On Wed, May 14, 2014 at 12:21 PM, Maciej Sobaczewski <[email protected]> wrote: >> On Tue, May 13, 2014 at 2:16 AM, Hannes Magnusson < >> [email protected]> wrote: >> >>> On Sun, May 11, 2014 at 10:12 AM, <[email protected]> wrote: >>>> >>>> Commit: 066a3c46cf554167ecf3ccc8778ff192a1d08901 >>>> Author: Sobak <[email protected]> Sun, 11 May 2014 >>> >>> 19:12:23 +0200 >>>> >>>> Parents: 5aea2a996ff375cd4c5e475ff09796dc020cffe6 >>>> Branches: master >>>> >>>> Link: >>> >>> >>> http://git.php.net/?p=web/wiki.git;a=commitdiff;h=066a3c46cf554167ecf3ccc8778ff192a1d08901 >>>> >>>> >>>> Log: >>>> Link users to their PHP.net profile >>>> >>>> Changed paths: >>>> M dokuwiki/inc/common.php >>>> >>>> >>>> Diff: >>>> diff --git a/dokuwiki/inc/common.php b/dokuwiki/inc/common.php >>>> index 3277128..ca410c5 100644 >>>> --- a/dokuwiki/inc/common.php >>>> +++ b/dokuwiki/inc/common.php >>>> @@ -1418,34 +1418,7 @@ function shorten($keep, $short, $max, $min = 9, >>> >>> $char = '…') { >>>> >>>> * @author Andy Webber <dokuwiki AT andywebber DOT com> >>>> */ >>>> function editorinfo($username) { >>>> - global $conf; >>>> - global $auth; >>>> - >>>> - switch($conf['showuseras']) { >>>> - case 'username': >>>> - case 'email': >>>> - case 'email_link': >>>> - if($auth) $info = $auth->getUserData($username); >>>> - break; >>>> - default: >>>> - return hsc($username); >>>> - } >>>> - >>>> - if(isset($info) && $info) { >>>> - switch($conf['showuseras']) { >>>> - case 'username': >>>> - return hsc($info['name']); >>>> - case 'email': >>>> - return obfuscate($info['mail']); >>>> - case 'email_link': >>>> - $mail = obfuscate($info['mail']); >>>> - return '<a href="mailto:'.$mail.'">'.$mail.'</a>'; >>>> - default: >>>> - return hsc($username); >>>> - } >>>> - } else { >>>> - return hsc($username); >>>> - } >>>> + return '<a href="//people.php.net/'.$username. >>> >>> '">'.$username.'</a>'; >>> >>> >>> - Not all wiki users have @php.net karma/profile pages (it depends on >>> the login method) >>> - You need to escape the $username (XSS...) >>> - Modifying dokuwiki core code is evil as it will get lost next time >>> we upgrade (say, a new security release is out). Please attempt to >>> make these changes as part of a custom plugin or maintain a patch file >>> in the patches/ directory >>> >>> >> uhm, shouldn't we revert it until the concerns you've raised are fixed? >> >> > > Ferenc, you're probably right. I will prepare patches tomorrow for this > change and for history view improvements as well. Probably better reason to > revert this change is fact that not every account on wiki is connected with > people.php.net profile. > > I'm looking for fix on that issue. Maybe can we check user's email adress in > wiki's database? However, I don't have access to this and I don't really > know if account created with general PHP.net profile have @php.net emails. > How do you think?
Look at the dokuwiki/lib/plugins/phpcvs/auth.php plugin. We don't use the wiki database for php.net karma users. -Hannes -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
