This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Wikibase\Repo\Specials; |
||
4 | |||
5 | use Html; |
||
6 | use HTMLForm; |
||
7 | use Status; |
||
8 | use Wikibase\DataModel\Entity\EntityDocument; |
||
9 | use Wikibase\DataModel\Entity\EntityId; |
||
10 | use Wikibase\Lib\MessageException; |
||
11 | use Wikibase\Lib\Store\EntityRevision; |
||
12 | use Wikibase\Lib\Store\EntityTitleLookup; |
||
13 | use Wikibase\Lib\Store\RevisionedUnresolvedRedirectException; |
||
14 | use Wikibase\Lib\Store\StorageException; |
||
15 | use Wikibase\Lib\Summary; |
||
16 | use Wikibase\Lib\UserInputException; |
||
17 | use Wikibase\Repo\ChangeOp\ChangeOp; |
||
18 | use Wikibase\Repo\ChangeOp\ChangeOpException; |
||
19 | use Wikibase\Repo\ChangeOp\ChangeOpValidationException; |
||
20 | use Wikibase\Repo\EditEntity\MediawikiEditEntityFactory; |
||
21 | use Wikibase\Repo\SummaryFormatter; |
||
22 | |||
23 | /** |
||
24 | * Abstract special page for modifying Wikibase entity. |
||
25 | * |
||
26 | * @license GPL-2.0-or-later |
||
27 | * @author Bene* < [email protected] > |
||
28 | * @author Daniel Kinzler |
||
29 | */ |
||
30 | abstract class SpecialModifyEntity extends SpecialWikibaseRepoPage { |
||
31 | |||
32 | /** |
||
33 | * @var EntityDocument|null |
||
34 | */ |
||
35 | private $entityForModification = null; |
||
36 | |||
37 | /** |
||
38 | * @var EntityId|null |
||
39 | */ |
||
40 | private $entityId; |
||
41 | |||
42 | /** |
||
43 | * @param string $title The title of the special page |
||
44 | * @param SpecialPageCopyrightView $copyrightView |
||
45 | * @param SummaryFormatter $summaryFormatter |
||
46 | * @param EntityTitleLookup $entityTitleLookup |
||
47 | * @param MediawikiEditEntityFactory $editEntityFactory |
||
48 | */ |
||
49 | public function __construct( |
||
50 | $title, |
||
51 | SpecialPageCopyrightView $copyrightView, |
||
52 | SummaryFormatter $summaryFormatter, |
||
53 | EntityTitleLookup $entityTitleLookup, |
||
54 | MediawikiEditEntityFactory $editEntityFactory |
||
55 | ) { |
||
56 | parent::__construct( |
||
57 | $title, |
||
58 | 'edit', |
||
59 | $copyrightView, |
||
60 | $summaryFormatter, |
||
61 | $entityTitleLookup, |
||
62 | $editEntityFactory |
||
63 | ); |
||
64 | } |
||
65 | |||
66 | public function doesWrites() { |
||
67 | return true; |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * Returns the ID of the Entity being modified. |
||
72 | * Returns null if no entity ID was specified in the request. |
||
73 | * |
||
74 | * @note The return value is undefined before prepareArguments() has been called. |
||
75 | * |
||
76 | * @return null|EntityId |
||
77 | */ |
||
78 | protected function getEntityId() { |
||
79 | return $this->entityId; |
||
80 | } |
||
81 | |||
82 | /** |
||
83 | * Returns the base revision. If no base revision ID was passed to prepareEditEntity(), |
||
84 | * this returns the latest revision. |
||
85 | * |
||
86 | * @throws UserInputException |
||
87 | * |
||
88 | * @return EntityRevision |
||
89 | */ |
||
90 | protected function getBaseRevision() { |
||
91 | $id = $this->getEntityId(); |
||
92 | try { |
||
93 | $baseRev = $this->getEditEntity()->getBaseRevision(); |
||
94 | |||
95 | if ( $baseRev === null ) { |
||
96 | throw new UserInputException( |
||
97 | 'wikibase-wikibaserepopage-invalid-id', |
||
98 | [ $id->getSerialization() ], |
||
99 | 'Entity ID "' . $id->getSerialization() . '" is unknown' |
||
100 | ); |
||
101 | } |
||
102 | } catch ( RevisionedUnresolvedRedirectException $ex ) { |
||
103 | throw new UserInputException( |
||
104 | 'wikibase-wikibaserepopage-unresolved-redirect', |
||
105 | [ $id->getSerialization() ], |
||
106 | 'Entity ID "' . $id->getSerialization() . '"" refers to a redirect' |
||
107 | ); |
||
108 | } catch ( StorageException $ex ) { |
||
109 | throw new UserInputException( |
||
110 | 'wikibase-wikibaserepopage-storage-exception', |
||
111 | [ $id->getSerialization(), $ex->getMessage() ], |
||
112 | 'Entity "' . $id->getSerialization() . '" could not be loaded' |
||
113 | ); |
||
114 | } |
||
115 | |||
116 | return $baseRev; |
||
117 | } |
||
118 | |||
119 | /** |
||
120 | * Returns the current revision. |
||
121 | * |
||
122 | * @throws UserInputException |
||
123 | * |
||
124 | * @return null|EntityRevision |
||
125 | */ |
||
126 | protected function getLatestRevision() { |
||
127 | $id = $this->getEntityId(); |
||
128 | try { |
||
129 | $baseRev = $this->getEditEntity()->getLatestRevision(); |
||
130 | |||
131 | if ( $baseRev === null ) { |
||
132 | throw new UserInputException( |
||
133 | 'wikibase-wikibaserepopage-invalid-id', |
||
134 | [ $id->getSerialization() ], |
||
135 | 'Entity ID "' . $id->getSerialization() . '" is unknown' |
||
136 | ); |
||
137 | } |
||
138 | } catch ( RevisionedUnresolvedRedirectException $ex ) { |
||
139 | throw new UserInputException( |
||
140 | 'wikibase-wikibaserepopage-unresolved-redirect', |
||
141 | [ $id->getSerialization() ], |
||
142 | 'Entity ID "' . $id->getSerialization() . '"" refers to a redirect' |
||
143 | ); |
||
144 | } catch ( StorageException $ex ) { |
||
145 | throw new UserInputException( |
||
146 | 'wikibase-wikibaserepopage-storage-exception', |
||
147 | [ $id->getSerialization(), $ex->getMessage() ], |
||
148 | 'Entity "' . $id->getSerialization() . '" could not be loaded' |
||
149 | ); |
||
150 | } |
||
151 | |||
152 | return $baseRev; |
||
153 | } |
||
154 | |||
155 | /** |
||
156 | * Returns the EntityDocument that is to be modified by code in this class (or subclasses). |
||
157 | * The first call to this method calls getBaseRevision(). |
||
158 | * |
||
159 | * @throws MessageException |
||
160 | * @throws UserInputException |
||
161 | * |
||
162 | * @return EntityDocument |
||
163 | */ |
||
164 | protected function getEntityForModification() { |
||
165 | if ( !$this->entityForModification ) { |
||
166 | $revision = $this->getBaseRevision(); |
||
167 | $this->entityForModification = $revision->getEntity()->copy(); |
||
168 | } |
||
169 | |||
170 | return $this->entityForModification; |
||
171 | } |
||
172 | |||
173 | /** |
||
174 | * Returns the EntityDocument that is to be shown by code in this class (or subclasses). |
||
175 | * The returns null if no entity ID was specified in the request. |
||
176 | * |
||
177 | * @throws MessageException |
||
178 | * @throws UserInputException |
||
179 | * |
||
180 | * @return EntityDocument|null |
||
181 | */ |
||
182 | protected function getEntityForDisplay() { |
||
183 | if ( $this->entityId ) { |
||
184 | $revision = $this->getBaseRevision(); |
||
185 | return $revision->getEntity(); |
||
186 | } |
||
187 | |||
188 | return null; |
||
189 | } |
||
190 | |||
191 | /** |
||
192 | * @see SpecialWikibasePage::execute |
||
193 | * |
||
194 | * @param string|null $subPage |
||
195 | */ |
||
196 | public function execute( $subPage ) { |
||
197 | parent::execute( $subPage ); |
||
198 | |||
199 | $this->checkPermissions(); |
||
200 | $this->checkBlocked(); |
