Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
59.42% covered (warning)
59.42%
82 / 138
14.29% covered (danger)
14.29%
2 / 14
CRAP
0.00% covered (danger)
0.00%
0 / 1
RollbackAction
59.42% covered (warning)
59.42%
82 / 138
14.29% covered (danger)
14.29%
2 / 14
153.33
0.00% covered (danger)
0.00%
0 / 1
 __construct
100.00% covered (success)
100.00%
6 / 6
100.00% covered (success)
100.00%
1 / 1
1
 getName
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 getRestriction
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 usesOOUI
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 getDescription
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 doesWrites
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 onSuccess
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 onSubmit
0.00% covered (danger)
0.00%
0 / 1
0.00% covered (danger)
0.00%
0 / 1
2
 alterForm
0.00% covered (danger)
0.00%
0 / 10
0.00% covered (danger)
0.00%
0 / 1
20
 show
0.00% covered (danger)
0.00%
0 / 6
0.00% covered (danger)
0.00%
0 / 1
12
 handleRollbackRequest
74.16% covered (warning)
74.16%
66 / 89
0.00% covered (danger)
0.00%
0 / 1
28.61
 enableTransactionalTimelimit
100.00% covered (success)
100.00%
10 / 10
100.00% covered (success)
100.00%
1 / 1
2
 showRollbackConfirmationForm
0.00% covered (danger)
0.00%
0 / 3
0.00% covered (danger)
0.00%
0 / 1
6
 getFormFields
0.00% covered (danger)
0.00%
0 / 7
0.00% covered (danger)
0.00%
0 / 1
2
1<?php
2/**
3 * Edit rollback user interface
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
18 *
19 * @file
20 * @ingroup Actions
21 */
22
23use MediaWiki\CommentFormatter\CommentFormatter;
24use MediaWiki\Config\ConfigException;
25use MediaWiki\Content\IContentHandlerFactory;
26use MediaWiki\Context\IContextSource;
27use MediaWiki\Deferred\DeferredUpdates;
28use MediaWiki\HTMLForm\HTMLForm;
29use MediaWiki\Linker\Linker;
30use MediaWiki\MainConfigNames;
31use MediaWiki\MediaWikiServices;
32use MediaWiki\Message\Message;
33use MediaWiki\Page\RollbackPageFactory;
34use MediaWiki\Revision\RevisionRecord;
35use MediaWiki\Revision\SlotRecord;
36use MediaWiki\User\Options\UserOptionsLookup;
37use MediaWiki\Watchlist\WatchlistManager;
38
39/**
40 * User interface for the rollback action
41 *
42 * @ingroup Actions
43 */
44class RollbackAction extends FormAction {
45
46    private IContentHandlerFactory $contentHandlerFactory;
47    private RollbackPageFactory $rollbackPageFactory;
48    private UserOptionsLookup $userOptionsLookup;
49    private WatchlistManager $watchlistManager;
50    private CommentFormatter $commentFormatter;
51
52    /**
53     * @param Article $article
54     * @param IContextSource $context
55     * @param IContentHandlerFactory $contentHandlerFactory
56     * @param RollbackPageFactory $rollbackPageFactory
57     * @param UserOptionsLookup $userOptionsLookup
58     * @param WatchlistManager $watchlistManager
59     * @param CommentFormatter $commentFormatter
60     */
61    public function __construct(
62        Article $article,
63        IContextSource $context,
64        IContentHandlerFactory $contentHandlerFactory,
65        RollbackPageFactory $rollbackPageFactory,
66        UserOptionsLookup $userOptionsLookup,
67        WatchlistManager $watchlistManager,
68        CommentFormatter $commentFormatter
69    ) {
70        parent::__construct( $article, $context );
71        $this->contentHandlerFactory = $contentHandlerFactory;
72        $this->rollbackPageFactory = $rollbackPageFactory;
73        $this->userOptionsLookup = $userOptionsLookup;
74        $this->watchlistManager = $watchlistManager;
75        $this->commentFormatter = $commentFormatter;
76    }
77
78    public function getName() {
79        return 'rollback';
80    }
81
82    public function getRestriction() {
83        return 'rollback';
84    }
85
86    protected function usesOOUI() {
87        return true;
88    }
89
90    protected function getDescription() {
91        return '';
92    }
93
94    public function doesWrites() {
95        return true;
96    }
97
98    public function onSuccess() {
99        return false;
100    }
101
102    public function onSubmit( $data ) {
103        return false;
104    }
105
106    protected function alterForm( HTMLForm $form ) {
107        $form->setWrapperLegendMsg( 'confirm-rollback-top' );
108        $form->setSubmitTextMsg( 'confirm-rollback-button' );
109        $form->setTokenSalt( 'rollback' );
110
111        $from = $this->getRequest()->getVal( 'from' );
112        if ( $from === null ) {
113            throw new BadRequestError( 'rollbackfailed', 'rollback-missingparam' );
114        }
115        foreach ( [ 'from', 'bot', 'hidediff', 'summary', 'token' ] as $param ) {
116            $val = $this->getRequest()->getVal( $param );
117            if ( $val !== null ) {
118                $form->addHiddenField( $param, $val );
119            }
120        }
121    }
122
123    /**
124     * @throws ErrorPageError
125     * @throws ReadOnlyError
126     * @throws ThrottledError
127     */
128    public function show() {
129        $this->setHeaders();
130        // This will throw exceptions if there's a problem
131        $this->checkCanExecute( $this->getUser() );
132
133        if ( !$this->userOptionsLookup->getOption( $this->getUser(), 'showrollbackconfirmation' ) ||
134            $this->getRequest()->wasPosted()
135        ) {
136            $this->handleRollbackRequest();
137        } else {
138            $this->showRollbackConfirmationForm();
139        }
140    }
141
142    public function handleRollbackRequest() {
143        $this->enableTransactionalTimelimit();
144        $this->getOutput()->addModuleStyles( 'mediawiki.interface.helpers.styles' );
145
146        $request = $this->getRequest();
147        $user = $this->getUser();
148        $from = $request->getVal( 'from' );
149        $rev = $this->getWikiPage()->getRevisionRecord();
150        if ( $from === null ) {
151            throw new ErrorPageError( 'rollbackfailed', 'rollback-missingparam' );
152        }
153        if ( !$rev ) {
154            throw new ErrorPageError( 'rollbackfailed', 'rollback-missingrevision' );
155        }
156
157        $revUser = $rev->getUser();
158        $userText = $revUser ? $revUser->getName() : '';
159        if ( $from !== $userText ) {
160            throw new ErrorPageError( 'rollbackfailed', 'alreadyrolled', [
161                $this->getTitle()->getPrefixedText(),
162                wfEscapeWikiText( $from ),
163                $userText
164            ] );
165        }
166
167        if ( !$user->matchEditToken( $request->getVal( 'token' ), 'rollback' ) ) {
168            throw new ErrorPageError( 'sessionfailure-title', 'sessionfailure' );
169        }
170
171        // The revision has the user suppressed, so the rollback has empty 'from',
172        // so the check above would succeed in that case.
173        // T307278 - Also check if the user has rights to view suppressed usernames
174        if ( !$revUser ) {
175            if ( $this->getAuthority()->isAllowedAny( 'suppressrevision', 'viewsuppressed' ) ) {
176                $revUser = $rev->getUser( RevisionRecord::RAW );
177            } else {
178                $userFactory = MediaWikiServices::getInstance()->getUserFactory();
179                $revUser = $userFactory->newFromName( $this->context->msg( 'rev-deleted-user' )->plain() );
180            }
181        }
182
183        $rollbackResult = $this->rollbackPageFactory
184            // @phan-suppress-next-line PhanTypeMismatchArgumentNullable use of raw avoids null here
185            ->newRollbackPage( $this->getWikiPage(), $this->getAuthority(), $revUser )
186            ->setSummary( $request->getText( 'summary' ) )
187            ->markAsBot( $request->getBool( 'bot' ) )
188            ->rollbackIfAllowed();
189        $data = $rollbackResult->getValue();
190
191        if ( $rollbackResult->hasMessage( 'actionthrottledtext' ) ) {
192            throw new ThrottledError;
193        }
194
195        # NOTE: Permission errors already handled by Action::checkExecute.
196        if ( $rollbackResult->hasMessage( 'readonlytext' ) ) {
197            throw new ReadOnlyError;
198        }
199
200        if ( $rollbackResult->getMessages() ) {
201            $this->getOutput()->setPageTitleMsg( $this->msg( 'rollbackfailed' ) );
202
203            foreach ( $rollbackResult->getMessages() as $msg ) {
204                $this->getOutput()->addWikiMsg( $msg );
205            }
206
207            if (
208                ( $rollbackResult->hasMessage( 'alreadyrolled' ) || $rollbackResult->hasMessage( 'cantrollback' ) )
209                && isset( $data['current-revision-record'] )
210            ) {
211                /** @var RevisionRecord $current */
212                $current = $data['current-revision-record'];
213
214                if ( $current->getComment() != null ) {
215                    $this->getOutput()->addWikiMsg(
216                        'editcomment',
217                        Message::rawParam(
218                            $this->commentFormatter
219                                ->format( $current->getComment()->text )
220                        )
221                    );
222                }
223            }
224
225            return;
226        }
227
228        /** @var RevisionRecord $current */
229        $current = $data['current-revision-record'];
230        $target = $data['target-revision-record'];
231        $newId = $data['newid'];
232        $this->getOutput()->setPageTitleMsg( $this->msg( 'actioncomplete' ) );
233        $this->getOutput()->setRobotPolicy( 'noindex,nofollow' );
234
235        $old = Linker::revUserTools( $current );
236        $new = Linker::revUserTools( $target );
237
238        $currentUser = $current->getUser( RevisionRecord::FOR_THIS_USER, $user );
239        $targetUser = $target->getUser( RevisionRecord::FOR_THIS_USER, $user );
240        $this->getOutput()->addHTML(
241            $this->msg( 'rollback-success' )
242                ->rawParams( $old, $new )
243                ->params( $currentUser ? $currentUser->getName() : '' )
244                ->params( $targetUser ? $targetUser->getName() : '' )
245                ->parseAsBlock()
246        );
247        // Load the mediawiki.misc-authed-curate module, so that we can fire the JavaScript
248        // postEdit hook on a successful rollback.
249        $this->getOutput()->addModules( 'mediawiki.misc-authed-curate' );
250        // Export a success flag to the frontend, so that the mediawiki.misc-authed-curate
251        // ResourceLoader module can use this as an indicator to fire the postEdit hook.
252        $this->getOutput()->addJsConfigVars( [
253            'wgRollbackSuccess' => true,
254            // Don't show an edit confirmation with mw.notify(), the rollback success page
255            // is already a visual confirmation.
256            'wgPostEditConfirmationDisabled' => true,
257        ] );
258
259        if ( $this->userOptionsLookup->getBoolOption( $user, 'watchrollback' ) ) {
260            $this->watchlistManager->addWatchIgnoringRights( $user, $this->getTitle() );
261        }
262
263        $this->getOutput()->returnToMain( false, $this->getTitle() );
264
265        if ( !$request->getBool( 'hidediff', false ) &&
266            !$this->userOptionsLookup->getBoolOption( $this->getUser(), 'norollbackdiff' )
267        ) {
268            $contentModel = $current->getSlot( SlotRecord::MAIN, RevisionRecord::RAW )
269                ->getModel();
270            $contentHandler = $this->contentHandlerFactory->getContentHandler( $contentModel );
271            $de = $contentHandler->createDifferenceEngine(
272                $this->getContext(),
273                $current->getId(),
274                $newId,
275                0,
276                true
277            );
278            $de->showDiff( '', '' );
279        }
280    }
281
282    /**
283     * Enables transactional time limit for POST and GET requests to RollbackAction
284     * @throws ConfigException
285     */
286    private function enableTransactionalTimelimit() {
287        // If Rollbacks are made POST-only, use $this->useTransactionalTimeLimit()
288        wfTransactionalTimeLimit();
289        if ( !$this->getRequest()->wasPosted() ) {
290            /**
291             * We apply the higher POST limits on GET requests
292             * to prevent logstash.wikimedia.org from being spammed
293             */
294            $fname = __METHOD__;
295            $trxLimits = $this->context->getConfig()->get( MainConfigNames::TrxProfilerLimits );
296            $trxProfiler = Profiler::instance()->getTransactionProfiler();
297            $trxProfiler->redefineExpectations( $trxLimits['POST'], $fname );
298            DeferredUpdates::addCallableUpdate( static function () use ( $trxProfiler, $trxLimits, $fname
299            ) {
300                $trxProfiler->redefineExpectations( $trxLimits['PostSend-POST'], $fname );
301            } );
302        }
303    }
304
305    private function showRollbackConfirmationForm() {
306        $form = $this->getForm();
307        if ( $form->show() ) {
308            $this->onSuccess();
309        }
310    }
311
312    protected function getFormFields() {
313        return [
314            'intro' => [
315                'type' => 'info',
316                'raw' => true,
317                'default' => $this->msg( 'confirm-rollback-bottom' )->parse()
318            ]
319        ];
320    }
321}