r76189 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r76188‎ \| r76189 \| r76190 >
Date:	13:10, 6 November 2010
Author:	catrope
Status:	deferred (Comments)
Tags:
Comment:	Fix r76182 in various ways. Also addresses CR on r75954 * Add a default setting for $wgUploadWizardDisableResourceLoader in the extension setup file. THIS WAS A REGISTER_GLOBALS VULNERABILITY * Honor $wgUploadDisableResourceLoader everywhere, and set it to true by default because the use of file names rather than module names breaks RL support * Fix module definition paths to be relative to extensions/UploadWizard and set local and remote paths properly. This also fixes the assumption that the resources live at $wgScriptPath/extensions/UploadWizard , honoring $wgExtensionAssetsPath instead * Fix that same assumption in the non-RL case by passing the correct base path to UploadWizardDependencyLoader * Fix that assumption in writeOptimizedFiles() as well by changing the regex and not using chdir() (using chdir is usually evil) * Fix writeOptimizedFiles()'s error output, was missing a newline * Redo generateMinifiedResources.php to be a real maintenance script (using the Maintenance) class and to honor MW_INSTALL_PATH rather than using strange logic looking for LocalSettings.php in a way that fails on my setup where phase3/ and extensions/ are siblings (a common one). This rewrite also allows it to use the autoloader, eliminating most require_once() calls
Modified paths:	/trunk/extensions/UploadWizard/SpecialUploadWizard.php (modified) (history) /trunk/extensions/UploadWizard/UploadWizard.php (modified) (history) /trunk/extensions/UploadWizard/UploadWizardDependencyLoader.php (modified) (history) /trunk/extensions/UploadWizard/UploadWizardHooks.php (modified) (history) /trunk/extensions/UploadWizard/generateMinifiedResources.php (modified) (history)

Diff [purge]

