[MediaWiki-commits] [Gerrit] Don't allow shortening URLs with a username or password - change (mediawiki...UrlShortener)

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged.

Change subject: Don't allow shortening URLs with a username or password
......................................................................


Don't allow shortening URLs with a username or password

...and fix the error message for invalid ports.

Bug: T108604
Change-Id: I02d139cbf60efa45db52061734c4db63375356c1
---
M UrlShortener.utils.php
M extension.json
M i18n/en.json
M i18n/qqq.json
M modules/ext.urlShortener.special.js
5 files changed, 15 insertions(+), 3 deletions(-)

Approvals:
  Ori.livneh: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/UrlShortener.utils.php b/UrlShortener.utils.php
index 8543900..72ad2df 100755
--- a/UrlShortener.utils.php
+++ b/UrlShortener.utils.php
@@ -187,6 +187,11 @@
                                        return wfMessage( 
'urlshortener-error-badports' );
                                }
                        }
+
+                       if ( isset( $urlParts['user'] ) || isset( 
$urlParts['pass'] ) ) {
+                               return wfMessage( 
'urlshortener-error-nouserpass' );
+                       }
+
                        $domain = $urlParts['host'];
 
                        if ( preg_match( '/' . self::getWhitelistRegex() . '/', 
$domain ) === 1 ) {
diff --git a/extension.json b/extension.json
index 3ec6709..fa28fd1 100644
--- a/extension.json
+++ b/extension.json
@@ -56,6 +56,7 @@
                                "urlshortener-error-malformed-url",
                                "urlshortener-error-disallowed-url",
                                "urlshortener-error-badports",
+                               "urlshortener-error-nouserpass",
                                "urlshortener-url-input-submit",
                                "urlshortener-url-input-submitting",
                                "urlshortener-shortened-url-label"
diff --git a/i18n/en.json b/i18n/en.json
index 688f06b..84c7cda 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -18,5 +18,6 @@
        "urlshortener-approved-domains": "Links to the following 
{{PLURAL:$1|domain|domains}} may be shortened: $2.",
        "urlshortener-ratelimit": "Please wait some time before shortening more 
URLs.",
        "urlshortener-toolbox": "Get shortened URL",
-       "urlshortener-error-badports": "URLs that contain ports are not allowed 
to be shortened"
+       "urlshortener-error-badports": "URLs that contain ports are not allowed 
to be shortened",
+       "urlshortener-error-nouserpass": "URLs that contain a username or 
password are not allowed to be shortened"
 }
diff --git a/i18n/qqq.json b/i18n/qqq.json
index 60524da..39edd3e 100644
--- a/i18n/qqq.json
+++ b/i18n/qqq.json
@@ -19,5 +19,6 @@
        "urlshortener-approved-domains": "Help message displayed on 
Special:UrlShortener showing which domains can be shortened. $1 is the number 
of domains, $2 is a comma separated list of domains.",
        "urlshortener-ratelimit": "Error message shown when a user shortens too 
many urls in a short period of time",
        "urlshortener-toolbox": "Text of link in toolbox to get shortened URL",
-       "urlshortener-error-badports": "Error message shown when the URL cannot 
be shortened because it contains a port (e.g. http://example.org:90/path)"
+       "urlshortener-error-badports": "Error message shown when the URL cannot 
be shortened because it contains a port (e.g. http://example.org:90/path)",
+       "urlshortener-error-nouserpass": "Error message shown when the URL 
cannot be shortened because it contains a username or password (e.g. 
http://user:passw...@example.org/)"
 }
diff --git a/modules/ext.urlShortener.special.js 
b/modules/ext.urlShortener.special.js
index dac06aa..dbf7bb8 100644
--- a/modules/ext.urlShortener.special.js
+++ b/modules/ext.urlShortener.special.js
@@ -59,7 +59,11 @@
                                !self.allowArbitraryPorts &&
                                !( parsed.port === '80' || parsed.port === 
'443' )
                        ) {
-                               return showError( 'urlshortener-error-badports' 
);
+                               return showError( mw.msg( 
'urlshortener-error-badports' ) );
+                       }
+
+                       if ( parsed.user || parsed.password ) {
+                               return showError( mw.msg( 
'urlshortener-error-nouserpass' ) );
                        }
 
                        self.input.setLabel( null );

-- 
To view, visit https://gerrit.wikimedia.org/r/231744
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I02d139cbf60efa45db52061734c4db63375356c1
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/UrlShortener
Gerrit-Branch: master
Gerrit-Owner: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: Prtksxna <psax...@wikimedia.org>
Gerrit-Reviewer: Siebrand <siebr...@kitano.nl>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits