Closed
Bug 465029
Opened 16 years ago
Closed 15 years ago
Warn when creating articles with bad characters
Categories
(support.mozilla.org :: Knowledge Base Software, task)
support.mozilla.org
Knowledge Base Software
Tracking
(Not tracked)
VERIFIED
FIXED
1.3
People
(Reporter: cww, Assigned: paulc)
References
()
Details
(Whiteboard: tiki_feature tiki_upstreamed)
Attachments
(4 files, 1 obsolete file)
1.82 KB,
patch
|
laura
:
review+
|
Details | Diff | Splinter Review |
2.16 KB,
patch
|
laura
:
review+
|
Details | Diff | Splinter Review |
628 bytes,
text/plain
|
Details | |
5.00 KB,
patch
|
laura
:
review+
|
Details | Diff | Splinter Review |
There is no warning when you try to create an article (either through the creating articles page or via translation) and the article title contains invalid characters. Since there's no sanitizing of invalid title characters, you can go all the way, write the article and click submit, only to find that the article can't be linked to or accessed because of those characters. Invalid characters are: :/?#[]@!$&'()*+,;=.<> This means that contributors will make articles with Firefox version numbers (3.0.X) or phrases like and/or or (parentheticals) in the title and have no idea why their article doesn't show up after editing. What would be nice is a little javascript that checks your proposed article title to make sure that it's OK before you click and make the article. < and > don't break the wiki but aren't sanitized so you can inject HTML here. (<script> tags are <x>'d)
Updated•15 years ago
|
Target Milestone: --- → 1.2
Updated•15 years ago
|
Assignee: nobody → paul.craciunoiu
Target Milestone: 1.2 → 1.3
So we can block these characters but some (like ' and . and ()) are really really useful to have in article titles. (Slashes will break lots of things so those have to be sanitized) I'm going to file bugs for making the wiki allow those characters and the remaining ones can be sanitized on the creating+articles page.
Assignee | ||
Comment 4•15 years ago
|
||
Perhaps upgrading tiki will take care of this.
Assignee | ||
Comment 5•15 years ago
|
||
Sylvie, any changes in a later version of Tiki that allow for the characters listed here? (and if so, which) Thank you :)
Comment 6•15 years ago
|
||
This should be fixed in 3
Assignee | ||
Comment 7•15 years ago
|
||
Thanks Sylvie. Could you point me to the bug(s)/pactch(es) that fix this? I would hope there's an easy way to merge the changes into the SUMO version. If this isn't an easy merge, Laura, David: perhaps we can just wait for the update.
Comment 8•15 years ago
|
||
We clean the code all over the place with smarty functions {title}, {sefurl}....Hard to point directly to a commit.
Assignee | ||
Comment 9•15 years ago
|
||
What we can do is simply not allow the editpage to show up if the title contains bad characters. That will work and does not require javascript. Since article title is not actually an input field on the page, but only in the URL, we can just provide a warning message and text input on the page, instead of the full edit with the textarea + categories + etc... E.g. when you go to https://support-stage.mozilla.org/tiki-editpage.php?page=test<title Sound good?
Comment 10•15 years ago
|
||
Sounds good to me - Chris, would this work for you?
Comment 11•15 years ago
|
||
I'm not sure I follow. The main place to create a page is via <https://support.mozilla.com/en-US/kb/Creating+articles> or <https://support.mozilla.com/tiki-edit_translation.php>, which both provide a text field.
Assignee | ||
Comment 12•15 years ago
|
||
(In reply to comment #11) > I'm not sure I follow. The main place to create a page is via > <https://support.mozilla.com/en-US/kb/Creating+articles> or > <https://support.mozilla.com/tiki-edit_translation.php>, which both provide a > text field. True, but both of those ultimately lead to tiki-editpage.php?locale=blah&page=title+of+page
Comment 13•15 years ago
|
||
What would happen if someone tries to create an article with an illegal character? "a warning message and text input on the page"? If so, that sounds good to me.
Assignee | ||
Comment 14•15 years ago
|
||
This patch adds a content label called "badchars_notify_data" to tiki-editpage.php When any of the bad chars are in the title, the rest of the page does not display, so it cannot be created. Also, the edit form displays if the page already exists, and the author sees the warning at the top and should change the title accordingly. The text for the content label is: --------------------------- <div class="top-notify">{tr}The article title you are trying to edit contains one or more of the following disallowed characters:{/tr} {$page_badchars_display} <form method="get" action="/tiki-editpage.php"><h3>{tr}Please enter a new title{/tr}</h3><input type="text" size="15" name="page" value="{$page}" /><input type="submit" name="quickedit" value="{tr}Edit{/tr}" /></form></div> --------------------------- We can always change this text, of course.
