r52369 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r52368‎ \| r52369 \| r52370 >
Date:	18:58, 24 June 2009
Author:	dale
Status:	deferred
Tags:
Comment:	fixed token in resultURL for firefogg uploads
Modified paths:	/branches/new-upload/phase3/includes/UploadFromChunks.php (modified) (history) /branches/new-upload/phase3/js2/mwEmbed/mv_embed.js (modified) (history) /branches/new-upload/phase3/js2/mwEmbed/php/script-cache (modified) (history)

Diff [purge]

Index: branches/new-upload/phase3/includes/UploadFromChunks.php
—	—	@@ -146,12 +146,17 @@
147	147	if( $this->chunk_mode == UploadFromChunks::INIT ){
148	148	//firefogg expects a specific result per:
149	149	//http://www.firefogg.org/dev/chunk_post.html
	150	+
	151	+ //its oky to return the token here because
	152	+ //a) the user must have requested the token to get here and
	153	+ //b) should only happen over POST
	154	+ //c) (we need the token to validate chunks are coming from a non-xss request)
	155	+ $token = urlencode( $wgUser->editToken() );
150	156	ob_clean();
151		~~- echo ApiFormatJson::getJsonEncode( array(~~
	157	+ echo ApiFormatJson::getJsonEncode( array(
152	158	"uploadUrl" => "{$wgServer}{$wgScriptPath}/api.php?action=upload&".
153		~~- "token=" . htmlspecialchars( $wgUser->editToken() ) . "&".~~
154		~~- "format=json&enablechunks=true&chunksessionkey=".~~
155		~~- $this->setupChunkSession($summary, $comment, $watch ) ) );~~
	159	+ "token={$token}&format=json&enablechunks=true&chunksessionkey=".
	160	+ $this->setupChunkSession($summary, $comment, $watch ) ) );
156	161	exit(0);
157	162	}else if( $this->chunk_mode == UploadFromChunks::CHUNK ){
158	163	$status = $this->doChunkAppend();
Property changes on: branches/new-upload/phase3/js2/mwEmbed/php/script-cache
___________________________________________________________________
Name: svn:ignore
159	164	- 0
1
2
8
160	165	+ 0
1
2
8
3
9
c
Index: branches/new-upload/phase3/js2/mwEmbed/mv_embed.js
—	—	@@ -999,7 +999,7 @@
1000	1000
1001	1001	js_log('do api req: ' + options.url +'?' + jQuery.param(options.data) );
1002	1002	//build request string:
1003		~~- if( parseUri( document.URL ).host == parseUri( options.url ).host ){~~
	1003	+ if( parseUri( document.URL ).host == parseUri( options.url ).host ){
1004	1004	//local request do api request directly
1005	1005	$j.ajax({
1006	1006	type: "POST",

Status & tagging log

00:20, 14 September 2011 Meno25 (talk | contribs) changed the status of r52369 [removed: old added: deferred]
01:02, 14 November 2010 Reedy (talk | contribs) changed the status of r52369 [removed: new added: old]