Hashar has uploaded a new change for review.
https://gerrit.wikimedia.org/r/58664
Change subject: revert highlight.php changes (bug 47112)
......................................................................
revert highlight.php changes (bug 47112)
The recent changes made to highlight.php introduce some regressions
which need to be removed. See bug for details.
Change-Id: Idcec674abd2df9f43eb60aae4d248c57243af363
---
M docroot/noc/conf/highlight.php
1 file changed, 21 insertions(+), 22 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config
refs/changes/64/58664/1
diff --git a/docroot/noc/conf/highlight.php b/docroot/noc/conf/highlight.php
index e836697..05553be 100644
--- a/docroot/noc/conf/highlight.php
+++ b/docroot/noc/conf/highlight.php
@@ -1,19 +1,19 @@
<?php
+// Only allow viewing of files of which there is a copy (or link)
+// in noc/conf/* by the same name.
+$viewFilenames = array_map( 'basename', glob( __DIR__ . '/*' ) );
+
$srcFilename = $_GET['file'];
+
$viewFilename = false;
$srcDir = false;
-// Build whitelist
-// Only allow viewing of files of which there is a link noc/conf/* by the same
name.
-$viewFilenames = array_map( 'basename', glob( __DIR__ . '/*' ) );
-
-foreach ( $viewFilenames as &$viewFilename ) {
- // Map .txt links to the original filename
- if ( substr( $viewFilename, -4 ) === '.txt' ) {
- $viewFilename = substr( $viewFilename, 0, -4 );
- }
- if ( $srcFilename === $viewFilename ) {
- $viewFilename = $viewFilename;
+foreach ( $viewFilenames as $view ) {
+ $src = substr( $view, -4 ) === '.txt'
+ ? substr( $view, 0, -4 )
+ : $view;
+ if ( $srcFilename === $src ) {
+ $viewFilename = $view;
break;
}
}
@@ -22,19 +22,19 @@
header( 'Content-Type: text/html; charset=utf-8' );
if ( !$viewFilename ) {
- header( "HTTP/1.1 404 Not Found" );
- if ( isset( $_SERVER['HTTP_REFERER'] ) && strpos( strtolower(
$_SERVER['HTTP_REFERER'] ), 'google' ) !== false ) {
+ # Secret site password distribution :-D
+ # First implement access control
+ if ( isset( $_SERVER['HTTP_REFERER'] ) && strpos(
$_SERVER['HTTP_REFERER'], 'google' ) !== false ) {
+ header( "HTTP/1.1 404 Not Found" );
echo "File not found\n";
exit;
}
- // Easter egg
+ # OK, authenticated developer, send password
$hlHtml = highlight_string( '<'."?php\n\$secretSitePassword =
'jgmeidj28gms';\n", true );
-
} else {
- // Location: /home/wikipedia/common/ | docroot/noc/conf
- $baseSrcDir = dirname( dirname( dirname( __DIR__ ) ) );
+ $baseSrcDir = '/home/wikipedia/common';
- // Find the original
+ // Find where it is
if ( file_exists( "$baseSrcDir/wmf-config/$srcFilename" ) ) {
$srcPath = "$baseSrcDir/wmf-config/$srcFilename";
$srcDir = 'wmf-config/';
@@ -51,7 +51,7 @@
$hlHtml = str_replace( ' ', ' ', $hlHtml ); //
https://bugzilla.wikimedia.org/19253
$hlHtml = str_replace( ' ', "\t", $hlHtml ); //
convert 4 spaces to 1 tab character; bug #36576
} else {
- $hlHtml = htmlspecialchars( file_get_contents( $srcPath
) );
+ $hlHtml = htmlspecialchars( file_get_contents( __DIR__
. '/' . $srcFilename ) );
}
} else {
$hlHtml = 'Failed to read file. :(';
@@ -67,9 +67,8 @@
<!DOCTYPE html>
<html lang="en">
<head>
- <title><?php echo $titleSrcFilename; ?> - Wikimedia configuration
files</title>
- <link rel="shortcut icon" href="//bits.wikimedia.org/favicon/wmf.ico">
- <link rel="stylesheet" href="../base.css">
+ <title><?php echo $titleSrcFilename; ?></title>
+ <link rel="stylesheet" href="/base.css">
</head>
<body>
<h1><a href="./">«</a> <?php echo $titleSrcFilename; ?></h1>
--
To view, visit https://gerrit.wikimedia.org/r/58664
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idcec674abd2df9f43eb60aae4d248c57243af363
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Hashar <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
