Extension talk:MailNotification

Please feel free to post comments on my extensions.

Trouble running MailNotification extension
This is a great idea for an extension. Thanks for releasing it!

I'm having some trouble getting it running. After installing, when I submit changes to the wiki, I see this Fatal error: Call to undefined function wfquery in /home/.author/leedh/lee.org/w/extensions/MailNotification.php on line 36

When trying to look at Special:Version, I get this: Catchable fatal error: Object of class MailNotification could not be converted to string in /home/.author/leedh/lee.org/w/includes/SpecialVersion.php on line 241

Any ideas? I'm running --Gadlen 05:20, 25 March 2007 (UTC)
 * MediaWiki: 1.9.3
 * PHP: 5.2.1 (cgi-fcgi)
 * MySQL: 5.0.24a-standard-log
 * Dreamhost shared hosting

Romout:

Hi,

I'm sorry that you have such troubles running my extension :-( I've implemented the extension using MamboWiki's latest release. The contained MediaWiki Version is 1.7.2. The wfquery function is defined in includes/DatabaseFunctions.php and should be accessible. As already mentioned, I've not tried to run the extension under any later media wiki version. Nevertheless, I'll do so as soon as possible.

For now, have you some additional information or ideas on your topics?

wfQuery seems to be gone in PHP 5.2.1
Others extensions are having the same issue. You can see http://www.bad-behavior.ioerror.us/2007/01/26/bad-behavior-on-php-520/ for some details (not many though).

Gadlen: The guy discussing Bad Behavior mentions that he is running on Dreamhost. I am also on Dreamhost which may be significant. (I added that info above). I wish I had the chops to help you solve this problem. I can volunteer some time to help you out though. See my profile to find my email address. --Gadlen 18:11, 15 April 2007 (UTC)

Database errors
When CREATE has been denied to the database user running MediaWiki, this script fails. Even if the table is created manually first. I personally think keeping the strict permissions is a better idea than relaxing them. I worked around this by creating the table by hand and then commenting out the contents of the function that is meant to create the table. Seems to work fine.

Warning: Unprotected SQL queries
Potential SQL Injection Vulnerability This extension appears to not sanitise page names and other user input, feeding them directly into SQL queries. At this stage, I have only had innocent attempts to create page names such as "Tom's_Boat", which only gives an SQL error... But a crafty malicious user may try something like "nothing'; DROP *" as a page name, which could be very bad (I'm not game to test it though, even though my DB user doesn't have drop permission). I need someone with PHP/SQL skills to confirm this however, as I'm not really a developer. --Tim Bates