r30086 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r30085‎ | r30086 | r30087 >
Date:23:06, 23 January 2008
Author:brion
Status:old
Tags:
Comment:
Revert r30078 -- formats "txt" and "dbg" dump raw unfiltered text contents into HTML output. XSS vector.
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/AutoLoader.php (modified) (history)
  • /trunk/phase3/includes/api/ApiFormatDbg.php (deleted) (history)
  • /trunk/phase3/includes/api/ApiFormatTxt.php (deleted) (history)
  • /trunk/phase3/includes/api/ApiMain.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiFormatDbg.php
@@ -1,56 +0,0 @@
2 -<?php
3 -
4 -/*
5 - * Created on Oct 22, 2006
6 - *
7 - * API for MediaWiki 1.8+
8 - *
9 - * Copyright (C) 2008 Roan Kattouw <Firstname>.<Lastname>@home.nl
10 - *
11 - * This program is free software; you can redistribute it and/or modify
12 - * it under the terms of the GNU General Public License as published by
13 - * the Free Software Foundation; either version 2 of the License, or
14 - * (at your option) any later version.
15 - *
16 - * This program is distributed in the hope that it will be useful,
17 - * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 - * GNU General Public License for more details.
20 - *
21 - * You should have received a copy of the GNU General Public License along
22 - * with this program; if not, write to the Free Software Foundation, Inc.,
23 - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 - * http://www.gnu.org/copyleft/gpl.html
25 - */
26 -
27 -if (!defined('MEDIAWIKI')) {
28 - // Eclipse helper - will be ignored in production
29 - require_once ('ApiFormatBase.php');
30 -}
31 -
32 -/**
33 - * @addtogroup API
34 - */
35 -class ApiFormatDbg extends ApiFormatBase {
36 -
37 - public function __construct($main, $format) {
38 - parent :: __construct($main, $format);
39 - }
40 -
41 - public function getMimeType() {
42 - return 'text/html';
43 - }
44 -
45 - public function execute() {
46 - $this->printText(var_export($this->getResultData(), true));
47 - }
48 -
49 - protected function getDescription() {
50 - return 'Output data in PHP\'s var_export() format' . parent :: getDescription();
51 - }
52 -
53 - public function getVersion() {
54 - return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $';
55 - }
56 -}
57 -
Index: trunk/phase3/includes/api/ApiFormatTxt.php
@@ -1,56 +0,0 @@
2 -<?php
3 -
4 -/*
5 - * Created on Oct 22, 2006
6 - *
7 - * API for MediaWiki 1.8+
8 - *
9 - * Copyright (C) 2008 Roan Kattouw <Firstname>.<Lastname>@home.nl
10 - *
11 - * This program is free software; you can redistribute it and/or modify
12 - * it under the terms of the GNU General Public License as published by
13 - * the Free Software Foundation; either version 2 of the License, or
14 - * (at your option) any later version.
15 - *
16 - * This program is distributed in the hope that it will be useful,
17 - * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 - * GNU General Public License for more details.
20 - *
21 - * You should have received a copy of the GNU General Public License along
22 - * with this program; if not, write to the Free Software Foundation, Inc.,
23 - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 - * http://www.gnu.org/copyleft/gpl.html
25 - */
26 -
27 -if (!defined('MEDIAWIKI')) {
28 - // Eclipse helper - will be ignored in production
29 - require_once ('ApiFormatBase.php');
30 -}
31 -
32 -/**
33 - * @addtogroup API
34 - */
35 -class ApiFormatTxt extends ApiFormatBase {
36 -
37 - public function __construct($main, $format) {
38 - parent :: __construct($main, $format);
39 - }
40 -
41 - public function getMimeType() {
42 - return 'text/html';
43 - }
44 -
45 - public function execute() {
46 - $this->printText(print_r($this->getResultData(), true));
47 - }
48 -
49 - protected function getDescription() {
50 - return 'Output data in PHP\'s print_r() format' . parent :: getDescription();
51 - }
52 -
53 - public function getVersion() {
54 - return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $';
55 - }
56 -}
57 -
Index: trunk/phase3/includes/api/ApiMain.php
@@ -89,9 +89,7 @@
9090 'xmlfm' => 'ApiFormatXml',
9191 'yaml' => 'ApiFormatYaml',
9292 'yamlfm' => 'ApiFormatYaml',
93 - 'rawfm' => 'ApiFormatJson',
94 - 'txt' => 'ApiFormatTxt',
95 - 'dbg' => 'ApiFormatDbg'
 93+ 'rawfm' => 'ApiFormatJson'
9694 );
9795
9896 private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;
Index: trunk/phase3/includes/AutoLoader.php
@@ -320,8 +320,6 @@
321321 'ApiFormatPhp' => 'includes/api/ApiFormatPhp.php',
322322 'ApiFormatWddx' => 'includes/api/ApiFormatWddx.php',
323323 'ApiFormatXml' => 'includes/api/ApiFormatXml.php',
324 - 'ApiFormatTxt' => 'includes/api/ApiFormatTxt.php',
325 - 'ApiFormatDbg' => 'includes/api/ApiFormatDbg.php',
326324 'Spyc' => 'includes/api/ApiFormatYaml_spyc.php',
327325 'ApiFormatYaml' => 'includes/api/ApiFormatYaml.php',
328326 'ApiHelp' => 'includes/api/ApiHelp.php',
Index: trunk/phase3/RELEASE-NOTES
@@ -463,7 +463,6 @@
464464 * Added apfilterlanglinks parameter to list=allpages, replacing query.php?what=nolanglinks
465465 * (bug 12718) Added action=paraminfo module that provides information about API modules and their parameters
466466 * Added iiurlwidth and iiurlheight parameters to prop=imageinfo
467 -* Added format=txt and format=dbg, imported from query.php
468467 * Added uiprop=editcount to meta=userinfo
469468
470469 === Languages updated in 1.12 ===

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r30078API: Adding txt and dbg formats, imported from query.phpcatrope19:51, 23 January 2008

Status & tagging log