r74299 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r74298‎ \| r74299 \| r74300 >
Date:	13:41, 5 October 2010
Author:	catrope
Status:	deferred
Tags:
Comment:	uploadwizard: FIXMEs and a few changes for SpecialSessionStash * Actually enforce the access restriction ('upload' right in this case). SpecialPage doesn't do this for you if you override execute() * Put parentheses around an assignment inside an if() condition * Add some FIXME comments
Modified paths:	/branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php (modified) (history)

Diff [purge]

Index: branches/uploadwizard/phase3/includes/specials/SpecialSessionStash.php
—	—	@@ -18,7 +18,7 @@
19	19
20	20	class SpecialSessionStash extends SpecialPage {
21	21
22		~~- static $HttpErrors = array(~~
	22	+ static $HttpErrors = array( // FIXME: Use OutputPage::getStatusMessage() --RK
23	23	400 => 'Bad Request',
24	24	403 => 'Access Denied',
25	25	404 => 'File not found',
—	—	@@ -33,6 +33,7 @@
34	34
35	35	// $request is the request (usually wgRequest)
36	36	// $subpage is everything in the URL after Special:SessionStash
	37	+ // FIXME: These parameters don't match SpecialPage::__construct()'s params at all, and are unused --RK
37	38	public function __construct( $request = null, $subpage = null ) {
38	39	parent::__construct( 'SessionStash', 'upload' );
39	40	$this->stash = new SessionStash();
—	—	@@ -42,11 +43,16 @@
43	44	* If file available in stash, cats it out to the client as a simple HTTP response.
44	45	* n.b. Most sanity checking done in SessionStashLocalFile, so this is straightforward.
45	46	*
46		~~- * @param {String} subpage, e.g. in http://sample.com/wiki/Special:SessionStash/foo.jpg, the "foo".~~
	47	+ * @param {String} $subPage: subpage, e.g. in http://example.com/wiki/Special:SessionStash/foo.jpg, the "foo.jpg" part
47	48	* @return {Boolean} success
48	49	*/
49	50	public function execute( $subPage ) {
50		~~- global $wgOut;~~
	51	+ global $wgOut, $wgUser;
	52	+
	53	+ if ( !$this->userCanExecute( $wgUser ) ) {
	54	+ $this->displayRestrictionError();
	55	+ return;
	56	+ }
51	57
52	58	// prevent callers from doing standard HTML output -- we'll take it from here
53	59	$wgOut->disable();
—	—	@@ -93,6 +99,9 @@
94	100	// if we couldn't find it, and it looks like a thumbnail,
95	101	// and it looks like we have the original, go ahead and generate it
96	102	$matches = array();
	103	+ // FIXME: This code assumes all kinds of constraints apply to file keys:
	104	+ // they can't contain whitespace, and keys for original files can't contain dashes.
	105	+ // These assumptions should be documented and/or enforced --RK
97	106	if ( ! preg_match( '/^(\d+)px-(\S+)$/', $key, $matches ) ) {
98	107	// that doesn't look like a thumbnail. re-raise exception
99	108	throw $e;
—	—	@@ -108,7 +117,7 @@
109	118	// because the file is a SessionStashFile, this thumbnail will also be stashed,
110	119	// and a thumbnailFile will be created in the thumbnailImage composite object
111	120	$thumbnailImage = null;
112		~~- if ( ! $thumbnailImage = $origFile->getThumbnail( $width ) ) {~~
	121	+ if ( !( $thumbnailImage = $origFile->getThumbnail( $width ) ) ) {
113	122	throw new MWException( 'Could not obtain thumbnail' );
114	123	}
115	124	$file = $thumbnailImage->thumbnailFile;
—	—	@@ -127,7 +136,7 @@
128	137	header( 'Content-Transfer-Encoding: binary', true );
129	138	header( 'Expires: Sun, 17-Jan-2038 19:14:07 GMT', true );
130	139	header( 'Pragma: public', true );
131		~~- header( 'Content-Length: ' . $file->getSize(), true );~~
	140	+ header( 'Content-Length: ' . $file->getSize(), true ); // FIXME: PHP can handle Content-Length for you just fine --RK
132	141	readfile( $file->getPath() );
133	142	}
134	143	}

Status & tagging log

21:53, 3 December 2010 Reedy (talk | contribs) changed the status of r74299 [removed: new added: deferred]