Page MenuHomePhabricator
Create Task
Maniphest T156339

Show links to downloadable files in the import log
Closed, DeclinedPublic
Actions

Description

At the moment out output log on the downloads screen looks like:

Screenshot 2017-01-26 15.33.13.png (266×782 px, 40 KB)

By changing the way we filter the rows from check_plain to filter_css we can make it look like

Screenshot 2017-01-26 15.32.59.png (339×549 px, 33 KB)

check_plain strips all html. filter_xss strips certain exploits. It should be noticed it may not be completely safe - there may be an obscure way a link that should not be clicked on could get in there. It would need to be in the file that we try to import as full html and happen to be at the top of the file since we only display some of the fails and of course it would be unlikely to be clicked on. So, I would need to be deliberately malicious & very lucky for it to be an issue. @Ejegg what do you think?

https://api.drupal.org/api/drupal/includes%21common.inc/function/filter_xss/7.x

Related Objects

Event Timeline

Eileenmcnaughton created this task.Jan 26 2017, 2:39 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 26 2017, 2:39 AM
Aklapper removed Eileenmcnaughton as the assignee of this task.Jun 19 2020, 4:14 PM

This task has been assigned to the same task owner for more than two years. Resetting task assignee due to inactivity, to decrease task cookie-licking and to get a slightly more realistic overview of plans. Please feel free to assign this task to yourself again if you still realistically work or plan to work on this task - it would be welcome!

For tips how to manage individual work in Phabricator (noisy notifications, lists of task, etc.), see https://phabricator.wikimedia.org/T228575#6237124 for available options.
(For the records, two emails were sent to assignee addresses before resetting assignees. See T228575 for more info and for potential feedback. Thanks!)

Eileenmcnaughton closed this task as Declined.May 2 2023, 7:59 PM

This is the method we are moving away from

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL