From: Brion Vibber Date: Wed, 23 Jan 2008 23:06:10 +0000 (+0000) Subject: Revert r30078 -- formats "txt" and "dbg" dump raw unfiltered text contents into HTML... X-Git-Tag: 1.31.0-rc.0~49821 X-Git-Url: https://git.cyclocoop.org/%20%27.%28%24debut%20%20%20%24par_page%29.%27?a=commitdiff_plain;h=c0801b22f0f1b0aaa3a059901f74da5d2c2a4475;p=lhc%2Fweb%2Fwiklou.git Revert r30078 -- formats "txt" and "dbg" dump raw unfiltered text contents into HTML output. XSS vector. --- diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 65d6e37f9e..3b18aa96d1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -463,7 +463,6 @@ Full API documentation is available at http://www.mediawiki.org/wiki/API * Added apfilterlanglinks parameter to list=allpages, replacing query.php?what=nolanglinks * (bug 12718) Added action=paraminfo module that provides information about API modules and their parameters * Added iiurlwidth and iiurlheight parameters to prop=imageinfo -* Added format=txt and format=dbg, imported from query.php * Added uiprop=editcount to meta=userinfo === Languages updated in 1.12 === diff --git a/includes/AutoLoader.php b/includes/AutoLoader.php index e3d3b9ef38..8509c618e2 100644 --- a/includes/AutoLoader.php +++ b/includes/AutoLoader.php @@ -320,8 +320,6 @@ function __autoload($className) { 'ApiFormatPhp' => 'includes/api/ApiFormatPhp.php', 'ApiFormatWddx' => 'includes/api/ApiFormatWddx.php', 'ApiFormatXml' => 'includes/api/ApiFormatXml.php', - 'ApiFormatTxt' => 'includes/api/ApiFormatTxt.php', - 'ApiFormatDbg' => 'includes/api/ApiFormatDbg.php', 'Spyc' => 'includes/api/ApiFormatYaml_spyc.php', 'ApiFormatYaml' => 'includes/api/ApiFormatYaml.php', 'ApiHelp' => 'includes/api/ApiHelp.php', diff --git a/includes/api/ApiFormatDbg.php b/includes/api/ApiFormatDbg.php deleted file mode 100644 index 27661256c5..0000000000 --- a/includes/api/ApiFormatDbg.php +++ /dev/null @@ -1,56 +0,0 @@ -.@home.nl - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * http://www.gnu.org/copyleft/gpl.html - */ - -if (!defined('MEDIAWIKI')) { - // Eclipse helper - will be ignored in production - require_once ('ApiFormatBase.php'); -} - -/** - * @addtogroup API - */ -class ApiFormatDbg extends ApiFormatBase { - - public function __construct($main, $format) { - parent :: __construct($main, $format); - } - - public function getMimeType() { - return 'text/html'; - } - - public function execute() { - $this->printText(var_export($this->getResultData(), true)); - } - - protected function getDescription() { - return 'Output data in PHP\'s var_export() format' . parent :: getDescription(); - } - - public function getVersion() { - return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $'; - } -} - diff --git a/includes/api/ApiFormatTxt.php b/includes/api/ApiFormatTxt.php deleted file mode 100644 index 09c6246844..0000000000 --- a/includes/api/ApiFormatTxt.php +++ /dev/null @@ -1,56 +0,0 @@ -.@home.nl - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * http://www.gnu.org/copyleft/gpl.html - */ - -if (!defined('MEDIAWIKI')) { - // Eclipse helper - will be ignored in production - require_once ('ApiFormatBase.php'); -} - -/** - * @addtogroup API - */ -class ApiFormatTxt extends ApiFormatBase { - - public function __construct($main, $format) { - parent :: __construct($main, $format); - } - - public function getMimeType() { - return 'text/html'; - } - - public function execute() { - $this->printText(print_r($this->getResultData(), true)); - } - - protected function getDescription() { - return 'Output data in PHP\'s print_r() format' . parent :: getDescription(); - } - - public function getVersion() { - return __CLASS__ . ': $Id: ApiFormatPhp.php 23531 2007-06-29 01:19:14Z simetrical $'; - } -} - diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index e60cf25c45..ce69502ca3 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -89,9 +89,7 @@ class ApiMain extends ApiBase { 'xmlfm' => 'ApiFormatXml', 'yaml' => 'ApiFormatYaml', 'yamlfm' => 'ApiFormatYaml', - 'rawfm' => 'ApiFormatJson', - 'txt' => 'ApiFormatTxt', - 'dbg' => 'ApiFormatDbg' + 'rawfm' => 'ApiFormatJson' ); private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;