r105938 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r105937‎ \| r105938 \| r105939 >
Date:	22:12, 12 December 2011
Author:	khorn
Status:	deferred
Tags:	fundraising
Comment:	Data handling cleanup in DonationInterface, part 1 of [some]. in GatewayAdapter: Renamed getData_Raw to getData_Unstaged_Escaped Renamed the $raw_data member to $unstaged_data in DonationData: Created public functions getDataEscaped, getDataUnescaped, and getVal_Escaped Changed normalizeAndSanitize() so it will only normalize (with a name change to just "normalize") and moved the call to htmlspecialchars to a new public getDataEscaped function. (More visibility there) Because of the changes in the escaping, getVal now returns the unescaped value, and is protected for internal use only. Protected many functions intended only to be used by their containing object. Renamed all references to renamed functions and data members accordingly. Cleaned up some logging we don't have to do anymore, and added some we do.
Modified paths:	/trunk/extensions/DonationInterface/extras/conversion_log/conversion_log.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/custom_filters/custom_filters.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/custom_filters/filters/minfraud/minfraud.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/custom_filters/filters/referrer/referrer.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/custom_filters/filters/source/source.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/minfraud/minfraud.body.php (modified) (history) /trunk/extensions/DonationInterface/extras/recaptcha/recaptcha.body.php (modified) (history) /trunk/extensions/DonationInterface/gateway_common/DonationData.php (modified) (history) /trunk/extensions/DonationInterface/gateway_common/GatewayForm.php (modified) (history) /trunk/extensions/DonationInterface/gateway_common/donation.api.php (modified) (history) /trunk/extensions/DonationInterface/gateway_common/gateway.adapter.php (modified) (history) /trunk/extensions/DonationInterface/gateway_forms/Form.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect.adapter.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect_gateway.body.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect_resultswitcher.body.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphan_adapter.php (modified) (history) /trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphans.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/api_payflowpro_gateway.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php (modified) (history) /trunk/extensions/DonationInterface/tests/DonationDataTestCase.php (modified) (history) /trunk/extensions/DonationInterface/tests/DonationInterfaceTestCase.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/tests/DonationDataTestCase.php
—	—	@@ -94,7 +94,7 @@
95	95	*/
96	96	public function testConstruct(){
97	97	$ddObj = new DonationData(''); //as if we were posted.
98		~~- $returned = $ddObj->getData();~~
	98	+ $returned = $ddObj->getDataEscaped();
99	99	$expected = array( 'posted' => '',
100	100	'amount' => '0.00',
101	101	'email' => '',
—	—	@@ -150,7 +150,7 @@
151	151	*/
152	152	public function testConstructAsTest(){
153	153	$ddObj = new DonationData('', true); //test mode from the start, no data
154		~~- $returned = $ddObj->getData();~~
	154	+ $returned = $ddObj->getDataEscaped();
155	155	$expected = array(
156	156	'amount' => '35',
157	157	'email' => 'test@example.com',
—	—	@@ -213,7 +213,7 @@
214	214
215	215	$ddObj = new DonationData('');
216	216	$ddObj->populateData(true, $expected); //change to test mode with explicit test data
217		~~- $returned = $ddObj->getData();~~
	217	+ $returned = $ddObj->getDataEscaped();
218	218	//unset these, because they're always new
219	219	unset($returned['order_id']);
220	220	unset($expected['order_id']);
—	—	@@ -251,7 +251,7 @@
252	252	$data['amountGiven'] = 42.50;
253	253	//unset($data['zip']);
254	254	$ddObj = new DonationData('', true, $data);
255		~~- $returned = $ddObj->getData();~~
	255	+ $returned = $ddObj->getDataEscaped();
256	256	$this->assertEquals($returned['amount'], '42.50', "Amount was not properly reset");
257	257	$this->assertTrue(!(array_key_exists('amountGiven', $returned)), "amountGiven should have been removed from the data");
258	258	}
—	—	@@ -265,7 +265,7 @@
266	266	$data['amountGiven'] = 42.50;
267	267	//unset($data['zip']);
268	268	$ddObj = new DonationData('', true, $data);
269		~~- $returned = $ddObj->getData();~~
	269	+ $returned = $ddObj->getDataEscaped();
270	270	$this->assertEquals($returned['amount'], 88.15, "Amount was not properly reset");
271	271	$this->assertTrue(!(array_key_exists('amountGiven', $returned)), "amountGiven should have been removed from the data");
272	272	}
—	—	@@ -279,7 +279,7 @@
280	280	$data['amountOther'] = 3.25;
281	281	//unset($data['zip']);
282	282	$ddObj = new DonationData('', true, $data);
283		~~- $returned = $ddObj->getData();~~
	283	+ $returned = $ddObj->getDataEscaped();
284	284	$this->assertEquals($returned['amount'], 3.25, "Amount was not properly reset");
285	285	$this->assertTrue(!(array_key_exists('amountOther', $returned)), "amountOther should have been removed from the data");
286	286	}
—	—	@@ -294,7 +294,7 @@
295	295	$data['amountOther'] = 'macedonia';
296	296	//unset($data['zip']);
297	297	$ddObj = new DonationData('', true, $data);
298		~~- $returned = $ddObj->getData();~~
	298	+ $returned = $ddObj->getDataEscaped();
299	299	$this->assertEquals($returned['amount'], 0.00, "Amount was not properly reset");
300	300	$this->assertTrue(!(array_key_exists('amountOther', $returned)), "amountOther should have been removed from the data");
301	301	$this->assertTrue(!(array_key_exists('amountGiven', $returned)), "amountGiven should have been removed from the data");
Index: trunk/extensions/DonationInterface/tests/DonationInterfaceTestCase.php
—	—	@@ -274,7 +274,7 @@
275	275	*/
276	276	public function getExpectedXmlRequestForGlobalCollect( $optionsForTestData, $options = array() ) {
277	277
278		~~- $orderId = $this->gatewayAdapter->getData_Raw( 'order_id' );~~
	278	+ $orderId = $this->gatewayAdapter->getData_Unstaged_Escaped( 'order_id' );
279	279
280	280	$expected = '<?xml version="1.0"?>' . "\n";
281	281	$expected .= '<XML>';
Index: trunk/extensions/DonationInterface/payflowpro_gateway/api_payflowpro_gateway.php
—	—	@@ -156,7 +156,7 @@
157	157	//instantiate a new DonationData that behaves like it's owned by the correct gateway.
