Last modified: 2010-05-15 14:36:07 UTC
BUG MIGRATED FROM SOURCEFORGE http://sourceforge.net/tracker/index.php?func=detail&aid=967833&group_id=34373&atid=411192 Originally submitted by John Ky (newhoggy) 2004-06-07 01:48 Suppose I add the following text to a page: {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} {{msg:Mediaweapon}} The page will only include the first five instances of {{msg:Mediaweapon}}. The rest of them behave as if they were: [[Template:Mediaweapon]] ------------------------- Additional comments ------------------------ Date: 2004-06-07 06:08 Sender: SF user hashar This is hardcoded in parser.php: define( "MAX_INCLUDE_REPEAT", 5 ); It's to prevent a possible attack :o) ------------------------------------------------- Date: 2004-06-07 07:25 Sender: SF user phil_e hahar, this feature is boring e.g. on fr you know we use a lot of: {{msg:le}} [externllink] {{msg:le}} [externllink] etc. ~phe ------------------------------------------------- Date: 2004-06-07 10:15 Sender: nobody Logged In: NO Thanks. I'll choose a slightly bigger number for now. Would it be possible to relax this constraint for small templates? ------------------------------------------------- Date: 2004-06-09 04:28 Sender: SF user hashar This is hardcoded site wide. I don't think a template should be used that much. The only reason so far to change this setting is the example of fr.wikipedia.org. The {{msg:le}} template is used before each external link for the purpose of showing a little earth icon. That should be replaced by a css tweak for . ------------------------------------------------- Date: 2004-06-14 05:17 Sender: SF user thrasher6669 just as another thought, i'm using templates on my wiki: gentoo-wiki.com and i can easyly get into areas where i can use a template 5+ even 10+ times, just ran into this problem today... I'm using it to help facilitate uniform looking pages, my site contains much code snippets and i have provided in the form of a template a uniform table to show off this code e.g.( {{code box|code title| Your code here}} ) and with the possible code snippets getting quite large on some page i could easyly use 10+. Now i could see something similar happening on wikipedia or other wiki's. i was just wondering what kind of attack this is trying to prevent... I havent had a change to look at the code but i would assume you are using regex to do replacements. sorry if i dident make much sense there... oh heres and example of page that _could_ use my templates extensivly: http://gentoo-wiki.com/HOWTO_setup_a_home-server (I would be replacing all of the green boxes with the example above http://gentoo-wiki.com/Template:Box_Code)
*** Bug 124 has been marked as a duplicate of this bug. ***
*** Bug 55 has been marked as a duplicate of this bug. ***
has not this limit been raised to 20 (I saw this on CVS) ?
*** Bug 426 has been marked as a duplicate of this bug. ***
> Date: 2004-06-09 04:28 > Sender: SF user hashar > > This is hardcoded site wide. I don't think a template should > be used that much. IMHO there is a major weakness - an inconsistency - in wikipedia at the moment, which is that in the many, many excellent articles regarding mathematics, physics etc, there are very rarely any links to '''software''' which is free under the GPL or other free (as in speech) licences. It's a bit like a democracy where every political party is itself internally a dictatorship. Well, maybe that's a poor analogy. In any case, i've got started on http://en.wikipedia.org/wiki/Computer_algebra_system and i haven't thought up of any more elegant method than templates. (i'm not totally happy with the template either - something like a GNU or Penguin would be nice, but not really fair since not all free software is, strictly speaking, GNU or Linux, even if the authors would probably not mind being associated. Anyone with a better idea please propose it or try it). Anyway, since there are more than five free (as in speech) software packages in the list, the template fails for the sixth and further. IMHO the limit should be increased, surely 20 or even 30 is probably OK. Hmmm. A short term solution would be to put the Free software template as a header and regroup the packages.
Another example of this bug is described in this comment that I posted on #mediawiki a few minuts back [01:00] <Spundun> There seems a bug with complex use of templates in media wiki.... I can show the bug on meta.wikmedia.org [01:03] <Spundun> If you go to http://meta.wikimedia.org/wiki/Help:Index and go to the section "For system Administrators" there you will see the Template:Ed shown as Template:Ed instead of the contents of the Template:Ed... the same template is used in the sections above and works fine. Also if you click on the "View Thie TOC Alone" next to that mis processed link, you will see Template:Ed processed properly there. To me it looks lik a bug where [01:03] <Spundun> after a certain amount of tmplate usage.. mediawiki sw gets borked
On :fr we are using a template named "er" that is "<small><sup>er</sup></small>". We are using it to format 1{{er}} (1st). See http://fr.wikipedia.org/wiki/366_jours The template is here : http://fr.wikipedia.org/wiki/Mod%C3%A8le:Er If the limit is set to avoid an attack, maybe a size limit for (more than 5) reapeated templates could solve the problem. For example, if the template text is less than 100 chars, it may be replaced up to 200 times instead of 5. Or it may be a limit on the total [template size] x [repetitions] < 4096 chars if [repetitions] > 5. http://fr.wikipedia.org/wiki/Utilisateur:Olivier_Mengu%C3%A9
I suppose that this is the same bug. In ca: we were using templates for lists of population nucleus: http://ca.wikipedia.org/wiki/Montblanc If the municipality has 1-5 nucleus then the templates works well. But with more... I can't undestand how this limit can help.
Dear friends, I found an indication about bug #95 at [[meta:Help:Template#Multiple inclusion of the same template in a page]]. According to my opinion a restriction would not make sanse at all. Especially if you think only what ''we'' do '''now'''. In the documentation it is described how to make copies of the template and use them after the restriction number is exhausted. I was thinking at some alternative views of the same content as done in the main part at [[User:Gangleri/tests/list]], [[User:Gangleri/tests/list (maintenance)]] and [[User:Gangleri/tests/list (maintenance) IMSoP]]. Their maintenance is quite easy because only [[User:Gangleri/tests/list (template)]] needs to be updated and three other templates are used as a parameter to achieve the three views. Such maintenance lists require hunderts of entries. Participants in the Wikipedia dog breed project are talking of a number above 800. I do not understand where the problem is. According to my knowledge there is no way to implement the [[Ackermann function]] because this would be require comparision, decrementation, multiplicatetion, ... and recursive calls of templates. It makes no sense to limit the page sizes because maintenance pages accessible trough http: can be lery large. If it is a problem sysops can watch abnormal behavior, unknown / new pages with excessive size and so on. Regards Reinhardt
I agree that infinite recursion is a problem and that there are allways ways for misuse. Please do not implement the detection of infinite recursion / limitation of recursion TO THE SAME TEMPLATE as counting the occurence. It would be an easy way to detect it, but THESE ARE TWO SEPARATE THINKS. ''Templates'' relate to the mode of inclusion (supporting also parameters) and are not limited to the template namespace. Objects as articles (it is just a consense that articles should not ''look'' as templates), subpages, talks, projects, ... can all use this method. The limitation of template (as method) recursion (also via a chain a -> b - > ... -> n -> a) needs analysis of any of these objects a) when they are saved b) it is suitable to have the analysis in the preview too c) maybe all existing objects in the database need to be analysed because "the bad guys" / "bombs may already be there (they are not active because they are cached) and activation "&action=purge" would need to handle the analysis. I assume that existing templates are not very complex and only a few objects refer to templets with other templates as parameters. The analysis is a graph analysis and one could do the following: - each time you cross a "new" node, you remember the name and set THE COUNTER FOR THIS PARTICULAR NODE to zero; - when you cross a node already identified you increment THE COUNTER FOR THIS PARTICULAR NODE and compare it with a treshold value. If you reach the treshold display an appropriate error text. Regards Reinhardt
*** Bug 863 has been marked as a duplicate of this bug. ***
I have to agree this is a somewhat strange bug in that there must be better ways to check for malicious coding. The main reason for using templates is, to me, to maintain consistency and to make it easier to change the look and feel across a set of pages, as well as to make life easier for editors. Any limitation on how many times a given template can be used in a page is very restrictive for any sorts of lists at all.
This has been fixed ages ago in 1.4, which we will be rolling out onto Wikipedia in the next few weeks.
*** Bug 949 has been marked as a duplicate of this bug. ***
*** Bug 1019 has been marked as a duplicate of this bug. ***
*** Bug 1112 has been marked as a duplicate of this bug. ***
