From cd15a9f8e65eb552a423f50f8cd2817b1915b9a6 Mon Sep 17 00:00:00 2001 From: Siebrand Mazeland Date: Mon, 28 Sep 2015 14:15:09 +0200 Subject: [PATCH] Fix PHPCS warnings in includes/specials/ Change-Id: I37424a84d67aee8532a0224cd7a8147424778e53 --- includes/specials/SpecialEmailuser.php | 42 +++++++++------- includes/specials/SpecialMovepage.php | 24 +++++---- includes/specials/SpecialUploadStash.php | 18 ++++--- includes/specials/SpecialUserlogin.php | 64 +++++++++++++----------- 4 files changed, 82 insertions(+), 66 deletions(-) diff --git a/includes/specials/SpecialEmailuser.php b/includes/specials/SpecialEmailuser.php index 92cb8bf657..6b0d1ec73b 100644 --- a/includes/specials/SpecialEmailuser.php +++ b/includes/specials/SpecialEmailuser.php @@ -329,29 +329,33 @@ class SpecialEmailUser extends UnlistedSpecialPage { } if ( $config->get( 'UserEmailUseReplyTo' ) ) { - // Put the generic wiki autogenerated address in the From: - // header and reserve the user for Reply-To. - // - // This is a bit ugly, but will serve to differentiate - // wiki-borne mails from direct mails and protects against - // SPF and bounce problems with some mailers (see below). + /** + * Put the generic wiki autogenerated address in the From: + * header and reserve the user for Reply-To. + * + * This is a bit ugly, but will serve to differentiate + * wiki-borne mails from direct mails and protects against + * SPF and bounce problems with some mailers (see below). + */ $mailFrom = new MailAddress( $config->get( 'PasswordSender' ), wfMessage( 'emailsender' )->inContentLanguage()->text() ); $replyTo = $from; } else { - // Put the sending user's e-mail address in the From: header. - // - // This is clean-looking and convenient, but has issues. - // One is that it doesn't as clearly differentiate the wiki mail - // from "directly" sent mails. - // - // Another is that some mailers (like sSMTP) will use the From - // address as the envelope sender as well. For open sites this - // can cause mails to be flunked for SPF violations (since the - // wiki server isn't an authorized sender for various users' - // domains) as well as creating a privacy issue as bounces - // containing the recipient's e-mail address may get sent to - // the sending user. + /** + * Put the sending user's e-mail address in the From: header. + * + * This is clean-looking and convenient, but has issues. + * One is that it doesn't as clearly differentiate the wiki mail + * from "directly" sent mails. + * + * Another is that some mailers (like sSMTP) will use the From + * address as the envelope sender as well. For open sites this + * can cause mails to be flunked for SPF violations (since the + * wiki server isn't an authorized sender for various users' + * domains) as well as creating a privacy issue as bounces + * containing the recipient's e-mail address may get sent to + * the sending user. + */ $mailFrom = $from; $replyTo = null; } diff --git a/includes/specials/SpecialMovepage.php b/includes/specials/SpecialMovepage.php index 680a8b8606..aa71d3c19f 100644 --- a/includes/specials/SpecialMovepage.php +++ b/includes/specials/SpecialMovepage.php @@ -643,17 +643,19 @@ class MovePageForm extends UnlistedSpecialPage { $this->moveSubpages = false; } - # Next make a list of id's. This might be marginally less efficient - # than a more direct method, but this is not a highly performance-cri- - # tical code path and readable code is more important here. - # - # Note: this query works nicely on MySQL 5, but the optimizer in MySQL - # 4 might get confused. If so, consider rewriting as a UNION. - # - # If the target namespace doesn't allow subpages, moving with subpages - # would mean that you couldn't move them back in one operation, which - # is bad. - # @todo FIXME: A specific error message should be given in this case. + /** + * Next make a list of id's. This might be marginally less efficient + * than a more direct method, but this is not a highly performance-cri- + * tical code path and readable code is more important here. + * + * Note: this query works nicely on MySQL 5, but the optimizer in MySQL + * 4 might get confused. If so, consider rewriting as a UNION. + * + * If the target namespace doesn't allow subpages, moving with subpages + * would mean that you couldn't move them back in one operation, which + * is bad. + * @todo FIXME: A specific error message should be given in this case. + */ // @todo FIXME: Use Title::moveSubpages() here $dbr = wfGetDB( DB_MASTER ); diff --git a/includes/specials/SpecialUploadStash.php b/includes/specials/SpecialUploadStash.php index dd90590097..eb34008d91 100644 --- a/includes/specials/SpecialUploadStash.php +++ b/includes/specials/SpecialUploadStash.php @@ -36,14 +36,16 @@ class SpecialUploadStash extends UnlistedSpecialPage { // UploadStash private $stash; - // Since we are directly writing the file to STDOUT, - // we should not be reading in really big files and serving