r70440 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r70439‎ \| r70440 \| r70441 >
Date:	00:05, 4 August 2010
Author:	kaldari
Status:	resolved (Comments)
Tags:
Comment:	Fix for form issues
Modified paths:	/trunk/extensions/CentralNotice/SpecialCentralNotice.php (modified) (history) /trunk/extensions/CentralNotice/SpecialNoticeTemplate.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralNotice/SpecialCentralNotice.php
—	—	@@ -42,8 +42,8 @@
43	43
44	44	$method = $wgRequest->getVal( 'method' );
45	45	// Handle form sumissions
46		~~- if ( $this->editable && $wgRequest->wasPosted() ) {~~
47		-
	46	+ if ( $this->editable && $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
	47	+
48	48	// Handle removing
49	49	$toRemove = $wgRequest->getArray( 'removeNotices' );
50	50	if ( isset( $toRemove ) ) {
—	—	@@ -185,28 +185,26 @@
186	186
187	187	// Handle adding of notice
188	188	$this->showAll = $wgRequest->getVal( 'showAll' );
189		~~- if ( $this->editable && $method == 'addNotice' ) {~~
	189	+ if ( $this->editable && $method == 'addNotice' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
190	190	$noticeName = $wgRequest->getVal( 'noticeName' );
191	191	$start = $wgRequest->getArray( 'start' );
192	192	$project_name = $wgRequest->getVal( 'project_name' );
193	193	$project_languages = $wgRequest->getArray( 'project_languages' );
194	194	if ( $noticeName == '' ) {
195		~~- //$wgOut->addWikiMsg ( 'centralnotice-null-string' );~~
196	195	$wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) );
197		~~- }~~
198		~~- else {~~
	196	+ } else {
199	197	$this->addNotice( $noticeName, '0', $start, $project_name, $project_languages );
200	198	}
201	199	}
202	200
203	201	// Handle removing of notice
204		~~- if ( $this->editable && $method == 'removeNotice' ) {~~
	202	+ if ( $this->editable && $method == 'removeNotice' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
205	203	$noticeName = $wgRequest->getVal ( 'noticeName' );
206	204	$this->removeNotice ( $noticeName );
207	205	}
208	206
209	207	// Handle adding of template
210		~~- if ( $this->editable && $method == 'addTemplateTo' ) {~~
	208	+ if ( $this->editable && $method == 'addTemplateTo' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
211	209	$noticeName = $wgRequest->getVal( 'noticeName' );
212	210	$templateName = $wgRequest->getVal( 'templateName' );
213	211	$templateWeight = $wgRequest->getVal ( 'weight' );
—	—	@@ -217,7 +215,7 @@
218	216	}
219	217
220	218	// Handle removing of template
221		~~- if ( $this->editable && $method == 'removeTemplateFor' ) {~~
	219	+ if ( $this->editable && $method == 'removeTemplateFor' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
222	220	$noticeName = $wgRequest->getVal ( 'noticeName' );
223	221	$templateName = $wgRequest->getVal ( 'templateName ' );
224	222	$this->removeTemplateFor( $noticeName , $templateName );
—	—	@@ -520,6 +518,7 @@
521	519	$htmlOut .= $this->tableRow( $fields );
522	520	}
523	521	$htmlOut .= Xml::closeElement( 'table' );
	522	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
524	523	if ( $this->editable ) {
525	524	$htmlOut .= Xml::openElement( 'div', array( 'class' => 'cn-buttons' ) );
526	525	$htmlOut .= Xml::submitButton( wfMsg( 'centralnotice-modify' ),
—	—	@@ -585,6 +584,7 @@
586	585	$htmlOut .= Xml::closeElement( 'tr' );
587	586	$htmlOut .= Xml::closeElement( 'table' );
588	587	$htmlOut .= Xml::hidden( 'change', 'weight' );
	588	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
589	589
590	590	// Submit button
591	591	$htmlOut .= Xml::tags( 'div',
—	—	@@ -604,7 +604,8 @@
605	605
606	606	function listNoticeDetail( $notice ) {
607	607	global $wgOut, $wgRequest, $wgUser;
608		~~- if ( $wgRequest->wasPosted() ) {~~
	608	+ if ( $wgRequest->wasPosted() && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
	609	+
609	610	// Handle removing of templates
610	611	$templateToRemove = $wgRequest->getArray( 'removeTemplates' );
611	612	if ( isset( $templateToRemove ) ) {
—	—	@@ -688,6 +689,8 @@
689	690	}
690	691	}
691	692	if ( $this->editable ) {
	693	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
	694	+
692	695	// Submit button
693	696	$htmlOut .= Xml::tags( 'div',
694	697	array( 'class' => 'cn-buttons' ),
Index: trunk/extensions/CentralNotice/SpecialNoticeTemplate.php
—	—	@@ -39,7 +39,7 @@
40	40	// Begin Banners tab content
41	41	$wgOut->addHTML( Xml::openElement( 'div', array( 'id' => 'preferences' ) ) );
42	42
43		~~- if ( $this->editable ) {~~
	43	+ if ( $this->editable && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
44	44	// Handle forms
45	45	if ( $wgRequest->wasPosted() ) {
46	46
—	—	@@ -85,42 +85,39 @@
86	86	}
87	87	}
88	88
89		~~- switch ( $sub ) {~~
90		-
91		~~- // Handle viewing or editing a specific banner~~
92		~~- case 'view':~~
93		~~- if ( $wgRequest->getVal( 'wpUserLanguage' ) == 'all' ) {~~
94		~~- // Handle viewing a banner in all languages~~
95		~~- $template = $wgRequest->getVal( 'template' );~~
96		~~- $this->showViewAvailable( $template );~~
97		~~- } elseif ( $wgRequest->getText( 'template' ) != '' ) {~~
98		~~- $this->showView();~~
99		~~- }~~
100		~~- break;~~
101		-
102		~~- // Handle adding a banner~~
103		~~- case 'add':~~
104		~~- if ( $this->editable ) {~~
105		~~- $this->showAdd();~~
106		~~- }~~
107		~~- break;~~
108		-
109		~~- // Handle cloning a banner~~
110		~~- case 'clone':~~
111		~~- if ( $this->editable ) {~~
112		~~- $oldTemplate = $wgRequest->getVal( 'oldTemplate' );~~
113		~~- $newTemplate = $wgRequest->getVal( 'newTemplate' );~~
114		~~- // We use the returned name in case any special characters had to be removed~~
115		~~- $template = $this->cloneTemplate( $oldTemplate, $newTemplate );~~
116		~~- $wgOut->redirect( SpecialPage::getTitleFor( 'NoticeTemplate', 'view' )->getLocalUrl( "template=$template" ) );~~
117		~~- }~~
118		~~- break;~~
119		-
120		~~- // Show list of banners by default~~
121		~~- default:~~
122		~~- $this->showList();~~
123		-
	89	+ // Handle viewing of a template in all languages
	90	+ if ( $sub == 'view' && $wgRequest->getVal( 'wpUserLanguage' ) == 'all' ) {
	91	+ $template = $wgRequest->getVal( 'template' );
	92	+ $this->showViewAvailable( $template );
	93	+ return;
124	94	}
	95	+
	96	+ // Handle viewing a specific template
	97	+ if ( $sub == 'view' && $wgRequest->getText( 'template' ) != '' ) {
	98	+ $this->showView();
	99	+ return;
	100	+ }
	101	+
	102	+ if ( $this->editable ) {
	103	+ // Handle "Add a banner" link
	104	+ if ( $sub == 'add' ) {
	105	+ $this->showAdd();
	106	+ return;
	107	+ }
	108	+
	109	+ // Handle cloning a specific template
	110	+ if ( $sub == 'clone' && $wgUser->matchEditToken( $wgRequest->getVal( 'authtoken' ) ) ) {
	111	+ $oldTemplate = $wgRequest->getVal( 'oldTemplate' );
	112	+ $newTemplate = $wgRequest->getVal( 'newTemplate' );
	113	+ // We use the returned name in case any special characters had to be removed
	114	+ $template = $this->cloneTemplate( $oldTemplate, $newTemplate );
	115	+ $wgOut->redirect( SpecialPage::getTitleFor( 'NoticeTemplate', 'view' )->getLocalUrl( "template=$template" ) );
