Hoo man has uploaded a new change for review. https://gerrit.wikimedia.org/r/180689
Change subject: Properly validate site ids in SpecialSetSiteLink ...................................................................... Properly validate site ids in SpecialSetSiteLink Using SiteLinkTargetProvider which the api also uses. To prevent things like: https://www.wikidata.org/w/index.php?diff=181731621 Change-Id: Iec23f779382dc8b719d8c82d89377f4663801255 --- R repo/includes/SiteLinkTargetProvider.php M repo/includes/api/GetEntities.php M repo/includes/api/LinkTitles.php M repo/includes/api/ModifyEntity.php M repo/includes/specials/SpecialSetSiteLink.php R repo/tests/phpunit/includes/SiteLinkTargetProviderTest.php 6 files changed, 31 insertions(+), 8 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase refs/changes/89/180689/1 diff --git a/repo/includes/api/SiteLinkTargetProvider.php b/repo/includes/SiteLinkTargetProvider.php similarity index 98% rename from repo/includes/api/SiteLinkTargetProvider.php rename to repo/includes/SiteLinkTargetProvider.php index bf8205e..5092411 100644 --- a/repo/includes/api/SiteLinkTargetProvider.php +++ b/repo/includes/SiteLinkTargetProvider.php @@ -1,6 +1,6 @@ <?php -namespace Wikibase\Api; +namespace Wikibase; use Site; use SiteList; diff --git a/repo/includes/api/GetEntities.php b/repo/includes/api/GetEntities.php index 87c2505..b5d8176 100644 --- a/repo/includes/api/GetEntities.php +++ b/repo/includes/api/GetEntities.php @@ -11,6 +11,7 @@ use Wikibase\Lib\Serializers\EntitySerializer; use Wikibase\Lib\Serializers\SerializationOptions; use Wikibase\Lib\Store\UnresolvedRedirectException; +use Wikibase\SiteLinkTargetProvider; use Wikibase\Repo\WikibaseRepo; use Wikibase\StringNormalizer; use Wikibase\Utils; diff --git a/repo/includes/api/LinkTitles.php b/repo/includes/api/LinkTitles.php index 38bb600..50f0f00 100644 --- a/repo/includes/api/LinkTitles.php +++ b/repo/includes/api/LinkTitles.php @@ -10,6 +10,7 @@ use Wikibase\DataModel\SiteLink; use Wikibase\Lib\Store\EntityRevisionLookup; use Wikibase\Repo\WikibaseRepo; +use Wikibase\SiteLinkTargetProvider; use Wikibase\Summary; /** diff --git a/repo/includes/api/ModifyEntity.php b/repo/includes/api/ModifyEntity.php index d0a07b3..f329ddc 100644 --- a/repo/includes/api/ModifyEntity.php +++ b/repo/includes/api/ModifyEntity.php @@ -16,6 +16,7 @@ use Wikibase\DataModel\Entity\EntityIdParsingException; use Wikibase\DataModel\Entity\ItemId; use Wikibase\EntityRevision; +use Wikibase\SiteLinkTargetProvider; use Wikibase\Lib\Store\EntityRevisionLookup; use Wikibase\Lib\Store\SiteLinkLookup; use Wikibase\Lib\Store\StorageException; diff --git a/repo/includes/specials/SpecialSetSiteLink.php b/repo/includes/specials/SpecialSetSiteLink.php index 4cdcd9e..21276eb 100644 --- a/repo/includes/specials/SpecialSetSiteLink.php +++ b/repo/includes/specials/SpecialSetSiteLink.php @@ -15,6 +15,7 @@ use Wikibase\DataModel\Entity\Item; use Wikibase\DataModel\Entity\ItemId; use Wikibase\Repo\WikibaseRepo; +use Wikibase\SiteLinkTargetProvider; use Wikibase\Summary; /** @@ -31,7 +32,7 @@ * * @since 0.4 * - * @var string + * @var string|null */ protected $site; @@ -69,9 +70,19 @@ protected $badgeItems; /** + * @var string[] + */ + protected $siteLinkGroups; + + /** * @var SiteLinkChangeOpFactory */ protected $siteLinkChangeOpFactory; + + /** + * @var SiteLinkTargetProvider + */ + protected $siteLinkTargetProvider; /** * @since 0.4 @@ -85,8 +96,13 @@ $this->rightsUrl = $settings->getSetting( 'dataRightsUrl' ); $this->rightsText = $settings->getSetting( 'dataRightsText' ); $this->badgeItems = $settings->getSetting( 'badgeItems' ); + $this->siteLinkGroups = $settings->getSetting( 'siteLinkGroups' ); $this->siteLinkChangeOpFactory = $wikibaseRepo->getChangeOpFactoryProvider()->getSiteLinkChangeOpFactory(); + $this->siteLinkTargetProvider = new SiteLinkTargetProvider( + $this->siteStore, + $settings->getSetting( 'specialSiteLinkGroups' ) + ); } /** @@ -115,7 +131,7 @@ $this->site = null; } - if ( !$this->isValidSiteId( $this->site ) && $this->site !== null ) { + if ( !$this->isValidSiteId( $this->site ) ) { $this->showErrorHTML( $this->msg( 'wikibase-setsitelink-invalid-site', $this->site )->parse() ); } @@ -136,6 +152,10 @@ */ protected function validateInput() { $request = $this->getRequest(); + + if ( !$this->isValidSiteId( $this->site ) ) { + return false; + } if ( !parent::validateInput() ) { return false; @@ -204,7 +224,8 @@ * @return bool */ private function isValidSiteId( $siteId ) { - return $siteId !== null && $this->siteStore->getSite( $siteId ) !== null; + return $siteId !== null + && $this->siteLinkTargetProvider->getSiteList( $this->siteLinkGroups )->hasSite( $siteId ); } /** diff --git a/repo/tests/phpunit/includes/api/SiteLinkTargetProviderTest.php b/repo/tests/phpunit/includes/SiteLinkTargetProviderTest.php similarity index 94% rename from repo/tests/phpunit/includes/api/SiteLinkTargetProviderTest.php rename to repo/tests/phpunit/includes/SiteLinkTargetProviderTest.php index 0f17cba..0dac4d8 100644 --- a/repo/tests/phpunit/includes/api/SiteLinkTargetProviderTest.php +++ b/repo/tests/phpunit/includes/SiteLinkTargetProviderTest.php @@ -1,15 +1,14 @@ <?php -namespace Wikibase\Test\Api; +namespace Wikibase\Test; use SiteList; -use Wikibase\Api\SiteLinkTargetProvider; +use Wikibase\SiteLinkTargetProvider; /** - * @covers Wikibase\Api\SiteLinkTargetProvider + * @covers Wikibase\SiteLinkTargetProvider * * @group Wikibase - * @group WikibaseAPI * @group WikibaseRepo * * @licence GNU GPL v2+ -- To view, visit https://gerrit.wikimedia.org/r/180689 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iec23f779382dc8b719d8c82d89377f4663801255 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Wikibase Gerrit-Branch: master Gerrit-Owner: Hoo man <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
