Guillaume Blanchard wrote:
- Look at the source [3] and give me a list of needed
security/performance fix.
I fixed a couple of the most obvious security problems:
* The Special:Newthread edit form provided a very nice cross-site scripting injection point. Once a user is tricked into visiting a certain URL (can be via a redirection or frame) their authentication cookies can be stolen, or nearly any authenticated action on the wiki can be performed as that user via JavaScript manipulation from the hacked form.
* The Special:Newthread form submission didn't use the edit token, allowing for cross-site request forgery to submit new threads under a victim's user account if they visit an offsite page containing a form and a little JavaScript.
Before anyone should consider deploying this in the field, there are other very significant problems with how it accepts edits:
* It doesn't check for read-only mode
* It doesn't check if the user is blocked
* It doesn't check whitelist-edit mode
* It doesn't check content against the spam blacklist or filter callback
And some general functional issues:
* The localized text doesn't fit with MediaWiki as a whole; the user's selected language is ignored, and the messages aren't customizable through the MediaWiki: interface.
* Edit comments aren't formatted in the Special:Forum list the way they are elsewhere
* Edit comments are cut off manually at a byte offset, which could break UTF-8 characters. Instead, use $wgContLang->truncate() or show the complete comment.
* The code that outputs the table on Special:Forum is very fragile. Many pieces are done with wikitext which can break when some characters are used (try for instance making a thread titled "''Spiffy''"; the link becomes broken in the list).
* The use of the unlabeled magnification icon to show/hide a chunk of in-place text is very nonintuitive. Consider using the arrows from the enhanced recent changes display.
* Obviously these don't work at all if the client has JavaScript disabled; consider not displaying the unmanipulable bits in this case.
* Whatever it looks like, a tiny icon is a tough target to click on; I constantly have the urge to click on the _title_ and assume it will expand the text, but this links to the separate page.
More generally it seems a bit confusing; at the demo site at http://test-wikipedia.saewyc.net/index.php/Special:Forum there are two entire tables of threads one after the other without an obvious reason or explanation. One has expando-bits, the other doesn't.
-- brion vibber (brion @ pobox.com)