r108295 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r108294‎ \| r108295 \| r108296 >
Date:	00:39, 7 January 2012
Author:	ashley
Status:	ok (Comments)
Tags:
Comment:	Comments: allow removing anonymous users from your ignore list. User::idFromName() returns null for anons, so we have to handle that here.
Modified paths:	/trunk/extensions/Comments/SpecialCommentIgnoreList.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Comments/SpecialCommentIgnoreList.php
—	—	@@ -43,6 +43,11 @@
44	44	} else {
45	45	if( $wgRequest->wasPosted() ) {
46	46	$user_id = User::idFromName( $user_name );
	47	+ // Anons can be comment-blocked, but idFromName returns nothing
	48	+ // for an anon, so...
	49	+ if ( !$user_id ) {
	50	+ $user_id = 0;
	51	+ }
47	52	$c = new Comment( 0 );
48	53	$c->deleteBlock( $wgUser->getID(), $user_id );
49	54	if( $user_id && class_exists( 'UserStatsTrack' ) ) {
—	—	@@ -108,7 +113,7 @@
109	114	'</div>
110	115	<div>
111	116	<form action="" method="post" name="comment_block">
112		~~- <input type="hidden" name="' . $user_name . '" />~~
	117	+ <input type="hidden" name="user" value="' . $user_name . '" />
113	118	<input type="button" class="site-button" value="' . wfMsg( 'comment-ignore-unblock' ) . '" onclick="document.comment_block.submit()" />
114	119	<input type="button" class="site-button" value="' . wfMsg( 'comment-ignore-cancel' ) . '" onclick="history.go(-1)" />
115	120	</form>

Revision	Commit summary	Author	Date
r108320	Comments: follow-up to r108295: XSS fix	ashley	15:09, 7 January 2012

#Comment by Nikerabbit (talk | contribs) 10:25, 7 January 2012

How about fixing the glaring XSS holes in there?

#Comment by Jack Phoenix (talk | contribs) 15:10, 7 January 2012

Ouch, thanks for spotting that! Should be fixed in the follow-up revision, r108320.

15:40, 13 January 2012 Nikerabbit (talk | contribs) changed the status of r108295 [removed: new added: ok]