r84881 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r84880‎ \| r84881 \| r84882 >
Date:	20:13, 27 March 2011
Author:	brion
Status:	ok
Tags:
Comment:	* (bug 27170) [Installer] Install now completes when choosing a CC license with the picker There were two things breaking this: * X-Frame-Options forbade our final step of the license selector, or the license selection shower, from being loaded properly. This lead to it looking wrong. * The installation URL fingerprinting broke on the long query string that's on the final step. As a result, the user's selection got saved into a different session subkey, thinking it belonged to a different installation. It would then not get seen by the surrounding page's installer instance, causing the confusion. Fix removes the X-Frame-Options for the CC bit, and drops query strings before the rest of URL normalization in the fingerprint check so the CC bits now see the same session key as the rest.
Modified paths:	/trunk/phase3/includes/installer/WebInstaller.php (modified) (history) /trunk/phase3/includes/installer/WebInstallerOutput.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/installer/WebInstaller.php
—	—	@@ -177,6 +177,7 @@
178	178	if ( $this->request->getVal( 'SubmitCC' ) ) {
179	179	$page = $this->getPageByName( 'Options' );
180	180	$this->output->useShortHeader();
	181	+ $this->output->allowFrames();
181	182	$page->submitCC();
182	183	return $this->finish();
183	184	}
—	—	@@ -184,6 +185,7 @@
185	186	if ( $this->request->getVal( 'ShowCC' ) ) {
186	187	$page = $this->getPageByName( 'Options' );
187	188	$this->output->useShortHeader();
	189	+ $this->output->allowFrames();
188	190	$this->output->addHTML( $page->getCCDoneBox() );
189	191	return $this->finish();
190	192	}
—	—	@@ -323,7 +325,13 @@
324	326	public function getFingerprint() {
325	327	// Get the base URL of the installation
326	328	$url = $this->request->getFullRequestURL();
	329	+ if ( preg_match( '!^(.*\?)!', $url, $m) ) {
	330	+ // Trim query string
	331	+ $url = $m[1];
	332	+ }
327	333	if ( preg_match( '!^(.)/[^/]/[^/]*$!', $url, $m ) ) {
	334	+ // This... seems to try to get the base path from
	335	+ // the /mw-config/index.php. Kinda scary though?
328	336	$url = $m[1];
329	337	}
330	338	return md5( serialize( array(
Index: trunk/phase3/includes/installer/WebInstallerOutput.php
—	—	@@ -40,6 +40,14 @@
41	41	public $redirectTarget;
42	42
43	43	/**
	44	+ * Does the current page need to allow being used as a frame?
	45	+ * If not, X-Frame-Options will be output to forbid it.
	46	+ *
	47	+ * @var bool
	48	+ */
	49	+ public $allowFrames = false;
	50	+
	51	+ /**
44	52	* Whether to use the limited header (used during CC license callbacks)
45	53	* @var bool
46	54	*/
—	—	@@ -116,6 +124,10 @@
117	125	$this->useShortHeader = $use;
118	126	}
119	127
	128	+ public function allowFrames( $allow = true ) {
	129	+ $this->allowFrames = $allow;
	130	+ }
	131	+
120	132	public function flush() {
121	133	if ( !$this->headerDone ) {
122	134	$this->outputHeader();
—	—	@@ -163,7 +175,9 @@
164	176	$dbTypes = $this->parent->getDBTypes();
165	177
166	178	$this->parent->request->response()->header( 'Content-Type: text/html; charset=utf-8' );
167		~~- $this->parent->request->response()->header( 'X-Frame-Options: DENY' );~~
	179	+ if (!$this->allowFrames) {
	180	+ $this->parent->request->response()->header( 'X-Frame-Options: DENY' );
	181	+ }
168	182	if ( $this->redirectTarget ) {
169	183	$this->parent->request->response()->header( 'Location: '.$this->redirectTarget );
170	184	return;

Follow-up revisions

Revision	Commit summary	Author	Date
r85012	MFT installer changes: r84755, r84756, r84875, r84881, r84882, r84970, r84976	demon	14:46, 30 March 2011

Status & tagging log

14:46, 30 March 2011 😂 (talk | contribs) changed the tags for r84881 [removed: 1.17]
17:38, 28 March 2011 😂 (talk | contribs) changed the status of r84881 [removed: new added: ok]
20:13, 27 March 2011 Brion VIBBER (talk | contribs) changed the tags for r84881 [added: 1.17]