|mediawiki/extensions/Newsletter : master||Add NewsletterValidator and changes to Special:CreateNewsletter|
|mediawiki/extensions/Newsletter : master||Validating parameter passed to database from API|
|mediawiki/extensions/Newsletter : master||Add minimum length for description field.|
|Duplicate||Qgil||T125545 Phabricator Q&A session for Community Liaisons|
|Resolved||Qgil||T116025 Goal: Align Community Liaison and Developer Relations project management practices|
|Resolved||Qgil||T119387 Community Liaison and Developer Relation quarterly goals for January - March 2016|
|Declined||None||T104131 Exporting existing newsletter to the Newsletter extension|
|Resolved||Addshore||T110170 Goal: Deploy Newsletter extension in Wikimedia|
|Resolved||Qgil||T110642 Implement all the features required for running the Newsletter extension in Wikimedia|
|Duplicate||None||T115098 Deploy Newsletter extension in beta cluster|
|Resolved||ori||T127297 Add the Newsletter extension to the Beta Cluster|
|Resolved||Bawolff||T115095 Security review of Newsletter extension|
|Resolved||Tinaj1234||T110491 Newsletter extension should have validation|
<tinajohnson> This refers to input validation ^ mainly ?
<Glaisher> check all the input points and make sure that people are not able to enter anything that doesn't make sense
<tinajohnson> and requires live valiation ?
<Glaisher> what do you mean by live validation?
<tinajohnson> hm, the kind you see in bootstrap form.. you get a tick icon right away after the text is entered
<Glaisher> oh, you mean ajax
<Glaisher> No, this is about actually validating real input on the forms
<Glaisher> but I guess we could ajax validation for the forms later
<Glaisher> but that's not a must
<tinajohnson> the kind in https://junior.inctf.in/register/user/
<tinajohnson> okay, noted
<Glaisher> For example, in the the form which lets you add publishers, make you sure you can add only real users
<Glaisher> not an IP or a user that doesn't exist
<qgil> I guess we need to document every form in the description of that task, and assue that we are applying the right validation?
<qgil> or types of input
<tinajohnson> right, that would be good
<Glaisher> we could do the [X] check thing
<Glaisher> List all the input points
<tinajohnson> okay, great!
<qgil> In fact...
<qgil> Isn't http://newsletter-test.wmflabs.org/wiki/Special:CreateNewsletter all the input we have?
<qgil> 3 fields
<qgil> ah no
<Glaisher> no, there's some other forms as well
<Glaisher> and the API
<qgil> announce newsletter
<tinajohnson> yeah, add publishers
<Glaisher> You could go through all of them and make sure someone wouldn't be able to add random stuff there
<qgil> but do checkboxes and buttons need validation?
<tinajohnson> just text input boxes, right ?
<Glaisher> I think HTMLForm does validation for checkboxes and dropdowns
<Glaisher> (not sure)
I think it would be better to decide what all kinds of inputs are allowed for the form fields that needs validation. Two pages have forms and thus require validation, Special:ManageNewsletter and Special:CreateNewsletter.
- Publisher name - Does not take IP addresses or invalid usernames as of now.
- Name of newsletter - we allow numbers, so right now IP addresses are possible. Is that okay ?
- Descripton - Should have a minimum length of 20 maybe ? (can prevent one word descriptions)
- Title of Main page - Only takes those pages which exist. Anything else to be done here ?
And in the announce newsletter section we have,
- Summary of this issue - Would require the same validation as description of newsletter.
- Page title of issue - only takes valid existing pages.