r72954 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r72953‎ | r72954 | r72955 >
Date:02:30, 14 September 2010
Author:kaldari
Status:resolved (Comments)
Tags:
Comment:
add geotargeting to banner selection code
Modified paths:
  • /trunk/extensions/CentralNotice/SpecialBannerListLoader.php (modified) (history)
  • /trunk/extensions/CentralNotice/SpecialCentralNotice.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CentralNotice/SpecialBannerListLoader.php
@@ -6,6 +6,7 @@
77 class SpecialBannerListLoader extends UnlistedSpecialPage {
88 public $project; // Project name
99 public $language; // Project language
 10+ public $location; // User country
1011 public $centralNoticeDB;
1112 protected $sharedMaxAge = 150; // Cache for ? minutes on the server side
1213 protected $maxAge = 150; // Cache for ? minutes on the client side
@@ -24,11 +25,14 @@
2526 $this->sendHeaders();
2627
2728 // Get project language from the query string
28 - $this->language = htmlspecialchars( $wgRequest->getText( 'language', 'en' ) );
 29+ $this->language = $wgRequest->getText( 'language', 'en' );
2930
3031 // Get project name from the query string
31 - $this->project = htmlspecialchars( $wgRequest->getText( 'project', 'wikipedia' ) );
 32+ $this->project = $wgRequest->getText( 'project', 'wikipedia' );
3233
 34+ // Get location from the query string
 35+ $this->location = $wgRequest->getText( 'location' );
 36+
3337 if ( $this->project && $this->language ) {
3438 $content = $this->getJsonList();
3539 if ( strlen( $content ) == 0 ) {
@@ -86,7 +90,7 @@
8791
8892 // Didn't find any preferred matches so do an old style lookup
8993 if ( !$templates ) {
90 - $templates = CentralNotice::selectNoticeTemplates( $this->project, $this->language );
 94+ $templates = CentralNotice::selectNoticeTemplates( $this->project, $this->language, $this->location );
9195 }
9296
9397 return 'Banners = ' . json_encode( $templates );
Index: trunk/extensions/CentralNotice/SpecialCentralNotice.php
@@ -1005,13 +1005,15 @@
10061006 * each project.
10071007 * @return A 2D array of running banners with associated weights and settings
10081008 */
1009 - static function selectNoticeTemplates( $project, $language ) {
 1009+ static function selectNoticeTemplates( $project, $language, $location = null ) {
 1010+ $location = htmlspecialchars( $location );
10101011 $dbr = wfGetDB( DB_SLAVE );
10111012 $encTimestamp = $dbr->addQuotes( $dbr->timestamp() );
10121013 $res = $dbr->select(
10131014 array(
10141015 'cn_notices',
10151016 'cn_notice_languages',
 1017+ 'cn_notice_countries',
10161018 'cn_assignments',
10171019 'cn_templates'
10181020 ),
@@ -1025,6 +1027,7 @@
10261028 "not_start <= $encTimestamp",
10271029 "not_end >= $encTimestamp",
10281030 "not_enabled = 1",
 1031+ "(not_geo = 0) OR ((not_geo = 1) AND (nc_country = '$location'))",
10291032 'nl_notice_id = cn_notices.not_id',
10301033 'nl_language' => $language,
10311034 "not_project" => array( '', $project ),

Follow-up revisions

RevisionCommit summaryAuthorDate
r73028trying to fix r72954kaldari23:22, 14 September 2010
r73044fixing sql query from r72954, also more readablekaldari01:50, 15 September 2010

Comments

#Comment by Catrope (talk | contribs)   19:10, 14 September 2010 
+		$location = htmlspecialchars( $location );

Don't htmlspecialchars() things before putting them in the database, do that after they come out. 

+				"(not_geo = 0) OR ((not_geo = 1) AND (nc_country = '$location'))",

This'll return duplicate rows for notices that have not_geo=0 but do have countries defined. You should put the nc_country condition in a join condition instead (putting constant conditions in a join condition like that is perfectly legal) so you'll always get one row with either a country code or NULL for nc_country.

#Comment by Catrope (talk | contribs)   19:19, 14 September 2010

Oh and $location isn't even escaped. It's escaped for HTML output but not for SQL.

#Comment by Kaldari (talk | contribs)   01:53, 15 September 2010

I think I've fixed the issues in r73044. I'm sure there's a more complex (and efficient) SQL solution, but this seems to work in the meantime and addresses the issues you brought up.

Status & tagging log