r92141 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r92140‎ \| r92141 \| r92142 >
Date:	06:27, 14 July 2011
Author:	robin
Status:	ok (Comments)
Tags:
Comment:	Babel: (bug 29663) Babel doesn't validate babel-autocreate-user message -> do nothing if the username is invalid. Also, do not create categories if the user is blocked. NewUserMessage: Fix fatal error when username is invalid. Instead, do nothing.
Modified paths:	/trunk/extensions/Babel/Babel.php (modified) (history) /trunk/extensions/Babel/BabelAutoCreate.class.php (modified) (history) /trunk/extensions/NewUserMessage/NewUserMessage.class.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Babel/Babel.php
—	—	@@ -21,7 +21,7 @@
22	22	$wgExtensionCredits['parserhook'][] = array(
23	23	'path' => __FILE__,
24	24	'name' => 'Babel',
25		~~- 'version' => '1.7.0',~~
	25	+ 'version' => '1.7.1',
26	26	'author' => 'Robert Leverington',
27	27	'url' => 'http://www.mediawiki.org/wiki/Extension:Babel',
28	28	'descriptionmsg' => 'babel-desc',
Index: trunk/extensions/Babel/BabelAutoCreate.class.php
—	—	@@ -38,12 +38,19 @@
39	39	$text = wfMsgForContent( 'babel-autocreate-text-levels', $level, $language );
40	40	}
41	41	$article = new Article( $title );
	42	+
	43	+ $user = self::user();
	44	+ # Do not add a message if the username is invalid or if the account that adds it, is blocked
	45	+ if( !$user \|\| $user->isBlocked() ) {
	46	+ return;
	47	+ }
	48	+
42	49	$article->doEdit(
43	50	$text,
44	51	wfMsgForContent( 'babel-autocreate-reason', wfMsgForContent( 'babel-url' ) ),
45	52	EDIT_FORCE_BOT,
46	53	false,
47		~~- self::user()~~
	54	+ $user
48	55	);
49	56	}
50	57
—	—	@@ -54,8 +61,8 @@
55	62	*/
56	63	public static function user() {
57	64	if ( !self::$user ) {
58		~~- self::$user = User::newFromName( wfMsgForContent( 'babel-autocreate-user' ), false );~~
59		~~- if ( !self::$user->isLoggedIn() ) {~~
	65	+ self::$user = User::newFromName( wfMsgForContent( 'babel-autocreate-user' ) );
	66	+ if ( self::$user && !self::$user->isLoggedIn() ) {
60	67	self::$user->addToDatabase();
61	68	}
62	69	}
Index: trunk/extensions/NewUserMessage/NewUserMessage.class.php
—	—	@@ -23,6 +23,11 @@
24	24	// Create a user object for the editing user and add it to the
25	25	// database if it is not there already
26	26	$editor = User::newFromName( wfMsgForContent( 'newusermessage-editor' ) );
	27	+
	28	+ if( !$editor ) {
	29	+ return false; # Invalid user name
	30	+ }
	31	+
27	32	if ( !$editor->isLoggedIn() ) {
28	33	$editor->addToDatabase();
29	34	}
—	—	@@ -157,8 +162,8 @@
158	163	$editor = self::fetchEditor();
159	164	$flags = self::fetchFlags();
160	165
161		~~- # Do not add a message if the account that adds it, is blocked~~
162		~~- if( $editor->isBlocked() ) {~~
	166	+ # Do not add a message if the username is invalid or if the account that adds it, is blocked
	167	+ if( !$editor \|\| $editor->isBlocked() ) {
163	168	return true;
164	169	}
165	170

Follow-up revisions

Revision	Commit summary	Author	Date
r94210	Add 0 to new Article() per r92141 comment and [[User:Catrope/Extension review...	robin	22:50, 10 August 2011

Comments

#Comment by Nikerabbit (talk | contribs) 07:58, 14 July 2011

If this code has any chance of being executed during web requests, it needs zero as second parameter to Article constructor.

$article = new Article( $title );

#Comment by Bawolff (talk | contribs) 19:43, 17 August 2011

I thnk this is using the wrong level of username validation. - Since category creation is a batch process, you should probably be doing valid User::newFromName( wfMsgForContent( 'babel-autocreate-user' ), 'valid' ) . See the docs for User::GetCanonicalName.

Not an issue with this commit, but since its touching this area of code I thought I'd mention, I don't think calling $article->doEdit while in the middle of parsing something is ok (I think it calls the parser recursively, which causes weird stuff to happen, like UNIQ everywhere)

#Comment by SPQRobin (talk | contribs) 22:14, 4 September 2011

Re validation: "true is accepted as an alias for 'valid', for BC." if ( $validate === true ) { $validate = 'valid'; } So 'valid' would've be better but it doesn't make any difference.

Re doEdit: That's bug 29245, which you explained there indeed.

#Comment by Bawolff (talk | contribs) 12:12, 5 September 2011

Oh whoops. For some reason I thought the default level was usable. Please ignore my comment then :)

Status & tagging log

09:11, 20 August 2011 Catrope (talk | contribs) changed the status of r92141 [removed: new added: ok]