r81220 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r81219‎ \| r81220 \| r81221 >
Date:	22:34, 30 January 2011
Author:	reedy
Status:	ok (Comments)
Tags:
Comment:	Part of bug 27041, removing all calls to escapeLike in extensions
Modified paths:	/trunk/extensions/IndexFunction/SpecialIndex.php (modified) (history) /trunk/extensions/InterwikiList/InterwikiList_body.php (modified) (history) /trunk/extensions/Renameuser/Renameuser_body.php (modified) (history) /trunk/extensions/ReplaceText/SpecialReplaceText.php (modified) (history) /trunk/extensions/SubPageList/SubPageList.class.php (modified) (history) /trunk/extensions/SubPageList3/SubPageList3.php (modified) (history) /trunk/extensions/TitleKey/TitleKey_body.php (modified) (history) /trunk/extensions/Transliterator/Transliterator_body.php (modified) (history) /trunk/extensions/WatchSubpages/WatchSubpages_body.php (modified) (history) /trunk/extensions/WebDAV/WebDavServer.php (modified) (history) /trunk/extensions/Wikilog/WikilogComment.php (modified) (history) /trunk/extensions/Wikilog/WikilogQuery.php (modified) (history) /trunk/extensions/WikimediaIncubator/TestWikiRC.php (modified) (history)

Diff [purge]

Index: trunk/extensions/InterwikiList/InterwikiList_body.php
—	—	@@ -42,7 +42,7 @@
43	43
44	44	$conds = array();
45	45	if ( !is_null( $prefix ) ) {
46		~~- $conds[] = "iw_prefix LIKE " . $dbr->addQuotes( $dbr->escapeLike( $prefix ) . "%" );~~
	46	+ $conds[] = "iw_prefix " . $dbr->buildLike( $prefix, $dbr->anyString() );
47	47	}
48	48
49	49	$results = $dbr->select( 'interwiki', array( 'iw_prefix', 'iw_url' ), $conds );
Index: trunk/extensions/Renameuser/Renameuser_body.php
—	—	@@ -296,8 +296,7 @@
297	297	array( 'page_namespace', 'page_title' ),
298	298	array(
299	299	'page_namespace IN (' . NS_USER . ',' . NS_USER_TALK . ')',
300		~~- '(page_title LIKE ' .~~
301		~~- $dbr->addQuotes( $dbr->escapeLike( $oldusername->getDBkey() ) . '/%' ) .~~
	300	+ '(page_title ' . $dbr->buildLike( $oldusername->getDBkey() . '/', $dbr->anyString() ) .
302	301	' OR page_title = ' . $dbr->addQuotes( $oldusername->getDBkey() ) . ')'
303	302	),
304	303	__METHOD__
Index: trunk/extensions/SubPageList/SubPageList.class.php
—	—	@@ -210,7 +210,7 @@
211	211	$conditions['page_is_redirect'] = 0;
212	212
213	213	// TODO: this is rather resource heavy
214		~~- $conditions[] = '`page_title` LIKE ' . $dbr->addQuotes( $dbr->escapeLike( $title->getDBkey() ) . '/%' );~~
	214	+ $conditions[] = '`page_title` ' . $dbr->buildLike( $title->getDBkey() . '/', $dbr->anyString() );
215	215
216	216	$fields = array();
217	217	$fields[] = 'page_title';
—	—	@@ -218,7 +218,7 @@
219	219
220	220	$res = $dbr->select( 'page', $fields, $conditions, __METHOD__, $options );
221	221
222		~~- while( $row = $dbr->fetchObject( $res ) ) {~~
	222	+ foreach( $res as $row ) {
223	223	$title = Title::makeTitleSafe( $row->page_namespace, $row->page_title );
224	224	if( is_object( $title ) ) {
225	225	$titles[] = $title;
Index: trunk/extensions/WebDAV/WebDavServer.php
—	—	@@ -602,7 +602,7 @@
603	603	$entryCondition = null;
604	604	foreach ( $entryConditions as $path => $revisionCondition ) {
605	605	if ( !empty( $path ) ) {
606		~~- $pathCondition = '(page_title = ' . $dbr->addQuotes( $path ) . ' OR page_title LIKE \'' . $dbr->escapeLike( $path ) . '/%\')';~~
	606	+ $pathCondition = '(page_title = ' . $dbr->addQuotes( $path ) . ' OR page_title ' . $dbr->buildLike( $path . '/', $dbr->anyString() ) . ')';
607	607
608	608	if ( !empty( $revisionCondition ) ) {
609	609	$revisionCondition = ' AND ' . $revisionCondition;
Index: trunk/extensions/SubPageList3/SubPageList3.php
—	—	@@ -45,6 +45,7 @@
46	46	* Function called by the Hook, returns the wiki text
47	47	*/
48	48	function efRenderSubpageList3( $input, $args, $parser ) {
	49	+ global $wgVersion;
49	50	// This function has been deprecated in 1.16, but needed for earlier versions.
50	51	// It's present in 1.16 as a stub, but lets check if it exists in case it gets removed at some point.
51	52	if ( version_compare( $wgVersion, '1.15', '<=' ) ) {
—	—	@@ -403,7 +404,7 @@
404	405
405	406	if (strlen($nsi)>0) $conditions['page_namespace'] = $nsi; // don't let list cross namespaces
406	407	$conditions['page_is_redirect'] = 0;
407		~~- $conditions[] = '`page_title` LIKE ' . $dbr->addQuotes( $dbr->escapeLike($parent) . '/%' );~~
	408	+ $conditions[] = '`page_title` ' . $dbr->buildLike( $parent . '/', $dbr->anyString() );
408	409
409	410	$fields = array();
410	411	$fields[] = 'page_title';
Index: trunk/extensions/TitleKey/TitleKey_body.php
—	—	@@ -208,7 +208,7 @@
209	209	array(
210	210	'tk_page=page_id',
211	211	'tk_namespace' => $ns,
212		~~- 'tk_key LIKE \'' . $dbr->escapeLike( $key ) . '%\'',~~
	212	+ 'tk_key ' . $dbr->buildLike( $key, $dbr->anyString() ),
213	213	),
214	214	__METHOD__,
215	215	array(
Index: trunk/extensions/Wikilog/WikilogQuery.php
—	—	@@ -674,8 +674,7 @@
675	675	if ( $this->mItem !== null ) {
676	676	$q_conds['wlc_post'] = $this->mItem->getID();
677	677	if ( $this->mThread ) {
678		~~- $thread = $db->escapeLike( $this->mThread );~~
679		~~- $q_conds[] = "wlc_thread LIKE '{$thread}/%'";~~
	678	+ $q_conds[] = "wlc_thread " . $db->buildLike( $this->mThread . '/', $db->anyString() );
680	679	}
681	680	} elseif ( $this->mWikilog !== null ) {
682	681	$join_wlp = true;
Index: trunk/extensions/Wikilog/WikilogComment.php
—	—	@@ -478,9 +478,8 @@
479	479	if ( is_array( $thread ) ) {
480	480	$thread = implode( '/', $thread );
481	481	}
482		~~- $thread = $dbr->escapeLike( $thread );~~
483	482	return self::fetchFromConds( $dbr,
484		~~- array( 'wlc_post' => $itemid, "wlc_thread LIKE '{$thread}/%'" ),~~
	483	+ array( 'wlc_post' => $itemid, "wlc_thread " . $dbr->buildLike( $thread . '/', $dbr->anyString() ) ),
485	484	array( 'ORDER BY' => 'wlc_thread, wlc_id' )
486	485	);
487	486	}
Index: trunk/extensions/IndexFunction/SpecialIndex.php
—	—	@@ -112,12 +112,13 @@
113	113	$indexconds[] = 'in_title' . $operator . $this->mDb->addQuotes( $offset );
114	114	}
115	115	$ns = $this->mSearchTitle->getNamespace();
116		~~- $like = $this->mDb->escapeLike( $this->mSearchTitle->getDBkey() ) . '%';~~
	116	+
	117	+ $like = $this->mDb->buildLike( $this->mSearchTitle->getDBkey(), $this->mDb->anyString() );
117	118
118	119	$pageconds[] = "page_namespace = $ns";
119		~~- $pageconds[] = "page_title LIKE '$like'";~~
	120	+ $pageconds[] = "page_title " . $like;
120	121	$indexconds[] = "in_namespace = $ns";
121		~~- $indexconds[] = "in_title LIKE '$like'";~~
	122	+ $indexconds[] = "in_title " . $like;
122	123
123	124
124	125	$pagequery = $this->mDb->selectSQLText( 'page',
Index: trunk/extensions/WatchSubpages/WatchSubpages_body.php
—	—	@@ -254,7 +254,7 @@
255	255	array( 'page_namespace', 'page_title', 'page_id', 'page_is_redirect' ),
256	256	array(
257	257	'page_namespace' => $prefixNS,
258		~~- 'page_title LIKE \'' . $dbr->escapeLike( $prefixKey ) .'%\'',~~
	258	+ 'page_title ' . $dbr->buildLike( $prefixKey, $dbr->anyString() ),
259	259	),
260	260	__METHOD__,
261	261	array(
Index: trunk/extensions/WikimediaIncubator/TestWikiRC.php
—	—	@@ -25,7 +25,7 @@
26	26	$dbr = wfGetDB( DB_SLAVE );
27	27	$namespaces = array( NS_MAIN, NS_TALK, NS_TEMPLATE, NS_TEMPLATE_TALK, NS_CATEGORY, NS_CATEGORY_TALK );
28	28	$conds[] = 'rc_namespace IN (' . $dbr->makeList( $namespaces ) . ')';
29		~~- $conds[] = 'rc_title like ' . $dbr->addQuotes( $dbr->escapeLike( $fullprefix ) . '/%' ) .~~
	29	+ $conds[] = 'rc_title ' . $dbr->buildLike( $fullprefix . '/', $dbr->anyString() ) .
30	30	' OR rc_title = ' . $dbr->addQuotes( $fullprefix );
31	31	return true;
32	32	}
Index: trunk/extensions/Transliterator/Transliterator_body.php
—	—	@@ -141,7 +141,7 @@
142	142	array( 'page_title', 'page_id' ),
143	143	array(
144	144	'page_namespace' => NS_MEDIAWIKI,
145		~~- 'page_title LIKE \'' . $dbr->escapeLike( self::getMapPagePrefix() ) . '%\''~~
	145	+ 'page_title ' . $dbr->buildLike( self::getMapPagePrefix(), $dbr->anyString() )
146	146	),
147	147	__METHOD__
148	148	);
Index: trunk/extensions/ReplaceText/SpecialReplaceText.php
—	—	@@ -515,10 +515,10 @@
516	516	'rev_text_id = old_id'
517	517	);
518	518	} else {
519		~~- $search = $dbr->escapeLike( $search );~~
	519	+ $any = $dbr->anyString();
520	520	$include_ns = $dbr->makeList( $namespaces );
521	521	$conds = array(
522		~~- "old_text LIKE '%$search%'",~~
	522	+ "old_text " . $dbr->buildLike( $any, $search, $any ),
523	523	"page_namespace IN ($include_ns)",
524	524	'rev_id = page_latest',
525	525	'rev_text_id = old_id'

Follow-up revisions

Revision	Commit summary	Author	Date
r81241	bug 27041, fixup usages of userMailer()	reedy	12:21, 31 January 2011
r81242	Per bug 27041, remove calls to $dbr->immediateBegin();...	reedy	12:24, 31 January 2011
r81243	bug 27041, replace call to SiteStats::admins() to SiteStats::numberingroup( '...	reedy	12:26, 31 January 2011
r81244	bug 27041, swap Database::newFromParams to DatabaseBase::newFromType()	reedy	12:34, 31 January 2011
r81245	bug 27041, kill Image::__construct	reedy	12:45, 31 January 2011
r81248	bug 27041, SpecialPage:addPage is deprecated...	reedy	13:17, 31 January 2011
r81394	1.17: MFT r81026, r81116, r81155, r81201, r81204, r81205, r81220, r81235, r81...	catrope	15:33, 2 February 2011

Comments

#Comment by MarkAHershberger (talk | contribs) 02:40, 31 January 2011

awesome! Thanks for spotting this problem and dealing with it!

Status & tagging log

15:34, 2 February 2011 Catrope (talk | contribs) changed the tags for r81220 [removed: 1.17]
21:34, 31 January 2011 MarkAHershberger (talk | contribs) changed the status of r81220 [removed: new added: ok]
07:26, 31 January 2011 Reedy (talk | contribs) changed the tags for r81220 [added: 1.17]