Extension:Cinderella
From MediaWiki.org
 |
WARNING: the code or configuration described here poses a major security risk.
Problem: Arbitrary HTML can be inserted into any wiki page |
 Release status: beta |
|
|---|---|
| Implementation | Tag |
| Description | Embeds Cinderella files (cdy) into wiki pages using the cinderella.jar applet |
| Author(s) | Russel Philip (Russel Talk) |
| Version | 0.1 |
| MediaWiki | tested on 1.11 |
| Download | Extension:Cinderella#Code |
Contents |
[edit] What can this extension do?
Embeds Cinderella files(cdy), previously uploaded into the wiki, into wiki pages using the cinderella.jar that comes with Cinderella
[edit] What is Cinderella?
Cinderella's official description is "interactive geometry software", but in practice it is much more. It is a powerful mathematics simulation environment the includes simple physics and a programming language CindyScript that can be used to create complex, and even interactive, mathematical constructions.
[edit] Usage
<cinderella width=XXX height=YYY filename=MyCinderellaFile.cdy> <param /> </cinderella>
[edit] Concerning <param />
As kindly noted above, the current implementation passes the <param/> content directly though to the body of the generated <applet> tag, which is a huge security no-no. I hope to find the time to find a clean and secure way to filter the rather large amount of parameters the need to be copied from the exported Cinderella construction.
[edit] Download instructions
Please cut and paste the code found below and place it in $IP/extensions/Cinderella/cinderella.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
[edit] Installation
- From Cinderella, copy the cinderella.jar file to the extensions/Cinderella/ folder.
- Add the following to LocalSettings.php:
require_once("$IP/extensions/Cinderella/cinderella.php");
[edit] Code
<?php /** * MediaWiki Cinderella extension * Usage * <cinderella width=XXX height=YYY filename=MyCinderellaFile.cdy> * <param /> * </cinderella> * * @author Russel Philip * @version 0.1 * @link http://www.mediawiki.org/wiki/Extension:Cinderella */ $wgExtensionFunctions[] = 'wfCinderella'; $wgExtensionCredits['parserhook'][] = array( 'name' => 'Cinderella', 'description' => 'Embeds Cinedrella files (cdy) into wiki pages using the cinderella.jar applet', 'author' => 'Russel Philip', 'url' => 'http://www.mediawiki.org/wiki/Extension:Cinderella', 'version' => '0.1' ); function wfCinderella() { global $wgParser; $wgParser->setHook( "cinderella", "renderCinderellaApplet" ); } # The callback function for converting the input text to HTML output function renderCinderellaApplet( $input, $argv ) { $errors = false; if (!$argv["width"]) $errors .= "<li>width not specified</li>"; if (!$argv["height"]) $errors .= "<li>height not specified</li>"; if (!$argv["filename"]) $errors .= "<li>cdy file not specified</li>"; elseif(!($myFile=Image::newFromName($argv["filename"]))) $errors .= "<li>invalide file specified</li>"; if (!$input) $errors .= "<li>applet parameters not specified</li>"; if (!$errors){ $output = '<applet code="de.cinderella.CindyApplet" archive="/nltl/extensions/cinderella/cindyrun.jar" width="'. $argv["width"].'" height="'. $argv["height"].'">'; $output .= '<param name=filename value="'.$myFile->getURL().'">'; $output .= $input; $output .= '</applet>'; }else{ $output = "Cinderella - errors found:<ol>".$errors."</ol>"; } return $output; }
