r59183 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r59182‎ \| r59183 \| r59184 >
Date:	22:00, 17 November 2009
Author:	nimishg
Status:	resolved (Comments)
Tags:
Comment:	cc-reporting bordering functional now
Modified paths:	/trunk/extensions/ContributionReporting/cc-reporting.php (modified) (history)

Diff [purge]

Index: trunk/extensions/ContributionReporting/cc-reporting.php
—	—	@@ -9,16 +9,18 @@
10	10	function handleLoad(){
11	11	$cc_id = randomCookie();
12	12
13		~~- if(!isset($_COOKIE['cc-cookie'])){~~
14		~~- $cc_id = $_REQUEST['cc-cookie'];~~
	13	+ if(isset($_COOKIE['cc-cookie'])){
	14	+ $cc_id = $_COOKIE['cc-cookie'];
15	15	}
16	16	else{
17	17	//set cookie to expire in maybe about a year or so... 300 days
18	18	setcookie('cc-cookie', $cc_id, time() + (60 * 60 * 24 * 300), '/', "payments.wikimedia.org");
19	19	}
20	20
21		~~- //if not exist insert into DB~~
22		~~- //via REQUEST['utm_src']~~
	21	+ $cc_id = addslashes($cc_id);
	22	+ $utm_src = isset($_REQUEST['utm_src']) ?
	23	+ addslashes($_REQUEST['utm_src']) : "unknown";
	24	+ $sql = "INSERT IGNORE INTO cc-track (cookie_id, utm_src, contribs) VALUES ('$cc_id','$utm_src', 0)";
23	25	}
24	26
25	27	function handleSubmit(){
—	—	@@ -27,7 +29,8 @@
28	30	$cc_id = $_COOKIE['cc-cookie'];
29	31	}
30	32
31		~~- //donations++~~
	33	+ $cc_id = addslashes($cc_id);
	34	+ $sql = "UPDATE cc-track SET contribs=contribs+1 WHERE cookie_id = '$cc_id'";
32	35	}
33	36
34	37	function randomCookie(){

Follow-up revisions

Revision	Commit summary	Author	Date
r60794	Per http://www.mediawiki.org/wiki/Special:Code/MediaWiki/59183#c4712, these w...	demon	17:25, 7 January 2010

Comments

#Comment by Tim Starling (talk | contribs) 23:11, 8 December 2009

Please add:

require( dirname(__FILE__).'/../../includes/WebStart.php' );

to the top of the file. Then use the regular MediaWiki functions like wfGetDB() and $wgRequest->getVal() instead of going your own way with $_REQUEST and addslashes(). As I said to you previously, any code that calls addslashes() is insecure and unsuitable for deployment.

#Comment by Nimish Gautam (talk | contribs) 23:20, 8 December 2009

These were more 'proof-of-concept' files for fundraising, and we ended up using different methods later. Both cc-reporting.php and cc-reporting.js can be removed from deployment.

#Comment by 😂 (talk | contribs) 14:35, 11 December 2009

Remove them from trunk then.

Status & tagging log

17:27, 7 January 2010 😂 (talk | contribs) changed the status of r59183 [removed: fixme added: resolved]
23:11, 8 December 2009 Tim Starling (talk | contribs) changed the status of r59183 [removed: new added: fixme]