hi
bug: https://sourceforge.net/tracker/index.php?func=detail&aid=983680&gro...
The Problem comes from this lines in Title.php
<< # Initial colon indicating main namespace if ( ":" == $t{0} ) { $r = substr( $t, 1 ); $this->mNamespace = NS_MAIN; } else { (...) }
I removed all this code portion (not (...)), and it seems to work. I don't understand why an initial colon should indicate the mainspace... and why an article can't start with ":" ? But I'm a newcomer :)
So I hope that's an acceptable solution, otherwise a message on the loginform with login rules could be appropriate ?
Cordialy
Emmanuel Engelhart
Emmanuel Engelhart wrote:
hi
bug: https://sourceforge.net/tracker/index.php?func=detail&aid=983680&gro...
The Problem comes from this lines in Title.php
<< # Initial colon indicating main namespace if ( ":" == $t{0} ) { $r = substr( $t, 1 ); $this->mNamespace = NS_MAIN; } else { (...) }
I removed all this code portion (not (...)), and it seems to work. I don't understand why an initial colon should indicate the mainspace... and why an article can't start with ":" ? But I'm a newcomer :)
So I hope that's an acceptable solution, otherwise a message on the loginform with login rules could be appropriate ?
That's been there since time immemorial, and is used (no doubt among other things) to allow template inclusion from the main namespace, e.g. {{:Main page}}. Note that this is not a security problem, it's just slightly confusing. A better solution would be to compare the text form of the generated title object against the entered user name, and to issue an error if they differ in anything other than case. That way you'll catch not only initial colons, but all manner of other implicit conversions, for example the removal of leading underscores.
-- Tim Starling
On Tue, 13 Jul 2004 11:26:14 +1000 Tim Starling ts4294967296@hotmail.com wrote:
Emmanuel Engelhart wrote:
hi
bug: https://sourceforge.net/tracker/index.php?func=detail&aid=983680&gro...
The Problem comes from this lines in Title.php
<< # Initial colon indicating main namespace if ( ":" == $t{0} ) { $r = substr( $t, 1 ); $this->mNamespace = NS_MAIN; } else { (...) }
I removed all this code portion (not (...)), and it seems to work. I don't understand why an initial colon should indicate the mainspace... and why an article can't start with ":" ? But I'm a newcomer :)
So I hope that's an acceptable solution, otherwise a message on the loginform with login rules could be appropriate ?
That's been there since time immemorial, and is used (no doubt among other things) to allow template inclusion from the main namespace, e.g. {{:Main page}}. Note that this is not a security problem, it's just slightly confusing. A better solution would be to compare the text form of the generated title object against the entered user name, and to issue an error if they differ in anything other than case. That way you'll catch not only initial colons, but all manner of other implicit conversions, for example the removal of leading underscores.
-- Tim Starling
I made a patch in this way. The patch is based on your idea : "ucFirst($name) != $u->getName()". So it forbids the creation of new accounts with a login starting with ":" But the problem stays with created accounts, an idea ?
Emmanuel Engelhart
On Tue, 13 Jul 2004 21:16:41 +0200, Emmanuel Engelhart emmanuel@engelhart.org wrote:
So it forbids the creation of new accounts with a login starting with ":" But the problem stays with created accounts, an idea ?
How many existing accounts are affected by this? The answer may help determine the best solution ...
- Robert
On Tue, 13 Jul 2004 16:26:45 -0400 Robert Fries phpscripter@gmail.com wrote:
On Tue, 13 Jul 2004 21:16:41 +0200, Emmanuel Engelhart emmanuel@engelhart.org wrote:
So it forbids the creation of new accounts with a login starting with ":" But the problem stays with created accounts, an idea ?
How many existing accounts are affected by this? The answer may help determine the best solution ...
I don't know, I'm not a wikipedia administrator. But my opinion is, that on the way to prevent further badformed login registrations ; this patch should be applied...
Emmanuel Engelhart
wikitech-l@lists.wikimedia.org