r39799 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r39798‎ | r39799 | r39800 >
Date:22:56, 21 August 2008
Author:brion
Status:old
Tags:
Comment:
Revert r39793 "* (bug 13879) Special:EmailUser shows a form in case no user was specified" for the moment
* Recipient name seems to be output raw into HTML form; this is insecure
* We've lost the link to the target's user page in the primary use case (followed 'email this user' link)
* Behavior if you misspell a name doesn't look very nice; you can't just fix it and resubmit the form, you have to hit 'back' from an error page and hope your browser isn't one that deletes all your form data :D
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/api/ApiEmailUser.php (modified) (history)
  • /trunk/phase3/includes/specials/SpecialEmailuser.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiEmailUser.php
@@ -52,8 +52,6 @@
5353
5454 // Validate target
5555 $targetUser = EmailUserForm::validateEmailTarget( $params['target'] );
56 - if ( $targetUser === false )
57 - $this->dieUsageMsg( array( 'notargettitle' ) );
5856 if ( !( $targetUser instanceof User ) )
5957 $this->dieUsageMsg( array( $targetUser[0] ) );
6058
Index: trunk/phase3/includes/specials/SpecialEmailuser.php
@@ -14,7 +14,7 @@
1515 $target = isset($par) ? $par : $wgRequest->getVal( 'target' );
1616 $targetUser = EmailUserForm::validateEmailTarget( $target );
1717
18 - if ( !( $targetUser instanceof User ) && $targetUser !== false ) {
 18+ if ( !( $targetUser instanceof User ) ) {
1919 $wgOut->showErrorPage( $targetUser[0], $targetUser[1] );
2020 return;
2121 }
@@ -47,7 +47,7 @@
4848 }
4949
5050
51 - if ( "submit" == $action && $wgRequest->wasPosted() && $targetUser !== false ) {
 51+ if ( "submit" == $action && $wgRequest->wasPosted() ) {
5252 $result = $form->doSubmit();
5353
5454 if ( !is_null( $result ) ) {
@@ -98,9 +98,8 @@
9999 $senderLink = $skin->makeLinkObj(
100100 $wgUser->getUserPage(), htmlspecialchars( $wgUser->getName() ) );
101101 $emt = wfMsg( "emailto" );
102 - $recipient = $this->target instanceof User ?
103 - htmlspecialchars( $this->target->getName() ) :
104 - '';
 102+ $recipientLink = $skin->makeLinkObj(
 103+ $this->target->getUserPage(), htmlspecialchars( $this->target->getName() ) );
105104 $emr = wfMsg( "emailsubject" );
106105 $emm = wfMsg( "emailmessage" );
107106 $ems = wfMsg( "emailsend" );
@@ -108,7 +107,8 @@
109108 $encSubject = htmlspecialchars( $this->subject );
110109
111110 $titleObj = SpecialPage::getTitleFor( "Emailuser" );
112 - $action = $titleObj->escapeLocalURL( "action=submit" );
 111+ $action = $titleObj->escapeLocalURL( "target=" .
 112+ urlencode( $this->target->getName() ) . "&action=submit" );
113113 $token = htmlspecialchars( $wgUser->editToken() );
114114
115115 $wgOut->addHTML( "
@@ -118,7 +118,7 @@
119119 <td align='left'><strong>{$senderLink}</strong></td>
120120 </tr><tr>
121121 <td align='right'>{$emt}:</td>
122 -<td align='left'><input type='text' size='60' name='target' value='{$recipient}' /></td>
 122+<td align='left'><strong>{$recipientLink}</strong></td>
123123 </tr><tr>
124124 <td align='right'>{$emr}:</td>
125125 <td align='left'>
@@ -235,7 +235,8 @@
236236 return array( "nosuchspecialpage", "nospecialpagetext" );
237237
238238 if ( "" == $target ) {
239 - return false;
 239+ wfDebug( "Target is empty.\n" );
 240+ return array( "notargettitle", "notargettext" );
240241 }
241242
242243 $nt = Title::newFromURL( $target );
Index: trunk/phase3/RELEASE-NOTES
@@ -94,7 +94,6 @@
9595 * HTML entities like &nbsp; now work (are not escaped) in edit summaries.
9696 * (bug 13815) In the comment for page moves, use the colon-separator message
9797 instead of a hardcoded colon.
98 -* (bug 13879) Special:EmailUser shows a form in case no user was specified
9998
10099 === Bug fixes in 1.14 ===
101100

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r39793* (bug 13879) Special:EmailUser shows a form in case no user was specifiedbtongminh22:15, 21 August 2008

Status & tagging log