Harjot Singh's Blog

PHP Developer

Delhi, India

<- Back

GSoC 2017 Week 11 and 12 at Wikimedia Foundation

Adding new features and making the extension powerful

Recent development about my Project :

The custom CSS feature has two different approaches and functionality.First method uses of Common.css to provide feedback feature and has fallback mechanisms for the community.The second method will have parameters that can be passed to the quiz to apply CSS on particular classes.

Work done in 11 and 12th week :


 

GSoC 2017 Week 9 and 10 at Wikimedia Foundation

Moving towards Custom CSS feature

Recent development about my Project :

The aim of the project is now to provide custom CSS feature to users and admins using Quiz extension.The proposal of the project and project details have been changed about the same.There are multiple approaches to achieve custom CSS. Initially we're adding CSS classes based on logic to different divs based upon the feature, the admins can add styles for the class or remove the styles without touching the code.Another approach is we'll add a attribute to quiz.Adding tests have also paid as the tests have also paid of as the extension is stable and consistent.

Work done in 9 and 10th week :

  • Merged T167635.Shuffle control features are exotic features which were added but wasn't documented.Earlier the documentation was added but this patch adds the required tests for {X}, {!X} and {/X} tags
  • Merged T170733.It removes BadMethodCallException when creating quiz with no answer and zero.Tests will ensure that it won't cause such Exception in future
  • Merged T170035.This patch simply adds missing right section that was missing in the settings template.
  • Submitted patch for T170852.This patch is the first for the custom CSS feature.It adds enumeration class to numbers displayed with the question in a quiz.Common.css can be used to override the style.
  • Submitted patch for T159952This is a old feature request, earlier a patch was submitted to change the way feedback was shown (Only for attempted question) but it wasn't flexible.The new patch adds CSS class to non-attempted questions using similar backend logic and Common.css can be used to show or hide such feedback.
  • Submitted patch for T171154.A patch for bug that causes extra cell inside the table settings.This also adds tests that took lot of time :P.

 

GSoC 2017 Week 8 at Wikimedia Foundation

Done with the testing

Recent development about my Project :

The tests for Question.php are provided for tolerance and functional coverage.The change has been merged now.The project is now shifting towards custom CSS feature instead of data storage.

Work done this week :

  • Merged T159691.This patch adds the relevant tests for the extension using phpunit.Marks the milestone for this month.It would ensure the code to be more reliable and better.
  • Merged T170733.This patch is to remove BadMethodCallException when creating quiz with no answer and zero.Tests are also added for reliability.
  • Discussed on the possibility and various implementation techniques to provide custom and flexible CSS.
  • Discussed on pros and cons of having data storage feature and its impact.
  • Submitted experimental patch for Flexible Css.This patch adds class attribute to quiz which can be further scaled to provide many features.The status of the feature is still now decided yet.(T148624)

 

GSoC 2017 Week 7 at Wikimedia Foundation

Week after the 1st Evaluation :D

Recent development about my Project :

The extension's php code is in 2 classes Question and Quiz.For each class a test class is added for unit testing.The aim is to provide tests to trivial functions and areas prone to errors.

Work done this week :

  • Merged T146392.This patch hides the shuffle button if there are less than 2 questions present in a Quiz.
  • Merged T161317.This patch removes the static HTML code for settings table to mustache template.As of now there is no extra static HTML code inside the classes of the extension.
  • Merged Regression bugs: T169529 and T170035.
  • .Updated documentation of shuffle feature on other language pages of Wikiversity.
  • Submitted multiple patchsets having Unit tests providing code coverage for Question.php (T159691)

 

GSoC 2017 Week 6 at Wikimedia Foundation

Week before the 1st Evaluation

Recent development about my Project :

The extension's static HTML code is mostly moved to mustache templates, the last bug is ready to be merged.The upcoming task is to make tests for php and javascript.I've started to learn PhpUnit.

Work done this week :

  • Changes made to T146392 and T161317
  • Merged T166439Currently numeric input type questions doesn't evaluate zero as valid input even if the answer is correct.When zero is submitted, the quiz state remains unanswered.This is caused as empty() in php consider 0 to be empty.
  • Wrote documentation about {X}, {!X} and {/X} tags used in shuffle control
  • Edited documentation of shuffle feature
  • Started learning PhpUnit and writing tests

 

GSoC 2017 Week 5 at Wikimedia Foundation

Half-way through the 1st month

Recent development about my Project :

The Quiz extension had lot of static HTML code, which needed to be moved into mustache templates. Template processor is used to process mustache template and return HTML

Work done this week :

  • Submitted patches for :T167587T167599T166926T146392T167642T166439T161317
  • Merged T161318.The bug moves static HTML code from inside the class of extension to mustache templates.It uses Mediawiki's template parser for processing templates.This bug is significant to removing legacy code and improving the extension.
  • Merged T167587.This bug is a follow-up bug to ensure that all variables that are being sent to template processor are defined.
  • Merged T167588.The bug removes escaped character in Answer.mustache template
  • Merged T166926.The extension uses (i) parameter for case-sensitive answers.Earlier the (i) was being shown inside the correction drop down.This bug removes the (i) parameter from the correction
  • Closed respective tasks for which the bugs have been merged
  • Possibility of new color scheme and feedback modification are still being discussed and are not confirmed.

 

GSoC 2017 Week 3 at Wikimedia Foundation

Time to get hands dirty in Regular expressions

Recent development about my Project :

The Quiz extension's major code can be seen into 2 classes, the Quiz and the Question.As stated in my earlier posts, the extension uses parser to hook onto the tags.The arguments and configuration variables inside tag are passed to parser and are retrieved by using Regex.Some resources for learning regex :Basic regex summary, Intro cheatsheet.Also Mastering regular expressions 3rd edition is higly recommended.

Work done this week :

  • Submitted patches for :T162803T166926T159952
  • Closed Following tasks by discussing with mentor and organization : (5 bugs:T166931T166444T166932T166441T166446T159604)
  • Merged T162803.The bug adds suppressing question number feature in the extension
  • Discussed with mentor about upgrading version, possibility of new color scheme and feedback modification.

 

GSoC 2017 Week 3 at Wikimedia Foundation

The work starts now :)

About my Project :

The Quiz extension's major code can be seen into 2 classes, the Quiz and the Question.The first uses the second to form each individual question while the 1st is called by the parser each time it finds a tag

Work done this week :

  • Archived To do list on Wikipage
  • Imported feature request, suggestions and bugs from Extension talk page (5 bugs:T166931T166932 T166927T166926T166930)
  • Merged T165398.The bug improves CSS of the extension

 

GSoC 2017 Week 2 at Wikimedia Foundation

The community bonding period is about to end on 30th March

About my Project :

The Quiz extension's major code can be seen into 2 classes, the Quiz and the Question.The first uses the second to form each individual question while the 1st is called by the parser each time it finds a tag

Work done this week :

  • Imported all bugs from wikipage (4 bugs:T166446T166441T166439T166444)
  • Started learning regex as parser heavily relies on regular expressions
  • Submitted patches for 2 bugs to  T165398T161318
  • Read code of Quiz.hooks.php, Quiz.class.php and Question.php extension



 

GSoC 2017 Week 1 at Wikimedia Foundation

The community bonding period is from 5th May to 30th May.

About my Project :

The project can be viewed as 2 tasks that are needed to be done on the Quiz extension.The first is to improve the extension, this involves importing bugs, resolving issues and updating the code to mediawiki standards.
The second task is to add Data storage facilty which would require schema changes.Functions for interacting to database would be added.A special page would also be added to view stored quiz scores.

Work done this week :

  • Setup my blog
  • Introduced myself on mailing list and connected to my mentor on Zulip
  • Imported 3 bugs to phabricator T165363T165387T165398
  • Read Documentation related to mediawiki core and quiz extension


While trying to understand codebase of mediawiki and how it works, I made a cheatsheet guide to mediawiki basics.

The cheatsheet is concise and basic, the information has been taken from Wikipages and documentation.