Index: trunk/extensions/UploadWizard/UploadWizardHooks.php
—	—	@@ -16,119 +16,119 @@
17	17	'scripts' => array(
18	18
19	19	// jquery interface helpers
20		~~- 'extensions/UploadWizard/resources/jquery/jquery.tipsy.js',~~
21		~~- 'extensions/UploadWizard/resources/jquery/jquery.tipsyPlus.js',~~
22		~~- 'extensions/UploadWizard/resources/jquery/jquery.morphCrossfade.js',~~
23		~~- 'extensions/UploadWizard/resources/jquery/jquery.validate.js',~~
24		~~- 'extensions/UploadWizard/resources/jquery/jquery.arrowSteps.js',~~
25		~~- 'extensions/UploadWizard/resources/jquery/jquery.autocomplete.js',~~
26		~~- 'extensions/UploadWizard/resources/jquery/jquery.spinner.js',~~
	20	+ 'resources/jquery/jquery.tipsy.js',
	21	+ 'resources/jquery/jquery.tipsyPlus.js',
	22	+ 'resources/jquery/jquery.morphCrossfade.js',
	23	+ 'resources/jquery/jquery.validate.js',
	24	+ 'resources/jquery/jquery.arrowSteps.js',
	25	+ 'resources/jquery/jquery.autocomplete.js',
	26	+ 'resources/jquery/jquery.spinner.js',
27	27
28	28	// mediawiki-specific interface helper (relies on mediawiki globals)
29		~~- 'extensions/UploadWizard/resources/jquery/jquery.mwCoolCats.js',~~
	29	+ 'resources/jquery/jquery.mwCoolCats.js',
30	30
31	31	// common utilities
32		~~- 'extensions/UploadWizard/resources/mw.js', // <-- obsolete?~~
33		~~- 'extensions/UploadWizard/resources/mw.Log.js',~~
34		~~- 'extensions/UploadWizard/resources/mw.Utilities.js',~~
35		~~- 'extensions/UploadWizard/resources/mw.UtilitiesTime.js',~~
36		~~- 'extensions/UploadWizard/resources/mw.Uri.js',~~
37		~~- 'extensions/UploadWizard/resources/mw.Api.js',~~
38		~~- 'extensions/UploadWizard/resources/mw.Api.edit.js',~~
39		~~- 'extensions/UploadWizard/resources/mw.Title.js',~~
	32	+ 'resources/mw.js', // <-- obsolete?
	33	+ 'resources/mw.Log.js',
	34	+ 'resources/mw.Utilities.js',
	35	+ 'resources/mw.UtilitiesTime.js',
	36	+ 'resources/mw.Uri.js',
	37	+ 'resources/mw.Api.js',
	38	+ 'resources/mw.Api.edit.js',
	39	+ 'resources/mw.Title.js',
40	40
41	41	// message parsing
42		~~- 'extensions/UploadWizard/resources/language/mw.Language.js',~~
43		~~- 'extensions/UploadWizard/resources/language/mw.Parser.js',~~
44		~~- 'extensions/UploadWizard/resources/mw.LanguageUpWiz.js',~~
	42	+ 'resources/language/mw.Language.js',
	43	+ 'resources/language/mw.Parser.js',
	44	+ 'resources/mw.LanguageUpWiz.js',
45	45
46	46	// workhorse libraries
47		~~- 'extensions/UploadWizard/resources/mw.IframeTransport.js',~~
48		~~- 'extensions/UploadWizard/resources/mw.ApiUploadHandler.js',~~
49		~~- 'extensions/UploadWizard/resources/mw.DestinationChecker.js',~~
50		~~- 'extensions/UploadWizard/resources/mw.UploadWizardUtil.js',~~
	47	+ 'resources/mw.IframeTransport.js',
	48	+ 'resources/mw.ApiUploadHandler.js',
	49	+ 'resources/mw.DestinationChecker.js',
	50	+ 'resources/mw.UploadWizardUtil.js',
51	51
52	52	// interface libraries
53		~~- 'extensions/UploadWizard/resources/mw.GroupProgressBar.js',~~
	53	+ 'resources/mw.GroupProgressBar.js',
54	54
55	55	// UploadWizard specific abstractions
56		~~- 'extensions/UploadWizard/resources/mw.UploadWizardDeed.js',~~
57		~~- 'extensions/UploadWizard/resources/mw.UploadWizardLicenseInput.js',~~
	56	+ 'resources/mw.UploadWizardDeed.js',
	57	+ 'resources/mw.UploadWizardLicenseInput.js',
58	58
59	59	// main library
60		~~- 'extensions/UploadWizard/resources/mw.UploadWizard.js',~~
	60	+ 'resources/mw.UploadWizard.js',
61	61
62	62	// launcher
63		~~- 'extensions/UploadWizard/UploadWizardPage.js'~~
	63	+ 'UploadWizardPage.js'
64	64	),
65	65	'languageScripts' => array(
66		~~- 'am' => 'extensions/UploadWizard/resources/languages/classes/LanguageAm.js',~~
67		~~- 'ar' => 'extensions/UploadWizard/resources/languages/classes/LanguageAr.js',~~
68		~~- 'bat-smg' => 'extensions/UploadWizard/resources/languages/classes/LanguageBat_smg.js',~~
69		~~- 'be' => 'extensions/UploadWizard/resources/languages/classes/LanguageBe.js',~~
70		~~- 'be-tarask' => 'extensions/UploadWizard/resources/languages/classes/LanguageBe_tarask.js',~~
71		~~- 'bh' => 'extensions/UploadWizard/resources/languages/classes/LanguageBh.js',~~
72		~~- 'bs' => 'extensions/UploadWizard/resources/languages/classes/LanguageBs.js',~~
73		~~- 'cs' => 'extensions/UploadWizard/resources/languages/classes/LanguageCs.js',~~
74		~~- 'cu' => 'extensions/UploadWizard/resources/languages/classes/LanguageCu.js',~~
75		~~- 'cy' => 'extensions/UploadWizard/resources/languages/classes/LanguageCy.js',~~
76		~~- 'dsb' => 'extensions/UploadWizard/resources/languages/classes/LanguageDsb.js',~~
77		~~- 'fr' => 'extensions/UploadWizard/resources/languages/classes/LanguageFr.js',~~
78		~~- 'ga' => 'extensions/UploadWizard/resources/languages/classes/LanguageGa.js',~~
79		~~- 'gd' => 'extensions/UploadWizard/resources/languages/classes/LanguageGd.js',~~
80		~~- 'gv' => 'extensions/UploadWizard/resources/languages/classes/LanguageGv.js',~~
81		~~- 'he' => 'extensions/UploadWizard/resources/languages/classes/LanguageHe.js',~~
82		~~- 'hi' => 'extensions/UploadWizard/resources/languages/classes/LanguageHi.js',~~
83		~~- 'hr' => 'extensions/UploadWizard/resources/languages/classes/LanguageHr.js',~~
84		~~- 'hsb' => 'extensions/UploadWizard/resources/languages/classes/LanguageHsb.js',~~
85		~~- 'hy' => 'extensions/UploadWizard/resources/languages/classes/LanguageHy.js',~~
86		~~- 'ksh' => 'extensions/UploadWizard/resources/languages/classes/LanguageKsh.js',~~
87		~~- 'ln' => 'extensions/UploadWizard/resources/languages/classes/LanguageLn.js',~~
88		~~- 'lt' => 'extensions/UploadWizard/resources/languages/classes/LanguageLt.js',~~
89		~~- 'lv' => 'extensions/UploadWizard/resources/languages/classes/LanguageLv.js',~~
90		~~- 'mg' => 'extensions/UploadWizard/resources/languages/classes/LanguageMg.js',~~
91		~~- 'mk' => 'extensions/UploadWizard/resources/languages/classes/LanguageMk.js',~~
92		~~- 'mo' => 'extensions/UploadWizard/resources/languages/classes/LanguageMo.js',~~
93		~~- 'mt' => 'extensions/UploadWizard/resources/languages/classes/LanguageMt.js',~~
94		~~- 'nso' => 'extensions/UploadWizard/resources/languages/classes/LanguageNso.js',~~
95		~~- 'pl' => 'extensions/UploadWizard/resources/languages/classes/LanguagePl.js',~~
96		~~- 'pt-br' => 'extensions/UploadWizard/resources/languages/classes/LanguagePt_br.js',~~
97		~~- 'ro' => 'extensions/UploadWizard/resources/languages/classes/LanguageRo.js',~~
98		~~- 'ru' => 'extensions/UploadWizard/resources/languages/classes/LanguageRu.js',~~
99		~~- 'se' => 'extensions/UploadWizard/resources/languages/classes/LanguageSe.js',~~
100		~~- 'sh' => 'extensions/UploadWizard/resources/languages/classes/LanguageSh.js',~~
101		~~- 'sk' => 'extensions/UploadWizard/resources/languages/classes/LanguageSk.js',~~
102		~~- 'sl' => 'extensions/UploadWizard/resources/languages/classes/LanguageSl.js',~~
103		~~- 'sma' => 'extensions/UploadWizard/resources/languages/classes/LanguageSma.js',~~
104		~~- 'sr' => 'extensions/UploadWizard/resources/languages/classes/LanguageSr.js',~~
105		~~- 'sr-ec' => 'extensions/UploadWizard/resources/languages/classes/LanguageSr_ec.js',~~
106		~~- 'sr-el' => 'extensions/UploadWizard/resources/languages/classes/LanguageSr_el.js',~~
107		~~- 'ti' => 'extensions/UploadWizard/resources/languages/classes/LanguageTi.js',~~
108		~~- 'tl' => 'extensions/UploadWizard/resources/languages/classes/LanguageTl.js',~~
109		~~- 'uk' => 'extensions/UploadWizard/resources/languages/classes/LanguageUk.js',~~
110		~~- 'wa' => 'extensions/UploadWizard/resources/languages/classes/LanguageWa.js'~~
	66	+ 'am' => 'resources/languages/classes/LanguageAm.js',
	67	+ 'ar' => 'resources/languages/classes/LanguageAr.js',
	68	+ 'bat-smg' => 'resources/languages/classes/LanguageBat_smg.js',
	69	+ 'be' => 'resources/languages/classes/LanguageBe.js',
	70	+ 'be-tarask' => 'resources/languages/classes/LanguageBe_tarask.js',
	71	+ 'bh' => 'resources/languages/classes/LanguageBh.js',
	72	+ 'bs' => 'resources/languages/classes/LanguageBs.js',
	73	+ 'cs' => 'resources/languages/classes/LanguageCs.js',
	74	+ 'cu' => 'resources/languages/classes/LanguageCu.js',
	75	+ 'cy' => 'resources/languages/classes/LanguageCy.js',
	76	+ 'dsb' => 'resources/languages/classes/LanguageDsb.js',
	77	+ 'fr' => 'resources/languages/classes/LanguageFr.js',
	78	+ 'ga' => 'resources/languages/classes/LanguageGa.js',
	79	+ 'gd' => 'resources/languages/classes/LanguageGd.js',
	80	+ 'gv' => 'resources/languages/classes/LanguageGv.js',
	81	+ 'he' => 'resources/languages/classes/LanguageHe.js',
	82	+ 'hi' => 'resources/languages/classes/LanguageHi.js',
	83	+ 'hr' => 'resources/languages/classes/LanguageHr.js',
	84	+ 'hsb' => 'resources/languages/classes/LanguageHsb.js',
	85	+ 'hy' => 'resources/languages/classes/LanguageHy.js',
	86	+ 'ksh' => 'resources/languages/classes/LanguageKsh.js',
	87	+ 'ln' => 'resources/languages/classes/LanguageLn.js',
	88	+ 'lt' => 'resources/languages/classes/LanguageLt.js',
	89	+ 'lv' => 'resources/languages/classes/LanguageLv.js',
	90	+ 'mg' => 'resources/languages/classes/LanguageMg.js',
	91	+ 'mk' => 'resources/languages/classes/LanguageMk.js',
	92	+ 'mo' => 'resources/languages/classes/LanguageMo.js',
	93	+ 'mt' => 'resources/languages/classes/LanguageMt.js',
	94	+ 'nso' => 'resources/languages/classes/LanguageNso.js',
	95	+ 'pl' => 'resources/languages/classes/LanguagePl.js',
	96	+ 'pt-br' => 'resources/languages/classes/LanguagePt_br.js',
	97	+ 'ro' => 'resources/languages/classes/LanguageRo.js',
	98	+ 'ru' => 'resources/languages/classes/LanguageRu.js',
	99	+ 'se' => 'resources/languages/classes/LanguageSe.js',
	100	+ 'sh' => 'resources/languages/classes/LanguageSh.js',
	101	+ 'sk' => 'resources/languages/classes/LanguageSk.js',
	102	+ 'sl' => 'resources/languages/classes/LanguageSl.js',
	103	+ 'sma' => 'resources/languages/classes/LanguageSma.js',
	104	+ 'sr' => 'resources/languages/classes/LanguageSr.js',
	105	+ 'sr-ec' => 'resources/languages/classes/LanguageSr_ec.js',
	106	+ 'sr-el' => 'resources/languages/classes/LanguageSr_el.js',
	107	+ 'ti' => 'resources/languages/classes/LanguageTi.js',
	108	+ 'tl' => 'resources/languages/classes/LanguageTl.js',
	109	+ 'uk' => 'resources/languages/classes/LanguageUk.js',
	110	+ 'wa' => 'resources/languages/classes/LanguageWa.js'
111	111	),
112	112	'styles' => array(
113		~~- 'extensions/UploadWizard/resources/jquery/jquery.tipsy.css',~~
114		~~- 'extensions/UploadWizard/resources/uploadWizard.css',~~
115		~~- 'extensions/UploadWizard/resources/jquery/jquery.arrowSteps.css',~~
116		~~- 'extensions/UploadWizard/resources/jquery/jquery.mwCoolCats.css',~~
117		~~- 'extensions/UploadWizard/resources/jquery.ui/themes/redmond/jquery-ui-1.7.1.custom.css'~~
	113	+ 'resources/jquery/jquery.tipsy.css',
	114	+ 'resources/uploadWizard.css',
	115	+ 'resources/jquery/jquery.arrowSteps.css',
	116	+ 'resources/jquery/jquery.mwCoolCats.css',
	117	+ 'resources/jquery.ui/themes/redmond/jquery-ui-1.7.1.custom.css'
118	118	),
119	119	'messages' => array(
120	120	// see UploadWizard.i18n.php
121	121	),
122	122	// in ResourceLoader, these will probably have names rather than explicit script paths, or be automatically loaded
123	123	'dependencies' => array(
124		~~- 'extensions/UploadWizard/resources/jquery.ui/ui/ui.core.js',~~
125		~~- 'extensions/UploadWizard/resources/jquery.ui/ui/ui.datepicker.js',~~
126		~~- 'extensions/UploadWizard/resources/jquery.ui/ui/ui.progressbar.js'~~
	124	+ 'resources/jquery.ui/ui/ui.core.js',
	125	+ 'resources/jquery.ui/ui/ui.datepicker.js',
	126	+ 'resources/jquery.ui/ui/ui.progressbar.js'
127	127	),
128	128	'group' => 'ext.uploadWizard'
129	129	),
130	130	'ext.uploadWizard.tests' => array(
131	131	'scripts' => array(
132		~~- 'extensions/UploadWizard/resources/mw.MockUploadHandler.js'~~
	132	+ 'resources/mw.MockUploadHandler.js'
133	133	),
134	134	),
135	135	);
—	—	@@ -139,8 +139,11 @@
140	140	* Adds modules to ResourceLoader
141	141	*/
142	142	public static function resourceLoaderRegisterModules( &$resourceLoader ) {
	143	+ global $wgExtensionAssetsPath;
	144	+ $localpath = dirname( __FILE__ );
	145	+ $remotepath = "$wgExtensionAssetsPath/UploadWizard";
143	146	foreach ( self::$modules as $name => $resources ) {
144		~~- $resourceLoader->register( $name, new ResourceLoaderFileModule( $resources ) );~~
	147	+ $resourceLoader->register( $name, new ResourceLoaderFileModule( $resources, $localpath, $remotepath ) );
145	148	}
146	149	return true;
147	150	}
Index: trunk/extensions/UploadWizard/generateMinifiedResources.php
—	—	@@ -1,29 +1,23 @@
2	2	<?php
	3	+$path = getenv( 'MW_INSTALL_PATH' );
	4	+if ( strval( $path ) === '' ) {
	5	+ $path = dirname( __FILE__ ) . '/../..';
	6	+}
	7	+require_once( "$path/maintenance/Maintenance.php" );
3	8
4		~~-/* Invokes UploadWizardDependencyLoader to write combined & minified scripts */~~
5		-
6		~~-$dir = dirname( __FILE__ );~~
7		~~-require_once( "$dir/UploadWizardDependencyLoader.php" );~~
8		~~-require_once( "$dir/UploadWizardMessages.php" );~~
9		~~-require_once( "$dir/UploadWizardHooks.php" );~~
10		-
11		~~-$installPath = null;~~
12		-
13		~~-while ( $dir !== '/' ) {~~
14		~~- if ( file_exists( "$dir/LocalSettings.php" ) ) {~~
15		~~- $installPath = $dir;~~
16		~~- break;~~
	9	+/**
	10	+ * Maintenance script to generate combined and minified JS and CSS for UploadWizard
	11	+ */
	12	+class UploadWizardGenerateMinifiedResources extends Maintenance {
	13	+ public function __construct() {
	14	+ parent::__construct();
	15	+ $this->mDescription = 'Generate combined and minified JS and CSS for UploadWizard';
17	16	}
18		~~- $dir = dirname( $dir );~~
	17	+
	18	+ public function execute() {
	19	+ $dependencyLoader = new UploadWizardDependencyLoader();
	20	+ $dependencyLoader->writeOptimizedFiles();
	21	+ }
19	22	}
20		~~-if ( !$installPath ) {~~
21		~~- print "no installpath, can't write optimized files...\n";~~
22		~~- exit;~~
23		-}
24		-
25		~~-require_once( "$installPath/includes/libs/JSMin.php" );~~
26		-
27		-
28		~~-$dependencyLoader = new UploadWizardDependencyLoader();~~
29		~~-$dependencyLoader->writeOptimizedFiles( $installPath );~~
30		-
	23	+$maintClass = 'UploadWizardGenerateMinifiedResources';
	24	+require_once( DO_MAINTENANCE );
Index: trunk/extensions/UploadWizard/UploadWizardDependencyLoader.php
—	—	@@ -15,8 +15,6 @@
16	16	* PHP and the Makefile). I started to write a PHP file that then would write a Makefile and realized
17	17	* this was getting a bit insane.
18	18	*
19		~~- * n.b. depends on $IP/includes/libs/JSMin.php~~
20		- *
21	19	* @author Neil Kandalgaonkar <neilk@wikimedia.org>
22	20	*/
23	21
—	—	@@ -88,9 +86,8 @@
89	87	$scriptsFile = self::SCRIPTS_COMBINED;
90	88	$stylesFile = self::STYLES_COMBINED;
91	89	}
92		~~- // hardcoded but this seems reasonable~~
93		~~- $scriptsFile = "extensions/UploadWizard/resources/$scriptsFile";~~
94		~~- $stylesFile = "extensions/UploadWizard/resources/$stylesFile";~~
	90	+ $scriptsFile = "resources/$scriptsFile";
	91	+ $stylesFile = "resources/$stylesFile";
95	92
96	93	$out->addScriptFile( $baseUrl . "/" . $scriptsFile );
