r106334 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r106333‎ \| r106334 \| r106335 >
Date:	16:46, 15 December 2011
Author:	gregchiasson
Status:	ok
Tags:
Comment:	AFTv5 - Remove extraneous group by and pass variables through intval() to close potential sql injection vulnerability. Update PKey definitions in schema for rollup tables (added to alter.sql and to the main schema). Fixes issues pointed out on r105601
Modified paths:	/trunk/extensions/ArticleFeedbackv5/api/ApiArticleFeedbackv5.php (modified) (history) /trunk/extensions/ArticleFeedbackv5/sql/ArticleFeedbackv5.sql (modified) (history) /trunk/extensions/ArticleFeedbackv5/sql/alter.sql (modified) (history)

Diff [purge]

Index: trunk/extensions/ArticleFeedbackv5/sql/ArticleFeedbackv5.sql
—	—	@@ -134,7 +134,7 @@
135	135	arfsr_field_id integer unsigned NOT NULL,
136	136	arfsr_total integer unsigned NOT NULL,
137	137	arfsr_count integer unsigned NOT NULL,
138		~~- PRIMARY KEY (arfsr_revision_id, arfsr_option_id)~~
	138	+ PRIMARY KEY (arfsr_page_id, arfsr_field_id, arfsr_revision_id, arfsr_option_id)
139	139	) /$wgDBTableOptions/;
140	140
141	141	-- Directly taken from AFTv4
Index: trunk/extensions/ArticleFeedbackv5/sql/alter.sql
—	—	@@ -39,3 +39,9 @@
40	40
41	41	-- added 12/8 (later)
42	42	CREATE INDEX /i/af_page_feedback_id ON /_/aft_article_feedback (af_page_id, af_id);
	43	+
	44	+-- aded 12/15
	45	+ALTER TABLE aft_article_revision_feedback_select_rollup DROP PRIMARY KEY;
	46	+ALTER TABLE aft_article_revision_feedback_select_rollup ADD PRIMARY KEY (arfsr_page_id, arfsr_field_id, arfsr_revision_id, arfsr_option_id);
	47	+ALTER TABLE aft_article_revision_feedback_ratings_rollup DROP PRIMARY KEY;
	48	+ALTER TABLE aft_article_revision_feedback_ratings_rollup ADD PRIMARY KEY (afrr_page_id, afrr_field_id, afrr_revision_id);
Index: trunk/extensions/ArticleFeedbackv5/api/ApiArticleFeedbackv5.php
—	—	@@ -340,7 +340,7 @@
341	341	$dbw->update(
342	342	'aft_article_revision_feedback_ratings_rollup',
343	343	array(
344		~~- "afrr_total = afrr_total + $value",~~
	344	+ "afrr_total = afrr_total + " . intval( $value ),
345	345	"afrr_count = afrr_count + 1",
346	346	),
347	347	array(
—	—	@@ -373,7 +373,7 @@
374	374	),
375	375	array(
376	376	'arfsr_page_id' => $pageId,
377		~~- "arfsr_revision_id > $limit",~~
	377	+ "arfsr_revision_id > " . intval( $limit ),
378	378	'arfsr_field_id' => $field
379	379	),
380	380	__METHOD__,
—	—	@@ -383,11 +383,11 @@
384	384	$page_data = array();
385	385	foreach( $rows as $row ) {
386	386	$page_data[] = array(
387		~~- 'afsr_page_id' => $pageId,~~
388		~~- 'afsr_field_id' => $field,~~
389		~~- 'afsr_option_id' => $row->arfsr_option_id,~~
390		~~- 'afsr_total' => $row->total,~~
391		~~- 'afsr_count' => $row->count~~
	387	+ 'afsr_page_id' => $pageId,
	388	+ 'afsr_field_id' => $field,
	389	+ 'afsr_option_id' => $row->arfsr_option_id,
	390	+ 'afsr_total' => $row->total,
	391	+ 'afsr_count' => $row->count
392	392	);
393	393	}
394	394	} else {
—	—	@@ -401,11 +401,10 @@
402	402	),
403	403	array(
404	404	'afrr_page_id' => $pageId,
405		~~- "afrr_revision_id > $limit",~~
	405	+ "afrr_revision_id > " . intval( $limit ),
406	406	'afrr_field_id' => $field
407	407	),
408		~~- __METHOD__,~~
409		~~- array( 'GROUP BY' => 'afrr_field_id' )~~
	408	+ __METHOD__
410	409	);
411	410
412	411	$page_data = array(

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r105601	Rework the way AFTv5 rollups tables work, which should alleviate performance ...	gregchiasson	22:34, 8 December 2011

Status & tagging log

13:26, 16 December 2011 Catrope (talk | contribs) changed the status of r106334 [removed: new added: ok]