||
201 | $this->checkReadOnly(); |
||
202 | |||
203 | $this->setHeaders(); |
||
204 | $this->outputHeader(); |
||
205 | |||
206 | try { |
||
207 | $this->processArguments( $subPage ); |
||
208 | $valid = $this->validateInput(); |
||
209 | |||
210 | if ( $valid && $this->isModificationRequested() ) { |
||
211 | $updatedEntity = $this->getEntityForModification(); |
||
212 | $summary = $this->modifyEntity( $updatedEntity ); |
||
213 | |||
214 | if ( $summary ) { |
||
215 | $token = $this->getRequest()->getRawVal( 'wpEditToken' ); |
||
216 | $status = $this->saveEntity( $updatedEntity, $summary, $token ); |
||
217 | |||
218 | $this->handleStatus( $status, $updatedEntity ); |
||
219 | return; |
||
220 | } |
||
221 | } |
||
222 | |||
223 | $entity = $this->getEntityForDisplay(); |
||
224 | $this->setForm( $entity ); |
||
225 | } catch ( UserInputException $ex ) { |
||
226 | $error = $this->msg( $ex->getKey(), $ex->getParams() )->parse(); |
||
227 | $this->showErrorHTML( $error ); |
||
228 | } |
||
229 | } |
||
230 | |||
231 | private function handleStatus( Status $status, EntityDocument $entity ) { |
||
232 | if ( $status->isOK() ) { |
||
233 | $entityUrl = $this->getEntityTitle( $this->getEntityId() )->getFullURL(); |
||
234 | $this->getOutput()->redirect( $entityUrl ); |
||
235 | } else { |
||
236 | $errors = $status->getErrorsArray(); |
||
237 | $this->showErrorHTML( $this->msg( $errors[0][0], array_slice( $errors[0], 1 ) )->parse() ); |
||
238 | $this->setForm( $entity ); |
||
239 | } |
||
240 | } |
||
241 | |||
242 | /** |
||
243 | * Prepares the arguments. |
||
244 | * |
||
245 | * @param string|null $subPage |
||
246 | */ |
||
247 | protected function processArguments( $subPage ) { |
||
248 | $parts = $subPage === '' ? [] : explode( '/', $subPage, 2 ); |
||
249 | |||
250 | $idString = $this->getRequest()->getVal( 'id', $parts[0] ?? null ); |
||
251 | $baseRevId = $this->getRequest()->getInt( 'revid', 0 ); |
||
252 | |||
253 | if ( !$idString ) { |
||
254 | return; |
||
255 | } |
||
256 | |||
257 | $this->entityId = $this->parseEntityId( $idString ); |
||
258 | |||
259 | $this->prepareEditEntity( $this->entityId, $baseRevId ); |
||
260 | } |
||
261 | |||
262 | /** |
||
263 | * Return the HTML form. |
||
264 | * |
||
265 | * @param EntityDocument|null $entity |
||
266 | * |
||
267 | * @return HTMLForm |
||
268 | */ |
||
269 | abstract protected function getForm( EntityDocument $entity = null ); |
||
270 | |||
271 | /** |
||
272 | * Building the HTML form for modifying an entity. |
||
273 | * |
||
274 | * @param EntityDocument|null $entity |
||
275 | */ |
||
276 | private function setForm( EntityDocument $entity = null ) { |
||
277 | $this->getOutput()->addHTML( $this->getCopyrightHTML() ); |
||
278 | |||
279 | if ( $this->getUser()->isAnon() ) { |
||
280 | $this->getOutput()->addHTML( Html::rawElement( |
||
281 | 'p', |
||
282 | [ 'class' => 'warning' ], |
||
283 | $this->msg( |
||
284 | 'wikibase-anonymouseditwarning', |
||
285 | $this->msg( 'wikibase-entity-item' )->text() |
||
286 | )->parse() |
||
287 | ) ); |
||
288 | } |
||
289 | |||
290 | $submitKey = 'wikibase-' . strtolower( $this->getName() ) . '-submit'; |
||
291 | |||
292 | $this->getForm( $entity ) |
||
293 | ->setId( 'wb-' . strtolower( $this->getName() ) . '-form1' ) |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
294 | ->setSubmitID( 'wb-' . strtolower( $this->getName() ) . '-submit' ) |
||
0 ignored issues
–
show
Loading history...
