r96374 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r96373‎ \| r96374 \| r96375 >
Date:	21:25, 6 September 2011
Author:	jeroendedauw
Status:	deferred
Tags:
Comment:	salt survey deletion token w/ ids
Modified paths:	/trunk/extensions/Survey/api/ApiDeleteSurvey.php (modified) (history) /trunk/extensions/Survey/api/ApiEditSurvey.php (modified) (history) /trunk/extensions/Survey/includes/SurveyQuestion.php (modified) (history) /trunk/extensions/Survey/specials/SpecialSurveys.php (modified) (history)

Diff [purge]

Index: trunk/extensions/Survey/specials/SpecialSurveys.php
—	—	@@ -156,7 +156,7 @@
157	157	'href' => '#',
158	158	'class' => 'survey-delete',
159	159	'data-survey-id' => $survey->getId(),
160		~~- 'data-survey-token' => $GLOBALS['wgUser']->editToken( 'deletesurvey' )~~
	160	+ 'data-survey-token' => $GLOBALS['wgUser']->editToken( 'deletesurvey' . $survey->getId() )
161	161	),
162	162	wfMsg( 'surveys-special-delete' )
163	163	) .
Index: trunk/extensions/Survey/includes/SurveyQuestion.php
—	—	@@ -19,6 +19,24 @@
20	20	public static $TYPE_RADIO = 3;
21	21
22	22	/**
	23	+ * @see SurveyDBClass::getDBTable()
	24	+ */
	25	+ protected static function getDBTable() {
	26	+ return 'survey_questions';
	27	+ }
	28	+
	29	+ /**
	30	+ * Gets the db field prefix.
	31	+ *
	32	+ * @since 0.1
	33	+ *
	34	+ * @return string
	35	+ */
	36	+ protected static function getFieldPrefix() {
	37	+ return 'question_';
	38	+ }
	39	+
	40	+ /**
23	41	* Returns an array with the fields and their types this object contains.
24	42	* This corresponds directly to the fields in the database, without prefix.
25	43	*
—	—	@@ -109,15 +127,4 @@
110	128	return self::select( null, $conditions );
111	129	}
112	130
113		- /**
114		~~- * @see SurveyDBClass::getDBTable()~~
115		~~- */~~
116		~~- protected static function getDBTable() {~~
117		~~- return 'survey_questions';~~
118		~~- }~~
119		-
120		~~- protected static function getFieldPrefix() {~~
121		~~- return 'question_';~~
122		~~- }~~
123		-
124	131	}
Index: trunk/extensions/Survey/api/ApiDeleteSurvey.php
—	—	@@ -46,7 +46,8 @@
47	47	}
48	48
49	49	public function getTokenSalt() {
50		~~- return 'deletesurvey';~~
	50	+ $params = $this->extractRequestParams();
	51	+ return 'deletesurvey' . implode( '\|', $params['ids'] );
51	52	}
52	53
53	54	public function mustBePosted() {
Index: trunk/extensions/Survey/api/ApiEditSurvey.php
—	—	@@ -23,7 +23,7 @@
24	24
25	25	if ( !$wgUser->isAllowed( 'surveyadmin' ) \|\| $wgUser->isBlocked() ) {
26	26	$this->dieUsageMsg( array( 'badaccess-groups' ) );
27		~~- }~~
	27	+ }
28	28
29	29	$params = $this->extractRequestParams();
30	30

Status & tagging log

00:48, 7 September 2011 😂 (talk | contribs) changed the status of r96374 [removed: new added: deferred]