Yurik has uploaded a new change for review. https://gerrit.wikimedia.org/r/257264
Change subject: temp ...................................................................... temp Change-Id: I4b5b796b4bd15ad63f3f534f68f7f23def1da7c5 --- M Graph.body.php M extension.json M modules/graph1.js M modules/graph2.js 4 files changed, 51 insertions(+), 41 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Graph refs/changes/64/257264/1 diff --git a/Graph.body.php b/Graph.body.php index 0de41a7..c5196b8 100644 --- a/Graph.body.php +++ b/Graph.body.php @@ -68,9 +68,8 @@ if ( $liveSpecs || $interact ) { // TODO: these 3 js vars should be per domain if 'ext.graph' is added, not per page - global $wgGraphDataDomains, $wgGraphUrlBlacklist, $wgGraphIsTrusted; + global $wgGraphDataDomains, $wgGraphIsTrusted; $output->addJsConfigVars( 'wgGraphDataDomains', $wgGraphDataDomains ); - $output->addJsConfigVars( 'wgGraphUrlBlacklist', $wgGraphUrlBlacklist ); $output->addJsConfigVars( 'wgGraphIsTrusted', $wgGraphIsTrusted ); $output->addModuleStyles( 'ext.graph' ); diff --git a/extension.json b/extension.json index 3682d35..78f15ec 100644 --- a/extension.json +++ b/extension.json @@ -116,7 +116,6 @@ "config": { "GraphDataDomains": [], "GraphDefaultVegaVer": 1, - "GraphUrlBlacklist": false, "GraphIsTrusted": false, "GraphImgServiceUrl": false }, diff --git a/modules/graph1.js b/modules/graph1.js index 090ba3c..3a9f425 100644 --- a/modules/graph1.js +++ b/modules/graph1.js @@ -8,7 +8,6 @@ if ( originalSanitize === false ) { // Make sure we only initialize graphs once vg.config.domainWhiteList = mw.config.get( 'wgGraphDataDomains' ); - vg.config.urlBlackList = mw.config.get( 'wgGraphUrlBlacklist' ); if ( !mw.config.get( 'wgGraphIsTrusted' ) ) { vg.config.dataHeaders = { 'Treat-as-Untrusted': 1 }; } @@ -25,21 +24,6 @@ url.path = decodeURIComponent( url.path ); url = url.toString(); if ( !url ) { - return false; - } - if ( !vg.config.urlBlackListRe ) { - // Lazy initialize urlBlackListRe - if ( vg.config.urlBlackList ) { - vg.config.urlBlackListRe = vg.config.urlBlackList.map( function ( s ) { - return new RegExp( s ); - } ); - } else { - vg.config.urlBlackListRe = []; - } - } - if ( vg.config.urlBlackListRe.some( function ( re ) { - return re.test( url ); - } ) ) { return false; } return url; diff --git a/modules/graph2.js b/modules/graph2.js index 3a84cf7..c096da9 100644 --- a/modules/graph2.js +++ b/modules/graph2.js @@ -3,40 +3,68 @@ // Make sure we only initialize graphs once vg.config.load.domainWhiteList = mw.config.get( 'wgGraphDataDomains' ); - vg.config.load.urlBlackList = mw.config.get( 'wgGraphUrlBlacklist' ); if ( !mw.config.get( 'wgGraphIsTrusted' ) ) { vg.util.load.headers = { 'Treat-as-Untrusted': 1 }; } originalSanitize = vg.util.load.sanitizeUrl.bind( vg.util.load ); vg.util.load.sanitizeUrl = function ( /* opt */ ) { - var url = originalSanitize.apply( vg.util.load, arguments ); + var path = undefined, query = undefined, + url = originalSanitize.apply( vg.util.load, arguments ); if ( !url ) { return false; } // Normalize url by parsing and re-encoding it url = new mw.Uri( url ); - url.path = decodeURIComponent( url.path ); - url = url.toString(); - if ( !url ) { - return false; + switch (url.protocol) { + case 'http': + case 'https': + // Will disable this as soon as all graphs have been switched to custom protocols + url.path = decodeURIComponent( url.path ); + url = url.toString(); + return url ? url : false; + + case 'wikiapi': + // Call to api.php + // wikiapi:///?action=query&list=allpages + path = '/w/api.php'; + query = $.extend( url.query, { format: 'json', formatversion: 'latest' } ); + break; + + case 'wikirest': + // Call to RESTbase api + // wikirest:///api/rest_v1/page/... + if ( !( /^\/api\// ).test( url.path ) ) { + return false; + } + path = url.path; + query = url.query; + break; + + case 'wikiraw': + // Get raw content of a wiki page + // wikiraw:///MyPage/data + path = '/w/index.php?action=raw&title=' . urlencode( url.path ); + break; + + case 'wikiupload': + // Get an image for the graph, e.g. from commons + // This tag specifie sany content from the uploads.* domain, without query params + if ( !( /^upload\./ ).test( url.host ) ) { + return false; + } + path = url.path; + break; } - if ( !vg.config.load.urlBlackListRe ) { - // Lazy initialize urlBlackListRe - if ( vg.config.load.urlBlackList ) { - vg.config.load.urlBlackListRe = vg.config.load.urlBlackList.map( function ( s ) { - return new RegExp( s ); - } ); - } else { - vg.config.load.urlBlackListRe = []; - } - } - if ( vg.config.load.urlBlackListRe.some( function ( re ) { - return re.test( url ); - } ) ) { - return false; - } - return url; + + url = new mw.Uri( { + protocol: window.location.protocol, + host: url.host, + path: path, + query: query + } ).toString(); + + return url ? url : false; }; /** -- To view, visit https://gerrit.wikimedia.org/r/257264 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4b5b796b4bd15ad63f3f534f68f7f23def1da7c5 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Graph Gerrit-Branch: master Gerrit-Owner: Yurik <yu...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits