[MediaWiki-commits] [Gerrit] Truncate referrers when hosts match a pattern - change (mediawiki...DonationInterface)

Mon, 17 Aug 2015 15:46:35 -0700 

Ejegg has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/232218

Change subject: Truncate referrers when hosts match a pattern
......................................................................

Truncate referrers when hosts match a pattern

Enhance donor privacy by keeping referrer paths out of logs for
certain hosts.

Change-Id: I93e96be6acf018f60481172ba8b4f30451e3afd2
---
M DonationInterface.php
M gateway_common/DonationData.php
M tests/DonationDataTest.php
3 files changed, 54 insertions(+), 3 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface 
refs/changes/18/232218/1

diff --git a/DonationInterface.php b/DonationInterface.php
index 7ee05f4..c6b6f1d 100644
--- a/DonationInterface.php
+++ b/DonationInterface.php
@@ -237,6 +237,13 @@
 $wgDonationInterfaceForbiddenCountries = array();
 
 /**
+ * Array of regex patterns.  When a referrer's hostname matches any pattern on 
+ * this list, discard everything after the hostname before recording it 
anywhere.
+ * e.g. array( '/\.wiki[mp]edia\.org$/', '/\.wikivoyage\.org$/' )
+ */
+$wgDonationInterfaceTruncateReferrers = array();
+
+/**
  * 3D Secure enabled currencies (and countries) for Credit Card.
  * An array in the form of currency => array of countries 
  * (all-caps ISO 3166-1 alpha-2), or an empty array for all transactions in 
that
diff --git a/gateway_common/DonationData.php b/gateway_common/DonationData.php
index 6657922..7d016a9 100644
--- a/gateway_common/DonationData.php
+++ b/gateway_common/DonationData.php
@@ -701,10 +701,24 @@
         * Normalize referrer either by passing on the original, or grabbing it 
in the first place.
         */
        protected function setReferrer() {
-               global $wgRequest;
-               if ( !$this->isSomething( 'referrer' ) ) {
-                       $this->setVal( 'referrer', $wgRequest->getHeader( 
'referer' ) ); //grumble grumble real header not a real word grumble.
+               global $wgRequest, $wgDonationInterfaceTruncateReferrers;
+
+               if ( $this->isSomething( 'referrer' ) ) {
+                       return;
                }
+
+               $referrer = $wgRequest->getHeader( 'referer' ); //grumble 
grumble real header not a real word grumble.
+               $parts = parse_url( $referrer );
+               if ( $parts ) {
+                       // Preserve privacy by removing path from URLs on some 
hosts
+                       foreach( $wgDonationInterfaceTruncateReferrers as 
$pattern ) {
+                               if ( preg_match( $pattern, $parts['host'] ) ) {
+                                       $referrer = $parts['scheme'] . '://' 
.$parts['host'];
+                                       break;
+                               }
+                       }
+               }
+               $this->setVal( 'referrer', $referrer );
        }
 
        /**
diff --git a/tests/DonationDataTest.php b/tests/DonationDataTest.php
index f8e43d3..557383b 100644
--- a/tests/DonationDataTest.php
+++ b/tests/DonationDataTest.php
@@ -365,6 +365,36 @@
        }
 
        /**
+        * Test that referrer header is truncated if host matches 
TruncateReferrers
+        */
+       public function testTruncateReferrer() {
+               global $wgRequest;
+
+               $data = array (
+                       'amount' => '35.00',
+                       'country' => 'US',
+                       'currency_code' => 'USD',
+                       'payment_method' => 'cc',
+                       'language' => 'en',
+                       'gateway' => 'globalcollect',
+                       'user_ip' => $wgRequest->getIP(),
+                       'server_ip' => $wgRequest->getIP(),
+               );
+
+               $fakeRequest = new FauxRequest( $data, false );
+               $fakeRequest->setHeader( 'referer', 
'https://en.wikipedia.org/wiki/Acne' );
+               $this->setMwGlobals( array(
+                       'wgRequest' => $fakeRequest,
+                       'wgDonationInterfaceTruncateReferrers' => array( 
'/\.wiki[mp]edia\.org$/' ),
+               ) );
+
+               $ddObj = new DonationData( $this->getFreshGatewayObject( 
self::$initial_vars ) ); //Get all data from $_GET
+               $returned = $ddObj->getDataEscaped();
+
+               $this->assertEquals( 'https://en.wikipedia.org', 
$returned['referrer'] );
+       }
+
+       /**
         * TODO: Make sure ALL these functions in DonationData are tested, 
either directly or through a calling function.
         * I know that's more regression-ish, but I stand by it. :p
        function setNormalizedOrderIDs(){

-- 
To view, visit https://gerrit.wikimedia.org/r/232218
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I93e96be6acf018f60481172ba8b4f30451e3afd2
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: master
Gerrit-Owner: Ejegg <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to