I have an old Mediawiki site (1.6.x) and I need to upgrade it to 1.31. This site has many pages and many of them have text with html links in the HTML format such as:
Text
I am able to upgrade its database to 1.31. However, in display, the above html links are converted to
<a href="/index.php?title=My_PAGE">TEXT</a>
How can I prevent Mediawiki (1.31.x) from performing the above conversion?
I am uncertain presently how to prevent MediaWiki from changing your code, but a possible solution would be to use this
https://www.mediawiki.org/wiki/Extension:Replace_Text
after the upgrade to replace < with < and > with >
Unable to find a method, I simply added the following two lines in public function execute() of ExampleTemplate.php
$html = str_replace('<', '<', $html);
$html = str_replace('>', '>', $html);
Please let me know if you know a better way.
Related
I want to generate a random number or string in HTML so that i add this to HTTP URL inside the HTML page to make it different each time page loads.
That's impossible. HTML is a markup language, and cannot be used for defining logic.
You should use server side scripting language for that.
HTML does not provide random number generation without using javascript OR jQuery.
if you want to avoid cache problem insuring user has a different url each time he loads the page, you can do something like :
<body onLoad="location.hash = Math.floor((Math.random() * 100) + 1);">
I don't think that works, because HTML is a static language.
Something that uses php help? example :
<?php
$url ='https://linkexample/ws/'+ rand(1,100); + '.com';
echo $url;
?>
I'm currently working on a website, where users can write articles with few format possibilities (like bold, italic, list...). I'm using a framework: CodeIgniter.
I'm a beginner, and I've heard some stuff about XSS. I would like to know what do you think about my implementation. I read this topic:
What's the best method for sanitizing user input with PHP?
1) The user write his article, format it with BBCode. I'm using SCEditor.
2) When saving it into database, I'm using htmlspecialchars() to filter any suspect HTML tag. Am I supposed to do this when I'm saving data, or displaying data?
3) When I want to display the article on the website (for other uses for example), I convert BBCode tags into HTML tags.
Is it a right way to do it? Am I avoiding XSS?
I am obviously open to suggestions and advices.
Thanks for your answers
Codeigniter for validation has a property xss which will do all those staff
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[5]|max_length[12]|xss_clean');
check out form validation Codeigniter:
http://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
I "find and replace" using PHP, I don't think it's the most efficient way of doing it though.
<?php
$malicious = "<script>alert(1)</script>";
$malicious = str_ireplace("<", "", $malicious);
$malicious = str_ireplace(">", "", $malicious);
echo $malicious;
?>
<?php
$malicious = "<script>alert(1)</script>";
$malicious = strip_tags($malicious);
$malicious = htmlentities($malicious, ENT_QUOTES);
echo $malicious;
?>
I have different HTML files. I want to open, edit and then save changes with PHP (NOT OOP) in admin panel by using HTML textarea tag. What do I have to do for that? Do I need to create new mysql database? Could you please show me an example?
You can read the contents of the HTML file using file_get_contents:
$html = 'example.html';
$currentContents = file_get_contents($html);
// set the textarea text to $currentContents
To write the changes, you will have to post the textarea to a PHP script (through an HTML form) and then do something like:
$newContents = $_POST['textareaName'];
$html = 'example.html';
$fh = fopen($html, 'w') or die("File could not be opened.");
fwrite($fh, $newContents);
fclose($fh);
There are some security things you need to worry about it, but this is a basic example of how to achieve your goal. Good luck!
http://us.php.net/file_get_contents
http://us.php.net/fwrite
I am using Text::MultiMarkdown to create HTML files from MultiMarkdown documents.
I would like all links to open in a new tab.
Is there a way to configure this behavior using a CSS template, or directly in the MultiMarkdown document (without explicitly writing HTML around each link in the MultiMarkdown document)?
Definitely not in CSS - that is only concerned with the way the elements appear, not how they behave.
It should be possible to add <base target="_blank"> to the head of the HTML document (using XSLT), but that's on par with adding it to each link.
In HTML and/or JavaScript you can only initialize the opening of a new window. The user is in some UAs able to force the opening of a new window as a new tab instead. But you can not control this behaviour.
In theory, you could do this with CSS3: http://www.w3.org/TR/css3-hyperlinks/ - however no common browser ever implemented this. The reason might be that it is a common believe that the choice of when a new window or tab is opened should be left to the user alone.
You can't do this in CSS but you can use the source.
You could subclass Text::MultiMarkdown and provide your own implementation of _GenerateAnchor, something similar to this might work:
sub _GenerateAnchor {
my ($self, $whole_match, $link_text, $link_id, $url, $title, $attributes) = #_;
if($url
&& index($url, '#') != 0) {
$attributes = $attributes ? $attributes . ' target="_blank"' : 'target="_blank"';
}
return $self->SUPER::_GenerateAnchor($whole_match, $link_text, $link_id, $url, $title, $attributes);
}
This is a bit kludgey as _GenerateAnchor isn't part of the public interface. You'd also need to use the OO interface rather than just the markdown function.
You could also contact the Text::MultiMarkdown author and see if he'll add a flag for this sort of thing. Maybe you could provide a patch to get things started.
You can also use HTML::Parser and friends to parse the HTML that comes out of Text::MultiMarkdown and add the target attributes yourself.
I want to wrap a mediawiki site inside another site - using the header.inc and footer.inc files that the rest of the website's html files use.
I'm not familiar with php, is there a 'masterpage' file somewhere I can put them in?
Your best bet would be to create a custom skin, or edit one of the default skins, such as monobook. They control most of the basic presentation code. Here is one short tutorial on creating a custom skin. The files usually live in the /skins/ folder; if you skim through one, you can find where the HTML begins and ends.
You can include another file using the PHP include function, like so:
<html>
...
<body>
<?php
include 'header.inc';
?>
...
For future reference in the LocalSettings.php you can also prevent users from using any other skin.
$wgDefaultSkin = 'myskin';
$wgAllowUserSkin = false;
$wgSkipSkins = array( "chick", "cologneblue", "monobook", "modern", "myskin", "nostalgia", "simple", "standard" );