Yurik has uploaded a new change for review. https://gerrit.wikimedia.org/r/295180
Change subject: Added (disabled) geoshape protocol ...................................................................... Added (disabled) geoshape protocol Change-Id: I0325b74191983279b85db2fd48b96b3e2b379378 --- M lib/graph2.compiled.js 1 file changed, 38 insertions(+), 32 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Graph refs/changes/80/295180/1 diff --git a/lib/graph2.compiled.js b/lib/graph2.compiled.js index 980408b..3cc1531 100644 --- a/lib/graph2.compiled.js +++ b/lib/graph2.compiled.js @@ -134,10 +134,6 @@ * @param {boolean} useXhr true if we should use XHR, false for node.js http loading * @param {boolean} isTrusted true if the graph spec can be trusted * @param {Object} domains allowed protocols and a list of their domains - * @param {string[]} domains.http - * @param {string[]} domains.https - * @param {string[]} domains.wikirawupload - * @param {string[]} domains.wikidatasparql * @param {Object} domainMap domain remapping * @param {Function} logger * @param {Function} objExtender $.extend in browser, _.extend in NodeJs @@ -154,10 +150,12 @@ self.parseUrl = parseUrl; self.formatUrl = formatUrl; - self.httpHostsRe = makeValidator(domains.http, true); - self.httpsHostsRe = makeValidator(domains.https, true); - self.uploadHostsRe = makeValidator(domains.wikirawupload); - self.sparqlHostsRe = makeValidator(domains.wikidatasparql); + self.validators = {}; + Object.keys(domains).map(function(protocol) { + // Only allow subdomains for https & http. Other protocols must be exact match. + self.validators[protocol] = makeValidator(domains[protocol], protocol === 'https' || protocol === 'http'); + }); + self.domainMap = domainMap; load.loader = function (opt, callback) { @@ -206,9 +204,9 @@ host: host }; - if (this.httpsHostsRe.test(host)) { + if (this.validators.https.test(host)) { result.protocol = 'https'; - } else if (this.httpHostsRe.test(host)) { + } else if (this.validators.http.test(host)) { result.protocol = 'http'; } else { result = undefined; @@ -298,41 +296,33 @@ // wikirawupload://upload.wikimedia.org/wikipedia/commons/3/3e/Einstein_1921.jpg // Get an image for the graph, e.g. from commons // This tag specifies any content from the uploads.* domain, without query params - if (!this.domains.wikirawupload) { - throw new Error('wikirawupload: protocol is disabled: ' + JSON.stringify(opt.url)); - } - if (urlParts.isRelativeHost) { - urlParts.host = this.domains.wikirawupload[0]; - sanitizedHost = this.sanitizeHost(urlParts.host); - } - if (!this.uploadHostsRe.test(urlParts.host)) { - throw new Error('wikirawupload: protocol must only reference allowed upload hosts: ' + JSON.stringify(opt.url)); - } + this._validateExternalService(urlParts); urlParts.query = {}; // keep urlParts.pathname; - urlParts.protocol = sanitizedHost.protocol; break; case 'wikidatasparql': // wikidatasparql:///?query=<QUERY> // Runs a SPARQL query, converting it to // https://query.wikidata.org/bigdata/namespace/wdq/sparql?format=json&query=... - if (!this.domains.wikidatasparql) { - throw new Error('wikidatasparql: protocol is disabled: ' + JSON.stringify(opt.url)); - } - if (urlParts.isRelativeHost) { - urlParts.host = this.domains.wikidatasparql[0]; - sanitizedHost = this.sanitizeHost(urlParts.host); - } - if (!this.sparqlHostsRe.test(urlParts.host)) { - throw new Error('wikidatasparql: protocol must only reference allowed sparql hosts: ' + JSON.stringify(opt.url)); - } + this._validateExternalService(urlParts); if (!urlParts.query || !urlParts.query.query) { throw new Error('wikidatasparql: missing query parameter in: ' + JSON.stringify(opt.url)); } urlParts.query = { format: 'json', query: urlParts.query.query }; urlParts.pathname = '/bigdata/namespace/wdq/sparql'; - urlParts.protocol = sanitizedHost.protocol; + break; + + case 'geoshape': + // geoshape:///?ids=Q16,Q30 + // Get geo shapes data from OSM database by supplying Wikidata IDs + // https://maps.wikimedia.org/shape?q=Q16,Q30 + this._validateExternalService(urlParts); + if (!urlParts.query || !urlParts.query.ids) { + throw new Error('geoshape: missing ids parameter in: ' + JSON.stringify(opt.url)); + } + urlParts.query = { q: urlParts.query.ids }; + urlParts.pathname = '/shape'; break; default: @@ -341,6 +331,22 @@ return this.formatUrl(urlParts, opt); }; +VegaWrapper.prototype._validateExternalService = function _validateExternalService(urlParts) { + var protocol = urlParts.protocol; + if (!this.domains[protocol]) { + throw new Error(protocol + ': protocol is disabled: ' + JSON.stringify(opt.url)); + } + if (urlParts.isRelativeHost) { + urlParts.host = this.domains[protocol][0]; + urlParts.protocol = this.sanitizeHost(urlParts.host).protocol; + } else { + urlParts.protocol = sanitizedHost.protocol; + } + if (!this.validators[protocol].test(urlParts.host)) { + throw new Error(protocol + ': URL must either be relative (' + protocol + '///...), or use one of the allowed hosts: ' + JSON.stringify(opt.url)); + } +}; + /** * Performs post-processing of the data requested by the graph's spec */ -- To view, visit https://gerrit.wikimedia.org/r/295180 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0325b74191983279b85db2fd48b96b3e2b379378 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/Graph Gerrit-Branch: master Gerrit-Owner: Yurik <yu...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits