Last modified: 2014-02-12 23:40:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T48528, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 46528 - Enable RSS on Commons
Enable RSS on Commons
Status: NEW
Product: Wikimedia
Classification: Unclassified
Extension setup (Other open bugs)
wmf-deployment
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: community-consensus-needed
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-25 05:32 UTC by Monomium
Modified: 2014-02-12 23:40 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Monomium 2013-03-25 05:32:20 UTC 
Would be helpful for displaying RSS feeds from the Wikimedia Blog in the community portal & main page.
Comment 1 MZMcBride 2013-03-25 05:37:05 UTC 
I think this is a change that shouldn't require community consensus as it's a non-controversial enhancement request, but others may disagree and ask that you first gather local community consensus.

I think enabling the RSS extension on all Wikimedia wikis for the Wikimedia blog might be nice. I don't really want to see a request next week for Meta-Wiki, outreach.wikimedia.org the following week, etc. Enabling the extension everywhere would reduce paperwork, in theory.
Comment 2 MZMcBride 2013-03-25 05:44:55 UTC 
From <https://noc.wikimedia.org/conf/InitialiseSettings.php.txt>:

---
'wmgUseRSSExtension' => array(
	'default' => false,
	'foundationwiki' => true,
	'mediawikiwiki' => true,
	'uawikimedia' => true,
),
'wmgRSSUrlWhitelist' => array(
	'default' => array(),  // as of Ext:RSS v2, this means no URLs are allowed.
	'uawikimedia' => array( 'http://wikimediaukraine.wordpress.com/feed/' ),
	'foundationwiki' => array(
		'http://blog.wikimedia.org/feed/',
		'http://blog.wikimedia.org/c/our-wikis/wikimediacommons/feed/',
		'http://blog.wikimedia.org/c/communications/picture-of-the-day/feed/',
	),
	'mediawikiwiki' => array(
		'https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/extensions/Translate.git&a=rss',
		'http://blog.wikimedia.org/feed/',
	),
),
---
Comment 3 Tim Starling 2013-03-25 06:11:42 UTC 
(In reply to comment #1)
> I think enabling the RSS extension on all Wikimedia wikis for the Wikimedia
> blog might be nice. I don't really want to see a request next week for
> Meta-Wiki, outreach.wikimedia.org the following week, etc. Enabling the
> extension everywhere would reduce paperwork, in theory.

Currently, $wgRSSUrlWhitelist needs to be modified for every feed that is used. So it seems unlikely that enabling it everywhere would reduce the number of shell requests. The code says:

// Warning: Allowing all urls (not setting a whitelist)
// may be a security concern.
...
// include "*" if you expressly want to allow all urls (you should not do this)

So it would seem that every request for addition to $wgRSSUrlWhitelist needs to be carefully reviewed for security.
Comment 4 MZMcBride 2013-03-25 06:31:22 UTC 
(In reply to comment #3)
> Currently, $wgRSSUrlWhitelist needs to be modified for every feed that is
> used. So it seems unlikely that enabling it everywhere would reduce the number
> of shell requests.

Sure, an on-wiki configuration system would be better. That said, comment 0 and comment 1 both specifically refer to the Wikimedia blog (<https://blog.wikimedia.org>). I think enabling the RSS extension and whitelisting only blog.wikimedia.org for all Wikimedia wikis might save some headache/hassle.

> So it would seem that every request for addition to $wgRSSUrlWhitelist needs
> to be carefully reviewed for security.

Hmm, I wonder why this is.
Comment 5 p858snake 2013-03-25 06:33:59 UTC 
(In reply to comment #4)
> > So it would seem that every request for addition to $wgRSSUrlWhitelist needs
> > to be carefully reviewed for security.
> 
> Hmm, I wonder why this is.

It formats the HTML in blog posts, I'm sure you can understand why that is a issue.
Comment 6 Tim Starling 2013-03-25 06:39:02 UTC 
(In reply to comment #5)
> (In reply to comment #4)
> > > So it would seem that every request for addition to $wgRSSUrlWhitelist needs
> > > to be carefully reviewed for security.
> > 
> > Hmm, I wonder why this is.
> 
> It formats the HTML in blog posts, I'm sure you can understand why that is a
> issue.

If the HTML were filtered then the extension could be more generally useful.
Comment 7 p858snake 2013-03-25 06:57:30 UTC 
(In reply to comment #5)
> (In reply to comment #4)
> > > So it would seem that every request for addition to $wgRSSUrlWhitelist needs
> > > to be carefully reviewed for security.
> > 
> > Hmm, I wonder why this is.
> 
> It formats the HTML in blog posts, I'm sure you can understand why that is a
> issue.

(I will just note what I dropped in the IRC channel)

<p858snake|l_> TimStarling: actually it might not format html, I was reading the extension page and it looks like I was getting confused with it "Format Links" and "Format Images" option
<p858snake|l_> Susan: ^
<p858snake|l_> but would probably want to make sure its cache setup is setup properly before you do it clusterwide
<Susan> I assumed it sent raw HTML through the MediaWiki parser/sanitizer.
<Susan> But only because that seemed like the only sane thing to do. No idea if it actually does.
<Susan> I suppose sanitizing <a> would be problematic.
Comment 8 Nemo 2013-03-29 17:59:48 UTC 
Not ready for shell because of security considerations + needs consensus -> shellpolicy.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links