r49350 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r49349‎ \| r49350 \| r49351 >
Date:	19:06, 9 April 2009
Author:	rememberthedot
Status:	resolved (Comments)
Tags:
Comment:	Follow-up to r49331, reduce redundancy in language attribute generation in MonoBook.php
Modified paths:	/trunk/phase3/skins/MonoBook.php (modified) (history)

Diff [purge]

Index: trunk/phase3/skins/MonoBook.php
—	—	@@ -64,9 +64,7 @@
65	65	* @access private
66	66	*/
67	67	function execute() {
68		~~- global $wgLang;~~
69	68	global $wgRequest;
70		~~- $wgLangCode = $wgLang->getCode();~~
71	69	$this->skin = $skin = $this->data['skin'];
72	70	$action = $wgRequest->getText( 'action' );
73	71
—	—	@@ -137,7 +135,7 @@
138	136	<div id="p-cactions" class="portlet">
139	137	<h5><?php $this->msg('views') ?></h5>
140	138	<div class="pBody">
141		~~- <ul lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>">~~
	139	+ <ul <?php echo $this->langAttributes() ?>>
142	140	<?php foreach($this->data['content_actions'] as $key => $tab) {
143	141	echo '
144	142	<li id="' . Sanitizer::escapeId( "ca-$key" ) . '"';
—	—	@@ -165,7 +163,7 @@
166	164	<div class="portlet" id="p-personal">
167	165	<h5><?php $this->msg('personaltools') ?></h5>
168	166	<div class="pBody">
169		~~- <ul lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>">~~
	167	+ <ul <?php echo $this->langAttributes() ?>>
170	168	<?php foreach($this->data['personal_urls'] as $key => $item) { ?>
171	169	<li id="<?php echo Sanitizer::escapeId( "pt-$key" ) ?>"<?php
172	170	if ($item['active']) { ?> class="active"<?php } ?>><a href="<?php
—	—	@@ -227,7 +225,7 @@
228	226	<?php
229	227	foreach( $validFooterLinks as $aLink ) {
230	228	if( isset( $this->data[$aLink] ) && $this->data[$aLink] ) {
231		~~-?> <li id="<?php echo$aLink?>"><?php $this->html($aLink) ?></li>~~
	229	+?> <li id="<?php echo $aLink ?>"><?php $this->html($aLink) ?></li>
232	230	<?php }
233	231	}
234	232	?>
—	—	@@ -251,12 +249,10 @@
252	250
253	251	/*************************************************************************************************/
254	252	function searchBox() {
255		~~- global $wgLang;~~
256	253	global $wgUseTwoButtonsSearchForm;
257		~~- $wgLangCode = $wgLang->getCode();~~
258	254	?>
259	255	<div id="p-search" class="portlet">
260		~~- <h5 lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>"><label for="searchInput"><?php $this->msg('search') ?></label></h5>~~
	256	+ <h5 <?php echo $this->langAttributes() ?>><label for="searchInput"><?php $this->msg('search') ?></label></h5>
261	257	<div id="searchBody" class="pBody">
262	258	<form action="<?php $this->text('wgScript') ?>" id="searchform"><div>
263	259	<input type='hidden' name="title" value="<?php $this->text('searchtitle') ?>"/>
—	—	@@ -276,11 +272,9 @@
277	273
278	274	/*************************************************************************************************/
279	275	function toolbox() {
280		~~- global $wgLang;~~
281		~~- $wgLangCode = $wgLang->getCode();~~
282	276	?>
283	277	<div class="portlet" id="p-tb">
284		~~- <h5 lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>"><?php $this->msg('toolbox') ?></h5>~~
	278	+ <h5 <?php echo $this->langAttributes() ?>><?php $this->msg('toolbox') ?></h5>
285	279	<div class="pBody">
286	280	<ul>
287	281	<?php
—	—	@@ -338,12 +332,10 @@
339	333
340	334	/*************************************************************************************************/
341	335	function languageBox() {
342		~~- global $wgLang;~~
343		~~- $wgLangCode = $wgLangCode;~~
344	336	if( $this->data['language_urls'] ) {
345	337	?>
346	338	<div id="p-lang" class="portlet">
347		~~- <h5 lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>"><?php $this->msg('otherlanguages') ?></h5>~~
	339	+ <h5 <?php echo $this->langAttributes() ?>><?php $this->msg('otherlanguages') ?></h5>
348	340	<div class="pBody">
349	341	<ul>
350	342	<?php foreach($this->data['language_urls'] as $langlink) { ?>
—	—	@@ -359,11 +351,9 @@
360	352
361	353	/*************************************************************************************************/
362	354	function customBox( $bar, $cont ) {
363		~~- global $wgLang;~~
364		~~- $wgLangCode = $wgLang->getCode();~~
365	355	?>
366	356	<div class='generated-sidebar portlet' id='<?php echo Sanitizer::escapeId( "p-$bar" ) ?>'<?php echo $this->skin->tooltip('p-'.$bar) ?>>
367		- <h5 lang="<?php echo $wgLangCode; ?>" xml:lang="<?php echo $wgLangCode; ?>"><?php $out = wfMsg( $bar ); if (wfEmptyMsg($bar, $out)) echo htmlspecialchars($bar); else echo htmlspecialchars($out); ?></h5>
	357	+ <h5 <?php echo $this->langAttributes() ?>><?php $out = wfMsg( $bar ); if (wfEmptyMsg($bar, $out)) echo htmlspecialchars($bar); else echo htmlspecialchars($out); ?></h5>
368	358	<div class='pBody'>
369	359	<?php if ( is_array( $cont ) ) { ?>
370	360	<ul>
—	—	@@ -383,6 +373,12 @@
384	374	<?php
385	375	}
386	376
	377	+ private function langAttributes()
	378	+ {
	379	+ global $wgLang;
	380	+ $wgLangCode = $wgLang->getCode();
	381	+ return 'lang="' . $wgLangCode . '" xml:lang="' . $wgLangCode . '"';
	382	+ }
387	383	} // end of class
388	384
389	385

Follow-up revisions

Revision	Commit summary	Author	Date
r49359	Follow-up to r49350, corrected code to follow coding conventions for braces a...	rememberthedot	23:38, 9 April 2009
r51448	Moved language attribute generation to SkinTemplate.php as requested by Tim S...	rememberthedot	03:14, 4 June 2009

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r49331	(bug 1553) Lowercase navigation headings in German	rememberthedot	05:27, 9 April 2009

Comments

#Comment by Jack Phoenix (talk | contribs) 20:16, 9 April 2009

+	private function langAttributes()
+	{

Manual:Coding conventions#Indentation and spacing states that braces are added to the end of lines for function and class declarations, not on a new line.

Brion also commented on r49331 that the "use of a $wgLangCode *local* variable seems very poor form and is very confusing". Furthermore, Manual:Coding conventions#Variables states that a wg variable is a global variable, not a local one. Perhaps $wgLangCode should be renamed to something less confusing, such as $languageCode?

#Comment by Remember the dot (talk | contribs) 23:40, 9 April 2009

Ah, that's what he meant. Fixed in r49359.

#Comment by Tim Starling (talk | contribs) 16:25, 3 June 2009

Looks slow. The skin is a performance hotspot in terms of throughput. Please assign it to a member variable on initialisation and echo the variable each time. And use htmlspecialchars(), you don't know where that variable has come from, it's dangerous and lazy.

#Comment by Remember the dot (talk | contribs) 03:22, 4 June 2009

Separation to a member variable done in r51448. If you feel that sending the language codes through htmlspecialchars is necessary, then please make sure the same is done to the language codes on the root <html> tag. The root language codes are not (and to my knowledge never have been) sent through htmlspecialchars, so I didn't bother sending the new language codes through htmlspecialchars either.

#Comment by Tim Starling (talk | contribs) 15:09, 6 June 2009

It's not a vulnerability, if it was I would fix it and push out a release. But it's poor coding style which can easily lead to vulnerabilities. I'm telling you because I don't want you to repeat the mistakes of past developers, and because they're not around anymore for me to chastise. When you refactor ancient code, that is your opportunity to get it up to a modern standard.

Status & tagging log

15:09, 6 June 2009 Tim Starling (talk | contribs) changed the status of r49350 [removed: fixme added: resolved]
16:25, 3 June 2009 Tim Starling (talk | contribs) changed the status of r49350 [removed: new added: fixme]