r23287 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r23286‎ | r23287 | r23288 >
Date:10:15, 23 June 2007
Author:tstarling
Status:old
Tags:
Comment:
* Make $wgUser->editToken() work for either logged-in or logged-out users.
* Fix escaping of edit tokens, removed FIXME note.
* Added + to EDIT_TOKEN_SUFFIX on report of broken proxy from mutante
* Two random minor changes
Modified paths:
  • /trunk/extensions/ContactPage/SpecialContact.php (modified) (history)
  • /trunk/extensions/Farmer/MediaWikiFarmer_SpecialPage.php (modified) (history)
  • /trunk/extensions/Makesysop/SpecialMakesysop_body.php (modified) (history)
  • /trunk/extensions/Todo/SpecialTodo.php (modified) (history)
  • /trunk/phase3/includes/Article.php (modified) (history)
  • /trunk/phase3/includes/EditPage.php (modified) (history)
  • /trunk/phase3/includes/SpecialBlockip.php (modified) (history)
  • /trunk/phase3/includes/SpecialEmailuser.php (modified) (history)
  • /trunk/phase3/includes/SpecialPreferences.php (modified) (history)
  • /trunk/phase3/includes/User.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/User.php
@@ -11,9 +11,7 @@
1212 define( 'MW_USER_VERSION', 5 );
1313
1414 # Some punctuation to prevent editing from broken text-mangling proxies.
15 -# FIXME: this is embedded unescaped into HTML attributes in various
16 -# places, so we can't safely include ' or " even though we really should.
17 -define( 'EDIT_TOKEN_SUFFIX', '\\' );
 15+define( 'EDIT_TOKEN_SUFFIX', '+\\' );
1816
1917 /**
2018 * Thrown by User::setPassword() on error
@@ -2273,16 +2271,20 @@
22742272 * @public
22752273 */
22762274 function editToken( $salt = '' ) {
2277 - if( !isset( $_SESSION['wsEditToken'] ) ) {
2278 - $token = $this->generateToken();
2279 - $_SESSION['wsEditToken'] = $token;
 2275+ if ( $this->isAnon() ) {
 2276+ return EDIT_TOKEN_SUFFIX;
22802277 } else {
2281 - $token = $_SESSION['wsEditToken'];
 2278+ if( !isset( $_SESSION['wsEditToken'] ) ) {
 2279+ $token = $this->generateToken();
 2280+ $_SESSION['wsEditToken'] = $token;
 2281+ } else {
 2282+ $token = $_SESSION['wsEditToken'];
 2283+ }
 2284+ if( is_array( $salt ) ) {
 2285+ $salt = implode( '|', $salt );
 2286+ }
 2287+ return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
22822288 }
2283 - if( is_array( $salt ) ) {
2284 - $salt = implode( '|', $salt );
2285 - }
2286 - return md5( $token . $salt ) . EDIT_TOKEN_SUFFIX;
22872289 }
22882290
22892291 /**
Index: trunk/phase3/includes/Article.php
@@ -878,8 +878,8 @@
879879 $rmvtxt = "";
880880 if ($wgUser->isAllowed( 'trackback' )) {
881881 $delurl = $this->mTitle->getFullURL("action=deletetrackback&tbid="
882 - . $o->tb_id . "&token=" . $wgUser->editToken());
883 - $rmvtxt = wfMsg('trackbackremove', $delurl);
 882+ . $o->tb_id . "&token=" . urlencode( $wgUser->editToken() ) );
 883+ $rmvtxt = wfMsg( 'trackbackremove', htmlspecialchars( $delurl ) );
884884 }
885885 $tbtext .= wfMsg(strlen($o->tb_ex) ? 'trackbackexcerpt' : 'trackback',
886886 $o->tb_title,
Index: trunk/phase3/includes/EditPage.php
@@ -576,13 +576,7 @@
577577 */
578578 function tokenOk( &$request ) {
579579 global $wgUser;
580 - if( $wgUser->isAnon() ) {
581 - # Anonymous users may not have a session
582 - # open. Check for suffix anyway.
583 - $this->mTokenOk = ( EDIT_TOKEN_SUFFIX == $request->getVal( 'wpEditToken' ) );
584 - } else {
585 - $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
586 - }
 580+ $this->mTokenOk = $wgUser->matchEditToken( $request->getVal( 'wpEditToken' ) );
587581 return $this->mTokenOk;
588582 }
589583
@@ -1244,10 +1238,7 @@
12451239 * include the constant suffix to prevent editing from
12461240 * broken text-mangling proxies.
