jenkins-bot has submitted this change and it was merged. Change subject: Updated to latest graph2 lib ......................................................................
Updated to latest graph2 lib Change-Id: Ie52cde6ed480c74b186a45e9959e87782ca72fa7 --- M lib/graph2.compiled.js 1 file changed, 30 insertions(+), 22 deletions(-) Approvals: Thcipriani: Looks good to me, approved jenkins-bot: Verified diff --git a/lib/graph2.compiled.js b/lib/graph2.compiled.js index bfe1214..e46cfcb 100644 --- a/lib/graph2.compiled.js +++ b/lib/graph2.compiled.js @@ -112,7 +112,7 @@ } }; return new RegExp( - (allowSubdomains ? '^([^@/:]*\.)?(' : '^(') + + (allowSubdomains ? '^([^@/:]*\\.)?(' : '^(') + domains .map(function (s) { return s.replace('.', '\\.'); @@ -145,18 +145,12 @@ var self = this; self.isTrusted = isTrusted; self.domains = domains; + self.domainMap = domainMap; self.logger = logger; self.objExtender = objExtender; self.parseUrl = parseUrl; self.formatUrl = formatUrl; - self.validators = {}; - Object.keys(domains).map(function(protocol) { - // Only allow subdomains for https & http. Other protocols must be exact match. - self.validators[protocol] = makeValidator(domains[protocol], protocol === 'https' || protocol === 'http'); - }); - - self.domainMap = domainMap; load.loader = function (opt, callback) { var error = callback || function (e) { throw e; }, url; @@ -200,19 +194,29 @@ // First, map the host host = (this.domainMap && this.domainMap[host]) || host; - var result = { - host: host - }; - - if (this.validators.https.test(host)) { - result.protocol = 'https'; - } else if (this.validators.http.test(host)) { - result.protocol = 'http'; - } else { - result = undefined; + if (this.testHost('https', host)) { + return {host: host, protocol: 'https'}; + } else if (this.testHost('http', host)) { + return {host: host, protocol: 'http'}; } + return undefined; +}; - return result; +/** + * Test host against the list of allowed domains based on the protocol + * @param {string} protocol + * @param {string} host + * @returns {boolean} + */ +VegaWrapper.prototype.testHost = function testHost(protocol, host) { + if (!this.validators[protocol]) { + if (this.domains[protocol]) { + this.validators[protocol] = makeValidator(this.domains[protocol], protocol === 'https' || protocol === 'http'); + } else { + return false; + } + } + return this.validators[protocol].test(host); }; /**this @@ -241,7 +245,7 @@ case 'https': if (!this.isTrusted) { throw new Error('HTTP and HTTPS protocols are not supported for untrusted graphs.\n' + - 'Use wikiraw:, wikiapi:, wikirest:, and wikirawupload: protocols.\n' + + 'Use wikiraw:, wikiapi:, wikirest:, wikirawupload:, and other protocols.\n' + 'See https://www.mediawiki.org/wiki/Extension:Graph#External_data'); } // keep the original URL @@ -275,6 +279,7 @@ // Uses mediawiki api, and extract the content after the request // Query value must be a valid MediaWiki title string, but we only ensure // there is no pipe symbol, the rest is handlered by the api. + urlParts.pathname = decodeURIComponent(urlParts.pathname) if (!/^\/[^|]+$/.test(urlParts.pathname)) { throw new Error('wikiraw: invalid title'); } @@ -284,7 +289,7 @@ action: 'query', prop: 'revisions', rvprop: 'content', - titles: decodeURIComponent(urlParts.pathname.substring(1)) + titles: urlParts.pathname.substring(1) }; urlParts.pathname = '/w/api.php'; urlParts.protocol = sanitizedHost.protocol; @@ -318,6 +323,9 @@ // Get geo shapes data from OSM database by supplying Wikidata IDs // https://maps.wikimedia.org/shape?ids=Q16,Q30 this._validateExternalService(urlParts, sanitizedHost, opt.url); + if (!urlParts.query || !urlParts.query.ids) { + throw new Error('geoshape: missing ids parameter in: ' + opt.url); + } // the query object is not modified urlParts.pathname = '/shape'; break; @@ -339,7 +347,7 @@ } else { urlParts.protocol = sanitizedHost.protocol; } - if (!this.validators[protocol].test(urlParts.host)) { + if (!this.testHost(protocol, urlParts.host)) { throw new Error(protocol + ': URL must either be relative (' + protocol + '///...), or use one of the allowed hosts: ' + url); } }; -- To view, visit https://gerrit.wikimedia.org/r/295359 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie52cde6ed480c74b186a45e9959e87782ca72fa7 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/Graph Gerrit-Branch: master Gerrit-Owner: Yurik <yu...@wikimedia.org> Gerrit-Reviewer: Thcipriani <tcipri...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits