Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7edc23c

Browse files
author
Peter Williams
committed
Merge branch 'gist-comment-uris'
Conflicts:lib/resources.rb
2 parents9fd50eb +0543c92 commit7edc23c

File tree

2 files changed

+16
-4
lines changed

2 files changed

+16
-4
lines changed
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
kind:change
3+
title:Gist comment URIs
4+
created_at:2012-10-31
5+
author_name:pezra
6+
---
7+
8+
The URIs of all gist comments are changing immediately. The new URI pattern for gist comments is`/gists/{gist-id}/comments/{id}`. (See[gist comments section of the docs](/v3/gists/comments/) for more details.) This change is necessary because the auto-incremented id of gist comments is easy to guess. This predictability allows anyone to view comments on private Gists with relative ease. Obviously, comments on private gists should be just as private as the gist itself.
9+
10+
Adding the id of the gist id to the URI makes it impossible, in practical terms, because that id is a very large random number. This is, unfortunately, a breaking change but one that cannot be avoided because of the security implications of the current URIs. We apologize for the inconvenience.

‎lib/resources.rb‎

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
require'yajl/json_gem'
33
require'stringio'
44
require'cgi'
5+
require'securerandom'
56

67
moduleGitHub
78
moduleResources
@@ -677,7 +678,7 @@ def text_html(response, status, head = {})
677678
GIST_HISTORY={
678679
"history"=>[
679680
{
680-
"url"=>"https://api.github.com/gists/1/57a7f021a713b1c5a6a199b54cc514735d2d462f",
681+
"url"=>"https://api.github.com/gists/#{SecureRandom.hex(10)}",
681682
"version"=>"57a7f021a713b1c5a6a199b54cc514735d2d462f",
682683
"user"=>USER,
683684
"change_status"=>{
@@ -690,11 +691,12 @@ def text_html(response, status, head = {})
690691
]
691692
}
692693

694+
693695
GIST_FORKS={
694696
"forks"=>[
695697
{
696698
"user"=>USER,
697-
"url"=>"https://api.github.com/gists/5",
699+
"url"=>"https://api.github.com/gists/#{SecureRandom.hex(10)}",
698700
"created_at"=>"2011-04-14T16:00:49Z"
699701
}
700702
]
@@ -707,7 +709,7 @@ def text_html(response, status, head = {})
707709
}
708710

709711
GIST={
710-
"url"=>"https://api.github.com/gists/1",
712+
"url"=>"https://api.github.com/gists/#{SecureRandom.hex(10)}",
711713
"id"=>"1",
712714
"description"=>"description of gist",
713715
"public"=>true,
@@ -725,7 +727,7 @@ def text_html(response, status, head = {})
725727

726728
GIST_COMMENT={
727729
"id"=>1,
728-
"url"=>"https://api.github.com/gists/123/comments/1",
730+
"url"=>"https://api.github.com/gists/#{SecureRandom.hex(10)}/comments/1",
729731
"body"=>"Just commenting for the sake of commenting",
730732
"user"=>USER,
731733
"created_at"=>"2011-04-18T23:23:56Z"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp