r95976 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r95975‎ \| r95976 \| r95977 >
Date:	13:04, 1 September 2011
Author:	jeroendedauw
Status:	ok (Comments)
Tags:
Comment:	use id and name in token salt; bug 30644
Modified paths:	/trunk/extensions/UploadWizard/includes/specials/SpecialUploadCampaigns.php (modified) (history)

Diff [purge]

Index: trunk/extensions/UploadWizard/includes/specials/SpecialUploadCampaigns.php
—	—	@@ -57,7 +57,7 @@
58	58
59	59	$this->setHeaders();
60	60	$this->outputHeader();
61		~~- $subPage = explode( '/', $subPage, 2 );~~
	61	+ $subPage = explode( '/', $subPage, 4 );
62	62
63	63	// If the user is authorized, display the page, if not, show an error.
64	64	if ( $this->userCanExecute( $wgUser ) ) {
—	—	@@ -66,9 +66,9 @@
67	67	&& $wgRequest->getCheck( 'newcampaign' ) ) {
68	68	$this->getOutput()->redirect( SpecialPage::getTitleFor( 'UploadCampaign', $wgRequest->getVal( 'newcampaign' ) )->getLocalURL() );
69	69	}
70		~~- elseif ( count( $subPage ) == 2 && $subPage[0] == 'del'~~
71		~~- && $wgUser->matchEditToken( $wgRequest->getVal( 'wpEditToken' ) ) ) {~~
72		~~- $campaign = UploadWizardCampaign::newFromName( $subPage[1], false );~~
	70	+ elseif ( count( $subPage ) == 4 && $subPage[0] == 'del'
	71	+ && $wgUser->matchEditToken( $subPage[3], serialize( array( $subPage[1], $subPage[2] ) ) ) ) {
	72	+ $campaign = UploadWizardCampaign::newFromId( $subPage[1], false );
73	73	$campaign->deleteFromDB();
74	74	$this->getOutput()->redirect( $this->getTitle()->getLocalURL() );
75	75	}
—	—	@@ -173,9 +173,13 @@
174	174	$out->addHTML( '<tbody>' );
175	175
176	176	global $wgUser;
177		~~- $editToken = array( 'wpEditToken' => $wgUser->editToken() );~~
178	177
179	178	foreach ( $campaigns as $campaign ) {
	179	+ $editToken = $wgUser->editToken( serialize( array(
	180	+ $campaign->campaign_id,
	181	+ $campaign->campaign_name
	182	+ ) ) );
	183	+
180	184	$out->addHTML(
181	185	'<tr>' .
182	186	'<td>' .
—	—	@@ -201,7 +205,10 @@
202	206	Html::element(
203	207	'a',
204	208	array(
205		~~- 'href' => SpecialPage::getTitleFor( 'UploadCampaigns', 'del/' . $campaign->campaign_name )->getLocalURL( $editToken ),~~
	209	+ 'href' => SpecialPage::getTitleFor(
	210	+ 'UploadCampaigns',
	211	+ implode( '/', array( 'del', $campaign->campaign_id, $campaign->campaign_name, $editToken ) )
	212	+ )->getLocalURL(),
206	213	'onclick' => 'return confirm( "' . wfMsg( 'mwe-upwiz-campaigns-confdel' ) . '" )'
207	214	),
208	215	wfMsg( 'mwe-upwiz-campaigns-delete' )

Follow-up revisions

Revision	Commit summary	Author	Date
r96018	follow up to r95976	jeroendedauw	18:00, 1 September 2011
r96575	fix bug 30644	jeroendedauw	15:15, 8 September 2011

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r95880	address bug 30644	jeroendedauw	16:14, 31 August 2011

Comments

#Comment by Nikerabbit (talk | contribs) 14:44, 1 September 2011

No $this->getTitle()?

#Comment by NeilK (talk | contribs) 18:34, 12 September 2011

$this->getTitle() issue resolved in followup commits... looks okay to me

Status & tagging log

18:34, 12 September 2011 NeilK (talk | contribs) changed the status of r95976 [removed: new added: ok]