Page MenuHomePhabricator
Files F4032608

T135691.patch
MaxSem (Max Semenik)
Actions

Authored By
MaxSem
May 19 2016, 11:30 PM
Size
1 KB
Referenced Files
None
Subscribers
None

T135691.patch
View Options

From ff25f6506785016882ac330b12fbfb38caffce94 Mon Sep 17 00:00:00 2001
From: Max Semenik <maxsem.wiki@gmail.com>
Date: Thu, 19 May 2016 14:07:45 -0700
Subject: [PATCH] SECURITY: Don't request data for missing groups
Bug: T135691
Change-Id: Ida263365bcefc105bfa7f137fa096ab15ff9af0b
---
includes/Tag/TagHandler.php | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/includes/Tag/TagHandler.php b/includes/Tag/TagHandler.php
index 900511b..3e47eb6 100644
--- a/includes/Tag/TagHandler.php
+++ b/includes/Tag/TagHandler.php
@@ -256,6 +256,13 @@ abstract class TagHandler {
protected function saveData( ParserOutput $output ) {
+ $requestedGroups = $output->getExtensionData( 'kartographer_requested' );
+ if ( !$requestedGroups ) {
+ $requestedGroups = [];
+ }
+ $requestedGroups = array_merge( $requestedGroups, $this->showGroups );
+ $output->setExtensionData( 'kartographer_requested', $requestedGroups );
+
if ( !$this->geometries ) {
return;
}
@@ -310,9 +317,17 @@ abstract class TagHandler {
}
$interact = $output->getExtensionData( 'kartographer_interact' );
- if ( $interact ) {
- $interact = array_flip( array_unique( $interact ) );
+ $requested = $output->getExtensionData( 'kartographer_requested' ) ?: [];
+ if ( $interact || $requested ) {
+ $interact = array_flip( array_unique( $interact ?: [] ) );
$liveData = array_intersect_key( (array)$data, $interact );
+ $requested = array_unique( $requested );
+ // Prevent pointless API requests for missing groups
+ foreach ( $requested as $group ) {
+ if ( !isset( $data->$group ) ) {
+ $liveData[$group] = new stdClass();
+ }
+ }
$output->addJsConfigVars( 'wgKartographerLiveData', $liveData );
}
}
--
2.7.2

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3738918
Default Alt Text
T135691.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL