Page MenuHomeMiraheze

Request for reviewing two extensions: R and ExternalLinks.
Closed, DeclinedPublic

Description

As I found these extensions are interesting but not reviewed yet. These extensions seems not consuming many resources and I request review on the extensions:

R- embedding R source in the wiki https://m.mediawiki.org/wiki/Extension:R

ExternalLinks -
https://m.mediawiki.org/wiki/Extension:ExternalLinks

Event Timeline

This comment has been deleted.

As a side note barely related, should be enforce a no mobile links policy on phabricator?

As a side note barely related, should be enforce a no mobile links policy on phabricator?

No because it'll unrealistic to enforce.

In T1555#28222, @John wrote:

As a side note barely related, should be enforce a no mobile links policy on phabricator?

No because it'll unrealistic to enforce.

fair enough. just was thinking stylistically and consistency wise.

So I've tested ExternalLinks on my install of 1.28 and have reviewed the code from http://subdomain.subfader.de/MediaWiki/ExternalLinks/ExternalLinks1.1.3.zip

  • Last updated 8 September 2016, and the author seems active on the MediaWiki wiki (and thus likely to be responsive to bug reports) ✓
  • Makes no database calls ✓
  • Well written with no glaring bugs or security concerns ✓

I'll just add that it does, in fact, make database calls if $wgELenableSessionStoring is set. On the other hand, doing this will fail, because it requires you to change the database, and doesn't actually provide the SQL to do so.

Also, there's obvious XSS flaws in this extension, so Extension:ExternalLinks declined for now. The variables $filterURL and $filterURLnot are fetched from the http request and put right back into the HTML without validation.

Per T1555#29161, this is declined.

Feel free to reopen if changes are made to the extension.