thiemowmde added a subscriber: Lydia_Pintscher.
thiemowmde added projects: MediaWiki-extensions-WikibaseRepository, Need-volunteer.
thiemowmde added a comment.

The relevant validation currently done in ValidatorBuilders.php is a substring match for This already disallows all …/wiki/ URLs. Namespace, entity type, and entity ID are currently not validated.

It should not be that hard to create a validator that only accepts a single entity type (or a set of entity types), checks the namespace (note that items can be in the main namespace, or in an "Item:" namespace), parses the entity ID, and makes sure it matches the entity type. Service classes for all these individual checks should already exist (probably EntityNamespaceLookup and an EntityIdParser).

Note that calendar model and globe URIs are missing the exact same validation. It's probably a good idea to have a single ticket for all three.



To: thiemowmde
Cc: Lydia_Pintscher, Ladsgroup, thiemowmde, daniel, Aklapper, Smalyshev, GoranSMilovanovic, Soteriaspace, JakeTheDeveloper, QZanden, Kaartic, Izno, Wikidata-bugs, aude, TheDJ, Mbch331
Wikidata-bugs mailing list

Reply via email to