Cicalese has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/399456 )
Change subject: Adds "json xssi prefix length" parameter ...................................................................... Adds "json xssi prefix length" parameter Some JSON sources prefix the JSON with text the prevent Cross Site Script Inclusion (XSSI) attacks. This prefix must be stripped before passing the text to a JSON parser. The new "json xssi prefix length" parameter indicates how long the prefix that needs to be stripped is. For example, see https://gerrit-review.googlesource.com/Documentation/rest-api.html#output. Change-Id: I88d849b5c8201ac03cdb3f2e085d9460a4f93bc2 --- M ED_ParserFunctions.php M ED_Utils.php 2 files changed, 13 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/ExternalData refs/changes/56/399456/1 diff --git a/ED_ParserFunctions.php b/ED_ParserFunctions.php index de79f8b..78b7c1a 100644 --- a/ED_ParserFunctions.php +++ b/ED_ParserFunctions.php @@ -123,8 +123,14 @@ $cacheExpireTime = $edgCacheExpireTime; } + if ( array_key_exists( 'json xssi prefix length', $args) ) { + $prefixLength = $args['json xssi prefix length']; + } else { + $prefixLength = 0; + } + $postData = array_key_exists( 'post data', $args ) ? $args['post data'] : ''; - $external_values = EDUtils::getDataFromURL( $url, $format, $mappings, $postData, $cacheExpireTime ); + $external_values = EDUtils::getDataFromURL( $url, $format, $mappings, $postData, $cacheExpireTime, $prefixLength ); if ( is_string( $external_values ) ) { // It's an error message - display it on the screen. return EDUtils::formatErrorMessage( $external_values ); diff --git a/ED_Utils.php b/ED_Utils.php index 5293713..8274c30 100644 --- a/ED_Utils.php +++ b/ED_Utils.php @@ -876,7 +876,8 @@ } } - static function getJSONData( $json ) { + static function getJSONData( $json, $prefixLength ) { + $json = substr( $json, $prefixLength ); $json_tree = FormatJson::decode( $json, true ); if ( is_null( $json_tree ) ) { // It's probably invalid JSON. @@ -955,7 +956,7 @@ } } - static private function getDataFromText( $contents, $format, $mappings, $source ) { + static private function getDataFromText( $contents, $format, $mappings, $source, $prefixLength = 0 ) { // For now, this is only done for the CSV formats. if ( is_array( $format ) ) { list( $format, $delimiter ) = $format; @@ -972,7 +973,7 @@ } elseif ( $format == 'csv with header' ) { return self::getCSVData( $contents, true, $delimiter ); } elseif ( $format == 'json' ) { - return self::getJSONData( $contents ); + return self::getJSONData( $contents, $prefixLength ); } elseif ( $format == 'gff' ) { return self::getGFFData( $contents ); } else { @@ -1007,14 +1008,14 @@ } } - static public function getDataFromURL( $url, $format, $mappings, $postData = null, $cacheExpireTime ) { + static public function getDataFromURL( $url, $format, $mappings, $postData = null, $cacheExpireTime, $prefixLength ) { $url_contents = self::fetchURL( $url, $postData, $cacheExpireTime ); // Show an error message if there's nothing there. if ( empty( $url_contents ) ) { return "Error: No contents found at URL $url."; } - return self::getDataFromText( $url_contents, $format, $mappings, $url ); + return self::getDataFromText( $url_contents, $format, $mappings, $url, $prefixLength ); } static private function getDataFromPath( $path, $format, $mappings ) { -- To view, visit https://gerrit.wikimedia.org/r/399456 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I88d849b5c8201ac03cdb3f2e085d9460a4f93bc2 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/extensions/ExternalData Gerrit-Branch: master Gerrit-Owner: Cicalese <ccical...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
