[Bf-docboard] Bf-docboard Digest, Vol 92, Issue 1

Lockal S lockalsash at gmail.com
Tue Oct 9 22:03:25 CEST 2012 

Hi everyone.
Let me explain few thing I know about MediaWiki & BlenderWiki. To
begin with, it was me who reported about BlenderWiki software state
few days ago. As http://wiki.blender.org/index.php/Special:Version
says, 1.16.2 is installed (~1.5 years ago), and current version is
1.19.2. During this time there were many security fixes, but I can't
see any critical problems like SQL injections or code execution.
BlenderWiki is affected by few XSS and CSRF problems, but those could
be used only for direct attack, which is unlikely to happen.

There are still some good reasons to keep MediaWiki up-to-date. The
first one is that in case of critical security issues upgrade between
1.19.2 and 1.19.3 would go much smoother. The second reason is that
different versions have different features and upgrade could make
loading process much faster (e. g. with ResourceLoader). And the third
reason is that new versions of MediaWiki allow some good extensions,
like http://www.mediawiki.org/wiki/Extension:Translate . I won't
describe this extension here, just go to this link and see it
yourself. Great gift for BlenderWiki translators!

Finally, there are many custom or modified extensions in BlenderWiki.
Some of them, like BlenderTags could be easily upgraded with minimal
changes. Naiad theme could be rewritten (probably with support of
ResourceLoader). There are few good tutorials for theming with modern
versions of MediaWiki and basic template structure is the same. The
worst thing are modified DynamicPageList and condcache extensions.
These extensions require pretty deep knowledge of MediaWiki internals.
I wonder if it is possible to get rid of condcache and use
allowcachedresults DPL param instead.

 - S. L.

On Tue, Oct 9, 2012 at 10:24 PM, Dan McGrath <danmcgrath.ca at gmail.com> wrote:
>
> Hey,
>
> Sure, I will keep it in mind. It is going to take me a bit of time to
> get reaquainted with everything again anyways.
>
>
> Dan
>
> On Tue, Oct 9, 2012 at 2:03 PM, Kesten Broughton
> <solarmobiletrailers at gmail.com> wrote:
> > Hey dan,
> >
> > while you are investigating upgrades, can you check out the options on
> > mediawiki for wysiwyg editors.  We would want to provide users with this or
> > source editing options.
> >
> > thanks
> >
> > kesten
> >
> > On Tue, Oct 9, 2012 at 10:40 AM, Dan McGrath <danmcgrath.ca at gmail.com>
> > wrote:
> >>
> >> Heya Ton,
> >>
> >> On Tue, Oct 9, 2012 at 6:07 AM, Ton Roosendaal <ton at blender.org> wrote:
> >> > Since you have an account, I would be very pleased to have you help with
> >> > installing/upgrading mediawiki.
> >> > Is that possible?
> >>
> >> In theory, I don't think that upgrading the software would be hard to
> >> do from an installation point of view, but I would have to research
> >> into the version differences and what not first to ensure that all of
> >> the current modules we use are still available. Ideally I would need
> >> to test on the dev db first, which would need a sync with the live db
> >> once etc., so would take quite a bit of work/testing first.
> >>
> >>
> >> > On the 'wall of text': I would suggest to remove the Sphinx search and
> >> > put a simple google search button in place. I didn't understand everything
> >> > in your long text, but "Sphinx" seems to be the cause of everything that's
> >> > complicated and hard to work with. Remove complexity, we don't need it.
> >>
> >> >From what I remember (I actually did some quick tests a while back for
> >> this), switching to google is a pretty straightforward thing to do. As
> >> for sphinx, the install and setup itself could stay in place, even
> >> though it wouldn't be used. It would just mean a bit of wasted CPU
> >> cycles every day when the cron job runs, at least until I can either
> >> get Marco to remove the cron, or check on my access to do so (I am not
> >> the most familiar with the quirks of FreeBSD as I am with say Linux,
> >> that's all). But to fully remove Sphinx properly might require some
> >> help from Francesco as the current skin has a bunch of
> >> html/php/templates in place that put the search box in place and issue
> >> the URL's that hook into the search.
> >>
> >> Anyways, just got back and ill be showing up in irc shortly here.
> >>
> >>
> >> Dan
> >> _______________________________________________
> >> Bf-docboard mailing list
> >> Bf-docboard at blender.org
> >> http://lists.blender.org/mailman/listinfo/bf-docboard
> >
> >
> >
> >
> > --
> >
> > Kesten Broughton
> > President and Technology Director,
> > Solar Mobile Trailers
> > kesten at solarmobiletrailers.com
> > www.sunfarmkitchens.ca
> > 512 701 4209
> >
> >
> > _______________________________________________
> > Bf-docboard mailing list
> > Bf-docboard at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-docboard
> >
> _______________________________________________
> Bf-docboard mailing list
> Bf-docboard at blender.org
> http://lists.blender.org/mailman/listinfo/bf-docboard

More information about the Bf-docboard mailing list