common.php

Maciej Sobaczewski Wed, 14 May 2014 12:22:57 -0700

On Tue, May 13, 2014 at 2:16 AM, Hannes Magnusson <
[email protected]> wrote:

On Sun, May 11, 2014 at 10:12 AM,  <[email protected]> wrote:

Commit:    066a3c46cf554167ecf3ccc8778ff192a1d08901
Author:    Sobak <[email protected]>         Sun, 11 May 2014

19:12:23 +0200

Parents:   5aea2a996ff375cd4c5e475ff09796dc020cffe6
Branches:  master

Link:

http://git.php.net/?p=web/wiki.git;a=commitdiff;h=066a3c46cf554167ecf3ccc8778ff192a1d08901


Log:
Link users to their PHP.net profile

Changed paths:
   M  dokuwiki/inc/common.php


Diff:
diff --git a/dokuwiki/inc/common.php b/dokuwiki/inc/common.php
index 3277128..ca410c5 100644
--- a/dokuwiki/inc/common.php
+++ b/dokuwiki/inc/common.php
@@ -1418,34 +1418,7 @@ function shorten($keep, $short, $max, $min = 9,

$char = '…') {

   * @author Andy Webber <dokuwiki AT andywebber DOT com>
   */
  function editorinfo($username) {
-    global $conf;
-    global $auth;
-
-    switch($conf['showuseras']) {
-        case 'username':
-        case 'email':
-        case 'email_link':
-            if($auth) $info = $auth->getUserData($username);
-            break;
-        default:
-            return hsc($username);
-    }
-
-    if(isset($info) && $info) {
-        switch($conf['showuseras']) {
-            case 'username':
-                return hsc($info['name']);
-            case 'email':
-                return obfuscate($info['mail']);
-            case 'email_link':
-                $mail = obfuscate($info['mail']);
-                return '<a href="mailto:'.$mail.'">'.$mail.'</a>';
-            default:
-                return hsc($username);
-        }
-    } else {
-        return hsc($username);
-    }
+    return '<a href="//people.php.net/'.$username.

'">'.$username.'</a>';


- Not all wiki users have @php.net karma/profile pages (it depends on
the login method)
- You need to escape the $username (XSS...)
- Modifying dokuwiki core code is evil as it will get lost next time
we upgrade (say, a new security release is out). Please attempt to
make these changes as part of a custom plugin or maintain a patch file
in the patches/ directory

uhm, shouldn't we revert it until the concerns you've raised are fixed?

Ferenc, you're probably right. I will prepare patches tomorrow for thischange and for history view improvements as well. Probably better reasonto revert this change is fact that not every account on wiki isconnected with people.php.net profile.

I'm looking for fix on that issue. Maybe can we check user's emailadress in wiki's database? However, I don't have access to this and Idon't really know if account created with general PHP.net profile have@php.net emails. How do you think?


Regards,
Maciej.

--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-WEBMASTER] com web/wiki: Link users to their PHP.netprofile: dokuwiki/inc/common.php

Reply via email to