Closed Bug 650408 Opened 14 years ago Closed 14 years ago

wiki.mozilla.org skins fixes

Categories

(Websites :: wiki.mozilla.org, defect)

Product:
Websites
Component:
wiki.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 656153

People

(Reporter: nmaul, Assigned: Milos)

References

(
URL
)

Details

The new 'gmo' skin activated a couple days ago has a couple references to the /skins/ directory directly. Due to some SVN updating issues between our own repo and svn.wikimedia.org, we're going to be renaming our skins directory. Could we get the gmo.php script updated to refer to $wgStylePath (or otherwise reworked)? The relevant lines I saw are 151 and 266. I didn't see any other places that do this, but I'm by no means a PHP dev. :) Thanks!
Assignee: nobody → bmo
URL: http:://wiki.mozilla.org
Status: NEW → ASSIGNED
Any movement on this? Would like to get that blocked bug taken care of. It's a security update.
Sure. Can you please attach relevant parts of LocalSettings.php so I know what can I use?
$IP = "/data/www/wiki.mozilla.org"; $wgScriptPath = ""; $wgStylePath = "$wgScriptPath/skins"; $wgStyleDirectory = "$IP/skins";
Committed to svn in r88265. Do we need a security review?
I will put to security, just in case... it is public facing, so they might want to comment. Security, ok to push this out? It's blocking a wikimedia upgrade bug, which fixes a security vulnerability.
Assignee: milos → infrasec
Component: wiki.mozilla.org → Infrastructure Security: Web Security
Product: Websites → mozilla.org
QA Contact: wiki-mozilla-org → clyon
Version: unspecified → other
Looks good. To confirm $wgStyleDirectory is only set within the LocalSettings.php file and is never influenced by any user controlled data, correct? If that's the case then security is good with this change.
Assignee: infrasec → mcoates
Correct, this is not set anywhere else. Was going to pull back to myself for deployment, however... Milos, I think there's a problem here. If you use $wgStyleDirectory, your code will expand from this: src="<?=$wgStyleDirectory?>/gmo/img/screen/template/search-submit.png" to this: src="$IP/skins/gmo/img/screen/template/search-submit.png" to this: src="/data/www/wiki.mozilla.org/skins/gmo/img/screen/template/search-submit.png" This won't work though, as that's a filesystem path, not a URL path. I'm pretty sure you want to use $wgStylePath, instead of $wgStyleDirectory.
Assignee: mcoates → milos
Component: Infrastructure Security: Web Security → wiki.mozilla.org
Product: mozilla.org → Websites
QA Contact: clyon → wiki-mozilla-org
In addition to the above, wiki.mozilla.org is also 404'ing for "main.css", which is referenced in skins/gmo.php. Bumping priority because we have just started getting reports about the wiki being broken and not loading properly- this may or may not be related, but it's causing concern that it might be.
Severity: normal → major
Summary: New gmo skin has hard-coded /skins/ paths → wiki.mozilla.org skins fixes
Done in r88563. Please let me know if there's more, and sorry you waited this long.
Excellent... updated, and both issues appear to be fixed. Many thanks!
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Sorry, I have to re-open this. It looks like there are some things 404'ing for this skin: [14:27:56.205] GET https://wiki.mozilla.org/Gmo/img/screen/template/search-submit.png [HTTP/1.1 404 Not Found 228ms] [14:27:55.229] GET https://wiki.mozilla.org/Gmo/img/screen/template/screen/logo_footer.png [HTTP/1.1 404 Not Found 174ms] [14:27:55.432] GET https://wiki.mozilla.org/Gmo/img/screen/template/screen/logo_footer.png [HTTP/1.1 404 Not Found 888ms] It looks like it is not expanding the variable properly, and just returning an empty string... plus, for some reason capitalizing 'Gmo'.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Note that you most likely need to do 'global $wgStylePath;' somewhere... otherwise you'll get an empty string for it. This should fix both issues- Mediawiki throws a 302 redirect to the capitalized version if the first one doesn't exist.
Severity: major → normal
(In reply to comment #12) > Note that you most likely need to do 'global $wgStylePath;' somewhere... > otherwise you'll get an empty string for it. This should fix both issues- > Mediawiki throws a 302 redirect to the capitalized version if the first one > doesn't exist. It doesn't have anything to do with $wgStylePath, that's ok. Apache would throw an error if it didn't know what's $wgStylePath, and it doesn't throw anything to me. I see some other things I don't know anything about, though. Like, 301 moved permanently for all the files it can't load. So, would you please paste .htaccess, and check if there are any aliases in vhosts?
When I said "most likely", what I meant was "I locally tested adding that string, and it fixes the problem". It's not pulling in that variable. :) Here's the line in gmo.php: <input type="image" id="quick-search-btn" alt="Search" src="<?=$wgStylePath?>/gmo/img/screen/template/search-submit.png"> And here it is from "View Source": <input type="image" id="quick-search-btn" alt="Search" src="/gmo/img/screen/template/search-submit.png"> display_errors is off in production, so it would *not* show you anything about a missing variable. At most it would log it, but error_reporting excludes E_NOTICE, so it won't even do that. There are no .htaccess files for wikimo, at least not that affect the whole site (there's some in various subdirectories, but not the main dir or the skins dirs). There are no Alias definitions in the wiki.mozilla.org vhost definition either. There is a good amount of mod_rewrite rules, most of which are redirections for backwards compatibility with old sites. There is also a 301 redirect for everything http:// to https://.
Status: REOPENED → RESOLVED
Closed: 14 years ago14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.