r80729 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r80728‎ | r80729 | r80730 >
Date:23:30, 21 January 2011
Author:laner
Status:deferred
Tags:
Comment:
* Fixed a few possible XSS vectors
* Upped the version to 1.0
Modified paths:
  • /trunk/extensions/OpenStackManager/OpenStackManager.i18n.php (modified) (history)
  • /trunk/extensions/OpenStackManager/OpenStackManager.php (modified) (history)
  • /trunk/extensions/OpenStackManager/special/SpecialNovaAddress.php (modified) (history)
  • /trunk/extensions/OpenStackManager/special/SpecialNovaDomain.php (modified) (history)
  • /trunk/extensions/OpenStackManager/special/SpecialNovaInstance.php (modified) (history)
  • /trunk/extensions/OpenStackManager/special/SpecialNovaProject.php (modified) (history)
  • /trunk/extensions/OpenStackManager/special/SpecialNovaRole.php (modified) (history)

Diff [purge]

Index: trunk/extensions/OpenStackManager/special/SpecialNovaInstance.php
@@ -351,6 +351,7 @@
352352 continue;
353353 }
354354 $instanceName = (string)$instance->getInstanceName();
 355+ $instanceName = htmlentities( $instanceName );
355356 $title = Title::newFromText( $instanceName, NS_VM );
356357 $instanceNameLink = $sk->link( $title, $instanceName, array(), array(), array() );
357358 $instanceOut = Html::rawElement( 'td', array(), $instanceNameLink );
Index: trunk/extensions/OpenStackManager/special/SpecialNovaAddress.php
@@ -355,7 +355,7 @@
356356 $hostname = $hostname[0];
357357 $link = $sk->link( $this->getTitle(), $msg, array(),
358358 array( 'action' => 'removehost', 'ip' => $ip, 'project' => $project, 'domain' => $domain->getDomainName(), 'hostname' => $hostname ), array() );
359 - $hostOut = $fqdn . ' ' . $link;
 359+ $hostOut = htmlentities( $fqdn ) . ' ' . $link;
360360 $hostsOut .= Html::rawElement( 'li', array(), $hostOut );
361361 }
362362 }
Index: trunk/extensions/OpenStackManager/special/SpecialNovaProject.php
@@ -191,7 +191,7 @@
192192 $projectMembers = $project->getMembers();
193193 $memberOut = '';
194194 foreach ( $projectMembers as $projectMember ) {
195 - $memberOut .= Html::rawElement( 'li', array(), $projectMember );
 195+ $memberOut .= Html::element( 'li', array(), $projectMember );
196196 }
197197 if ( $memberOut ) {
198198 $memberOut = Html::rawElement( 'ul', array(), $memberOut );
@@ -205,7 +205,7 @@
206206 $roleMembers = '';
207207 $specialRoleTitle = Title::newFromText( 'Special:NovaRole' );
208208 foreach ( $role->getMembers() as $member ) {
209 - $roleMembers .= Html::rawElement( 'li', array(), $member );
 209+ $roleMembers .= Html::element( 'li', array(), $member );
210210 }
211211 $roleMembers = Html::rawElement( 'ul', array(), $roleMembers );
212212 $roleOut .= Html::rawElement( 'td', array(), $roleMembers );
Index: trunk/extensions/OpenStackManager/special/SpecialNovaDomain.php
@@ -15,9 +15,6 @@
1616 function execute( $par ) {
1717 global $wgRequest, $wgUser;
1818
19 - # if ( ! $wgUser->isAllowed( 'manageproject' ) ) {
20 - # return false;
21 - # }
2219 if ( ! $wgUser->isLoggedIn() ) {
2320 $this->notLoggedIn();
2421 return false;
Index: trunk/extensions/OpenStackManager/special/SpecialNovaRole.php
@@ -187,10 +187,10 @@
188188 $roleMembers = $role->getMembers();
189189 $memberOut = '';
190190 foreach ( $roleMembers as $roleMember ) {
191 - $memberOut .= Html::rawElement( 'li', array(), $roleMember );
 191+ $memberOut .= Html::element( 'li', array(), $roleMember );
192192 }
193193 if ( $memberOut ) {
194 - $memberOut = Html::rawElement( 'ul', array(), $memberOut );
 194+ $memberOut = Html::element( 'ul', array(), $memberOut );
195195 }
196196 $roleOut .= Html::rawElement( 'td', array(), $memberOut );
197197 $link = $sk->link( $this->getTitle(), wfMsg( 'openstackmanager-addrolemember' ), array(), array( 'action' => 'addmember', 'rolename' => $roleName, 'returnto' => 'Special:NovaRole' ), array() );
Index: trunk/extensions/OpenStackManager/OpenStackManager.i18n.php
@@ -29,6 +29,7 @@
3030 'novakey' => 'Manage your public SSH keys',
3131 'novaproject' => 'Manage OpenStack projects',
3232 'novasecuritygroup' => 'Manage Firewall Security Groups',
 33+ 'novarole' => 'Manage Global Roles',
3334
3435 'openstackmanager-novadomain' => 'Nova Domain',
3536 'openstackmanager-novainstance' => 'Nova Instance',
Index: trunk/extensions/OpenStackManager/OpenStackManager.php
@@ -21,7 +21,7 @@
2222 'path' => __FILE__,
2323 'name' => 'OpenStackManager',
2424 'author' => 'Ryan Lane',
25 - 'version' => '0.9',
 25+ 'version' => '1.0',
2626 'url' => 'http://mediawiki.org/wiki/Extension:OpenStackManager',
2727 'descriptionmsg' => 'openstackmanager-desc',
2828 );

Status & tagging log