r70060 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r70059‎ \| r70060 \| r70061 >
Date:	00:44, 28 July 2010
Author:	awjrichards
Status:	resolved (Comments)
Tags:
Comment:	Made the database connection settings for the contribution_tracking table in payflowpro gateway configurable
Modified paths:	/trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.php
—	—	@@ -36,10 +36,10 @@
37	37	$wgPayflowProUserID = ''; //if one or more users are set up, authorized user ID, else same as VENDOR
38	38	$wgPayflowProPassword = ''; //merchant login password
39	39
40		~~-$wgPayflowGatewayDBserver = $wgDBserver;~~
41		~~-$wgPayflowGatewayDBname = $wgDBname;~~
42		~~-$wgPayflowGatewayDBuser = $wgDBuser;~~
43		~~-$wgPayflowGatewayDBpassword = $wgDBpassword;~~
	40	+$wgPayflowGatewayDBserver =( !isset( $wgPayflowGatewayDBserver )) ? $wgDBserver : $wgPayflowGatewayDBserver;
	41	+$wgPayflowGatewayDBname = ( !isset( $wgPayflowGatewayDBname )) ? $wgDBname : $wgPayflowGatewayDBname;
	42	+$wgPayflowGatewayDBuser = ( !isset( $wgPayflowGatewayDBuser )) ? $wgDBuser : $wgPayflowGatewayDBuser;
	43	+$wgPayflowGatewayDBpassword = ( !isset( $wgPayflowGatewayDBpassword )) ? $wgDBpassword : $wgPayflowGatewayDBpassword;
44	44
45	45	function payflowGatewayConnection() {
46	46	global $wgPayflowGatewayDBserver, $wgPayflowGatewayDBname;

Comments

#Comment by Tim Starling (talk | contribs) 07:40, 13 August 2010

This is unnecessary, since MediaWiki extensions are traditionally configured after the inclusion of the setup file, to avoid register_globals vulnerabilities. You should revert this and change your LocalSettings.php to be like:

require( "$IP/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.php" );
$wgPayflowGatewayDBserver = 'whatever';

As long as you don't connect to the database before the file scope of payflowpro_gateway.php finishes executing (and you shouldn't), then this will work fine.

#Comment by Awjrichards (talk | contribs) 19:24, 25 August 2010

This was resolved in r71642

Status & tagging log

01:31, 24 October 2010 Siebrand (talk | contribs) changed the status of r70060 [removed: fixme added: resolved]
07:40, 13 August 2010 Tim Starling (talk | contribs) changed the status of r70060 [removed: new added: fixme]