97	94	// XXX RTL!?
—	—	@@ -108,9 +105,7 @@
109	106	* Not intended to be called in production or from the web.
110	107	* Intended to be invoked from the same directory as UploadWizard.
111	108	*/
112		~~- public function writeOptimizedFiles( $installPath ) {~~
113		~~- chdir( $installPath );~~
114		-
	109	+ public function writeOptimizedFiles() {
115	110	$extensionDir = dirname( __FILE__ );
116	111	$resourceDir = "$extensionDir/resources";
117	112
—	—	@@ -128,11 +123,11 @@
129	124	foreach ( $dirStylesMap as $dir => $styles ) {
130	125	$combined = "$dir/dir." . self::STYLES_COMBINED;
131	126	$this->concatenateFiles( $styles, $combined );
132		~~- $dirStyleCombinedUrls[] = preg_replace( '/^extensions\/UploadWizard\/resources\//', '', $combined );~~
	127	+ $dirStyleCombinedUrls[] = preg_replace( '/^resources\//', '', $combined );
133	128
134	129	$minified = "$dir/dir." . self::STYLES_MINIFIED;
135	130	$this->writeMinifiedCss( $combined, $minified );
136		~~- $dirStyleMinifiedUrls[] = preg_replace( '/^extensions\/UploadWizard\/resources\//', '', $minified );~~
	131	+ $dirStyleMinifiedUrls[] = preg_replace( '/^resources\//', '', $minified );
137	132	}
138	133	$this->writeStyleImporter( $dirStyleCombinedUrls, $resourceDir . '/' . self::STYLES_COMBINED );
139	134	$this->writeStyleImporter( $dirStyleMinifiedUrls, $resourceDir . '/' . self::STYLES_MINIFIED );
—	—	@@ -154,7 +149,7 @@
155	150	function writeStyleImporter( $urls, $outputFile ) {
156	151	$fp = fopen( $outputFile, 'w' );
157	152	if ( ! $fp ) {
158		~~- print "couldn't open $outputFile for writing";~~
	153	+ print "couldn't open $outputFile for writing\n";
159	154	exit;
160	155	}
161	156	foreach ( $urls as $url ) {
Index: trunk/extensions/UploadWizard/UploadWizard.php
—	—	@@ -54,7 +54,10 @@
55	55	// Set up the javascript path for the loader and localization file.
56	56	$wgExtensionJavascriptModules[ 'UploadWizard' ] = 'extensions/UploadWizard';
57	57
	58	+// Disable ResourceLoader support by default, it's currently broken
	59	+$wgUploadWizardDisableResourceLoader = true;
	60	+
58	61	// for ResourceLoader
59		~~-if ( class_exists( 'ResourceLoader' ) ) {~~
	62	+if ( !$wgUploadWizardDisableResourceLoader && class_exists( 'ResourceLoader' ) ) {
60	63	$wgHooks['ResourceLoaderRegisterModules'][] = 'UploadWizardHooks::resourceLoaderRegisterModules';
61	64	}
Index: trunk/extensions/UploadWizard/SpecialUploadWizard.php
—	—	@@ -37,7 +37,7 @@
38	38	* @param subpage, e.g. the "foo" in Special:UploadWizard/foo.
39	39	*/
40	40	public function execute( $subPage ) {
41		~~- global $wgScriptPath, $wgLang, $wgUser, $wgOut, $wgLanguageCode,~~
	41	+ global $wgLang, $wgUser, $wgOut, $wgLanguageCode, $wgExtensionAssetsPath,
42	42	$wgUploadWizardDebug, $wgUploadWizardDisableResourceLoader;
43	43
44	44	// side effects: if we can't upload, will print error page to wgOut
—	—	@@ -60,16 +60,17 @@
61	61	$this->addJsVars( $subPage );
62	62
63	63	// dependencies (css, js)
64		~~- if ( (! $wgUploadWizardDisableResourceLoader) && class_exists( 'ResourceLoader' ) ) {~~
	64	+ if ( !$wgUploadWizardDisableResourceLoader && class_exists( 'ResourceLoader' ) ) {
65	65	$wgOut->addModules( 'ext.uploadWizard' );
66	66	} else {
	67	+ $basepath = "$wgExtensionAssetsPath/UploadWizard";
67	68	$dependencyLoader = new UploadWizardDependencyLoader( $wgLanguageCode );
68	69	if ( $wgUploadWizardDebug ) {
69	70	// each file as an individual script or style
70		~~- $dependencyLoader->outputHtmlDebug( $wgOut, $wgScriptPath );~~
	71	+ $dependencyLoader->outputHtmlDebug( $wgOut, $basepath );
71	72	} else {
72	73	// combined & minified
73		~~- $dependencyLoader->outputHtml( $wgOut, $wgScriptPath );~~
	74	+ $dependencyLoader->outputHtml( $wgOut, $basepath );
74	75	}
75	76	}
76	77

Follow-up revisions

Revision	Commit summary	Author	Date
r76193	Fix ResourceLoader support in UploadWizard, which was broken by r76182, possi...	catrope	15:13, 6 November 2010

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r75954	fix css urls to use scriptPath	neilk	19:47, 3 November 2010
r76182	reasonable optimization & minification for resources without ResourceLoader	neilk	08:25, 6 November 2010

Comments

#Comment by NeilK (talk | contribs) 19:55, 8 November 2010

Thanks, this is a big improvement. I knew I was doing things in a hacky way, but wasn't aware there was a better way (so I didn't think to ask).

I don't fully understand your comment about register_globals vulnerabilities. register_globals makes all kinds of vulnerabilities, what was worse about it here?

#Comment by Catrope (talk | contribs) 20:02, 8 November 2010

register_globals can be undermined by making sure a global variable is always set to a default value before using it. In MediaWiki, all global vars are (or should be) set to a default value in DefaultSettings.php (for core) or the extension setup file. You weren't doing this, so you were allowing attackers to set $wgUploadWizardDisableResourceLoader to arbitrary values through the query string on installs with register_globals enabled. Admittedly that's not that bad, but it's bad style. The all-caps statement was to scare you into doing it right ;)

Status & tagging log

01:07, 5 January 2011 Reedy (talk | contribs) changed the status of r76189 [removed: new added: deferred]