Security review for FileImporter extension
Open, Needs TriagePublic

Description

This extension is currently still in development but the team thinks it is ready for a first security review.

Project Information

Description of the tool/project

An extension that provides the ability to import a file from another wiki including all file and description history.
It will also make some predefined modifications to the description text.
It will also maintain previous revisions attachment to the correct user account on the new wiki

Description of how the tool will be used at WMF

It will be deployed on Commons.

Dependencies

  • This also depends on the deployment the FileExporter extension

Has this project been reviewed before?

Only review inside the WMDE-QWERTY-Team-Board team.

Working test environment

  • None setup on labs, but the extension is easy to install (see instructions on mw.org)
  • After enabling the extension, navigate to Special:ImportFile

Post-deployment

WMDE-QWERTY-Team-Board / TCB-Team

Addshore created this task.Mar 21 2017, 9:29 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 21 2017, 9:29 AM
Addshore moved this task from Backlog to Watching on the User-Addshore board.Mar 21 2017, 9:30 AM

We are still actively working on this extension but it is currently blocked on a minor refactoring in core.
We should have an estimated date that it would be ready for review in the coming weeks.

Restricted Application added a project: TCB-Team. · View Herald TranscriptJun 29 2017, 5:01 PM

The team believes this is ready for it's initial review now.

We are holding off on work on T161012 for now which was the last thing that we wanted to get in before a review.
If we do decide to continue with that task we can always request an individual review of the patch once ready.

The team believes this is ready for it's initial review now.

We are holding off on work on T161012 for now which was the last thing that we wanted to get in before a review.
If we do decide to continue with that task we can always request an individual review of the patch once ready.

Addshore renamed this task from WIP Security review for FileImporter extension to Security review for FileImporter extension.
Addshore updated the task description. (Show Details)
Tobi_WMDE_SW updated the task description. (Show Details)Sep 19 2017, 4:57 AM
Reedy added a subscriber: Reedy.Sat, Oct 7, 4:38 PM

FileImporterHooks is kinda empty

FileImporterHooks is kinda empty

Removed in https://gerrit.wikimedia.org/r/#/c/383099/

dpatrick moved this task from Backlog to Scheduled on the Security-Reviews board.Thu, Oct 12, 3:10 PM