r75841 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r75840‎ \| r75841 \| r75842 >
Date:	23:08, 1 November 2010
Author:	mah
Status:	ok
Tags:
Comment:	* Add note about security measures we're taking. * Protect against possibility where rss member in renderRss is not an object. * Move user-agent string up to a define(). * Remove use of $rssTemp var in renderItem() by inlining code.
Modified paths:	/trunk/extensions/RSS/RSS.php (modified) (history)

Diff [purge]

Index: trunk/extensions/RSS/RSS.php
—	—	@@ -18,6 +18,8 @@
19	19	die( "This is not a valid entry point.\n" );
20	20	}
21	21
	22	+define( 'RSS_USER_AGENT', 'MediaWikiRSS/0.01 (+http://www.mediawiki.org/wiki/Extension:RSS) / MediaWiki RSS extension' );
	23	+
22	24	// Extension credits that will show up on Special:Version
23	25	$wgExtensionCredits['parserhook'][] = array(
24	26	'name' => 'RSS feed',
—	—	@@ -90,7 +92,7 @@
91	93	$status = $rss->fetch();
92	94
93	95	# Check for errors.
94		~~- if ( $status === false \|\| !is_array( $rss->rss->items ) )~~
	96	+ if ( $status === false \|\| !is_object( $rss->rss ) \|\| !is_array( $rss->rss->items ) )
95	97	return wfMsg( 'rss-empty', $input );
96	98
97	99	if ( isset( $rss->ERROR ) )
—	—	@@ -179,7 +181,7 @@
180	182	global $wgRSSDetectEncoding, $wgRSSUseGzip;
181	183
182	184	if ( !isset( $this->url ) ) {
183		~~- wfDebugLog( 'RSS: fetch called without a URL!' );~~
	185	+ wfDebugLog( 'RSS', 'Fetch called without a URL!' );
184	186	return false;
185	187	}
186	188
—	—	@@ -259,7 +261,7 @@
260	262
261	263	$client =
262	264	HttpRequest::factory( $this->url, array( 'timeout' => $wgRSSFetchTimeout ) );
263		~~- $client->setUserAgent( 'MediaWikiRSS/0.01 (+http://www.mediawiki.org/wiki/Extension:RSS) / MediaWiki RSS extension' );~~
	265	+ $client->setUserAgent( RSS_USER_AGENT );
264	266	/* $client->use_gzip = $wgRSSUseGzip; */
265	267	if ( is_array( $headers ) && count( $headers ) > 0 ) {
266	268	foreach ( $headers as $h ) {
—	—	@@ -331,8 +333,7 @@
332	334	$rendered[] = $part;
333	335	}
334	336	}
335		~~- $rssTemp = implode( " \| ", $rendered );~~
336		~~- $output .= $parser->recursiveTagParse( $rssTemp, $frame );~~
	337	+ $output .= $parser->recursiveTagParse( implode( " \| ", $rendered ), $frame );
337	338	}
338	339	return $output;
339	340	}

Follow-up revisions

Revision	Commit summary	Author	Date
r75842	Add missing note about security re r75841	mah	23:09, 1 November 2010

Status & tagging log

00:35, 22 January 2011 😂 (talk | contribs) changed the status of r75841 [removed: new added: ok]