r109509 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r109508‎ \| r109509 \| r109510 >
Date:	08:54, 19 January 2012
Author:	nikerabbit
Status:	deferred
Tags:
Comment:	Make sure $form_name is always a string, and check that the title is valid instead to avoid fatal errors. Ping r109410
Modified paths:	/trunk/extensions/SemanticForms/specials/SF_FormEdit.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/specials/SF_FormEdit.php
—	—	@@ -30,8 +30,8 @@
31	31	wfProfileIn( __METHOD__ );
32	32
33	33	$this->setHeaders();
34		~~- $this->mForm = $wgRequest->getVal( 'form' );~~
35		~~- $this->mTarget = $wgRequest->getVal( 'target' );~~
	34	+ $this->mForm = $wgRequest->getText( 'form' );
	35	+ $this->mTarget = $wgRequest->getText( 'target' );
36	36
37	37	// if query string did not contain these variables, try the URL
38	38	if ( ! $this->mForm && ! $this->mTarget ) {
—	—	@@ -89,17 +89,17 @@
90	90	static function printForm( &$form_name, &$target_name, $alt_forms = array(), $redirectOnError = false ) {
91	91	global $wgOut, $wgRequest, $wgUser, $sfgFormPrinter;
92	92
93		~~- // If we have no form name we might as well stop right away~~
94		~~- if ( $form_name == '' ) {~~
95		~~- return 'sf_formedit_badurl';~~
96		~~- }~~
97		-
98	93	// initialize some variables
99	94	$target_title = null;
100	95	$page_name_formula = null;
101	96
102	97	$form_title = Title::makeTitleSafe( SF_NS_FORM, $form_name );
103	98
	99	+ // If we the given form is not a valid title, bail out
	100	+ if ( !$form_title ) {
	101	+ return 'sf_formedit_badurl';
	102	+ }
	103	+
104	104	$form_article = new Article( $form_title, 0 );
105	105	$form_definition = $form_article->getContent();
106	106	$form_definition = StringUtils::delimiterReplace( '<noinclude>', '</noinclude>', '', $form_definition );

Revision	Commit summary	Author	Date
r109410	Fix for r102365 - form name can be either blank or null	yaron	17:39, 18 January 2012