On 9/12/07, Thomas Dalton thomas.dalton@gmail.com wrote:
If we want to get around that, when the mediawiki software constructs a real URL from an internal link that uses these additional params, it could also embed a token to be used to verify that the link came from an internal link rather than a foreign site. The token would need to be a moving target to prevent foreign sites being able to use it.
Since wikis are, by their very nature, editable, I don't think we can trust internal links any more than we trust external ones.
I was thinking that ordinary users and admins can fix any problem parameters in internal links and potential problems could be prevented with page protection, but I can understand why even that may be insufficient to prevent problems on large sites.
We could limit URL parameters to pages that are protected, or add another bit somewhere to indicate that the page knows how to deal with incoming params and is under admin supervision.
The only way I can see this working is to severely restrict what can be done with these parameters. For example, they should never, under any circumstance, be parsed, as wikitext or HTML.
Ideally pages that accepted parameters would define preconditions to tell mediawiki what types of values that are acceptable. Initially, simple data-types are all that would be needed. For ISBN, ISSN and most other uses of this data, these preconditions could be added like:
#precondition isbn number(13) #precondition issn number(8)
or if we wanted more flexibility, in this case to allow a hyphen in the issn:
#regexprecondition issn [-0-9]{1,9}
When the value doesnt meet the precondition, it could simply not be passed to the page which would then act appropriately.
If these params were only passed through to pages that were approved, another option that would be to add a set of parser functions that can be used to sanity check the param values before the template/page uses them. e.g. isnum, isalpha, etc. Extension RegexParserFunctions would be ideal for this purpose because it is very flexible, but a specialised set of functions written with performance in mind is probably preferable in order to have it enabled on large wiki's.
-- John