158	158	$donationDataObj = new DonationData( $gateway_class, false, $tracking_data );
159	159	// fetch the order_id
160		~~- $order_id = $donationDataObj->getVal( 'order_id' );~~
	160	+ $order_id = $donationDataObj->getVal_Escaped( 'order_id' );
161	161
162	162	// fetch the CSRF prevention token and set it if it's not already set
163	163	$token = $donationDataObj->token_getSaltedSessionToken();
Index: trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
—	—	@@ -83,7 +83,7 @@
84	84	}
85	85	}
86	86
87		~~- $data = $this->adapter->getData_Raw();~~
	87	+ $data = $this->adapter->getData_Unstaged_Escaped();
88	88	$msgPrefix = $data['order_id'] . ' ' . $data['i_order_id'] . ' ';
89	89
90	90	// if approved, display results and send transaction to the queue
Index: trunk/extensions/DonationInterface/extras/custom_filters/custom_filters.body.php
—	—	@@ -59,7 +59,7 @@
60	60	$this->gateway_adapter->setValidationAction( $localAction );
61	61
62	62	$log_msg = '"' . $localAction . "\"\t\"" . $this->risk_score . "\"";
63		~~- $this->log( $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Filtered', $log_msg );~~
	63	+ $this->log( $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Filtered', $log_msg );
64	64	return TRUE;
65	65	}
66	66
Index: trunk/extensions/DonationInterface/extras/custom_filters/filters/source/source.body.php
—	—	@@ -21,7 +21,7 @@
22	22
23	23	public function filter() {
24	24	// pull out the source from the filter object
25		~~- $source = $this->gateway_adapter->getData_Raw( 'utm_source' );~~
	25	+ $source = $this->gateway_adapter->getData_Unstaged_Escaped( 'utm_source' );
26	26
27	27	// a very complex filtering algorithm for sources
28	28	$srcRules = $this->gateway_adapter->getGlobal( 'CustomFiltersSrcRules' );
—	—	@@ -38,7 +38,7 @@
39	39	$log_msg .= "\t\"" . addslashes( $regex ) . "\"";
40	40	$log_msg .= "\t\"" . $this->cfo->risk_score . "\"";
41	41	$this->log(
42		~~- $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Filter: Source', $log_msg~~
	42	+ $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Filter: Source', $log_msg
43	43	);
44	44	}
45	45	}
Index: trunk/extensions/DonationInterface/extras/custom_filters/filters/minfraud/minfraud.body.php
—	—	@@ -17,7 +17,7 @@
18	18	return TRUE;
19	19	}
20	20
21		~~- $minfraud_query = $this->build_query( $this->gateway_adapter->getData_Raw() );~~
	21	+ $minfraud_query = $this->build_query( $this->gateway_adapter->getData_Unstaged_Escaped() );
22	22	$this->query_minfraud( $minfraud_query );
23	23
24	24
Index: trunk/extensions/DonationInterface/extras/custom_filters/filters/referrer/referrer.body.php
—	—	@@ -21,7 +21,7 @@
22	22
23	23	public function filter() {
24	24	// pull out the referrer from the gateway_adapter
25		~~- $referrer = $this->gateway_adapter->getData_Raw( 'referrer' );~~
	25	+ $referrer = $this->gateway_adapter->getData_Unstaged_Escaped( 'referrer' );
26	26
27	27	// a very complex filtering algorithm for referrers
28	28	$refRules = $this->gateway_adapter->getGlobal( 'CustomFiltersRefRules' );
—	—	@@ -38,7 +38,7 @@
39	39	$log_msg .= "\t\"" . addslashes( $regex ) . "\"";
40	40	$log_msg .= "\t\"" . $this->cfo->risk_score . "\"";
41	41	$this->log(
42		~~- $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Filter: Referrer', $log_msg~~
	42	+ $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Filter: Referrer', $log_msg
43	43	);
44	44	}
45	45	}
Index: trunk/extensions/DonationInterface/extras/minfraud/minfraud.body.php
—	—	@@ -68,7 +68,7 @@
69	69	return TRUE;
70	70	}
71	71
72		~~- $minfraud_query = $this->build_query( $this->gateway_adapter->getData_Raw() );~~
	72	+ $minfraud_query = $this->build_query( $this->gateway_adapter->getData_Unstaged_Escaped() );
73	73	$this->query_minfraud( $minfraud_query );
74	74	$localAction = $this->determine_action( $this->minfraud_response['riskScore'] );
75	75	$this->gateway_adapter->setValidationAction( $localAction );
—	—	@@ -76,7 +76,7 @@
77	77	// reset the data hash
78	78	$this->gateway_adapter->unsetHash();
79	79	$this->gateway_adapter->setActionHash( $this->generate_hash( $localAction ) );
80		~~- $this->gateway_adapter->setHash( $this->generate_hash( $this->gateway_adapter->getData_Raw() ) );~~
	80	+ $this->gateway_adapter->setHash( $this->generate_hash( $this->gateway_adapter->getData_Unstaged_Escaped() ) );
81	81
82	82	// Write the query/response to the log
83	83	$this->log_query( $minfraud_query, $localAction );
—	—	@@ -88,13 +88,13 @@
89	89	*/
90	90	public function log_query( $minfraud_query, $action ) {
91	91	if ( $this->log_fh ) {
92		~~- $log_message = '"' . addslashes( $this->gateway_adapter->getData_Raw( 'comment' ) ) . '"';~~
93		~~- $log_message .= "\t" . '"' . addslashes( $this->gateway_adapter->getData_Raw( 'amount' ) . ' ' . $this->gateway_adapter->getData_Raw( 'currency_code' ) ) . '"';~~
	92	+ $log_message = '"' . addslashes( $this->gateway_adapter->getData_Unstaged_Escaped( 'comment' ) ) . '"';
	93	+ $log_message .= "\t" . '"' . addslashes( $this->gateway_adapter->getData_Unstaged_Escaped( 'amount' ) . ' ' . $this->gateway_adapter->getData_Unstaged_Escaped( 'currency_code' ) ) . '"';
94	94	$log_message .= "\t" . '"' . addslashes( json_encode( $minfraud_query ) ) . '"';
95	95	$log_message .= "\t" . '"' . addslashes( json_encode( $this->minfraud_response ) ) . '"';
96	96	$log_message .= "\t" . '"' . addslashes( $action ) . '"';
97		~~- $log_message .= "\t" . '"' . addslashes( $this->gateway_adapter->getData_Raw( 'referrer' ) ) . '"';~~
98		~~- $this->log( $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'minFraud query', $log_message );~~
	97	+ $log_message .= "\t" . '"' . addslashes( $this->gateway_adapter->getData_Unstaged_Escaped( 'referrer' ) ) . '"';
	98	+ $this->log( $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'minFraud query', $log_message );
99	99	}
100	100	}
101	101
—	—	@@ -111,7 +111,7 @@
112	112	*/
113	113	public function can_bypass_minfraud() {
114	114	// if the data bits data_hash and action are not set, we need to hit minFraud
115		~~- $localdata = $this->gateway_adapter->getData_Raw();~~
	115	+ $localdata = $this->gateway_adapter->getData_Unstaged_Escaped();
116	116	if ( !isset($localdata['data_hash']) \|\| !strlen( $localdata['data_hash'] ) \|\| !isset($localdata['action']) \|\| !strlen( $localdata['action'] ) ) {
117	117	return FALSE;
118	118	}
—	—	@@ -123,7 +123,7 @@
124	124	// compare the data hash to make sure it's legit
125	125	if ( $this->compare_hash( $data_hash, serialize( $localdata ) ) ) {
126	126
127		~~- $this->gateway_adapter->setHash( $this->generate_hash( $this->gateway_adapter->getData_Raw() ) ); // hash the data array~~
	127	+ $this->gateway_adapter->setHash( $this->generate_hash( $this->gateway_adapter->getData_Unstaged_Escaped() ) ); // hash the data array
128	128	// check to see if we have a valid action set for us to bypass minfraud
129	129	$actions = array( 'process', 'challenge', 'review', 'reject' );
130	130	$action_hash = $localdata['action']; // a hash of the action to take passed in by the form submission
Index: trunk/extensions/DonationInterface/extras/conversion_log/conversion_log.body.php
—	—	@@ -11,7 +11,7 @@
12	12	// if the trxn has been outright rejected, log it
13	13	if ( $this->gateway_adapter->getValidationAction() == 'reject' ) {
14	14	$this->log(
15		~~- $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Rejected'~~
	15	+ $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Rejected'
16	16	);
17	17	return TRUE;
18	18	}
—	—	@@ -21,7 +21,7 @@
22	22	return FALSE;
23	23
24	24	$this->log(
25		- $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), "Gateway response: " . addslashes( $this->gateway_adapter->getTransactionMessage() ), '"' . addslashes( json_encode( $this->gateway_adapter->getTransactionData() ) ) . '"'
	25	+ $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), "Gateway response: " . addslashes( $this->gateway_adapter->getTransactionMessage() ), '"' . addslashes( json_encode( $this->gateway_adapter->getTransactionData() ) ) . '"'
26	26	);
27	27	return TRUE;
28	28	}
Index: trunk/extensions/DonationInterface/extras/recaptcha/recaptcha.body.php
—	—	@@ -42,12 +42,12 @@
43	43	$captcha_resp = $this->check_captcha();
44	44	if ( $captcha_resp->is_valid ) {
45	45	// if validated, update the action and move on
46		~~- $this->log( $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Captcha passed' );~~
	46	+ $this->log( $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Captcha passed' );
47	47	$this->gateway_adapter->setValidationAction( 'process' );
48	48	return TRUE;
49	49	} else {
50	50	$this->recap_err = $captcha_resp->error;
51		~~- $this->log( $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Captcha failed' );~~
	51	+ $this->log( $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Captcha failed' );
52	52	}
53	53	}
54	54	// display captcha
—	—	@@ -64,7 +64,7 @@
65	65	$useSSL = $this->gateway_adapter->getGlobal( 'RecaptchaUseSSL' );
66	66
67	67	// log that a captcha's been triggered
68		~~- $this->log( $this->gateway_adapter->getData_Raw( 'contribution_tracking_id' ), 'Captcha triggered' );~~
	68	+ $this->log( $this->gateway_adapter->getData_Unstaged_Escaped( 'contribution_tracking_id' ), 'Captcha triggered' );
69	69
70	70	// construct the HTML used to display the captcha
71	71	$captcha_html = Xml::openElement( 'div', array( 'id' => 'mw-donate-captcha' ) );
—	—	@@ -76,7 +76,7 @@
77	77
78	78	//TODO: use setValidationErrors and getValidationErrors everywhere, and
79	79	//refactor all the form constructors one more time. Eventually.
