Page MenuHomeMiraheze

Add extension AdaptiveThumb to avion.miraheze.org
Closed, DeclinedPublic

Description

Looking to get the AdaptiveThumb extension added to my wiki for auto-resizing of images based on screen resolution.

My wiki is here: https://avion.miraheze.org/wiki/Main_Page

AdaptiveThumb can be found here: https://www.mediawiki.org/wiki/Extension:AdaptiveThumb

Event Timeline

Unfortunately this extension has no license, so we cannot legally use it at this time.

And if we could use it, well... I'm not sure what the author has against quotes around html attributes, but it means that images with spaces in the name won't work but will create empty attributes? I guess that could be abused somehow, not sure how. Seriously, just use the Html::element() function included with Mediawiki, fellow developer.

But the other part of it is the bigger deal, security-wise: The src attribute doesn't respect $wgEnableImageWhitelist or $wgAllowExternalImages or $wgAllowExternalImagesFrom.

These are all issues that could be brought up with the author of the extension, but we can't install this extension in its current state.

Upstream issue resolved it seems.

It doesn't look resolved to me. It looks like we got 1 of 3 variables.

There's an XSS problem, too. Fixing most of this extension's problems would require a rewrite, and I wasn't able to effectively communicate with the author previously. I'm just going to decline this extension.