Attachment #387794 -
Flags: review?(smirkingsisyphus)
Attachment #387794 -
Flags: review?(laura)
Assignee | ||
Comment 15•15 years ago
|
||
Oops. I meant the content label name is "editpage_badchars_notify" :)
Reporter | ||
Comment 16•15 years ago
|
||
SELECT lang, pageName FROM tiki_pages where pageName REGEXP '[[.:.][./.][.?.][.#.][.[.][.].][.@.][.!.][.$.][.&.][.\'.][.(.][.).][.+.][.,.][.;.][.=.][...][.<.][.>.]]'; is the query to find all KB articles that have bad titles. Putting it here so we know to go through and fix them.
Updated•15 years ago
|
Attachment #387794 -
Flags: review?(smirkingsisyphus)
Attachment #387794 -
Flags: review?(laura)
Attachment #387794 -
Flags: review+
Assignee | ||
Comment 17•15 years ago
|
||
r48073 / r48074
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 18•15 years ago
|
||
This shows up for staging articles. Patch to follow.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 19•15 years ago
|
||
Attachment #391472 -
Flags: review?(laura)
Updated•15 years ago
|
Attachment #391472 -
Flags: review?(laura) → review+
Assignee | ||
Comment 20•15 years ago
|
||
r48208 / r48209
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Yet another bug where content needs to be created and assigned on staging? (Please also add the instructions to the push bug for 1.3 when that time comes.)
Assignee | ||
Comment 22•15 years ago
|
||
I've created it on staging and attached it here.
Verified FIXED; nice work! Tried all the characters listed there; all attempts to create with any of those failed -- without any of those characters, creation succeeds.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 24•15 years ago
|
||
This warning breaks creating translations with bad characters. The translation data should be passed over along with the new title. STR: 1. Go to any article, click "translate this page" and enter a title containing bad characters. 2. Click "Create translation" 2. On the next page, you're prompted to change the title. Change it to a valid title. Click "Edit" 3. The translation data is lost. The fix won't be too hard and it can be done in the template. Basically it involves carrying the translation data over.
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 25•15 years ago
|
||
This is the updated content label. The only change is removing the form tag.
Attachment #393713 -
Attachment is obsolete: true
Assignee | ||
Comment 26•15 years ago
|
||
This adds hidden form inputs to make sure the submitted information gets posted until the title selected is valid. I really should've done this from the start.
Attachment #395618 -
Flags: review?(laura)
Updated•15 years ago
|
Attachment #395618 -
Flags: review?(laura) → review+
Assignee | ||
Comment 27•15 years ago
|
||
r49759 / r49760 Updated the content label on stage and also created it on prod to match attachment 395615 [details] https://support-stage.mozilla.org/tiki-edit_programmed_content.php?locale=en-US&contentId=215 https://support.mozilla.com/tiki-edit_programmed_content.php?contentId=217
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Verified FIXED on https://support-stage.mozilla.org/tiki-editpage.php?locale=en-US.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 29•15 years ago
|
||
That URL probably had some post data to it -- doesn't work when just linking to it.
(In reply to comment #29) > That URL probably had some post data to it -- doesn't work when just linking to > it. Yeah, but that page is shared when editing pages and/or doing translations.
Comment 31•15 years ago
|
||
Great work. This has been annoying me for years. And it's not just for page names, but also tags, usernames, etc. Related discussion: http://dev.tikiwiki.org/Character+substitutions I look forward to the upstream!
Whiteboard: tiki_feature
Comment 32•15 years ago
|
||
<> are no longer possible as they get filtered out. For the other characters, I too the check almost as-is in the PHP file. For the template, I made it a suggestion by default. the wiki_badchar_prevent switch can be turned on to disallow them completely. The page name field was made part of the standard form rather than creating a new form with hidden fields to ease maintainability. The save buttons are disabled if prevent is turned on.
Whiteboard: tiki_feature → tiki_feature tiki_upstreamed
You need to log in
before you can comment on or make changes to this bug.
Description
•