Re: [MediaWiki-CVS] SVN: [38275] trunk/extensions/CSS/CSS.php

On Thu, Jul 31, 2008 at 6:25 PM, Brion Vibber <brion@...> wrote:
> Icky... but perhaps no good way around it I guess. :)
>
> The tricky bit is that for HTML mode you want to wrap the "<![CDATA["
> and "]]>" bits in comments (/* blah */) so they don't interfere with the
> JS or CSS code.
>
> Does that necessarily generally work? Bah, this shouldn't be so
> annoyingly hard...

Yeah, I see the problem.  There are two reasonable solutions I see.  One:

public static function escapeCdata( $data ) {
	if( strpos( ']]>', $data ) == false ) {
		return $data;
	}
	return '';
}

Two:

public static function escapeCssForCdata( $css ) {
	return str_replace( ']]>', ']]\\00003E', $css );
}

The first one is potentially annoying, but in both CSS and JavaScript
it should be easy to work around the limitation.  The second one is
maybe nicer for CSS, *except* that I'm not totally sure that it would
always work.

Re: [MediaWiki-CVS] SVN: [38275] trunk/extensions/CSS/CSS.php

On Thu, Jul 31, 2008 at 7:51 PM, Simetrical
<Simetrical+wikilist@...> wrote:
>        if( strpos( ']]>', $data ) == false ) {

That's got to be ===, of course.  We all know how much I love PHP weak
typing, so I won't say any more on that . . .

Re: [MediaWiki-CVS] SVN: [38321] trunk/phase3/includes/WatchlistEditor.php

On Thu, Jul 31, 2008 at 7:20 PM,  <brion@...> wrote:
> Log Message:
> -----------
> Revert r38302,38306 -- "Add an order by to the list of watched pages."
> This looks wrong -- an order by title wouldn't be indexed properly, and could be rather slow.
> . . .
>                $sql = "SELECT wl_namespace, wl_title, page_id, page_len, page_is_redirect
>                        FROM {$watchlist} LEFT JOIN {$page} ON ( wl_namespace = page_namespace
>                        AND wl_title = page_title ) WHERE wl_user = {$uid}";
> -               if ( !$dbr->implicitOrderby() ) {
> -                       $sql .= ' ORDER BY wl_title';
> -               }

Maybe Greg meant ORDER BY wl_namespace, wl_title?  That's the way it
would implicitly be retrieved in MySQL with our indexes.  If that's
causing problems, that order should be made unconditionally explicit:
this isn't a case where it needs to be implicit for MySQL to be happy.
 (If there is such a case.  Not sure what this distinction is needed
for.)

Re: [MediaWiki-CVS] SVN: [38275] trunk/extensions/CSS/CSS.php

We're escaping for content, not escaping for attributes (attribute 
escaping should be handled by different code). So does anyone remember 
the parameters of htmlspecialchars?
http://ca.php.net/htmlspecialchars

string **htmlspecialchars** ( string $string [, int $quote_style [, 
string $charset [, bool $double_encode ]]] )
($charset since 4.1.0; $double_encode since 5.2.3)

You know that you can use:
$text = htmlspecialchars( $text, ENT_NOQUOTES );

And the quotes won't be encoded.

Though personally... When I make a sanitizer I go for what it's meant to 
do. Thing like my cleanHtml are meant to make things safe, not escaping 
of things. htmlspecialchars is meant to take text, and escape it so that 
when it's outputted into html it looks the same and isn't mangled by 
things that the renderer thinks are entities.
So on that, my sanitizers only convert < and > into &lt; and &gt; they 
don't do any other encoding, and they don't double encode the entities 
for <>. Cause the point is to make the syntax so that it won't be 
considered evil html. And only <> needs to be escaped for that purpose.

~Daniel Friesen(Dantman, Nadir-Seen-Fire) of:
-The Nadir-Point Group (http://nadir-point.com)
--It's Wiki-Tools subgroup (http://wiki-tools.com)
--The ElectronicMe project (http://electronic-me.org)
--Games-G.P.S. (http://ggps.org)
-And Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG)

Re: [MediaWiki-CVS] SVN: [38321] trunk/phase3/includes/WatchlistEditor.php

> Revert r38302,38306 -- "Add an order by to the list of watched pages."
> This looks wrong -- an order by title wouldn't be indexed properly, and
> could be rather slow.

Eh? It indexes just fine:

           QUERY PLAN
------------------------------------------------------------------
Sort  (actual time=16.137..16.350 rows=538 loops=1)
 Sort Key: page.page_title
 Sort Method:  quicksort  Memory: 76kB
 -> Nested Loop Left Join  (actual time=0.460..14.734 rows=538 loops=1)
    Join Filter: (watchlist.wl_namespace = page.page_namespace)
    -> Bitmap Heap Scan on watchlist  (actual time=0.379..2.605 rows=538 loops=1)
       Recheck Cond: (wl_user = 345)
       -> Bitmap Index Scan on watchlist_user (actual time=0.298..0.298 rows=538 loops=1)
          Index Cond: (wl_user = 345)
    -> Index Scan using page_title on page  (actual time=0.015..0.019 rows=2 loops=538)
       Index Cond: (watchlist.wl_title = page.page_title)
Total runtime: 16.782 ms

--

-- 
Greg Sabino Mullane greg@...
End Point Corporation

_______________________________________________
Wikitech-l mailing list
Wikitech-l@...

Re: [MediaWiki-CVS] SVN: [38275] trunk/extensions/CSS/CSS.php

On Thu, Jul 31, 2008 at 11:10 PM, Daniel Friesen
<dan_the_man@...> wrote:
> We're escaping for content, not escaping for attributes (attribute
> escaping should be handled by different code). So does anyone remember
> the parameters of htmlspecialchars?
> http://ca.php.net/htmlspecialchars
>
> string **htmlspecialchars** ( string $string [, int $quote_style [,
> string $charset [, bool $double_encode ]]] )
> ($charset since 4.1.0; $double_encode since 5.2.3)
>
> You know that you can use:
> $text = htmlspecialchars( $text, ENT_NOQUOTES );
>
> And the quotes won't be encoded.

Yes, but something like

html > body { color: red; }

will still break.  You miss the point, I think.  *Nothing* should be
encoded inside <script> or <style>, if you want to remain compatible
with HTML.

> Though personally... When I make a sanitizer I go for what it's meant to
> do. Thing like my cleanHtml are meant to make things safe, not escaping
> of things.

They're meant to make things not just safe but valid.  This requires
escaping everything that has a special meaning.

Re: [MediaWiki-CVS] Minor typing error in German localisation

purodha@... wrote:
> Revision: 38382
> Author:   purodha
> Date:     2008-08-01 17:47:41 +0000 (Fri, 01 Aug 2008)
> 
> Log Message:
> -----------
> Minor typing error in German localisation.

Please note that the German language is now localised at Betawiki, 
therefore your changes will be overwritten on the next export.

MinuteElectron.

Re: [MediaWiki-CVS] Minor typing error in German localisation

MinuteElectron wrote:
> purodha@... wrote:
>> Revision: 38382
>> Author:   purodha
>> Date:     2008-08-01 17:47:41 +0000 (Fri, 01 Aug 2008)
>>
>> Log Message:
>> -----------
>> Minor typing error in German localisation.
> 
> Please note that the German language is now localised at Betawiki, 
> therefore your changes will be overwritten on the next export.

BetaWiki needs to fix that problem... Somehow they manage to update the
English messages, so it's surely not impossible. :)

-- brion

Re: [MediaWiki-CVS] Minor typing error in German localisation

Brion Vibber wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> MinuteElectron wrote:
>> purodha@... wrote:
>>> Revision: 38382
>>> Author:   purodha
>>> Date:     2008-08-01 17:47:41 +0000 (Fri, 01 Aug 2008)
>>>
>>> Log Message:
>>> -----------
>>> Minor typing error in German localisation.
>> Please note that the German language is now localised at Betawiki, 
>> therefore your changes will be overwritten on the next export.
> 
> BetaWiki needs to fix that problem... Somehow they manage to update the
> English messages, so it's surely not impossible. :)

English messages are not exported by Betawiki so there is nothing to 
update.  Two way synchronization requires a lot more work if edit 
history is to be maintained (updates would be passed through to Betawiki 
if all messages were deleted on export, but this would be undesirable 
and break attribution).  This is currently on the agenda, but I do not 
know when it will be resolved.

MinuteElectron.

problem with Title instance

I have a code which is running perfect on one wiki.

I installed another wiki on other machine.
*
code snippet:*

$pageTitle = Title::newFromText($args[title]);

where $args[title]="Main_Page"

*Following is the error message* :
 "*Catchable fatal error*: Argument 1 passed to Linker::doEditSectionLink()
must be an instance of Title, null given, called in
/opt/web/htdocs/mediawiki/includes/Linker.php on line 1175 and defined in *
/opt/web/htdocs/mediawiki/includes/Linker.php* on line *1200"

*Its not able to form Title object. Pls help!!.
*
*--
Thanks n Regards
Viral Gupta

When a man knows what he wants, the world steps aside to make way for him.