Split from https://phabricator.wikimedia.org/T110181
This might refer to the API but this should be checked everywhere
Split from https://phabricator.wikimedia.org/T110181
This might refer to the API but this should be checked everywhere
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Duplicate | Qgil | T125545 Phabricator Q&A session for Community Liaisons | |||
Resolved | Qgil | T116025 Goal: Align Community Liaison and Developer Relations project management practices | |||
Resolved | Qgil | T119387 Community Liaison and Developer Relation quarterly goals for January - March 2016 | |||
Declined | None | T104131 Exporting existing newsletter to the Newsletter extension | |||
Resolved | Addshore | T110170 Goal: Deploy Newsletter extension in Wikimedia | |||
Resolved | Qgil | T110642 Implement all the features required for running the Newsletter extension in Wikimedia | |||
Duplicate | None | T115098 Deploy Newsletter extension in beta cluster | |||
Resolved | ori | T127297 Add the Newsletter extension to the Beta Cluster | |||
Resolved | Bawolff | T115095 Security review of Newsletter extension | |||
Resolved | Tinaj1234 | T110491 Newsletter extension should have validation |
<tinajohnson> This refers to input validation ^ mainly ?
<Glaisher> yes
<Glaisher> check all the input points and make sure that people are not able to enter anything that doesn't make sense
<tinajohnson> and requires live valiation ?
<Glaisher> what do you mean by live validation?
<tinajohnson> hm, the kind you see in bootstrap form.. you get a tick icon right away after the text is entered
<Glaisher> oh, you mean ajax
<tinajohnson> yup
<Glaisher> No, this is about actually validating real input on the forms
<Glaisher> but I guess we could ajax validation for the forms later
<Glaisher> but that's not a must
<tinajohnson> the kind in https://junior.inctf.in/register/user/
<tinajohnson> okay, noted
<Glaisher> For example, in the the form which lets you add publishers, make you sure you can add only real users
<Glaisher> not an IP or a user that doesn't exist
<tinajohnson> okay
<qgil> I guess we need to document every form in the description of that task, and assue that we are applying the right validation?
<qgil> or types of input
<tinajohnson> right, that would be good
<Glaisher> we could do the [X] check thing
<Glaisher> List all the input points
<tinajohnson> okay, great!
<qgil> In fact...
<qgil> Isn't http://newsletter-test.wmflabs.org/wiki/Special:CreateNewsletter all the input we have?
<qgil> 3 fields
<qgil> ah no
<Glaisher> no, there's some other forms as well
<Glaisher> and the API
<qgil> announce newsletter
<tinajohnson> yeah, add publishers
<Glaisher> You could go through all of them and make sure someone wouldn't be able to add random stuff there
<qgil> but do checkboxes and buttons need validation?
<tinajohnson> just text input boxes, right ?
<Glaisher> I think HTMLForm does validation for checkboxes and dropdowns
<Glaisher> (not sure)
<tinajohnson> checking..
I think it would be better to decide what all kinds of inputs are allowed for the form fields that needs validation. Two pages have forms and thus require validation, Special:ManageNewsletter and Special:CreateNewsletter.
Special:ManageNewsletter
Special:CreateNewsletter
And in the announce newsletter section we have,
Change 266049 had a related patch set uploaded (by Tinaj1234):
Add minimum length for description field
Change 267666 had a related patch set uploaded (by Tinaj1234):
Validating parameter passed to database from API
Change 267666 merged by jenkins-bot:
Validating parameter passed to database from API
anything more to be done on this patch @Glaisher, @Addshore, @Tinaj1234 ? We still have this open, and blocking deployment !
Anything else needed will be caught by the security review, this can likely be closed.
I'm not happy with the validation on Special:CreateNewsletter yet. I'll try to work on something...
Change 270496 had a related patch set uploaded (by Glaisher):
Add NewsletterValidator and changes to Special:CreateNewsletter
Change 270496 merged by jenkins-bot:
Add NewsletterValidator and changes to Special:CreateNewsletter
Deployed in http://newsletter-test.wmflabs.org/wiki/Special:CreateNewsletter.
Should be safe to close now.