Encode usernames in API requests (!74) · Merge requests · repos / 10nm (Ultraviolet team) / RedWarn

Chlod Alejandro requested to merge closingbracket-encode-names into master May 18, 2021

Addresses #71.

Applies encodeURIComponent to usernames when being used in API requests; this should prevent issues such as the username "Fish&chips" being injected as user into this:

rw.wikiAPI + "?action=query&prop=revisions&titles=User_talk:" + user + "&rvslots=*&rvprop=content&formatversion=2&format=json"

which would result in returning the results for the user "Fish". This particular example has been changed to:

rw.wikiAPI + "?action=query&prop=revisions&titles=User_talk:" + encodeURIComponent(user) + "&rvslots=*&rvprop=content&formatversion=2&format=json"

which produces User_talk:Fish%26chips for the titles parameter.

Admin message

Admin message

Encode usernames in API requests

Merge request reports