Last modified: 2014-08-01 21:07:23 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 15654 - EditFilter hook for preview
EditFilter hook for preview
Status: NEW
Product: MediaWiki
Classification: Unclassified
Page editing (Other open bugs)
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2008-09-20 07:39 UTC by Jonathan Eisenstein
Modified: 2014-08-01 21:07 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Jonathan Eisenstein 2008-09-20 07:39:05 UTC
It would be enormously helpful to have the EditFilter hook called when rendering a preview. It should not be possible to preview a page with content that will be rejected on save. This can help prevent remote exploits. Additionally, several page security extensions are vulnerable to someone inserting a transclusion to a protected page -- this can be prevented using an EditFilter hook, but it seems no such hook is available for previewing. This would take care of that with a simple change.
Comment 1 Jonathan Eisenstein 2008-09-22 01:44:55 UTC
I was able to get all the functionality I needed by adding the hook in EditPage::getPreviewText(), right before it sets up the text to parse. This lets me edit text (for instance, to sanitize input) before previewing. If this is not the best way to get this functionality, something else to get something similar would be very much appreciated.

                if ( $this->isCssJsSubpage ) {
                        if(preg_match("/\\.css$/", $this->mTitle->getText() ) ) {
                                $previewtext = wfMsg('usercsspreview');
                        } else if(preg_match("/\\.js$/", $this->mTitle->getText() ) ) {
                                $previewtext = wfMsg('userjspreview');
                        $parserOutput = $wgParser->parse( $previewtext , $this->mTitle, $parserOptions );
                        $wgOut->addHTML( $parserOutput->mText );
                        $previewHTML = '';
                } else {
		 # Preview Protection change here
                        wfRunHooks( 'EditFilter', array( $this, $this->textbox1, $this->section, &$this->hookError, $this->summary ) );

                        $toparse = $this->textbox1;

                        # If we're adding a comment, we need to show the
                        # summary as the headline
                        if($this->section=="new" && $this->summary!="") {
                                $toparse="== {$this->summary} ==\n\n".$toparse;

                        if ( $this->mMetaData != "" ) $toparse .= "\n" . $this->mMetaData;
Comment 2 Andre Klapper 2014-08-01 21:07:23 UTC
(In reply to Jonathan Eisenstein from comment #1)
> I was able to get all the functionality I needed by adding the hook in
> EditPage::getPreviewText(), right before it sets up the text to parse.

Hi Jonathan! Sorry that nobody has taken a look at this report yet and given feedback.
If you feel like turning your code improvement into a patch, you are welcome to use Developer access
to submit this as a Git branch directly into Gerrit:
Putting your branch in Git makes it easier to review it quickly. If you don't want to set up Git/Gerrit, you can also use

Note You need to log in before you can comment on or make changes to this bug.