Guillaume Blanchard wrote:
- Look at the source [3] and give me a list of
needed
security/performance fix.
I fixed a couple of the most obvious security problems:
* The Special:Newthread edit form provided a very nice cross-site
scripting injection point. Once a user is tricked into visiting a
certain URL (can be via a redirection or frame) their authentication
cookies can be stolen, or nearly any authenticated action on the wiki
can be performed as that user via JavaScript manipulation from the
hacked form.
* The Special:Newthread form submission didn't use the edit token,
allowing for cross-site request forgery to submit new threads under a
victim's user account if they visit an offsite page containing a form
and a little JavaScript.
Before anyone should consider deploying this in the field, there are
other very significant problems with how it accepts edits:
* It doesn't check for read-only mode
* It doesn't check if the user is blocked
* It doesn't check whitelist-edit mode
* It doesn't check content against the spam blacklist or filter callback
And some general functional issues:
* The localized text doesn't fit with MediaWiki as a whole; the user's
selected language is ignored, and the messages aren't customizable
through the MediaWiki: interface.
* Edit comments aren't formatted in the Special:Forum list the way they
are elsewhere
* Edit comments are cut off manually at a byte offset, which could break
UTF-8 characters. Instead, use $wgContLang->truncate() or show the
complete comment.
* The code that outputs the table on Special:Forum is very fragile. Many
pieces are done with wikitext which can break when some characters are
used (try for instance making a thread titled "''Spiffy''"; the
link
becomes broken in the list).
* The use of the unlabeled magnification icon to show/hide a chunk of
in-place text is very nonintuitive. Consider using the arrows from the
enhanced recent changes display.
* Obviously these don't work at all if the client has JavaScript
disabled; consider not displaying the unmanipulable bits in this case.
* Whatever it looks like, a tiny icon is a tough target to click on; I
constantly have the urge to click on the _title_ and assume it will
expand the text, but this links to the separate page.
More generally it seems a bit confusing; at the demo site at
http://test-wikipedia.saewyc.net/index.php/Special:Forum there are two
entire tables of threads one after the other without an obvious reason
or explanation. One has expando-bits, the other doesn't.
-- brion vibber (brion @
pobox.com)
------------------------------------------------------------------------
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l