|
|||
295 | ->setSubmitName( $submitKey ) |
||
296 | ->setSubmitTextMsg( $submitKey ) |
||
297 | ->setWrapperLegend( $this->getDescription() ) |
||
298 | ->setSubmitCallback( function () { |
||
299 | // no-op |
||
300 | } )->show(); |
||
301 | } |
||
302 | |||
303 | /** |
||
304 | * @param EntityDocument|null $entity |
||
305 | * |
||
306 | * @return array |
||
307 | */ |
||
308 | protected function getFormElements( EntityDocument $entity = null ) { |
||
309 | $id = 'wb-modifyentity-id'; |
||
310 | |||
311 | return [ |
||
312 | 'id' => [ |
||
313 | 'name' => 'id', |
||
314 | 'label-message' => 'wikibase-modifyentity-id', |
||
315 | 'type' => 'text', |
||
316 | 'id' => $id, |
||
317 | 'default' => $entity === null ? '' : $entity->getId(), |
||
318 | ], |
||
319 | ]; |
||
320 | } |
||
321 | |||
322 | /** |
||
323 | * Validates form input. |
||
324 | * |
||
325 | * The default implementation does nothing. |
||
326 | * Subclasses should override this to detect otherwise incomplete or erroneous input. |
||
327 | * |
||
328 | * If this method returns false, the entity should not be updated and the user should be |
||
329 | * presented with an input form. Only if it returns true, and isModificationRequested() also |
||
330 | * returns true, the entity should be updated in the storage backend. |
||
331 | * |
||
332 | * @throws UserInputException if any of the provided input is invalid. If the input is |
||
333 | * merely incomplete, no exception should be raised. |
||
334 | * |
||
335 | * @return bool true if all input needed for modification has been supplied. |
||
336 | * false if the input is valid but incomplete, or if the input is invalid and |
||
337 | * showErrorHTML() has already been called to notify the user of the problem. |
||
338 | * The preferred way of indicating invalid input is however to throw a |
||
339 | * UserInputException. |
||
340 | */ |
||
341 | protected function validateInput() { |
||
342 | return $this->getEntityId() !== null; |
||
343 | } |
||
344 | |||
345 | /** |
||
346 | * Whether the current request is a request for modification (as opposed to a |
||
347 | * request for showing the input form). |
||
348 | * |
||
349 | * If this method returns false, the entity should not be updated and the user should be |
||
350 | * presented with an input form. Only if it returns true, and validateInput() also |
||
351 | * returns true, the entity should be updated in the storage backend. |
||
352 | * |
||
353 | * Undefined before processArguments() was called. |
||
354 | * |
||
355 | * @return bool |
||
356 | */ |
||
357 | protected function isModificationRequested() { |
||
358 | return $this->getRequest()->wasPosted(); |
||
359 | } |
||
360 | |||
361 | /** |
||
362 | * Modifies the entity. |
||
363 | * |
||
364 | * @param EntityDocument $entity |
||
365 | * |
||
366 | * @return Summary|bool |
||
367 | */ |
||
368 | abstract protected function modifyEntity( EntityDocument $entity ); |
||
369 | |||
370 | /** |
||
371 | * Applies the given ChangeOp to the given Entity. |
||
372 | * If validation fails, a ChangeOpValidationException is thrown. |
||
373 | * |
||
374 | * @param ChangeOp $changeOp |
||
375 | * @param EntityDocument $entity |
||
376 | * @param Summary|null $summary The summary object to update with information about the change. |
||
377 | * |
||
378 | * @throws ChangeOpException |
||
379 | */ |
||
380 | protected function applyChangeOp( ChangeOp $changeOp, EntityDocument $entity, Summary $summary = null ) { |
||
381 | // NOTE: always validate modification against the current revision! |
||
382 | // TODO: this should be re-engineered, see T126231 |
||
383 | $currentEntityRevision = $this->getLatestRevision(); |
||
384 | $result = $changeOp->validate( $currentEntityRevision->getEntity() ); |
||
385 | |||
386 | if ( !$result->isValid() ) { |
||
387 | throw new ChangeOpValidationException( $result ); |
||
388 | } |
||
389 | |||
390 | $changeOp->apply( $entity, $summary ); |
||
391 | } |
||
392 | |||
393 | } |
||
394 |