r62599 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r62598‎ | r62599 | r62600 >
Date:21:59, 16 February 2010
Author:reedy
Status:ok (Comments)
Tags:
Comment:
Followup to r62557 as per Roans comment
Modified paths:
  • /trunk/phase3/includes/api/ApiBase.php (modified) (history)
  • /trunk/phase3/includes/api/ApiBlock.php (modified) (history)
  • /trunk/phase3/includes/api/ApiDelete.php (modified) (history)
  • /trunk/phase3/includes/api/ApiEditPage.php (modified) (history)
  • /trunk/phase3/includes/api/ApiEmailUser.php (modified) (history)
  • /trunk/phase3/includes/api/ApiImport.php (modified) (history)
  • /trunk/phase3/includes/api/ApiMain.php (modified) (history)
  • /trunk/phase3/includes/api/ApiMove.php (modified) (history)
  • /trunk/phase3/includes/api/ApiPatrol.php (modified) (history)
  • /trunk/phase3/includes/api/ApiRollback.php (modified) (history)
  • /trunk/phase3/includes/api/ApiUnblock.php (modified) (history)
  • /trunk/phase3/includes/api/ApiUndelete.php (modified) (history)
  • /trunk/phase3/includes/api/ApiUpload.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiMove.php
@@ -220,7 +220,7 @@
221221 }
222222
223223 public function getTokenSalt() {
224 - return null;
 224+ return '';
225225 }
226226
227227 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiRollback.php
@@ -123,7 +123,7 @@
124124 }
125125
126126 public function getTokenSalt() {
127 - return null;
 127+ return '';
128128 }
129129
130130 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiDelete.php
@@ -218,7 +218,7 @@
219219 }
220220
221221 public function getTokenSalt() {
222 - return null;
 222+ return '';
223223 }
224224
225225 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiImport.php
@@ -150,7 +150,7 @@
151151 }
152152
153153 public function getTokenSalt() {
154 - return null;
 154+ return '';
155155 }
156156
157157 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiEditPage.php
@@ -458,7 +458,7 @@
459459 }
460460
461461 public function getTokenSalt() {
462 - return null;
 462+ return '';
463463 }
464464
465465 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiUnblock.php
@@ -117,7 +117,7 @@
118118 }
119119
120120 public function getTokenSalt() {
121 - return null;
 121+ return '';
122122 }
123123
124124 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiMain.php
@@ -416,14 +416,13 @@
417417
418418 //Die if token required, but not provided (unless there is a gettoken parameter)
419419 $salt = $module->getTokenSalt();
420 - if ( $salt != false )
 420+ if ( $salt !== false )
421421 {
422422 if ( !isset( $moduleParams['token'] ) && !isset( $moduleParams['gettoken'] ) ) {
423423 $this->dieUsageMsg( array( 'missingparam', 'token' ) );
424424 } else {
425425 global $wgUser;
426 - if ( ( $salt != null && !$wgUser->matchEditToken( $moduleParams['token'], $salt ) )
427 - || !$wgUser->matchEditToken( $moduleParams['token'] ) ) {
 426+ if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) {
428427 $this->dieUsageMsg( array( 'sessionfailure' ) );
429428 }
430429 }
Index: trunk/phase3/includes/api/ApiEmailUser.php
@@ -113,7 +113,7 @@
114114 }
115115
116116 public function getTokenSalt() {
117 - return null;
 117+ return '';
118118 }
119119
120120 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiBlock.php
@@ -166,7 +166,7 @@
167167 }
168168
169169 public function getTokenSalt() {
170 - return null;
 170+ return '';
171171 }
172172
173173 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiPatrol.php
@@ -93,7 +93,7 @@
9494 }
9595
9696 public function getTokenSalt() {
97 - return null;
 97+ return '';
9898 }
9999
100100 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiUndelete.php
@@ -126,7 +126,7 @@
127127 }
128128
129129 public function getTokenSalt() {
130 - return null;
 130+ return '';
131131 }
132132
133133 protected function getExamples() {
Index: trunk/phase3/includes/api/ApiBase.php
@@ -970,7 +970,7 @@
971971 }
972972
973973 /**
974 - * Returns the token salt if there is one, null if the module doesn't require a salt, else false if the module doesn't need a token
 974+ * Returns the token salt if there is one, '' if the module doesn't require a salt, else false if the module doesn't need a token
975975 * @returns bool
976976 */
977977 public function getTokenSalt() {
@@ -997,7 +997,7 @@
998998 $ret[] = array ( 'writedisabled' );
999999 }
10001000
1001 - if ( $this->getTokenSalt() != false ) {
 1001+ if ( $this->getTokenSalt() !== false ) {
10021002 $ret[] = array( 'missingparam', 'token' );
10031003 $ret[] = array( 'sessionfailure' );
10041004 }
Index: trunk/phase3/includes/api/ApiUpload.php
@@ -343,7 +343,7 @@
344344 }
345345
346346 public function getTokenSalt() {
347 - return null;
 347+ return '';
348348 }
349349
350350 protected function getExamples() {

Follow-up revisions

RevisionCommit summaryAuthorDate
r62601Fixup getTokenSalt in applicable Extensions as per r62599reedy22:04, 16 February 2010

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r62557Refactor requiresToken to getTokenSalt - Returns salt if exists, null if no s...reedy23:53, 15 February 2010

Comments

#Comment by P.Copp (talk | contribs)   18:44, 19 February 2010 
 			if ( !isset( $moduleParams['token'] ) && !isset( $moduleParams['gettoken'] ) ) {
 				$this->dieUsageMsg( array( 'missingparam', 'token' ) );
 			} else {
 				global $wgUser;
				if ( !$wgUser->matchEditToken( $moduleParams['token'], $salt ) ) {
 					$this->dieUsageMsg( array( 'sessionfailure' ) );
 				}
 			}

The 'else' also needs a check for the presence of 'gettoken'. Currently token retrieval (e.g. action=block&gettoken) is prevented completely.

#Comment by Reedy (talk | contribs)   19:45, 19 February 2010

r62715 sorts this. Thanks

Status & tagging log