r57956 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r57955‎ \| r57956 \| r57957 >
Date:	20:06, 20 October 2009
Author:	catrope
Status:	deferred
Tags:
Comment:	OptIn: Fix regression from r54542 where optin would silently fail for newly registered users due to their anon token sticking around. Fixing this by making them click "Yes, I want to opt in" one more time, which passes the right token.
Modified paths:	/trunk/extensions/UsabilityInitiative/OptIn/SpecialOptIn.php (modified) (history)

Diff [purge]

Index: trunk/extensions/UsabilityInitiative/OptIn/SpecialOptIn.php
—	—	@@ -31,29 +31,26 @@
32	32	}
33	33	return true;
34	34	}
	35	+
	36	+ public static function checkToken() {
	37	+ global $wgRequest, $wgUser;
	38	+ return $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) );
	39	+ }
35	40
36	41	public static function optIn( $user ) {
37		~~- global $wgOptInPrefs, $wgUser, $wgRequest;~~
38		-
39		~~- // Don't allow anything to actually change without a matching token~~
40		~~- if ( $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {~~
41		~~- foreach ( $wgOptInPrefs as $pref => $value ) {~~
42		~~- $user->setOption( $pref, $value );~~
43		~~- }~~
44		~~- $user->saveSettings();~~
	42	+ global $wgOptInPrefs;
	43	+ foreach ( $wgOptInPrefs as $pref => $value ) {
	44	+ $user->setOption( $pref, $value );
45	45	}
	46	+ $user->saveSettings();
46	47	}
47	48
48	49	public static function optOut( $user ) {
49		~~- global $wgOptInPrefs, $wgUser, $wgRequest;~~
50		-
51		~~- // Don't allow anything to actually change without a matching token~~
52		~~- if ( $wgUser->matchEditToken( $wgRequest->getVal( 'token' ) ) ) {~~
53		~~- foreach ( $wgOptInPrefs as $pref => $value ) {~~
54		~~- $user->setOption( $pref, null );~~
55		~~- }~~
56		~~- $user->saveSettings();~~
	50	+ global $wgOptInPrefs;
	51	+ foreach ( $wgOptInPrefs as $pref => $value ) {
	52	+ $user->setOption( $pref, null );
57	53	}
	54	+ $user->saveSettings();
58	55	}
59	56
60	57	/* Functions */
—	—	@@ -106,19 +103,23 @@
107	104
108	105	if ( $wgRequest->getCheck( 'opt' ) ) {
109	106	if ( $wgRequest->getVal( 'opt' ) === 'in' ) {
110		~~- self::optIn( $wgUser );~~
111		~~- $wgOut->addWikiMsg( 'optin-success-in' );~~
112		-
113		~~- global $wgJsMimeType, $wgOptInStyleVersion;~~
114		~~- UsabilityInitiativeHooks::initialize();~~
115		~~- UsabilityInitiativeHooks::addScript( 'OptIn/OptIn.js',~~
116		~~- $wgOptInStyleVersion );~~
117		-
118		~~- $url = $this->getTitle()->getLinkUrl();~~
119		~~- $wgOut->addHTML( Xml::tags( 'script',~~
120		~~- array( 'type' => $wgJsMimeType ),~~
121		~~- 'js2AddOnloadHook( function() { $j.post( "' . $url . '", optInGetPOSTData() ); } );'~~
122		~~- ) );~~
	107	+ if ( self::checkToken() ) {
	108	+ self::optIn( $wgUser );
	109	+ $wgOut->addWikiMsg( 'optin-success-in' );
	110	+
	111	+ global $wgJsMimeType, $wgOptInStyleVersion;
	112	+ UsabilityInitiativeHooks::initialize();
	113	+ UsabilityInitiativeHooks::addScript( 'OptIn/OptIn.js',
	114	+ $wgOptInStyleVersion );
	115	+
	116	+ $url = $this->getTitle()->getLinkUrl();
	117	+ $wgOut->addHTML( Xml::tags( 'script',
	118	+ array( 'type' => $wgJsMimeType ),
	119	+ 'js2AddOnloadHook( function() { $j.post( "' . $url . '", optInGetPOSTData() ); } );'
	120	+ ) );
	121	+ } else
	122	+ $this->showForm( self::isOptedIn( $wgUser ) ?
	123	+ 'out' : 'in' );
123	124	} else if ( $wgRequest->getVal( 'opt' ) == 'feedback' ) {
124	125	if ( $wgRequest->wasPosted() ) {
125	126	$this->saveSurvey( $wgOptInFeedBackSurvey,
—	—	@@ -130,9 +131,13 @@
131	132	$this->saveSurvey( $wgOptInBrowserSurvey, 'in' );
132	133	$wgOut->disable();
133	134	} else {
134		~~- self::optOut( $wgUser );~~
135		~~- $this->saveSurvey( $wgOptInSurvey, 'out' );~~
136		~~- $wgOut->addWikiMsg( 'optin-success-out' );~~
	135	+ if ( self::checkToken() ) {
	136	+ self::optOut( $wgUser );
	137	+ $this->saveSurvey( $wgOptInSurvey, 'out' );
	138	+ $wgOut->addWikiMsg( 'optin-success-out' );
	139	+ } else
	140	+ $this->showForm( self::isOptedIn( $wgUser ) ?
	141	+ 'out' : 'in' );
137	142	}
138	143	if ( $this->mOriginTitle )
139	144	$wgOut->addHTML( wfMsg( 'returnto',

Follow-up revisions

Revision	Commit summary	Author	Date
r57957	wmf-deployment: Merge r57956 (OptIn fix) from trunk	catrope	20:08, 20 October 2009

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r54542	Added token checking to optin and optout procedures to avoid any possible abu...	tparscal	22:27, 6 August 2009

Status & tagging log

00:48, 17 December 2009 Tim Starling (talk | contribs) changed the status of r57956 [removed: new added: deferred]