r51050 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r51049‎ \| r51050 \| r51051 >
Date:	07:20, 27 May 2009
Author:	tstarling
Status:	deferred
Tags:
Comment:	* Double-validate integers to avoid SQL injection risk * Handle images with zero pages gracefully, without SQL errors
Modified paths:	/trunk/extensions/ProofreadPage/ProofreadPage.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ProofreadPage/ProofreadPage.php
—	—	@@ -88,7 +88,7 @@
89	89	$pagenr = intval( array_pop( $parts ) );
90	90	}
91	91	$count = $image->pageCount();
92		~~- if ( $pagenr < 1 \|\| $pagenr > $count \|\| $count == 1 )~~
	92	+ if ( $pagenr < 1 \|\| $pagenr > $count \|\| $count <= 1 )
93	93	return $err;
94	94	$name = $image->getTitle()->getText();
95	95	$index_name = "$index_namespace:$name";
—	—	@@ -128,7 +128,7 @@
129	129	$pagenr = intval( array_pop( $parts ) );
130	130	}
131	131	$count = $image->pageCount();
132		~~- if ( $pagenr < 1 \|\| $pagenr > $count \|\| $count == 1 ) {~~
	132	+ if ( $pagenr < 1 \|\| $pagenr > $count \|\| $count <= 1 ) {
133	133	return $err;
134	134	}
135	135	$name = $image->getTitle()->getText();
—	—	@@ -412,7 +412,7 @@
413	413	} else {
414	414	$query .= ', ';
415	415	}
416		~~- $query .= $id;~~
	416	+ $query .= intval( $id );
417	417	}
418	418	}
419	419
—	—	@@ -451,7 +451,7 @@
452	452	$sk = $wgUser->getSkin();
453	453
454	454	$image = $imgpage->img;
455		~~- if ( !$image->isMultipage() ) {~~
	455	+ if ( !$image->isMultiPage() ) {
456	456	return true;
457	457	}
458	458
—	—	@@ -603,7 +603,7 @@
604	604	$image = wfFindFile( $imageTitle );
605	605	$return = "";
606	606
607		~~- if ( $image && $image->isMultipage() ) {~~
	607	+ if ( $image && $image->isMultiPage() && $image->pageCount() ) {
608	608	$name = $imageTitle->getDBkey();
609	609	$count = $image->pageCount();
610	610	$dbr = wfGetDB( DB_SLAVE );
—	—	@@ -618,7 +618,7 @@
619	619	for ( $i = 0; $i < $count ; $i++ ) {
620	620	if ( !isset( $query ) ) {
621	621	$query = "SELECT page_id, page_title, page_namespace";
622		~~- $query .= " FROM $pagetable WHERE (page_namespace=$page_ns_index AND page_title IN(";~~
	622	+ $query .= " FROM $pagetable WHERE (page_namespace=" . intval( $page_ns_index ) . " AND page_title IN(";
623	623	} else {
624	624	$query .= ', ';
625	625	}

Status & tagging log

05:02, 15 June 2009 Tim Starling (talk | contribs) changed the status of r51050 [removed: new added: deferred]