|Open||None||T33279 Installer: extensions improvements: descriptions, alternatives, multiselection, configuration (tracking)|
|Open||None||T178349 Expand the set of bundled extensions and skins to achieve a default MediaWiki experience that's comparable to Wikimedia sites|
|Open||None||T246381 Expand the set of bundled extensions and skins in MediaWiki 1.36|
|Open||None||T191740 Bundle AbuseFilter extension with MediaWiki|
|Resolved||Daimona||T192325 Setup phan for AbuseFilter|
I'm working on this, but to me it's slow and painful. There are lots of errors which I'm not sure how to fix, nor I'd like to set exclusions if there may be an easy way to fix. @Legoktm since you know phan really well, could you please take a look?
ADD: More precisely, while the undeclared members are pretty easy to fix, I have no ideas for the remaining errors about tainted output.
Also adding @Bawolff in case you could please take a look. I managed to fix almost every error (although such fixes must be reviewed), apart from a couple of suppressed false positive and one waiting for a patch in the core. However, seccheck still has 7 errors which I'm not able to fix, nor I can figure out where they come from (line indications aren't precise). With some examples of common fixes we should be able to go on and fix new errors ourselves as phan will be enabled on I/C.
@Daimona for now at least I think normal phan is the priority for bundling (and great work so far!). T182599: Make jenkins run phan-taint-check-plugin non-voting and then voting tracks progress on the security check plugin.
Change 427851 abandoned by Daimona Eaytoy:
[WIP] Add phan seccheck configuration
None of the fixes in this patch solve seccheck issues. The composer requirement has been moved in I094a8af4f97c03f8b538ede00420b123de25138a and the needed fixes will follow-up that one in a brand new patch & task.