From 023ebee27c773f6fc74b4e258d8e3914b0183dba Mon Sep 17 00:00:00 2001
From: Matthew Flaschen <mflaschen@wikimedia.org>
Date: Thu, 30 Jul 2015 00:28:41 -0400
Subject: [PATCH] SECURITY: Disallow extracts for non-wikitext for now.

Note that the sensitive information is still in the TextExtracts
memcached, so this requires security review (and either eviction
or a cache key change) before enabling other content models.

Bug: T107170
---
 includes/ApiQueryExtracts.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/includes/ApiQueryExtracts.php b/includes/ApiQueryExtracts.php
index 97c560f..efbbd52 100644
--- a/includes/ApiQueryExtracts.php
+++ b/includes/ApiQueryExtracts.php
@@ -43,6 +43,13 @@ class ApiQueryExtracts extends ApiQueryBase {
 	 */
 	private $config;
 
+	// TODO: Allow extensions to hook into this to opt-in.
+	// This is partly for security reasons; see T107170.
+	/**
+	 * @var array
+	 */
+	private $supportedContentModels  = array( 'wikitext' );
+
 	public function __construct( $query, $moduleName, Config $conf ) {
 		parent::__construct( $query, $moduleName, 'ex' );
 		$this->config = $conf;
@@ -105,6 +112,13 @@ class ApiQueryExtracts extends ApiQueryBase {
 	 * @return string
 	 */
 	private function getExtract( Title $title ) {
+		$contentModel = $title->getContentModel();
+		if ( !in_array( $contentModel, $this->supportedContentModels, true ) ) {
+			$this->setWarning( "'$contentModel' is not a supported content model.  Returning an empty extract." );
+			return '';
+		}
+
+
 		$page = WikiPage::factory( $title );
 
 		$introOnly = $this->params['intro'];
-- 
2.1.4