Last modified: 2014-08-01 21:07:23 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T17654, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 15654 - EditFilter hook for preview
EditFilter hook for preview
Status: NEW
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
1.13.x
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-20 07:39 UTC by Jonathan Eisenstein
Modified: 2014-08-01 21:07 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Jonathan Eisenstein 2008-09-20 07:39:05 UTC
It would be enormously helpful to have the EditFilter hook called when rendering a preview. It should not be possible to preview a page with content that will be rejected on save. This can help prevent remote exploits. Additionally, several page security extensions are vulnerable to someone inserting a transclusion to a protected page -- this can be prevented using an EditFilter hook, but it seems no such hook is available for previewing. This would take care of that with a simple change.
Comment 1 Jonathan Eisenstein 2008-09-22 01:44:55 UTC
I was able to get all the functionality I needed by adding the hook in EditPage::getPreviewText(), right before it sets up the text to parse. This lets me edit text (for instance, to sanitize input) before previewing. If this is not the best way to get this functionality, something else to get something similar would be very much appreciated.

                if ( $this->isCssJsSubpage ) {
                        if(preg_match("/\\.css$/", $this->mTitle->getText() ) ) {
                                $previewtext = wfMsg('usercsspreview');
                        } else if(preg_match("/\\.js$/", $this->mTitle->getText() ) ) {
                                $previewtext = wfMsg('userjspreview');
                        }
                        $parserOptions->setTidy(true);
                        $parserOutput = $wgParser->parse( $previewtext , $this->mTitle, $parserOptions );
                        $wgOut->addHTML( $parserOutput->mText );
                        $previewHTML = '';
                } else {
                       
		 # Preview Protection change here
                        wfRunHooks( 'EditFilter', array( $this, $this->textbox1, $this->section, &$this->hookError, $this->summary ) );

                        $toparse = $this->textbox1;

                        # If we're adding a comment, we need to show the
                        # summary as the headline
                        if($this->section=="new" && $this->summary!="") {
                                $toparse="== {$this->summary} ==\n\n".$toparse;
                        }

                        if ( $this->mMetaData != "" ) $toparse .= "\n" . $this->mMetaData;
Comment 2 Andre Klapper 2014-08-01 21:07:23 UTC
(In reply to Jonathan Eisenstein from comment #1)
> I was able to get all the functionality I needed by adding the hook in
> EditPage::getPreviewText(), right before it sets up the text to parse.

Hi Jonathan! Sorry that nobody has taken a look at this report yet and given feedback.
If you feel like turning your code improvement into a patch, you are welcome to use Developer access
  https://www.mediawiki.org/wiki/Developer_access
to submit this as a Git branch directly into Gerrit:
  https://www.mediawiki.org/wiki/Git/Tutorial
Putting your branch in Git makes it easier to review it quickly. If you don't want to set up Git/Gerrit, you can also use https://tools.wmflabs.org/gerrit-patch-uploader/

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links