jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/324789 )
Change subject: Ignore invalid country codes from query string
......................................................................
Ignore invalid country codes from query string
If someone follows a link with &country=XX, ignore the code and fall
back to the cookie or IP address lookup.
Bug: T152026
Change-Id: Id84acd41063242815fdbc9692023a6c235de80e7
---
M FundraiserRedirector.body.php
1 file changed, 43 insertions(+), 0 deletions(-)
Approvals:
Mepps: Looks good to me, approved
jenkins-bot: Verified
diff --git a/FundraiserRedirector.body.php b/FundraiserRedirector.body.php
index a1becd2..67ccc2c 100644
--- a/FundraiserRedirector.body.php
+++ b/FundraiserRedirector.body.php
@@ -16,6 +16,9 @@
// Country passed in the URL param gets first precedence.
$country = $this->getRequest()->getVal( 'country' );
+ if ( !self::isValidIsoCountryCode( $country ) ) {
+ $country = '';
+ }
// Get country from the GeoIP cookie if present.
if ( !$country ) {
@@ -103,4 +106,44 @@
// Redirect
$this->getOutput()->redirect( $redirectURL );
}
+
+ /**
+ * Checks to see if $country is a valid iso 3166-1 country code.
+ * DOES NOT VERIFY THAT WE FUNDRAISE THERE. Only that the code makes
sense.
+ * @param string $country the code we want to check
+ * @return bool
+ */
+ public static function isValidIsoCountryCode( $country ) {
+ /**
+ * List of valid iso 3166 country codes, regenerated on
1380836686
+ * Code generated by a happy script at
+ *
https://gerrit.wikimedia.org/r/#/admin/projects/wikimedia/fundraising/tools,branches
+ */
+ $iso_3166_codes = [
+ 'AF', 'AX', 'AL', 'DZ', 'AS', 'AD', 'AO', 'AI', 'AQ',
'AG', 'AR', 'AM', 'AW', 'AU',
+ 'AT', 'AZ', 'BS', 'BH', 'BD', 'BB', 'BY', 'BE', 'BZ',
'BJ', 'BM', 'BT', 'BO', 'BQ',
+ 'BA', 'BW', 'BV', 'BR', 'IO', 'BN', 'BG', 'BF', 'BI',
'KH', 'CM', 'CA', 'CV', 'KY',
+ 'CF', 'TD', 'CL', 'CN', 'CX', 'CC', 'CO', 'KM', 'CG',
'CD', 'CK', 'CR', 'CI', 'HR',
+ 'CU', 'CW', 'CY', 'CZ', 'DK', 'DJ', 'DM', 'DO', 'EC',
'EG', 'SV', 'GQ', 'ER', 'EE',
+ 'ET', 'FK', 'FO', 'FJ', 'FI', 'FR', 'GF', 'PF', 'TF',
'GA', 'GM', 'GE', 'DE', 'GH',
+ 'GI', 'GR', 'GL', 'GD', 'GP', 'GU', 'GT', 'GG', 'GN',
'GW', 'GY', 'HT', 'HM', 'VA',
+ 'HN', 'HK', 'HU', 'IS', 'IN', 'ID', 'IR', 'IQ', 'IE',
'IM', 'IL', 'IT', 'JM', 'JP',
+ 'JE', 'JO', 'KZ', 'KE', 'KI', 'KP', 'KR', 'KW', 'KG',
'LA', 'LV', 'LB', 'LS', 'LR',
+ 'LY', 'LI', 'LT', 'LU', 'MO', 'MK', 'MG', 'MW', 'MY',
'MV', 'ML', 'MT', 'MH', 'MQ',
+ 'MR', 'MU', 'YT', 'MX', 'FM', 'MD', 'MC', 'MN', 'ME',
'MS', 'MA', 'MZ', 'MM', 'NA',
+ 'NR', 'NP', 'NL', 'NC', 'NZ', 'NI', 'NE', 'NG', 'NU',
'NF', 'MP', 'NO', 'OM', 'PK',
+ 'PW', 'PS', 'PA', 'PG', 'PY', 'PE', 'PH', 'PN', 'PL',
'PT', 'PR', 'QA', 'RE', 'RO',
+ 'RU', 'RW', 'BL', 'SH', 'KN', 'LC', 'MF', 'PM', 'VC',
'WS', 'SM', 'ST', 'SA', 'SN',
+ 'RS', 'SC', 'SL', 'SG', 'SX', 'SK', 'SI', 'SB', 'SO',
'ZA', 'GS', 'SS', 'ES', 'LK',
+ 'SD', 'SR', 'SJ', 'SZ', 'SE', 'CH', 'SY', 'TW', 'TJ',
'TZ', 'TH', 'TL', 'TG', 'TK',
+ 'TO', 'TT', 'TN', 'TR', 'TM', 'TC', 'TV', 'UG', 'UA',
'AE', 'GB', 'US', 'UM', 'UY',
+ 'UZ', 'VU', 'VE', 'VN', 'VG', 'VI', 'WF', 'EH', 'YE',
'ZM', 'ZW',
+ ];
+
+ if ( in_array( $country, $iso_3166_codes ) ) {
+ return true;
+ }
+ return false;
+ }
+
}
--
To view, visit https://gerrit.wikimedia.org/r/324789
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id84acd41063242815fdbc9692023a6c235de80e7
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/FundraiserLandingPage
Gerrit-Branch: master
Gerrit-Owner: Ejegg <[email protected]>
Gerrit-Reviewer: AndyRussG <[email protected]>
Gerrit-Reviewer: Cdentinger <[email protected]>
Gerrit-Reviewer: Eileen <[email protected]>
Gerrit-Reviewer: Katie Horn <[email protected]>
Gerrit-Reviewer: Mepps <[email protected]>
Gerrit-Reviewer: XenoRyet <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
