r70052 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r70051‎ \| r70052 \| r70053 >
Date:	22:20, 27 July 2010
Author:	platonides
Status:	deferred
Tags:
Comment:	Remove register globals vulnerability. Do not use $wgUser for the name of a function argument. Use the namespace indexes instead of the namespace names in English. Tabify
Modified paths:	/trunk/extensions/WhiteListEdit/WhiteListAuth.php (modified) (history) /trunk/extensions/WhiteListEdit/WhiteListEdit.php (modified) (history) /trunk/extensions/WhiteListEdit/WhiteListEdit_body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/WhiteListEdit/WhiteListAuth.php
—	—	@@ -42,20 +42,20 @@
43	43	{
44	44
45	45	/* $result value:
46		~~- * true=Access Granted~~
47		~~- * false=Access Denied~~
48		~~- * null=Don't know/don't care (not 'allowed' or 'denied')~~
	46	+ * true = Access Granted
	47	+ * false = Access Denied
	48	+ * null = Don't know/don't care (not 'allowed' or 'denied')
49	49	* Return value:
50		~~- * true=Later functions can override.~~
51		~~- * false=Later functions not consulted.~~
	50	+ * true = Later functions can override.
	51	+ * false = Later functions not consulted.
52	52	*/
53		~~- static function CheckWhiteList(&$title, &$wgUser, $action, &$result) {~~
	53	+ static function CheckWhiteList(&$title, &$user, $action, &$result) {
54	54
55	55	$override = WHITELIST_NOACTION;
56	56
57	57
58	58	/* Bail if the user isn't restricted.... */
59		~~- if( !in_array('restricttowhitelist', $wgUser->getRights()) ) {~~
	59	+ if( !in_array('restricttowhitelist', $user->getRights()) ) {
60	60	$result = null; /* don't care */
61	61	return true; /* Later functions can override */
62	62	}
—	—	@@ -71,17 +71,17 @@
72	72	/* Check global allow/deny lists */
73	73	$override = self::GetOverride($true_title, $action);
74	74
75		~~- /* Check if page is on whitelist */~~
76		~~- if( WHITELIST_NOACTION == $override )~~
77		~~- $override = self::IsAllowedNamespace( $true_title, $wgUser, $action );~~
	75	+ /* Check if page is on whitelist */
	76	+ if( WHITELIST_NOACTION == $override )
	77	+ $override = self::IsAllowedNamespace( $true_title, $user, $action );
78	78
79	79	/* Check if page is on whitelist */
80	80	if( WHITELIST_NOACTION == $override )
81		~~- $override = self::IsAllowed( $true_title, $wgUser, $action );~~
	81	+ $override = self::IsAllowed( $true_title, $user, $action );
82	82
83	83	/* Check if user page */
84	84	if( WHITELIST_NOACTION == $override )
85		~~- $override = self::IsUserPage( $true_title->GetPrefixedText(), $wgUser );~~
	85	+ $override = self::IsUserPage( $true_title->GetPrefixedText(), $user );
86	86
87	87	switch( $override )
88	88	{
—	—	@@ -103,41 +103,41 @@
104	104	{
105	105	global $wgWhiteListOverride;
106	106
107		~~- $allowView = $allowEdit = $denyView = $denyEdit = false;~~
	107	+ $allowView = $allowEdit = $denyView = $denyEdit = false;
108	108
109		~~- foreach( $wgWhiteListOverride['always']['read'] as $value )~~
110		~~- {~~
111		~~- if( self::RegexCompare($title, $value) )~~
112		~~- {~~
113		~~- $allowView = true;~~
114		~~- }~~
115		~~- }~~
	109	+ foreach( $wgWhiteListOverride['always']['read'] as $value )
	110	+ {
	111	+ if( self::RegexCompare($title, $value) )
	112	+ {
	113	+ $allowView = true;
	114	+ }
	115	+ }
116	116
117		~~- foreach( $wgWhiteListOverride['always']['edit'] as $value )~~
118		~~- {~~
119		~~- if( self::RegexCompare($title, $value) )~~
120		~~- {~~
121		~~- $allowEdit = true;~~
122		~~- }~~
123		~~- }~~
	117	+ foreach( $wgWhiteListOverride['always']['edit'] as $value )
	118	+ {
	119	+ if ( self::RegexCompare($title, $value) )
	120	+ {
	121	+ $allowEdit = true;
	122	+ }
	123	+ }
124	124
125	125	unset($override);
126	126
127	127	foreach( $wgWhiteListOverride['never']['read'] as $value )
