Extension:Widgets

課題管理システム: #MediaWiki-extensions-Widgets
From mediawiki.org
This page is a translated version of the page Extension:Widgets and the translation is 86% complete.
Outdated translations are marked like this.
Languages:
また、ぜひこの機会に自作のウィジェットの投稿をお願いできないでしょうか。 ご理解のほどよろしくお願いいたします。
MediaWiki 拡張機能マニュアル
Widgets
リリースの状態: 安定
実装 パーサー関数
説明 Widget 名前空間のページを編集すると、wiki にフリースタイルのウィジェットを追加できます
作者
メンテナー Yaron Koren
最新バージョン 1.4.2 (2023-03-14)
MediaWiki 1.30+
PHP 5.6+
ライセンス GNU 一般公衆利用許諾書 2.0 以降
ダウンロード
拡張機能をダウンロード
Git [?]:
Widgets on MediaWikiWidgets.org
パラメーター
  • $wgWidgetsCompileDir
  • $wgWidgetsUseFlaggedRevs
使用するフック
Quarterly downloads 205 (Ranked 46th)
Public wikis using 1,122 (Ranked 207th)
translatewiki.net で翻訳を利用できる場合は、Widgets 拡張機能の翻訳にご協力ください
Vagrant role widgets
問題点 未解決のタスク · バグを報告

Widgets 拡張機能は raw HTML ページの作成と、標準的なウィキページに (テンプレートと似た形で) 参照読み込みできるようにします。 実行するには、 Widget 名前空間にページを作成します。 Widget 名前空間の編集には権限の制限が設けられており、編集可能なウィキページ上に raw HTML を埋め込むセキュリティ上のリスクを回避します。 既製のウィジェットがたくさん用意されています。

ダウンロード

Git からコードを入手するには、以下のコマンドを書きます。 

cd extensions
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/Widgets.git
cd Widgets
composer update --no-dev

Composer は PHP で書かれた依存関係管理ツールです。MediaWiki >= 1.35.2 の場合、composer をバージョン 2 に更新する必要があるかもしれません。手順ここを参照してください。

インストール

To invoke this extension, add the following to LocalSettings.php : 

wfLoadExtension( 'Widgets' );
フォルダーの権限

Also, the $IP/extensions/Widgets/compiled_templates/ folder should be made writable by the web server. See Making a directory writable by the webserver. The compiled templates folder is where Smarty stores pre-compiled templates.

設定

The steps in this section are optional—the extension should work fine even without these changes, but they will give you more flexibility if you have a complex MediaWiki installation.

ウィジェットの査読に FlaggedRevs を使用

You can use the FlaggedRevs extension to enable a widget security review process. This will enable the Widgets extension to use only stable versions of the Widget:* pages. To do so, just add the following to your LocalSettings.php file: 

$wgWidgetsUseFlaggedRevs = true;

This will tell the Widgets extension not to protect Widget:* pages using permissions, but rather require changes to be reviewed for security before they can take effect.

To just use FlaggedRevs to review widgets, the following configuration should suffice: 

wfLoadExtension( 'Widgets' );
wfLoadExtension( 'FlaggedRevs' );
$wgFlaggedRevsNamespaces = [
    274 // NS_WIDGET
];
$wgFlaggedRevTags = [
    'security' => [
        'levels' => 1,
        'quality' => 1,
        'pristine' => 1
    ]
];
$wgFlaggedRevsOverride = true;
$wgWidgetsUseFlaggedRevs = true;


コンパイルしたウィジェットの保存先ディレクトリを変更する

You can use the $wgWidgetsCompileDir variable to change the directory for storing the compiled widgets ($compile_dir in the code). The default setting is 

$wgWidgetsCompileDir = "$IP/extensions/Widgets/compiled_templates/";

If you change the location by setting the parameter with another directory, make sure that it exists and has the correct permissions.

利用者権限

This extension adds a namespace called "Widget", but due to potential security implications that can result from using insecure widget code, this namespace is only editable by users who have the editwidgets permission (the widgeteditor group is also created to add users to; see Help:User rights management for more details).

使用法

To add a widget to your MediaWiki installation, just create a page in the Widget: namespace. You can then use the {{#widget:...}} parser function to include it in any page in the wiki.

<span id="{{#widget}}_parser_function">

{{#widget}} パーサー関数

To add a defined widget to pages, users can use the {{#widget}} parser function. The syntax is as follows: 

{{#widget:WidgetName|param1=value1|param2=value2}}

Where WidgetName is a page name in the Widget namespace (e.g. Widget:WidgetName) and param=value pairs are the settable parameters, defined within the widget code.

Parameters can be expanded inside a widget using Smarty syntax, as follows: 

<a href="<!--{$param1|escape:'url'}-->"><!--{$param2|escape:'html'}--></a>

The escape options specifies how the parameter will be 'escaped', or encoded, in the resultant Widget. It is critically important that all parameters are escaped to prevent cross-site scripting vulnerabilities. Some escape methods are ineffective. In general you should use one of escape:html, escape:url, escape:urlpathinfo or escape:javascript. See http://www.smarty.net/docsv2/en/language.modifier.escape for more information on this.

Widget 名前空間内のページ

All widgets in the wiki are defined by creating pages in the special "Widget:" namespace, like e.g. "Widget:WidgetName".

To see all Widgets defined in your system, you can simply go to the page "Special:AllPages", select "Widget" in the namespace dropdown and click "Go".

For security reasons, these pages are only editable by wiki administrators - see User rights above for more info.

You can find many pre-defined widgets to install in your wiki at MediaWikiWidgets.org. If you are interested in creating widgets yourself, see the next section.

ウィジェット ページの構文

The Widgets extension uses the Smarty PHP templating engine to provide simple templating functionality within widget pages. All parameters passed to a widget are converted into Smarty parameters.

Important: Use escape modifiers on all passed-in parameters to prevent users from passing in raw HTML from normal wiki pages. Failure to protect against this will expose the hosting site to XSS (and other) attacks.

配列

If you use the same parameter multiple times, the widget will get an array of values. You can use foreach to go through the array.

真偽値 (true/false)

In addition to PHP's default handling of Boolean conversions, you can (unlike in PHP) use the values "true" or "false" to set the Boolean value. The following would set the $popup parameter to false, for example: 

{{#widget:WidgetName|popup=false}}

In addition, you can set Boolean parameters to true by just using a parameter name without a value, like this: 

{{#widget:WidgetName|popup}}

ドット付き記述

Parameter names can have dots, and Smarty will interpret them as associative arrays, so you can use foreach with both key and item attributes to traverse through them, or you can just use the same name with dots if you want to reference the parameter directly.

Widget:AssocTest might look like this: 

<includeonly><ul>
<!--{foreach from=$arg key=key item=item}-->
   <li><!--{$key|escape:'html'}-->: set to <!--{$item|escape:'html'}--></li>
<!--{/foreach}-->
</ul></includeonly>

...and you might call this Widget as follows: 

{{#widget:AssocTest|arg.foo=bar|arg.bar=oni}}

..which would be displayed as:

  • foo set to bar
  • bar set to oni

有効な修飾語

In addition to standard Smarty modifiers (like the heavily used escape), the Widgets extension implements the validate modifier, that uses PHP Data filtering to allow for validating widget parameters. Validating a parameter is not a replacement for escaping a parameter. You should still use an escape modifier even when validating.

The following values for the validate are supported (mapping to PHP's validation filters):

  • url Validate as url. Staring in Widgets 1.4.2 this uses MediaWiki's url validation instead of PHP's validation. This only allows url schemes listed in $wgUrlProtocols and unlike PHP validation does not allow urls with characters dangerous in HTML. Prior to Widgets 1.4.2 this used PHP's FILTER_VALIDATE_URL which is much less strict.
  • url-php (FILTER_VALIDATE_URL) Warning: Validating as a URL still allows JavaScript URLs that can lead to XSS. It also allows urls containing characters that are unsafe in HTML.
  • int (FILTER_VALIDATE_INT)
  • boolean or bool (FILTER_VALIDATE_BOOLEAN)
  • float (FILTER_VALIDATE_FLOAT)
  • email (FILTER_VALIDATE_EMAIL) Warning: Valid email address can still contain characters that are unsafe in HTML, be sure to escape in addition to validating
  • ip (FILTER_VALIDATE_IP)
  • domain (FILTER_VALIDATE_DOMAIN) Warning: Valid domains can still contain characters that are unsafe in HTML, be sure to escape in addition to validating.
  • mac (FILTER_VALIDATE_MAC)


