r48884 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r48883‎ \| r48884 \| r48885 >
Date:	16:03, 26 March 2009
Author:	ashley
Status:	deferred
Tags:
Comment:	SocialProfile: allow sending messages to users with ' in their username. Code by Piotr Molski for Wikia (see http://trac.wikia-code.com/changeset/7225), small script path fix by me
Modified paths:	/trunk/extensions/SocialProfile/UserBoard/SpecialUserBoard.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SocialProfile/UserBoard/SpecialUserBoard.php
—	—	@@ -129,9 +129,11 @@
130	130	user_1 = \$(\"user_name_to\").value
131	131	user_2 = \"\";
132	132	}
133		~~- user_1 = escape(user_1);~~
134		~~- user_2 = escape(user_2);~~
135		~~- window.location='index.php?title=Special:UserBoard&user='+user_1 + ((user_2)?\"&conv=\"+user_2:\"\");~~
	133	+ //user_1 = escape(user_1);
	134	+ //user_2 = escape(user_2);
	135	+ var params = (user_2) ? '&conv=' + user_2 : '';
	136	+ var url = wgScriptPath + '/index.php?title=Special:UserBoard&user=' + user_1 + params;
	137	+ window.location = url;
136	138	}
137	139	};
138	140	var request = YAHOO.util.Connect.asyncRequest('POST', url, callback, pars);
—	—	@@ -213,13 +215,13 @@
214	216	if( !$user_id_2 ){
215	217	if( $wgUser->getName() != $user_name ){
216	218	$can_post = true;
217		~~- $user_name_to = addslashes($user_name);~~
	219	+ $user_name_to = htmlspecialchars( $user_name, ENT_QUOTES );
218	220	}
219	221	} else {
220	222	if( $wgUser->getName() == $user_name ){
221	223	$can_post = true;
222		~~- $user_name_to = addslashes($user_name_2);~~
223		~~- $user_name_from = addslashes($user_name);~~
	224	+ $user_name_to = htmlspecialchars( $user_name_2, ENT_QUOTES );
	225	+ $user_name_from = htmlspecialchars( $user_name, ENT_QUOTES );
224	226	}
225	227	}
226	228	if( $wgUser->isBlocked() ){
—	—	@@ -233,22 +235,22 @@
234	236
235	237	if( $can_post ){
236	238	if( $wgUser->isLoggedIn() ){
237		~~- $output .= "<div class=\"user-page-message-form\">~~
238		~~- <input type=\"hidden\" id=\"user_name_to\" name=\"user_name_to\" value=\"{$user_name_to}\"/>~~
239		~~- <input type=\"hidden\" id=\"user_name_from\" name=\"user_name_from\" value=\"{$user_name_from}\"/>~~
240		~~- <span style=\"color:#797979;\">" . wfMsg('userboard_messagetype') . " </span>~~
241		~~- <select id=\"message_type\">~~
242		~~- <option value=\"0\">" . wfMsg('userboard_public') . "</option>~~
243		~~- <option value=\"1\">" . wfMsg('userboard_private') . "</option>~~
	239	+ $output .= '<div class="user-page-message-form">
	240	+ <input type="hidden" id="user_name_to" name="user_name_to" value="' . $user_name_to . '"/>
	241	+ <input type="hidden" id="user_name_from" name="user_name_from" value="' . $user_name_from . '"/>
	242	+ <span style="color:#797979;">' . wfMsg( 'userboard_messagetype' ) . ' </span>
	243	+ <select id="message_type">
	244	+ <option value="0">' . wfMsg( 'userboard_public' ) . '</option>
	245	+ <option value="1">' . wfMsg( 'userboard_private' ) . '</option>
244	246	</select>
245	247	<p>
246		~~- <textarea name=\"message\" id=\"message\" cols=\"63\" rows=\"4\"/></textarea>~~
	248	+ <textarea name="message" id="message" cols="63" rows="4"/></textarea>
247	249
248		~~- <div class=\"user-page-message-box-button\">~~
249		~~- <input type=\"button\" value=\"" . wfMsg('userboard_sendbutton') . "\" class=\"site-button\" onclick=\"javascript:send_message();\">~~
	250	+ <div class="user-page-message-box-button">
	251	+ <input type="button" value="' . wfMsg( 'userboard_sendbutton' ) . '" class="site-button" onclick="javascript:send_message();">
250	252	</div>
251	253
252		~~- </div>";~~
	254	+ </div>';
253	255	} else {
254	256	$login_link = SpecialPage::getTitleFor( 'UserLogin' );
255	257	$output .= '<div class="user-page-message-form">

Status & tagging log

07:59, 22 May 2009 Tim Starling (talk | contribs) changed the status of r48884 [removed: new added: deferred]
16:29, 26 March 2009 Aaron Schulz (talk | contribs) changed the status of r48884 [removed: new added: deferred]