12471241 */
1248 - if ( $wgUser->isLoggedIn() )
1249 - $token = htmlspecialchars( $wgUser->editToken() );
1250 - else
1251 - $token = EDIT_TOKEN_SUFFIX;
 1242+ $token = htmlspecialchars( $wgUser->editToken() );
12521243 $wgOut->addHTML( "\n<input type='hidden' value=\"$token\" name=\"wpEditToken\" />\n" );
12531244
12541245
Index: trunk/phase3/includes/SpecialBlockip.php
@@ -144,7 +144,7 @@
145145 $blockReasonList .= $optgroup;
146146 }
147147
148 - $token = htmlspecialchars( $wgUser->editToken() );
 148+ $token = $wgUser->editToken();
149149
150150 global $wgStylePath, $wgStyleVersion;
151151 $wgOut->addHTML( "
Index: trunk/phase3/includes/SpecialEmailuser.php
@@ -115,7 +115,7 @@
116116 $titleObj = SpecialPage::getTitleFor( "Emailuser" );
117117 $action = $titleObj->escapeLocalURL( "target=" .
118118 urlencode( $this->target->getName() ) . "&action=submit" );
119 - $token = $wgUser->editToken();
 119+ $token = htmlspecialchars( $wgUser->editToken() );
120120
121121 $wgOut->addHTML( "
122122 <form id=\"emailuser\" method=\"post\" action=\"{$action}\">
Index: trunk/phase3/includes/SpecialPreferences.php
@@ -994,7 +994,7 @@
995995 }
996996 $wgOut->addHTML( '</fieldset>' );
997997
998 - $token = $wgUser->editToken();
 998+ $token = htmlspecialchars( $wgUser->editToken() );
999999 $skin = $wgUser->getSkin();
10001000 $wgOut->addHTML( "
10011001 <div id='prefsubmit'>
@@ -1005,7 +1005,7 @@
10061006
10071007 </div>
10081008
1009 - <input type='hidden' name='wpEditToken' value='{$token}' />
 1009+ <input type='hidden' name='wpEditToken' value=\"{$token}\" />
10101010 </div></form>\n" );
10111011
10121012 $wgOut->addHtml( Xml::tags( 'div', array( 'class' => "prefcache" ),
Index: trunk/extensions/ContactPage/SpecialContact.php
@@ -144,6 +144,7 @@
145145 $titleObj = SpecialPage::getTitleFor( "Contact" );
146146 $action = $titleObj->escapeLocalURL( "action=submit" );
147147 $token = $wgUser->isAnon() ? EDIT_TOKEN_SUFFIX : $wgUser->editToken(); //this kind of sucks, really...
 148+ $token = htmlspecialchars( $token );
148149
149150 $wgOut->addHTML( "
150151 <form id=\"emailuser\" method=\"post\" action=\"{$action}\">
Index: trunk/extensions/Farmer/MediaWikiFarmer_SpecialPage.php
@@ -162,9 +162,9 @@
163163
164164 $wgOut->addHTML('
165165 <form id="farmercreate2" method="post">
166 - <input type="hidden" name="name" value="'.htmlentities($name).'" />
167 -<input type="hidden" name="wikititle" value="'.htmlentities($title).'" />
168 -<input type="hidden" name="description" value="'.htmlentities($description).'" />
 166+ <input type="hidden" name="name" value="'.htmlspecialchars($name).'" />
 167+<input type="hidden" name="wikititle" value="'.htmlspecialchars($title).'" />
 168+<input type="hidden" name="description" value="'.htmlspecialchars($description).'" />
169169 <input type="submit" name="confirm" value="Confirm" />
170170 </form>'
171171
@@ -195,7 +195,7 @@
196196 $formSitename = wfMsgHTML('farmercreatesitename');
197197 $formNextStep = wfMsgHTML('farmercreatenextstep');
198198
199 - $token = $wgUser->editToken();
 199+ $token = htmlspecialchars( $wgUser->editToken() );
200200
201201 $wgOut->addHTML( "
202202 <form id='farmercreate1' method='post' action=\"$action\">
@@ -206,22 +206,22 @@
207207 </tr>
208208 <tr>
209209 <td align='right'>Wiki Name</td>
210 - <td align='left'><input tabindex='1' type='text' size='20' name='name' value=\"" . htmlentities($name) . "\" /></td>
 210+ <td align='left'><input tabindex='1' type='text' size='20' name='name' value=\"" . htmlspecialchars($name) . "\" /></td>
211211 </tr>
212212 <tr>
213213 <td align='right'>Wiki Title</td>
214 - <td align='left'><input tabindex='1' type='text' size='20' name='wikititle' value=\"" . htmlentities($title) . "\"/></td>
 214+ <td align='left'><input tabindex='1' type='text' size='20' name='wikititle' value=\"" . htmlspecialchars($title) . "\"/></td>
215215 </tr>
216216 <tr>
217217 <td align='right'>Description</td>
218 - <td align='left'><textarea tabindex='1' cols=\"40\" rows=\"5\" name='description'>" . htmlentities($description) . "</textarea></td>
 218+ <td align='left'><textarea tabindex='1' cols=\"40\" rows=\"5\" name='description'>" . htmlspecialchars($description) . "</textarea></td>
219219 </tr>
220220 <tr>
221221 <td>&nbsp;</td>
222222 <td align='right'><input type='submit' name='submit' value=\"Submit\" /></td>
223223 </tr>
224224 </table>
225 - <input type='hidden' name='token' value='$token' />
 225+ <input type='hidden' name='token' value=\"$token\" />
226226 </form>");
227227
228228 }
@@ -358,7 +358,7 @@
359359 $wgOut->addWikiText('Set the description of your wiki below');
360360
361361 $wgOut->addHTML('<form method="post" name="wikiDescription" action="'.$action.'">'.
362 - '<textarea name="wikiDescription" rows="5" cols="30">'.htmlentities($wiki->description).'</textarea>'.
 362+ '<textarea name="wikiDescription" rows="5" cols="30">'.htmlspecialchars($wiki->description).'</textarea>'.
363363 '<input type="submit" name="submit" value="submit" />'.
364364 '</form>'
365365 );
@@ -477,7 +477,7 @@
478478 $toAdd .= 'checked="checked" ';
479479 }
480480
481 - $toAdd .=' /><strong>'.htmlentities($extension->name) . '</strong> - ' . htmlentities($extension->description) . "<br />\n";
 481+ $toAdd .=' /><strong>'.htmlspecialchars($extension->name) . '</strong> - ' . htmlspecialchars($extension->description) . "<br />\n";
482482
483483 $wgOut->addHTML($toAdd);
484484 }
@@ -530,7 +530,7 @@
531531 $wgOut->addWikiText('No extensions are registered');
532532 } else {
533533 foreach ($wgFarmer->getExtensions() as $extension) {
534 - $wgOut->addWikiText('; ' . htmlentities($extension->name) . ' : ' . htmlentities($extension->description));
 534+ $wgOut->addWikiText('; ' . htmlspecialchars($extension->name) . ' : ' . htmlspecialchars($extension->description));
535535 }
536536 }
537537
@@ -601,4 +601,4 @@
602602
603603 }
604604
605 -}
\ No newline at end of file
 605+}
Index: trunk/extensions/Todo/SpecialTodo.php
@@ -34,7 +34,7 @@
3535 'todo' => 'Todo list',
3636 'todo-new-queue' => 'new',
3737 'todo-mail-subject' => "Completed item on $1's todo list",
38 - 'todo-mail-body' => <<<END
 38+ 'todo-mail-body' => <<<ENDS
3939 You requested e-mail confirmation about the completion of an item you submitted to $1's online todo list.
4040
4141 Item: $2
@@ -42,7 +42,7 @@
4343
4444 This item has been marked as completed, with this comment:
4545 $4
46 -END
 46+ENDS
4747 ) );
4848 SpecialPage::addPage( new SpecialPage( 'Todo' ) );
4949 }
@@ -475,4 +475,4 @@
476476 }
477477
478478
479 -?>
\ No newline at end of file
 479+?>
Index: trunk/extensions/Makesysop/SpecialMakesysop_body.php
@@ -91,7 +91,6 @@
9292 $reason = htmlspecialchars( wfMsg( "userrights-reason" ) );
9393 $makebureaucrat = wfMsg( "setbureaucratflag" );
9494 $mss = wfMsg( "set_user_rights" );
95 - $token = htmlspecialchars( $wgUser->editToken() );
9695
9796 $wgOut->addHTML(
9897 Xml::openElement( 'form', array( 'method' => 'post', 'action' => $action, 'id' => 'makesysop' ) ) .
@@ -112,7 +111,7 @@
113112 <td align='left'>" . Xml::submitButton( $mss, array( 'name' => 'wpMakesysopSubmit' ) ) . "</td>
114113 </tr>
115114 </table>" .
116 - Xml::hidden( 'wpEditToken', $token ) .
 115+ Xml::hidden( 'wpEditToken', $wgUser->editToken() ) .
117116 Xml::closeElement( 'fieldset' ) .
118117 Xml::closeElement( 'form' ) . "\n"
119118 );

Follow-up revisions

RevisionCommit summaryAuthorDate
r23407Merged revisions 23203-23405 via svnmerge from...david23:00, 25 June 2007

Status & tagging log