Wikitech-l February 2005

wikitech-l@lists.wikimedia.org

129 participants
162 discussions

Re: [Wikitech-l] MediaWiki 1.4beta6 released (SECURITY)
by Ben Brockert 04 Feb '05

04 Feb '05

From: Brion Vibber <brion(a)pobox.com> >As you're aware, there's no hurry here. There was a hurry, because it would have been good to turn it off before Google re-indexed the site, but now it's too late for that. I asked on the page, but got no reply: what exactly will it take to get it turned off for any specific project? Ben

2 1

MediaWiki 1.3.10 released (SECURITY)
by Brion Vibber 04 Feb '05

04 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.3.10 is a security release. In earlier 1.3.x releases an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context. This attack has been blocked, and as an extra precaution the user CSS and JavaScript subpage support is now disabled by default. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. Additional protections have been added against off-site form submissions hijacking user credentials. Authors of bot tools may need to update their code to include additional fields. All wikis running 1.3.x are strongly urged to upgrade to 1.3.10. === Changes from 1.3.9 === * Logged-in edits and preview of user CSS/JS are now locked to a session token. * Per-user CSS and JavaScript subpage customizations now disabled by default. They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. * Removed .ogg from the default uploads whitelist as an extra precaution. If your web server is configured to serve Ogg files with the correct Content-Type header, you can re-add it in LocalSettings.php: ~ $wgFileExtensions[] = 'ogg'; Release notes: http://sourceforge.net/project/shownotes.php?release_id=302313 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.3.10.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAyTSwRnhpk1wk44RAtX7AJkBo1tLdta5ooHjg02ZVdnGpyoQKQCgsG1K 8j2DYMGGs3LbysjOrLCvudA= =eAx7 -----END PGP SIGNATURE-----

3 2

Re: [Wikitech-l] MediaWiki 1.4beta6 released (SECURITY)
by Ben Brockert 04 Feb '05

04 Feb '05

From: Brion Vibber <brion.vibber(a)gmail.com> >Beta 6 also introduces the use of rel="nofollow" attributes on external >links in wiki pages to reduce the effectiveness of wiki spam. This will >cause participating search engines to ignore external URL links from >wiki pages for purposes of page relevancy ranking. How is the per-project option coming on this? (See also: [[m:Nofollow]]) Ben

2 1

Layout of namespaces
by Sabine Cretella 04 Feb '05

04 Feb '05

Hi, my next question - and I am not sure if this is the right list to ask these questions, so if I am wrong, please tell me. On the Italian wiktionary there are different namespaces: Wikizionario: Aiuto: etc. Now "Aiuto:" always has a red background - so there must be a place where I can set up this layout. The two questions I have: 1) where to edit these layouts? 2) is there a problem if I would like to create a separate namespace (for example "Projects:") and where to create the pre-defined layout for this part. I had a look at this: http://meta.wikimedia.org/wiki/Help:Custom_Namespaces But this does not help me with what I search for. Thank you!!! Sorry, I know these are basic questions. Ciao, Sabine.

3 2

Alternates to PHP: Wikipedia with a fast C-Engine?
by Manfred Rebentisch 04 Feb '05

04 Feb '05

Hello, I am new to this list and I don't know about older discussions. So I ask you: is it interesting for you, to change Wikipedia from PHP to a C-written engine? I just in development (most is ready) of a high-performance, high-security tool, usable for Wikis, CMS or forums. It is Open-Source (GPL). The sources are not available at the moment, because I make changes every day. But it need only some weeks... I created two libraries to make a forum-platform-application: libstd3000c and libcpcgic. The application can use fastCGI and communicate with Apache as an daemon (FastCGIExternalServer). I'm writing C-Code since 1987, C++ since 1990 and PHP since many years too. I switch back to C with modern methods, using objects, encapsulated data, multithreading and internationalization. Sophisticated string methods avoid buffer overflows and consequently use of C-classes make memory management easy. And, and, and... Manfred

5 8

Re: [Wikipedia-l] os.wikipedia.org (Cyrillic only will do)
by Elisabeth Bauer 04 Feb '05

04 Feb '05

Brion Vibber wrote: > Updates to any file in MediaWiki should be submitted as a unified diff > against the files in CVS (cvs diff -u) FOR EACH AFFECTED BRANCH (the > REL1_4 release branch is not the same as the current development work in > HEAD), posted as a file attachment to a bug report in Bugzilla. > Assurances that it's been tested are helpful. I added brions text above to http://meta.wikimedia.org/wiki/Locales_for_the_Wikimedia_projects put a deprecated note on the page and removed all red links. For creating clean locales, I propose to set up a wiki only for this purpose where a team of volunteers can translate the locales via the mediawiki namespace in a coordinate effort (doing this via the mediawiki namespace has the advantage that you can test the stuff live and see formatting errors instantly). At a certain deadline these translations could be all converted at once into the according Language files and released together with mediawiki. If that's sounds feasible to you and someone sets up a wiki for this, I'm willing to maintain the german language version. greetings, elian

1 0

Why www.wikipedia.org => en.wikipedia.org ?
by Grégoire Colbert 04 Feb '05

04 Feb '05

Saluton [English version follows], Mi volas scii kial la adreso http://www.wikipedia.org kondukas automate al la adreso http://en.wikipedia.org... Chu Wikipedia estas angla projekto kun tradukoj, au chu ghi vere estas internacia? Oni povas uzi tiun PHP programon por solvi tiun problemon : function handle_http_accept_language() { $knownlangs = array( "eo", "fr", "en" ); # Etc $lang = "eo"; # Default $lastquality = 0.0; # Note HTTP reference RFC 2616 - # ftp://ftp.isi.edu/in-notes/rfc2616.txt $langtag = '((?:[a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*)'; $qvalue ='(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3}))'; $eachbit = '^' . $langtag . '(?:;q=' . $qvalue . ')?(?:,\s*)?(.*)$'; $alh = trim( $_SERVER["HTTP_ACCEPT_LANGUAGE"] ); while(strlen($alh)) { if( preg_match( "/$eachbit/", $alh, $m ) ) { $tag = $m[1]; $quality = $m[2]; if(strlen($quality) == 0) $quality = 1; $alh = $m[3]; #echo "language '$tag' quality '$quality'\n"; if(in_array($tag, $knownlangs) and $quality > $lastquality) { $lang = $tag; $lastquality = $quality; } } else { break; } } return $lang; } Mi ne subskribis al la listo, char estas mia nura propono. :-) Dankon, Grégoire =========== Hello, I want to know why the address http://www.wikipedia.org redirects automatically to http://en.wikipedia.org... Is Wikipedia an english project with translations, or is it a real international project? We can use this PHP program to solve this problem : function handle_http_accept_language() { $knownlangs = array( "eo", "fr", "en" ); # Etc $lang = "eo"; # Default $lastquality = 0.0; # Note HTTP reference RFC 2616 - # ftp://ftp.isi.edu/in-notes/rfc2616.txt $langtag = '((?:[a-zA-Z]{1,8})(?:-[a-zA-Z]{1,8})*)'; $qvalue ='(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3}))'; $eachbit = '^' . $langtag . '(?:;q=' . $qvalue . ')?(?:,\s*)?(.*)$'; $alh = trim( $_SERVER["HTTP_ACCEPT_LANGUAGE"] ); while(strlen($alh)) { if( preg_match( "/$eachbit/", $alh, $m ) ) { $tag = $m[1]; $quality = $m[2]; if(strlen($quality) == 0) $quality = 1; $alh = $m[3]; #echo "language '$tag' quality '$quality'\n"; if(in_array($tag, $knownlangs) and $quality > $lastquality) { $lang = $tag; $lastquality = $quality; } } else { break; } } return $lang; } I did not subscribe to the list, because this is my only proposition. Thank you, Grégoire

17 23

Recent changes - don't show bots
by Sabine Cretella 04 Feb '05

04 Feb '05

Hi, on all wiktionaries/wikipedias normally when viewing the recent changes you have the possibilty to exclude the recent changes. On the Italian wiktionary this option is not there: http://it.wiktionary.org/wiki/Speciale:Recentchanges. (Strange enough I noted the same on the Italian wikipedia). Where can I add this? It helps so much to monitor manual entries - and at the moment we are having at least one vandal a day on the Italian wiktionary - so I really need this. Thank you for any hint!!! Ciao, Sabine

2 1

MediaWiki 1.4beta6 released (SECURITY)
by Brion Vibber 04 Feb '05

04 Feb '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki 1.4beta6 is a security and bug fix release for the 1.4 beta series. In previous 1.4beta and 1.3.x releases an attacker could craft a URL which, when visited by a particular logged-in user, would execute arbitrary JavaScript code on the user's browser in the wiki's site context. This attack has been blocked, and as an extra precaution the user CSS and JavaScript subpage support is now disabled by default. Sites which want this ability may set $wgAllowUserCss and $wgAllowUserJs in LocalSettings.php. Additional protections have been added against off-site form submissions hijacking user credentials. Authors of bot tools may need to update their code to include additional fields. 1.3.x users not using the 1.4 beta should upgrade to 1.3.10. Note that 1.4 beta releases prior to beta 5 include an input validation error which could lead to execution of arbitrary PHP code on the server. Users of older betas should upgrade immediately to the current version. Beta 6 also introduces the use of rel="nofollow" attributes on external links in wiki pages to reduce the effectiveness of wiki spam. This will cause participating search engines to ignore external URL links from wiki pages for purposes of page relevancy ranking. The current implementation adds this attribute to _all_ external URL links in wiki text (but not internal [[wiki links]] or interwiki links). To disable the attribute for _all_ external links, add this line to your LocalSettings.php: ~ $wgNoFollowLinks = false For background information on nofollow see: ~ http://www.google.com/googleblog/2005/01/preventing-comment-spam.html === Changes since beta 5 === * (bug 1335) implement 'tooltip-watch' in Language.php * Fix linktrail for nn: language * (bug 1214) Fix prev/next links in Special:Log * (bug 1354) Fix linktrail for fo: language * (bug 512) Reload generated CSS on preference change * (bug 63) Fix displaying as if logged in after logout * Set default MediaWiki:Sitenotice to '-', avoiding extra database hits * Skip message cache initialization on raw page view (quick hack) * Fix notice errors in wfDebugDieBacktrace() in XML callbacks * Suppress notice error on bogus timestamp input (returns epoch as before) * Remove unnecessary initialization and double-caching of parser variables * Call-tree output mode for profiling * (bug 730) configurable $wgRCMaxAge; don't try to update purged RC entries * Add $wgNoFollowLinks option to add rel="nofollow" on external links ~ (on by default) * (bug 1130) Show actual title when moving page instead of encoded one. * (bug 925) Fix headings containing <math> * (bug 1131) Fix headings containing interwiki links * (bug 1380) Update Nynorsk language file * (bug 1232) Fix sorting of cached Special:Wantedpages in miser mode * (bug 1217) Image within an image caption broke rendering * (bug 1384) Make patrol signs have the same width for page moves as for edits * (bug 1364) fix "clean up whitespace" in Title:SecureAndSplit * (bug 1389) i18n for proxyblocker message * Add fur/Furlan/Friulian to language names list * Add TitleMoveComplete hook on page renames * Allow simple comments for each translation rules in MW:Zhconversiontable * (bug 1402) Make link color of tab subject page link on talk page indicate whether article exists * (bug 1368) Fix SQL error on stopword/short word search w/ MySQL 3.x * Translated Hebrew namespace names * (bug 1429) Stop double-escaping of block comments; fix formatting * (bug 829) Fix URL-escaping on block success * (bug 1228) Fix double-escaping on & sequences in [enclosed] URLs * (bug 1435) Fixed many CSS errors * (bug 1457) Fix XHTML validation on category column list * (bug 1458) Don't save if edit form submission is incomplete * Logged-in edits and preview of user CSS/JS are now locked to a session token. * Per-user CSS and JavaScript subpage customizations now disabled by default. ~ They can be re-enabled via $wgAllowUserJs and $wgAllowUserCss. * Removed .ogg from the default uploads whitelist as an extra precaution. ~ If your web server is configured to serve Ogg files with the correct ~ Content-Type header, you can re-add it in LocalSettings.php: ~ $wgFileExtensions[] = 'ogg'; Release notes: http://sourceforge.net/project/shownotes.php?release_id=302312 Download: http://prdownloads.sf.net/wikipedia/mediawiki-1.4beta6.tar.gz?download Low-traffic release announcements mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce Wiki admin help mailing list: http://mail.wikipedia.org/mailman/listinfo/mediawiki-l Bug report system: http://bugzilla.wikipedia.org/ Play "stump the developers" live on IRC: #mediawiki on irc.freenode.net - -- brion vibber (brion @ pobox.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAyhRwRnhpk1wk44RAnIUAKDdqRHUZeEM8g9+qazg+9yxtLpMogCgxNGb 0cawqMHSyQSVbc7CFav4hMg= =qmq7 -----END PGP SIGNATURE-----

1 0

Patch for bug 15 needs review
by Alan Wessman 04 Feb '05

04 Feb '05

Greetings all, I have implemented the "preview with diff" feature requested in bug 15 (http://bugzilla.wikimedia.org/show_bug.cgi?id=15). I would be most grateful if somebody would review the four associated patches. The patches are written against the current HEAD revision, and backporting to 1.4 and 1.3 has not yet been done. Anyone is welcome to tackle that effort if they like. Also, Language.php is involved in the change (a label for a preference checkbox), so translations of the new string will be needed in the various LanguageX.php files. I'm happy to add documentation to meta (or wherever it belongs) when appropriate. Should I do this now, or wait for the patch to be accepted? Regards, Alan Wessman

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Wikitech-l February 2005