Hi All,
There is an index of PHP runtime errors encountered in MediaWiki 1.6.6
now online at http://files.nickj.org/MediaWiki/runtime-errors/
These errors are of varying severity, and hopefully most should be
fairly painless to resolve. A lot of them seem to be "Non-static
method Foo::Bar() should not be called statically".
The reporting level used deliberately included E_STRICT, which is
PHP's fussiest level, although the things it finds in my personal
experience tend nevertheless to be worth fixing to ensure correctness
and to help prevent problems.
The index contains a bit over 80 files. Each file is a text file that
corresponds to one runtime error.
How to read the files:
* The name of each file tells you the name of file that the runtime
error occurred in, and the line it occurred on. For example
"SpecialLog.php-35.txt" means it happened on line 35 of MediaWiki's
SpecialLog.php
* The contents of each file include the details of the error, the
"Action" attribute, and a full backtrace explaining how we got there.
If you wish to recreate this index, you can, and here's how (note:
these steps assume a UNIX-like system):
# Create somewhere for the files to be stored, needs to be public (so
that apache can write to it) :
mkdir /tmp/errors
chmod a+wrx /tmp/errors
Then add this to the end of your wiki's LocalSettings.php (note: the
E_STRICT level assumes PHP5) :
==================================================================================
// -------------------- error logging ---------------------------
// want all warnings
error_reporting (E_ALL | E_STRICT);
set_error_handler( 'error_handler' );
function error_handler ($type, $message, $file=__FILE__, $line=__LINE__) {
global $action, $PHP_SELF;
// PHP 5.1.4 does away with this error, so ignore:
if ($message == "var: Deprecated. Please use the
public/private/protected modifiers") return;
$save_as = "/tmp/errors/" . substr(strrchr($file,"/"),1) . "-" .
$line . ".txt";
$backtrace = DBG_GetBacktrace();
file_put_contents ($save_as,
"Page : $PHP_SELF\n"
."Message : $message\n"
.(isset($action)?"Action : $action\n":"")
."Type : $type\n"
."File : $file\n"
."Line : $line\n"
."Backtrace: \n$backtrace");
}
function DBG_GetBacktrace() {
$s = '';
$MAXSTRLEN = 64;
$traceArr = debug_backtrace();
// remove the error handler and this function from the backtrace.
array_shift($traceArr);
array_shift($traceArr);
$tabs = sizeof($traceArr)-1;
foreach($traceArr as $arr)
{
for ($i=0; $i < $tabs; $i++) $s .= ' ';
$tabs -= 1;
if (isset($arr['class'])) $s .= $arr['class'] . '.';
$args = array();
if(!empty($arr['args'])) foreach($arr['args'] as $v)
{
if (is_null($v)) $args[] = 'null';
else if (is_array($v)) $args[] = 'Array['.sizeof($v).']';
else if (is_object($v)) $args[] = 'Object:'.get_class($v);
else if (is_bool($v)) $args[] = $v ? 'true' : 'false';
else
{
$v = (string) @$v;
$str = substr($v,0,$MAXSTRLEN);
if (strlen($v) > $MAXSTRLEN) $str .= '...';
$args[] = "\"".$str."\"";
}
}
$s .= $arr['function'].'('.implode(', ',$args).')';
$Line = (isset($arr['line'])? $arr['line'] : "unknown");
$File = (isset($arr['file'])? $arr['file'] : "unknown");
$s .= " # line $Line, file: $File\n";
}
return $s;
}
==================================================================================
Then just click around your wiki for a minute or two. I also ran the
wiki fuzz-tester for a few minutes to try and catch some of the more
obscure stuff.
All the best,
Nick.
An automated run of parserTests.php showed the following failures:
Running test Table security: embedded pipes (http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html)... FAILED!
Running test BUG 1887, part 2: A <math> with a thumbnail- math enabled... FAILED!
Running test Language converter: output gets cut off unexpectedly (bug 5757)... FAILED!
Running test HTML bullet list, unclosed tags (bug 5497)... FAILED!
Running test HTML ordered list, closed tags (bug 5497)... FAILED!
Running test HTML ordered list, unclosed tags (bug 5497)... FAILED!
Running test HTML nested bullet list, open tags (bug 5497)... FAILED!
Running test HTML nested ordered list, closed tags (bug 5497)... FAILED!
Running test HTML nested ordered list, open tags (bug 5497)... FAILED!
Passed 313 of 322 tests (97.2%) FAILED!
Forwarding this to wikitech-l, since it's probably more relevant there.
-------- Original Message --------
Subject: Sort order in Thai Wikipedia
Date: Tue, 23 May 2006 12:03:13 -0500
From: [LiM] Manop <manop-LYoGGuqGVYgAvxtiuMwx3w(a)public.gmane.org>
Reply-To: manop-LYoGGuqGVYgAvxtiuMwx3w(a)public.gmane.org,
wikipedia-l-T31ubCBy5U6GglJvpFV4uA(a)public.gmane.org
Newsgroups: gmane.science.linguistics.wikipedia.misc
Hello,
I'm wondering where I can find how to fix the sort order in Thai Wikipedia.
The problem is that, in Thai language, words starting with a vowel alphabet
need to use the second alphabet (consonant alphabet) as the sort key but the
Mediawiki always use the first alphabets sorting by its unicode.
I searched some and found out that someone already asked this question in
bugzilla.wikimedia.org (http://bugzilla.wikimedia.org/show_bug.cgi?id=164)
(#32, Oct 05). And also the related one is already mentioned in unicode
collation algorithm for Thai/Lao (
http://www.unicode.org/unicode/reports/tr10/ in #3.1.3 Rearrangement). And
also I found someone talking about LC_COLLATE in English WP for sorting
specific alphabet order (but I really don't know about this).
Thank you for any answer.
Regards,
Manop
--
Minh Nguyen <mxn(a)zoomtown.com>
AIM: trycom2000; Jabber: mxn(a)myjabber.net; Blog: http://mxn.f2o.org/
Dear Platonides,
thank you for exactly quoting the code: I have copied and pasted.
Unfortunately, I am afraid it still doesn't work, even clearing the cache of the browser. Please, have a look again at:
http://lmo.wikipedia.org/wiki/Template:Directori_comprimit2
and
http://lmo.wikipedia.org/wiki/MediaWiki:Monobook.js
Maybe there is a bug elsewhere?
Many thanks.
Sincerely yours,
Claudi
---------------------------------
Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.
Hi,
it appears that [[Special:Contributions/Timwi]] loads relatively
quickly. However, if you choose a namespace in which I have very little
contributions (e.g. Image talk, Category talk), it takes ages to appear.
This leads me to believe that a relevant index is missing on the DB table?
Timwi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MediaWiki 1.6.6 is a security and bugfix maintenance release.
An XSS injection vector in brace replacement has been fixed, as have some
potential problems with table parsing. Upgrading is strongly recommended
for all users of 1.6. MediaWiki versions 1.5 and earlier are not affected.
As a quick fix, if you are not able to fully upgrade to 1.6.6 you can apply this
two-line patch to fix the main known problems:
http://svn.wikimedia.org/viewvc/mediawiki/branches/REL1_6/phase3/includes/S…
Additionally some localization and user interface updates are included.
* Correct "revertpage" message in English
* (bug 5507) Logouttext uses now wiki markup
* (bug 5857, 5957) Update for German localisation (de)
* (bug 5586) <gallery> treated text as links
* (bug 5957) Update for Hebrew language (he)
* (bug 6025) SpecialImport: wrong message when no file selected
* (bug 6015) EditPage: add spacing in the boxes "edit is minor" and "watch this"
* (bug 6018) Userrights: new message when no user specified ('nouserspecified')
* (bug 6055) Fix for HTML/JS injection bug in variable handler (found by Nick
Jenkins)
* Reordered wiki table handling and __TOC__ extraction in the parser to better
handle some overlapping tag cases.
* Only the first __TOC__ is now turned into a TOC.
* (bug 361) URL in URL, they were almost fixed. Now they are.
