Last modified: 2011-05-28 12:48:45 UTC
Please let me propose this as a new extension: A way similar as described in Wikimania 2005 proposal of "Getlets" [1][2], and similar to what [3] already offers - see security risk warning there -, - to transclude text content of a file denoted by a URL - if possible, limited (per-wiki setting) to trusted URLs or servers - preferably after sanitizing the content of the file - preferably after virus checking the content of the file - preferably allowing wiki text (file content may use wiki syntax) on MediaWiki pages. Purpose: To avoid duplication of content, especially for documentation of extensions, I wish to transclude a README file from our SVN on a Mediawiki extension page or subpage. [1] http://meta.wikimedia.org/wiki/Wikimania05/Workshop-TG3 [2] http://upload.wikimedia.org/wikipedia/commons/a/a9/Wikimania05_Workshop_TG3.pdf#Page=6 seq. [3] http://www.mediawiki.org/wiki/Extension:DynamicPageList_%28third-party%29
That's not really related to what DPL does, it kind of can do that, but only due to a security issue, its not intended to do that. This sounds kind of like http://www.mediawiki.org/wiki/Extension:Include (which has a security warning also)
(In reply to comment #1) > This sounds kind of like http://www.mediawiki.org/wiki/Extension:Include (which > has a security warning also) Looks like a solution. Hey, can perhaps someone of you experts make a clean and secure version of it (for MediaWiki:Extension documentation pages) It would allow to transclude e.g. README file or TODO file directly from SVN on the Extensions' manual pages, and would avoid duplication of contents.
Another possible starting point as mentioned by Bryan: CR extension http://www.mediawiki.org/wiki/Extension:Code_Review
(In reply to comment #1) > This sounds kind of like http://www.mediawiki.org/wiki/Extension:Include Yep, after applying the path http://www.mediawiki.org/wiki/Extension_talk:Include#patch_for_PHP_5.3.x this worked and _is_ the solution of my problem. You experts could perhaps checks, whether this secure-include can be added to Mediawiki site to allow extension writers to secure-include texts from their SVN files. Because the extension already allows to white- or black-list, this could be quickly adapted for that specific use, afaik. I will close this bug, because my current problem is solved for 98%. I also contacted the maintainer (Matthieu, bravo!) to point him to this bugzilla, and asked to include the virus checker option, if possible.
A virus checker approach (aka blacklist of evil things) is not the greatest approach. Its not very difficult to have a whitelist of allowed pages (or domains/whatever), and then htmlencode included things, which should be fine for your usecase, and trivial to implement.
Similar getlets are - http://www.mediawiki.org/wiki/Extension:External_Data - http://www.mediawiki.org/wiki/Extension:DataTransclusion
Idea: "buglets" = small "bugzilla-getlets": allow users to write {{bug:29072}} and to have that rendered exactly as [[bugzilla:29072|Bug 29072]] - Getlets: Transcluding a file (for example, a README file on SVN) on a page (for example: MediaWiki:Extension) page (filed 2011-05-21 11:38 UTC)