80		~~- $data = $this->gateway_adapter->getData_Raw();~~
	80	+ $data = $this->gateway_adapter->getData_Unstaged_Escaped();
81	81	$errors = $this->gateway_adapter->getValidationErrors();
82	82	$form_obj = new $form_class( $this->gateway_adapter, $errors );
83	83
Index: trunk/extensions/DonationInterface/gateway_forms/Form.php
—	—	@@ -84,7 +84,7 @@
85	85
86	86	$this->gateway = & $gateway;
87	87	$this->test = $this->gateway->getGlobal( "Test" );
88		~~- $this->form_data = $this->gateway->getData_Raw();~~
	88	+ $this->form_data = $this->gateway->getData_Unstaged_Escaped();
89	89	$this->form_errors = & $error;
90	90
91	91	/**
Index: trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect_resultswitcher.body.php
—	—	@@ -89,7 +89,7 @@
90	90	$this->setHeaders();
91	91
92	92	if ( $forbidden ){
93		~~- $this->adapter->log( "Resultswitcher: Request forbidden. " . $f_message . " Querystring Order ID: $qs_oid Adapter Order ID: " . $this->adapter->getData_Raw( 'order_id' ) );~~
	93	+ $this->adapter->log( "Resultswitcher: Request forbidden. " . $f_message . " Querystring Order ID: $qs_oid Adapter Order ID: " . $this->adapter->getData_Unstaged_Escaped( 'order_id' ) );
94	94	return;
95	95	} else {
96	96	$this->adapter->log( "Resultswitcher: OK to process Order ID: " . $qs_oid );
—	—	@@ -101,7 +101,7 @@
102	102	$oid = $wgRequest->getText( 'order_id' );
103	103
104	104	//this next block is for credit card coming back from GC. Only that. Nothing else, ever.
105		~~- if ( $this->adapter->getData_Raw( 'payment_method') === 'cc' ) {~~
	105	+ if ( $this->adapter->getData_Unstaged_Escaped( 'payment_method') === 'cc' ) {
106	106	if ( !array_key_exists( 'order_status', $_SESSION ) \|\| !array_key_exists( $oid, $_SESSION['order_status'] ) \|\| !is_array( $_SESSION['order_status'][$oid] ) ) {
107	107	$_SESSION['order_status'][$oid] = $this->adapter->do_transaction( 'Confirm_CreditCard' );
108	108	$_SESSION['order_status'][$oid]['data']['count'] = 0;
—	—	@@ -148,7 +148,7 @@
149	149	function getDeclinedResultPage() {
150	150	global $wgOut;
151	151
152		~~- $displayData = $this->adapter->getData_Raw();~~
	152	+ $displayData = $this->adapter->getData_Unstaged_Escaped();
153	153	$failpage = $this->adapter->getFailPage();
154	154
155	155	if ( $failpage ) {
Index: trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphans.php
—	—	@@ -109,7 +109,7 @@
110	110	$final .= " Status $status = $count\n";
111	111	}
112	112	}
113		-
	113	+ $this->adapter->log($final);
114	114	echo $final;
115	115	}
116	116
Index: trunk/extensions/DonationInterface/globalcollect_gateway/scripts/orphan_adapter.php
—	—	@@ -36,7 +36,7 @@
37	37	//re-init all these arrays, because this is a batch thing.
38	38	$this->hard_data = array( );
39	39	$this->transaction_results = array( );
40		~~- $this->raw_data = array( );~~
	40	+ $this->unstaged_data = array( );
41	41	$this->staged_data = array( );
42	42
43	43	$this->hard_data['order_id'] = $data['order_id'];
—	—	@@ -44,7 +44,7 @@
45	45
46	46	$this->dataObj = new DonationData( get_called_class(), false, $data );
47	47
48		~~- $this->raw_data = $this->dataObj->getData();~~
	48	+ $this->unstaged_data = $this->dataObj->getDataEscaped();
49	49
50	50	if ( $useDB ){
51	51	$this->hard_data = array_merge( $this->hard_data, $this->getUTMInfoFromDB() );
—	—	@@ -61,7 +61,7 @@
62	62	}
63	63	$this->reAddHardData();
64	64
65		~~- $this->staged_data = $this->raw_data;~~
	65	+ $this->staged_data = $this->unstaged_data;
66	66
67	67	$this->setPostDefaults();
68	68	$this->defineTransactions();
—	—	@@ -86,7 +86,7 @@
87	87	//anywhere else, and this would constitute abuse of the system.
88	88	//so don't do it.
89	89	foreach ( $this->hard_data as $key => $val ) {
90		~~- $this->raw_data[$key] = $val;~~
	90	+ $this->unstaged_data[$key] = $val;
91	91	$this->staged_data[$key] = $val;
92	92	}
93	93	}
—	—	@@ -95,7 +95,7 @@
96	96	switch ( $transaction ) {
97	97	case 'SET_PAYMENT':
98	98	case 'CANCEL_PAYMENT':
99		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ": CVV: " . $this->getData_Raw( 'cvv_result' ) . ": AVS: " . $this->getData_Raw( 'avs_result' ) );~~
	99	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ": CVV: " . $this->getData_Unstaged_Escaped( 'cvv_result' ) . ": AVS: " . $this->getData_Unstaged_Escaped( 'avs_result' ) );
100	100	//and then go on, unless you're testing, in which case:
101	101	// return "NOPE";
102	102	// break;
—	—	@@ -130,7 +130,7 @@
131	131	return null;
132	132	}
133	133
134		~~- $ctid = $this->getData_Raw( 'contribution_tracking_id' );~~
	134	+ $ctid = $this->getData_Unstaged_Escaped( 'contribution_tracking_id' );
135	135
136	136	$data = array( );
137	137
—	—	@@ -191,11 +191,11 @@
192	192	return;
193	193	}
194	194
195		~~- if ( !is_null( $this->getData_Raw( 'date' ) ) ) {~~
196		~~- $timestamp = $this->getData_Raw( 'date' );~~
	195	+ if ( !is_null( $this->getData_Unstaged_Escaped( 'date' ) ) ) {
	196	+ $timestamp = $this->getData_Unstaged_Escaped( 'date' );
197	197	} else {
198		~~- if ( !is_null( $this->getData_Raw( 'ts' ) ) ) {~~
199		~~- $timestamp = strtotime( $this->getData_Raw( 'ts' ) ); //I hate that this works.~~
	198	+ if ( !is_null( $this->getData_Unstaged_Escaped( 'ts' ) ) ) {
	199	+ $timestamp = strtotime( $this->getData_Unstaged_Escaped( 'ts' ) ); //I hate that this works.
