From 7040aeffca4f49fe4c079dc6f16201d1a19d1780 Mon Sep 17 00:00:00 2001 From: kaldari Date: Fri, 20 Feb 2015 10:50:17 -0800 Subject: [PATCH] Some clean-up of TemplateParser * Replacing global var with Config * Fixing spacing * Adding @since tag Change-Id: I8b0a35116eef6ecead16e03a3c408081ee500aa6 --- includes/TemplateParser.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/includes/TemplateParser.php b/includes/TemplateParser.php index 57fcc24882..41ae4a4a53 100644 --- a/includes/TemplateParser.php +++ b/includes/TemplateParser.php @@ -18,6 +18,7 @@ * http://www.gnu.org/copyleft/gpl.html * * @file + * @since 1.25 */ class TemplateParser { /** @@ -40,7 +41,7 @@ class TemplateParser { * @param boolean $forceRecompile */ public function __construct( $templateDir = null, $forceRecompile = false ) { - $this->templateDir = $templateDir ? $templateDir : __DIR__.'/templates'; + $this->templateDir = $templateDir ? $templateDir : __DIR__ . '/templates'; $this->forceRecompile = $forceRecompile; } @@ -77,8 +78,6 @@ class TemplateParser { * @throws Exception */ public function getTemplate( $templateName ) { - global $wgSecretKey; - // If a renderer has already been defined for this template, reuse it if ( isset( $this->renderers[$templateName] ) ) { return $this->renderers[$templateName]; @@ -96,6 +95,10 @@ class TemplateParser { // Generate a quick hash for cache invalidation $fastHash = md5( $fileContents ); + // Fetch a secret key for building a keyed hash of the PHP code + $config = ConfigFactory::getDefaultInstance()->makeConfig( 'main' ); + $secretKey = $config->get( 'SecretKey' ); + // See if the compiled PHP code is stored in cache. // CACHE_ACCEL throws an exception if no suitable object cache is present, so fall // back to CACHE_ANYTHING. @@ -123,7 +126,7 @@ class TemplateParser { $renderer = eval( $code ); // Prefix the code with a keyed hash (64 hex chars) as an integrity check - $code = hash_hmac( 'sha256', $code, $wgSecretKey ) . $code; + $code = hash_hmac( 'sha256', $code, $secretKey ) . $code; // Cache the compiled PHP code $cache->set( $key, $code ); @@ -131,7 +134,7 @@ class TemplateParser { // Verify the integrity of the cached PHP code $keyedHash = substr( $code, 0, 64 ); $code = substr( $code, 64 ); - if ( $keyedHash === hash_hmac( 'sha256', $code, $wgSecretKey ) ) { + if ( $keyedHash === hash_hmac( 'sha256', $code, $secretKey ) ) { $renderer = eval( $code ); } else { throw new Exception( "Template failed integrity check: {$filename}" ); -- 2.20.1