Page MenuHomePhabricator
Create Task
Maniphest T14495

Automatic subst-ing of templates in user signature is easily circumvented
Open, LowestPublic
Actions

Description

Since r12486, templates within user signature are always substed (by automatic modification (see Parser::cleanSig) upon saving of user preferences), which is probably meant to decrease the server load.

However, since {{subst:X}} substitutes only the first level of template transclusion, this feature is very easily circumvented: you only need to create a page containing the desired template call and use this page as your signature.

The most straightforward idea how to solve this could be to introduce the desired {{substall:X}} functionality (see T4777: Provide a recursive subst: function in the PST – {{substall:foo}}) and use that instead of plain subst. Or, you could maybe ensure the full recursive substing during parsing of ~~~[~] (somewhere around Parser::getUserSig), but I guess it would be not much compatible with the current parser design.

Details

Reference
bz12495

Related Objects

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL