[Owasp-leaders] OWASP Wiki embedded videos broken

Matt Tesauro matt.tesauro at owasp.org
Wed Nov 27 05:02:07 UTC 2013


FIXED.

(or perhaps I should say I checked the ZAP wiki page and the AppSec Video
on the wiki main page and those work fine)

The EmbedVideo extension had hardcoded YouTube as http:// not https://.  I
was able to override that setting in LocalSetting.php (which survives
source updates of MediaWiki and the EmbedVideo extension) and now all the
videos embedded in the wiki for YouTube are SSL'ified.

BTW, it looks like you have a couple extraneous [ characters in your
project page.  They are showing up in the latest FF in Linux next to the
embedded videos for Zap.  I went ahead and removed them and added a nbsp;
between the videos since I was already at that page.

Thanks for alerting OWASP (and me in particular) if the problem.

For the curious, here's what I added to LocalSettings.php:

#MAT# Added custom video service to SSL'ify YouTube links
# 2013-11-26
$wgEmbedVideoServiceList["youtube"] = array(
     'extern' =>
                 '<iframe src="
https://www.youtube.com/embed/$2?showsearch=0&modestbranding=1" ' .
                 'width="$3" height="$4" ' .
                 'frameborder="0" allowfullscreen="true"></iframe>',
);


--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project


On Tue, Nov 26, 2013 at 9:58 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:

> I suspect this is one of the 55+ undocumented extensions installed on the
> current wiki.
>
> I've been digging through them to see if they are actually used but
> MediaWiki doesn't allow an easy way to do this short of turning on debug
> logging which is verbose x 1,000 and would significantly impact the wiki's
> performance.
>
> I'll be taking some vacation time over the next couple days and will look
> at the existing extensions to see if I can identify this one.  I think it
> might be the EmbedVideo extension (
> http://www.mediawiki.org/wiki/Extension:EmbedVideo )
>
> I _think_ we're running version 1.0 (at least that's what my notes on the
> MediaWiki upgrade say) but I will need to look at the actual running code
> to verify that. I did the big code update from 1.18.x (unsupported version)
> to 1.19.x (oldest supported version) in August and cleaned up a ton of
> vestigial, backup and unused code from the wiki including fun things like
> modifications to pristine source.
>
> I'm currently in the process of getting the wiki updated from 1.19.x to
> 1.21.x and should have that done over the next several weeks.
>
> So give me a couple of days and I'll see what I can find out.
>
> Jonathan:  I bet this extension has http hard coded or possibly its
> configurable.  I'll look at that while finding the version number.
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
>
> On Tue, Nov 26, 2013 at 7:47 AM, psiinon <psiinon at gmail.com> wrote:
>
>> Just noticed that videos embedded on the OWASP wiki have broken, eg
>> https://www.owasp.org/index.php/ZAP
>>
>> This isnt just on the ZAP page - they seem to be broken on all other
>> pages that use this sort of markup: {{#ev:youtube|eH0RBI0nmww}}
>>
>> Anyone know whats changed/broken?
>>
>> Cheers,
>>
>> Simon
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131126/d39123bf/attachment.html>


More information about the OWASP-Leaders mailing list