r100001 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r100000‎ \| r100001 \| r100002 >
Date:	22:41, 16 October 2011
Author:	krinkle
Status:	ok
Tags:
Comment:	[RL2] Disallow user JS on Special:Gadgets * Follows-up r98951
Modified paths:	/branches/RL2/extensions/Gadgets/README (modified) (history) /branches/RL2/extensions/Gadgets/SpecialGadgets.php (modified) (history)

Diff [purge]

Index: branches/RL2/extensions/Gadgets/SpecialGadgets.php
—	—	@@ -32,6 +32,7 @@
33	33	public function execute( $par ) {
34	34	$this->par = $par;
35	35	$out = $this->getOutput();
	36	+ $out->disallowUserJs();
36	37	$out->addModuleStyles( 'ext.gadgets.specialgadgets.prejs' );
37	38	$out->addModules( 'ext.gadgets.specialgadgets.tabs' );
38	39
Index: branches/RL2/extensions/Gadgets/README
—	—	@@ -37,5 +37,5 @@
38	38	* Gadget modules extend ResourceLoaderWikiModule and thus qualify as having
39	39	origin ORIGIN_USER_SITEWIDE. This means that gadgets are never loaded on (special) pages
40	40	that call OutputPage::disallowUserJs(). For example Special:Preferences, Special:UserLogin
41		~~- and Special:ResetPass so users can always disable any broken gadgets they may have enabled,~~
42		~~- and malicious gadgets will be unable to steal passwords.~~
	41	+ Special:ResetPass and Special:Gadgets so users can always disable any broken gadgets they
	42	+ may have enabled, and malicious gadgets will be unable to steal passwords.

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r98951	[RL2] Pass error callback to getGadgetCategories...	krinkle	23:39, 4 October 2011

Status & tagging log

14:31, 11 November 2011 Catrope (talk | contribs) changed the status of r100001 [removed: new added: ok]