Page MenuHomePhabricator

Tool 'wp-world' gives 404s
Open, Needs TriagePublic


Every link transcluded from Wikidata regarding Google Maps geo-locations give a 404-error

For example, click on the Google Maps-link at the following Commons Category:

Hopefully this can be solved. also gives a 404-error. is still online. Please fix these issues.

Good luck and kind regards, Vincent Mia Edie Verheyen (talk) 14:08, 13 July 2018 (UTC).

Event Timeline

zhuyifei1999 renamed this task from Every link transcluded from Wikidata regarding Google Maps geo-locations give a 404-error to Tool 'wp-world' gives 404s.Jul 15 2018, 5:56 PM
zhuyifei1999 added a project: Commons.
TheDJ added a subscriber: TheDJ.EditedAug 7 2018, 9:39 AM

Unfortunately this tools project seems no longer maintained. If you want it back I suggest finding a new volunteer maintainer and developer and petitioning for access to the service.

Also parts of the functionality of this service will no longer work, considering that Google maps is now a lot tougher on api access T196418: Google Maps keyless usage sunset on 2018-06-11 etc, and we are more stringent on privacy issues T172065: Hunt for Toolforge tools that load resources from third party sites. A rewrite of parts of it might be required.

Lydia_Pintscher moved this task from incoming to monitoring on the Wikidata board.Aug 7 2018, 10:06 AM

On parts of my tool I'm still have a strong interest to maintain it.
But I deactivated the googlemaps proxy as I'm no expert on XSS security .
The source code of the script is:
So if somebody would be able to repair it it would be nice.

Main problem for wp-world seems the my database seem deleted/ moved and is described here:
Help would be very nice as the map is included inside different Wikipedias.

Hi. Just adding a comment to say that the geonotice maintainers on the English Wikipedia also use wp-world to produce a map of existing geonotices.

It'll be nice if we can have another tool to overlay the geonotice locations onto a world map.

This comment was removed by Dvorapa.
Dvorapa added a comment.EditedFeb 25 2019, 10:01 AM

Ah, it seems php was not a good choice as you need to turn certain php anti-xss global variables on. I created my version of the tool, which unfortunately doesn't work too as Google wants to pay for every use of its new API. Anyway I don't know if this suffers the same XSS problem as original tool (I don't know if XSS is somehow prevented by jQuery), but you can use any part of my code freely (CC0):

Dvorapa added a comment.EditedFeb 25 2019, 10:11 AM

@Kolossos To the original tool: You should at least wrap the $page into htmlSpecialChars($page, ENT_QUOTES) function to prevent the most usual types of XSS I know (but I learned how to solve XSS attacks in 2014, so I might have outdated knowledge). addslashes is really insufficient method. See the updated source: