r82169 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r82168‎ \| r82169 \| r82170 >
Date:	15:00, 15 February 2011
Author:	reedy
Status:	resolved (Comments)
Tags:
Comment:	* (bug 27400) Manual revision association won't accept "rXXXXX" Fixed for association addition
Modified paths:	/trunk/extensions/CodeReview/backend/CodeRevision.php (modified) (history) /trunk/extensions/CodeReview/ui/CodeRevisionView.php (modified) (history)

Diff [purge]

Index: trunk/extensions/CodeReview/backend/CodeRevision.php
—	—	@@ -834,6 +834,7 @@
835	835	public function addReferencesFrom( $revs ) {
836	836	$data = array();
837	837	foreach ( array_unique( (array)$revs ) as $rev ) {
	838	+ $rev = intval( ltrim( $rev, 'r' ) );
838	839	if ( $rev > $this->getId() ) {
839	840	$data[] = array(
840	841	'cf_repo_id' => $this->getRepoId(),
—	—	@@ -862,6 +863,7 @@
863	864	public function addReferencesTo( $revs ) {
864	865	$data = array();
865	866	foreach ( array_unique( (array)$revs ) as $rev ) {
	867	+ $rev = intval( ltrim( $rev, 'r' ) );
866	868	if ( $rev < $this->getId() ) {
867	869	$data[] = array(
868	870	'cf_repo_id' => $this->getRepoId(),
Index: trunk/extensions/CodeReview/ui/CodeRevisionView.php
—	—	@@ -52,7 +52,7 @@
53	53	$this->mStrikeSignoffs = $wgRequest->getCheck( 'wpStrikeSignoffs' ) ?
54	54	$this->mSelectedSignoffs : array();
55	55	$this->mAddReference = $wgRequest->getCheck( 'wpAddReferenceSubmit' ) ?
56		~~- $wgRequest->getIntArray( 'wpAddReference', array() ) : array();~~
	56	+ $wgRequest->getArray( 'wpAddReference', array() ) : array();
57	57	$this->mRemoveReferences = $wgRequest->getCheck( 'wpRemoveReferences' ) ?
58	58	$wgRequest->getIntArray( 'wpReferences', array() ) : array();
59	59	}

Follow-up revisions

Revision	Commit summary	Author	Date
r82304	Per hashar CR on r82169, might aswell santise at input level	reedy	22:03, 16 February 2011

Comments

#Comment by Hashar (talk | contribs) 20:38, 16 February 2011

The mAddReference is probably used elsewhere and expected to be an int. It looks like a potential injection.

You want to clean up the 'r' just after retrieving user submitted data from the wgRequest object. This way you are sure nobody will use unsecured data later on and avoid code duplication. Code example for ui/CodeRevisionView.php :

$tmp = $wgRequest->getArray( 'wpAddReference', array() );
$this->mAddReference = intval( ltrim( $tmp, 'r' ) );

#Comment by Reedy (talk | contribs) 21:29, 16 February 2011

That won't directly work...

As your trying to ltrim and array, and then intval it.

We could array_map( 'intval', $array )

But we can't do an array_map to do the ltrim with a parameter of 'r'...

simplest way is seemingly to just

$res = array();
foreach( $array as $a ) {
$a = ltrim( $a, 'r' );
$a = intval( $a );

if ( $a ) {
$res[] = $a;
}
}

Or condense it slightly

$array = array_map( array( $this, 'ltrimIntval' ), $array );

	private function ltrimIntval( $item ) {
		$item = ltrim( $item, 'r' );
		return intval( $item );
	}

#Comment by Hashar (talk | contribs) 06:47, 17 February 2011

Much better / safer :)

Status & tagging log

06:47, 17 February 2011 Hashar (talk | contribs) changed the status of r82169 [removed: fixme added: resolved]
20:38, 16 February 2011 Hashar (talk | contribs) changed the status of r82169 [removed: new added: fixme]