[MediaWiki-CVS] SVN: [70057] trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php

Tue, 27 Jul 2010 16:00:37 -0700 

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/70057

Revision: 70057
Author:   nimishg
Date:     2010-07-27 23:00:17 +0000 (Tue, 27 Jul 2010)

Log Message:
-----------
authentication to prevent tons of spurious data

Modified Paths:
--------------
    trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php

Modified: trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php
===================================================================
--- trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php       2010-07-27 
22:57:49 UTC (rev 70056)
+++ trunk/extensions/SimpleSurvey/SpecialSimpleSurvey.php       2010-07-27 
23:00:17 UTC (rev 70057)
@@ -16,9 +16,28 @@
        private $originLink = '';
        private $originLinkUrl = '';
        private $originFullUrl = '';
+       private $tokenToCheck = '';
 
        /* Functions */
        
+       /**
+        * Quick token matching wrapper for form processing
+        */
+       public function checkToken() {
+               global $wgRequest;
+               $this->tokenToCheck = $_SESSION['wsSimpleSurveyToken'];
+               if($this->tokenToCheck != "" &&
+                        ( $wgRequest->getVal( 'token' ) == $this->tokenToCheck 
) ){
+                       return true;
+               }
+               else return false;
+       }
+       
+       public function setToken(){
+               $this->tokenToCheck = wfGenerateToken( array( $this, time() ) );
+               $_SESSION['wsSimpleSurveyToken'] = $this->tokenToCheck;
+       }
+       
        public function __construct() {
                parent::__construct( 'SimpleSurvey' );
                wfLoadExtensionMessages( 'SimpleSurvey' );
@@ -33,7 +52,7 @@
                $surveyName = $wgRequest->getVal("survey");
                
                if($wgRequest->wasPosted()){
-                               if($surveyName && 
in_array($surveyName,$wgValidSurveys )){
+                               if($surveyName && 
in_array($surveyName,$wgValidSurveys ) && $this->checkToken() ){
                                        SimpleSurvey::save( $surveyName, 
$wgPrefSwitchSurveys[$surveyName] );
                                        $wgOut->addHtml("<b>" . wfMsg( 
'simple-survey-confirm' ). "</b>");
                                }
@@ -45,6 +64,7 @@
                                return;
                }
                
+               $this->setToken();
                // Get the origin from the request
                $par = $wgRequest->getVal( 'from', $par );
                $this->originTitle = Title::newFromText( $par );
@@ -104,6 +124,7 @@
                        )
                );
                $html .= Xml::hidden( 'survey', $mode );
+               $html .= Xml::hidden( 'token', $this->tokenToCheck);
                // Render a survey
                $html .= SimpleSurvey::render(
                        $wgPrefSwitchSurveys[$mode]['questions']



_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to