r56372 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r56371‎ \| r56372 \| r56373 >
Date:	17:13, 15 September 2009
Author:	aaron
Status:	resolved (Comments)
Tags:
Comment:	Added $wgFeedbackSizeThreshhold
Modified paths:	/trunk/extensions/ReaderFeedback/ReaderFeedback.class.php (modified) (history) /trunk/extensions/ReaderFeedback/ReaderFeedback.php (modified) (history) /trunk/extensions/ReaderFeedback/specialpages/LikedPages_body.php (modified) (history) /trunk/extensions/ReaderFeedback/specialpages/ProblemPages_body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ReaderFeedback/specialpages/ProblemPages_body.php
—	—	@@ -122,7 +122,7 @@
123	123	$x = 2;
124	124	$conds[] = "rfp_ave_val < $x";
125	125	// Reasonable sample
126		~~- $conds[] = 'rfp_count >= '.READER_FEEDBACK_SIZE;~~
	126	+ $conds[] = 'rfp_count >= '.ReaderFeedback::getFeedbackSize();
127	127	return array(
128	128	'tables' => array('reader_feedback_pages','page'),
129	129	'fields' => 'page_namespace,page_title,page_len,rfp_ave_val',
Index: trunk/extensions/ReaderFeedback/specialpages/LikedPages_body.php
—	—	@@ -122,7 +122,7 @@
123	123	$x = 3.5;
124	124	$conds[] = "rfp_ave_val > $x";
125	125	// Reasonable sample
126		~~- $conds[] = 'rfp_count >= '.READER_FEEDBACK_SIZE;~~
	126	+ $conds[] = 'rfp_count >= '.ReaderFeedback::getFeedbackSize();
127	127	return array(
128	128	'tables' => array('reader_feedback_pages','page'),
129	129	'fields' => 'page_namespace,page_title,page_len,rfp_ave_val',
Index: trunk/extensions/ReaderFeedback/ReaderFeedback.class.php
—	—	@@ -43,6 +43,11 @@
44	44	return self::$feedbackTagWeight[$tag];
45	45	}
46	46
	47	+ public static function getFeedbackSize() {
	48	+ global $wgFeedbackSizeThreshhold;
	49	+ return (int)$wgFeedbackSizeThreshhold;
	50	+ }
	51	+
47	52	################# Utility functions #################
48	53
49	54	/**
Index: trunk/extensions/ReaderFeedback/ReaderFeedback.php
—	—	@@ -23,10 +23,6 @@
24	24	exit( 1 );
25	25	}
26	26
27		~~-# Number of recent reviews to be a decent sample size~~
28		~~-if( !defined('READER_FEEDBACK_SIZE') )~~
29		~~- define('READER_FEEDBACK_SIZE',15);~~
30		-
31	27	$wgExtensionCredits['specialpage'][] = array(
32	28	'path' => __FILE__,
33	29	'name' => 'Reader Feedback',
—	—	@@ -56,6 +52,9 @@
57	53	);
58	54	# How many seconds back should the average rating for a page be based on?
59	55	$wgFeedbackAge = 7 * 24 * 3600;
	56	+# What number of page votes (for the average above) is considered significant?
	57	+# (number of recent reviews to be a decent sample size)
	58	+$wgFeedbackSizeThreshhold = 15;
60	59	# How long before stats page is updated?
61	60	$wgFeedbackStatsAge = 2 * 3600; // 2 hours
62	61	# Limit people from spamming the system

Follow-up revisions

Revision	Commit summary	Author	Date
r59621	Follow up r56372: use addQuotes() to make sql escaping clear (value is alread...	aaron	08:12, 1 December 2009

Comments

#Comment by Tim Starling (talk | contribs) 07:37, 1 December 2009

You need escaping or validation at the SQL construction stage, for verifiable security. Putting it in getFeedbackSize() isn't enough.

#Comment by Siebrand (talk | contribs) 16:52, 17 January 2010

r59621 appears to fix only in RatedPages_body.php, not in LikedPages_body.php

#Comment by Aaron Schulz (talk | contribs) 21:17, 17 January 2010

There is no LikedPages

#Comment by Siebrand (talk | contribs) 22:00, 17 January 2010

Right. That was removed after. Status to new.

Status & tagging log

23:49, 17 January 2010 Tim Starling (talk | contribs) changed the status of r56372 [removed: new added: resolved]
22:00, 17 January 2010 Siebrand (talk | contribs) changed the status of r56372 [removed: fixme added: new]
07:37, 1 December 2009 Tim Starling (talk | contribs) changed the status of r56372 [removed: new added: fixme]