200	200	} else {
201	201	$timestamp = time();
202	202	}
—	—	@@ -208,7 +208,7 @@
209	209	'gateway_txn_id' => $this->getTransactionGatewayTxnID(),
210	210	//'language' => '',
211	211	);
212		~~- $transaction += $this->getData_Raw();~~
	212	+ $transaction += $this->getData_Unstaged_Escaped();
213	213
214	214	try {
215	215	wfRunHooks( $hook, array( $transaction ) );
Index: trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect_gateway.body.php
—	—	@@ -190,7 +190,7 @@
191	191
192	192	//TODO: Get rid of $data out here completely, by putting this logic inside the adapter somewhere.
193	193	//All we seem to be doing with it now, is internal adapter logic outside of the adapter.
194		~~- $data = $this->adapter->getData_Raw();~~
	194	+ $data = $this->adapter->getData_Unstaged_Escaped();
195	195
196	196	// If the result of the previous transaction was failure, set the retry message.
197	197	if ( $data && array_key_exists( 'response', $data ) && $data['response'] == 'failure' ) {
Index: trunk/extensions/DonationInterface/globalcollect_gateway/globalcollect.adapter.php
—	—	@@ -1093,9 +1093,9 @@
1094	1094	$is_orphan = false;
1095	1095	if ( count( $addme ) ){ //nothing unusual here.
1096	1096	$this->addData( $addme );
1097		~~- $logmsg = $this->getData_Raw( 'contribution_tracking_id' ) . ': ';~~
1098		~~- $logmsg .= 'CVV Result: ' . $this->getData_Raw( 'cvv_result' );~~
1099		~~- $logmsg .= ', AVS Result: ' . $this->getData_Raw( 'avs_result' );~~
	1097	+ $logmsg = $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ': ';
	1098	+ $logmsg .= 'CVV Result: ' . $this->getData_Unstaged_Escaped( 'cvv_result' );
	1099	+ $logmsg .= ', AVS Result: ' . $this->getData_Unstaged_Escaped( 'avs_result' );
1100	1100	self::log( $logmsg );
1101	1101	} else { //this is an orphan transaction.
1102	1102	$this->staged_data['order_id'] = $this->staged_data['i_order_id'];
—	—	@@ -1128,9 +1128,9 @@
1129	1129	$gotCVV = true;
1130	1130	$this->addData( $addme );
1131	1131	$this->staged_data['order_id'] = $this->staged_data['i_order_id'];
1132		~~- $logmsg = $this->getData_Raw( 'contribution_tracking_id' ) . ': ';~~
1133		~~- $logmsg .= 'CVV Result: ' . $this->getData_Raw( 'cvv_result' );~~
1134		~~- $logmsg .= ', AVS Result: ' . $this->getData_Raw( 'avs_result' );~~
	1132	+ $logmsg = $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ': ';
	1133	+ $logmsg .= 'CVV Result: ' . $this->getData_Unstaged_Escaped( 'cvv_result' );
	1134	+ $logmsg .= ', AVS Result: ' . $this->getData_Unstaged_Escaped( 'avs_result' );
1135	1135	self::log( $logmsg );
1136	1136	$this->runPreProcessHooks();
1137	1137	$status_result['action'] = $this->getValidationAction();
—	—	@@ -1241,7 +1241,7 @@
1242	1242
1243	1243	if ( $problemflag ){
1244	1244	//we have probably had a communication problem that could mean stranded payments.
1245		~~- $problemmessage = $this->getData_Raw( 'contribution_tracking_id' ) . ':' . $this->getData_Raw( 'order_id' ) . ' ' . $problemmessage;~~
	1245	+ $problemmessage = $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ':' . $this->getData_Unstaged_Escaped( 'order_id' ) . ' ' . $problemmessage;
1246	1246	self::log( $problemmessage );
1247	1247	//hurm. It would be swell if we had a message that told the user we had some kind of internal error.
1248	1248	$ret = array(
—	—	@@ -1271,7 +1271,7 @@
1272	1272	$xmlString = $this->stripXMLResponseHeaders( $rawResponse );
1273	1273	$displayXML = $this->formatXmlString( $xmlString );
1274	1274	$realXML = new DomDocument( '1.0' );
1275		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ": Raw XML Response:\n" . $displayXML ); //I am apparently a huge fibber.~~
	1275	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ": Raw XML Response:\n" . $displayXML ); //I am apparently a huge fibber.
1276	1276	$realXML->loadXML( trim( $xmlString ) );
1277	1277	return $realXML;
1278	1278	}
—	—	@@ -1665,7 +1665,7 @@
1666	1666	//set the transaction result message
1667	1667	$responseStatus = isset( $response['STATUSID'] ) ? $response['STATUSID'] : '';
1668	1668	$this->setTransactionResult( "Response Status: " . $responseStatus, 'txn_message' ); //TODO: Translate for GC.
1669		~~- $this->setTransactionResult( $this->getData_Raw( 'order_id' ), 'gateway_txn_id' );~~
	1669	+ $this->setTransactionResult( $this->getData_Unstaged_Escaped( 'order_id' ), 'gateway_txn_id' );
1670	1670	}
1671	1671
1672	1672	/**
—	—	@@ -2042,7 +2042,7 @@
2043	2043	// Get the default returnto
2044	2044	$returnto = $this->getData_Staged( 'returnto' );
2045	2045
2046		~~- if ( $this->getData_Raw( 'payment_method' ) === 'cc' ){~~
	2046	+ if ( $this->getData_Unstaged_Escaped( 'payment_method' ) === 'cc' ){
2047	2047
2048	2048	// Add order ID to the returnto URL, only if it's not already there.
2049	2049	//TODO: This needs to be more robust (like actually pulling the
—	—	@@ -2063,7 +2063,7 @@
2064	2064
2065	2065	protected function pre_process_insert_orderwithpayment(){
2066	2066	$this->incrementNumAttempt();
2067		~~- if ( $this->getData_Raw( 'payment_method' ) === 'cc' ){~~
	2067	+ if ( $this->getData_Unstaged_Escaped( 'payment_method' ) === 'cc' ){
2068	2068	$this->addDonorDataToSession();
2069	2069	}
2070	2070	}
—	—	@@ -2084,7 +2084,7 @@
2085	2085	}
2086	2086
2087	2087	protected function pre_process_get_orderstatus(){
2088		~~- if ( $this->getData_Raw( 'payment_method' ) === 'cc' ){~~
	2088	+ if ( $this->getData_Unstaged_Escaped( 'payment_method' ) === 'cc' ){
2089	2089	$this->runPreProcessHooks();
2090	2090	}
2091	2091	}
—	—	@@ -2094,13 +2094,13 @@
2095	2095	* determine if we want to fail the transaction ourselves or not.
2096	2096	*/
2097	2097	public function getCVVResult(){
2098		~~- if ( is_null( $this->getData_Raw( 'cvv_result' ) ) ){~~
	2098	+ if ( is_null( $this->getData_Unstaged_Escaped( 'cvv_result' ) ) ){
2099	2099	return null;
2100	2100	}
2101	2101
2102	2102	$cvv_map = $this->getGlobal( 'CvvMap' );
2103	2103
2104		~~- $result = $cvv_map[$this->getData_Raw( 'cvv_result' )];~~
	2104	+ $result = $cvv_map[$this->getData_Unstaged_Escaped( 'cvv_result' )];
2105	2105	return $result;
2106	2106
2107	2107	}
—	—	@@ -2110,7 +2110,7 @@
2111	2111	* determine if we want to fail the transaction ourselves or not.
