Dan-nl has uploaded a new change for review.
https://gerrit.wikimedia.org/r/97521
Change subject: external-entity
......................................................................
external-entity
chris steipp requested that:
* XMLReader must disable external entity loading before reading xml
i have included the corresponding libxml_disable_entity_loader() call and added
a check
for an XMLReader::DOC_TYPE node in the XML document; if it exists, the
extension will
delete the file and notify the user. we don’t need to accept XML metadata files
with
<!DOCTYPE> declarations.
i also removed the outdated readXmlAsString method and its related calls and
i18n messages.
Change-Id: If30609f2d51b7352ec09811f99f3bd857e142812
---
M GWToolset.i18n.php
M includes/Handlers/Forms/MetadataDetectHandler.php
M includes/Handlers/Forms/MetadataMappingHandler.php
M includes/Handlers/Xml/XmlDetectHandler.php
M includes/Handlers/Xml/XmlHandler.php
M includes/Handlers/Xml/XmlMappingHandler.php
6 files changed, 52 insertions(+), 110 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/GWToolset
refs/changes/21/97521/1
diff --git a/GWToolset.i18n.php b/GWToolset.i18n.php
index 11ce1b0..259f2b0 100644
--- a/GWToolset.i18n.php
+++ b/GWToolset.i18n.php
@@ -73,6 +73,7 @@
* file checks
*/
'gwtoolset-disk-write-failure' => 'Failed to write file to disk.',
+ 'gwtoolset-xml-doctype' => 'The XML metadata file cannot contain a
<!DOCTYPE> section; please remove it and then try uploading the XML metadata
file again.',
'gwtoolset-file-is-empty' => 'The uploaded file is empty.',
'gwtoolset-improper-upload' => 'File was not uploaded properly.',
'gwtoolset-mime-type-mismatch' => 'The uploaded file’s extension ($1)
and mime-type ($2) do not match.',
@@ -449,5 +450,6 @@
'gwtoolset-which-mediawiki-template' => 'Label for which media wiki
template in the HTML form.',
'gwtoolset-which-metadata-mapping' => 'Label for which metadata in the
HTML form.',
'gwtoolset-wiki-checks-not-passed' => 'Heading used when a wiki
requirement is not met.',
+ 'gwtoolset-xml-doctype' => 'A user message that appears when the XML
metadata file contains a <!DOCTYPE> section.',
'gwtoolset-xml-error' => 'User error message when the extension cannot
properly load the XML provided.'
);
diff --git a/includes/Handlers/Forms/MetadataDetectHandler.php
b/includes/Handlers/Forms/MetadataDetectHandler.php
index 91b8762..bb00446 100644
--- a/includes/Handlers/Forms/MetadataDetectHandler.php
+++ b/includes/Handlers/Forms/MetadataDetectHandler.php
@@ -183,6 +183,7 @@
$this->XmlDetectHandler = new XmlDetectHandler(
array(
+ 'GWTFileBackend' => $this->_GWTFileBackend,
'SpecialPage' => $this->SpecialPage
)
);
diff --git a/includes/Handlers/Forms/MetadataMappingHandler.php
b/includes/Handlers/Forms/MetadataMappingHandler.php
index 793b6f5..acca2bd 100644
--- a/includes/Handlers/Forms/MetadataMappingHandler.php
+++ b/includes/Handlers/Forms/MetadataMappingHandler.php
@@ -343,6 +343,7 @@
$this->_XmlMappingHandler = new XmlMappingHandler(
array(
+ 'GWTFileBackend' => $this->_GWTFileBackend,
'Mapping' => $this->_Mapping,
'MediawikiTemplate' =>
$this->_MediawikiTemplate,
'MappingHandler' => $this
diff --git a/includes/Handlers/Xml/XmlDetectHandler.php
b/includes/Handlers/Xml/XmlDetectHandler.php
index 8f99e6c..2e1194f 100644
--- a/includes/Handlers/Xml/XmlDetectHandler.php
+++ b/includes/Handlers/Xml/XmlDetectHandler.php
@@ -11,11 +11,13 @@
use Content,
DOMElement,
GWToolset\GWTException,
+ GWToolset\Helpers\GWTFileBackend,
GWToolset\Utils,
GWToolset\Models\Mapping,
GWToolset\Models\MediawikiTemplate,
Html,
MWException,
+ SpecialPage,
XMLReader;
/**
@@ -23,6 +25,11 @@
* in the appropriate form handler
*/
class XmlDetectHandler extends XmlHandler {
+
+ /**
+ * @var {GWToolset\Helpers\GWTFileBackend}
+ */
+ protected $_GWTFileBackend;
/**
* @var {array}
@@ -46,10 +53,20 @@
protected $_metadata_as_options;
/**
+ * @var {SpecialPage}
+ */
+ protected $_SpecialPage;
+
+ /**
* @param {array} $options
*/
public function __construct( array $options = array() ) {
$this->reset();
+
+ if ( isset( $options['GWTFileBackend'] ) ) {
+ $this->_GWTFileBackend = $options['GWTFileBackend'];
+ }
+
if ( isset( $options['SpecialPage'] ) ) {
$this->_SpecialPage = $options['SpecialPage'];
}
@@ -434,8 +451,6 @@
if ( is_string( $xml_source ) && !empty( $xml_source ) ) {
$this->readXmlAsFile( $user_options, $xml_source,
$callback );
- } elseif ( $xml_source instanceof Content ) {
- $this->readXmlAsString( $user_options,
$xml_source->getNativeData(), $callback );
} else {
$msg = wfMessage( 'gwtoolset-developer-issue' )->params(
wfMessage( 'gwtoolset-no-xml-source'
)->escaped()
diff --git a/includes/Handlers/Xml/XmlHandler.php
b/includes/Handlers/Xml/XmlHandler.php
index cfa4615..e656e9e 100644
--- a/includes/Handlers/Xml/XmlHandler.php
+++ b/includes/Handlers/Xml/XmlHandler.php
@@ -129,7 +129,21 @@
);
}
+ $old_value = libxml_disable_entity_loader( true );
+
while ( $XMLReader->read() ) {
+ if ( $XMLReader->nodeType === XMLReader::DOC_TYPE ) {
+ if ( $this->_GWTFileBackend instanceof
\GWToolset\Helpers\GWTFileBackend ) {
+ $file_mwstore_path =
$this->_GWTFileBackend->getMWStorePath();
+
+ if ( $file_mwstore_path !== null ) {
+
$this->_GWTFileBackend->deleteFile( $file_mwstore_path );
+ }
+ }
+
+ throw new GWTException( wfMessage(
'gwtoolset-xml-doctype' ) );
+ }
+
$read_result = $this->$callback( $XMLReader,
$user_options );
if ( !empty( $read_result['Title'] ) ) {
@@ -140,6 +154,8 @@
break;
}
}
+
+ libxml_disable_entity_loader( $old_value );
if ( !$XMLReader->close() ) {
throw new MWException(
@@ -152,106 +168,4 @@
return $result;
}
- /**
- * reads an xml string and sends the nodes to other methods
- * via the $callback to process the them.
- *
- * allows for the reading to be stopped if the $callback
- * method returns $read_result['stop-reading'] = true
- *
- * @param {array} $user_options
- * an array of user options that was submitted in the html form
- *
- * @param {string} $xml_source
- * an xml string
- *
- * @param {string} $callback
- * the method that will be used to process the read xml file
- *
- * @todo: handle invalid xml
- * @todo: how to handle attributes and children nodes
- * @todo: handle mal-formed xml (future)
- * @todo: handle an xml schema if present (future)
- * @todo: handle incomplete/partial uploads (future)
- *
- * @throws {MWException}
- *
- * @return {array}
- * an array of mediafile Title(s)
- */
- protected function readXmlAsString(
- array &$user_options, $xml_source = null, &$callback = null
- ) {
- $result = array();
- $read_result = array( 'Title' => null, 'stop-reading' => false
);
-
- if ( empty( $callback ) ) {
- throw new MWException(
- wfMessage( 'gwtoolset-developer-issue'
)->params(
- wfMessage( 'gwtoolset-no-callback'
)->escaped()
- )->parse()
- );
- }
-
- libxml_use_internal_errors( true );
- libxml_clear_errors();
-
- $DOMDoc = new DOMDocument();
- $DOMDoc->loadXML( $xml_source );
- $errors = libxml_get_errors();
-
- if ( !empty( $errors ) ) {
- throw new GWTException(
- wfMessage( 'gwtoolset-xml-error' )->escaped() .
- Html::rawElement( 'pre', array( 'style' =>
'overflow:auto;' ), print_r( $errors, true ) )
- );
- }
-
- $DOMXPath = new DOMXPath( $DOMDoc );
- $DOMNodeList = $DOMXPath->query(
- '//' . Utils::sanitizeString(
$user_options['gwtoolset-record-element-name'] )
- );
-
- if ( $DOMNodeList->length < 1 ) {
- $msg =
- wfMessage( 'gwtoolset-no-xml-element-found'
)->escaped() .
- Html::openElement( 'ul' ) .
- Html::rawElement(
- 'li',
- array(),
- wfMessage(
'gwtoolset-no-xml-element-found-li-1' )->escaped()
- ) .
- Html::rawElement(
- 'li',
- array(),
- wfMessage(
'gwtoolset-no-xml-element-found-li-2' )->rawParams(
- Html::rawElement(
- 'a',
- array(
- 'href'
=> 'http://www.w3schools.com/xml/xml_validator.asp',
-
'target' => '_blank'
- ),
- 'XML Validator'
- )
- )->escaped()
- ) .
- Html::closeElement( 'ul' ) .
- $this->_SpecialPage->getBackToFormLink();
- throw new GWTException( $msg );
- }
-
- foreach ( $DOMNodeList as $DOMNode ) {
- $read_result = $this->$callback( $DOMNode,
$user_options );
-
- if ( !empty( $read_result['Title'] ) ) {
- $result[] = $read_result['Title'];
- }
-
- if ( $read_result['stop-reading'] ) {
- break;
- }
- }
-
- return $result;
- }
}
diff --git a/includes/Handlers/Xml/XmlMappingHandler.php
b/includes/Handlers/Xml/XmlMappingHandler.php
index d0e059e..4f3f0c9 100644
--- a/includes/Handlers/Xml/XmlMappingHandler.php
+++ b/includes/Handlers/Xml/XmlMappingHandler.php
@@ -11,13 +11,20 @@
use Content,
DOMElement,
GWToolset\Config,
+ GWToolset\Helpers\GWTFileBackend,
GWToolset\Utils,
GWToolset\Models\Mapping,
GWToolset\Models\MediawikiTemplate,
MWException,
+ SpecialPage,
XMLReader;
class XmlMappingHandler extends XmlHandler {
+
+ /**
+ * @var {GWToolset\Helpers\GWTFileBackend}
+ */
+ protected $_GWTFileBackend;
/**
* @var {GWToolset\Models\Mapping}
@@ -45,16 +52,20 @@
public function __construct( array $options = array() ) {
$this->reset();
+ if ( isset( $options['GWTFileBackend'] ) ) {
+ $this->_GWTFileBackend = $options['GWTFileBackend'];
+ }
+
if ( isset( $options['Mapping'] ) ) {
$this->_Mapping = $options['Mapping'];
}
- if ( isset( $options['MediawikiTemplate'] ) ) {
- $this->_MediawikiTemplate =
$options['MediawikiTemplate'];
- }
-
if ( isset( $options['MappingHandler'] ) ) {
$this->_MappingHandler = $options['MappingHandler'];
+ }
+
+ if ( isset( $options['MediawikiTemplate'] ) ) {
+ $this->_MediawikiTemplate =
$options['MediawikiTemplate'];
}
if ( isset( $options['SpecialPage'] ) ) {
@@ -380,8 +391,6 @@
if ( is_string( $xml_source ) && !empty( $xml_source ) ) {
return $this->readXmlAsFile( $user_options,
$xml_source, $callback );
- } elseif ( $xml_source instanceof Content ) {
- return $this->readXmlAsString( $user_options,
$xml_source->getNativeData(), $callback );
} else {
throw new MWException(
wfMessage( 'gwtoolset-developer-issue' )
--
To view, visit https://gerrit.wikimedia.org/r/97521
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If30609f2d51b7352ec09811f99f3bd857e142812
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/GWToolset
Gerrit-Branch: master
Gerrit-Owner: Dan-nl <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
