Last modified: 2014-08-01 21:07:23 UTC
It would be enormously helpful to have the EditFilter hook called when rendering a preview. It should not be possible to preview a page with content that will be rejected on save. This can help prevent remote exploits. Additionally, several page security extensions are vulnerable to someone inserting a transclusion to a protected page -- this can be prevented using an EditFilter hook, but it seems no such hook is available for previewing. This would take care of that with a simple change.
I was able to get all the functionality I needed by adding the hook in EditPage::getPreviewText(), right before it sets up the text to parse. This lets me edit text (for instance, to sanitize input) before previewing. If this is not the best way to get this functionality, something else to get something similar would be very much appreciated. if ( $this->isCssJsSubpage ) { if(preg_match("/\\.css$/", $this->mTitle->getText() ) ) { $previewtext = wfMsg('usercsspreview'); } else if(preg_match("/\\.js$/", $this->mTitle->getText() ) ) { $previewtext = wfMsg('userjspreview'); } $parserOptions->setTidy(true); $parserOutput = $wgParser->parse( $previewtext , $this->mTitle, $parserOptions ); $wgOut->addHTML( $parserOutput->mText ); $previewHTML = ''; } else { # Preview Protection change here wfRunHooks( 'EditFilter', array( $this, $this->textbox1, $this->section, &$this->hookError, $this->summary ) ); $toparse = $this->textbox1; # If we're adding a comment, we need to show the # summary as the headline if($this->section=="new" && $this->summary!="") { $toparse="== {$this->summary} ==\n\n".$toparse; } if ( $this->mMetaData != "" ) $toparse .= "\n" . $this->mMetaData;
(In reply to Jonathan Eisenstein from comment #1) > I was able to get all the functionality I needed by adding the hook in > EditPage::getPreviewText(), right before it sets up the text to parse. Hi Jonathan! Sorry that nobody has taken a look at this report yet and given feedback. If you feel like turning your code improvement into a patch, you are welcome to use Developer access https://www.mediawiki.org/wiki/Developer_access to submit this as a Git branch directly into Gerrit: https://www.mediawiki.org/wiki/Git/Tutorial Putting your branch in Git makes it easier to review it quickly. If you don't want to set up Git/Gerrit, you can also use https://tools.wmflabs.org/gerrit-patch-uploader/