r101524 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r101523‎ \| r101524 \| r101525 >
Date:	20:43, 1 November 2011
Author:	cryptocoryne
Status:	ok
Tags:
Comment:	fixed potential vulnerability and bad code
Modified paths:	/trunk/extensions/CheckUser/api/ApiQueryCheckUser.php (modified) (history) /trunk/extensions/CheckUser/api/ApiQueryCheckUserLog.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CheckUser/api/ApiQueryCheckUser.php
—	—	@@ -13,7 +13,9 @@
14	14
15	15	$db = $this->getDB( DB_SLAVE );
16	16	$params = $this->extractRequestParams();
17		~~- extract( $params );~~
	17	+
	18	+ list( $request, $target, $reason, $timecond, $limit, $xff ) = array( $params['request'],
	19	+ $params['target'], $params['reason'], $params['timecond'], $params['limit'], $params['xff'] );
18	20
19	21	if ( !$wgUser->isAllowed( 'checkuser' ) ) {
20	22	$this->dieUsage( 'You need the checkuser right', 'permissionerror' );
Index: trunk/extensions/CheckUser/api/ApiQueryCheckUserLog.php
—	—	@@ -16,8 +16,9 @@
17	17	if ( !$wgUser->isAllowed( 'checkuser-log' ) ) {
18	18	$this->dieUsage( 'You need the checkuser-log right', 'permissionerror' );
19	19	}
20		-
21		~~- extract( $params );~~
	20	+
	21	+ list( $user, $limit, $target, $from, $to ) = array( $params['user'], $params['limit'],
	22	+ $params['target'], $params['from'], $params['to'] );
22	23
23	24	$this->addTables( 'cu_log' );
24	25	$this->addOption( 'LIMIT', $limit + 1 );

Revision	Commit summary	Author	Date
r101329	Fixing and improvement code of CheckUser API module	cryptocoryne	00:09, 31 October 2011

08:26, 2 November 2011 Nikerabbit (talk | contribs) changed the status of r101524 [removed: new added: ok]