r106109 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r106108‎ | r106109 | r106110 >
Date:21:53, 13 December 2011
Author:khorn
Status:deferred (Comments)
Tags:fundraising 
Comment:
Data handling cleanup in DonationInterface, part 2 of [some].
ALL FORM CLASSES: Removed the $form_data array. All data will now be fetched directly from the gateway adapter object via Gateway_Form::getEscapedValue().
Started work removing what will hopefully work out to be all instances of child form classes touching $wgRequest or $wgOut directly: These will either be functionalized and moved to Gateway_Form, added to the data population and normalization routines in DonationData, or removed entirely.
Modified paths:
  • /trunk/extensions/DonationInterface/gateway_common/DonationData.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_common/GatewayForm.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_common/gateway.adapter.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/Form.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/RapidHtml.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter2.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter3.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter4.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter5.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter6.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter7.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumn.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetter.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetter3.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetterCA.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnPremium.php (modified) (history)
  • /trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnPremiumUS.php (modified) (history)
  • /trunk/extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter2.php
@@ -1,7 +1,6 @@
22 <?php
33
44 class Gateway_Form_TwoColumnLetter2 extends Gateway_Form_OneStepTwoColumn {
5 - public $paypal = false; // true for paypal only version
65
76 public function __construct( &$gateway, &$form_errors ) {
87 global $wgScriptPath;
@@ -15,23 +14,13 @@
1615 }
1716
1817 public function generateFormStart() {
19 - global $wgOut, $wgRequest;
20 -
21 - $this->paypal = $wgRequest->getBool( 'paypal', false );
22 -
2318 $form = parent::generateBannerHeader();
2419
2520 $form .= Xml::openElement( 'table', array( 'width' => '100%', 'cellspacing' => 0, 'cellpadding' => 0, 'border' => 0 ) );
2621 $form .= Xml::openElement( 'tr' );
2722 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2823
29 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
30 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
31 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
32 -
33 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
34 - // if the template doesn't exist, prevent the display of the red link
35 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 24+ $template = self::generateTextTemplate();
3625 $form .= $template;
3726
3827 $form .= Xml::closeElement( 'td' );
@@ -145,7 +134,7 @@
146135 }
147136
148137 // anonymous
149 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 138+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
150139 $form .= '<tr>';
151140 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
152141 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter3.php
@@ -1,7 +1,6 @@
22 <?php
33
44 class Gateway_Form_TwoColumnLetter3 extends Gateway_Form_OneStepTwoColumn {
5 - public $paypal = false; // true for paypal only version
65
76 public function __construct( &$gateway, &$form_errors ) {
87 global $wgScriptPath;
@@ -15,23 +14,13 @@
1615 }
1716
1817 public function generateFormStart() {
19 - global $wgOut, $wgRequest;
20 -
21 - $this->paypal = $wgRequest->getBool( 'paypal', false );
22 -
2318 $form = parent::generateBannerHeader();
2419
2520 $form .= Xml::openElement( 'table', array( 'width' => '100%', 'cellspacing' => 0, 'cellpadding' => 0, 'border' => 0 ) );
2621 $form .= Xml::openElement( 'tr' );
2722 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2823
29 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
30 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
31 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
32 -
33 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
34 - // if the template doesn't exist, prevent the display of the red link
35 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 24+ $template = self::generateTextTemplate();
3625 $form .= $template;
3726
3827 $form .= Xml::closeElement( 'td' );
@@ -145,7 +134,7 @@
146135 }
147136
148137 // anonymous
149 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 138+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
150139 $form .= '<tr>';
151140 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
152141 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter4.php
@@ -1,7 +1,6 @@
22 <?php
33
44 class Gateway_Form_TwoColumnLetter4 extends Gateway_Form_OneStepTwoColumn {
5 - public $paypal = false; // true for paypal only version
65
76 public function __construct( &$gateway, &$form_errors ) {
87 global $wgScriptPath;
@@ -15,23 +14,13 @@
1615 }
1716
1817 public function generateFormStart() {
19 - global $wgOut, $wgRequest;
20 -
21 - $this->paypal = $wgRequest->getBool( 'paypal', false );
22 -
2318 $form = parent::generateBannerHeader();
2419
2520 $form .= Xml::openElement( 'table', array( 'width' => '100%', 'cellspacing' => 0, 'cellpadding' => 0, 'border' => 0 ) );
2621 $form .= Xml::openElement( 'tr' );
2722 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2823
29 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
30 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
31 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
32 -
33 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
34 - // if the template doesn't exist, prevent the display of the red link
35 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 24+ $template = self::generateTextTemplate();
3625 $form .= $template;
3726
3827 $form .= Xml::closeElement( 'td' );
@@ -145,7 +134,7 @@
146135 }
147136
148137 // anonymous
149 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 138+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
150139 $form .= '<tr>';
151140 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
152141 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter5.php
@@ -14,7 +14,7 @@
1515 }
1616
1717 public function generateFormStart() {
18 - global $wgOut, $wgRequest;
 18+ global $wgOut;
1919
2020 $form = parent::generateBannerHeader();
2121
@@ -22,13 +22,7 @@
2323 $form .= Xml::openElement( 'tr' );
2424 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2525
26 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
27 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
28 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
29 -
30 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
31 - // if the template doesn't exist, prevent the display of the red link
32 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 26+ $template = self::generateTextTemplate();
3327 $form .= $template;
3428
3529 $form .= Xml::closeElement( 'td' );
@@ -93,24 +87,24 @@
9488 // amount
9589 $otherChecked = false;
9690 $amount = -1;
97 - if ( $this->form_data['amount'] != 100 && $this->form_data['amount'] != 50 && $this->form_data['amount'] != 35 && $this->form_data['amount'] != 20 && $this->form_data['amountOther'] > 0 ) {
 91+ if ( $this->getEscapedValue( 'amount' ) != 100 && $this->getEscapedValue( 'amount' ) != 50 && $this->getEscapedValue( 'amount' ) != 35 && $this->getEscapedValue( 'amount' ) != 20 && $this->getEscapedValue( 'amountOther' ) > 0 ) {
9892 $otherChecked = true;
99 - $amount = $this->form_data['amountOther'];
 93+ $amount = $this->getEscapedValue( 'amountOther' );
10094 }
10195 $form .= '<tr>';
10296 $form .= '<td colspan="2"><span class="creditcard-error-msg">' . $this->form_errors['invalidamount'] . '</span></td>';
10397 $form .= '</tr>';
10498 $form .= '<tr>';
10599 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
106 - $form .= '<td>' . Xml::radio( 'amount', 100, $this->form_data['amount'] == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '100 ' .
107 - Xml::radio( 'amount', 50, $this->form_data['amount'] == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '50 ' .
108 - Xml::radio( 'amount', 35, $this->form_data['amount'] == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '35 ' .
109 - Xml::radio( 'amount', 20, $this->form_data['amount'] == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '20 ' .
 100+ $form .= '<td>' . Xml::radio( 'amount', 100, $this->getEscapedValue( 'amount' ) == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '100 ' .
 101+ Xml::radio( 'amount', 50, $this->getEscapedValue( 'amount' ) == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '50 ' .
 102+ Xml::radio( 'amount', 35, $this->getEscapedValue( 'amount' ) == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '35 ' .
 103+ Xml::radio( 'amount', 20, $this->getEscapedValue( 'amount' ) == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '20 ' .
110104 '</td>';
111105 $form .= '</tr>';
112106 $form .= '<tr>';
113107 $form .= '<td class="label"></td>';
114 - $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->form_data['amountOther'], array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ) .
 108+ $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->getEscapedValue( 'amountOther' ), array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ) .
115109 ' ' . $this->generateCurrencyDropdown() . '</td>';
116110 $form .= '</tr>';
117111
@@ -121,7 +115,7 @@
122116 $form .= $this->getEmailField();
123117
124118 // email opt-in
125 - $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'email-opt' ] : true;
 119+ $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'email-opt' ) : true;
126120 $form .= '<tr>';
127121 $form .= '<td class="label"> </td>';
128122 $form .= '<td class="check-option">' . Xml::check( 'email-opt', $email_opt_value );
@@ -136,11 +130,11 @@
137131 $form .= '<tr>';
138132 $form .= '<td class="label">' . wfMsg( 'donate_interface-payment-type' ) . '</td>';
139133 $form .= '<td>' .
140 - Xml::radio( 'card_type', 'cc1', $this->form_data['card_type'] == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
141 - Xml::radio( 'card_type', 'cc2', $this->form_data['card_type'] == 'cc2', array( 'id' => 'cc2radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc2radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-mastercard.png" ) ). '</label>' .
142 - Xml::radio( 'card_type', 'cc3', $this->form_data['card_type'] == 'cc3', array( 'id' => 'cc3radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc3radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-amex.png" ) ). '</label>' .
143 - Xml::radio( 'card_type', 'cc4', $this->form_data['card_type'] == 'cc4', array( 'id' => 'cc4radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc4radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-discover.png" ) ). '</label>' .
144 - Xml::radio( 'card_type', 'pp', $this->form_data['card_type'] == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
 134+ Xml::radio( 'card_type', 'cc1', $this->getEscapedValue( 'card_type' ) == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
 135+ Xml::radio( 'card_type', 'cc2', $this->getEscapedValue( 'card_type' ) == 'cc2', array( 'id' => 'cc2radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc2radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-mastercard.png" ) ). '</label>' .
 136+ Xml::radio( 'card_type', 'cc3', $this->getEscapedValue( 'card_type' ) == 'cc3', array( 'id' => 'cc3radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc3radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-amex.png" ) ). '</label>' .
 137+ Xml::radio( 'card_type', 'cc4', $this->getEscapedValue( 'card_type' ) == 'cc4', array( 'id' => 'cc4radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc4radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-discover.png" ) ). '</label>' .
 138+ Xml::radio( 'card_type', 'pp', $this->getEscapedValue( 'card_type' ) == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
145139 '</td>';
146140 $form .= '</tr>';
147141
@@ -172,14 +166,14 @@
173167 $form .= '</tr>';
174168 $form .= '<tr>';
175169 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-postal' ), 'zip' ) . '</td>';
176 - $form .= '<td>' . Xml::input( 'zip', '15', $this->form_data['zip'], array( 'type' => 'text', 'maxlength' => '15', 'id' => 'zip' ) ) .
 170+ $form .= '<td>' . Xml::input( 'zip', '15', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'maxlength' => '15', 'id' => 'zip' ) ) .