Full release notes:
http://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_6/phase3/RELEASE-NOTEShttp://svn.wikimedia.org/viewvc/mediawiki/tags/REL1_6_6/phase3/HISTORY
Download:
http://prdownloads.sourceforge.net/wikipedia/mediawiki-1.6.6.tar.gz
MD5 checksum:
b19b11dbe4a9c61bf857f6584e4d6010 mediawiki-1.6.6.tar.gz
SHA-1 checksum:
debb5970dd30632b0d6fff6dd95727da9d730f6f mediawiki-1.6.6.tar.gz
Before asking for help, try the FAQ:
http://www.mediawiki.org/wiki/FAQ
Low-traffic release announcements mailing list:
(Please subscribe to receive announcements of security updates.)
http://mail.wikimedia.org/mailman/listinfo/mediawiki-announce
Wiki admin help mailing list:
http://mail.wikimedia.org/mailman/listinfo/mediawiki-l
Bug report system:
http://bugzilla.wikimedia.org/
Play "stump the developers" live on IRC:
#mediawiki on irc.freenode.net
- -- brion vibber (brion @ pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEcutRwRnhpk1wk44RAudPAKDJg58CEg9ROIbTDL3kG8jBrW0AgACfeWTk
25YeMM3CnncCe/QQGK1fyrs=
=JbhE
-----END PGP SIGNATURE-----
An automated run of parserTests.php showed the following failures:
Running test Table security: embedded pipes (http://mail.wikipedia.org/pipermail/wikitech-l/2006-April/034637.html)... FAILED!
Running test BUG 1887, part 2: A <math> with a thumbnail- math enabled... FAILED!
Running test Language converter: output gets cut off unexpectedly (bug 5757)... FAILED!
Running test HTML bullet list, unclosed tags (bug 5497)... FAILED!
Running test HTML ordered list, closed tags (bug 5497)... FAILED!
Running test HTML ordered list, unclosed tags (bug 5497)... FAILED!
Running test HTML nested bullet list, open tags (bug 5497)... FAILED!
Running test HTML nested ordered list, closed tags (bug 5497)... FAILED!
Running test HTML nested ordered list, open tags (bug 5497)... FAILED!
Passed 305 of 314 tests (97.13%) FAILED!
> Date: Mon, 22 May 2006 18:14:21 -0400
> From: "Jay R. Ashworth" <jra(a)baylink.com>
> Subject: Re: [Wikitech-l] Wiki markup <-> MS Word?
> To: wikitech-l(a)wikimedia.org
> Message-ID: <20060522221421.GB5518(a)cgi.jachomes.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, May 22, 2006 at 11:53:32PM +0200, Chuck Smith wrote:
> > We have actually implemented this kind of WYSIWiki (What You See Is
> > Wiki) editor as a Java applet called WikiWizard for the JSPWiki. We
> > will also be presenting it at Wikimania if our proposal is accepted.
> > I have already talked with Brion Vibber about integrating it into
> > Wikipedia and we would be happy to do that, but we are now waiting for
> > the Wikipedia wiki markup spec to be finalized. In the meantime, we
> > are continuing to debug our software and add new features. One of its
> > more interesting features is the ability to copy from Word and paste
> > formatted directly into the applet and have your content automatically
> > pasted in as wiki syntax.
>
> Not to rain on anyone's parade, but it would probably be good to keep
> in mind, too, that wiring the wikitext syntax into an editor like this
> puts binders on the extension of that syntax: it has to be done in two
> places.
>
> That may not be the best thing.
This is why we set up the WikiWizard so that an XML file describes the
wiki syntax to the editor, so that it can theoretically work in
different wiki engines and so that it can be altered quite quickly
without touching the base code if wiki syntax changes. Of course,
when we adapt it for the second engine, we'll see how much our applet
needs to be changed to make it generic for multiple wiki engines.
This is one reason we're heavily pushing for a wiki markup standard,
but I don't want to open that can of worms on this mailing list.
Chuck
Hi All,
Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser.
Unlike the previous one, this one affects the live Wikipedia too (i.e.
tidy does not prevent it).
Vuln is here: http://nickj.org/MediaWiki/Parser25
And also on the wikipedia here:
http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2
And the full list of Parser problems is here: http://nickj.org/MediaWiki
(Anything with yellow or red in the "Security aspects?" column is a
potential or actual JS execution problem, respectively; everything
else is an HTML validation problem).
All the best,
Nick.
Hi All,
There's a MediaWiki client-side JavaScript execution vulnerability
here: http://nickj.org/MediaWiki/Parser24
(Just move your cursor over the underlined text - if you see a popup
dialog box, then there's a problem).
Affects MediaWiki 1.6.5 (current stable). Also happens in 1.6.1, so
probably sensible to assume 1.6.x <= 1.6.5 is affected.
All the best,
Nick.