Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F281597
T107170_evict.patch
Mattflaschen-WMF (Matthew Flaschen)
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
Mattflaschen-WMF
Jul 29 2015, 12:20 AM
2015-07-29 00:20:03 (UTC+0)
Size
3 KB
Referenced Files
None
Subscribers
None
T107170_evict.patch
View Options
From e4116795fc7082ccafc8a1979e22d323dac251f7 Mon Sep 17 00:00:00 2001
From: Matthew Flaschen <mflaschen@wikimedia.org>
Date: Tue, 28 Jul 2015 20:16:48 -0400
Subject: [PATCH] SECURITY: Add script to evict Flow from TextExtracts
We'll use this now that the quick fix to remove edit tokens is
in, and again when the next one is in (to remove all Flow script
from mw-content-text).
Bug: T107170
Change-Id: Id7c208297fc1eace2893897bf4baae180b686142
---
maintenance/FlowEvictTextExtracts.php | 77 +++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
create mode 100644 maintenance/FlowEvictTextExtracts.php
diff --git a/maintenance/FlowEvictTextExtracts.php b/maintenance/FlowEvictTextExtracts.php
new file mode 100644
index 0000000..4c6f36b
--- /dev/null
+++ b/maintenance/FlowEvictTextExtracts.php
@@ -0,0 +1,77 @@
+<?php
+
+use Flow\Container;
+
+require_once ( getenv( 'MW_INSTALL_PATH' ) !== false
+ ? getenv( 'MW_INSTALL_PATH' ) . '/maintenance/Maintenance.php'
+ : dirname( __FILE__ ) . '/../../../maintenance/Maintenance.php' );
+require_once( __DIR__ . '/../../Echo/includes/BatchRowUpdate.php' );
+
+/**
+ * @ingroup Maintenance
+ */
+class FlowEvictTextExtracts extends Maintenance {
+ public function __construct() {
+ parent::__construct();
+
+ $this->mDescription = 'Evicts Flow boards and topics from TextExtracts, because they may contain private data';
+ $this->setBatchSize( 100 );
+ }
+
+ public function execute() {
+ global $wgMemc;
+
+ $dbFactory = Container::get( 'db.factory' );
+
+ // Unused objects to fulfill signature requirements
+ $apiMain = new ApiMain();
+ $apiQuery = new ApiQuery( $apiMain, '' );
+ $emptyConfig = GlobalVarConfig::newInstance();
+ $extractsApi = new TextExtracts\ApiQueryExtracts( $apiQuery, '', $emptyConfig );
+
+ $cacheKeyMethod = new ReflectionMethod( 'TextExtracts\\ApiQueryExtracts::cacheKey' );
+ $cacheKeyMethod->setAccessible( true );
+
+ $paramsProperty = new ReflectionProperty( 'TextExtracts\ApiQueryExtracts', 'params' );
+ $paramsProperty->setAccessible( true );
+
+ // This could be reused for a stand-alone tool to list all Flow boards
+ $iterator = new EchoBatchRowIterator( $dbFactory->getWikiDB( DB_SLAVE ), 'page', 'page_id', $this->mBatchSize );
+ $iterator->setFetchColumns( array( 'page_namespace', 'page_title' ) );
+ $iterator->addConditions( array( 'page_content_model' => 'flow-board' ) );
+
+ $cacheKeyPermutations = array(
+ array( false, false ),
+ array( false, true ),
+ array( true, false ),
+ array( true, true )
+ );
+
+ foreach ( $iterator as $batch ) {
+ foreach ( $batch as $row ) {
+ $title = Title::newFromRow( $row );
+ $wikiPage = new WikiPage( $title );
+ foreach ( $cacheKeyPermutations as $permutation ) {
+ $cacheKey = self::getCacheKey( $cacheKeyMethod, $paramsProperty, $extractsApi, $wikiPage, $permutation[0], $permutation[1] );
+ $cachedValue = $wgMemc->get( $cacheKey );
+ if ( $cachedValue !== false ) {
+ echo "Found value for {$title->getPrefixedDBkey()}\n";
+ $wgMemc->delete( $cacheKey );
+ echo "Deleted $cacheKey\n";
+ }
+ }
+ }
+ }
+ }
+
+ protected static function getCacheKey( $cacheKeyMethod, $paramsProperty, $extractsApi, $wikiPage, $introOnly, $plaintext ) {
+ $params = $paramsProperty->getValue( $extractsApi );
+ $params['plaintext'] = $plaintext;
+ $paramsProperty->setValue( $extractsApi, $params );
+ $cacheKey = $cacheKeyMethod->invoke( $extractsApi, $wikiPage, $introOnly );
+ return $cacheKey;
+ }
+}
+
+$maintClass = 'FlowEvictTextExtracts';
+require_once( RUN_MAINTENANCE_IF_MAIN );
--
2.1.4
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
270066
Default Alt Text
T107170_evict.patch (3 KB)
Attached To
Mode
T107170: Flow: Data Model JavaScript, including tokens, appears in TextExtracts and HoverCards
Attached
Detach File
Event Timeline
Log In to Comment