128		~~- {~~
129		~~- if( self::RegexCompare($title, $value) )~~
130		~~- {~~
131		~~- $denyView = true;~~
132		~~- }~~
133		~~- }~~
	128	+ {
	129	+ if ( self::RegexCompare($title, $value) )
	130	+ {
	131	+ $denyView = true;
	132	+ }
	133	+ }
134	134
135		~~- foreach( $wgWhiteListOverride['never']['edit'] as $value )~~
136		~~- {~~
137		~~- if( self::RegexCompare($title, $value) )~~
138		~~- {~~
139		~~- $denyEdit = true;~~
140		~~- }~~
141		~~- }~~
	135	+ foreach( $wgWhiteListOverride['never']['edit'] as $value )
	136	+ {
	137	+ if ( self::RegexCompare($title, $value) )
	138	+ {
	139	+ $denyEdit = true;
	140	+ }
	141	+ }
142	142
143	143	if( $action == 'edit' )
144	144	{
—	—	@@ -163,12 +163,12 @@
164	164
165	165	/* Allow access to user pages (unless disabled)
166	166	*/
167		~~- static function IsUserPage( $title_text, &$wgUser )~~
	167	+ static function IsUserPage( $title_text, &$user )
168	168	{
169	169	global $wgWhiteListAllowUserPages;
170	170
171		~~- $userPage = $wgUser->getUserPage()->getPrefixedText();~~
172		~~- $userTalkPage = $wgUser->getTalkPage()->getPrefixedText();~~
	171	+ $userPage = $user->getUserPage()->getPrefixedText();
	172	+ $userTalkPage = $user->getTalkPage()->getPrefixedText();
173	173
174	174	if( ($wgWhiteListAllowUserPages == true) &&
175	175	($title_text == $userPage) \|\| ($title_text == $userTalkPage) )
—	—	@@ -177,25 +177,24 @@
178	178	return WHITELIST_NOACTION;
179	179	}
180	180
181		~~- static function IsAllowedNamespace( &$title, &$wgUser, $action)~~
182		~~- {~~
	181	+ static function IsAllowedNamespace( &$title, &$user, $action)
	182	+ {
	183	+ $page_ns = $title->getNamespace();
	184	+ if ( ( $page_ns == NS_MEDIAWIKI ) \|\|
	185	+ ( $page_ns == NS_FILE ) \|\|
	186	+ ( $page_ns == NS_HELP ) )
	187	+ {
	188	+ return WHITELIST_GRANT;
	189	+ }
183	190
184		~~- $page_ns = $title->getNsText();~~
185		~~- if( ($page_ns == 'Mediawiki' ) \|\|~~
186		~~- ($page_ns == 'Image' ) \|\|~~
187		~~- ($page_ns == 'Help' ) )~~
188		~~- {~~
189		~~- return WHITELIST_GRANT;~~
190		~~- }~~
	191	+ return WHITELIST_NOACTION;
	192	+ }
191	193
192		~~- return WHITELIST_NOACTION;~~
193		~~- }~~
194	194
195		-
196	195	/* Check whether the page is whitelisted.
197	196	* returns true if page is on whitelist, false if it is not.
198	197	*/
199		~~- static function IsAllowed( &$title, &$wgUser, $action )~~
	198	+ static function IsAllowed( &$title, &$user, $action )
200	199	{
201	200	$expired = false;
202	201
—	—	@@ -209,47 +208,47 @@
210	209	$current_date = date("Y-m-d H:i:s");
211	210	$sql = "SELECT wl_page_title
212	211	FROM " . $wl_table_name . "
213		~~- WHERE wl_user_id = " . $dbr->addQuotes($wgUser->getId()) . "~~
	212	+ WHERE wl_user_id = " . $dbr->addQuotes($user->getId()) . "
214	213	AND ( (wl_expires_on >= " . $dbr->addQuotes($current_date) . ")
215	214	OR ( wl_expires_on = " . $dbr->addQuotes('') . "))";
216	215	if( $action == 'edit' ) {
217	216	$sql .= "
218	217	AND wl_allow_edit = " . $dbr->addQuotes('1');
219	218	}
220		~~-//wfDebug($sql);~~
221	219
222		~~- // We should also check that $title is not a redirect to a whitelisted page~~
223		~~- $redirecttitle = null;~~
224		~~- $article = new Article($title);~~
225		~~- if (is_object($article))~~
226		~~- {~~
227		~~- $pagetext = $article->getContent();~~
228		~~- $redirecttitle = Title::newFromRedirect($pagetext);~~
229		~~- }~~
	220	+ // We should also check that $title is not a redirect to a whitelisted page
	221	+ $redirecttitle = null;
	222	+ $article = new Article($title);
	223	+ if (is_object($article))
	224	+ {
	225	+ $pagetext = $article->getContent();
	226	+ $redirecttitle = Title::newFromRedirect($pagetext);
	227	+ }
230	228
231	229	/* Loop through each result returned and
232	230	* check for matches.
233	231	*/
234		~~- $dbr->begin();~~
	232	+ $dbr->begin();
235	233	$db_results = $dbr->query( $sql , __METHOD__, true);
236		~~- $dbr->commit();~~
	234	+ $dbr->commit();
237	235	while( $db_result = $dbr->fetchObject($db_results) )
238	236	{
239	237	if( self::RegexCompare($title, $db_result->wl_page_title) )
240	238	{
241	239	$dbr->freeResult($db_results);
242		~~-//wfDebug("\n\nAccess granted based on PAGE [" . $db_result->wl_page_title . "]\n\n");~~
	240	+ //wfDebug("\n\nAccess granted based on PAGE [" . $db_result->wl_page_title . "]\n\n");
243	241	return WHITELIST_GRANT;
244	242	}
245		~~- if ($redirecttitle)~~
246		~~- {~~
247		~~- if( self::RegexCompare($redirecttitle, $db_result->wl_page_title) )~~
248		~~- {~~
249		~~- $dbr->freeResult($db_results);~~
250		~~-//wfDebug("\n\nAccess granted based on REDIRECT to PAGE [" . $db_result->wl_page_title . "]\n\n");~~
251		~~- return WHITELIST_GRANT;~~
252		~~- }~~
253		~~- }~~
	243	+
	244	+ if ($redirecttitle)
	245	+ {
	246	+ if ( self::RegexCompare($redirecttitle, $db_result->wl_page_title) )
	247	+ {
	248	+ $dbr->freeResult($db_results);
	249	+ //wfDebug("\n\nAccess granted based on REDIRECT to PAGE [" . $db_result->wl_page_title . "]\n\n");
	250	+ return WHITELIST_GRANT;
	251	+ }
	252	+ }
254	253	}
255	254	$dbr->freeResult($db_results);
256	255
—	—	@@ -259,7 +258,7 @@
260	259	/* Returns true if hit, false otherwise */
261	260	static function RegexCompare(&$title, $sql_regex)
262	261	{
263		~~- global $wgWhiteListWildCardInsensitive;~~
	262	+ global $wgWhiteListWildCardInsensitive;
264	263
265	264	$ret_val = false;
266	265
—	—	@@ -348,3 +347,4 @@
349	348	return true;
350	349	}
351	350	} /* End class */
	351	+
Index: trunk/extensions/WhiteListEdit/WhiteListEdit_body.php
—	—	@@ -297,7 +297,7 @@
298	298
299	299	function DisplayContractorEditDetails( $contractorId )
300	300	{
301		~~- global $wgOut, $wgUser, $wgWhiteListUsePrettyCalendar;~~
	301	+ global $wgOut, $wgWhiteListUsePrettyCalendar;
302	302	$dbr = wfGetDB( DB_SLAVE );
303	303
304	304	$wgOut->addScript( <<<END
Index: trunk/extensions/WhiteListEdit/WhiteListEdit.php
—	—	@@ -31,7 +31,7 @@
32	32	$wgExtensionCredits['specialpage'][] = array(
33	33	'path' => __FILE__,
34	34	'name' => 'WhiteListEdit',
35		~~- 'version' => 'v0.11.2',~~
	35	+ 'version' => 'v0.12',
36	36	'author' => array('Paul Grinberg', 'Mike Sullivan'),
37	37	'email' => 'gri6507 at yahoo dot com, ms-mediawiki AT umich DOT edu',
38	38	'descriptionmsg' => 'whitelist-desc',
—	—	@@ -39,10 +39,8 @@
40	40	);
41	41
42	42	# these are the groups and the rights used within this extension
43		~~-if ( !isset( $wgWhiteListRestrictedGroup ) )~~
44		~~- $wgWhiteListRestrictedGroup = 'restricted';~~
45		~~-if ( !isset( $wgWhiteListManagerGroup ) )~~
46		~~- $wgWhiteListManagerGroup = 'manager';~~
	43	+$wgWhiteListRestrictedGroup = 'restricted';
	44	+$wgWhiteListManagerGroup = 'manager';
47	45
48	46	# Define groups and rights
49	47	if ( !isset( $wgGroupPermissions['*']['usewhitelist'] ) )
—	—	@@ -77,18 +75,15 @@
78	76	$wgWhiteListOverride['never']['edit'] = array();
79	77
80	78	# Define default case insensitivity setting
81		~~-if ( !isset( $wgWhiteListWildCardInsensitive ) )~~
82		~~- $wgWhiteListWildCardInsensitive = true;~~
	79	+$wgWhiteListWildCardInsensitive = true;
83	80
84	81	# Define default user page setting
85		~~-if ( !isset( $wgWhiteListAllowUserPages ) )~~
86		~~- $wgWhiteListAllowUserPages = true;~~
	82	+$wgWhiteListAllowUserPages = true;
87	83
88	84	# If you want the pretty calendar feature, you must install the Extension:Usage_Statistics.
89	85	# If you do not want that feature, then set the following variable to false.
90	86	# NOTE: you do not actually need the gnuplot extension for the functionality needed by this extension
91		~~-if ( !isset( $wgWhiteListUsePrettyCalendar ) )~~
92		~~- $wgWhiteListUsePrettyCalendar = true;~~
	87	+$wgWhiteListUsePrettyCalendar = true;
93	88
94	89	$dir = dirname( __FILE__ ) . '/';
95	90

Status & tagging log

23:20, 3 December 2010 Reedy (talk | contribs) changed the status of r70052 [removed: new added: deferred]