r70057 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r70056‎ \| r70057 \| r70058 >
Date:	23:00, 27 July 2010
Author:	nimishg
Status:	ok
Tags:
Comment:	authentication to prevent tons of spurious data
Modified paths:	/trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php
—	—	@@ -16,9 +16,28 @@
17	17	private $originLink = '';
18	18	private $originLinkUrl = '';
19	19	private $originFullUrl = '';
	20	+ private $tokenToCheck = '';
20	21
21	22	/* Functions */
22	23
	24	+ /**
	25	+ * Quick token matching wrapper for form processing
	26	+ */
	27	+ public function checkToken() {
	28	+ global $wgRequest;
	29	+ $this->tokenToCheck = $_SESSION['wsSimpleSurveyToken'];
	30	+ if($this->tokenToCheck != "" &&
	31	+ ( $wgRequest->getVal( 'token' ) == $this->tokenToCheck ) ){
	32	+ return true;
	33	+ }
	34	+ else return false;
	35	+ }
	36	+
	37	+ public function setToken(){
	38	+ $this->tokenToCheck = wfGenerateToken( array( $this, time() ) );
	39	+ $_SESSION['wsSimpleSurveyToken'] = $this->tokenToCheck;
	40	+ }
	41	+
23	42	public function __construct() {
24	43	parent::__construct( 'SimpleSurvey' );
25	44	wfLoadExtensionMessages( 'SimpleSurvey' );
—	—	@@ -33,7 +52,7 @@
34	53	$surveyName = $wgRequest->getVal("survey");
35	54
36	55	if($wgRequest->wasPosted()){
37		~~- if($surveyName && in_array($surveyName,$wgValidSurveys )){~~
	56	+ if($surveyName && in_array($surveyName,$wgValidSurveys ) && $this->checkToken() ){
38	57	SimpleSurvey::save( $surveyName, $wgPrefSwitchSurveys[$surveyName] );
39	58	$wgOut->addHtml("<b>" . wfMsg( 'simple-survey-confirm' ). "</b>");
40	59	}
—	—	@@ -45,6 +64,7 @@
46	65	return;
47	66	}
48	67
	68	+ $this->setToken();
49	69	// Get the origin from the request
50	70	$par = $wgRequest->getVal( 'from', $par );
51	71	$this->originTitle = Title::newFromText( $par );
—	—	@@ -104,6 +124,7 @@
105	125	)
106	126	);
107	127	$html .= Xml::hidden( 'survey', $mode );
	128	+ $html .= Xml::hidden( 'token', $this->tokenToCheck);
108	129	// Render a survey
109	130	$html .= SimpleSurvey::render(
110	131	$wgPrefSwitchSurveys[$mode]['questions']

Status & tagging log

16:39, 3 August 2010 Catrope (talk | contribs) changed the status of r70057 [removed: new added: ok]