projects / pgweb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: adab222)
bring the example code for the mediawiki plugin more in line with what
authorStefan Kaltenbrunner <stefan@kaltenbrunner.cc>
Tue, 13 Aug 2013 21:56:32 +0000 (23:56 +0200)
committerStefan Kaltenbrunner <stefan@kaltenbrunner.cc>
Tue, 13 Aug 2013 21:56:32 +0000 (23:56 +0200)
we actually use in production, this mostly consists of the "new style" support
for raw data passthrough, but does not fix the actual problem (which is dealing
with url "double" encoding/decoding - or rather the loss of information about
that) yet...
Will fix that and sync up exactly with the production code for MW 1.19 soon...

tools/communityauth/sample/php/mediawiki/auth.php patch | blob | blame | history
tools/communityauth/sample/php/mediawiki/login.php patch | blob | blame | history
tools/communityauth/sample/php/mediawiki/pgauth_conf.php patch | blob | blame | history

diff --git a/tools/communityauth/sample/php/mediawiki/auth.php b/tools/communityauth/sample/php/mediawiki/auth.php
index 4a3072448709a545251cd815acc274b0e5dc2a21..3b1b02dede4aa1d8417ff43d72a11e2b801bf23b 100644 (file)
--- a/tools/communityauth/sample/php/mediawiki/auth.php
+++ b/tools/communityauth/sample/php/mediawiki/auth.php
@@ -14,7 +14,7 @@ session_name('wikidb_session');
 session_start();
 
 $iv = $_GET['i'];
-$d = $_GET['d'];
+$d = urldecode($_GET['d']);
 
 $key = base64_decode(strtr(${pgauth_key}, '-_', '+/'), true);
 $iv = base64_decode(strtr($iv, '-_', '+/'), true);
@@ -47,7 +47,7 @@ if ($data['t'] < time() - 10) {
   exit(0);
 }
 
-// User found, and we read a reasonable authenticaiton time.
+// User found, and we read a reasonable authentication time
 // Look for the user in the mediawiki database
 $db = pg_connect(${pgauth_connstr});
 $q = pg_query_params($db, "SELECT user_token, user_id, user_real_name, user_email FROM mwuser WHERE user_name=$1", array(ucfirst(strtolower($data['u']))));
@@ -62,7 +62,7 @@ if (pg_num_rows($q) == 0) {
   /*
    * Try to create a user..
    */
-  $q = pg_query_params($db, "INSERT INTO mwuser (user_name, user_real_name, user_password, user_newpassword, user_newpass_time, user_token, user_email, user_email_token, user_email_token_expires, user_email_authenticated, user_options, user_touched, user_registration, user_editcount, user_hidden) VALUES ($1, $2, NULL, NULL, NULL, $3, $4, NULL, '2000-01-01 00:00:00', CURRENT_TIMESTAMP, $5, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0, 0) RETURNING user_token, user_id, user_real_name, user_email", array(ucfirst(strtolower($data['u'])), $data['f'] . ' ' . $data['l'], $token, $data['e'], ''));
+  $q = pg_query_params($db, "INSERT INTO mwuser (user_name, user_real_name, user_password, user_newpassword, user_newpass_time, user_token, user_email, user_email_token, user_email_token_expires, user_email_authenticated, user_options, user_touched, user_registration, user_editcount, user_hidden) VALUES ($1, $2, '', NULL, NULL, $3, $4, NULL, '2000-01-01 00:00:00', CURRENT_TIMESTAMP, $5, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 0, 0) RETURNING user_token, user_id, user_real_name, user_email", array(ucfirst(strtolower($data['u'])), $data['f'] . ' ' . $data['l'], $token, $data['e'], ''));
   if (pg_num_rows($q) != 1) {
     print "Failed to add user!";
     pg_close($db);
@@ -107,10 +107,14 @@ $_SESSION['wsToken'] = $r['user_token'];
 $_SESSION['wsUserName'] = ucfirst(strtolower($data['u']));
 session_write_close();
 
-if ($data['su']) {
-  $redir = $data['su'];
+if ($data['d']) {
+       $redir = base64_decode($data['']);
+       if (!preg_match("#^/wiki/#",$redir)) {
+               print "invalid redirection target!";
+               exit(0);
+       } ,
 } else {
-  $redir = '/wiki/Main_Page';
+       $redir = '/wiki/Main_Page';
 }
 
 /* Add ?nocache=... or &nocache=... to avoid mediawiki caching */
diff --git a/tools/communityauth/sample/php/mediawiki/login.php b/tools/communityauth/sample/php/mediawiki/login.php
index 99da885de7b6486e2b9b972175404cb81a5389af..75d2b2e0014172507c5d77593547af003a923bc0 100644 (file)
--- a/tools/communityauth/sample/php/mediawiki/login.php
+++ b/tools/communityauth/sample/php/mediawiki/login.php
@@ -2,6 +2,6 @@
 require 'pgauth_conf.php';
 /* Redirect authentication request */
 
-$su = "/wiki/" . $_GET['r'];
-header("Location: https://www.postgresql.org/account/auth/${pgauth_siteid}/?su=" . urlencode($su));
+$d = base64_encode("/wiki/" . $_GET['r']);
+header("Location: https://www.postgresql.org/account/auth/${pgauth_siteid}/?d=" . urlencode($d));
 ?>
diff --git a/tools/communityauth/sample/php/mediawiki/pgauth_conf.php b/tools/communityauth/sample/php/mediawiki/pgauth_conf.php
index 8618e9ce0b6d811045d553ec2337601e7093fd20..729fd0bade5804b3217974406729ca29432c9941 100644 (file)
--- a/tools/communityauth/sample/php/mediawiki/pgauth_conf.php
+++ b/tools/communityauth/sample/php/mediawiki/pgauth_conf.php
@@ -4,4 +4,4 @@ $pgauth_key = 'puSOAmUPWlZvVvnQtkUpwjxj7U4NT7sW0FhBqo/OkgA=';
 $pgauth_rootsite = 'https://wikitest.postgresql.org';
 $pgauth_logoutsite = 'http://wikitest.postgresql.org';
 $pgauth_connstr = "dbname=wikidb";
-?>
\ No newline at end of file
+?>
This is the code for the postgresql.org website