dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: dc1632d 1a9fb8c)
Merge "Add ?safemode=1 to disable user JS/CSS"
authorjenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Mon, 10 Apr 2017 18:50:19 +0000 (18:50 +0000)
committerGerrit Code Review <gerrit@wikimedia.org>
Mon, 10 Apr 2017 18:50:19 +0000 (18:50 +0000)
1  2 
includes/OutputPage.php patch | diff1 | diff2 | blob | history

diff --combined includes/OutputPage.php
index 5380264,3cc9b76..a25ea9c
--- 1/includes/OutputPage.php
--- 2/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@@ -1568,7 -1568,6 +1568,7 @@@ class OutputPage extends ContextSource 
                        // been changed somehow, and keep it if so.
                        $anonPO = ParserOptions::newFromAnon();
                        $anonPO->setEditSection( false );
 +                      $anonPO->setAllowUnsafeRawHtml( false );
                        if ( !$options->matches( $anonPO ) ) {
                                wfLogWarning( __METHOD__ . ': Setting a changed bogus ParserOptions: ' . wfGetAllCallers( 5 ) );
                                $options->isBogus = false;
@@@ -1582,7 -1581,6 +1582,7 @@@
                                // either.
                                $po = ParserOptions::newFromAnon();
                                $po->setEditSection( false );
 +                              $po->setAllowUnsafeRawHtml( false );
                                $po->isBogus = true;
                                if ( $options !== null ) {
                                        $this->mParserOptions = empty( $options->isBogus ) ? $options : null;
@@@ -1592,7 -1590,6 +1592,7 @@@
  
                        $this->mParserOptions = ParserOptions::newFromContext( $this->getContext() );
                        $this->mParserOptions->setEditSection( false );
 +                      $this->mParserOptions->setAllowUnsafeRawHtml( false );
                }
  
                if ( $options !== null && !empty( $options->isBogus ) ) {
@@@ -2370,6 -2367,11 +2370,11 @@@
                if ( $this->mArticleBodyOnly ) {
                        echo $this->mBodytext;
                } else {
+                       // Enable safe mode if requested
+                       if ( $this->getRequest()->getBool( 'safemode' ) ) {
+                               $this->disallowUserJs();
+                       }
                        $sk = $this->getSkin();
                        // add skin specific modules
                        $modules = $sk->getDefaultModules();
@@@ -2727,9 -2729,7 +2732,9 @@@
                } else {
                        $titleObj = Title::newFromText( $returnto );
                }
 -              if ( !is_object( $titleObj ) ) {
 +              // We don't want people to return to external interwiki. That
 +              // might potentially be used as part of a phishing scheme
 +              if ( !is_object( $titleObj ) || $titleObj->isExternal() ) {
                        $titleObj = Title::newMainPage();
                }
  
Wiklou, le Wiki du Wiklou