them out. - // - // We also don't want people using this as a file drop, even if they - // share credentials. - // - // This service is really for thumbnails and other such previews while - // uploading. + /** + * Since we are directly writing the file to STDOUT, + * we should not be reading in really big files and serving them out. + * + * We also don't want people using this as a file drop, even if they + * share credentials. + * + * This service is really for thumbnails and other such previews while + * uploading. + */ const MAX_SERVE_BYTES = 1048576; // 1MB public function __construct() { diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index ee78a61d27..085cfee4f0 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -276,13 +276,17 @@ class LoginForm extends SpecialPage { } $this->setHeaders(); - // In the case where the user is already logged in, and was redirected to the login form from a - // page that requires login, do not show the login page. The use case scenario for this is when - // a user opens a large number of tabs, is redirected to the login page on all of them, and then - // logs in on one, expecting all the others to work properly. - // - // However, do show the form if it was visited intentionally (no 'returnto' is present). People - // who often switch between several accounts have grown accustomed to this behavior. + /** + * In the case where the user is already logged in, and was redirected to + * the login form from a page that requires login, do not show the login + * page. The use case scenario for this is when a user opens a large number + * of tabs, is redirected to the login page on all of them, and then logs + * in on one, expecting all the others to work properly. + * + * However, do show the form if it was visited intentionally (no 'returnto' + * is present). People who often switch between several accounts have grown + * accustomed to this behavior. + */ if ( $this->mType !== 'signup' && !$this->mPosted && @@ -357,10 +361,10 @@ class LoginForm extends SpecialPage { } $status = $this->addNewAccountInternal(); - LoggerFactory::getInstance( 'authmanager' )->info( 'Account creation attempt with mailed password', array( - 'event' => 'accountcreation', - 'status' => $status, - ) ); + LoggerFactory::getInstance( 'authmanager' )->info( + 'Account creation attempt with mailed password', + array( 'event' => 'accountcreation', 'status' => $status ) + ); if ( !$status->isGood() ) { $error = $status->getMessage(); $this->mainLoginForm( $error->toString() ); @@ -787,22 +791,24 @@ class LoginForm extends SpecialPage { global $wgBlockDisablesLogin; if ( !$u->checkPassword( $this->mPassword ) ) { if ( $u->checkTemporaryPassword( $this->mPassword ) ) { - // The e-mailed temporary password should not be used for actu- - // al logins; that's a very sloppy habit, and insecure if an - // attacker has a few seconds to click "search" on someone's o- - // pen mail reader. - // - // Allow it to be used only to reset the password a single time - // to a new value, which won't be in the user's e-mail ar- - // chives. - // - // For backwards compatibility, we'll still recognize it at the - // login form to minimize surprises for people who have been - // logging in with a temporary password for some time. - // - // As a side-effect, we can authenticate the user's e-mail ad- - // dress if it's not already done, since the temporary password - // was sent via e-mail. + /** + * The e-mailed temporary password should not be used for actu- + * al logins; that's a very sloppy habit, and insecure if an + * attacker has a few seconds to click "search" on someone's + * open mail reader. + * + * Allow it to be used only to reset the password a single time + * to a new value, which won't be in the user's e-mail ar- + * chives. + * + * For backwards compatibility, we'll still recognize it at the + * login form to minimize surprises for people who have been + * logging in with a temporary password for some time. + * + * As a side-effect, we can authenticate the user's e-mail ad- + * dress if it's not already done, since the temporary password + * was sent via e-mail. + */ if ( !$u->isEmailConfirmed() && !wfReadOnly() ) { $u->confirmEmail(); $u->saveSettings(); @@ -1459,7 +1465,9 @@ class LoginForm extends SpecialPage { $template->set( 'emailothers', $wgEnableUserEmail ); $template->set( 'canreset', $wgAuth->allowPasswordChange() ); $template->set( 'resetlink', $resetLink ); - $template->set( 'canremember', $wgExtendedLoginCookieExpiration === null ? ( $wgCookieExpiration > 0 ) : ( $wgExtendedLoginCookieExpiration > 0 ) ); + $template->set( 'canremember', $wgExtendedLoginCookieExpiration === null ? + ( $wgCookieExpiration > 0 ) : + ( $wgExtendedLoginCookieExpiration > 0 ) ); $template->set( 'usereason', $user->isLoggedIn() ); $template->set( 'remember', $this->mRemember ); $template->set( 'cansecurelogin', ( $wgSecureLogin === true ) ); -- 2.20.1