| Index: trunk/extensions/ExternalData/ExternalData.php |
| — | — | @@ -12,7 +12,7 @@ |
| 13 | 13 | $wgExtensionCredits['parserhook'][]= array( |
| 14 | 14 | 'path' => __FILE__, |
| 15 | 15 | 'name' => 'External Data', |
| 16 | | - 'version' => '0.8.1', |
| | 16 | + 'version' => '0.9', |
| 17 | 17 | 'author' => array( 'Yaron Koren', 'Michael Dale', 'David Macdonald' ), |
| 18 | 18 | 'url' => 'http://www.mediawiki.org/wiki/Extension:External_Data', |
| 19 | 19 | 'description' => 'Allows for retrieving data in CSV, JSON and XML formats from both external URLs and local wiki pages', |
| Index: trunk/extensions/ExternalData/ED_ParserFunctions.php |
| — | — | @@ -27,8 +27,32 @@ |
| 28 | 28 | array_shift( $params ); // we already know the $parser ... |
| 29 | 29 | $url = array_shift( $params ); |
| 30 | 30 | $url = str_replace( ' ', '%20', $url ); // do some minor URL-encoding |
| | 31 | + // check whether this URL is allowed - code based on |
| | 32 | + // Parser::maybeMakeExternalImage() |
| | 33 | + global $edgAllowExternalDataFrom; |
| | 34 | + $data_from = $edgAllowExternalDataFrom; |
| | 35 | + $text = false; |
| | 36 | + if ( empty($data_from) ) { |
| | 37 | + $url_match = true; |
| | 38 | + } elseif ( is_array( $data_from ) ) { |
| | 39 | + $url_match = false; |
| | 40 | + foreach( $data_from as $match ) { |
| | 41 | + if( strpos( $url, $match ) === 0 ) { |
| | 42 | + $url_match = true; |
| | 43 | + break; |
| | 44 | + } |
| | 45 | + } |
| | 46 | + } else { |
| | 47 | + $url_match = (strpos( $url, $data_from ) === 0); |
| | 48 | + } |
| | 49 | + if ( ! $url_match ) |
| | 50 | + return; |
| 31 | 51 | |
| | 52 | + // now, get the contents of the URL - exit if there's nothing |
| | 53 | + // there |
| 32 | 54 | $url_contents = EDUtils::fetchURL( $url ); |
| | 55 | + if ( empty( $url_contents ) ) |
| | 56 | + return; |
| 33 | 57 | |
| 34 | 58 | $format = strtolower( array_shift( $params ) ); // make case-insensitive |
| 35 | 59 | $external_values = array(); |
| Index: trunk/extensions/ExternalData/README |
| — | — | @@ -1,6 +1,6 @@ |
| 2 | 2 | External Data extension |
| 3 | 3 | |
| 4 | | - Version 0.8.1 |
| | 4 | + Version 0.9 |
| 5 | 5 | Yaron Koren, Michael Dale and David Macdonald |
| 6 | 6 | |
| 7 | 7 | This is free software licensed under the GNU General Public License. Please |
| — | — | @@ -66,6 +66,13 @@ |
| 67 | 67 | |
| 68 | 68 | $edgStringReplacements['MY_API_KEY'] = 'abcd1324'; |
| 69 | 69 | |
| | 70 | +You can create a "whitelist" to allow retrieval of data only from trusted |
| | 71 | +sites, in the manner of MediaWiki's $wgAllowExternalImagesFrom - if you |
| | 72 | +are hiding API keys, it is very much recommended to create such a |
| | 73 | +whitelist, to prevent users from being able to discover theire values: |
| | 74 | + |
| | 75 | + $edgAllowExternalDataFrom = array('http://example.com/api'); |
| | 76 | + |
| 70 | 77 | Finally, to use the database or LDAP retrieval capabilities, you need to |
| 71 | 78 | set connection settings as well - see the online documentation for more |
| 72 | 79 | information. |