r100796 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r100795‎ \| r100796 \| r100797 >
Date:	06:41, 26 October 2011
Author:	questpc
Status:	deferred
Tags:
Comment:	Fix is_numeric() issues. That also limits question ids, proposal ids and CSS width / height values to max 9999 (it is realistically enough).
Modified paths:	/trunk/extensions/QPoll/includes/qp_functionshook.php (modified) (history) /trunk/extensions/QPoll/qp_user.php (modified) (history) /trunk/extensions/QPoll/view/proposal/qp_textquestionproposalview.php (modified) (history) /trunk/extensions/QPoll/view/question/qp_textquestionview.php (modified) (history)

Diff [purge]

Index: trunk/extensions/QPoll/qp_user.php
—	—	@@ -144,6 +144,11 @@
145	145	const ERROR_MISSED_TITLE = 1;
146	146	const ERROR_INVALID_ADDRESS = 2;
147	147
	148	+ # matches string which contains integer number in range 0..9999
	149	+ const PREG_NON_NEGATIVE_INT4_MATCH = '/^(?:\d\|[1-9]\d{1,3})$/';
	150	+ # matches string which contains integer number in range 1..9999
	151	+ const PREG_POSITIVE_INT4_MATCH = '/^[1-9]\d{0,3}$/';
	152	+
148	153	static $pollTag = 'qpoll';
149	154	static $interpTag = 'qpinterpret';
150	155	# parser $interpTag hook output market list
Index: trunk/extensions/QPoll/includes/qp_functionshook.php
—	—	@@ -69,7 +69,7 @@
70	70	# get poll's proposal choice
71	71	$this->proposal_id = trim( $frame->expand( $args[ 2 ] ) );
72	72	$this->error_message = 'invalid_proposal_id';
73		~~- if ( is_numeric( $this->proposal_id ) && $this->proposal_id >= 0 ) {~~
	73	+ if ( preg_match( qp_Setup::PREG_NON_NEGATIVE_INT4_MATCH, $this->proposal_id ) ) {
74	74	$this->defaultProposalText = isset( $args[ 3 ] ) ? trim( $frame->expand( $args[ 3 ] ) ) : '';
75	75	$this->proposal_id = intval( $this->proposal_id );
76	76	$this->error_message = 'missing_proposal_id';
—	—	@@ -88,7 +88,7 @@
89	89	function getQuestionData( $qid ) {
90	90	$this->question_id = $qid;
91	91	$this->error_message = 'invalid_question_id';
92		~~- if ( is_numeric( $this->question_id ) ) {~~
	92	+ if ( preg_match( qp_Setup::PREG_POSITIVE_INT4_MATCH, $this->question_id ) ) {
93	93	$this->question_id = intval( $this->question_id );
94	94	$this->pollStore->loadQuestions();
95	95	$this->pollStore->setLastUser( qp_Setup::getCurrUserName(), false );
Index: trunk/extensions/QPoll/view/proposal/qp_textquestionproposalview.php
—	—	@@ -73,12 +73,8 @@
74	74	$val = &$viewtoken->attributes[$measurable];
75	75	if ( $val === null ) {
76	76	$val = 0;
77		~~- } elseif ( is_numeric( $val ) ) {~~
78		~~- if ( ( $val = intval( $val ) ) < 1 ) {~~
79		~~- $val = 0;~~
80		~~- }~~
81		~~- } else {~~
82		~~- $val = 'auto';~~
	77	+ } elseif ( $val !== 'auto' ) {
	78	+ $val = preg_match( qp_Setup::PREG_POSITIVE_INT4_MATCH, $val ) ? intval( $val ) : 0;
83	79	}
84	80	}
85	81	$this->viewtokens[] = $viewtoken;
Index: trunk/extensions/QPoll/view/question/qp_textquestionview.php
—	—	@@ -284,9 +284,8 @@
285	285	$this->transposed = strpos( $layout, 'transpose' ) !== false;
286	286	}
287	287	if ( $textwidth !== null ) {
288		~~- if ( is_numeric( $textwidth ) &&~~
289		~~- $textwidth = intval( $textwidth ) > 0 ) {~~
290		~~- $this->textInputStyle = 'width:' . $textwidth . 'em;';~~
	288	+ if ( preg_match( qp_Setup::PREG_POSITIVE_INT4_MATCH, $textwidth ) ) {
	289	+ $this->textInputStyle = "width:{$textwidth}em;";
291	290	} elseif ( $textwidth === 'auto' ) {
292	291	$this->textInputStyle = 'width:auto;';
293	292	}

Status & tagging log

19:35, 26 October 2011 😂 (talk | contribs) changed the status of r100796 [removed: new added: deferred]