Page MenuHomePhabricator
Create Task
Maniphest T323126

Don't expose thumbnail size from Rest/Handler/SearchHandler.php
Open, Needs TriagePublic
Actions

Description

In serializeThumbnail, a SearchResultThumbnail's getSize() is exposed.

Not only is this intensive to compute (and could be an attack vector), it's also quite pointless as it's derived from thumbnails, which in turn are derived concepts for which the implementation may change.

AFAICT, none of the consumers of this API even use this data (so it's inclusion is negatively affecting them by slowing response times down)
It's also not consistently available: for most of the thumbnails, this data is usually null.

size should be removed from this API's response. And since this is the sole caller of SearchResultThumbnail->getSize() - that should probably also now be removed.

Note: T323125 already seeks to remove the expensive computation; but it should also be deprecated/removed from the API entirely.

See T321006#8376587 for more context.

Details

SubjectRepoBranchLines +/-
search: Deprecate the use of `SearchResultThumbnail::getSize()`mediawiki/coremaster+14 -5
Customize query in gerrit

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits