oysteikt/mediawiki-matrix-notifs
0
0
Fork 0
Code Issues Pull Requests Releases Activity

[backport] Sanitise summary/reason text input (closes #13)

Browse Source
This commit is contained in:
Jayden Bailey
2021-05-04 16:25:04 +01:00
parent fb6e0f7755
commit d9acaa2148
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/DiscordHooks.php
+10 -10
View File
@@ -47,7 +47,7 @@ class DiscordHooks {
$msg = wfMessage( $msgKey, DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $wikiPage->getTitle(), $wikiPage->getTitle()->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
DiscordUtils::createRevisionText( $revision ),
( $summary ? ('`' . DiscordUtils::truncateText( $summary ) . '`' ) : '' ) )->plain();
( $summary ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $summary ) ) . '`' ) : '' ) )->plain();
DiscordUtils::handleDiscord(':pencil2:', $msg);
return true;
}
@@ -70,7 +70,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-articledelete', DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $article->getTitle(), $article->getTitle()->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ),
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ),
$archivedRevisionCount)->plain();
DiscordUtils::handleDiscord(':wastebasket:', $msg);
return true;
@@ -97,7 +97,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-articleundelete', DiscordUtils::createUserLinks( $user ),
($create ? '' : wfMessage( 'discord-undeleterev' )->text() ),
DiscordUtils::createMarkdownLink( $title, $title->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $comment ? ('`' . DiscordUtils::truncateText( $comment ) . '`' ) : '' ))->plain();
( $comment ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $comment ) ) . '`' ) : '' ))->plain();
DiscordUtils::handleDiscord(':wastebasket:', $msg);
return true;
}
@@ -145,7 +145,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-articleprotect', DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $article->getTitle(), $article->getTitle()->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ),
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ),
implode(", ", $protect) )->plain();
DiscordUtils::handleDiscord(':lock:', $msg);
return true;
@@ -170,7 +170,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-titlemove', DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $title, $title->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
DiscordUtils::createMarkdownLink( $newTitle, $newTitle->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ),
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ),
DiscordUtils::createRevisionText( $revision ) )->plain();
DiscordUtils::handleDiscord(':truck:', $msg);
return true;
@@ -207,7 +207,7 @@ class DiscordHooks {
}
$msg = wfMessage( 'discord-blockipcomplete', DiscordUtils::createUserLinks( $user ), DiscordUtils::createUserLinks( $block->getTarget() ),
( $block->mReason ? ('`' . DiscordUtils::truncateText( $block->mReason ) . '`' ) : '' ),
( $block->mReason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $block->mReason ) ) . '`' ) : '' ),
$expiryMsg )->plain();
DiscordUtils::handleDiscord(':no_entry_sign:', $msg);
return true;
@@ -243,7 +243,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-usergroupschanged', DiscordUtils::createUserLinks( $performer ),
DiscordUtils::createUserLinks( $user ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ),
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ),
( ( count($added) > 0 ) ? ( '+ ' . join(', ', $added) ) : ''),
( ( count($removed) > 0 ) ? ( '- ' . join(', ', $removed) ) : '' ) )->plain();
DiscordUtils::handleDiscord(':people_holding_hands:', $msg);
@@ -275,7 +275,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-uploadcomplete', DiscordUtils::createUserLinks( $user ),
( $isNewRevision ? wfMessage( 'discord-uploadnewver' )->text() : '' ),
DiscordUtils::createMarkdownLink( $lf->getName(), $lf->getTitle()->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $comment ? ('`' . DiscordUtils::truncateText( $comment ) . '`' ) : '' ),
( $comment ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $comment ) ) . '`' ) : '' ),
DiscordUtils::formatBytes($lf->getSize()),
$lf->getWidth(),
$lf->getHeight(),
@@ -307,7 +307,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-filedeletecomplete', DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $file->getName(), $file->getTitle()->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ) )->plain();
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ) )->plain();
DiscordUtils::handleDiscord(':wastebasket:', $msg);
return true;
}
@@ -330,7 +330,7 @@ class DiscordHooks {
$msg = wfMessage( 'discord-fileundeletecomplete', DiscordUtils::createUserLinks( $user ),
DiscordUtils::createMarkdownLink( $title, $title->getFullUrl( '', '', $proto = PROTO_HTTP ) ),
( $reason ? ('`' . DiscordUtils::truncateText( $reason ) . '`' ) : '' ) )->plain();
( $reason ? ('`' . DiscordUtils::sanitiseText( DiscordUtils::truncateText( $reason ) ) . '`' ) : '' ) )->plain();
DiscordUtils::handleDiscord(':wastebasket:', $msg);
return true;
}
src/Utils.php
+9
View File
@@ -235,6 +235,15 @@ class DiscordUtils {
}
return $text;
}
/**
* Sanitise text input, including removing the potential for abuse
* of Discord's @everyone and @here pings
*/
public static function sanitiseText($text) {
$text = preg_replace('/(`|@)/', '', $text);
return $text;
}
}
?>