r106836 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r106835‎ \| r106836 \| r106837 >
Date:	19:11, 20 December 2011
Author:	khorn
Status:	deferred (Comments)
Tags:	fundraising
Comment:	More work on moving the input validation functions from GatewayForm to DonationData. Note: None of the new stuff is being invoked by anything yet, so this should be safe to deploy if necessary.
Modified paths:	/trunk/extensions/DonationInterface/gateway_common/DonationData.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/gateway_common/DonationData.php
—	—	@@ -385,8 +385,6 @@
386	386	*/
387	387	protected function normalize() {
388	388	if ( !empty( $this->normalized ) ) {
389		~~- //TODO: Uncomment the next line when we want to start actually using the input validation.~~
390		~~- //$this->validateAllInput();~~
391	389	$this->setUtmSource();
392	390	$this->setNormalizedAmount();
393	391	$this->setNormalizedOrderIDs();
—	—	@@ -397,6 +395,8 @@
398	396	$this->handleContributionTrackingID();
399	397	$this->setCurrencyCode();
400	398	$this->setFormClass();
	399	+ //TODO: Uncomment the next line when we want to start actually using the input validation.
	400	+// $this->validateAllInput();
401	401	}
402	402	}
403	403
—	—	@@ -1336,7 +1336,8 @@
1337	1337	* what messages to set if they don't pass.
1338	1338	* $array[$key] = array(
1339	1339	* 'validate_function' => $function_name,
1340		~~- * 'error_form_token' => $error_token~~
	1340	+ * 'error_form_token' => $error_token,
	1341	+ *
1341	1342	* )
1342	1343	*/
1343	1344	protected function buildValidationRules(){
—	—	@@ -1346,13 +1347,11 @@
1347	1348
1348	1349	//initial build based on general functions to run for validation.
1349	1350	$numeric = array(
1350		~~- 'amount',~~
1351	1351	'amountGiven',
1352	1352	'amountOther',
1353	1353	'card_num',
1354	1354	'cvv',
1355	1355	'contribution_tracking_id',
1356		~~- 'utm_source_id',~~
1357	1356	'account_number',
1358	1357	'expiration',
1359	1358	'order_id',
—	—	@@ -1395,6 +1394,7 @@
1396	1395	'issuer_id',
1397	1396	'referrer',
1398	1397	'utm_source',
	1398	+ 'utm_source_id',
1399	1399	'utm_medium',
1400	1400	'utm_campaign',
1401	1401	'language',
—	—	@@ -1431,6 +1431,7 @@
1432	1432	'anonymous',
1433	1433	'optout',
1434	1434	'recurring',
	1435	+ 'posted',
1435	1436	);
1436	1437
1437	1438	foreach ($boolean as $key){
—	—	@@ -1438,6 +1439,7 @@
1439	1440	}
1440	1441
1441	1442	$rules['email']['validate_function'] = 'validate_email';
	1443	+ $rules['amount']['validate_amount'] = 'validate_amount';
1442	1444
1443	1445
1444	1446	//now, set the error token to use...
—	—	@@ -1529,6 +1531,46 @@
1530	1532	}
1531	1533
1532	1534	/**
	1535	+ * validate_amount
	1536	+ * validateAllInput helper function
	1537	+ * To validate any input value using this function, add a line to
	1538	+ * $this->buildValidationRules() specifying the function name as the field
	1539	+ * name's 'validate_function'.
	1540	+ * @param string $key The name of the field to validate.
	1541	+ * @param string $error_token As in RapidHTML, the pre-defined area of the
	1542	+ * form in which to display the error.
	1543	+ */
	1544	+ protected function validate_amount( $key, $error_token ){
	1545	+ if ( !$this->isSomething( $key ) ) {
	1546	+ $this->log( __FUNCTION__ . " $key is not something.", LOG_DEBUG );
	1547	+ $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-invalid-amount' ) );
	1548	+ return;
	1549	+ }
	1550	+
	1551	+ if ( !$this->isSomething( 'currency_code' ) ) {
	1552	+ $this->log( __FUNCTION__ . " currency_code is not something.", LOG_DEBUG );
	1553	+ $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-general' ) );
	1554	+ return;
	1555	+ }
	1556	+ $currency_code = $this->getVal( 'currency_code' );
	1557	+
	1558	+ $val = $this->getVal( $key );
	1559	+ if ( !is_numeric( $val ) ) {
	1560	+ $this->log( __FUNCTION__ . " $key is not valid numeric format. $val", LOG_DEBUG );
