r50604 - Code Review

From MediaWiki.org

Jump to: navigation, search
Repository:MediaWiki
Revision:r50603 | r50604 (on ViewVC) | r50605 >
Date:21:04, 14 May 2009
Author:ashley
Status:deferred
Tags:
Comment:SocialProfile: some fixes for UserStats:
*added 'updatepoints' user right; required to access Special:UpdateEditCounts (previously required the user to be a member of staff user group)
*converted raw SQL in EditCount.php and SpecialUpdateEditCounts.php to use Database class
*fixed indentation in SpecialUpdateEditCounts.php
*spacing tweaks
Modified paths:

Diff [purge]

Index: trunk/extensions/SocialProfile/UserStats/UserStats.i18n.php
===================================================================
--- trunk/extensions/SocialProfile/UserStats/UserStats.i18n.php	(revision 50603)
+++ trunk/extensions/SocialProfile/UserStats/UserStats.i18n.php	(revision 50604)
@@ -41,6 +41,7 @@
 	'top-fans-stats-comment-score-negative-given' => '{{PLURAL:$1|Thumb down given|Thumbs down given}}',
 	'top-fans-stats-gifts-rec-count' => '{{PLURAL:$1|Gift received|Gifts received}}',
 	'top-fans-stats-gifts-sent-count' => '{{PLURAL:$1|Gift sent|Gifts sent}}',
+	'right-updatepoints' => 'Update edit counts',
 	'level-advance-subject' => 'You are now a "$1" on {{SITENAME}}!',
 	'level-advance-body' => 'Hi $1.
 
@@ -518,7 +519,7 @@
 );
 
 /** Finnish (Suomi)
- * @author Jack Phoenix
+ * @author Jack Phoenix <jack@countervandalism.net>
  */
 $messages['fi'] = array(
 	'user-stats-alltime-title' => 'Kaikkien aikojen suurimmat pistemäärät',
@@ -540,6 +541,7 @@
 	'top-fans-stats-foe-count' => '{{PLURAL:$1|vihollinen|vihollista}}',
 	'top-fans-stats-gifts-rec-count' => '{{PLURAL:$1|saatu lahja|saatua lahjaa}}',
 	'top-fans-stats-gifts-sent-count' => '{{PLURAL:$1|lähetetty lahja|lähetettyä lahjaa}}',
+	'right-updatepoints' => 'Päivittää muokkausmääriä',
 	'level-advance-subject' => 'Olet nyt "$1" {{GRAMMAR:inessive|{{SITENAME}}}}!',
 	'level-advance-body' => 'Hei $1:
 
Index: trunk/extensions/SocialProfile/UserStats/EditCount.php
===================================================================
--- trunk/extensions/SocialProfile/UserStats/EditCount.php	(revision 50603)
+++ trunk/extensions/SocialProfile/UserStats/EditCount.php	(revision 50604)
@@ -1,4 +1,12 @@
 <?php
+/**
+ * Protect against register_globals vulnerabilities.
+ * This line must be present before any global variable is referenced.
+ */
+if ( !defined( 'MEDIAWIKI' ) ){
+	die( "This is not a valid entry point.\n" );
+}
+
 $wgHooks['NewRevisionFromEditComplete'][] = 'incEditCount';
 
 function incEditCount( &$article, $revision, $baseRevId ) {
@@ -7,7 +15,7 @@
 	// only keep tally for allowable namespaces
 	if( !is_array( $wgNamespacesForEditPoints ) || in_array( $wgTitle->getNamespace(), $wgNamespacesForEditPoints ) ){
 		$stats = new UserStatsTrack( $wgUser->getID(), $wgUser->getName() );
-		$stats->incStatField('edit');
+		$stats->incStatField( 'edit' );
 	}
 	return true;
 }
@@ -15,14 +23,18 @@
 $wgHooks['ArticleDelete'][] = 'removeDeletedEdits';
 
 function removeDeletedEdits( &$article, &$user, &$reason ){
-	global $wgUser, $wgTitle, $wgDBprefix, $wgNamespacesForEditPoints;
+	global $wgUser, $wgTitle, $wgNamespacesForEditPoints;
 
 	// only keep tally for allowable namespaces
 	if( !is_array( $wgNamespacesForEditPoints ) || in_array( $wgTitle->getNamespace(), $wgNamespacesForEditPoints ) ){
 
 		$dbr = wfGetDB( DB_MASTER );
-		$sql = "SELECT rev_user_text, rev_user, count(*) AS the_count FROM ".$wgDBprefix."revision WHERE rev_page = {$article->getID()} AND rev_user <> 0  GROUP BY rev_user_text";
-		$res = $dbr->query($sql);
+		$res = $dbr->select( 'revision',
+			array( 'rev_user_text', 'rev_user', 'COUNT(*) AS the_count' ),
+			array( 'rev_page' => $article->getID(), 'rev_user <> 0' ),
+			__METHOD__,
+			array( 'GROUP BY' => 'rev_user_text' )
+		);
 		while( $row = $dbr->fetchObject( $res ) ) {
 			$stats = new UserStatsTrack( $row->rev_user, $row->rev_user_text );
 			$stats->decStatField( 'edit', $row->the_count );
@@ -34,14 +46,18 @@
 $wgHooks['ArticleUndelete'][] = 'restoreDeletedEdits';
 
 function restoreDeletedEdits( &$title, $new ){
-	global $wgUser, $wgDBprefix, $wgNamespacesForEditPoints;
+	global $wgUser, $wgNamespacesForEditPoints;
 
 	// only keep tally for allowable namespaces
 	if( !is_array( $wgNamespacesForEditPoints ) || in_array( $title->getNamespace(), $wgNamespacesForEditPoints ) ){
 
 		$dbr = wfGetDB( DB_MASTER );
-		$sql = "SELECT rev_user_text, rev_user, count(*) AS the_count FROM ".$wgDBprefix."revision WHERE rev_page = {$title->getArticleID()} AND rev_user <> 0  GROUP BY rev_user_text";
-		$res = $dbr->query($sql);
+		$res = $dbr->select( 'revision',
+			array( 'rev_user_text', 'rev_user', 'COUNT(*) AS the_count' ),
+			array( 'rev_page' => $title->getArticleID(), 'rev_user <> 0' ),
+			__METHOD__,
+			array( 'GROUP BY' => 'rev_user_text' )
+		);
 		while( $row = $dbr->fetchObject( $res ) ) {
 			$stats = new UserStatsTrack( $row->rev_user, $row->rev_user_text );
 			$stats->incStatField( 'edit', $row->the_count );
Index: trunk/extensions/SocialProfile/UserStats/SpecialUpdateEditCounts.php
===================================================================
--- trunk/extensions/SocialProfile/UserStats/SpecialUpdateEditCounts.php	(revision 50603)
+++ trunk/extensions/SocialProfile/UserStats/SpecialUpdateEditCounts.php	(revision 50604)
@@ -5,53 +5,59 @@
 	/**
 	 * Constructor
 	 */
-	function __construct(){
+	public function __construct(){
 		parent::__construct( 'UpdateEditCounts' );
 	}
 
 	function updateMainEditsCount(){
-		global $wgOut, $wgUser, $wgDBprefix;
+		global $wgOut, $wgUser;
 
-		$wgOut->setPageTitle('Update Edit Counts');
+		$wgOut->setPageTitle( 'Update Edit Counts' );
 
-		if( !in_array( 'staff', ( $wgUser->getGroups() ) ) ){
+		if( !$wgUser->isAllowed( 'updatepoints' ) ){
 			$wgOut->errorpage( 'error', 'badaccess' );
 			return false;
 		}
 
 		$dbw = wfGetDB( DB_MASTER );
-		$sql = "SELECT rev_user_text, rev_user,	count(*) AS the_count FROM ".$wgDBprefix."revision INNER JOIN ".$wgDBprefix."page ON page_id = rev_page WHERE page_namespace = 0 AND rev_user <> 0 GROUP BY rev_user_text	";
-		$res = $dbw->query($sql);
+		$res = $dbw->select(
+			array( 'revision', 'page' ),
+			array( 'rev_user_text', 'rev_user', 'COUNT(*) AS the_count' ),
+			array( 'page_namespace = 0', 'rev_user <> 0' ),
+			__METHOD__,
+			array( 'GROUP BY' => 'rev_user_text' ),
+			array( 'page' => array( 'INNER JOIN', 'page_id = rev_page' ) )
+		);
 		while( $row = $dbw->fetchObject( $res ) ) {
 
