Matmarex has uploaded a new change for review. Change subject: (bug 40124) allow arbitrary user preferences prefixed with 'userjs-' ......................................................................
(bug 40124) allow arbitrary user preferences prefixed with 'userjs-' Before change I98df55f2 it was possible to set arbitrary preferences (ie. with anything as the key) using the action=options API. That change removed this ability by enforcing full validation of the preferences, also introducing several regressions which were fixed by follow-ups. Per the discussion on bug 40124, this changeset aims to restore this ability, but in a slightly restricted way: arbitrary preferences' names must start with userjs- prefix, to avoid any possibility of conflicting with new MediaWiki versions or extensions. The contents of these preferences is not escaped, sanitized nor validated in any way; script authors are expected to sanitize them themselves to prevent XSS attacks and other security vulnerabilities. This commit also adds the User::getOptionsKinds() method (to determine whether given preference keys are used by MediaWiki itself or an extension, intended to be used via the API, or entirely unknown) and enhances the User::resetOptions() method to allow for resetting only preferences of chosen kinds. These changes allow for fixing of Special:Preferences not to clear those additional fields when saving user settings. Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d --- M RELEASE-NOTES-1.21 M includes/Preferences.php M includes/User.php M includes/api/ApiOptions.php M includes/specials/SpecialPreferences.php M tests/phpunit/includes/api/ApiOptionsTest.php 6 files changed, 240 insertions(+), 52 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/70/44070/1 -- To view, visit https://gerrit.wikimedia.org/r/44070 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.21wmf7 Gerrit-Owner: Matmarex <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