	1561	+ $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-invalid-amount' ) );
	1562	+ }
	1563	+
	1564	+ // check amount
	1565	+ $priceFloor = $this->adapter->getGlobal( 'PriceFloor' );
	1566	+ $priceCeiling = $this->adapter->getGlobal( 'PriceCeiling' );
	1567	+ if ( !preg_match( '/^\d+(\.(\d+)?)?$/', $val ) \|\|
	1568	+ ( ( float ) $this->convert_to_usd( $currency_code, $val ) < ( float ) $priceFloor \|\|
	1569	+ ( float ) $this->convert_to_usd( $currency_code, $val ) > ( float ) $priceCeiling ) ) {
	1570	+ $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-invalid-amount' ) );
	1571	+ }
	1572	+ }
	1573	+
	1574	+ /**
1533	1575	* validate_boolean
1534	1576	* validateAllInput helper function
1535	1577	* To validate any input value using this function, add a line to
—	—	@@ -1540,9 +1582,23 @@
1541	1583	*/
1542	1584	protected function validate_boolean( $key, $error_token ){
1543	1585	$val = $this->getVal($key);
1544		~~- if ( $val === 0 \|\| $val === 1 ) {~~
1545		~~- $this->log( __FUNCTION__ . " $key is not boolean.", LOG_DEBUG );~~
1546		~~- $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-general' ) );~~
	1586	+ switch ($val) {
	1587	+ case 0:
	1588	+ case '0':
	1589	+ case false:
	1590	+ case 'false':
	1591	+ $this->setVal( $key, 0 );
	1592	+ break;
	1593	+ case 1:
	1594	+ case '1':
	1595	+ case true:
	1596	+ case 'true':
	1597	+ $this->setVal( $key, 1 );
	1598	+ break;
	1599	+ default:
	1600	+ $this->log( __FUNCTION__ . " $key is not boolean." );
	1601	+ $this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-general' ), LOG_DEBUG );
	1602	+ break;
1547	1603	}
1548	1604
1549	1605	}
—	—	@@ -1590,6 +1646,36 @@
1591	1647	$this->validate_setError( $error_token, wfMsg( 'donate_interface-error-msg-general' ) );
1592	1648	}
1593	1649	}
	1650	+
	1651	+ /**
	1652	+ * Convert an amount for a particular currency to an amount in USD
	1653	+ *
	1654	+ * This is grosley rudimentary and likely wildly inaccurate.
	1655	+ * This mimicks the hard-coded values used by the WMF to convert currencies
	1656	+ * for validatoin on the front-end on the first step landing pages of their
	1657	+ * donation process - the idea being that we can get a close approximation
	1658	+ * of converted currencies to ensure that contributors are not going above
	1659	+ * or below the price ceiling/floor, even if they are using a non-US currency.
	1660	+ *
	1661	+ * In reality, this probably ought to use some sort of webservice to get real-time
	1662	+ * conversion rates.
	1663	+ *
	1664	+ * @param string $currency_code
	1665	+ * @param float $amount
	1666	+ * @return float
	1667	+ */
	1668	+ static function convert_to_usd( $currency_code, $amount ) {
	1669	+ require_once( dirname( __FILE__ ) . '/currencyRates.inc' );
	1670	+ $rates = getCurrencyRates();
	1671	+ $code = strtoupper( $currency_code );
	1672	+ if ( array_key_exists( $code, $rates ) ) {
	1673	+ $usd_amount = $amount / $rates[$code];
	1674	+ } else {
	1675	+ $usd_amount = $amount;
	1676	+ }
	1677	+ return $usd_amount;
	1678	+ }
	1679	+
1594	1680	}
1595	1681
1596	1682	?>

Follow-up revisions

Revision	Commit summary	Author	Date
r112287	MFT r101785, r105938, r105941, r105953, r106109, r106158, r106259, r106366, r...	khorn	01:29, 24 February 2012

Comments

#Comment by Awjrichards (talk | contribs) 22:41, 22 December 2011

I heard rumors this is all going to change - holding off on review for now.

Status & tagging log

01:28, 13 June 2012 Krinkle (talk | contribs) changed the tags for r106836 [removed: nodeploy]
20:45, 13 January 2012 Reedy (talk | contribs) changed the status of r106836 [removed: new added: deferred]
19:54, 11 January 2012 RobLa-WMF (talk | contribs) changed the tags for r106836 [added: nodeploy]
07:35, 23 December 2011 RobLa (talk | contribs) changed the tags for r106836 [added: fundraising]