r56167 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r56166‎ \| r56167 \| r56168 >
Date:	04:07, 11 September 2009
Author:	jdpond
Status:	deferred
Tags:
Comment:	Updated img_auth with code improvements to match 1.16 version - no functional changes
Modified paths:	/trunk/extensions/NSFileRepo/REL1_13_0/phase3/img_auth.php (modified) (history) /trunk/extensions/NSFileRepo/REL1_14_0/phase3/img_auth.php (modified) (history) /trunk/extensions/NSFileRepo/REL1_15_0/phase3/img_auth.php (modified) (history)

Diff [purge]

Index: trunk/extensions/NSFileRepo/REL1_13_0/phase3/img_auth.php
—	—	@@ -56,31 +56,30 @@
57	57
58	58	// Check to see if the file exists
59	59	if( !file_exists( $filename ) )
60		~~- wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename));~~
	60	+ wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename);
61	61
62	62	// Check to see if tried to access a directory
63	63	if( is_dir( $filename ) )
64		~~- wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename));~~
	64	+ wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename);
65	65
66	66
67	67	$title = Title::makeTitleSafe( NS_FILE, $name );
68	68
69	69	// See if could create the title object
70	70	if( !$title instanceof Title )
71		~~- wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name));~~
	71	+ wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
72	72
73	73	// Run hook
74	74	if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
75		~~- call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2)));~~
	75	+ wfForbidden($result[0],$result[1],array_slice($result,2));
76	76
77	77	// Check user authorization for this title
78	78	// UserCanRead Checks Whitelist too
79		~~-if( !$title->userCanRead() )~~
80		~~- wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name));~~
	79	+if( !$title->userCanRead() )
	80	+ wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
81	81
82		-
83	82	// Stream the requested file
84		~~-wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." );~~
	83	+wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
85	84	wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
86	85	wfLogProfilingData();
87	86
—	—	@@ -95,10 +94,10 @@
96	95	$args = func_get_args();
97	96	array_shift( $args );
98	97	array_shift( $args );
99		~~- $MsgHdr = wfMsgHTML($msg1);~~
100		~~- $detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args));~~
	98	+ $MsgHdr = htmlspecialchars(wfMsg($msg1));
	99	+ $detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)));
101	100	wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".
102		~~- call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args)));~~
	101	+ wfMsgExt($msg2,array('language' => 'en'),$args));
103	102	header( 'HTTP/1.0 403 Forbidden' );
104	103	header( 'Cache-Control: no-cache' );
105	104	header( 'Content-Type: text/html; charset=utf-8' );
Index: trunk/extensions/NSFileRepo/REL1_14_0/phase3/img_auth.php
—	—	@@ -56,31 +56,30 @@
57	57
58	58	// Check to see if the file exists
59	59	if( !file_exists( $filename ) )
60		~~- wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename));~~
	60	+ wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename);
61	61
62	62	// Check to see if tried to access a directory
63	63	if( is_dir( $filename ) )
64		~~- wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename));~~
	64	+ wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename);
65	65
66	66
67	67	$title = Title::makeTitleSafe( NS_FILE, $name );
68	68
69	69	// See if could create the title object
70	70	if( !$title instanceof Title )
71		~~- wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name));~~
	71	+ wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
72	72
73	73	// Run hook
74	74	if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
75		~~- call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2)));~~
	75	+ wfForbidden($result[0],$result[1],array_slice($result,2));
76	76
77	77	// Check user authorization for this title
78	78	// UserCanRead Checks Whitelist too
79		~~-if( !$title->userCanRead() )~~
80		~~- wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name));~~
	79	+if( !$title->userCanRead() )
	80	+ wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
81	81
82		-
83	82	// Stream the requested file
84		~~-wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." );~~
	83	+wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
85	84	wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
86	85	wfLogProfilingData();
87	86
—	—	@@ -95,10 +94,10 @@
96	95	$args = func_get_args();
97	96	array_shift( $args );
98	97	array_shift( $args );
99		~~- $MsgHdr = wfMsgHTML($msg1);~~
100		~~- $detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args));~~
	98	+ $MsgHdr = htmlspecialchars(wfMsg($msg1));
	99	+ $detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)));
101	100	wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".
102		~~- call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args)));~~
	101	+ wfMsgExt($msg2,array('language' => 'en'),$args));
103	102	header( 'HTTP/1.0 403 Forbidden' );
104	103	header( 'Cache-Control: no-cache' );
105	104	header( 'Content-Type: text/html; charset=utf-8' );
Index: trunk/extensions/NSFileRepo/REL1_15_0/phase3/img_auth.php
—	—	@@ -56,31 +56,30 @@
57	57
58	58	// Check to see if the file exists
59	59	if( !file_exists( $filename ) )
60		~~- wfForbidden('img-auth-accessdenied','img-auth-nofile',htmlspecialchars($filename));~~
	60	+ wfForbidden('img-auth-accessdenied','img-auth-nofile',$filename);
61	61
62	62	// Check to see if tried to access a directory
63	63	if( is_dir( $filename ) )
64		~~- wfForbidden('img-auth-accessdenied','img-auth-isdir',htmlspecialchars($filename));~~
	64	+ wfForbidden('img-auth-accessdenied','img-auth-isdir',$filename);
65	65
66	66
67	67	$title = Title::makeTitleSafe( NS_FILE, $name );
68	68
69	69	// See if could create the title object
70	70	if( !$title instanceof Title )
71		~~- wfForbidden('img-auth-accessdenied','img-auth-badtitle',htmlspecialchars($name));~~
	71	+ wfForbidden('img-auth-accessdenied','img-auth-badtitle',$name);
72	72
73	73	// Run hook
74	74	if (!wfRunHooks( 'ImgAuthBeforeStream', array( &$title, &$path, &$name, &$result ) ) )
75		~~- call_user_func_array('wfForbidden',merge_array(array($result[0],$result[1]),array_slice($result,2)));~~
	75	+ wfForbidden($result[0],$result[1],array_slice($result,2));
76	76
77	77	// Check user authorization for this title
78	78	// UserCanRead Checks Whitelist too
79		~~-if( !$title->userCanRead() )~~
80		~~- wfForbidden('img-auth-accessdenied','img-auth-noread',htmlspecialchars($name));~~
	79	+if( !$title->userCanRead() )
	80	+ wfForbidden('img-auth-accessdenied','img-auth-noread',$name);
81	81
82		-
83	82	// Stream the requested file
84		~~-wfDebugLog( 'img_auth', "Streaming `".htmlspecialchars($filename)."`." );~~
	83	+wfDebugLog( 'img_auth', "Streaming `".$filename."`." );
85	84	wfStreamFile( $filename, array( 'Cache-Control: private', 'Vary: Cookie' ) );
86	85	wfLogProfilingData();
87	86
—	—	@@ -95,10 +94,10 @@
96	95	$args = func_get_args();
97	96	array_shift( $args );
98	97	array_shift( $args );
99		~~- $MsgHdr = wfMsgHTML($msg1);~~
100		~~- $detailMsg = call_user_func_array('wfMsgHTML',array_merge(array($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args));~~
	98	+ $MsgHdr = htmlspecialchars(wfMsg($msg1));
	99	+ $detailMsg = (htmlspecialchars(wfMsg(($wgImgAuthDetails ? $msg2 : 'badaccess-group0'),$args)));
101	100	wfDebugLog('img_auth', "wfForbidden Hdr:".wfMsgExt( $msg1, array('language' => 'en'))." Msg: ".
102		~~- call_user_func_array('wfMsgExt',array_merge( array($msg2, array('language' => 'en')),$args)));~~
	101	+ wfMsgExt($msg2,array('language' => 'en'),$args));
103	102	header( 'HTTP/1.0 403 Forbidden' );
104	103	header( 'Cache-Control: no-cache' );
105	104	header( 'Content-Type: text/html; charset=utf-8' );

Status & tagging log

05:24, 1 December 2009 Tim Starling (talk | contribs) changed the status of r56167 [removed: new added: deferred]