Just a note; the 'validation' feature will most likely not be turned on on en.wikipedia.org when we upgrade, since it's not currently in a usable state.
Problems include, but are not limited to:
* In various places it tries to load metadata for *every* revision of the page. This would be fatal on the actual Wikipedia, where there are pages with tens of thousands of revisions. There are likely other severe performance and scalability issues with it.
* The 'management' interface for defining survey options is not locked off properly, and is very hard to use if you do get to it.
* Lack of HTML-safety on the UI interface: as a quick hack I added htmlspecialchars() guards, but things really should be changed to use wikitext where appropriate; several of the UI messages are currently displaying raw HTML tags.
If anybody would like to work on it further that would be spiffy; otherwise it will remain in limbo indefinitely.
-- brion vibber (brion @ pobox.com)
Brion Vibber a écrit:
Just a note; the 'validation' feature will most likely not be turned on on en.wikipedia.org when we upgrade, since it's not currently in a usable state.
Problems include, but are not limited to:
- In various places it tries to load metadata for *every* revision of
the page. This would be fatal on the actual Wikipedia, where there are pages with tens of thousands of revisions. There are likely other severe performance and scalability issues with it.
- The 'management' interface for defining survey options is not locked
off properly, and is very hard to use if you do get to it.
- Lack of HTML-safety on the UI interface: as a quick hack I added
htmlspecialchars() guards, but things really should be changed to use wikitext where appropriate; several of the UI messages are currently displaying raw HTML tags.
If anybody would like to work on it further that would be spiffy; otherwise it will remain in limbo indefinitely.
-- brion vibber (brion @ pobox.com)
Thanks for the info Brion.
Brion Vibber (brion@pobox.com) [050619 19:43]:
Just a note; the 'validation' feature will most likely not be turned on on en.wikipedia.org when we upgrade, since it's not currently in a usable state. Problems include, but are not limited to:
[...]
If anybody would like to work on it further that would be spiffy; otherwise it will remain in limbo indefinitely.
argh, bugger. I thought the backend was fine. Oh well.
After last night's research meetings, I have a pile of things that need doing for the front end to list on meta and discuss with Magnus. I still want this feature incredibly much (as everyone has probably noticed by now) but am still not a coder yet. So, um, is there anyone else interested in helping push this one forward in the practical lines of PHP sense? Please!
- d.
I took a quick look at it, fixed on fatal XML error, there are also some untranslatable strings in there and all the styles are hard coded (should use CSS), furthermore there's some code duplication in there, it has its own linking routines but should use the Linker class.
Brion Vibber schrieb:
Just a note; the 'validation' feature will most likely not be turned on on en.wikipedia.org when we upgrade, since it's not currently in a usable state.
To my defense: * I asked for help on this quite a while ago, several times, bu to no avail * I wnated to get it fixed up last week, but I had an important talk to give, and my harddrive crashed, and I got a PowerBook, which together turned out to be rather distracting ;-)
Problems include, but are not limited to:
- In various places it tries to load metadata for *every* revision of
the page. This would be fatal on the actual Wikipedia, where there are pages with tens of thousands of revisions. There are likely other severe performance and scalability issues with it.
Yup. It's still in my famous "OK-it-kinda-works-now-we-wait" stage.
- The 'management' interface for defining survey options is not locked
off properly, and is very hard to use if you do get to it.
I wan't sure who should get access to it. It is a single line in the code where to limit access. For it being "hard to use", it basically is used *once* to set up topics, and then not at all (ideally) or very sparsly (to add/delete topics). I don't see that as a reason to keep it "in limbo".
- Lack of HTML-safety on the UI interface: as a quick hack I added
htmlspecialchars() guards, but things really should be changed to use wikitext where appropriate; several of the UI messages are currently displaying raw HTML tags.
Well, they didn't show that raw HTML when I checked 'em in. I'm pretty sure of that one. I'll see if I can fix that.
If anybody would like to work on it further that would be spiffy; otherwise it will remain in limbo indefinitely.
I should have some time during this week, although I'll have to setup mysql/apache/yadayada on my new HDD.
Anyway, we can turn this on with a few days (weeks?) delay, just in case. No need to rush, at least not a technical one ;-)
Magnus
Magnus Manske wrote:
Brion Vibber schrieb:
- Lack of HTML-safety on the UI interface: as a quick hack I added
htmlspecialchars() guards, but things really should be changed to use wikitext where appropriate; several of the UI messages are currently displaying raw HTML tags.
Well, they didn't show that raw HTML when I checked 'em in. I'm pretty sure of that one. I'll see if I can fix that.
Well, when you checked it in there were several cross-site scripting vulnerabilities. :)
I did a fairly blanket addition of protection by escaping output, including the UI messages, but some of the messages are apparently meant to be HTML. These should if possible be rewritten; where not possible they should be carefully examined.
Note that we're working on a progressive replacement of all raw HTML user-editable UI messages with explicit plaintext (originally implied) or formatted wikitext. Right now sysops have to be trusted enough not to insert JavaScript or other attacks which could strike at every visitor to the site; with hundreds of sysops on our largest projects it's dubious that we really can extend that degree of trust indefinitely.
Anyway, we can turn this on with a few days (weeks?) delay, just in case. No need to rush, at least not a technical one ;-)
Right.
-- brion vibber (brion @ pobox.com)
On 6/20/05, David Gerard fun@thingy.apana.org.au wrote:
Not being a programmer, I did do a beg for programmers on this one at least :-)
I'm more of a Perl guy, but I'd be happy to help out where I can on this. I tried to find Magnus on IRC today, but learned that he doesn't visit #mediawiki regularly, if at all (thanks JeLuF). What's the best way for an interested developer to get involved? File bug reports and attach patches? Coordinate development off-list? IRC?
-- David
wikitech-l@lists.wikimedia.org