Page MenuHomePhabricator

Security review for MediaWiki extension UploadsLink
Closed, ResolvedPublic

Description

Project Information

Description of the tool/project

adds, depending on its configuration, a link to the personal uploads listing, within the personal tools menu and one to the Tools-box on user pages and pages that relate to a user

Description of how the tool will be used at WMF

Deployed to Commons

Dependencies

None :)

Has this project been reviewed before?

please link to tasks or wiki pages of previous reviews
This extension is based on Extension:SandboxLink which is already deployed to Wikipedias. Review Id2f7d9471e319fc67f05cc1e6e87718f88a653e9.

Working test environment

please link or describe setup process for setting up a test environment
Please follow the instructions on https://www.mediawiki.org/wiki/Extension:UploadsLink
Vagrant: vagrant enable-role uploadslink

Post-deployment

name of team responsible for tool/project after deployment and primary contact
Editing/Multimedia

Event Timeline

Rillke created this task.Mar 11 2016, 1:09 AM
Restricted Application added subscribers: Steinsplitter, Aklapper. · View Herald TranscriptMar 11 2016, 1:09 AM

For adding to the toolbox - that's something that maybe should just be in MW core and go on all wikis. Although its probably also fine as an extension.


I quickly skimmed your git repo. At a glance it looks fine, although I'll note you need a qqq.json language file.

For adding to the toolbox - that's something that maybe should just be in MW core and go on all wikis. Although its probably also fine as an extension.

From a user's perspective: It would be nice if you could just declare toolbox links with variables (like the related user or user) in LocalSettings.php or even inside the wiki . The core code looks somehow messy when it does all this in the skin template. I do not intend touching it.


I quickly skimmed your git repo. At a glance it looks fine, although I'll note you need a qqq.json language file.

Thanks! Good catch.

For adding to the toolbox - that's something that maybe should just be in MW core and go on all wikis. Although its probably also fine as an extension.

From a user's perspective: It would be nice if you could just declare toolbox links with variables (like the related user or user) in LocalSettings.php or even inside the wiki . The core code looks somehow messy when it does all this in the skin template. I do not intend touching it.

That's fair, it is kind of icky.

Rillke updated the task description. (Show Details)Mar 12 2016, 12:18 AM
Rillke updated the task description. (Show Details)Mar 12 2016, 2:11 AM
Rillke updated the task description. (Show Details)
csteipp moved this task from Backlog to Ready on the Security-Team board.

General Observations

Documentation and inline comments are clear.

Issues

No issues found.

Files

./extension.json
./UploadsLinkHooks.php

dpatrick moved this task from Ready to Done on the Security-Team board.
Legoktm closed this task as Resolved.Apr 22 2016, 5:50 PM

Thanks!