikimedia/mediawiki-extensions-VisualEditor
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/VisualEditor synced 2024-09-24 10:48:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow users to add parameters that contain forbidden chars

Browse source 
Bug: T285869
Change-Id: I1011949c2724939f3cec1e1a2ae1c821c33eff84
This commit is contained in:
Andrew Kostka 2021-09-03 17:37:30 +02:00 committed by Thiemo Kreuz
parent 075ca72fe8
commit 4c0666fd19
5 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
extension.json
View file

@ -2206,6 +2206,7 @@
"visualeditor-dialog-transclusion-add-param-error-deprecated", "visualeditor-dialog-transclusion-add-param-error-deprecated",
"visualeditor-dialog-transclusion-add-param-error-exists-selected", "visualeditor-dialog-transclusion-add-param-error-exists-selected",
"visualeditor-dialog-transclusion-add-param-error-exists-unselected", "visualeditor-dialog-transclusion-add-param-error-exists-unselected",
"visualeditor-dialog-transclusion-add-param-error-forbidden-char",
"visualeditor-dialog-transclusion-add-param-help", "visualeditor-dialog-transclusion-add-param-help",
"visualeditor-dialog-transclusion-add-param-placeholder", "visualeditor-dialog-transclusion-add-param-placeholder",
"visualeditor-dialog-transclusion-add-param-save", "visualeditor-dialog-transclusion-add-param-save",

1
i18n/ve-mw/en.json
View file

@ -178,6 +178,7 @@
"visualeditor-dialog-transclusion-add-param-error-deprecated": "\"$1\" cannot be added because the parameter has been marked as [//www.mediawiki.org/wiki/Help:TemplateData#deprecated deprecated].", "visualeditor-dialog-transclusion-add-param-error-deprecated": "\"$1\" cannot be added because the parameter has been marked as [//www.mediawiki.org/wiki/Help:TemplateData#deprecated deprecated].",
"visualeditor-dialog-transclusion-add-param-error-exists-selected": "Cannot add two parameters of the same name.", "visualeditor-dialog-transclusion-add-param-error-exists-selected": "Cannot add two parameters of the same name.",
"visualeditor-dialog-transclusion-add-param-error-exists-unselected": "This parameter is already available for use. Please check the options in the sidebar.", "visualeditor-dialog-transclusion-add-param-error-exists-unselected": "This parameter is already available for use. Please check the options in the sidebar.",
"visualeditor-dialog-transclusion-add-param-error-forbidden-char": "$1 is a forbidden character. Please remove it to add the parameter.",
"visualeditor-dialog-transclusion-add-param-help": "If known, enter undocumented parameter names. Note that only parameters known by the template will have an effect. You may find information about existing parameters on the [[$1|template's page]].", "visualeditor-dialog-transclusion-add-param-help": "If known, enter undocumented parameter names. Note that only parameters known by the template will have an effect. You may find information about existing parameters on the [[$1|template's page]].",
"visualeditor-dialog-transclusion-add-param-placeholder": "Parameter name", "visualeditor-dialog-transclusion-add-param-placeholder": "Parameter name",
"visualeditor-dialog-transclusion-add-param-save": "Add parameter", "visualeditor-dialog-transclusion-add-param-save": "Add parameter",

