r102796 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r102795‎ | r102796 | r102797 >
Date:16:18, 11 November 2011
Author:catrope
Status:ok (Comments)
Tags:
Comment:
[RL2] Followup r102789, use bin2hex() instead of md5() to encode gadget IDs. Also apply this technique to repository IDs and category IDs used in preference section IDs; this is now possible because bin2hex() is easy to reverse (needed in preferencesGetLegend())
Modified paths:
  • /branches/RL2/extensions/Gadgets/Gadgets.hooks.php (modified) (history)

Diff [purge]

Index: branches/RL2/extensions/Gadgets/Gadgets.hooks.php
@@ -262,15 +262,21 @@
263263 );
264264
265265 // This loop adds the preferences for all gadgets, both local and remote
 266+ // We want to use gadget IDs in HTMLForm IDs and repo and category IDs
 267+ // in section IDs, but because certain characters are restricted
 268+ // (HTMLForm will barf on anything that's not a valid HTML ID, section IDs will
 269+ // get confused when dashes or slashes are added), we encode these things as hex
 270+ // so we know for sure they don't contain weird characters and are easy to decode
266271 $repos = GadgetRepo::getAllRepos();
267272 foreach ( $repos as $repo ) {
268 - $repoSource = $repo->getSource();
 273+ $encRepoSource = bin2hex( $repo->getSource() );
269274 $byCategory = $repo->getGadgetsByCategory();
270275 ksort( $byCategory );
271276 foreach ( $byCategory as $category => $gadgets ) {
 277+ $encCategory = bin2hex( $category );
272278 foreach ( $gadgets as $gadget ) {
273279 $id = $gadget->getId();
274 - $sectionCat = $category === '' ? '' : "/gadgetcategory-$repoSource-$category";
 280+ $sectionCat = $category === '' ? '' : "/gadgetcategory-$encRepoSource-$encCategory";
275281 if ( $repo->isLocal() ) {
276282 // For local gadgets we have all the information
277283 $title = htmlspecialchars( $gadget->getTitleMessage() );
@@ -286,18 +292,15 @@
287293 'label' => $text,
288294 'section' => "gadgets$sectionCat",
289295 'default' => $gadget->isEnabledForUser( $user ),
290 - // HTMLForm is very strict about the names/IDs it accepts
291 - // So specify a custom name that we know is safe and won't change
292 - 'name' => 'gadgetpref-' . md5( $id ),
 296+ 'name' => 'gadgetpref-' . bin2hex( $id ),
293297 );
294298 } else {
295299 $preferences["gadget-$id"] = array(
296300 'type' => 'toggle',
297301 'label' => htmlspecialchars( $id ), // will be changed by JS
298 - // TODO the below means source and category IDs can't contain slashes or dashes, enforce this
299 - 'section' => "gadgetsshared/gadgetrepo-$repoSource$sectionCat",
 302+ 'section' => "gadgetsshared/gadgetrepo-$encRepoSource$sectionCat",
300303 'cssclass' => 'mw-gadgets-shared-pref',
301 - 'name' => 'gadgetpref-' . md5( $id ),
 304+ 'name' => 'gadgetpref-' . bin2hex( $id ),
302305 // 'default' isn't in here by design: we don't want
303306 // enabledByDefault to be honored across wikis
304307 );
@@ -311,10 +314,12 @@
312315
313316 public static function preferencesGetLegend( $form, $key, &$legend ) {
314317 $matches = null;
315 - if ( preg_match( '/^(gadgetrepo|gadgetcategory-.*?)-(.*)$/', $key, $matches ) ) {
 318+ if ( preg_match( '/^(gadgetrepo|gadgetcategory-[A-Za-z0-9]*)-([A-Za-z0-9]*)$/', $key, $matches ) ) {
 319+ // Decode the category ID
 320+ $catID = pack( "H*", $matches[2] ); // PHP doesn't have hex2bin() yet
316321 // Just display the ID itself (with ucfirst applied)
317322 // This will be changed to a properly i18ned string by JS
318 - $legend = $form->getLang()->ucfirst( $matches[2] );
 323+ $legend = $form->getLang()->ucfirst( $catID );
319324 }
320325 return true;
321326 }

Follow-up revisions

RevisionCommit summaryAuthorDate
r102857[RL2] Update JS for r102796, IDs have been mangled by bin2hex(). Also fix glo...catrope11:34, 12 November 2011

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r102789[RL2] Use custom names and IDs for gadgets on the preferences page, and set t...catrope15:19, 11 November 2011

Comments

#Comment by Krinkle (talk | contribs)   22:14, 13 November 2011

Reminder for self to check and verify: Does this affect user_properties table (do hex get in there for either local or foreign gadgets). I don't think so, but just noting here for self to verify.

#Comment by Catrope (talk | contribs)   07:14, 14 November 2011

I checked this when writing r102857, and somewhat to my surprise, custom names for preference input fields worked fine.

#Comment by Krinkle (talk | contribs)   00:25, 15 November 2011

Yes, but what about existing preferences people have ? Do we have to migrate user_properties on wikis with existing gadgets during migration ?

#Comment by Catrope (talk | contribs)   09:44, 15 November 2011

No, because the preferences are still stored as 'gadget-$ID'. The u_p table still stores them that way even if you use custom field names in HTMLForm. This is the part that pleasantly surprised me :)

#Comment by Krinkle (talk | contribs)   18:33, 15 November 2011

Nice, Preferences is using the key of the $preferences array for the database and the name key of the array it contains for interaction with the front-end, mapping it both ways. Kinda makes sense since the array value is passed to HTMLForm (which operates independently), although within the preferences both will be the same in many cases.

#Comment by Catrope (talk | contribs)   18:34, 15 November 2011

Yeah, HTMLForm is saner than I thought in that respect :)

Status & tagging log