r41969 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r41968‎ \| r41969 \| r41970 >
Date:	14:14, 11 October 2008
Author:	tstarling
Status:	old
Tags:
Comment:	Revert r41628: * register_globals XSS vulnerability * references playerStats.js which has plenty of issues of its own * please fix your whitespace issues
Modified paths:	/trunk/extensions/OggHandler/OggHandler.php (modified) (history) /trunk/extensions/OggHandler/OggHandler_body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/OggHandler/OggHandler.php
—	—	@@ -25,8 +25,8 @@
26	26	$wgExtensionCredits['media'][] = array(
27	27	'name' => 'OggHandler',
28	28	'author' => 'Tim Starling',
29		~~- 'svn-date' => '$LastChangedDate$',~~
30		~~- 'svn-revision' => '$LastChangedRevision$',~~
	29	+ 'svn-date' => '$LastChangedDate$',
	30	+ 'svn-revision' => '$LastChangedRevision$',
31	31	'url' => 'http://www.mediawiki.org/wiki/Extension:OggHandler',
32	32	'description' => 'Handler for Ogg Theora and Vorbis files, with JavaScript player.',
33	33	'descriptionmsg' => 'ogg-desc',
—	—	@@ -34,11 +34,6 @@
35	35
36	36	/***************** CONFIGURATION STARTS HERE ********************/
37	37
38		-
39		~~-//the absolute or relative path of the playerStatsCollector.js file~~
40		~~-$wgStatsCollection=false;~~
41		~~-//$wgPlayerStatsCollectionJs = $wgScriptPath . '/extensions/PlayerStatsGrabber/playerStats.js';~~
42		-
43	38	// Location of the FFmpeg binary
44	39	$wgFFmpegLocation = 'ffmpeg';
45	40
Index: trunk/extensions/OggHandler/OggHandler_body.php
—	—	@@ -390,7 +390,7 @@
391	391	}
392	392
393	393	function setHeaders( $out ) {
394		~~- global $wgOggScriptVersion, $wgCortadoJarFile, $wgServer, $wgUser, $wgProxyKey, $wgPlayerStatsCollectionJs;~~
	394	+ global $wgOggScriptVersion, $wgCortadoJarFile, $wgServer;
395	395	if ( $out->hasHeadItem( 'OggHandler' ) ) {
396	396	return;
397	397	}
—	—	@@ -403,9 +403,7 @@
404	404	'ogg-player-totem', 'ogg-player-kaffeine', 'ogg-player-kmplayer', 'ogg-player-mplayerplug-in',
405	405	'ogg-player-thumbnail', 'ogg-player-selected', 'ogg-use-player', 'ogg-more', 'ogg-download',
406	406	'ogg-desc-link', 'ogg-dismiss', 'ogg-player-soundthumb', 'ogg-no-xiphqt' );
407		~~- $msgValues = array_map( 'wfMsg', $msgNames );~~
408		-
409		-
	407	+ $msgValues = array_map( 'wfMsg', $msgNames );
410	408	$jsMsgs = Xml::encodeJsVar( (object)array_combine( $msgNames, $msgValues ) );
411	409	$cortadoUrl = $wgCortadoJarFile;
412	410	$scriptPath = self::getMyScriptPath();
—	—	@@ -415,7 +413,7 @@
416	414	}
417	415	$encCortadoUrl = Xml::encodeJsVar( $cortadoUrl );
418	416	$encExtPathUrl = Xml::encodeJsVar( $scriptPath );
419		-
	417	+
420	418	$out->addHeadItem( 'OggHandler', <<<EOT
421	419	<script type="text/javascript" src="$scriptPath/OggPlayer.js?$wgOggScriptVersion"></script>
422	420	<script type="text/javascript">
—	—	@@ -432,19 +430,8 @@
433	431	}
434	432	</style>
435	433	EOT
436		~~- );~~
437		~~- //if collecting stats add relevant code:~~
438		~~- if($wgPlayerStatsCollectionJs){~~
439		~~- $jsUserHash = sha1( $wgUser->getName() . $wgProxyKey);~~
440		~~- $enUserHash = Xml::encodeJsVar( $jsUserHash );~~
441		~~- $out->addHeadItem('playerStatsCollection', <<<EOT~~
442		~~-<script type="text/javascript" src="$wgPlayerStatsCollectionJs"></script>~~
443		~~-<script type="text/javascript">~~
444		~~-wgOggPlayer.userHash = $enUserHash;~~
445		~~-</script>~~
446		~~-EOT~~
447		~~-);~~
448		~~- }~~
	434	+ );
	435	+
449	436	}
450	437
451	438	function parserTransformHook( $parser, $file ) {

Follow-up revisions

Revision	Commit summary	Author	Date
r42184	fixed issues of r41969 revert. Removed XSS, ( less variable overloading ), fa...	dale	23:53, 17 October 2008
r42237	Reverting r42184 "fixed issues of r41969 revert. Removed XSS, ( less variable...	brion	00:11, 20 October 2008

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r41628	updates for player Stats Collection (currently disabled)	dale	00:30, 4 October 2008

Status & tagging log

15:32, 12 September 2011 Meno25 (talk | contribs) changed the status of r41969 [removed: ok added: old]