r70044 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r70043‎ \| r70044 \| r70045 >
Date:	21:01, 27 July 2010
Author:	platonides
Status:	deferred
Tags:
Comment:	Fix escaping issues.
Modified paths:	/trunk/extensions/Woopra/Woopra.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Woopra/Woopra.php
—	—	@@ -21,26 +21,31 @@
22	22	$wgExtensionCredits['other'][] = array(
23	23	'path' => __FILE__,
24	24	'name' => 'Woopra Live Stats Tracking',
25		~~- 'author' => array( 'Shane'),~~
26		~~- 'version' => '1.0.0',~~
	25	+ 'author' => array( 'Shane' ),
	26	+ 'version' => '1.1.0',
27	27	'url' => 'http://www.mediawiki.org/wiki/Extension:Woopra',
28	28	'descriptionmsg' => 'woopra-desc',
29	29	);
30	30
31	31	$wgHooks['BeforePageDisplay'][] = 'fnWoopraJavascript';
32		-
	32	+
	33	+$wgWoopraSitekey = false;
	34	+
33	35	function fnWoopraJavascript($out)
34	36	{
35	37	global $wgUser, $wgWoopraSitekey;
36	38
	39	+ if ( $wgWoopraSitekey === false )
	40	+ return true;
	41	+
37	42	$html = "<script type=\"text/javascript\">\r\n";
38		~~- $html .= "woopra_id = '" . $wgWoopraSitekey . "';\r\n";~~
	43	+ $html .= "woopra_id = '" . Xml::escapeJsString( $wgWoopraSitekey ) . "';\r\n";
39	44
40	45	if (!$wgUser->isAnon())
41	46	{
42	47	$html .= "var woopra_array = new Array();\r\n";
43		~~- $html .= "woopra_array['name'] = '" . $wgUser->getRealName() . "';\r\n";~~
44		~~- $html .= "woopra_array['Email'] = '" . $wgUser->getEmail() . "';\r\n";~~
	48	+ $html .= "woopra_array['name'] = '" . Xml::escapeJsString( $wgUser->getRealName() ) . "';\r\n";
	49	+ $html .= "woopra_array['Email'] = '" . Xml::escapeJsString( $wgUser->getEmail() ) . "';\r\n";
45	50	// Add custom tracking code here!
46	51	}
47	52	$html .= "</script>\r\n";

23:29, 3 December 2010 Reedy (talk | contribs) changed the status of r70044 [removed: new added: deferred]