jenkins-bot has submitted this change and it was merged. Change subject: Don't allow shortening URLs with a username or password ......................................................................
Don't allow shortening URLs with a username or password ...and fix the error message for invalid ports. Bug: T108604 Change-Id: I02d139cbf60efa45db52061734c4db63375356c1 --- M UrlShortener.utils.php M extension.json M i18n/en.json M i18n/qqq.json M modules/ext.urlShortener.special.js 5 files changed, 15 insertions(+), 3 deletions(-) Approvals: Ori.livneh: Looks good to me, approved jenkins-bot: Verified diff --git a/UrlShortener.utils.php b/UrlShortener.utils.php index 8543900..72ad2df 100755 --- a/UrlShortener.utils.php +++ b/UrlShortener.utils.php @@ -187,6 +187,11 @@ return wfMessage( 'urlshortener-error-badports' ); } } + + if ( isset( $urlParts['user'] ) || isset( $urlParts['pass'] ) ) { + return wfMessage( 'urlshortener-error-nouserpass' ); + } + $domain = $urlParts['host']; if ( preg_match( '/' . self::getWhitelistRegex() . '/', $domain ) === 1 ) { diff --git a/extension.json b/extension.json index 3ec6709..fa28fd1 100644 --- a/extension.json +++ b/extension.json @@ -56,6 +56,7 @@ "urlshortener-error-malformed-url", "urlshortener-error-disallowed-url", "urlshortener-error-badports", + "urlshortener-error-nouserpass", "urlshortener-url-input-submit", "urlshortener-url-input-submitting", "urlshortener-shortened-url-label" diff --git a/i18n/en.json b/i18n/en.json index 688f06b..84c7cda 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -18,5 +18,6 @@ "urlshortener-approved-domains": "Links to the following {{PLURAL:$1|domain|domains}} may be shortened: $2.", "urlshortener-ratelimit": "Please wait some time before shortening more URLs.", "urlshortener-toolbox": "Get shortened URL", - "urlshortener-error-badports": "URLs that contain ports are not allowed to be shortened" + "urlshortener-error-badports": "URLs that contain ports are not allowed to be shortened", + "urlshortener-error-nouserpass": "URLs that contain a username or password are not allowed to be shortened" } diff --git a/i18n/qqq.json b/i18n/qqq.json index 60524da..39edd3e 100644 --- a/i18n/qqq.json +++ b/i18n/qqq.json @@ -19,5 +19,6 @@ "urlshortener-approved-domains": "Help message displayed on Special:UrlShortener showing which domains can be shortened. $1 is the number of domains, $2 is a comma separated list of domains.", "urlshortener-ratelimit": "Error message shown when a user shortens too many urls in a short period of time", "urlshortener-toolbox": "Text of link in toolbox to get shortened URL", - "urlshortener-error-badports": "Error message shown when the URL cannot be shortened because it contains a port (e.g. http://example.org:90/path)" + "urlshortener-error-badports": "Error message shown when the URL cannot be shortened because it contains a port (e.g. http://example.org:90/path)", + "urlshortener-error-nouserpass": "Error message shown when the URL cannot be shortened because it contains a username or password (e.g. http://user:passw...@example.org/)" } diff --git a/modules/ext.urlShortener.special.js b/modules/ext.urlShortener.special.js index dac06aa..dbf7bb8 100644 --- a/modules/ext.urlShortener.special.js +++ b/modules/ext.urlShortener.special.js @@ -59,7 +59,11 @@ !self.allowArbitraryPorts && !( parsed.port === '80' || parsed.port === '443' ) ) { - return showError( 'urlshortener-error-badports' ); + return showError( mw.msg( 'urlshortener-error-badports' ) ); + } + + if ( parsed.user || parsed.password ) { + return showError( mw.msg( 'urlshortener-error-nouserpass' ) ); } self.input.setLabel( null ); -- To view, visit https://gerrit.wikimedia.org/r/231744 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I02d139cbf60efa45db52061734c4db63375356c1 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/extensions/UrlShortener Gerrit-Branch: master Gerrit-Owner: Legoktm <legoktm.wikipe...@gmail.com> Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org> Gerrit-Reviewer: Prtksxna <psax...@wikimedia.org> Gerrit-Reviewer: Siebrand <siebr...@kitano.nl> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits