Mattflaschen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/229031
Change subject: SECURITY: Strip edit tokens in mw.flow.data
......................................................................
SECURITY: Strip edit tokens in mw.flow.data
Bug: T107170
Change-Id: Iff68c0d9f88fa4ccaaa17d6e4ad0dc4999272e35
---
M includes/View.php
1 file changed, 11 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow
refs/changes/31/229031/1
diff --git a/includes/View.php b/includes/View.php
index db445d2..f8e5bf3 100644
--- a/includes/View.php
+++ b/includes/View.php
@@ -223,10 +223,20 @@
}
$out = $this->getOutput();
+
+ $jsonBlobResponse = $apiResponse;
+
+ // Temporary fix for T107170
+ array_walk_recursive( $jsonBlobResponse, function ( &$value,
$key ) {
+ if ( stristr( $key, 'Token' ) !== false ) {
+ $value = null;
+ }
+ } );
+
// Add JSON blob for OOUI widgets
$out->addHTML( Html::inlineScript(
'mw.flow = mw.flow || {}; mw.flow.data = ' .
- FormatJson::encode( $apiResponse ) .
+ FormatJson::encode( $jsonBlobResponse ) .
';'
) );
--
To view, visit https://gerrit.wikimedia.org/r/229031
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iff68c0d9f88fa4ccaaa17d6e4ad0dc4999272e35
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Flow
Gerrit-Branch: wmf/1.26wmf16
Gerrit-Owner: Mattflaschen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
