r106334 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r106333‎ | r106334 | r106335 >
Date:16:46, 15 December 2011
Author:gregchiasson
Status:ok
Tags:
Comment:
AFTv5 - Remove extraneous group by and pass variables through intval() to close potential sql injection vulnerability. Update PKey definitions in schema for rollup tables (added to alter.sql and to the main schema). Fixes issues pointed out on r105601
Modified paths:
  • /trunk/extensions/ArticleFeedbackv5/api/ApiArticleFeedbackv5.php (modified) (history)
  • /trunk/extensions/ArticleFeedbackv5/sql/ArticleFeedbackv5.sql (modified) (history)
  • /trunk/extensions/ArticleFeedbackv5/sql/alter.sql (modified) (history)

Diff [purge]

Index: trunk/extensions/ArticleFeedbackv5/sql/ArticleFeedbackv5.sql
@@ -134,7 +134,7 @@
135135 arfsr_field_id integer unsigned NOT NULL,
136136 arfsr_total integer unsigned NOT NULL,
137137 arfsr_count integer unsigned NOT NULL,
138 - PRIMARY KEY (arfsr_revision_id, arfsr_option_id)
 138+ PRIMARY KEY (arfsr_page_id, arfsr_field_id, arfsr_revision_id, arfsr_option_id)
139139 ) /*$wgDBTableOptions*/;
140140
141141 -- Directly taken from AFTv4
Index: trunk/extensions/ArticleFeedbackv5/sql/alter.sql
@@ -39,3 +39,9 @@
4040
4141 -- added 12/8 (later)
4242 CREATE INDEX /*i*/af_page_feedback_id ON /*_*/aft_article_feedback (af_page_id, af_id);
 43+
 44+-- aded 12/15
 45+ALTER TABLE aft_article_revision_feedback_select_rollup DROP PRIMARY KEY;
 46+ALTER TABLE aft_article_revision_feedback_select_rollup ADD PRIMARY KEY (arfsr_page_id, arfsr_field_id, arfsr_revision_id, arfsr_option_id);
 47+ALTER TABLE aft_article_revision_feedback_ratings_rollup DROP PRIMARY KEY;
 48+ALTER TABLE aft_article_revision_feedback_ratings_rollup ADD PRIMARY KEY (afrr_page_id, afrr_field_id, afrr_revision_id);
Index: trunk/extensions/ArticleFeedbackv5/api/ApiArticleFeedbackv5.php
@@ -340,7 +340,7 @@
341341 $dbw->update(
342342 'aft_article_revision_feedback_ratings_rollup',
343343 array(
344 - "afrr_total = afrr_total + $value",
 344+ "afrr_total = afrr_total + " . intval( $value ),
345345 "afrr_count = afrr_count + 1",
346346 ),
347347 array(
@@ -373,7 +373,7 @@
374374 ),
375375 array(
376376 'arfsr_page_id' => $pageId,
377 - "arfsr_revision_id > $limit",
 377+ "arfsr_revision_id > " . intval( $limit ),
378378 'arfsr_field_id' => $field
379379 ),
380380 __METHOD__,
@@ -383,11 +383,11 @@
384384 $page_data = array();
385385 foreach( $rows as $row ) {
386386 $page_data[] = array(
387 - 'afsr_page_id' => $pageId,
388 - 'afsr_field_id' => $field,
389 - 'afsr_option_id' => $row->arfsr_option_id,
390 - 'afsr_total' => $row->total,
391 - 'afsr_count' => $row->count
 387+ 'afsr_page_id' => $pageId,
 388+ 'afsr_field_id' => $field,
 389+ 'afsr_option_id' => $row->arfsr_option_id,
 390+ 'afsr_total' => $row->total,
 391+ 'afsr_count' => $row->count
392392 );
393393 }
394394 } else {
@@ -401,11 +401,10 @@
402402 ),
403403 array(
404404 'afrr_page_id' => $pageId,
405 - "afrr_revision_id > $limit",
 405+ "afrr_revision_id > " . intval( $limit ),
406406 'afrr_field_id' => $field
407407 ),
408 - __METHOD__,
409 - array( 'GROUP BY' => 'afrr_field_id' )
 408+ __METHOD__
410409 );
411410
412411 $page_data = array(

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r105601Rework the way AFTv5 rollups tables work, which should alleviate performance ...gregchiasson22:34, 8 December 2011

Status & tagging log