r74977 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r74976‎ \| r74977 \| r74978 >
Date:	23:17, 18 October 2010
Author:	awjrichards
Status:	deferred
Tags:
Comment:	Changed convention to detect cacheable page to use '_cache_' request param; updateContributionTracking will now insert if no contribution tracking id is present rather than attempting to udpate; updated getNoCacheAction() to conform to new caching convention; updated execute() in payflowpro_gateway.body.php to not initiate a session/token stuffs if _cache_ is set (these will get set with AJAX)
Modified paths:	/trunk/extensions/DonationInterface/payflowpro_gateway/forms/Form.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php (modified) (history) /trunk/extensions/DonationInterface/payflowpro_gateway/pfp_api_controller.js (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
—	—	@@ -56,15 +56,6 @@
57	57	$wgPayFlowProGatewayCSSVersion, $wgPayflowGatewayPaypalURL,
58	58	$wgPayflowGatewaySalt;
59	59
60		~~- // disable caching - this will likely be set in the URL to prevent form caching~~
61		~~- if ( $wgRequest->getText( '_nocache_' ) == 'true' ) {~~
62		~~- session_cache_limiter( 'nocache' );~~
63		~~- }~~
64		-
65		~~- $this->fnPayflowEnsureSession();~~
66		~~- $this->setHeaders();~~
67		-
68		-
69	60	$wgOut->addExtensionStyle(
70	61	"{$wgScriptPath}/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.css?284" .
71	62	$wgPayFlowProGatewayCSSVersion);
—	—	@@ -92,15 +83,11 @@
93	84	<script type="text/javascript">
94	85	jQuery(document).ready(function() {
95	86	jQuery("div#p-logo a").attr("href","#");
96		-}
	87	+});
97	88	</script>
98	89	EOT;
99	90	$wgOut->addHeadItem( 'logolinkoverride', $js );
100	91
101		~~- // establish the edit token to prevent csrf~~
102		~~- $token = self::fnPayflowEditToken( $wgPayflowGatewaySalt );~~
103		-
104		-
105	92	// find out if amount was a radio button or textbox, set amount
106	93	if( isset( $_REQUEST['amount'] ) && preg_match( '/^\d+(\.(\d+)?)?$/', $wgRequest->getText( 'amount' ) ) ) {
107	94	$amount = $wgRequest->getText( 'amount' );
—	—	@@ -121,14 +108,32 @@
122	109	require_once( 'includes/payflowUser.inc' );
123	110
124	111	$payflow_data = payflowUser();
	112	+
	113	+ // if _cache_ is requested by the user, do not set a session/token; dynamic data will be loaded via ajax
	114	+ if ( $wgRequest->getText( '_cache_', false ) ) {
	115	+ $cache = true;
	116	+ $token = '';
	117	+ $token_match = false;
	118	+ } else {
	119	+ $cache = false;
	120	+
	121	+ // make sure we have a session open for tracking a CSRF-prevention token
	122	+ $this->fnPayflowEnsureSession();
	123	+
	124	+ // establish the edit token to prevent csrf
	125	+ $token = self::fnPayflowEditToken( $wgPayflowGatewaySalt );
125	126
	127	+ // match token
	128	+ $token_check = ( $wgRequest->getText( 'token' ) ) ? $wgRequest->getText( 'token' ) : $token;
	129	+ $token_match = $this->fnPayflowMatchEditToken( $token_check, $wgPayflowGatewaySalt );
	130	+ }
	131	+
	132	+ $this->setHeaders();
	133	+
126	134	// Populate form data
127	135	$data = $this->fnGetFormData( $amount, $numAttempt, $token, $payflow_data['order_id'] );
128	136
129		~~- // Check form for errors and display~~
130		~~- // match token~~
131		~~- $token_check = ( $wgRequest->getText( 'token' ) ) ? $wgRequest->getText( 'token' ) : $token;~~
