Awight has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/342047 )
Change subject: Stop prematurely escaping
......................................................................
Stop prematurely escaping
Escaping should be done before HTML display, not as pseduo-sanitization.
Change-Id: Ifefc3f5990992730098dede918ccee269cad0194
---
M astropay_gateway/astropay.adapter.php
M gateway_common/DonationData.php
M gateway_common/gateway.adapter.php
M tests/phpunit/Adapter/GlobalCollect/GlobalCollectTest.php
4 files changed, 16 insertions(+), 33 deletions(-)
git pull
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface
refs/changes/47/342047/1
diff --git a/astropay_gateway/astropay.adapter.php
b/astropay_gateway/astropay.adapter.php
index 6e042fd..950f5b4 100644
--- a/astropay_gateway/astropay.adapter.php
+++ b/astropay_gateway/astropay.adapter.php
@@ -359,8 +359,8 @@
} else if ( preg_match( '/param x_cpf$/i',
$response['desc'] ) ) {
// Something wrong with the fiscal
number
$context = 'fiscal_number';
- $language =
$this->dataObj->getVal_Escaped( 'language' );
- $country =
$this->dataObj->getVal_Escaped( 'country' );
+ $language = $this->dataObj->getVal(
'language' );
+ $country = $this->dataObj->getVal(
'country' );
$message =
DataValidator::getErrorMessage( 'fiscal_number', 'calculated', $language,
$country );
} else if ( preg_match( '/invalid control/i',
$response['desc'] ) ) {
// They think we screwed up the
signature. Log what we signed.
diff --git a/gateway_common/DonationData.php b/gateway_common/DonationData.php
index 07c6d43..26088eb 100644
--- a/gateway_common/DonationData.php
+++ b/gateway_common/DonationData.php
@@ -201,13 +201,12 @@
}
/**
- * Returns an array of normalized and escaped donation data
+ * Returns the array of all normalized donation data.
+ *
* @return array
*/
- public function getDataEscaped() {
- $escaped = $this->normalized;
- array_walk( $escaped, array( $this, 'sanitizeInput' ) );
- return $escaped;
+ public function getData() {
+ return $this->normalized;
}
/**
@@ -229,30 +228,14 @@
}
/**
- * getVal_Escaped
- * @param string $key The data field you would like to retrieve. Pulls
the
- * data from $this->normalized if it is found to be something.
- * @return mixed The normalized and escaped value of that $key.
- */
- public function getVal_Escaped( $key ) {
- if ( $this->isSomething( $key ) ) {
- //TODO: If we ever start sanitizing in a more
complicated way, we should move this
- //off to a function and have both getVal_Escaped and
sanitizeInput call that.
- return htmlspecialchars( $this->normalized[$key],
ENT_COMPAT, 'UTF-8', false );
- } else {
- return null;
- }
- }
-
- /**
- * getVal
- * For Internal Use Only! External objects should use getVal_Escaped.
+ * Return the value at a key, or null if the key isn't populated.
+ *
* @param string $key The data field you would like to retrieve directly
* from $this->normalized.
* @return mixed The normalized value of that $key, or null if it isn't
* something.
*/
- protected function getVal( $key ) {
+ public function getVal( $key ) {
if ( $this->isSomething( $key ) ) {
return $this->normalized[$key];
} else {
diff --git a/gateway_common/gateway.adapter.php
b/gateway_common/gateway.adapter.php
index 84b980d..8d7ed15 100644
--- a/gateway_common/gateway.adapter.php
+++ b/gateway_common/gateway.adapter.php
@@ -241,7 +241,7 @@
$this->setValidationErrors(
$this->getOriginalValidationErrors() );
- $this->unstaged_data = $this->dataObj->getDataEscaped();
+ $this->unstaged_data = $this->dataObj->getData();
$this->staged_data = $this->unstaged_data;
// checking to see if we have an edit token in the request...
@@ -924,7 +924,7 @@
$this->regenerateOrderID();
// Pull anything changed from dataObj
- $this->unstaged_data =
$this->dataObj->getDataEscaped();
+ $this->unstaged_data =
$this->dataObj->getData();
$this->staged_data = $this->unstaged_data;
$this->stageData();
}
@@ -2125,7 +2125,7 @@
}
public function getFormClass() {
- $ffname = $this->dataObj->getVal_Escaped( 'ffname' );
+ $ffname = $this->dataObj->getVal( 'ffname' );
if ( strpos( $ffname, 'error') === 0
|| strpos( $ffname, 'maintenance') === 0 ) {
return 'MustacheErrorForm';
@@ -2315,7 +2315,7 @@
* our DonationData object.
*/
function refreshGatewayValueFromSource( $val ) {
- $refreshed = $this->dataObj->getVal_Escaped( $val );
+ $refreshed = $this->dataObj->getVal( $val );
if ( !is_null($refreshed) ){
$this->staged_data[$val] = $refreshed;
$this->unstaged_data[$val] = $refreshed;
@@ -3377,7 +3377,7 @@
// sequence number tacked on to the end for uniqueness
$dataObj = ( $dataObj ) ?: $this->dataObj;
- $ctid = $dataObj->getVal_Escaped(
'contribution_tracking_id' );
+ $ctid = $dataObj->getVal( 'contribution_tracking_id' );
if ( !$ctid ) {
$ctid =
$dataObj->saveContributionTrackingData();
}
diff --git a/tests/phpunit/Adapter/GlobalCollect/GlobalCollectTest.php
b/tests/phpunit/Adapter/GlobalCollect/GlobalCollectTest.php
index 12dc77d..4c46ab2 100644
--- a/tests/phpunit/Adapter/GlobalCollect/GlobalCollectTest.php
+++ b/tests/phpunit/Adapter/GlobalCollect/GlobalCollectTest.php
@@ -396,10 +396,10 @@
$exposed = TestingAccessWrapper::newFromObject( $gateway );
// Desired vars were written into normalized data.
- $this->assertEquals( $ctid, $exposed->dataObj->getVal_Escaped(
'contribution_tracking_id' ) );
+ $this->assertEquals( $ctid, $exposed->dataObj->getVal(
'contribution_tracking_id' ) );
// Language was not overwritten.
- $this->assertEquals( 'ca', $exposed->dataObj->getVal_Escaped(
'language' ) );
+ $this->assertEquals( 'ca', $exposed->dataObj->getVal(
'language' ) );
}
/**
--
To view, visit https://gerrit.wikimedia.org/r/342047
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifefc3f5990992730098dede918ccee269cad0194
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: master
Gerrit-Owner: Awight <awi...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
