Well, upgrading would be nice. :)
What, and give up on Debian Woody?! Why, I've still got exactly 27 days of security support left, until (after 4 years) even the Debian folks finally abandon it! ;-)
I'm currently holding out for Ubuntu 6.06 to be released (5 years of support on the server - very nice)
We're junking CVS
Cool, and I see that http://www.mediawiki.org/wiki/Template:MW_quick_download (which is what mislead me to be looking at CVS) has been updated to point to SVN instead.
That'd be 1.6.0 as of tomorrow or shortly thereafter.
Sounds good, although from a quick glance the 1.6 /HISTORY, /UPGRADE and /INSTALL readme text files seemed to be assuming 1.5 (maybe).
I've tossed in a quick tweak to the table parser to reduce the danger of this;
Thank you!
That's before the fixes checked in on head (which will go into 1.5.9 also).
OK, well the new stuff below is still based on 1.5.8, so these things may or may not be resolved by the fixes that have already been checked in (my apologies if they are):
Wiki text: --------------------------------- == onmouseover= == http://__TOC__ ---------------------------------
HTML output: --------------------------------- <a href="http://<table id='toc' class='toc'><tr><td><div id='toctitle'><h2>Contents</h2></div> <ul> <li class='toclevel-1'><a href="#onmouseover.3D"><span class="tocnumber">1</span> <span class="toctext">onmouseover=</span></a></li> </ul> </td></tr></table> --------------------------------- Note that the HREF string continues until the "#onmouseover.3D" bit, which is partially user controlled (albeit escaped), so there could perhaps be some restricted scope for attribute injection.
This idea can also be applied to the various table-related attributes: --------------------------------- ==a== {| STYLE=__TOC__ ---------------------------------
HTML output: --------------------------------- <table style="<table id='toc' class='toc'><tr><td><div id='toctitle'><h2>Contents</h2></div> <ul> <li class='toclevel-1'><a href="#a"><span class="tocnumber">1</span> <span class="toctext">a</span></a></li> </ul> </td></tr></table> --------------------------------- Above two available online at http://nickj.org/MediaWiki/Parser14 and http://nickj.org/MediaWiki/Parser14-table
Also, one other bit of strangeness: --------------------------------- {| | http://a%7C ---------------------------------
HTML output: --------------------------------- <table> <tr> <td>" class='external free' title="http://a%7C" rel="nofollow">http://a%7C</a> --------------------------------- Note that somewhere along the line the Parser eats the '<a href="http://a' string. Available online at http://nickj.org/MediaWiki/Parser13
As usual, if there are any ideas for improving on any this, please let me know.
All the best, Nick.