Page MenuHomePhabricator

Enable RSS on Commons
Closed, DeclinedPublic

Description

Author: usermono

Description:
Would be helpful for displaying RSS feeds from the Wikimedia Blog in the community portal & main page.


Version: wmf-deployment
Severity: enhancement

Details

Reference
bz46528

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 1:16 AM
bzimport set Reference to bz46528.
bzimport added a subscriber: Unknown Object (MLST).

I think this is a change that shouldn't require community consensus as it's a non-controversial enhancement request, but others may disagree and ask that you first gather local community consensus.

I think enabling the RSS extension on all Wikimedia wikis for the Wikimedia blog might be nice. I don't really want to see a request next week for Meta-Wiki, outreach.wikimedia.org the following week, etc. Enabling the extension everywhere would reduce paperwork, in theory.

From https://noc.wikimedia.org/conf/InitialiseSettings.php.txt:


'wmgUseRSSExtension' => array(
'default' => false,
'foundationwiki' => true,
'mediawikiwiki' => true,
'uawikimedia' => true,
),
'wmgRSSUrlWhitelist' => array(
'default' => array(), // as of Ext:RSS v2, this means no URLs are allowed.
'uawikimedia' => array( 'http://wikimediaukraine.wordpress.com/feed/' ),
'foundationwiki' => array(

		'http://blog.wikimedia.org/feed/',
		'http://blog.wikimedia.org/c/our-wikis/wikimediacommons/feed/',
		'http://blog.wikimedia.org/c/communications/picture-of-the-day/feed/',

),
'mediawikiwiki' => array(

		'https://gerrit.wikimedia.org/r/gitweb?p=mediawiki/extensions/Translate.git&a=rss',
		'http://blog.wikimedia.org/feed/',

),

),

(In reply to comment #1)

I think enabling the RSS extension on all Wikimedia wikis for the Wikimedia
blog might be nice. I don't really want to see a request next week for
Meta-Wiki, outreach.wikimedia.org the following week, etc. Enabling the
extension everywhere would reduce paperwork, in theory.

Currently, $wgRSSUrlWhitelist needs to be modified for every feed that is used. So it seems unlikely that enabling it everywhere would reduce the number of shell requests. The code says:

Warning: Allowing all urls (not setting a whitelist)
may be a security concern.
...
// include "*" if you expressly want to allow all urls (you should not do this)

So it would seem that every request for addition to $wgRSSUrlWhitelist needs to be carefully reviewed for security.

(In reply to comment #3)

Currently, $wgRSSUrlWhitelist needs to be modified for every feed that is
used. So it seems unlikely that enabling it everywhere would reduce the number
of shell requests.

Sure, an on-wiki configuration system would be better. That said, comment 0 and comment 1 both specifically refer to the Wikimedia blog (https://blog.wikimedia.org). I think enabling the RSS extension and whitelisting only blog.wikimedia.org for all Wikimedia wikis might save some headache/hassle.

So it would seem that every request for addition to $wgRSSUrlWhitelist needs
to be carefully reviewed for security.

Hmm, I wonder why this is.

(In reply to comment #4)

So it would seem that every request for addition to $wgRSSUrlWhitelist needs
to be carefully reviewed for security.

Hmm, I wonder why this is.

It formats the HTML in blog posts, I'm sure you can understand why that is a issue.

(In reply to comment #5)

(In reply to comment #4)

So it would seem that every request for addition to $wgRSSUrlWhitelist needs
to be carefully reviewed for security.

Hmm, I wonder why this is.

It formats the HTML in blog posts, I'm sure you can understand why that is a
issue.

If the HTML were filtered then the extension could be more generally useful.

(In reply to comment #5)

(In reply to comment #4)

So it would seem that every request for addition to $wgRSSUrlWhitelist needs
to be carefully reviewed for security.

Hmm, I wonder why this is.

It formats the HTML in blog posts, I'm sure you can understand why that is a
issue.

(I will just note what I dropped in the IRC channel)

<p858snake|l_> TimStarling: actually it might not format html, I was reading the extension page and it looks like I was getting confused with it "Format Links" and "Format Images" option
<p858snake|l_> Susan: ^
<p858snake|l_> but would probably want to make sure its cache setup is setup properly before you do it clusterwide
<Susan> I assumed it sent raw HTML through the MediaWiki parser/sanitizer.
<Susan> But only because that seemed like the only sane thing to do. No idea if it actually does.
<Susan> I suppose sanitizing <a> would be problematic.

Not ready for shell because of security considerations + needs consensus -> shellpolicy.

Luke081515 added a subscriber: Luke081515.

Declined per T124354. There is no consensus for this change yet. Please reopen the task if consensus reached.

This is a shellpolicy task, not a community-consensus-needed task. (The rename did not make sense.)

Nemo_bis changed the task status from Open to Stalled.Feb 2 2016, 7:20 AM
Nemo_bis set Security to None.

Would be helpful for displaying RSS feeds from the Wikimedia Blog in the community portal & main page.

Assuming that "Wikimedia Blog" equals https://blog.wikimedia.org/ (meh, no URLs in task description). That one is dead. Hence boldly declining.
(Not sure either which "community portal & main page" this is about because no URLs.)

The Wikimedia Foundation blog had been recently consolidated into a single domain before 2013 and is nowadays scattered across a dozen domains, but it still exists:
https://wikimediafoundation.org/news/feed/