-		$user = User::newFromId($row->rev_user);
-		$user->loadFromId();
+			$user = User::newFromId( $row->rev_user );
+			$user->loadFromId();
 
-		if( !$user->isAllowed( 'bot' ) ){
-			$edit_count = $row->the_count;
-		} else {
-			$edit_count = 0;
-		}
+			if( !$user->isAllowed( 'bot' ) ){
+				$edit_count = $row->the_count;
+			} else {
+				$edit_count = 0;
+			}
 
-		$s = $dbw->selectRow( 'user_stats', array( 'stats_user_id' ), array( 'stats_user_id' => $row->rev_user ), __METHOD__ );
-		if ( !$s->stats_user_id ) {
+			$s = $dbw->selectRow( 'user_stats', array( 'stats_user_id' ), array( 'stats_user_id' => $row->rev_user ), __METHOD__ );
+			if ( !$s->stats_user_id ) {
+				$dbw->insert( 'user_stats',
+					array(
+						'stats_year_id' => 0,
+						'stats_user_id' => $row->rev_user,
+						'stats_user_name' => $row->rev_user_text,
+						'stats_total_points' => 1000
+					), __METHOD__
+				);
+			}
+			$wgOut->addHTML("<p>Updating {$row->rev_user_text} with {$edit_count} edits</p>");
 
-			$dbw->insert( 'user_stats',
-			array(
-				'stats_year_id' => 0,
-				'stats_user_id' => $row->rev_user,
-				'stats_user_name' => $row->rev_user_text,
-				'stats_total_points' => 1000
-				), __METHOD__
+			$dbw->update( 'user_stats',
+				array( 'stats_edit_count = ' . $edit_count ),
+				array( 'stats_user_id' => $row->rev_user ),
+				__METHOD__
 			);
-		}
-		$wgOut->addHTML("<p>Updating {$row->rev_user_text} with {$edit_count} edits</p>");
 
-		$dbw->update( 'user_stats',
-				array( "stats_edit_count=".$edit_count ),
-				array( 'stats_user_id' => $row->rev_user ),
-				__METHOD__ );
-
 			global $wgMemc;
 			// clear stats cache for current user
 			$key = wfMemcKey( 'user', 'stats', $row->rev_user );
@@ -66,22 +72,26 @@
 	 * @param $par Mixed: parameter passed to the page or null
 	 */
 	public function execute( $par ){
-		global $wgUser, $wgOut, $wgDBprefix;
+		global $wgUser, $wgOut;
 		$dbr = wfGetDB( DB_MASTER );
 		$this->updateMainEditsCount();
 
 		global $wgUserLevels;
 		$wgUserLevels = '';
 
-		$sql = "SELECT stats_user_id,stats_user_name, stats_total_points FROM ".$wgDBprefix."user_stats ORDER BY stats_user_name";
-		$res = $dbr->query($sql);
+		$res = $dbr->select( 'user_stats',
+			array( 'stats_user_id', 'stats_user_name', 'stats_total_points' ),
+			array(),
+			__METHOD__,
+			array( 'ORDER BY' => 'stats_user_name' )
+		);
 		$out = '';
 		while ( $row = $dbr->fetchObject( $res ) ) {
 			$x++;
-			$stats = new UserStatsTrack($row->stats_user_id, $row->stats_user_name);
+			$stats = new UserStatsTrack( $row->stats_user_id, $row->stats_user_name );
 			$stats->updateTotalPoints();
 		}
 		$out = "Updated stats for <b>{$x}</b> users";
-		$wgOut->addHTML($out);
+		$wgOut->addHTML( $out );
 	}
 }

Status & tagging log

Retrieved from "http://www.mediawiki.org/wiki/Special:Code/MediaWiki/50604"
Views
Toolbox