2112	2112	*/
2113	2113	public function getAVSResult(){
2114		~~- if ( is_null( $this->getData_Raw( 'avs_result' ) ) ){~~
	2114	+ if ( is_null( $this->getData_Unstaged_Escaped( 'avs_result' ) ) ){
2115	2115	return null;
2116	2116	}
2117	2117	//Best guess here:
—	—	@@ -2118,7 +2118,7 @@
2119	2119
2120	2120	$avs_map = $this->getGlobal( 'AvsMap' );
2121	2121
2122		~~- $result = $avs_map[$this->getData_Raw( 'avs_result' )];~~
	2122	+ $result = $avs_map[$this->getData_Unstaged_Escaped( 'avs_result' )];
2123	2123	return $result;
2124	2124	}
2125	2125
Index: trunk/extensions/DonationInterface/gateway_common/gateway.adapter.php
—	—	@@ -163,7 +163,7 @@
164	164	protected $staged_vars = array();
165	165	protected $return_value_map;
166	166	protected $staged_data;
167		~~- protected $raw_data;~~
	167	+ protected $unstaged_data;
168	168	protected $postdatadefaults;
169	169	protected $xmlDoc;
170	170	protected $dataObj;
—	—	@@ -221,8 +221,8 @@
222	222
223	223	$this->dataObj = new DonationData( get_called_class(), self::getGlobal( 'Test' ), $external_data );
224	224
225		~~- $this->raw_data = $this->dataObj->getData();~~
226		~~- $this->staged_data = $this->raw_data;~~
	225	+ $this->unstaged_data = $this->dataObj->getDataEscaped();
	226	+ $this->staged_data = $this->unstaged_data;
227	227
228	228	$this->posted = ( $this->dataObj->wasPosted() && ( !is_null( $wgRequest->getVal( 'numAttempt', null ) ) ) );
229	229
—	—	@@ -284,7 +284,7 @@
285	285	$page = self::getGlobal( "FailPage" );
286	286	if ( $page ) {
287	287
288		~~- $language = $this->getData_Raw( 'language' );~~
	288	+ $language = $this->getData_Unstaged_Escaped( 'language' );
289	289
290	290	$page .= '?uselang=' . $language;
291	291	}
—	—	@@ -300,7 +300,7 @@
301	301	* @return string A URL
302	302	*/
303	303	protected function appendLanguageAndMakeURL( $url ){
304		~~- $language = $this->getData_Raw( 'language' );~~
	304	+ $language = $this->getData_Unstaged_Escaped( 'language' );
305	305	//make sure we don't already have the language in there...
306	306	$dirs = explode('/', $url);
307	307	if ( !is_array($dirs) \|\| !in_array( $language, $dirs ) ){
—	—	@@ -387,20 +387,17 @@
388	388	/**
389	389	* This is the ONLY getData type function anything should be using
390	390	* outside the adapter.
391		~~- * Please note that in this case, raw means it's been normalized and~~
392		~~- * sanitized by DonationData. Mostly, we qualify it as "raw" because it's~~
393		~~- * not been staged for this adapter.~~
394	391	* @param string $val The specific key you're looking for (if any)
395	392	* @return mixed An array of all the raw, unstaged (but normalized and
396	393	* sanitized) data sent to the adapter, or if $val was set, either the
397	394	* specific value held for $val, or null if none exists.
398	395	*/
399		~~- public function getData_Raw( $val = '' ) {~~
	396	+ public function getData_Unstaged_Escaped( $val = '' ) {
400	397	if ( $val === '' ) {
401		~~- return $this->raw_data;~~
	398	+ return $this->unstaged_data;
402	399	} else {
403		~~- if ( array_key_exists( $val, $this->raw_data ) ) {~~
404		~~- return $this->raw_data[$val];~~
	400	+ if ( array_key_exists( $val, $this->unstaged_data ) ) {
	401	+ return $this->unstaged_data[$val];
405	402	} else {
406	403	return null;
407	404	}
—	—	@@ -798,9 +795,7 @@
799	796	//reset, in case this isn't our first time.
800	797	$this->transaction_results = array();
801	798	$this->setValidationAction('process', true);
802		-
803		~~- $this->log( 'ReferrerHeaderTest (' . $this->getData_Raw( 'contribution_tracking_id' ) . "): Value @ do_transaction = " . $this->getData_Raw( 'referrer' ) );~~
804		-
	799	+
805	800	try {
806	801	$this->setCurrentTransaction( $transaction );
807	802
—	—	@@ -948,7 +943,7 @@
949	944	}
950	945
951	946	// log that the transaction is essentially complete
952		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . " Transaction complete." );~~
	947	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . " Transaction complete." );
953	948
954	949	$this->debugarray[] = 'numAttempt = ' . $this->getData_Staged('numAttempt');
955	950
—	—	@@ -1031,7 +1026,7 @@
1032	1027	*/
1033	1028	public function getPaymentMethod() {
1034	1029
1035		~~- return $this->getData_Raw('payment_method');~~
	1030	+ return $this->getData_Unstaged_Escaped('payment_method');
1036	1031	}
1037	1032
1038	1033	/**
—	—	@@ -1066,7 +1061,7 @@
1067	1062	*/
1068	1063	public function getPaymentSubmethod() {
1069	1064
1070		~~- return $this->getData_Raw('payment_submethod');~~
	1065	+ return $this->getData_Unstaged_Escaped('payment_submethod');
1071	1066	}
1072	1067
1073	1068	/**
—	—	@@ -1131,15 +1126,15 @@
1132	1127	$results = array();
1133	1128
1134	1129	while ( $i++ <= 3 ) {
1135		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ' Preparing to send transaction to ' . self::getGatewayName() );~~
	1130	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ' Preparing to send transaction to ' . self::getGatewayName() );
1136	1131	$results['result'] = curl_exec( $ch );
1137	1132	$results['headers'] = curl_getinfo( $ch );
1138	1133
1139	1134	if ( $results['headers']['http_code'] != 200 && $results['headers']['http_code'] != 403 ) {
1140		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ' Failed sending transaction to ' . self::getGatewayName() . ', retrying' );~~
	1135	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ' Failed sending transaction to ' . self::getGatewayName() . ', retrying' );
1141	1136	sleep( 1 );
1142	1137	} elseif ( $results['headers']['http_code'] == 200 \|\| $results['headers']['http_code'] == 403 ) {
1143		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ' Finished sending transaction to ' . self::getGatewayName() );~~
	1138	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ' Finished sending transaction to ' . self::getGatewayName() );
1144	1139	break;
1145	1140	}
1146	1141	}
—	—	@@ -1151,7 +1146,7 @@
1152	1147	//TODO: i18n here!
1153	1148	//TODO: But also, fire off some kind of "No response from the gateway" thing to somebody so we know right away.
