use HTML code in Wikimedia

internet malware technology

since it is pretty tricky to google for, here the wonderful scary as hell wikimedia addition that lets you add raw html code in your pages:
[make sure to read the end of this post]


< ?php # RawHtml.php - raw HTML extension # # Defines the tag pair .
# Sends the content out without any processing.
#
# To use, include this file into your LocalSettings.php
# To configure, set members of $wgRawHtml after the inclusion.
#
# include 'RawHtml.php';
#
# $wgRawHtml = array('JoeUser', 'JoeUserBot')
#
# Adapted from code by Jan Steinman

class raw_html_settings { };

$wgRawHtml = new raw_html_settings;
$wgExtensionFunctions[] = 'wf_raw_html_ext';

function wf_raw_html_ext() {

global $wgParser;

$wgParser->setHook('RawHtml', 'render_raw_html');
}

function render_raw_html($raw_html_src, $style='') {

return $raw_html_src;
}
?>

found here.

It really is easy to use: Just add the file as RawHtml.php and then add in the end of LocalSettings.php the following lines:


include 'RawHtml.php';
$wgRawHtml = array('user-name-to-use-this-goes-here' , 'this-would-be-a-second-one');

It turns out that the user names get absolutely ignored. So actually this is really dangerous to do, since ANYBODY that can edit the wiki can also insert any html code. Which is ok in a non public wiki, but NOT out there on those internets.

So the code above is plain malware: A bot could crawl the sources of wikis and could insert any html that might please in those pages. Allot of harm can be done that way.

For a decent explaination how to add your own addition look here

I ended up boiling up a couple of probably horrible php lines myself:


?php
#mimg.php
#insert image in wikimedia pages.
#to use add code like:

#/path/to/image.png

#please note that I have no freaking clue what I am doing.

#this will only work with local links to images, since all
#characters apart from numbers, letters slash and dot will be filtered when rendered
#to install save this in a file and include in LocalSettings.php

class mimgclass { };

$mimgo = new mimgclass;
$wgExtensionFunctions[] = 'installmimg';

function installmimg() {
global $wgParser;
$wgParser->setHook('mimg', 'mrender_mimg');
}

function mrender_mimg($mimg, $style='') {
$mimg = preg_replace ('/[^a-zA-Z0-9\/\.]/' ,"",$mimg);
return "";
}
?>