r75635 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r75634‎ \| r75635 \| r75636 >
Date:	23:51, 28 October 2010
Author:	awjrichards
Status:	deferred
Tags:
Comment:	Moved ensure session logic into token setting code in case the static method for setting tokens is called somewhere where session checking/setting logic does not happen.
Modified paths:	/trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php (modified) (history)

Diff [purge]

Index: trunk/extensions/DonationInterface/payflowpro_gateway/payflowpro_gateway.body.php
—	—	@@ -122,9 +122,6 @@
123	123	} else {
124	124	$cache = false;
125	125
126		~~- // make sure we have a session open for tracking a CSRF-prevention token~~
127		~~- $this->fnPayflowEnsureSession();~~
128		-
129	126	// establish the edit token to prevent csrf
130	127	$token = self::fnPayflowEditToken( $wgPayflowGatewaySalt );
131	128
—	—	@@ -138,18 +135,19 @@
139	136	// Populate form data
140	137	$data = $this->fnGetFormData( $amount, $numAttempt, $token, $payflow_data['order_id'] );
141	138
	139	+ /**
	140	+ * handle PayPal redirection
	141	+ *
	142	+ * if paypal redirection is enabled ($wgPayflowGatewayPaypalURL must be defined)
	143	+ * and the PaypalRedirect form value must be true
	144	+ */
	145	+ if ( $wgRequest->getBool( 'PaypalRedirect' )) {
	146	+ $this->paypalRedirect( $data );
	147	+ return;
	148	+ }
	149	+
142	150	// dispatch forms/handling
143	151	if( $token_match ) {
144		- /**
145		~~- * handle PayPal redirection~~
146		- *
147		~~- * if paypal redirection is enabled ($wgPayflowGatewayPaypalURL must be defined)~~
148		~~- * and the PaypalRedirect form value must be true~~
149		~~- */~~
150		~~- if ( $wgRequest->getBool( 'PaypalRedirect' )) {~~
151		~~- $this->paypalRedirect( $data );~~
152		~~- return;~~
153		~~- }~~
154	152
155	153	if( $data['payment_method'] == 'processed' ) {
156	154	//increase the count of attempts
—	—	@@ -862,6 +860,10 @@
863	861	* @return string
864	862	*/
865	863	public static function fnPayflowEditToken( $salt='' ) {
	864	+
	865	+ // make sure we have a session open for tracking a CSRF-prevention token
	866	+ $this->fnPayflowEnsureSession();
	867	+
866	868	if ( !isset( $_SESSION[ 'payflowEditToken' ] )) {
867	869	//generate unsalted token to place in the session
868	870	$token = self::fnPayflowGenerateToken();

Status & tagging log

22:49, 3 December 2010 Reedy (talk | contribs) changed the status of r75635 [removed: new added: deferred]