r83221 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r83220‎ \| r83221 \| r83222 >
Date:	16:24, 4 March 2011
Author:	yaron
Status:	deferred
Tags:
Comment:	Added URL-encoding to passed-in query string variables which are then sent on to Special:FormEdit
Modified paths:	/trunk/extensions/SemanticForms/specials/SF_FormStart.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/specials/SF_FormStart.php
—	—	@@ -37,7 +37,7 @@
38	38	// redirect to 'FormEdit' for this target page.
39	39	if ( isset( $queryparts[1] ) ) {
40	40	$target_name = $queryparts[1];
41		~~- SFFormStart::doRedirect( $form_name, $target_name, $params );~~
	41	+ self::doRedirect( $form_name, $target_name, $params );
42	42	}
43	43
44	44	// Get namespace from the URL, if it's there.
—	—	@@ -78,7 +78,7 @@
79	79	$wgOut->addHTML( htmlspecialchars( wfMsg( 'sf_formstart_badtitle', $page_name ) ) );
80	80	return;
81	81	} else {
82		~~- SFFormStart::doRedirect( $form_name, $page_name, $params );~~
	82	+ self::doRedirect( $form_name, $page_name, $params );
83	83	return;
84	84	}
85	85	}
—	—	@@ -154,8 +154,10 @@
155	155	// identify the latter because they show up as arrays.
156	156	foreach ( $_REQUEST as $key => $val ) {
157	157	if ( is_array( $val ) ) {
158		~~- $template_name = $key;~~
	158	+ $template_name = urlencode( $key );
159	159	foreach ( $val as $field_name => $value ) {
	160	+ $field_name = urlencode( $field_name );
	161	+ $value = urlencode( $value );
160	162	$redirect_url .= ( strpos( $redirect_url, "?" ) > - 1 ) ? '&' : '?';
161	163	$redirect_url .= $template_name . '[' . $field_name . ']=' . $value;
162	164	}