jenkins-bot has submitted this change and it was merged.
Change subject: Fixed http(s) untrusted header bypass
......................................................................
Fixed http(s) untrusted header bypass
Change-Id: If273345b4eeb2b50cc56248b11734aabdeed6383
---
M modules/graph2.js
1 file changed, 4 insertions(+), 3 deletions(-)
Approvals:
Yurik: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/graph2.js b/modules/graph2.js
index 39eb075..8a51f09 100644
--- a/modules/graph2.js
+++ b/modules/graph2.js
@@ -51,9 +51,10 @@
case 'http':
case 'https':
// Will disable this as soon as all graphs have
been switched to custom protocols
- url.path = decodeURIComponent( url.path );
- opt.url = url.toString();
- return originalSanitize.call( vg.util.load, opt
);
+ // unless mw.config.get( 'wgGraphIsTrusted' )
is true
+ path = decodeURIComponent( url.path );
+ query = url.query;
+ break;
case 'wikiapi':
// wikiapi:///?action=query&list=allpages
--
To view, visit https://gerrit.wikimedia.org/r/259614
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If273345b4eeb2b50cc56248b11734aabdeed6383
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Graph
Gerrit-Branch: wmf/1.27.0-wmf.9
Gerrit-Owner: Yurik <[email protected]>
Gerrit-Reviewer: Yurik <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
