Thak you, I'll fix.
Aoineko
Brion Vibber a écrit :
Guillaume Blanchard wrote:
- Look at the source [3] and give me a list of needed
security/performance fix.
I fixed a couple of the most obvious security problems:
- The Special:Newthread edit form provided a very nice cross-site
scripting injection point. Once a user is tricked into visiting a certain URL (can be via a redirection or frame) their authentication cookies can be stolen, or nearly any authenticated action on the wiki can be performed as that user via JavaScript manipulation from the hacked form.
- The Special:Newthread form submission didn't use the edit token,
allowing for cross-site request forgery to submit new threads under a victim's user account if they visit an offsite page containing a form and a little JavaScript.
Before anyone should consider deploying this in the field, there are other very significant problems with how it accepts edits:
It doesn't check for read-only mode
It doesn't check if the user is blocked
It doesn't check whitelist-edit mode
It doesn't check content against the spam blacklist or filter callback
And some general functional issues:
- The localized text doesn't fit with MediaWiki as a whole; the user's
selected language is ignored, and the messages aren't customizable through the MediaWiki: interface.
- Edit comments aren't formatted in the Special:Forum list the way they
are elsewhere
- Edit comments are cut off manually at a byte offset, which could break
UTF-8 characters. Instead, use $wgContLang->truncate() or show the complete comment.
- The code that outputs the table on Special:Forum is very fragile. Many
pieces are done with wikitext which can break when some characters are used (try for instance making a thread titled "''Spiffy''"; the link becomes broken in the list).
- The use of the unlabeled magnification icon to show/hide a chunk of
in-place text is very nonintuitive. Consider using the arrows from the enhanced recent changes display.
- Obviously these don't work at all if the client has JavaScript
disabled; consider not displaying the unmanipulable bits in this case.
- Whatever it looks like, a tiny icon is a tough target to click on; I
constantly have the urge to click on the _title_ and assume it will expand the text, but this links to the separate page.
More generally it seems a bit confusing; at the demo site at http://test-wikipedia.saewyc.net/index.php/Special:Forum there are two entire tables of threads one after the other without an obvious reason or explanation. One has expando-bits, the other doesn't.
-- brion vibber (brion @ pobox.com)
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l