User "Catrope" posted a comment on MediaWiki.r87002.
Full URL:
https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Special:Code/MediaWiki/87002#c16480
Commit summary:
initial partially functioning version of FlickrChecker
Comment:
<pre>
+
$.getJSON(this.apiUrl+'&method=flickr.photos.getInfo&api_key='+this.apiKey+'&photo_id='+photoId+'&format=json&jsoncallback=?',
</pre>
This doesn't escape anything whatsoever. It's safe now because the API key is
hardcoded hex and the photo ID is all decimal, but it's nicer to do it the
"right" way:
<pre>
$.getJSON( this.apiUrl + '?jsoncallback=?', { 'method':
'flickr.photos.getInfo', 'api_key': this.apiKey, 'photo_id': photoId, 'format':
'json' }, ...
</pre>
_______________________________________________
MediaWiki-CodeReview mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