	116	+ return;
	117	+ }
	118	+ }
	119	+
	120	+ // Show list by default
	121	+ $this->showList();
125	122
126	123	// End Banners tab content
127	124	$wgOut->addHTML( Xml::closeElement( 'div' ) );
—	—	@@ -175,7 +172,7 @@
176	173	}
177	174
178	175	function showAdd() {
179		~~- global $wgOut;~~
	176	+ global $wgOut, $wgUser;
180	177
181	178	// Build HTML
182	179	$htmlOut = '';
—	—	@@ -194,6 +191,7 @@
195	192	$htmlOut .= Xml::tags( 'p', null,
196	193	Xml::textarea( 'templateBody', '', 60, 20 )
197	194	);
	195	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
198	196
199	197	// Submit button
200	198	$htmlOut .= Xml::tags( 'div',
—	—	@@ -337,7 +335,7 @@
338	336	$htmlOut .= Xml::closeElement( 'tr' );
339	337	}
340	338	if ( $this->editable ) {
341		~~- $htmlOut .= Xml::hidden( 'token', $token );~~
	339	+ $htmlOut .= Xml::hidden( 'authtoken', $token );
342	340	$htmlOut .= Xml::hidden( 'wpUserLanguage', $wpUserLang );
343	341	$htmlOut .= Xml::openElement( 'tr' );
344	342	$htmlOut .= Xml::tags( 'td', array( 'colspan' => 4 ),
—	—	@@ -347,6 +345,7 @@
348	346	}
349	347
350	348	$htmlOut .= Xml::closeElement( 'table' );
	349	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
351	350	$htmlOut .= Xml::closeElement( 'fieldset' );
352	351
353	352	if ( $this->editable ) {
—	—	@@ -375,6 +374,7 @@
376	375	Xml::tags( 'td', null, $sk->makeLinkObj( $newPage, wfMsgHtml( 'centralnotice-preview-all-template-translations' ), "template=$currentTemplate&wpUserLanguage=all" ) )
377	376	);
378	377	$htmlOut .= Xml::closeElement( 'table' );
	378	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
379	379	$htmlOut .= Xml::closeElement( 'fieldset' );
380	380	$htmlOut .= Xml::closeElement( 'form' );
381	381	}
—	—	@@ -403,6 +403,7 @@
404	404	);
405	405	}
406	406	$htmlOut .= Xml::closeElement( 'table' );
	407	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
407	408	$htmlOut .= Xml::closeElement( 'fieldset' );
408	409	if ( $this->editable ) {
409	410	$htmlOut .= Xml::closeElement( 'form' );
—	—	@@ -428,6 +429,7 @@
429	430
430	431	$htmlOut .= Xml::closeElement( 'tr' );
431	432	$htmlOut .= Xml::closeElement( 'table' );
	433	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
432	434	$htmlOut .= Xml::closeElement( 'fieldset' );
433	435	$htmlOut .= Xml::closeElement( 'form' );
434	436	}
—	—	@@ -539,7 +541,7 @@
540	542	global $wgOut;
541	543
542	544	if ( $body == '' \|\| $name == '' ) {
543		~~- $wgOut->addWikiMsg( 'centralnotice-null-string' );~~
	545	+ $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) );
544	546	return;
545	547	}
546	548
—	—	@@ -555,7 +557,7 @@
556	558	);
557	559
558	560	if ( $dbr->numRows( $res ) > 0 ) {
559		~~- $wgOut->addWikiMsg( 'centralnotice-template-exists' );~~
	561	+ $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-template-exists' ) ) );
560	562	return false;
561	563	} else {
562	564	$dbw = wfGetDB( DB_MASTER );
—	—	@@ -582,7 +584,7 @@
583	585	global $wgOut;
584	586
585	587	if ( $body == '' \|\| $name == '' ) {
586		~~- $wgOut->addWikiMsg( 'centralnotice-null-string' );~~
	588	+ $wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) );
587	589	return;
588	590	}
589	591
—	—	@@ -765,6 +767,7 @@
766	768	}
767	769
768	770	function getEndBody() {
	771	+ global $wgUser;
769	772	$htmlOut = '';
770	773	if ( $this->editable ) {
771	774	$htmlOut .= Xml::tags( 'tr', null,
—	—	@@ -774,6 +777,7 @@
775	778	);
776	779	}
777	780	$htmlOut .= Xml::closeElement( 'table' );
	781	+ $htmlOut .= Xml::hidden( 'authtoken', $wgUser->editToken() );
778	782	return $htmlOut;
779	783	}
780	784	}

Follow-up revisions

Revision	Commit summary	Author	Date
r70441	Fix for error in r70440. Two different tokens.	kaldari	00:11, 4 August 2010
r70442	Better fix for r70440. Actually it looks like the old token stuff was left ov...	kaldari	00:26, 4 August 2010
r70446	Fixing getTitle calls per comment in r70440	kaldari	01:25, 4 August 2010

Comments

#Comment by Kaldari (talk | contribs) 00:16, 4 August 2010

The change from the switch statement is actually a reversion of myself to the previous scheme. The error referred to in r70441 is that there are 2 different tokens in SpecialNoticeTemplate.php - one for translation tokens, the other for authentication. I accidentally confused them at line 338.

#Comment by Kaldari (talk | contribs) 00:31, 4 August 2010

Actually it looks like the old tokens were just left over from a previous auth scheme that had been abandoned. Removed in r70442 now that they are redundant.

#Comment by Nikerabbit (talk | contribs) 00:31, 4 August 2010

+$wgOut->redirect( SpecialPage::getTitleFor( 'NoticeTemplate', 'view' )->getLocalUrl( "template=$template" ) );

I think you can replace SpecialPage::getTitleFor with $this->getTitle

-$wgOut->addWikiMsg( 'centralnotice-null-string' );
+$wgOut->addHTML( Xml::element( 'div', array( 'class' => 'cn-error' ), wfMsg( 'centralnotice-null-string' ) ) );

Use $wgOut->wrapWikiMsg

#Comment by Kaldari (talk | contribs) 01:27, 4 August 2010

Cleaned up the getTitle calls in r70446. I'll clean up the error messages as well some time soon.

#Comment by Catrope (talk | contribs) 23:49, 23 August 2010

This code doesn't treat token mismatches nicely at all. It doesn't show an explanatory message (such as the sessionfailure message) and it doesn't restore the form state.

On an unrelated note, you should be using explicit indexes (campaign IDs, preferably) for the enabled[] checkboxes and its friends. This prevents issues with campaigns being added or removed while the user is viewing the form or the sortable table JS messing up the order.

#Comment by Ryan Kaldari (WMF) (talk | contribs) 00:38, 27 August 2010

Session failure error messages were added in r71606. State restore is mostly implemented by r71676, r71688, r71690, r71711, r71716, r71718, etc. There are still a couple pieces that I have yet to add, but all the important pieces are handled now.

Explicit indexes for the checkboxes aren't needed since this is already handled by giving them unique values per campaign.

Status & tagging log

13:43, 24 October 2010 Catrope (talk | contribs) changed the status of r70440 [removed: fixme added: resolved]
23:49, 23 August 2010 Catrope (talk | contribs) changed the status of r70440 [removed: new added: fixme]