1154	1149	$results['message'] = 'No response from ' . self::getGatewayName() . '. Please try again later!';
1155		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ' No response from ' . self::getGatewayName() . ': ' . curl_error( $ch ) );~~
	1150	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ' No response from ' . self::getGatewayName() . ': ' . curl_error( $ch ) );
1156	1151	curl_close( $ch );
1157	1152	return false;
1158	1153	}
—	—	@@ -1315,7 +1310,7 @@
1316	1311	}
1317	1312
1318	1313	$params = array(
1319		~~- 'contribution_id' => $this->dataObj->getVal( 'contribution_tracking_id' ),~~
	1314	+ 'contribution_id' => $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ),
1320	1315	'duration' => $this->getStopwatch( $function ),
1321	1316	'gateway' => self::getGatewayName(),
1322	1317	'function' => $function,
—	—	@@ -1510,7 +1505,7 @@
1511	1506	'gateway_txn_id' => $this->getTransactionGatewayTxnID(),
1512	1507	//'language' => '',
1513	1508	);
1514		~~- $transaction += $this->getData_Raw();~~
	1509	+ $transaction += $this->getData_Unstaged_Escaped();
1515	1510
1516	1511	try {
1517	1512	wfRunHooks( $hook, array( $transaction ) );
—	—	@@ -1532,7 +1527,7 @@
1533	1528	return;
1534	1529	}
1535	1530
1536		~~- if ($this->getData_Raw( 'payment_method' ) === 'cc'){~~
	1531	+ if ($this->getData_Unstaged_Escaped( 'payment_method' ) === 'cc'){
1537	1532	global $wgCCLimboStompQueueName;
1538	1533	if ( !isset( $wgCCLimboStompQueueName ) \|\| $wgCCLimboStompQueueName === false ){
1539	1534	return;
—	—	@@ -1554,7 +1549,7 @@
1555	1550	'date' => time(),
1556	1551	'gateway_txn_id' => $this->getTransactionGatewayTxnID(),
1557	1552	'correlation-id' => $this->getCorrelationID(),
1558		~~- 'payment_method' => $this->getData_Raw( 'payment_method' ),~~
	1553	+ 'payment_method' => $this->getData_Unstaged_Escaped( 'payment_method' ),
1559	1554	'antimessage' => 'true'
1560	1555	);
1561	1556	} else {
—	—	@@ -1563,14 +1558,14 @@
1564	1559	'date' => time(),
1565	1560	'gateway_txn_id' => $this->getTransactionGatewayTxnID(),
1566	1561	'correlation-id' => $this->getCorrelationID(),
1567		~~- 'payment_method' => $this->getData_Raw( 'payment_method' ),~~
	1562	+ 'payment_method' => $this->getData_Unstaged_Escaped( 'payment_method' ),
1568	1563	);
1569	1564
1570		~~- $raw_data = array();~~
	1565	+ $unstaged_local = array();
1571	1566	foreach ( $stomp_fields as $field ){
1572		~~- $raw_data[$field] = $this->getData_Raw( $field );~~
	1567	+ $unstaged_local[$field] = $this->getData_Unstaged_Escaped( $field );
1573	1568	}
1574		~~- $transaction = array_merge( $raw_data, $transaction );~~
	1569	+ $transaction = array_merge( $unstaged_local, $transaction );
1575	1570	}
1576	1571
1577	1572	try {
—	—	@@ -1581,7 +1576,7 @@
1582	1577	}
1583	1578
1584	1579	protected function getCorrelationID(){
1585		~~- return $this->getIdentifier() . '-' . $this->getData_Raw('order_id');~~
	1580	+ return $this->getIdentifier() . '-' . $this->getData_Unstaged_Escaped('order_id');
1586	1581	}
1587	1582
1588	1583	function smooshVarsForStaging() {
—	—	@@ -1670,7 +1665,7 @@
1671	1666	}
1672	1667
1673	1668	function getPaypalRedirectURL() {
1674		~~- $currency = $this->getData_Raw( 'currency_code' );~~
	1669	+ $currency = $this->getData_Unstaged_Escaped( 'currency_code' );
1675	1670
1676	1671	// update the utm source to set the payment instrument to pp rather than cc
1677	1672	$data['payment_method'] = 'pp';
—	—	@@ -1720,9 +1715,9 @@
1721	1716	);
1722	1717	$ret = array();
1723	1718	foreach ( $paypalkeys as $key ){
1724		~~- $val = $this->getData_Raw( $key );~~
	1719	+ $val = $this->getData_Unstaged_Escaped( $key );
1725	1720	if (!is_null( $val )){
1726		~~- $ret[$key] = $this->getData_Raw( $key );~~
	1721	+ $ret[$key] = $this->getData_Unstaged_Escaped( $key );
1727	1722	}
1728	1723	}
1729	1724	return $ret;
—	—	@@ -1932,9 +1927,9 @@
1933	1928	*/
1934	1929	function runPreProcessHooks() {
1935	1930	// allow any external validators to have their way with the data
1936		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . " Preparing to query MaxMind" );~~
	1931	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . " Preparing to query MaxMind" );
1937	1932	wfRunHooks( 'GatewayValidate', array( &$this ) );
1938		~~- self::log( $this->getData_Raw( 'contribution_tracking_id' ) . ' Finished querying Maxmind' );~~
	1933	+ self::log( $this->getData_Unstaged_Escaped( 'contribution_tracking_id' ) . ' Finished querying Maxmind' );
1939	1934
1940	1935	//DO NOT set some variable as getValidationAction() here, and keep
1941	1936	//checking that. getValidationAction could change with each one of these
—	—	@@ -2004,7 +1999,7 @@
2005	2000	/**
2006	2001	* Instead of pulling all the DonationData back through to update one local
2007	2002	* value, use this. It updates both staged_data (which is intended to be
2008		~~- * staged and used _just_ by the gateway) and raw_data, which is actually~~
	2003	+ * staged and used _just_ by the gateway) and unstaged_data, which is actually
2009	2004	* just normalized and sanitized form data as entered by the user.
2010	2005	*
2011	2006	* TODO: handle the cases where $val is listed in the gateway adapter's
—	—	@@ -2016,13 +2011,13 @@
2017	2012	* our DonationData object.
2018	2013	*/
2019	2014	function refreshGatewayValueFromSource( $val ) {
2020		~~- $refreshed = $this->dataObj->getVal( $val );~~
	2015	+ $refreshed = $this->dataObj->getVal_Escaped( $val );
2021	2016	if ( !is_null($refreshed) ){
2022	2017	$this->staged_data[$val] = $refreshed;
2023		~~- $this->raw_data[$val] = $refreshed;~~
	2018	+ $this->unstaged_data[$val] = $refreshed;
2024	2019	} else {
2025	2020	unset( $this->staged_data[$val] );
2026		~~- unset( $this->raw_data[$val] );~~
	2021	+ unset( $this->unstaged_data[$val] );
2027	2022	}
2028	2023	}
2029	2024
Index: trunk/extensions/DonationInterface/gateway_common/donation.api.php
—	—	@@ -44,7 +44,7 @@
45	45	$this->dieUsage( "Invalid gateway <<<$gateway>>> passed to Donation API.", 'unknown_gateway' );
46	46	}
47	47
48		~~- //$normalizedData = $gatewayObj->getData_Raw();~~
	48	+ //$normalizedData = $gatewayObj->getData_Unstaged_Escaped();
49	49	$outputResult = array();
50	50	$outputResult['message'] = $result['message'];
51	51	$outputResult['status'] = $result['status'];
Index: trunk/extensions/DonationInterface/gateway_common/DonationData.php
—	—	@@ -18,7 +18,7 @@
19	19	$this->populateData( $test, $data );
20	20	}
21	21
22		~~- function populateData( $test = false, $external_data = false ) {~~
	22	+ protected function populateData( $test = false, $external_data = false ) {
23	23	global $wgRequest;
24	24	$this->normalized = array( );
25	25	if ( is_array( $external_data ) ){
—	—	@@ -107,25 +107,12 @@
108	108	}
109	109	}
110	110
111		~~- $posted_referrer = $wgRequest->getVal( 'referrer' );~~
112		~~- $tries = array(~~
113		~~- 'referer',~~
114		~~- 'referrer',~~
115		~~- 'Referer',~~
116		~~- 'Referrer'~~
117		~~- );~~
118		~~- foreach ($tries as $trythis){~~
119		~~- $header[$trythis] = $wgRequest->getHeader( $trythis );~~
120		~~- }~~
121		-
122		- $this->log( 'ReferrerHeaderTest (' . $this->getVal( 'contribution_tracking_id' ) . "): Posted = $posted_referrer, Header Tries = " . print_r($header, true) . ', Final = ' . $this->getVal('referrer') );
123		-
124	111	//if we have saved any donation data to the session, pull them in as well.
125	112	$this->integrateDataFromSession();
126	113
127	114	$this->doCacheStuff();
128	115
129		~~- $this->normalizeAndSanitize();~~
	116	+ $this->normalize();
130	117
131	118	}
132	119
—	—	@@ -134,7 +121,7 @@
135	122	* If donor session data has been set, pull the fields in the session that
136	123	* are populated, and merge that with the data set we already have.
137	124	*/
138		~~- function integrateDataFromSession(){~~
	125	+ protected function integrateDataFromSession(){
139	126	if ( self::sessionExists() && array_key_exists( 'Donor', $_SESSION ) ) {
140	127	//if the thing coming in from the session isn't already something,
141	128	//replace it.
—	—	@@ -153,14 +140,27 @@
154	141	}
155	142	}
156	143	}
157		~~- $this->log( 'ReferrerHeaderTest (' . $this->getVal( 'contribution_tracking_id' ) . "): Final After Session Integration = " . $this->getVal('referrer') );~~
158	144	}
159	145
160		~~- function getData() {~~
	146	+ /**
	147	+ * Returns an array of normalized and escaped donation data
	148	+ * @return array
	149	+ */
	150	+ public function getDataEscaped() {
	151	+ $escaped = $this->normalized;
	152	+ array_walk( $escaped, array( $this, 'sanitizeInput' ) );
	153	+ return $escaped;
	154	+ }
	155	+
	156	+ /**
	157	+ * Returns an array of normalized (but unescaped) donation data
	158	+ * @return array
	159	+ */
	160	+ public function getDataUnescaped() {
161	161	return $this->normalized;
162	162	}
163	163
164		~~- function populateData_Test( $testdata = false ) {~~
	164	+ protected function populateData_Test( $testdata = false ) {
165	165	// define arrays of cc's and cc #s for random selection
166	166	$cards = array( 'american' );
167	167	$card_nums = array(
—	—	@@ -234,7 +234,7 @@
235	235	* @param string $key The field you would like to determine if it exists or not.
236	236	* @return boolean true if the field is something. False if it is null, or an empty string.
237	237	*/
238		~~- function isSomething( $key ) {~~
	238	+ public function isSomething( $key ) {
239	239	if ( array_key_exists( $key, $this->normalized ) ) {
240	240	if ( is_null($this->normalized[$key]) \|\| $this->normalized[$key] === '' ) {
241	241	return false;
—	—	@@ -245,8 +245,27 @@
246	246	}
247	247	}
248	248
249		~~- function getVal( $key ) {~~
	249	+ /**
	250	+ * getVal_Escaped
	251	+ * @param string $key The data field you would like to retrieve.
	252	+ * @return mixed The normalized and escaped value of that $key.
	253	+ */
	254	+ public function getVal_Escaped( $key ) {
250	255	if ( $this->isSomething( $key ) ) {
	256	+ return $this->sanitizeInput( $this->normalized[$key] );
	257	+ } else {
	258	+ return null;
	259	+ }
	260	+ }
	261	+
	262	+ /**
	263	+ * getVal
	264	+ * For Internal Use Only! External objects should use getVal_Escaped.
	265	+ * @param string $key The data field you would like to retrieve.
	266	+ * @return mixed The normalized value of that $key.
	267	+ */
	268	+ protected function getVal( $key ) {
	269	+ if ( $this->isSomething( $key ) ) {
251	270	return $this->normalized[$key];
252	271	} else {
253	272	return null;
—	—	@@ -270,7 +289,7 @@
271	290
272	291	/**
273	292	* Returns an array of all the fields that get re-calculated during a
274		~~- * normalizeAndSanitize.~~
	293	+ * normalize.
275	294	* This will most likely be used on the outside when in the process of
276	295	* adding data.
277	296	* @return array An array of values matching all recauculated fields.
—	—	@@ -293,10 +312,10 @@
294	313	}
295	314
296	315	/**
297		~~- * Normalizes and Sanitizes the current set of data, just after it's been~~
	316	+ * Normalizes the current set of data, just after it's been
298	317	* pulled (or re-pulled) from a source.
299	318	*/
300		~~- function normalizeAndSanitize() {~~
	319	+ function normalize() {
301	320	if ( !empty( $this->normalized ) ) {
302	321	$this->setUtmSource();
303	322	$this->setNormalizedAmount();
—	—	@@ -307,12 +326,11 @@
308	327	$this->setCountry();
309	328	$this->handleContributionTrackingID();
310	329	$this->setCurrencyCode();
311		~~- array_walk( $this->normalized, array( $this, 'sanitizeInput' ) );~~
312	330	}
313	331	}
314	332
315	333	/**
316		~~- * normalizeAndSanitize helper function~~
	334	+ * normalize helper function
317	335	* Setting the country correctly.
318	336	*/
319	337	function setCountry() {
—	—	@@ -331,7 +349,7 @@
332	350	}
333	351
334	352	/**
335		~~- * normalizeAndSanitize helper function~~
	353	+ * normalize helper function
336	354	* Setting the currency code correctly.
337	355	*/
338	356	function setCurrencyCode() {
—	—	@@ -358,7 +376,7 @@
359	377	}
360	378
361	379	/**
362		~~- * normalizeAndSanitize helper function.~~
	380	+ * normalize helper function.
363	381	* Assures that if no contribution_tracking_id is present, a row is created
364	382	* in the Contribution tracking table, and that row is assigned to the
365	383	* current contribution we're tracking.
—	—	@@ -403,7 +421,7 @@
404	422	}
405	423
406	424	/**
407		~~- * normalizeAndSanitize helper function.~~
	425	+ * normalize helper function.
408	426	* Takes all possible sources for the intended donation amount, and
409	427	* normalizes them into the 'amount' field.
410	428	*/
—	—	@@ -420,7 +438,7 @@
421	439	}
422	440
423	441	/**
424		~~- * normalizeAndSanitize helper function.~~
	442	+ * normalize helper function.
425	443	* Ensures that order_id and i_order_id are ready to go, depending on what
426	444	* comes in populated or not, and where it came from.
427	445	* @return null
—	—	@@ -459,22 +477,21 @@
460	478	* Intended to be used with something like array_walk.
461	479	*
462	480	* @param $value The value of the array
463		~~- * @param $key The key of the array~~
464	481	* @param $flags The flag constant for htmlspecialchars
465	482	* @param $double_encode Whether or not to double-encode strings
466	483	*/
467		~~- public function sanitizeInput( &$value, $key, $flags=ENT_COMPAT, $double_encode=false ) {~~
	484	+ protected function sanitizeInput( &$value, $flags=ENT_COMPAT, $double_encode=false ) {
468	485	$value = htmlspecialchars( $value, $flags, 'UTF-8', $double_encode );
469	486	}
470	487
471		~~- function log( $message, $log_level=LOG_INFO ) {~~
	488	+ protected function log( $message, $log_level=LOG_INFO ) {
472	489	$c = $this->getAdapterClass();
473	490	if ( $c && is_callable( array( $c, 'log' ) )){
474	491	$c::log( $message, $log_level );
475	492	}
476	493	}
477	494
478		~~- function getGatewayIdentifier() {~~
	495	+ protected function getGatewayIdentifier() {
479	496	$c = $this->getAdapterClass();
480	497	if ( $c && is_callable( array( $c, 'getIdentifier' ) ) ){
481	498	return $c::getIdentifier();
—	—	@@ -483,7 +500,7 @@
484	501	}
485	502	}
486	503
487		~~- function getGatewayGlobal( $varname ) {~~
	504	+ protected function getGatewayGlobal( $varname ) {
488	505	$c = $this->getAdapterClass();
489	506	if ( $c && is_callable( array( $c, 'getGlobal' ) ) ){
490	507	return $c::getGlobal( $varname );
—	—	@@ -493,24 +510,24 @@
494	511	}
495	512
496	513	/**
497		~~- * normalizeAndSanitize helper function.~~
	514	+ * normalize helper function.
498	515	* Sets the gateway to be the gateway that called this class in the first
499	516	* place.
500	517	*/
501		~~- function setGateway() {~~
	518	+ protected function setGateway() {
502	519	//TODO: Hum. If we have some other gateway in the form data, should we go crazy here? (Probably)
503	520	$gateway = $this->gatewayID;
504	521	$this->setVal( 'gateway', $gateway );
505	522	}
506	523
507	524	/**
508		~~- * normalizeAndSanitize helper function.~~
	525	+ * normalize helper function.
509	526	* If the language has not yet been set or is not valid, pulls the language code
510	527	* from the current global language object.
511	528	* Also sets the premium_language as the calculated language if it's not
512	529	* already set coming in (had been defaulting to english).
513	530	*/
514		~~- function setLanguage() {~~
	531	+ protected function setLanguage() {
515	532	global $wgLang;
516	533	$language = false;
517	534
—	—	@@ -545,7 +562,7 @@
546	563	* @global bool $wgUseSquid
547	564	* @global type $wgOut
548	565	*/
549		~~- function doCacheStuff() {~~
	566	+ protected function doCacheStuff() {
550	567	//TODO: Wow, name.
551	568	// if _cache_ is requested by the user, do not set a session/token; dynamic data will be loaded via ajax
552	569	if ( $this->isCaching() ) {
—	—	@@ -563,7 +580,7 @@
564	581	}
565	582	}
566	583
567		~~- function getAnnoyingOrderIDLogLinePrefix() {~~
	584	+ protected function getAnnoyingOrderIDLogLinePrefix() {
568	585	//TODO: ...aww. But it's so descriptive.
569	586	return $this->getVal( 'order_id' ) . ' ' . $this->getVal( 'i_order_id' ) . ': ';
570	587	}
—	—	@@ -577,6 +594,8 @@
578	595	* a security risk for non-authenticated users. Until this is
579	596	* resolved in $wgUser, we'll use our own methods for token
580	597	* handling.
	598	+ *
	599	+ * Public so the api can get to it.
581	600	*
582	601	* @return string
583	602	*/
—	—	@@ -602,7 +621,7 @@
603	622	* In the case where we have an expired session (token mismatch), we go
604	623	* ahead and fix it for 'em for their next post.
605	624	*/
606		~~- function token_refreshAllTokenEverything(){~~
	625	+ protected function token_refreshAllTokenEverything(){
607	626	$unsalted = self::token_generateToken();
608	627	$gateway_ident = $this->gatewayID;
609	628	self::ensureSession();
—	—	@@ -611,7 +630,7 @@
612	631	$this->setVal( 'token', $salted );
613	632	}
614	633
615		~~- function token_applyMD5AndSalt( $clear_token ){~~
	634	+ protected function token_applyMD5AndSalt( $clear_token ){
616	635	$salt = $this->getGatewayGlobal( 'Salt' );
617	636
618	637	if ( is_array( $salt ) ) {
—	—	@@ -640,7 +659,7 @@
641	660	* @var string $val
642	661	* @return bool
643	662	*/
644		~~- function token_matchEditToken( $val ) {~~
	663	+ protected function token_matchEditToken( $val ) {
645	664	// fetch a salted version of the session token
646	665	$sessionSaltedToken = $this->token_getSaltedSessionToken();
647	666	if ( $val != $sessionSaltedToken ) {
—	—	@@ -657,7 +676,7 @@
658	677	* If we do not have a session set for the current user,
659	678	* start the session.
660	679	*/
661		~~- public static function ensureSession() {~~
	680	+ protected static function ensureSession() {
662	681	// if the session is already started, do nothing
663	682	if ( self::sessionExists() )
664	683	return;
—	—	@@ -670,7 +689,7 @@
671	690	* Checks to see if the session exists without actually creating one.
672	691	* @return bool true if we have a session, otherwise false.
673	692	*/
674		~~- public static function sessionExists() {~~
	693	+ protected static function sessionExists() {
675	694	if ( session_id() )
676	695	return true;
677	696	return false;
—	—	@@ -711,7 +730,7 @@
712	731	}
713	732
714	733	/**
715		~~- * normalizeAndSanitize helper function.~~
	734	+ * normalize helper function.
716	735	*
717	736	* Checks to see if the utm_source is set properly for the credit card
718	737	* form including any cc form variants (identified by utm_source_id). If
—	—	@@ -768,7 +787,7 @@
769	788	* NOTE: If you prune here, and there is a paypal redirect, you will have
770	789	* problems with the email-opt/optout and comment-option/anonymous.
771	790	*/
772		~~- function setNormalizedOptOuts( $prune = false ) {~~
	791	+ protected function setNormalizedOptOuts( $prune = false ) {
773	792	$optout['optout'] = ( $this->isSomething( 'email-opt' ) && $this->getVal( 'email-opt' ) == "1" ) ? '0' : '1';
774	793	$optout['anonymous'] = ( $this->isSomething( 'comment-option' ) && $this->getVal( 'comment-option' ) == "1" ) ? '0' : '1';
775	794	foreach ( $optout as $thing => $stuff ) {
—	—	@@ -969,7 +988,7 @@
970	989	}
971	990	}
972	991	}
973		~~- $this->normalizeAndSanitize();~~
	992	+ $this->normalize();
974	993	}
975	994
976	995	public function incrementNumAttempt() {
—	—	@@ -984,7 +1003,7 @@
985	1004	}
986	1005	}
987	1006
988		~~- function getAdapterClass(){~~
	1007	+ protected function getAdapterClass(){
989	1008	if ( class_exists( $this->boss ) ) {
990	1009	return $this->boss;
991	1010	} else {
—	—	@@ -1000,7 +1019,7 @@
1001	1020	* /extensions/DonationData/activemq_stomp/activemq_stomp.php
1002	1021	* to somewhere in DonationData. *
1003	1022	*/
1004		~~- function getStompMessageFields(){~~
	1023	+ public function getStompMessageFields(){
1005	1024	$stomp_fields = array(
1006	1025	'contribution_tracking_id',
1007	1026	'optout',
Index: trunk/extensions/DonationInterface/gateway_common/GatewayForm.php
—	—	@@ -77,7 +77,7 @@
78	78	*/
79	79	public function validateForm( &$error, $options = array() ) {
80	80
81		~~- $data = $this->adapter->getData_Raw();~~
	81	+ $data = $this->adapter->getData_Unstaged_Escaped();
82	82
83	83	extract( $options );
84	84

Follow-up revisions

Revision	Commit summary	Author	Date
r105941	followup r105938...	khorn	22:22, 12 December 2011
r105953	followup r105938...	khorn	23:07, 12 December 2011
r112287	MFT r101785, r105938, r105941, r105953, r106109, r106158, r106259, r106366, r...	khorn	01:29, 24 February 2012

Status & tagging log

01:28, 13 June 2012 Krinkle (talk | contribs) changed the tags for r105938 [removed: nodeploy]
20:45, 13 January 2012 Reedy (talk | contribs) changed the status of r105938 [removed: new added: deferred]
19:54, 11 January 2012 RobLa-WMF (talk | contribs) changed the tags for r105938 [added: nodeploy]
07:35, 23 December 2011 RobLa (talk | contribs) changed the tags for r105938 [added: fundraising]