Page MenuHomePhabricator

Security review for FileExporter extension
Closed, ResolvedPublic


Project Information

Description of the tool/project

A simple extension to provide a link on File pages which will redirect the user to page provided by the FileImporter extension on Wikimedia Commons.

Description of how the tool will be used at WMF

If will be installed on all wikis (except for commons).


  • This also depends on the development of the FileImporter extension

Has this project been reviewed before?

Only review inside the WMDE-TechWish team.

Working test environment

  • None setup on labs, but the extension is easy to install (see instructions on
  • After enabling the extension, navigate to a file page and see the new link in the top bar



Event Timeline

Code is fine security wise. Literally nothing to it.

Minor non security issues:

  • i18n/en.json should be tab indented
  • extension.json should be tab indented
  • is empty, should at least have a basic description (possibly after T158072 ?)
  • Add COPYING or similar licence file to root

Change 341537 had a related patch set uploaded (by addshore):
[mediawiki/extensions/FileExporter] Add COPYING file

Change 341538 had a related patch set uploaded (by addshore):
[mediawiki/extensions/FileExporter] TAB indents in .json files

Change 341537 merged by jenkins-bot:
[mediawiki/extensions/FileExporter] Add COPYING file

Change 341539 had a related patch set uploaded (by addshore):
[mediawiki/extensions/FileExporter] Add basic README file

Patches uploaded for the comments from the review.

Change 341538 merged by jenkins-bot:
[mediawiki/extensions/FileExporter] TAB indents in .json files

Reedy claimed this task.

Change 341539 merged by jenkins-bot:
[mediawiki/extensions/FileExporter] Add basic README file

I should note...

We had an extension like this for the WikimediaShopLink, and we eventually just swapped it for a hook in CommonSettings and messages in WikimediaMessages

It's possible the functionality of this might expand slightly over the coming year, hence the extension.
Permission checks & other possible checks with the FileImporter extension.