132		~~- $token_match = $this->fnPayflowMatchEditToken( $token_check, $wgPayflowGatewaySalt );~~
	137	+ // dispatch forms/handling
133	138	if( $token_match ) {
134	139	/**
135	140	* handle PayPal redirection
—	—	@@ -189,8 +194,10 @@
190	195	$this->fnPayflowDisplayForm( $data, $this->errors );
191	196	}
192	197	} else {
193		~~- // there's a token mismatch~~
194		~~- $this->errors['general']['token-mismatch'] = wfMsg( 'payflowpro_gateway-token-mismatch' );~~
	198	+ if ( !$cache ) {
	199	+ // if we're not caching, there's a token mismatch
	200	+ $this->errors['general']['token-mismatch'] = wfMsg( 'payflowpro_gateway-token-mismatch' );
	201	+ }
195	202	$this->fnPayflowDisplayForm( $data, $this->errors );
196	203	}
197	204	}
—	—	@@ -1132,8 +1139,13 @@
1133	1140	$tracked_contribution[$key] = null;
1134	1141	}
1135	1142	}
1136		-
1137		~~- $db->update( 'contribution_tracking', $tracked_contribution, array( 'id' => $data[ 'contribution_tracking_id' ] ));~~
	1143	+
	1144	+ // if contrib tracking id is not already set, we need to insert the data, otherwise update
	1145	+ if ( !$data[ 'contribution_tracking_id' ] ) {
	1146	+ $data[ 'contribution_tracking_id' ] = $this->insertContributionTracking( $tracked_contribution );
	1147	+ } else {
	1148	+ $db->update( 'contribution_tracking', $tracked_contribution, array( 'id' => $data[ 'contribution_tracking_id' ] ));
	1149	+ }
1138	1150	}
1139	1151
1140	1152	/**
Index: trunk/extensions/DonationInterface/payflowpro_gateway/forms/Form.php
—	—	@@ -678,15 +678,21 @@
679	679	* @return string $url The full URL for the form to post to
680	680	*/
681	681	protected function getNoCacheAction() {
682		~~- global $wgRequest;~~
	682	+ global $wgRequest, $wgTitle;
683	683
684	684	$url = $wgRequest->getFullRequestURL();
685		-
686		~~- // it the _nocache_ param != true, add it to the URL~~
687		~~- if ( !$wgRequest->getText( '_nocache_' )) {~~
688		~~- $url = wfAppendQuery( $url, array( '_nocache_' => 'true' ));~~
	685	+ $url_parts = wfParseUrl( $url );
	686	+ $query_array = wfCgiToArray( $url_parts[ 'query' ] );
	687	+
	688	+ // ensure that _cache_ does not get set in the URL
	689	+ unset( $query_array[ '_cache_' ]);
	690	+
	691	+ // make sure no other data that might overwrite posted data makes it into the URL
	692	+ foreach ( $this->form_data as $key => $value ) {
	693	+ unset( $query_array[ $key ] );
689	694	}
690		-
691		~~- return $url;~~
	695	+
	696	+ // construct the submission url
	697	+ return wfAppendQuery( $wgTitle->getLocalURL(), $query_array );
692	698	}
693	699	}
Index: trunk/extensions/DonationInterface/payflowpro_gateway/pfp_api_controller.js
—	—	@@ -26,6 +26,6 @@
27	27	} )( jQuery );
28	28
29	29	// Do not fire the AJAX request if _nocache_ is set or we are not using a single-step form (known by lack of utm_source_id)
30		~~-if( String(window.location).indexOf( '_nocache_' ) == -1 && String(window.location).indexOf( 'utm_source_id' ) != -1){~~
	30	+if( String(window.location).indexOf( '_cache_' ) != -1 && String(window.location).indexOf( 'utm_source_id' ) != -1){
31	31	jQuery( document ).ready( jQuery.getDynamicFormElements );
32	32	}
\ No newline at end of file

Status & tagging log

22:49, 3 December 2010 Reedy (talk | contribs) changed the status of r74977 [removed: new added: deferred]