Spage has uploaded a new change for review.
https://gerrit.wikimedia.org/r/60350
Change subject: Use addCaptchaAPI to supply info to signup form
......................................................................
Use addCaptchaAPI to supply info to signup form
In injectUserCreate(), in 1.22wmf3 and above, instead of adding HTML to
the form template's header, call addCaptchaAPI() to add captcha keys to
the template.
The Create account form has to be updated to know how to create HTML
from the captcha info. Do NOT merge this change without coordination
with mediawiki core.
Also change a comment.
Bug: 467590
Change-Id: I16e63b086ee1aaa7fc205732a531a73e55a44a91
---
M Captcha.php
1 file changed, 25 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ConfirmEdit
refs/changes/50/60350/1
diff --git a/Captcha.php b/Captcha.php
index 2d6afbf..487f6a8 100644
--- a/Captcha.php
+++ b/Captcha.php
@@ -98,23 +98,38 @@
}
/**
- * Inject whazawhoo
- * @fixme if multiple thingies insert a header, could break
+ * Inject into Create account form.
* @param QuickTemplate $template
* @return bool true to keep running callbacks
*/
function injectUserCreate( &$template ) {
- global $wgCaptchaTriggers, $wgOut, $wgUser;
+ global $wgCaptchaTriggers, $wgOut, $wgUser, $wgVersion;
if ( $wgCaptchaTriggers['createaccount'] ) {
if ( $wgUser->isAllowed( 'skipcaptcha' ) ) {
wfDebug( "ConfirmEdit: user group allows
skipping captcha on account creation\n" );
return true;
}
- $template->set( 'header',
- "<div class='captcha'>" .
- $wgOut->parse( $this->getMessage(
'createaccount' ) ) .
- $this->getForm() .
- "</div>\n" );
+ if ( version_compare( $wgVersion, '1.22wmf3', '<' ) ) {
+ // Old way: put HTML in template 'header' field.
+ // If multiple hooks put stuff in header, this
breaks.
+ $template->set( 'header',
+ "<div class='captcha'>" .
+ $wgOut->parse( $this->getMessage(
'createaccount' ) ) .
+ $this->getForm() .
+ "</div>\n" );
+ } else {
+ // New way: addCaptchaAPI adds captcha array
with subkeys; put
+ // this in template, and calling form decides
how to render.
+ $resultArr = array();
+ $this->addCaptchaAPI( $resultArr );
+ $template->set( 'captcha',
$resultArr['captcha'] );
+ if ( !isset( $resultArr['captcha'] ) || count(
$resultArr ) > 1 ) {
+ var_dump( $resultArr );
+ wfDebug( 'ConfirmEdit: addCaptchaAPI
set unexpected keys in (' .
+ implode( array_keys( $resultArr
), '-' )
+ . ")\n" );
+ }
+ }
}
return true;
}
@@ -533,7 +548,8 @@
$this->trigger = "post-badlogin login '" .
$u->getName() . "'";
if ( !$this->passCaptcha() ) {
- // Emulate a bad-password return to confuse the
shit out of attackers
+ // Emulate a bad-password return to confuse the
shit out of
+ // attackers (but see bug 12206).
$retval = LoginForm::WRONG_PASS;
return false;
}
--
To view, visit https://gerrit.wikimedia.org/r/60350
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I16e63b086ee1aaa7fc205732a531a73e55a44a91
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ConfirmEdit
Gerrit-Branch: master
Gerrit-Owner: Spage <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
