Well, upgrading would be nice. :)
What, and give up on Debian Woody?! Why, I've still got exactly 27
days of security support left, until (after 4 years) even the Debian
folks finally abandon it! ;-)
I'm currently holding out for Ubuntu 6.06 to be released (5 years of
support on the server - very nice)
We're junking CVS
Cool, and I see that
http://www.mediawiki.org/wiki/Template:MW_quick_download (which is
what mislead me to be looking at CVS) has been updated to point to SVN
instead.
That'd be 1.6.0 as of tomorrow or shortly
thereafter.
Sounds good, although from a quick glance the 1.6 /HISTORY, /UPGRADE
and /INSTALL readme text files seemed to be assuming 1.5 (maybe).
I've tossed in a quick tweak to the table parser
to reduce the danger of this;
Thank you!
That's before the fixes checked in on head (which
will go into 1.5.9 also).
OK, well the new stuff below is still based on 1.5.8, so these things
may or may not be resolved by the fixes that have already been checked
in (my apologies if they are):
Wiki text:
---------------------------------
== onmouseover= ==
http://__TOC__
---------------------------------
HTML output:
---------------------------------
<a href="http://<table id='toc'
class='toc'><tr><td><div
id='toctitle'><h2>Contents</h2></div>
<ul>
<li class='toclevel-1'><a href="#onmouseover.3D"><span
class="tocnumber">1</span> <span
class="toctext">onmouseover=</span></a></li>
</ul>
</td></tr></table>
---------------------------------
Note that the HREF string continues until the "#onmouseover.3D" bit,
which is partially user controlled (albeit escaped), so there could
perhaps be some restricted scope for attribute injection.
This idea can also be applied to the various table-related attributes:
---------------------------------
==a==
{| STYLE=__TOC__
---------------------------------
HTML output:
---------------------------------
<table style="<table id='toc'
class='toc'><tr><td><div
id='toctitle'><h2>Contents</h2></div>
<ul>
<li class='toclevel-1'><a href="#a"><span
class="tocnumber">1</span>
<span class="toctext">a</span></a></li>
</ul>
</td></tr></table>
---------------------------------
Above two available online at
http://nickj.org/MediaWiki/Parser14 and
http://nickj.org/MediaWiki/Parser14-table
Also, one other bit of strangeness:
---------------------------------
{|
|
http://a|
---------------------------------
HTML output:
---------------------------------
<table>
<tr>
<td>" class='external free' title="http://a|"
rel="nofollow">http://a|</a>
---------------------------------
Note that somewhere along the line the Parser eats the '<a
href="http://a' string. Available online at
http://nickj.org/MediaWiki/Parser13
As usual, if there are any ideas for improving on any this, please let me know.
All the best,
Nick.