177171 '</td>';
178172 $form .= '</tr>';
179173 // country
180174 $form .= $this->getCountryField();
181175
182176 /*
183 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 177+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
184178 $form .= '<tr>';
185179 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
186180 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter6.php
@@ -14,7 +14,7 @@
1515 }
1616
1717 public function generateFormStart() {
18 - global $wgOut, $wgRequest;
 18+ global $wgOut;
1919
2020 $form = parent::generateBannerHeader();
2121
@@ -22,13 +22,7 @@
2323 $form .= Xml::openElement( 'tr' );
2424 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2525
26 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
27 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
28 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
29 -
30 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
31 - // if the template doesn't exist, prevent the display of the red link
32 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 26+ $template = self::generateTextTemplate();
3327 $form .= $template;
3428
3529 $form .= Xml::closeElement( 'td' );
@@ -93,29 +87,29 @@
9488 // amount
9589 $otherChecked = false;
9690 $amount = -1;
97 - if ( $this->form_data['amount'] != 100 && $this->form_data['amount'] != 50 && $this->form_data['amount'] != 35 && $this->form_data['amount'] != 20 && $this->form_data['amountOther'] > 0 ) {
 91+ if ( $this->getEscapedValue( 'amount' ) != 100 && $this->getEscapedValue( 'amount' ) != 50 && $this->getEscapedValue( 'amount' ) != 35 && $this->getEscapedValue( 'amount' ) != 20 && $this->getEscapedValue( 'amountOther' ) > 0 ) {
9892 $otherChecked = true;
99 - $amount = $this->form_data['amountOther'];
 93+ $amount = $this->getEscapedValue( 'amountOther' );
10094 }
10195 $form .= '<tr>';
10296 $form .= '<td colspan="2"><span class="creditcard-error-msg">' . $this->form_errors['invalidamount'] . '</span></td>';
10397 $form .= '</tr>';
10498 $form .= '<tr>';
10599 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
106 - $form .= '<td>' . Xml::radio( 'amount', 100, $this->form_data['amount'] == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '100 ' .
107 - Xml::radio( 'amount', 50, $this->form_data['amount'] == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '50 ' .
108 - Xml::radio( 'amount', 35, $this->form_data['amount'] == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '35 ' .
109 - Xml::radio( 'amount', 20, $this->form_data['amount'] == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '20 ' .
 100+ $form .= '<td>' . Xml::radio( 'amount', 100, $this->getEscapedValue( 'amount' ) == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '100 ' .
 101+ Xml::radio( 'amount', 50, $this->getEscapedValue( 'amount' ) == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '50 ' .
 102+ Xml::radio( 'amount', 35, $this->getEscapedValue( 'amount' ) == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '35 ' .
 103+ Xml::radio( 'amount', 20, $this->getEscapedValue( 'amount' ) == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '20 ' .
110104 '</td>';
111105 $form .= '</tr>';
112106 $form .= '<tr>';
113107 $form .= '<td class="label"></td>';
114 - $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->form_data['amountOther'], array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ) .
 108+ $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->getEscapedValue( 'amountOther' ), array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ) .
115109 ' ' . $this->generateCurrencyDropdown() . '</td>';
116110 $form .= '</tr>';
117111
118112 // email opt-in
119 - $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'email-opt' ] : true;
 113+ $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'email-opt' ) : true;
120114 $form .= '<tr>';
121115 $form .= '<td class="label"> </td>';
122116 $form .= '<td class="check-option">' . Xml::check( 'email-opt', $email_opt_value );
@@ -130,17 +124,17 @@
131125 $form .= '<tr>';
132126 $form .= '<td class="label">' . wfMsg( 'donate_interface-payment-type' ) . '</td>';
133127 $form .= '<td>' .
134 - Xml::radio( 'card_type', 'cc1', $this->form_data['card_type'] == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
135 - Xml::radio( 'card_type', 'cc2', $this->form_data['card_type'] == 'cc2', array( 'id' => 'cc2radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc2radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-mastercard.png" ) ). '</label>' .
136 - Xml::radio( 'card_type', 'cc3', $this->form_data['card_type'] == 'cc3', array( 'id' => 'cc3radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc3radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-amex.png" ) ). '</label>' .
137 - Xml::radio( 'card_type', 'cc4', $this->form_data['card_type'] == 'cc4', array( 'id' => 'cc4radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc4radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-discover.png" ) ). '</label>' .
138 - Xml::radio( 'card_type', 'pp', $this->form_data['card_type'] == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
 128+ Xml::radio( 'card_type', 'cc1', $this->getEscapedValue( 'card_type' ) == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
 129+ Xml::radio( 'card_type', 'cc2', $this->getEscapedValue( 'card_type' ) == 'cc2', array( 'id' => 'cc2radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc2radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-mastercard.png" ) ). '</label>' .
 130+ Xml::radio( 'card_type', 'cc3', $this->getEscapedValue( 'card_type' ) == 'cc3', array( 'id' => 'cc3radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc3radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-amex.png" ) ). '</label>' .
 131+ Xml::radio( 'card_type', 'cc4', $this->getEscapedValue( 'card_type' ) == 'cc4', array( 'id' => 'cc4radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc4radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-discover.png" ) ). '</label>' .
 132+ Xml::radio( 'card_type', 'pp', $this->getEscapedValue( 'card_type' ) == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
139133 '</td>';
140134 $form .= '</tr>';
141135
142136 $form .= '</table>';
143137
144 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 138+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
145139 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-cc' ) );
146140 } else {
147141 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-cc', 'style' => 'display: none;' ) );
@@ -180,14 +174,14 @@
181175 $form .= '</tr>';
182176 $form .= '<tr>';
183177 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-postal' ), 'zip' ) . '</td>';
184 - $form .= '<td>' . Xml::input( 'zip', '15', $this->form_data['zip'], array( 'type' => 'text', 'maxlength' => '15', 'id' => 'zip' ) ) .
 178+ $form .= '<td>' . Xml::input( 'zip', '15', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'maxlength' => '15', 'id' => 'zip' ) ) .
185179 '</td>';
186180 $form .= '</tr>';
187181 // country
188182 $form .= $this->getCountryField();
189183
190184 /*
191 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 185+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
192186 $form .= '<tr>';
193187 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
194188 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
@@ -202,7 +196,7 @@
203197 public function generateFormSubmit() {
204198
205199 // cc submit button
206 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 200+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
207201 $form = Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit' ) );
208202 } else {
209203 $form = Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit', 'style' => 'display: none;' ) );
@@ -216,7 +210,7 @@
217211 $form .= Xml::closeElement( 'div' ); // close div#payflowpro_gateway-form-submit
218212
219213 // paypal submit button
220 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 214+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
221215 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit-paypal', 'style' => 'display: none;' ) );
222216 } else {
223217 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit-paypal' ) );
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetter.php
@@ -13,7 +13,7 @@
1414 }
1515
1616 public function generateFormStart() {
17 - global $wgOut, $wgRequest;
 17+ global $wgOut;
1818
1919 $form = parent::generateBannerHeader();
2020
@@ -21,13 +21,7 @@
2222 $form .= Xml::openElement( 'tr' );
2323 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2424
25 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
26 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
27 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
28 -
29 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
30 - // if the template doesn't exist, prevent the display of the red link
31 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 25+ $template = self::generateTextTemplate();
3226 $form .= $template;
3327
3428 $form .= Xml::closeElement( 'td' );
@@ -94,12 +88,12 @@
9589 $form .= '</tr>';
9690 $form .= '<tr>';
9791 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
98 - $form .= '<td>' . Xml::input( 'amount', '7', $this->form_data['amount'], array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
 92+ $form .= '<td>' . Xml::input( 'amount', '7', $this->getEscapedValue( 'amount' ), array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
9993 ' ' . $this->generateCurrencyDropdown() . '</td>';
10094 $form .= '</tr>';
10195
10296 // card logos
103 - if ( $this->form_data[ 'currency_code' ] == 'USD' ) {
 97+ if ( $this->getEscapedValue( 'currency_code' ) == 'USD' ) {
10498 $form .= '<tr id="four_cards" style="display:table-row;">';
10599 $form .= '<td class="label"> </td><td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos.gif" ) ) . '</td>';
106100 $form .= '</tr>';
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter7.php
@@ -143,13 +143,7 @@
144144 $form .= Xml::openElement( 'tr' );
145145 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
146146
147 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
148 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
149 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
150 -
151 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
152 - // if the template doesn't exist, prevent the display of the red link
153 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 147+ $template = self::generateTextTemplate();
154148 $form .= $template;
155149
156150 $form .= Xml::closeElement( 'td' );
@@ -214,9 +208,9 @@
215209 // amount
216210 $otherChecked = false;
217211 $amount = -1;
218 - if ( $this->form_data['amount'] != 250 && $this->form_data['amount'] != 150 && $this->form_data['amount'] != 100 && $this->form_data['amount'] != 75 && $this->form_data['amount'] != 50 && $this->form_data['amount'] != 35 && $this->form_data['amount'] != 20 && $this->form_data['amountOther'] > 0 ) {
 212+ if ( $this->getEscapedValue( 'amount' ) != 250 && $this->getEscapedValue( 'amount' ) != 150 && $this->getEscapedValue( 'amount' ) != 100 && $this->getEscapedValue( 'amount' ) != 75 && $this->getEscapedValue( 'amount' ) != 50 && $this->getEscapedValue( 'amount' ) != 35 && $this->getEscapedValue( 'amount' ) != 20 && $this->getEscapedValue( 'amountOther' ) > 0 ) {
219213 $otherChecked = true;
220 - $amount = $this->form_data['amountOther'];
 214+ $amount = $this->getEscapedValue( 'amountOther' );
221215 }
222216 $form .= '<tr>';
223217 $form .= '<td colspan="2"><span class="creditcard-error-msg">' . $this->form_errors['invalidamount'] . '</span></td>';
@@ -225,22 +219,22 @@
226220 $form .= '<td class="label"><div style="padding-top:4px;">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</div></td>';
227221 $form .= '<td>' .
228222 '<table cellspacing="3" cellpadding="0" border="0" style="margin-bottom:0.2em;"><tr>' .
229 - '<td>'.Xml::radio( 'amount', 20, $this->form_data['amount'] == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$20 '.'</td>'.
230 - '<td>'.Xml::radio( 'amount', 35, $this->form_data['amount'] == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$35 '.'</td>'.
231 - '<td>'.Xml::radio( 'amount', 50, $this->form_data['amount'] == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$50 '.'</td>'.
232 - '<td>'.Xml::radio( 'amount', 75, $this->form_data['amount'] == 75, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$75 '.'</td>'.
 223+ '<td>'.Xml::radio( 'amount', 20, $this->getEscapedValue( 'amount' ) == 20, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$20 '.'</td>'.
 224+ '<td>'.Xml::radio( 'amount', 35, $this->getEscapedValue( 'amount' ) == 35, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$35 '.'</td>'.
 225+ '<td>'.Xml::radio( 'amount', 50, $this->getEscapedValue( 'amount' ) == 50, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$50 '.'</td>'.
 226+ '<td>'.Xml::radio( 'amount', 75, $this->getEscapedValue( 'amount' ) == 75, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$75 '.'</td>'.
233227 '</tr><tr>' .
234 - '<td>'.Xml::radio( 'amount', 100, $this->form_data['amount'] == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$100 '.'</td>'.
235 - '<td>'.Xml::radio( 'amount', 150, $this->form_data['amount'] == 150, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$150 '.'</td>'.
236 - '<td>'.Xml::radio( 'amount', 250, $this->form_data['amount'] == 250, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$250 '.'</td>'.
237 - '<td>'.Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->form_data['amountOther'], array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ).Html::hidden( 'currency_code', 'USD' ).'</td>'.
 228+ '<td>'.Xml::radio( 'amount', 100, $this->getEscapedValue( 'amount' ) == 100, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$100 '.'</td>'.
 229+ '<td>'.Xml::radio( 'amount', 150, $this->getEscapedValue( 'amount' ) == 150, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$150 '.'</td>'.
 230+ '<td>'.Xml::radio( 'amount', 250, $this->getEscapedValue( 'amount' ) == 250, array( 'onfocus' => 'clearField2( document.getElementById(\'amountOther\'), "Other" )' ) ) . '$250 '.'</td>'.
 231+ '<td>'.Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->getEscapedValue( 'amountOther' ), array( 'type' => 'text', 'onfocus' => 'clearField(this, "Other");document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'onblur' => 'document.getElementById("otherRadio").value = this.value;', 'id' => 'amountOther' ) ).Html::hidden( 'currency_code', 'USD' ).'</td>'.
238232 '</tr></table>' .
239233 '</td>';
240234 $form .= '</tr>';
241235
242236 // email opt-in
243237 /*
244 - $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'email-opt' ] : true;
 238+ $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'email-opt' ) : true;
245239 $form .= '<tr>';
246240 $form .= '<td class="label"> </td>';
247241 $form .= '<td class="check-option">' . Xml::check( 'email-opt', $email_opt_value );
@@ -257,20 +251,20 @@
258252 $form .= '<td class="label""><div style="padding-top:9px;">' . wfMsg( 'donate_interface-payment-type' ) . '</div></td>';
259253 $form .= '<td>' .
260254 '<p style="border: 1px solid rgb(187, 187, 187); float: left; -moz-border-radius: 5px 5px 5px 5px; margin: 0 8px 0 0; padding: 5px 5px 5px 3px; white-space: nowrap;">'.
261 - Xml::radio( 'card_type', 'cc1', $this->form_data['card_type'] == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
 255+ Xml::radio( 'card_type', 'cc1', $this->getEscapedValue( 'card_type' ) == 'cc1', array( 'id' => 'cc1radio', 'onclick' => 'switchToCreditCard()' ) ) . '<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-visa.png" ) ). '</label>' .
262256 '&#160;<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-mastercard.png" ) ). '</label>' .
263257 '&#160;<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-amex.png" ) ). '</label>' .
264258 '&#160;<label for="cc1radio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-discover.png" ) ). '</label>' .
265259 '</p>'.
266260 '<p style="border: 1px solid transparent; float: left; -moz-border-radius: 5px 5px 5px 5px; margin: 0; padding: 5px 5px 5px 3px; white-space: nowrap;">'.
267 - Xml::radio( 'card_type', 'pp', $this->form_data['card_type'] == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
 261+ Xml::radio( 'card_type', 'pp', $this->getEscapedValue( 'card_type' ) == 'pp', array( 'id' => 'ppradio', 'onclick' => 'switchToPayPal()' ) ) . '<label for="ppradio">' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/card-paypal.png" ) ) . '</label>' .
268262 '</p>'.
269263 '</td>';
270264 $form .= '</tr>';
271265
272266 $form .= '</table>';
273267
274 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 268+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
275269 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-cc' ) );
276270 } else {
277271 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-cc', 'style' => 'display: none;' ) );
@@ -302,8 +296,8 @@
303297 $form .= '</tr>';
304298 $form .= '<tr>';
305299 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-name-on-card' ), 'fname' ) . '</td>';
306 - $form .= '<td>' . Xml::input( 'fname', '30', $this->form_data['fname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
307 - Xml::input( 'lname', '30', $this->form_data['lname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
 300+ $form .= '<td>' . Xml::input( 'fname', '30', $this->getEscapedValue( 'fname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
 301+ Xml::input( 'lname', '30', $this->getEscapedValue( 'lname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
308302 $form .= "</tr>";
309303
310304 // street
@@ -312,7 +306,7 @@
313307 $form .= '</tr>';
314308 $form .= '<tr>';
315309 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-billing-address' ), 'street' ) . '</td>';
316 - $form .= '<td>' . Xml::input( 'street', '30', $this->form_data['street'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
 310+ $form .= '<td>' . Xml::input( 'street', '30', $this->getEscapedValue( 'street' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
317311 '</td>';
318312 $form .= '</tr>';
319313
@@ -322,9 +316,9 @@
323317 $form .= '</tr>';
324318 $form .= '<tr>';
325319 $form .= '<td class="label"> </td>';
326 - $form .= '<td>' . Xml::input( 'city', '18', $this->form_data['city'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
 320+ $form .= '<td>' . Xml::input( 'city', '18', $this->getEscapedValue( 'city' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
327321 $this->generateStateDropdown() . ' ' .
328 - Xml::input( 'zip', '5', $this->form_data['zip'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
 322+ Xml::input( 'zip', '5', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
329323 Html::hidden( 'country', 'US' ) .
330324 '</td>';
331325 $form .= '</tr>';
@@ -346,13 +340,13 @@
347341 $form .= '</tr>';
348342 $form .= '<tr>';
349343 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-email-receipt' ), 'emailAdd' ) . '</td>';
350 - $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->form_data['email'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
 344+ $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->getEscapedValue( 'email' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
351345 Html::hidden( 'email-opt', 1 ) .
352346 '</td>';
353347 $form .= '</tr>';
354348
355349 /*
356 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data[ 'comment-option' ] : true;
 350+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
357351 $form .= '<tr>';
358352 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
359353 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
@@ -368,7 +362,7 @@
369363 global $wgScriptPath;
370364
371365 // cc submit button
372 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 366+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
373367 $form = Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit' ) );
374368 } else {
375369 $form = Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit', 'style' => 'display: none;' ) );
@@ -382,7 +376,7 @@
383377 $form .= Xml::closeElement( 'div' ); // close div#payflowpro_gateway-form-submit
384378
385379 // paypal submit button
386 - if ( $this->form_data['card_type'] == 'cc1' || $this->form_data['card_type'] == 'cc2' || $this->form_data['card_type'] == 'cc3' || $this->form_data['card_type'] == 'cc4' ) {
 380+ if ( $this->getEscapedValue( 'card_type' ) == 'cc1' || $this->getEscapedValue( 'card_type' ) == 'cc2' || $this->getEscapedValue( 'card_type' ) == 'cc3' || $this->getEscapedValue( 'card_type' ) == 'cc4' ) {
387381 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit-paypal', 'style' => 'display: none;' ) );
388382 } else {
389383 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-form-submit-paypal' ) );
@@ -439,7 +433,7 @@
440434 // generate dropdown of state opts
441435 foreach ( $states as $value => $state_name ) {
442436 if ( $value !== 'YY' && $value !== 'XX' ) {
443 - $selected = ( $this->form_data[ 'state' ] == $value ) ? true : false;
 437+ $selected = ( $this->getEscapedValue( 'state' ) == $value ) ? true : false;
444438 $state_opts .= Xml::option( $value, $value, $selected );
445439 }
446440 }
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetterCA.php
@@ -13,7 +13,7 @@
1414 }
1515
1616 public function generateFormStart() {
17 - global $wgOut, $wgRequest;
 17+ global $wgOut;
1818
1919 $form = parent::generateBannerHeader();
2020
@@ -21,13 +21,7 @@
2222 $form .= Xml::openElement( 'tr' );
2323 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2424
25 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
26 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
27 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
28 -
29 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
30 - // if the template doesn't exist, prevent the display of the red link
31 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 25+ $template = self::generateTextTemplate();
3226 $form .= $template;
3327
3428 $form .= Xml::closeElement( 'td' );
@@ -94,12 +88,12 @@
9589 $form .= '</tr>';
9690 $form .= '<tr>';
9791 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
98 - $form .= '<td>' . Xml::input( 'amount', '7', $this->form_data['amount'], array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
 92+ $form .= '<td>' . Xml::input( 'amount', '7', $this->getEscapedValue( 'amount' ), array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
9993 ' ' . $this->generateCurrencyDropdown( 'CAD' ) . '</td>';
10094 $form .= '</tr>';
10195
10296 // card logos
103 - if ( $this->form_data[ 'currency_code' ] == 'USD' ) {
 97+ if ( $this->getEscapedValue( 'currency_code' ) == 'USD' ) {
10498 $form .= '<tr id="four_cards" style="display:table-row;">';
10599 $form .= '<td class="label"> </td><td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos.gif" ) ) . '</td>';
106100 $form .= '</tr>';
@@ -182,7 +176,7 @@
183177
184178 // generate dropdown of state opts
185179 foreach ( $states as $value => $state_name ) {
186 - $selected = ( $this->form_data[ 'state' ] == $value ) ? true : false;
 180+ $selected = ( $this->getEscapedValue( 'state' ) == $value ) ? true : false;
187181 $state_opts .= Xml::option( wfMsg( 'donate_interface-province-dropdown-' . $value ), $value, $selected );
188182 }
189183
Index: trunk/extensions/DonationInterface/gateway_forms/Form.php
@@ -15,12 +15,6 @@
1616 public $hidden_fields;
1717
1818 /**
19 - * An array of form data, collected from the gateway parameter.
20 - * @var array
21 - */
22 - public $form_data;
23 -
24 - /**
2519 * The id of the form.
2620 *
2721 * This should also be the name of the form
@@ -67,6 +61,12 @@
6862 * @var string
6963 */
7064 protected $payment_submethod = '';
 65+
 66+ /**
 67+ * Tells us if we're paypal only or not.
 68+ * @var boolean
 69+ */
 70+ public $paypal = false; // true for paypal only version
7171
7272 /**
7373 * Required method for returning the full HTML for a form.
@@ -80,12 +80,12 @@
8181 abstract function getForm();
8282
8383 public function __construct( &$gateway, &$error ) {
84 - global $wgOut;
 84+ global $wgOut, $wgRequest;
8585
8686 $this->gateway = & $gateway;
8787 $this->test = $this->gateway->getGlobal( "Test" );
88 - $this->form_data = $this->gateway->getData_Unstaged_Escaped();
8988 $this->form_errors = & $error;
 89+ $this->paypal = $wgRequest->getBool( 'paypal', false );
9090
9191 /**
9292 * add form-specific css - the path can be set in child classes
@@ -202,10 +202,10 @@
203203
204204 // generate a dropdown option for each country
205205 foreach ( $countries as $iso_value => $full_name ) {
206 - // Note: If the server has the php5-geoip package, $this->form_data['country'] will
 206+ // Note: If the server has the php5-geoip package, $this->getEscapedValue( 'country' ) will
207207 // always have a value.
208 - if ( $this->form_data['country'] ) {
209 - $selected = ( $iso_value == $this->form_data['country'] ) ? true : false;
 208+ if ( $this->getEscapedValue( 'country' ) ) {
 209+ $selected = ( $iso_value == $this->getEscapedValue( 'country' ) ) ? true : false;
210210 } else {
211211 $selected = ( $iso_value == $defaultCountry ) ? true : false; // Select default
212212 }
@@ -245,7 +245,7 @@
246246 // generate a dropdown opt for each card
247247 foreach ( $available_cards as $value => $card_name ) {
248248 // only load the card value if we're in testing mode
249 - $selected = ( $value == $this->form_data['card_type'] && $this->test ) ? true : false;
 249+ $selected = ( $value == $this->getEscapedValue( 'card_type' ) && $this->test ) ? true : false;
250250 $card_options .= Xml::option( $card_name, $value, $selected );
251251 }
252252
@@ -267,8 +267,8 @@
268268
269269 // derive the previously set expiry month, if set
270270 $month = NULL;
271 - if ( $this->form_data['expiration'] ) {
272 - $month = substr( $this->form_data['expiration'], 0, 2 );
 271+ if ( $this->getEscapedValue( 'expiration' ) ) {
 272+ $month = substr( $this->getEscapedValue( 'expiration' ), 0, 2 );
273273 }
274274
275275 $expiry_months = '';
@@ -296,8 +296,8 @@
297297 public function generateExpiryYearDropdown() {
298298 // derive the previously set expiry year, if set
299299 $year = NULL;
300 - if ( $this->form_data['expiration'] ) {
301 - $year = substr( $this->form_data['expiration'], 2, 2 );
 300+ if ( $this->getEscapedValue( 'expiration' ) ) {
 301+ $year = substr( $this->getEscapedValue( 'expiration' ), 2, 2 );
302302 }
303303
304304 $expiry_years = '';
@@ -335,7 +335,7 @@
336336
337337 // generate dropdown of state opts
338338 foreach ( $states as $value => $state_name ) {
339 - $selected = ( $this->form_data['state'] == $value ) ? true : false;
 339+ $selected = ( $this->getEscapedValue( 'state' ) == $value ) ? true : false;
340340 $state_opts .= Xml::option( wfMsg( 'donate_interface-state-dropdown-' . $value ), $value, $selected );
341341 }
342342
@@ -368,8 +368,8 @@
369369 $availableCurrencies = $this->gateway->getCurrencies();
370370
371371 // If a currency has already been posted, use that, otherwise use the default.
372 - if ( $this->form_data['currency_code'] ) {
373 - $selectedCurrency = $this->form_data['currency_code'];
 372+ if ( $this->getEscapedValue( 'currency_code' ) ) {
 373+ $selectedCurrency = $this->getEscapedValue( 'currency_code' );
374374 } else {
375375 $selectedCurrency = $defaultCurrencyCode;
376376 }
@@ -430,7 +430,7 @@
431431 $setCurrency = isset( $setCurrency ) ? (string) $setCurrency : '';
432432 $displayCurrencyDropdown = empty( $setCurrency ) ? $displayCurrencyDropdown : false;
433433
434 - $amount = isset( $this->form_data['amount'] ) ? (string) $this->form_data['amount'] : '0';
 434+ $amount = !is_null( $this->getEscapedValue( 'amount' ) ) ? (string) $this->getEscapedValue( 'amount' ) : '0';
435435
436436 // Treat values as string for comparison
437437 $amountValues = array('5', '10', '20', '35', '50', '100', '250',);
@@ -490,31 +490,31 @@
491491 public function setHiddenFields( $hidden_fields = NULL ) {
492492 if ( !$hidden_fields ) {
493493 $hidden_fields = array(
494 - 'utm_source' => $this->form_data['utm_source'],
495 - 'utm_medium' => $this->form_data['utm_medium'],
496 - 'utm_campaign' => $this->form_data['utm_campaign'],
497 - 'language' => $this->form_data['language'],
498 - 'referrer' => $this->form_data['referrer'],
499 - 'comment' => $this->form_data['comment'],
500 - 'comment-option' => $this->form_data['comment-option'],
501 - 'email-opt' => $this->form_data['email-opt'],
502 - 'size' => $this->form_data['size'],
503 - 'premium_language' => $this->form_data['premium_language'],
 494+ 'utm_source' => $this->getEscapedValue( 'utm_source' ),
 495+ 'utm_medium' => $this->getEscapedValue( 'utm_medium' ),
 496+ 'utm_campaign' => $this->getEscapedValue( 'utm_campaign' ),
 497+ 'language' => $this->getEscapedValue( 'language' ),
 498+ 'referrer' => $this->getEscapedValue( 'referrer' ),
 499+ 'comment' => $this->getEscapedValue( 'comment' ),
 500+ 'comment-option' => $this->getEscapedValue( 'comment-option' ),
 501+ 'email-opt' => $this->getEscapedValue( 'email-opt' ),
 502+ 'size' => $this->getEscapedValue( 'size' ),
 503+ 'premium_language' => $this->getEscapedValue( 'premium_language' ),
504504 // process has been disabled - may no longer be needed.
505 - //'process' => isset( $this->form_data['process'] ) ? $this->form_data['process'] : 'CreditCard',
 505+ //'process' => !is_null( $this->getEscapedValue( 'process' ) ) ? $this->getEscapedValue( 'process' ) : 'CreditCard',
506506 // payment_method is no longer set to: processed
507 - 'payment_method' => isset( $this->form_data['payment_method'] ) ? $this->form_data['payment_method'] : '',
508 - 'payment_submethod' => isset( $this->form_data['payment_submethod'] ) ? $this->form_data['payment_submethod'] : '',
509 - 'token' => $this->form_data['token'],
510 - 'order_id' => $this->form_data['order_id'],
511 - 'i_order_id' => $this->form_data['i_order_id'],
512 - 'numAttempt' => $this->form_data['numAttempt'],
513 - 'contribution_tracking_id' => $this->form_data['contribution_tracking_id'],
514 - 'data_hash' => $this->form_data['data_hash'],
515 - 'action' => $this->form_data['action'],
516 - 'owa_session' => $this->form_data['owa_session'],
517 - 'owa_ref' => $this->form_data['owa_ref'],
518 - 'gateway' => $this->form_data['gateway'],
 507+ 'payment_method' => !is_null( $this->getEscapedValue( 'payment_method' ) ) ? $this->getEscapedValue( 'payment_method' ) : '',
 508+ 'payment_submethod' => !is_null( $this->getEscapedValue( 'payment_submethod' ) ) ? $this->getEscapedValue( 'payment_submethod' ) : '',
 509+ 'token' => $this->getEscapedValue( 'token' ),
 510+ 'order_id' => $this->getEscapedValue( 'order_id' ),
 511+ 'i_order_id' => $this->getEscapedValue( 'i_order_id' ),
 512+ 'numAttempt' => $this->getEscapedValue( 'numAttempt' ),
 513+ 'contribution_tracking_id' => $this->getEscapedValue( 'contribution_tracking_id' ),
 514+ 'data_hash' => $this->getEscapedValue( 'data_hash' ),
 515+ 'action' => $this->getEscapedValue( 'action' ),
 516+ 'owa_session' => $this->getEscapedValue( 'owa_session' ),
 517+ 'owa_ref' => $this->getEscapedValue( 'owa_ref' ),
 518+ 'gateway' => $this->getEscapedValue( 'gateway' ),
519519 );
520520 }
521521
@@ -568,9 +568,9 @@
569569
570570 // intro text
571571 if ( $wgRequest->getText( 'masthead', false ) ) {
572 - $template = $wgOut->parse( '{{' . $wgRequest->getText( 'masthead' ) . '/' . $this->form_data['language'] . '}}' );
 572+ $template = $wgOut->parse( '{{' . $wgRequest->getText( 'masthead' ) . '/' . $this->getEscapedValue( 'language' ) . '}}' );
573573 } elseif ( $header ) {
574 - $header = str_replace( '@language', $this->form_data['language'], $header );
 574+ $header = str_replace( '@language', $this->getEscapedValue( 'language' ), $header );
575575 $template = $wgOut->parse( $header );
576576 }
577577
@@ -579,6 +579,20 @@
580580 $wgOut->addHtml( $template );
581581 }
582582 }
 583+
 584+ protected function generateTextTemplate() {
 585+ global $wgOut, $wgRequest;
 586+ $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
 587+
 588+ //TODO: determine if this next line is really as silly as it looks. I don't think we should be using $wgRequest here at all.
 589+ //(See DonationData::setLanguage())
 590+ if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->getEscapedValue( 'language' );
 591+
 592+ $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . htmlspecialchars( $text_template, ENT_COMPAT, 'UTF-8', false ) . '}}' ) : '';
 593+ // if the template doesn't exist, prevent the display of the red link
 594+ if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 595+ return $template;
 596+ }
583597
584598 protected function getEmailField() {
585599 // email
@@ -587,7 +601,7 @@
588602 $form .= '</tr>';
589603 $form .= '<tr>';
590604 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-email' ), 'emailAdd' ) . '</td>';
591 - $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->form_data['email'], array( 'type' => 'text', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
 605+ $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->getEscapedValue( 'email' ), array( 'type' => 'text', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
592606 '</td>';
593607 $form .= '</tr>';
594608 return $form;
@@ -596,31 +610,31 @@
597611 protected function getAmountField() {
598612 $otherChecked = false;
599613 $amount = -1;
600 - if ( $this->form_data['amount'] != 100 && $this->form_data['amount'] != 50 && $this->form_data['amount'] != 35 && $this->form_data['amount'] != 20 && $this->form_data['amountOther'] > 0 ) {
 614+ if ( $this->getEscapedValue( 'amount' ) != 100 && $this->getEscapedValue( 'amount' ) != 50 && $this->getEscapedValue( 'amount' ) != 35 && $this->getEscapedValue( 'amount' ) != 20 && $this->getEscapedValue( 'amountOther' ) > 0 ) {
601615 $otherChecked = true;
602 - $amount = $this->form_data['amountOther'];
 616+ $amount = $this->getEscapedValue( 'amountOther' );
603617 }
604618 $form = '<tr>';
605619 $form .= '<td colspan="2"><span class="creditcard-error-msg">' . $this->form_errors['invalidamount'] . '</span></td>';
606620 $form .= '</tr>';
607621 $form .= '<tr>';
608622 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
609 - $form .= '<td>' . Xml::radio( 'amount', 100, $this->form_data['amount'] == 100 ) . '100 ' .
610 - Xml::radio( 'amount', 50, $this->form_data['amount'] == 50 ) . '50 ' .
611 - Xml::radio( 'amount', 35, $this->form_data['amount'] == 35 ) . '35 ' .
612 - Xml::radio( 'amount', 20, $this->form_data['amount'] == 20 ) . '20 ' .
 623+ $form .= '<td>' . Xml::radio( 'amount', 100, $this->getEscapedValue( 'amount' ) == 100 ) . '100 ' .
 624+ Xml::radio( 'amount', 50, $this->getEscapedValue( 'amount' ) == 50 ) . '50 ' .
 625+ Xml::radio( 'amount', 35, $this->getEscapedValue( 'amount' ) == 35 ) . '35 ' .
 626+ Xml::radio( 'amount', 20, $this->getEscapedValue( 'amount' ) == 20 ) . '20 ' .
613627 '</td>';
614628 $form .= '</tr>';
615629 $form .= '<tr>';
616630 $form .= '<td class="label"></td>';
617 - $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->form_data['amountOther'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-other' ) . '\' )', 'onblur' => 'document.getElementById("otherRadio").value = this.value;if (this.value > 0) document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'id' => 'amountOther' ) ) .
 631+ $form .= '<td>' . Xml::radio( 'amount', $amount, $otherChecked, array( 'id' => 'otherRadio' ) ) . Xml::input( 'amountOther', '7', $this->getEscapedValue( 'amountOther' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-other' ) . '\' )', 'onblur' => 'document.getElementById("otherRadio").value = this.value;if (this.value > 0) document.getElementById("otherRadio").checked=true;', 'maxlength' => '10', 'id' => 'amountOther' ) ) .
618632 ' ' . $this->generateCurrencyDropdown() . '</td>';
619633 $form .= '</tr>';
620634 return $form;
621635 }
622636
623637 protected function getCardnumberField() {
624 - $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->form_data['card_num'] : '';
 638+ $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->getEscapedValue( 'card_num' ) : '';
625639 $form = '';
626640 if ( $this->form_errors['card_num'] ) {
627641 $form .= '<tr>';
@@ -641,7 +655,7 @@
642656 }
643657
644658 protected function getCvvField() {
645 - $cvv = ( $this->gateway->getGlobal( "Test" ) ) ? $this->form_data['cvv'] : '';
 659+ $cvv = ( $this->gateway->getGlobal( "Test" ) ) ? $this->getEscapedValue( 'cvv' ) : '';
646660
647661 $form = '<tr>';
648662 $form .= '<td colspan=2><span class="creditcard-error-msg">' . $this->form_errors['cvv'] . '</span></td>';
@@ -660,7 +674,7 @@
661675 $form .= '</tr>';
662676 $form .= '<tr>';
663677 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-street' ), 'street' ) . '</td>';
664 - $form .= '<td>' . Xml::input( 'street', '30', $this->form_data['street'], array( 'type' => 'text', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
 678+ $form .= '<td>' . Xml::input( 'street', '30', $this->getEscapedValue( 'street' ), array( 'type' => 'text', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
665679 '</td>';
666680 $form .= '</tr>';
667681 return $form;
@@ -672,7 +686,7 @@
673687 $form .= '</tr>';
674688 $form .= '<tr>';
675689 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-city' ), 'city' ) . '</td>';
676 - $form .= '<td>' . Xml::input( 'city', '30', $this->form_data['city'], array( 'type' => 'text', 'maxlength' => '40', 'id' => 'city', 'class' => 'fullwidth' ) ) .
 690+ $form .= '<td>' . Xml::input( 'city', '30', $this->getEscapedValue( 'city' ), array( 'type' => 'text', 'maxlength' => '40', 'id' => 'city', 'class' => 'fullwidth' ) ) .
677691 '</td>';
678692 $form .= '</tr>';
679693 return $form;
@@ -684,7 +698,7 @@
685699 $form .= '</tr>';
686700 $form .= '<tr>';
687701 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-postal' ), 'zip' ) . '</td>';
688 - $form .= '<td>' . Xml::input( 'zip', '30', $this->form_data['zip'], array( 'type' => 'text', 'maxlength' => '9', 'id' => 'zip', 'class' => 'fullwidth' ) ) .
 702+ $form .= '<td>' . Xml::input( 'zip', '30', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'maxlength' => '9', 'id' => 'zip', 'class' => 'fullwidth' ) ) .
689703 '</td>';
690704 $form .= '</tr>';
691705 return $form;
@@ -699,8 +713,8 @@
700714 $form .= '</tr>';
701715 $form .= '<tr>';
702716 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-name' ), 'fname' ) . '</td>';
703 - $form .= '<td>' . Xml::input( 'fname', '30', $this->form_data['fname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-donor-fname' ) . '\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
704 - Xml::input( 'lname', '30', $this->form_data['lname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-donor-lname' ) . '\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
 717+ $form .= '<td>' . Xml::input( 'fname', '30', $this->getEscapedValue( 'fname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-donor-fname' ) . '\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
 718+ Xml::input( 'lname', '30', $this->getEscapedValue( 'lname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \'' . wfMsg( 'donate_interface-donor-lname' ) . '\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
705719 $form .= "</tr>";
706720 return $form;
707721 }
@@ -717,14 +731,14 @@
718732 protected function getCommentField() {
719733 $form = '<tr>';
720734 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-comment' ), 'comment' ) . '</td>';
721 - $form .= '<td>' . Xml::input( 'comment', '30', $this->form_data['comment'], array( 'type' => 'text', 'maxlength' => '200', 'class' => 'fullwidth' ) ) . '</td>';
 735+ $form .= '<td>' . Xml::input( 'comment', '30', $this->getEscapedValue( 'comment' ), array( 'type' => 'text', 'maxlength' => '200', 'class' => 'fullwidth' ) ) . '</td>';
722736 $form .= '</tr>';
723737 return $form;
724738 }
725739
726740 protected function getCommentOptionField() {
727741 global $wgRequest;
728 - $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data['comment-option'] : true;
 742+ $comment_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'comment-option' ) : true;
729743 $form = '<tr>';
730744 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'comment-option', $comment_opt_value );
731745 $form .= ' ' . Xml::label( wfMsg( 'donate_interface-anon-message' ), 'comment-option' ) . '</td>';
@@ -734,7 +748,7 @@
735749
736750 protected function getEmailOptField() {
737751 global $wgRequest;
738 - $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->form_data['email-opt'] : true;
 752+ $email_opt_value = ( $wgRequest->wasPosted() ) ? $this->getEscapedValue( 'email-opt' ) : true;
739753 $form = '<tr>';
740754 $form .= '<td class="check-option" colspan="2">' . Xml::check( 'email-opt', $email_opt_value );
741755 $form .= ' ';
@@ -865,7 +879,9 @@
866880 unset( $query_array['_cache_'] );
867881
868882 // make sure no other data that might overwrite posted data makes it into the URL
869 - foreach ( $this->form_data as $key => $value ) {
 883+
 884+ $all_form_data = $this->gateway->getData_Unstaged_Escaped();
 885+ foreach ( $all_form_data as $key => $value ) {
870886 unset( $query_array[$key] );
871887 }
872888
@@ -966,5 +982,17 @@
967983 $form .= '</table>';
968984 return $form;
969985 }
 986+
 987+ /**
 988+ * Pulls normalized and escaped data from the $gateway object.
 989+ * For more information, see GatewayAdapter::getData_Unstaged_Escaped in
 990+ * $IP/extensions/DonationData/gateway_common/gateway.adapter.php
 991+ * @param string $key The value to fetch from the adapter.
 992+ * @return mixed The escaped value in the adapter, or null if none exists.
 993+ * Note: The value could still be a blank string in some cases.
 994+ */
 995+ protected function getEscapedValue( $key ) {
 996+ return $this->gateway->getData_Unstaged_Escaped( $key );
 997+ }
970998 }
971999
Index: trunk/extensions/DonationInterface/gateway_forms/TwoColumnLetter.php
@@ -1,7 +1,6 @@
22 <?php
33
44 class Gateway_Form_TwoColumnLetter extends Gateway_Form_OneStepTwoColumn {
5 - public $paypal = false; // true for paypal only version
65
76 public function __construct( &$gateway, &$form_errors ) {
87 global $wgScriptPath;
@@ -15,23 +14,13 @@
1615 }
1716
1817 public function generateFormStart() {
19 - global $wgOut, $wgRequest;
20 -
21 - $this->paypal = $wgRequest->getBool( 'paypal', false );
22 -
2318 $form = parent::generateBannerHeader();
2419
2520 $form .= Xml::openElement( 'table', array( 'width' => '100%', 'cellspacing' => 0, 'cellpadding' => 0, 'border' => 0 ) );
2621 $form .= Xml::openElement( 'tr' );
2722 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
2823
29 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
30 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
31 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
32 -
33 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
34 - // if the template doesn't exist, prevent the display of the red link
35 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 24+ $template = self::generateTextTemplate();
3625 $form .= $template;
3726
3827 $form .= Xml::closeElement( 'td' );
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnPremium.php
@@ -13,7 +13,7 @@
1414 }
1515
1616 public function generateFormStart() {
17 - global $wgRequest, $wgScriptPath;
 17+ global $wgScriptPath;
1818
1919 $form = parent::generateBannerHeader();
2020
@@ -26,12 +26,12 @@
2727 $form .= Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/wikipedia-ten-tshirt-front.png", 'width' => '300', 'height' => '280' ) ) . "<br/>";
2828 $form .= Xml::openElement( 'div', array( 'id' => 'premium-values' ) );
2929 $form .= Xml::openElement( 'div', array( 'id' => 'premium-size' ) );
30 - $sizeDisplay = '<span id="size-display">'.$wgRequest->getText( 'size' ).'</span>';
 30+ $sizeDisplay = '<span id="size-display">'.$this->getEscapedValue( 'size' ).'</span>';
3131 $form .= wfMsg( 'donate_interface-shirt-size-2', $sizeDisplay );
3232 $form .= Xml::closeElement( 'div' ); // close div#premium-size
3333 $form .= wfMsg( 'donate_interface-on-the-back' ) . "<br/>";
3434 $form .= Xml::openElement( 'div', array( 'id' => 'premium-language' ) );
35 - $form .= Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/wordmarks/".$wgRequest->getText( 'premium_language' )."-wordmark.png", 'width' => '200', 'height' => '92' ) );
 35+ $form .= Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/wordmarks/".$this->getEscapedValue( 'premium_language' )."-wordmark.png", 'width' => '200', 'height' => '92' ) );
3636 $form .= Xml::closeElement( 'div' ); // close div#premium-language
3737 $form .= Xml::closeElement( 'div' ); // close div#premium-values
3838 $form .= Xml::closeElement( 'div' ); // close div#premium-confirmation
@@ -100,12 +100,12 @@
101101 $form .= '</tr>';
102102 $form .= '<tr>';
103103 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
104 - $form .= '<td>' . Xml::input( 'amount', '7', $this->form_data['amount'], array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
 104+ $form .= '<td>' . Xml::input( 'amount', '7', $this->getEscapedValue( 'amount' ), array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
105105 ' ' . $this->generateCurrencyDropdown() . '</td>';
106106 $form .= '</tr>';
107107
108108 // card logos
109 - if ( $this->form_data[ 'currency_code' ] == 'USD' ) {
 109+ if ( $this->getEscapedValue( 'currency_code' ) == 'USD' ) {
110110 $form .= '<tr id="four_cards" style="display:table-row;">';
111111 $form .= '<td class="label"> </td><td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos.gif" ) ) . '</td>';
112112 $form .= '</tr>';
@@ -142,7 +142,7 @@
143143 $form .= $this->getZipField();
144144
145145 // country
146 - $form .= $this->getCountryField( $this->form_data[ 'country2' ] );
 146+ $form .= $this->getCountryField( $this->getEscapedValue( 'country2' ) );
147147
148148 /*
149149 $form .= '<tr>';
@@ -176,7 +176,7 @@
177177 }
178178
179179 // Temporary
180 - $form .= Html::hidden( 'country2', $this->form_data[ 'country2' ] );
 180+ $form .= Html::hidden( 'country2', $this->getEscapedValue( 'country2' ) );
181181
182182 $form .= Xml::closeElement( 'form' ); // close form 'payment'
183183 $form .= $this->generateDonationFooter();
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumn.php
@@ -170,7 +170,7 @@
171171 $form .= '</tr>';
172172 $form .= '<tr>';
173173 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-donor-amount' ), 'amount' ) . '</td>';
174 - $form .= '<td>' . Xml::input( 'amount', '7', $this->form_data['amount'], array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
 174+ $form .= '<td>' . Xml::input( 'amount', '7', $this->getEscapedValue( 'amount' ), array( 'type' => 'text', 'maxlength' => '10', 'id' => 'amount' ) ) .
175175 ' ' . $this->generateCurrencyDropdown() . '</td>';
176176 $form .= '</tr>';
177177
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnLetter3.php
@@ -115,7 +115,7 @@
116116 }
117117
118118 public function generateFormStart() {
119 - global $wgOut, $wgRequest;
 119+ global $wgOut;
120120
121121 $form = parent::generateBannerHeader();
122122
@@ -123,13 +123,7 @@
124124 $form .= Xml::openElement( 'tr' );
125125 $form .= Xml::openElement( 'td', array( 'id' => 'appeal', 'valign' => 'top' ) );
126126
127 - $text_template = $wgRequest->getText( 'text_template', '2010/JimmyAppealLong' );
128 - // if the user has uselang set, honor that, otherwise default to the language set for the form defined by 'language' in the query string
129 - if ( $wgRequest->getText( 'language' ) ) $text_template .= '/' . $this->form_data[ 'language' ];
130 -
131 - $template = ( strlen( $text_template ) ) ? $wgOut->parse( '{{' . $text_template . '}}' ) : '';
132 - // if the template doesn't exist, prevent the display of the red link
133 - if ( preg_match( '/redlink\=1/', $template ) ) $template = NULL;
 127+ $template = self::generateTextTemplate();
134128 $form .= $template;
135129
136130 $form .= Xml::closeElement( 'td' );
@@ -213,11 +207,11 @@
214208 $form .= '</tr>';
215209 $form .= '<tr>';
216210 $form .= '<td class="amount_data">'.wfMsg( 'donate_interface-donation' ).'</td>';
217 - $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->form_data['amount'] .
218 - Html::hidden( 'amount', $this->form_data['amount'] ) .
 211+ $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->getEscapedValue( 'amount' ) .
 212+ Html::hidden( 'amount', $this->getEscapedValue( 'amount' ) ) .
219213 '</td>';
220 - $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->form_data[ 'currency_code' ] .
221 - Html::hidden( 'currency_code', $this->form_data['currency_code'] ) .
 214+ $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->getEscapedValue( 'currency_code' ) .
 215+ Html::hidden( 'currency_code', $this->getEscapedValue( 'currency_code' ) ) .
222216 '</td>';
223217 $form .= '</tr>';
224218 $form .= '</table>';
@@ -232,7 +226,7 @@
233227 // card logos
234228 $form .= '<tr>';
235229 $form .= '<td class="label"> </td>';
236 - if ( $this->form_data[ 'currency_code' ] == 'USD' ) {
 230+ if ( $this->getEscapedValue( 'currency_code' ) == 'USD' ) {
237231 $form .= '<td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos.gif" ) ) . '</td>';
238232 } else {
239233 $form .= '<td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos3.gif" ) ) . '</td>';
@@ -240,7 +234,7 @@
241235 $form .= '</tr>';
242236
243237 // card number
244 - $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->form_data[ 'card_num' ] : '';
 238+ $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->getEscapedValue( 'card_num' ) : '';
245239 $form .= '';
246240 if ( $this->form_errors['card_num'] ) {
247241 $form .= '<tr>';
@@ -276,8 +270,8 @@
277271 $form .= '</tr>';
278272 $form .= '<tr>';
279273 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-name-on-card' ), 'fname' ) . '</td>';
280 - $form .= '<td>' . Xml::input( 'fname', '30', $this->form_data['fname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
281 - Xml::input( 'lname', '30', $this->form_data['lname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
 274+ $form .= '<td>' . Xml::input( 'fname', '30', $this->getEscapedValue( 'fname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
 275+ Xml::input( 'lname', '30', $this->getEscapedValue( 'lname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
282276 $form .= "</tr>";
283277
284278 // street
@@ -286,7 +280,7 @@
287281 $form .= '</tr>';
288282 $form .= '<tr>';
289283 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-billing-address' ), 'street' ) . '</td>';
290 - $form .= '<td>' . Xml::input( 'street', '30', $this->form_data['street'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
 284+ $form .= '<td>' . Xml::input( 'street', '30', $this->getEscapedValue( 'street' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
291285 '</td>';
292286 $form .= '</tr>';
293287
@@ -296,9 +290,9 @@
297291 $form .= '</tr>';
298292 $form .= '<tr>';
299293 $form .= '<td class="label"> </td>';
300 - $form .= '<td>' . Xml::input( 'city', '18', $this->form_data['city'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
 294+ $form .= '<td>' . Xml::input( 'city', '18', $this->getEscapedValue( 'city' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
301295 $this->generateStateDropdown() . ' ' .
302 - Xml::input( 'zip', '5', $this->form_data['zip'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
 296+ Xml::input( 'zip', '5', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
303297 Html::hidden( 'country', 'US' ) .
304298 '</td>';
305299 $form .= '</tr>';
@@ -320,7 +314,7 @@
321315 $form .= '</tr>';
322316 $form .= '<tr>';
323317 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-email-receipt' ), 'emailAdd' ) . '</td>';
324 - $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->form_data['email'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
 318+ $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->getEscapedValue( 'email' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
325319 '</td>';
326320 $form .= '</tr>';
327321
@@ -368,7 +362,7 @@
369363 // generate dropdown of state opts
370364 foreach ( $states as $value => $state_name ) {
371365 if ( $value !== 'YY' && $value !== 'XX' ) {
372 - $selected = ( $this->form_data[ 'state' ] == $value ) ? true : false;
 366+ $selected = ( $this->getEscapedValue( 'state' ) == $value ) ? true : false;
373367 $state_opts .= Xml::option( $value, $value, $selected );
374368 }
375369 }
Index: trunk/extensions/DonationInterface/gateway_forms/RapidHtml.php
@@ -178,8 +178,8 @@
179179 foreach ( $this->data_tokens as $token ) {
180180 $key = substr( $token, 1, strlen( $token )); //get the token string w/o the '@'
181181 if ( $key == 'emailAdd' ) $key = 'email';
182 - if ( array_key_exists( $key, $this->form_data )) {
183 - $replace = $this->form_data[ $key ];
 182+ if ( $this->getEscapedValue( $key ) ) {
 183+ $replace = $this->getEscapedValue( $key );
184184 } else {
185185 $replace = '';
186186 }
@@ -249,7 +249,7 @@
250250 } else {
251251 $params[ $k ] .= '?';
252252 }
253 - $params[ $k ] .= "language=" . $this->form_data['language']. "&country=" . $this->form_data['country'];
 253+ $params[ $k ] .= "language=" . $this->getEscapedValue( 'language' ) . "&country=" . $this->getEscapedValue( 'country' );
254254 }
255255 }
256256 $html = str_replace( $matches[ 0 ][ $i ], wfMsg( $msg_key, $params ), $html );
@@ -277,7 +277,7 @@
278278 * @return string The HTML form containing translated messages
279279 */
280280 public function replace_blocks( $html ){
281 - global $wgRequest, $wgGlobalCollectGatewayHtmlFormDir;
 281+ global $wgRequest;
282282 if( $wgRequest->getText( 'debug', 'false' ) == 'true' ){
283283 # do not replace tokens
284284 return $html;
@@ -291,14 +291,15 @@
292292
293293 foreach( $matches[ 1 ] as $i => $key ){
294294 # $matches[ 1 ] is specified in the code, not user input
295 - $filepath = $wgGlobalCollectGatewayHtmlFormDir . '/_' . $matches[ 1 ][ $i ] . '/';
 295+ $filepath = $this->gateway->getGlobal('HtmlFormDir') . '/_' . $matches[ 1 ][ $i ] . '/';
296296
297297 $var = 'default';
298298
299 - # check to see if the parameter is, in fact, an element of form_data
300 - if( array_key_exists( $matches[ 2 ][ $i ], $this->form_data ) ){
 299+ # check to see if the parameter is, in fact, an element in DonationData
 300+ $param = $this->getEscapedValue( $matches[ 2 ][ $i ] );
 301+ if( $param ){
301302 # get the value of the element and super-escape
302 - $var = $this->make_safe( $this->form_data[ $matches[ 2 ][ $i ] ], 'default' );
 303+ $var = $this->make_safe( $param, 'default' );
303304 }
304305
305306 # oh, and we only allow with the extension .html
@@ -332,7 +333,7 @@
333334 // currency code
334335 $start = strpos( $html, 'name="currency_code"' );
335336 if ( $start ) {
336 - $currency_code = $this->form_data['currency_code'];
 337+ $currency_code = $this->getEscapedValue( 'currency_code' );
337338 $end = strpos( $html, '</select>', $start );
338339 $str = substr( $html, $start, ( $end - $start ) );
339340 $str = str_replace( 'value="' . $currency_code . '"', 'value="' . $currency_code . '" selected="selected"', $str );
@@ -340,7 +341,7 @@
341342 }
342343
343344 // mos
344 - $month = substr( $this->form_data['expiration'], 0, 2 );
 345+ $month = substr( $this->getEscapedValue( 'expiration' ), 0, 2 );
345346 $start = strpos( $html, 'name="mos"' );
346347 if ( $start ) {
347348 $end = strpos( $html, '</select>', $start );
@@ -350,7 +351,7 @@
351352 }
352353
353354 // year
354 - $year = substr( $this->form_data['expiration'], 2, 2 );
 355+ $year = substr( $this->getEscapedValue( 'expiration' ), 2, 2 );
355356 $start = strpos( $html, 'name="year"' );
356357 if ( $start ) {
357358 $end = strpos( $html, '</select>', $start );
@@ -361,7 +362,7 @@
362363 }
363364
364365 // state
365 - $state = $this->form_data['state'];
 366+ $state = $this->getEscapedValue( 'state' );
366367 $start = strpos( $html, 'name="state"' );
367368 if ( $start ) {
368369 $end = strpos( $html, '</select>', $start );
@@ -371,7 +372,7 @@
372373 }
373374
374375 //country
375 - $country = $this->form_data['country'];
 376+ $country = $this->getEscapedValue( 'country' );
376377 $start = strpos( $html, 'name="country"' );
377378 if ( $start ) {
378379 $end = strpos( $html, '</select>', $start );
@@ -408,7 +409,7 @@
409410 global $wgRequest;
410411 if ( $wgRequest->getText( '_cache_', false )) {
411412 $this->loadApiJs();
412 -}
 413+ }
413414 }
414415
415416 /**
Index: trunk/extensions/DonationInterface/gateway_forms/TwoStepTwoColumnPremiumUS.php
@@ -121,7 +121,7 @@
122122 }
123123
124124 public function generateFormStart() {
125 - global $wgRequest, $wgScriptPath;
 125+ global $wgScriptPath;
126126
127127 $form = parent::generateBannerHeader();
128128
@@ -131,7 +131,7 @@
132132
133133 $form .= Xml::openElement( 'div', array( 'id' => 'premium-confirmation' ) );
134134 $form .= Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/Wikipedia-ten-tshirt-back.jpg", 'width' => '300', 'height' => '300' ) );
135 - $form .= wfMsg( 'donate_interface-shirt-size-2', $wgRequest->getText( 'size' ) );
 135+ $form .= wfMsg( 'donate_interface-shirt-size-2', $this->getEscapedValue( 'size' ) );
136136 $form .= Xml::closeElement( 'div' ); // close div#premium-confirmation
137137
138138 $form .= Xml::closeElement( 'td' );
@@ -197,11 +197,11 @@
198198 $form .= '</tr>';
199199 $form .= '<tr>';
200200 $form .= '<td class="amount_data">'.wfMsg( 'donate_interface-donation' ).'</td>';
201 - $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->form_data['amount'] .
202 - Html::hidden( 'amount', $this->form_data['amount'] ) .
 201+ $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->getEscapedValue( 'amount' ) .
 202+ Html::hidden( 'amount', $this->getEscapedValue( 'amount' ) ) .
203203 '</td>';
204 - $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->form_data[ 'currency_code' ] .
205 - Html::hidden( 'currency_code', $this->form_data['currency_code'] ) .
 204+ $form .= '<td class="amount_data" style="text-align:right;width:75px;">'.$this->getEscapedValue( 'currency_code' ) .
 205+ Html::hidden( 'currency_code', $this->getEscapedValue( 'currency_code' ) ) .
206206 '</td>';
207207 $form .= '</tr>';
208208 $form .= '</table>';
@@ -216,7 +216,7 @@
217217 // card logos
218218 $form .= '<tr>';
219219 $form .= '<td class="label"> </td>';
220 - if ( $this->form_data[ 'currency_code' ] == 'USD' ) {
 220+ if ( $this->getEscapedValue( 'currency_code' ) == 'USD' ) {
221221 $form .= '<td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos.gif" ) ) . '</td>';
222222 } else {
223223 $form .= '<td>' . Xml::element( 'img', array( 'src' => $wgScriptPath . "/extensions/DonationInterface/gateway_forms/includes/credit_card_logos3.gif" ) ) . '</td>';
@@ -224,7 +224,7 @@
225225 $form .= '</tr>';
226226
227227 // card number
228 - $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->form_data[ 'card_num' ] : '';
 228+ $card_num = ( $this->gateway->getGlobal( "Test" ) ) ? $this->getEscapedValue( 'card_num' ) : '';
229229 $form .= '';
230230 if ( $this->form_errors['card_num'] ) {
231231 $form .= '<tr>';
@@ -260,8 +260,8 @@
261261 $form .= '</tr>';
262262 $form .= '<tr>';
263263 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-name-on-card' ), 'fname' ) . '</td>';
264 - $form .= '<td>' . Xml::input( 'fname', '30', $this->form_data['fname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
265 - Xml::input( 'lname', '30', $this->form_data['lname'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
 264+ $form .= '<td>' . Xml::input( 'fname', '30', $this->getEscapedValue( 'fname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-fname' ).'\' )', 'maxlength' => '25', 'class' => 'required', 'id' => 'fname' ) ) .
 265+ Xml::input( 'lname', '30', $this->getEscapedValue( 'lname' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-lname' ).'\' )', 'maxlength' => '25', 'id' => 'lname' ) ) . '</td>';
266266 $form .= "</tr>";
267267
268268 // street
@@ -270,7 +270,7 @@
271271 $form .= '</tr>';
272272 $form .= '<tr>';
273273 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-billing-address' ), 'street' ) . '</td>';
274 - $form .= '<td>' . Xml::input( 'street', '30', $this->form_data['street'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
 274+ $form .= '<td>' . Xml::input( 'street', '30', $this->getEscapedValue( 'street' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-street' ).'\' )', 'maxlength' => '100', 'id' => 'street', 'class' => 'fullwidth' ) ) .
275275 '</td>';
276276 $form .= '</tr>';
277277
@@ -280,9 +280,9 @@
281281 $form .= '</tr>';
282282 $form .= '<tr>';
283283 $form .= '<td class="label"> </td>';
284 - $form .= '<td>' . Xml::input( 'city', '18', $this->form_data['city'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
 284+ $form .= '<td>' . Xml::input( 'city', '18', $this->getEscapedValue( 'city' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-city' ).'\' )', 'maxlength' => '40', 'id' => 'city' ) ) . ' ' .
285285 $this->generateStateDropdown() . ' ' .
286 - Xml::input( 'zip', '5', $this->form_data['zip'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
 286+ Xml::input( 'zip', '5', $this->getEscapedValue( 'zip' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-zip-code' ).'\' )', 'maxlength' => '10', 'id' => 'zip' ) ) .
287287 Html::hidden( 'country', 'US' ) .
288288 '</td>';
289289 $form .= '</tr>';
@@ -293,7 +293,7 @@
294294 $form .= '</tr>';
295295 $form .= '<tr>';
296296 $form .= '<td class="label"> </td>';
297 - $form .= '<td>' . $this->generateCountryDropdown( $this->form_data['country2'] ) . '</td>';
 297+ $form .= '<td>' . $this->generateCountryDropdown( $this->getEscapedValue( 'country2' ) ) . '</td>';
298298 $form .= '</tr>';
299299
300300 // email
@@ -302,7 +302,7 @@
303303 $form .= '</tr>';
304304 $form .= '<tr>';
305305 $form .= '<td class="label">' . Xml::label( wfMsg( 'donate_interface-email-receipt' ), 'emailAdd' ) . '</td>';
306 - $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->form_data['email'], array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
 306+ $form .= '<td>' . Xml::input( 'emailAdd', '30', $this->getEscapedValue( 'email' ), array( 'type' => 'text', 'onfocus' => 'clearField( this, \''.wfMsg( 'donate_interface-donor-email' ).'\' )', 'maxlength' => '64', 'id' => 'emailAdd', 'class' => 'fullwidth' ) ) .
307307 '</td>';
308308 $form .= '</tr>';
309309
@@ -350,7 +350,7 @@
351351 // generate dropdown of state opts
352352 foreach ( $states as $value => $state_name ) {
353353 if ( $value !== 'YY' && $value !== 'XX' ) {
354 - $selected = ( $this->form_data[ 'state' ] == $value ) ? true : false;
 354+ $selected = ( $this->getEscapedValue( 'state' ) == $value ) ? true : false;
355355 $state_opts .= Xml::option( $value, $value, $selected );
356356 }
357357 }
Index: trunk/extensions/DonationInterface/gateway_forms/OneStepTwoColumn.php
@@ -1,7 +1,6 @@
22 <?php
33
44 class Gateway_Form_OneStepTwoColumn extends Gateway_Form {
5 - public $paypal = false; // true for paypal only version
65
76 public function __construct( &$gateway, &$form_errors ) {
87 parent::__construct( $gateway, $form_errors );
@@ -120,10 +119,6 @@
121120 }
122121
123122 public function generateFormStart() {
124 - global $wgRequest;
125 -
126 - $this->paypal = $wgRequest->getBool( 'paypal', false );
127 -
128123 $form = $this->generateBannerHeader();
129124
130125 $form .= Xml::openElement( 'div', array( 'id' => 'mw-creditcard' ) );
@@ -203,9 +198,9 @@
204199
205200 // intro text
206201 if ( $wgRequest->getText( 'masthead', false ) ) {
207 - $template = $wgOut->parse( '{{' . $wgRequest->getText( 'masthead' ) . '/' . $this->form_data[ 'language' ] . '}}' );
 202+ $template = $wgOut->parse( '{{' . $wgRequest->getText( 'masthead' ) . '/' . $this->getEscapedValue( 'language' ) . '}}' );
208203 } elseif ( $this->gateway->getGlobal( "Header" ) ) {
209 - $header = str_replace( '@language', $this->form_data[ 'language' ], $this->gateway->getGlobal( "Header" ) );
 204+ $header = str_replace( '@language', $this->getEscapedValue( 'language' ), $this->gateway->getGlobal( "Header" ) );
210205 $template = $wgOut->parse( $header );
211206 }
212207
@@ -216,15 +211,15 @@
217212 }
218213
219214 protected function generatePersonalContainer() {
220 - global $wgRequest, $wgScriptPath;
 215+ global $wgScriptPath;
221216 $form = '';
222217 $form .= Xml::openElement( 'div', array( 'id' => 'payflowpro_gateway-personal-info' ) );
223218 $form .= Xml::tags( 'h3', array( 'class' => 'payflow-cc-form-header', 'id' => 'payflow-cc-form-header-personal' ), wfMsg( 'donate_interface-make-your-donation' ) );
224219 if ( !$this->paypal ) {
225 - $source = htmlspecialchars( $wgRequest->getText( 'utm_source' ) );
226 - $medium = htmlspecialchars( $wgRequest->getText( 'utm_medium' ) );
227 - $campaign = htmlspecialchars( $wgRequest->getText( 'utm_campaign' ) );
228 - $formname = htmlspecialchars( $wgRequest->getText( 'form_name' ) );
 220+ $source = $this->getEscapedValue( 'utm_source' );
 221+ $medium = $this->getEscapedValue( 'utm_medium' );
 222+ $campaign = $this->getEscapedValue( 'utm_campaign' );
 223+ $formname = $this->getEscapedValue( 'form_name' );
229224 $form .= Xml::Tags( 'p', array( 'id' => 'payflowpro_gateway-cc_otherways' ), wfMsg( 'donate_interface-paypal', $wgScriptPath, $formname, $source, $medium, $campaign ) );
230225 }
231226 $form .= Xml::openElement( 'table', array( 'id' => 'payflow-table-donor' ) );
Index: trunk/extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php
@@ -43,21 +43,21 @@
4444 * The default appeal
4545 *
4646 */
47 - const DEFAULT_APPEAL = <<<HTML
48 - <h2 id="appeal-head"> <span class="mw-headline" id="From_Wikipedia_programmer_Brandon_Harris">From Wikipedia programmer Brandon Harris</span></h2>
49 - <div id="appeal-body" class="plainlinks">
50 - <p>I feel like I'm living the first line of my obituary.</p>
51 - <p>I don't think there will be anything else that I do in my life as important as what I do now for Wikipedia. We're not just building an encyclopedia, we're working to make people free. When we have access to free knowledge, we are better people. We understand the world is bigger than us, and we become infected with tolerance and understanding.</p>
52 - <p>Wikipedia is the 5th largest website in the world. I work at the small non-profit that keeps it on the web. We don't run ads because doing so would sacrifice our independence. The site is not and should never be a propaganda tool.</p>
53 - <p>Our work is possible because of donations from our readers. Will you help protect Wikipedia by donating $5, $10, $20 or whatever you can afford?</p>
54 - <p>I work at the Wikimedia Foundation because everything in my soul tells me it's the right thing to do. I've worked at huge tech companies, doing some job to build some crappy thing that's designed to steal money from some kid who doesn't know it. I would come home from work crushed.</p>
55 - <p>You might not know this, but the Wikimedia Foundation operates with a very small staff. Most other top-ten sites have tens of thousands of people and massive budgets. But they produce a fraction of what we pull off with sticks and wire.</p>
56 - <p>When you give to Wikipedia, you're supporting free knowledge around the world. You're not only leaving a legacy for your children and for their children, you're elevating people around the world who have access to this treasure. You're assuring that one day everyone else will too.</p>
57 - <p>Thank you,</p>
58 - <p><strong>Brandon Harris</strong><br /></p>
59 - <p>Programmer, Wikimedia Foundation</p>
60 - </div>
61 -HTML;
 47+// const DEFAULT_APPEAL = <<<HTML
 48+// <h2 id="appeal-head"> <span class="mw-headline" id="From_Wikipedia_programmer_Brandon_Harris">From Wikipedia programmer Brandon Harris</span></h2>
 49+// <div id="appeal-body" class="plainlinks">
 50+// <p>I feel like I'm living the first line of my obituary.</p>
 51+// <p>I don't think there will be anything else that I do in my life as important as what I do now for Wikipedia. We're not just building an encyclopedia, we're working to make people free. When we have access to free knowledge, we are better people. We understand the world is bigger than us, and we become infected with tolerance and understanding.</p>
 52+// <p>Wikipedia is the 5th largest website in the world. I work at the small non-profit that keeps it on the web. We don't run ads because doing so would sacrifice our independence. The site is not and should never be a propaganda tool.</p>
 53+// <p>Our work is possible because of donations from our readers. Will you help protect Wikipedia by donating $5, $10, $20 or whatever you can afford?</p>
 54+// <p>I work at the Wikimedia Foundation because everything in my soul tells me it's the right thing to do. I've worked at huge tech companies, doing some job to build some crappy thing that's designed to steal money from some kid who doesn't know it. I would come home from work crushed.</p>
 55+// <p>You might not know this, but the Wikimedia Foundation operates with a very small staff. Most other top-ten sites have tens of thousands of people and massive budgets. But they produce a fraction of what we pull off with sticks and wire.</p>
 56+// <p>When you give to Wikipedia, you're supporting free knowledge around the world. You're not only leaving a legacy for your children and for their children, you're elevating people around the world who have access to this treasure. You're assuring that one day everyone else will too.</p>
 57+// <p>Thank you,</p>
 58+// <p><strong>Brandon Harris</strong><br /></p>
 59+// <p>Programmer, Wikimedia Foundation</p>
 60+// </div>
 61+//HTML;
6262
6363 ////////////////////////////////////////////////////////////////////////////
6464 //
@@ -73,11 +73,11 @@
7474 */
7575 protected function init() {
7676
77 - $this->setPaymentMethod( $this->form_data['payment_method'] );
78 - $this->setPaymentSubmethod( $this->form_data['payment_submethod'] );
 77+ $this->setPaymentMethod( $this->getEscapedValue( 'payment_method' ) );
 78+ $this->setPaymentSubmethod( $this->getEscapedValue( 'payment_submethod' ) );
7979
8080 // Should process be deprecated?
81 - $this->form_data['process'] = 'other';
 81+ $this->getEscapedValue( 'process' ) = 'other';
8282
8383 // Initialize the appeal
8484 $this->appeal = self::DEFAULT_APPEAL;
@@ -356,7 +356,7 @@
357357 'iban' => array( 'required' => true, ),
358358 );
359359
360 - $country = isset( $this->form_data['country'] ) ? $this->form_data['country'] : '';
 360+ $country = !is_null( $this->getEscapedValue( 'country' ) ) ? $this->getEscapedValue( 'country' ) : '';
361361
362362 if ( $country == 'AT' ) {
363363
@@ -403,7 +403,7 @@
404404 $elementClass .= $required ? ' required ' : '' ;
405405 $elementClass = trim( $elementClass );
406406
407 - $return .= Xml::input( $field, '', $this->form_data[ $field ], array( 'class' => $elementClass, 'type' => 'text', 'maxlength' => '32', 'id' => $field ) );
 407+ $return .= Xml::input( $field, '', $this->getEscapedValue( $field ), array( 'class' => $elementClass, 'type' => 'text', 'maxlength' => '32', 'id' => $field ) );
408408 $return .= '</td>';
409409 $return .= '</tr>';
410410 }
@@ -561,7 +561,7 @@
562562
563563 // generate dropdown of issuer_ids
564564 foreach ( $payment_submethod['issuerids'] as $issuer_id => $issuer_id_label ) {
565 - $selected = ( $this->form_data['issuer_id'] == $issuer_id ) ? true : false;
 565+ $selected = ( $this->getEscapedValue( 'issuer_id' ) == $issuer_id ) ? true : false;
566566 //$selectOptions .= Xml::option( wfMsg( 'donate_interface-rtbt-' . $issuer_id ), $issuer_id_label, $selected );
567567 $selectOptions .= Xml::option( $issuer_id_label, $issuer_id, $selected );
568568 }
@@ -619,7 +619,7 @@
620620 $radioOptions = array();
621621 $radioOptions['showCardsOnCurrencyChange'] = false;
622622
623 - $country = isset( $this->form_data['country'] ) ? $this->form_data['country'] : '';
 623+ $country = !is_null( $this->getEscapedValue( 'country' ) ) ? $this->getEscapedValue( 'country' ) : '';
624624
625625 if ( $country == 'SG' ) {
626626 $radioOptions['setCurrency'] = 'SGD';
@@ -769,8 +769,8 @@
770770 $form .= Xml::tags( 'li', array(), 'payment_method: ' . $this->getPaymentMethod() );
771771 $form .= Xml::tags( 'li', array(), 'payment_submethod: ' . $this->getPaymentSubmethod() );
772772
773 - if ( isset( $this->form_data['issuer_id'] ) ) {
774 - $form .= Xml::tags( 'li', array(), 'issuer_id: ' . $this->form_data['issuer_id'] );
 773+ if ( !is_null( $this->getEscapedValue( 'issuer_id' ) ) ) {
 774+ $form .= Xml::tags( 'li', array(), 'issuer_id: ' . $this->getEscapedValue( 'issuer_id' ) );
775775 }
776776
777777 $form .= Xml::closeElement( 'ul' ); // close div#mw-payment-information ul
@@ -828,7 +828,7 @@
829829
830830 // generate dropdown of issuer_ids
831831 foreach ( $payment_submethod['issuerids'] as $issuer_id => $issuer_id_label ) {
832 - $selected = ( $this->form_data['issuer_id'] == $issuer_id ) ? true : false;
 832+ $selected = ( $this->getEscapedValue( 'issuer_id' ) == $issuer_id ) ? true : false;
833833 //$selectOptions .= Xml::option( wfMsg( 'donate_interface-rtbt-' . $issuer_id ), $issuer_id_label, $selected );
834834 $selectOptions .= Xml::option( $issuer_id_label, $issuer_id, $selected );
835835 }
Index: trunk/extensions/DonationInterface/gateway_common/gateway.adapter.php
@@ -387,6 +387,13 @@
388388 /**
389389 * This is the ONLY getData type function anything should be using
390390 * outside the adapter.
 391+ * Short explanation of the data population up to now:
 392+ * *) When the gateway adapter is constructed, it constructs a DonationData
 393+ * object.
 394+ * *) On construction, the DonationData object pulls donation data from an
 395+ * appropriate source, and normalizes the entire data set for storage.
 396+ * *) The gateway adapter pulls normalized, html escaped data out of the
 397+ * DonationData object, as the base of its own data set.
391398 * @param string $val The specific key you're looking for (if any)
392399 * @return mixed An array of all the raw, unstaged (but normalized and
393400 * sanitized) data sent to the adapter, or if $val was set, either the
Index: trunk/extensions/DonationInterface/gateway_common/DonationData.php
@@ -101,6 +101,8 @@
102102 'direct_debit_text' => $wgRequest->getText( 'direct_debit_text', null ),
103103 'iban' => $wgRequest->getText( 'iban', null ),
104104 'transaction_type' => $wgRequest->getText( 'transaction_type', null ),
 105+ 'form_name' => $wgRequest->getText( 'form_name', null ),
 106+ 'ffname' => $wgRequest->getText( 'ffname', null ),
105107 );
106108 if ( !$this->wasPosted() ) {
107109 $this->setVal( 'posted', false );
Index: trunk/extensions/DonationInterface/gateway_common/GatewayForm.php
@@ -326,9 +326,13 @@
327327 */
328328 public function setFormClass( $class_name = NULL ) {
329329 if ( !$class_name ) {
330 - global $wgRequest;
 330+ //TODO: This is the sort of thing we really ought to be handled in
 331+ //DonationData instead of all the way out here.
331332 $defaultForm = $this->adapter->getGlobal( 'DefaultForm' );
332 - $form_class = $wgRequest->getText( 'form_name', $defaultForm );
 333+ $form_class = $this->adapter->getData_Unstaged_Escaped( 'form_name' );
 334+ if ( is_null( $form_class ) ){
 335+ $form_class = $defaultForm;
 336+ }
333337
334338 // make sure our form class exists before going on, if not try loading default form class
335339 $class_name = "Gateway_Form_" . $form_class;
@@ -342,7 +346,8 @@
343347 }
344348 $this->form_class = $class_name;
345349
346 - //this should... maybe replace the other thing? I need it in the adapter so reCaptcha can get to it.
 350+ //...this is just dumb now.
 351+ //TODO: Check who's using this get/set combo, and maybe nuke it all.
347352 $this->adapter->setFormClass( $class_name );
348353 }
349354

Follow-up revisions

RevisionCommit summaryAuthorDate
r106308followup r106109...khorn02:29, 15 December 2011
r112287MFT r101785, r105938, r105941, r105953, r106109, r106158, r106259, r106366, r...khorn01:29, 24 February 2012

Comments

#Comment by Krinkle (talk | contribs)   01:52, 15 December 2011 
Index: trunk/extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php
===================================================================
--- trunk/extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php	(revision 106108)
+++ trunk/extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php	(revision 106109)


-		$this->form_data['process'] = 'other';
+		$this->getEscapedValue( 'process' ) = 'other';

PHP Fatal error:  Can't use method return value in write context in /mw-extensions/DonationInterface/globalcollect_gateway/forms/TwoStepAmount.php on line 80
http://integration.mediawiki.org/ci/job/MediaWiki-lint/69/console
#Comment by Khorn (WMF) (talk | contribs)   01:58, 15 December 2011

Bah, I knew there was going to be a find-and-replace error in the sea of finds and replaces I had to do for all this! ...on the other hand, what the heck is a form doing assigning values to form_data?

Ah! I just noticed, this is TwoStepAmount. That form is not a form we will ever have in production, as it was one dev's personal sandbox and should probably be removed or blacklisted or something.

Thanks, man. I'll fix it.

#Comment by Khorn (WMF) (talk | contribs)   02:35, 15 December 2011

Fixed in r106308.

#Comment by Khorn (WMF) (talk | contribs)   02:37, 15 December 2011

...and TwoStepAmount should be either moved somewhere that says "I'm not real" or deleted soon, so people stop mistaking it for a potential production form.

Status & tagging log