ウィジェットページのキャッシュを破棄

If you're using a call to the widget within the widget page itself, then you will not see the updated widget (and no widget at all when you just created a page). This happens because the page contents are not available to the Widgets extension until a page is saved, but the call to the {{#widget}} parser function is made before the page is saved. After the page is saved, it's cached by MediaWiki, so you won't see the result even if you reload the page via the browser. To make the latest edits to the widget code appear, you need to refresh the page in the cache; to do this, you just need to use the purge action (see also Purge extension), or wait a certain amount of time (up to 24 hours).

ウィジェットとテンプレート

Placing widgets within templates makes them an invaluable tool for creating complex displays of data with minimal lines of code.

It is particularly helpful if you want to preset some parameters of the widget while allowing users to modify others (e.g. video ID for the YouTube widget or username for the Twitter widget).

作者

The widgets extension was created and designed by Sergey Chernyshev. It is currently maintained by Yaron Koren, who has also contributed to the code base.

Other important contributions have been provided by Alexandre Emsenhuber, Jeroen De Dauw, Joshua Lerner, Majr, Sam Reed and Tim Starling.

バージョン履歴

  • 1.4.2 (February 14, 2023) - Improved language conversion, improved validation, removed Widgets.php entry point
  • 1.4.1 (December 10, 2020) - Improved Smarty validation
  • 1.4.0 (October 10, 2018) - Added extension.json file, dropped compatibility with MW 1.29 and earlier, Smarty downloaded via Composer rather than Git submodule, removed Makefile
  • 1.3.0 (August 3, 2017) - Removed i18n php shim, dropped compatibility with MW 1.22 and earlier
  • 1.2.2 (April 14, 2017) - Restored compatibility with MW 1.27 and later
  • 1.2.1 (November 9, 2015) - Minor changes: improved debugging, license to show on "Special:Version"
  • 1.2.0 (April 29, 2015) - Possibility of arbitrary HTML output removed, support added for PHP 5.3
  • 1.1.0 (May 28, 2014) - i18n messages moved into JSON files, fixes for MediaWiki 1.21+, new parameter for setting the storage location of compiled widgets, removed support for PHP 5.2 and earlier
  • 1.0 (February 21, 2013) - Security leak fixed.
  • 0.10.1 (February 20, 2013) - Smarty added as a Git submodule, and updated to version 3.1.7.
  • 0.10.0 (January 19, 2012) - 'editwidgets' permission given to sysops by default, support removed for MediaWiki < 1.16.
  • 0.9.2 (January 12, 2011) - PHP fixes.
  • 0.9.1 (September 19, 2010) - Some code structure changes and fix to a bug 25219.
  • 0.9 (April 16, 2010) - Added support for FlaggedRev extension controlling Widget review.
  • 0.8.10 (November 27, 2009) - Security Release: Fixed a security hole in error message.
  • 0.8.9 (November 11, 2009) - Bugfix release: base64 wasn't identified properly which caused some widgets not to be displayed.
  • 0.8.8 (November 2, 2009) - HTML is inserted as-is, thanks to Joshua C. Lerner.
  • 0.8.7 (June 19, 2009) - namespaces issues and i18n issues fixed by ialex.
  • 0.8.6 (May 22, 2009) - some important security fixes by Tim Starling.
  • 0.8.5 (March 12, 2009) - Allowing parameters without values to work as bulean "true" and converting test "false" into boolean false (which is not the case in PHP itself).
  • 0.8.4 (March 11, 2009) - Minor security release - compiled Smarty templates can't be accessed directly. Also fixed a problem with compiled_templates being empty in archives and therefore not extractable by some software.
  • 0.8.3 (February 10, 2009) - Added 'validate' modifier that makes sure variable value conforms to validation rules (using https://php.net/filter).
  • 0.8.2 (January 27, 2009) - Fixed a bug when widgets were not showing up correctly on old versions of the pages. Thanks to Max Ingleton for a bug report.
  • 0.8.1 (June 25, 2008) - Worked around MediaWiki bug that inserts ‎<p>‎</p> in front of widget output.
  • 0.8.0 (June 10, 2008) - Fixed a bug where variables were carried over from one widget to another on the same page
  • 0.7.0 (May 23, 2008) - Added support for arrays and Smarty's dotted notation
  • 0.6.0 (May 9, 2008) - Minor tweaks and bug fixes, release Makefile
  • 0.5.0 (Feb 11, 2008) - First public release

ウィジェットの投稿

If you created a widget and would like to share it, feel free to post it to MediaWikiWidgets.org website and to add a reference to it to the Widget library on this page.

バグ / 機能の要望

If you found a problem, would like to contribute a patch or request a new feature, feel free to open a bug in the Wikimedia bug tracker: 

https://phabricator.wikimedia.org/maniphest/task/create/?projects=MediaWiki-extensions-Widgets

トラブルシューティング

There are a few common problems that users encounter when they start to use Widgets extension - we'll try to document them here:

  • On a widget page, right after you just created it (or copied from MediaWikiWidgets.org) you see the message:
Warning: Smarty error: unable to read resource: "Widget:<your-widget-name>" /../extensions/Widgets/
smarty/Smarty.class.php on line 1095
This is most likely caused by the widget not yet existing at the moment when the widget page itself is being processed - to solve this simply purge the page, e.g. add &action=purge (or ?action=purge if you have nice URLs) to the URL.
It's also possible that you called the Widget incorrectly. Widget page names are case sensitive and must match the name of the widget you're calling. E.g. don't use {{#widget:Youtube|...}} when the widget is called "Widget:YouTube", or vice versa.
  • If the page doesn't load and you see the following error message in the log file:
PHP Fatal error:  Smarty error: unable to write to $compile_dir '/../extensions/Widgets/compiled_templates'.
Be sure $compile_dir is writable by the web server user. in /../extensions/Widgets/smarty/Smarty.class.php on line 1095,
referer: https://your-wiki.com/Widget:<your-widget-name>
Check if you changed permissions and owner for Smarty to store compiled templates in. See also this post for further details.
  • If your wiki began returning totally white pages or 500 errors when you updated MediaWiki to 1.20 or a later version, try setting the permissions on /../extensions/Widgets/compiled_templates to 777.

ウィジェット ライブラリ

MediaWikiWidgets.org contains a full library of ready-made widgets, including support for most of the major video sites. Any widget can be used simply by copying over the contents of the page.

動画/音声用のウィジェット

Video
Audio

その他のウィジェット

もっと他のウィジェット

To get the most up-to-date list of widgets, click here.

拡張機能をウィジェットと交換

Let's collect a list of extensions that can be replaced with widgets because all they do is output some HTML/JS/CSS with parameters and simple logic that can be done using Smarty templates.

Maybe someone will come and create a widget for that to simplify deployment. Also, these lists of extensions are a good source for action:

よくある質問

How do I get a video to align to the right with the other images?

Use something like this. Note that the ‎<br /> line break tags will have to be added manually. 180px is used for width because that is the default for thumbnails. 150px is used for height because that keeps the same ratio as for the default 350x420. 

<div class="thumb tright">
<div class="thumbinner">
{{#widget: YouTube |width=180px |height=150px |id=qRhitIPEr0Y }}<br/>
<div class="thumbcaption">
Seeing bad acting sully a good<br/>
script can upset some people<br/>
who place a high value on<br/>
natural-seeming performances.<br/>
</div>
</div>
</div>

See also

Retrieved from "https://www.mediawiki.org/w/index.php?title=Extension:Widgets/ja&oldid=6060435"