I'll keep updating this documentation as I work thorugh

 

reCAPTCHA are used to protect website from spam and abuse by allowing ony real people through and detecting Bots.It's necessary to have a reCAPTCHA in forms and other input fields.
 
I have come across various Website using reCAPTCHA that can be easily hacked.The implementation adapted by these website is not secure.For example a website called yousignanimals.org is for signing petitions for animals.
While surfing the site I say the form for submitting the petition.
It had a Arithmetic operation embedded as a string object that needed to be solved for the submitting.
 
The following Javascript code is capable of retrieving the operands and compute the result.
 
 
x=document.getElementById('comment');
y=x.nextElementSibling;
z=y.nextSibling;
k=z.data;str='';                                      //Get the String 
for(i=0;i<20;++i)                                 //Loop to remove whitespaces
{
         if(!(k[i]==null||k[i]=="" || k[i]==" " || k[i]=="="))
         {
             str+=k[i];
         }
}
count=0;                                           //Count is used to find the operator(+,-,/,*)
for(i=0;i<str.length;++i)
{
            if(str[i]=='+'||str[i]=='-'||str[i]=='*'||str[i]=='/'){
                  break;
            }
             count++;    
}
op1=0;
for(i=0;i<count-1;++i)                       //This loops finds operator 1 if it is more than 1 digit number
{
          temp=Math.pow(10,(count-1))*str[i];
          temp=parseInt(temp);
          op1+=temp;
}
temp=str[count-1];
temp=parseInt(temp);
op1+=temp;
op2=0;
for(i=count+1;i<str.length-1;++i)         //This loops finds operator 2 if it is more than 1 digit number
{
          temp=Math.pow(10,(count-1))*str[i];
          temp=parseInt(temp);
          op2+=temp;
}
temp=str[str.length-1];
temp=parseInt(temp);
op2+=temp;
if(str[count]=='+')                                    //Answer is calculated based on operator
{
       ans=op1+op2;
}else if(str[count]=='-')
{
      ans=op1-op2;
}else if(str[count]=='*')
{
      ans=op1*op2;
}else
{
       ans=op1/op2;
}
 
Copy Pasting this code in the console on any petition page of yousignanimals.org would result in the calculation of answer and thus the reCAPTCHA employed by the website has failed to stop bots.
 
Another website which uses a unsecure reCAPTCHA is MTNL broadband bill pay.
It simply displays a random string generated at backend inside a div and gives a background-color property to it.
A simple 2 line code can be used to retrieve the text inside the div using innerHTML.
 
I have written mails to both the websites to inform them about the vulnerability.
Rather than making your own reCAPTCHA it is suggested to use google's API.
 
NOTE:The information shared is only for educational purposes and the author is not liable for any malicious use of it.

Extensions allow you to add functionality to Chrome.
Chrome Extensions can interact with Web pages and can access the DOM of Webpage using Scripts.
 
A Extension can have following files:
1.Manifest
2.HTML
3.CSS
4.Javascript
5.Resources such as image and other files
 
The Architecture of Extensions have Background pages that control the main logic.
For Injecting code to a particular website we can use Persistent background page that interacts with Content Scripts.
A Content Script is responsible for accessing and modifying DOM of Webpage.
 
Lets assume you want to inject code to a Website whose url is www.examplescript.com.
Prepare a Script called script.js that performs the desired action.
 
Now using the content script get the current url to check it the webpage you are currently viewing is the one you want to automate the script.
 
 
The following code returns the current URL :
 
                       chrome.tabs.query({'active': true,'lastFocusedWindow': true}, function (tabs) {                                 
                         var url = tabs[0].url;                                                                                                                          
                         });                                                                                                                                                         
 
Now if the URL is the one you intend on automating the use the following code to inject your script.
 
                         chrome.tabs.executeScript(integer tabId, object details, function callback)                                       
 
 
This would automatically inject code even if the site refreshes multiple time.
 
 
Links:

https://developer.chrome.com/extensions/tabs#method-executeScript

https://developer.chrome.com/extensions/overview

 
 
NOTE:The information shared is only for educational purposes and the author is not liable for any malicious use of it.