1
i18n/ve-mw/qqq.json
View file

@ -196,6 +196,7 @@
"visualeditor-dialog-transclusion-add-param-error-deprecated": "Message shown to an editor when they attempt adding a parameter which is deprecated.\n\nParameters:\n* $1 - The name of the parameter.", "visualeditor-dialog-transclusion-add-param-error-deprecated": "Message shown to an editor when they attempt adding a parameter which is deprecated.\n\nParameters:\n* $1 - The name of the parameter.",
"visualeditor-dialog-transclusion-add-param-error-exists-selected": "Message shown to an editor when they attempt adding a parameter which is already present and checked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.", "visualeditor-dialog-transclusion-add-param-error-exists-selected": "Message shown to an editor when they attempt adding a parameter which is already present and checked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.",
"visualeditor-dialog-transclusion-add-param-error-exists-unselected": "Message shown to an editor when they attempt adding a parameter which is already present and unchecked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.", "visualeditor-dialog-transclusion-add-param-error-exists-unselected": "Message shown to an editor when they attempt adding a parameter which is already present and unchecked in the sidebar.\n\nParameters:\n* $1 - The name of the parameter.",
"visualeditor-dialog-transclusion-add-param-error-forbidden-char": "Message shown to an editor when they attempt adding a parameter which contains forbidden characters.\n\nParameters:\n* $1 - The forbidden character.",
"visualeditor-dialog-transclusion-add-param-help": "Help text for new undocumented parameter input field.\n\nParameters:\n* $1 - The title of the template.", "visualeditor-dialog-transclusion-add-param-help": "Help text for new undocumented parameter input field.\n\nParameters:\n* $1 - The title of the template.",
"visualeditor-dialog-transclusion-add-param-placeholder": "Placeholder in the input field that adds a new undocumented parameter to a transcluded template.", "visualeditor-dialog-transclusion-add-param-placeholder": "Placeholder in the input field that adds a new undocumented parameter to a transcluded template.",
"visualeditor-dialog-transclusion-add-param-save": "Label for save button that adds a new undocumented parameter to a transcluded template.", "visualeditor-dialog-transclusion-add-param-save": "Label for save button that adds a new undocumented parameter to a transcluded template.",

2
modules/ve-mw/tests/ui/pages/ve.ui.MWAddParameterPage.test.js
View file

@ -45,6 +45,8 @@ QUnit.test( 'Outline item initialization', ( assert ) => {
[ [
[ '', 0 ], [ '', 0 ],
[ 'a', 0 ], [ 'a', 0 ],
[ 'a=b', '(visualeditor-dialog-transclusion-add-param-error-forbidden-char: =)' ],
[ 'x|a=b', '(visualeditor-dialog-transclusion-add-param-error-forbidden-char: |)' ],
[ 'used', '(visualeditor-dialog-transclusion-add-param-error-exists-selected: used, used)' ], [ 'used', '(visualeditor-dialog-transclusion-add-param-error-exists-selected: used, used)' ],
[ 'unused', '(visualeditor-dialog-transclusion-add-param-error-exists-unselected: unused, unused)' ], [ 'unused', '(visualeditor-dialog-transclusion-add-param-error-exists-unselected: unused, unused)' ],
[ 'usedAlias', '(visualeditor-dialog-transclusion-add-param-error-alias: usedAlias, x)' ], [ 'usedAlias', '(visualeditor-dialog-transclusion-add-param-error-alias: usedAlias, x)' ],

9
modules/ve-mw/ui/pages/ve.ui.MWAddParameterPage.js
View file

@ -89,11 +89,10 @@ OO.inheritClass( ve.ui.MWAddParameterPage, OO.ui.PageLayout );
*/ */
ve.ui.MWAddParameterPage.prototype.onParameterNameChanged = function ( value ) { ve.ui.MWAddParameterPage.prototype.onParameterNameChanged = function ( value ) {
var paramName = value.trim(), var paramName = value.trim(),
isValid = /^[^={|}]+$/.test( paramName ),
errors = this.getValidationErrors( paramName ); errors = this.getValidationErrors( paramName );
this.addParameterInputField.setErrors( errors ); this.addParameterInputField.setErrors( errors );
this.saveButton.setDisabled( !isValid || errors.length ); this.saveButton.setDisabled( !paramName || errors.length );
}; };
ve.ui.MWAddParameterPage.prototype.onParameterNameSubmitted = function () { ve.ui.MWAddParameterPage.prototype.onParameterNameSubmitted = function () {
@ -120,6 +119,12 @@ ve.ui.MWAddParameterPage.prototype.getValidationErrors = function ( name ) {
return []; return [];
} }
var forbiddenCharacter = name.match( /[={|}]/ );
if ( forbiddenCharacter ) {
return [ mw.message( 'visualeditor-dialog-transclusion-add-param-error-forbidden-char',
forbiddenCharacter[ 0 ] ).parseDom() ];
}
var key, var key,
spec = this.template.getSpec(); spec = this.template.getSpec();