Yurik has uploaded a new change for review.
https://gerrit.wikimedia.org/r/259610
Change subject: Fixed http(s) untrusted header bypass
......................................................................
Fixed http(s) untrusted header bypass
Change-Id: If273345b4eeb2b50cc56248b11734aabdeed6383
---
M modules/graph2.js
1 file changed, 4 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Graph
refs/changes/10/259610/1
diff --git a/modules/graph2.js b/modules/graph2.js
index 39eb075..8a51f09 100644
--- a/modules/graph2.js
+++ b/modules/graph2.js
@@ -51,9 +51,10 @@
case 'http':
case 'https':
// Will disable this as soon as all graphs have
been switched to custom protocols
- url.path = decodeURIComponent( url.path );
- opt.url = url.toString();
- return originalSanitize.call( vg.util.load, opt
);
+ // unless mw.config.get( 'wgGraphIsTrusted' )
is true
+ path = decodeURIComponent( url.path );
+ query = url.query;
+ break;
case 'wikiapi':
// wikiapi:///?action=query&list=allpages
--
To view, visit https://gerrit.wikimedia.org/r/259610
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If273345b4eeb2b50cc56248b11734aabdeed6383
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Graph
Gerrit-Branch: master
Gerrit-Owner: Yurik <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
