jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/329501 )
Change subject: Prevent <input>s being parsed
......................................................................
Prevent <input>s being parsed
Plus anything else that might be, not sure why that line was there,
that's a bit dodgy...
Also some aesthetic changes for consistancy between Send and SendPM
Bug:T152332
Change-Id: I784f061dd7bdbc2c72a06351df5033e8450598b0
---
M api/GetNewWorker.php
M api/SendPM.api.php
M extension.json
3 files changed, 9 insertions(+), 5 deletions(-)
Approvals:
UltrasonicNXT: Looks good to me, approved
jenkins-bot: Verified
diff --git a/api/GetNewWorker.php b/api/GetNewWorker.php
index cf01255..99bbdb5 100644
--- a/api/GetNewWorker.php
+++ b/api/GetNewWorker.php
@@ -86,7 +86,6 @@
) ) {
$message = $row->chat_message;
- $message = html_entity_decode( $message ); // otherwise the
HTML is printed as text
$fromid = $row->chat_user_id;
$toid = $row->chat_to_id;
diff --git a/api/SendPM.api.php b/api/SendPM.api.php
index 139dc88..175f043 100644
--- a/api/SendPM.api.php
+++ b/api/SendPM.api.php
@@ -3,7 +3,7 @@
class ChatSendPMAPI extends ApiBase {
public function execute() {
- global $wgChatFloodMessages, $wgChatFloodSeconds;
+ global $wgChatFloodMessages, $wgChatFloodSeconds,
$wgChatMaxMessageLength;
$result = $this->getResult();
$user = $this->getUser();
@@ -14,11 +14,16 @@
$message = MediaWikiChat::parseMessage(
$originalMessage, $user );
if ( $message != '' ) {
- $dbr = wfGetDB( DB_SLAVE );
$dbw = wfGetDB( DB_MASTER );
+ $dbr = wfGetDB( DB_SLAVE );
$fromId = $user->getID();
$timestamp = MediaWikiChat::now();
+
+ if ( strlen( $message ) >
$wgChatMaxMessageLength ) {
+ $result->addValue(
$this->getModuleName(), 'error', 'length' );
+ return true;
+ }
// Flood check
$res = $dbr->selectField(
@@ -27,7 +32,7 @@
array( "chat_timestamp > " . (
$timestamp - ( $wgChatFloodSeconds * 100 ) ), " chat_user_id = " . $fromId ),
__METHOD__
);
- if ( $res > $wgChatFloodMessages ) {
+ if ( $res > $wgChatFloodMessages ) {
$result->addValue(
$this->getModuleName(), 'error', 'flood' );
return true;
}
diff --git a/extension.json b/extension.json
index 9f9ac08..74a70ce 100644
--- a/extension.json
+++ b/extension.json
@@ -1,6 +1,6 @@
{
"name": "MediaWikiChat",
- "version": "2.17.3",
+ "version": "2.17.4",
"author": [
"Adam Carter/UltrasonicNXT"
],
--
To view, visit https://gerrit.wikimedia.org/r/329501
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I784f061dd7bdbc2c72a06351df5033e8450598b0
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/extensions/MediaWikiChat
Gerrit-Branch: master
Gerrit-Owner: UltrasonicNXT <adamr_car...@btinternet.com>
Gerrit-Reviewer: UltrasonicNXT <adamr_car...@btinternet.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
