r30119 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r30118‎ | r30119 | r30120 >
Date:13:12, 24 January 2008
Author:catrope
Status:old
Tags:
Comment:
No need to revert r30078: HTML-formatting the data is enough. Attacks like api.php?action=paraminfo&modules=%3Cscript%3Ealert('Owned');%3C/script%3E&format=txt don't work anymore now.
Modified paths:
  • /trunk/phase3/RELEASE-NOTES (modified) (history)
  • /trunk/phase3/includes/AutoLoader.php (modified) (history)
  • /trunk/phase3/includes/api/ApiFormatDbg.php (added) (history)
  • /trunk/phase3/includes/api/ApiFormatDbg.php (added) (history)
  • /trunk/phase3/includes/api/ApiFormatTxt.php (added) (history)
  • /trunk/phase3/includes/api/ApiFormatTxt.php (added) (history)
  • /trunk/phase3/includes/api/ApiMain.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/api/ApiFormatDbg.php
@@ -0,0 +1,56 @@
 2+<?php
 3+
 4+/*
 5+ * Created on Oct 22, 2006
 6+ *
 7+ * API for MediaWiki 1.8+
 8+ *
 9+ * Copyright (C) 2008 Roan Kattouw <Firstname>.<Lastname>@home.nl
 10+ *
 11+ * This program is free software; you can redistribute it and/or modify
 12+ * it under the terms of the GNU General Public License as published by
 13+ * the Free Software Foundation; either version 2 of the License, or
 14+ * (at your option) any later version.
 15+ *
 16+ * This program is distributed in the hope that it will be useful,
 17+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
 18+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 19+ * GNU General Public License for more details.
 20+ *
 21+ * You should have received a copy of the GNU General Public License along
 22+ * with this program; if not, write to the Free Software Foundation, Inc.,
 23+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 24+ * http://www.gnu.org/copyleft/gpl.html
 25+ */
 26+
 27+if (!defined('MEDIAWIKI')) {
 28+ // Eclipse helper - will be ignored in production
 29+ require_once ('ApiFormatBase.php');
 30+}
 31+
 32+/**
 33+ * @addtogroup API
 34+ */
 35+class ApiFormatDbg extends ApiFormatBase {
 36+
 37+ public function __construct($main, $format) {
 38+ parent :: __construct($main, $format);
 39+ }
 40+
 41+ public function getMimeType() {
 42+ return 'text/html';
 43+ }
 44+
 45+ public function execute() {
 46+ $this->printText($this->formatHTML(var_export($this->getResultData(), true)));
 47+ }
 48+
 49+ protected function getDescription() {
 50+ return 'Output data in PHP\'s var_export() format' . parent :: getDescription();
 51+ }
 52+
 53+ public function getVersion() {
 54+ return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $';
 55+ }
 56+}
 57+
Index: trunk/phase3/includes/api/ApiMain.php
@@ -89,7 +89,9 @@
9090 'xmlfm' => 'ApiFormatXml',
9191 'yaml' => 'ApiFormatYaml',
9292 'yamlfm' => 'ApiFormatYaml',
93 - 'rawfm' => 'ApiFormatJson'
 93+ 'rawfm' => 'ApiFormatJson',
 94+ 'txt' => 'ApiFormatTxt',
 95+ 'dbg' => 'ApiFormatDbg'
9496 );
9597
9698 private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;
Index: trunk/phase3/includes/api/ApiFormatTxt.php
@@ -0,0 +1,56 @@
 2+<?php
 3+
 4+/*
 5+ * Created on Oct 22, 2006
 6+ *
 7+ * API for MediaWiki 1.8+
 8+ *
 9+ * Copyright (C) 2008 Roan Kattouw <Firstname>.<Lastname>@home.nl
 10+ *
 11+ * This program is free software; you can redistribute it and/or modify
 12+ * it under the terms of the GNU General Public License as published by
 13+ * the Free Software Foundation; either version 2 of the License, or
 14+ * (at your option) any later version.
 15+ *
 16+ * This program is distributed in the hope that it will be useful,
 17+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
 18+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 19+ * GNU General Public License for more details.
 20+ *
 21+ * You should have received a copy of the GNU General Public License along
 22+ * with this program; if not, write to the Free Software Foundation, Inc.,
 23+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 24+ * http://www.gnu.org/copyleft/gpl.html
 25+ */
 26+
 27+if (!defined('MEDIAWIKI')) {
 28+ // Eclipse helper - will be ignored in production
 29+ require_once ('ApiFormatBase.php');
 30+}
 31+
 32+/**
 33+ * @addtogroup API
 34+ */
 35+class ApiFormatTxt extends ApiFormatBase {
 36+
 37+ public function __construct($main, $format) {
 38+ parent :: __construct($main, $format);
 39+ }
 40+
 41+ public function getMimeType() {
 42+ return 'text/html';
 43+ }
 44+
 45+ public function execute() {
 46+ $this->printText($this->formatHTML(print_r($this->getResultData(), true)));
 47+ }
 48+
 49+ protected function getDescription() {
 50+ return 'Output data in PHP\'s print_r() format' . parent :: getDescription();
 51+ }
 52+
 53+ public function getVersion() {
 54+ return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $';
 55+ }
 56+}
 57+
Index: trunk/phase3/includes/AutoLoader.php
@@ -320,6 +320,8 @@
321321 'ApiFormatPhp' => 'includes/api/ApiFormatPhp.php',
322322 'ApiFormatWddx' => 'includes/api/ApiFormatWddx.php',
323323 'ApiFormatXml' => 'includes/api/ApiFormatXml.php',
 324+ 'ApiFormatTxt' => 'includes/api/ApiFormatTxt.php',
 325+ 'ApiFormatDbg' => 'includes/api/ApiFormatDbg.php',
324326 'Spyc' => 'includes/api/ApiFormatYaml_spyc.php',
325327 'ApiFormatYaml' => 'includes/api/ApiFormatYaml.php',
326328 'ApiHelp' => 'includes/api/ApiHelp.php',
Index: trunk/phase3/RELEASE-NOTES
@@ -465,6 +465,7 @@
466466 * Added apfilterlanglinks parameter to list=allpages, replacing query.php?what=nolanglinks
467467 * (bug 12718) Added action=paraminfo module that provides information about API modules and their parameters
468468 * Added iiurlwidth and iiurlheight parameters to prop=imageinfo
 469+* Added format=txt and format=dbg, imported from query.php
469470 * Added uiprop=editcount to meta=userinfo
470471
471472 === Languages updated in 1.12 ===

Follow-up revisions

RevisionCommit summaryAuthorDate
r30120Tweaking r30119: changing txt and dbg's MIME type to text and adding txtfm an...catrope13:16, 24 January 2008

Past revisions this follows-up on

RevisionCommit summaryAuthorDate
r30078API: Adding txt and dbg formats, imported from query.phpcatrope19:51, 23 January 2008

Status & tagging log