I've arranged for MediaWiki to get some interns this spring. Four
bright college students -- they already know web development and have
had internships at Facebook, Google, and Microsoft -- need a mentor.
https://www.mediawiki.org/wiki/UCOSP_Spring_2012
It's a bit like Google Summer of Code, but a part-time team rather than
one full-timer. They'll each be working on MediaWiki 8-10 hours per
week between now and the end of April. I figure I need one experienced
MediaWiki developer as a mentor -- I'll be your admin, and community dev
Amgine will be your backup. Amgine will lead the students in person
next weekend during a code sprint in Vancouver.
These interns don't yet know what they want to work on so you can choose
a project with them. I'd help you run two half-hour IRC meetings per
week and we'd run them through two-week iterations between now and the
end of April. I figure it'd be about 5 hours a week, possibly more at
the start as we ramp the students up.
Please let me know as soon as possible, preferably today or Monday. I'd
prefer that the students work on something that will be deployed on
Wikimedia sites.
--
Sumana Harihareswara
Volunteer Development Coordinator
Wikimedia Foundation
So, changing the starting letter to capital did solve some of my problems.
Thank you =)
However, I still seem unable to make tooltips for pages with a space in the
title.
For instance, in the mediawiki:sidebar we have:
Survival Guide|Main Page
however, creating mediawiki:tooltip-n-Survival_Guide,
or mediawiki:tooltip-n-Survival_guide has not effect. Neither
does mediawiki:tooltip-n-Main_Page nor mediawiki:tooltip-n-Main_page.
Can someone please tell me what I'm doing wrong?
Thanks
Kaare
On Mon, Jan 23, 2012 at 1:00 PM, <mediawiki-l-request(a)lists.wikimedia.org>wrote:
> Send MediaWiki-l mailing list submissions to
> mediawiki-l(a)lists.wikimedia.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
> or, via email, send a message with subject or body 'help' to
> mediawiki-l-request(a)lists.wikimedia.org
>
> You can reach the person managing the list at
> mediawiki-l-owner(a)lists.wikimedia.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of MediaWiki-l digest..."
>
>
> Today's Topics:
>
> 1. Re: What class logs recent changes (Siebrand Mazeland)
> 2. Bypassing the external image whitelist (Daniel Friesen)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 23 Jan 2012 08:35:27 +0100
> From: Siebrand Mazeland <s.mazeland(a)xs4all.nl>
> To: MediaWiki announcements and site admin list
> <mediawiki-l(a)lists.wikimedia.org>
> Subject: Re: [Mediawiki-l] What class logs recent changes
> Message-ID: <CA56B19D-6D4B-4E4A-B89B-1EC276A3A211(a)xs4all.nl>
> Content-Type: text/plain; charset=us-ascii
>
> Op 23 jan. 2012 om 01:57 heeft Adam Meyer <meyer7(a)mindspring.com> het
> volgende geschreven:
>
> > What class is used to log the recent changes on edits etc
>
> Have a look at http://www.mediawiki.org/wiki/Logging_to_Special:Log
>
> --
> Siebrand Mazeland
>
> M: +31 6 50 69 1239
> Skype: siebrand
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 23 Jan 2012 03:25:58 -0800
> From: "Daniel Friesen" <lists(a)nadir-seen-fire.com>
> To: "mediawiki-l(a)lists.wikimedia.org"
> <mediawiki-l(a)lists.wikimedia.org>
> Subject: [Mediawiki-l] Bypassing the external image whitelist
> Message-ID: <op.v8jbdkfkjuwloh(a)daniels-macbook-air.local>
> Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
>
> I've found a bit of an issue with our external image embedding
> whitelisting functionality.
> This isn't exactly a hole in the code itself, but in the fact that in
> practice it seams just about everyone uses the whitelist incorrectly and
> ends up opening up holes in their wiki allowing the whitelist to be
> bypassed.
>
> I'll start with MW.org for an example:
> https://www.mediawiki.org/wiki/MediaWiki:External_image_whitelist
>
> This image whitelist is fine, it's properly anchored with an explicit
> protocol and an initial ^, and it's not using excessive wildcards, there's
> nothing wrong with it.
>
> However when I do a Google search and try to find some of the top wikis
> using the image whitelist functionality I see this:
> http://rbose.org/wiki/MediaWiki:External_image_whitelist
> http://mbmodwiki.ollclan.eu/MediaWiki:External_image_whitelist
> http://wiki.vnations.net/index.php/MediaWiki:External_image_whitelist
> http://stelio.net/geeki/MediaWiki:External_image_whitelist
> http://community.wikia.com/wiki/MediaWiki:External_image_whitelist
>
> Basically EVERYONE except the smart people running Wikimedia sites use the
> image whitelist incorrectly. There are rules using .* in some but more
> importantly NO ONE anchors their whitelist rules (they don't even bother
> including the protocol in some cases so we can't even use an implicit
> anchor to the regexps).
>
> This means that the whitelists can be trivially bypassed:
> http://community.wikia.com/wiki/User:Dantman/Whitelist_hole
>
> In this example Wikia has a `wikia\.com` regexp line in their image
> whitelist.
> By using something like this the image whitelist is bypassed:
> http://imgs.xkcd.com/comics/security_holes.png?wikia.com&image.png
>
> The "?wikia.com" inside of the query triggers the whitelisting allowing
> the image to be embedded, and the trailing &image.png makes sure that the
> url still matches the internal image url embed regexp.
>
> By adding a query like this (it doesn't even necessarily need to be a
> query, I haven't tested but the fragment might be usable, and even if not
> it's liable that you could use the path portion of the url if you had a
> server setup to serve images for certain weird urls) you can embed
> basically any url you want into the wiki since the query portion of the
> url is ignored by webservers serving images.
>
> And to be clear I don't believe that patterns like
> `http://upload\.wikimedia\.org/` and `^http://(.*?\.)?wordpress\.com/`
> aren't safe. I believe that the special characters in the later parts of
> the url won't affect it and you can still get it to work. And ^ anchoring
> won't work when using .* style wildcards because you can craft a url such
> as
>
> http://my.malicious-website.com/path/to/my/evil/image.png?.wordpress.com&im…
> which would match that latter regexp.
>
> --
> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>
>
>
> ------------------------------
>
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l(a)lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
>
>
> End of MediaWiki-l Digest, Vol 100, Issue 18
> ********************************************
>
> Hi Ron
> Yes, see Questy Captcha:
> http://www.mediawiki.org/wiki/Extension:ConfirmEdit#QuestyCaptcha
> You can create your own Q/A.
>
> Also see:
>
> http://www.mediawiki.org/wiki/Extension:SimpleAntiSpam
>
This works sometimes also to prevent bots. It can also be altered to
block the bot IP address for a small amount of time (optional).
>
>
If they still keep coming, you can change the ConfirmEdit type to
"ReCaptcha, although I see bots break that one too sometimes but these
will help.
Thanks Erik and Mikolka,
I already have ConfirmEdit with ReCaptcha, but lately a lot have been busting through it. I think QuestyCaptcha is what I want.
Thanks!
Ron
I'm working on a PHP class to execute some database queries in support of another class that will be used by an extension. But I'm getting the following error message:
Fatal error: Call to undefined function wfGetDB()
when I try to call a method in my class from a test script. Any ideas as to how to resolve this?
Vance Arocho
SIE
BCPO Battelle
703-875-2117
Hi
I need to Hide a single page from Un-login users.. Can u help me
regarding dis.?
Regards
---
This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient(s), please reply to the sender and destroy all copies of the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email, and/or any action taken in reliance on the contents of this e-mail is strictly prohibited and may be unlawful.
I'm trying to execute the following function on every page that exists
for an uploaded file: {{filepath:{{PAGENAME}}.pdf}}
So, if I uploaded a file called "File.pdf", on the wiki page for
File.pdf, I'd expect {{PAGENAME}} to return "File". I'd expect the
entire function to return something like:
http://mywiki.com/mediawiki/images/4/4d/File.pdf
Instead, nothing at all is returned when PAGENAME is embedded within
filepath. If I type the expression without {{PAGENAME}}, i.e.
{{filepath:File.pdf}}, it works fine and returns:
http://mywiki.com/mediawiki/images/4/4d/File.pdf
Is it just not possible to embed magic words in string functions, or
am I missing some escape character or something?
Thanks in advance,
-Dana
If anyone on an external site posts a link to our wiki, the link will often break if it has spaces, brackets, apostrophes, colons, e.g.:
input, output rendered as:
input: www.mywiki.com/wiki/don't speakoutput: www.mywiki.com/wiki/don [breaks at the apostrophe]
Or:
input: www.mywiki.com/wiki/orange (fruit)
output: www.mywiki.com/wiki/orange (fruit [breaks at a bracket]
And so on.
The links break and I am not able to do anything. Sometimes I email webmasters telling them to fix their rendering software but this doesn't achieve anything. There are 100's if not 1000s of incorrect rendering software routines, which are just not used to treating brackets, spaces, apostrophes and other characters correctly. I no longer want to use these characters in the article name anymore. For internal wiki links, I can do [[dontspeak|Don't Speak (song)]] and deal with having the article URL different from the title for some articles. That is perfectly fine because my higher priority is to prevent broken
links and prevent losing site visitors who could not arrive at the correct link.
How this would work is, I would probably set the Title in a separate tag, e.g. I would create:
- www.mywiki.com/wiki/dontspeak
And on that page, I would have something like:
<title>Don't Speak (song)</title>
This would be the H1 for that page where the title is usually found. This way people get everything they need:- a working URL that wont break on other websites and forums
- a title that can be any number of characters long.
Does anything exist that does this, and if not, any suggestions on how to get this done would be appreciated.
Please note, I'm not talking about sorting categories. This is about the title of the page and its URL and for some pages I want these to be different from each other. I see the HTML code for that heading is:
- <h1 id="firstHeading"
So maybe I would overwrite that H1 tag with that ID with my own title, or something like that. I don't know if its possible.
thanks
Erik
