Page MenuHomePhabricator
Create Task
Maniphest T198666

Security review for TemplateWizard extension
Closed, ResolvedPublic
Actions

Description

Project Information

Description of the tool/project

The extension adds a WikiEditor gadget to allow users to populate templates more easily using a dialog. This functionality is already present in VE and 2017 Wikitext editor but this project is aimed at the 2006 wikitext editor.
Note that most of the extension is written in JavaScript.

Description of how the tool will be used at WMF

The extension will be deployed on all Wikimedia wikis. The template information for the templates will come from TemplateData. In cases where there is no TemplateData, the extension attempts to "guess" template parameters by parsing the template text.

Dependencies

TemplateData extension.

Has this project been reviewed before?

No.

Working test environment

  1. Setup MediaWiki
  2. Install WikiEditor, TemplateData and TemplateWizard extensions.
  3. Create a template to test with.
  4. Go to the 2006 wikitext editor on a page and click the TemplateWizard icon (puzzle piece) in the toolbar to test it out.

You can see it in action here: http://commtech.wmflabs.org/

Post-deployment

Community-Tech is responsible for the project. Lead developer is @Samwilson and product owner is @Niharika.

Details

SubjectRepoBranchLines +/-
Remove redundant pass-by-reference for objects in hook handlersmediawiki/extensions/TemplateWizardmaster+6 -6
Customize query in gerrit

Related Objects

Event Timeline

Niharika created this task.Jul 2 2018, 10:28 PM
Restricted Application added a project: Community-Tech. · View Herald TranscriptJul 2 2018, 10:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Niharika triaged this task as Medium priority.Jul 3 2018, 12:19 AM
Niharika added a project: deprecated-security-team-reviews.
Niharika updated the task description. (Show Details)
Niharika added a subscriber: Samwilson.
Niharika updated the task description. (Show Details)Jul 16 2018, 10:12 PM
Niharika added a subscriber: JBennett.Jul 16 2018, 10:15 PM

@JBennett Hi. Do we need to do something in order to get this prioritized? This project came out of the 2017 Wishlist survey and we're working on a timeline.

Niharika moved this task from New & TBD Tickets to Older: Tracking Work by Others on the Community-Tech board.Jul 17 2018, 10:49 PM
Niharika moved this task from Older: Tracking Work by Others to Bug backlog on the Community-Tech board.Jul 30 2018, 9:46 PM
Reedy claimed this task.Aug 2 2018, 5:00 PM
Niharika moved this task from Bug backlog to Older: Tracking Work by Others on the Community-Tech board.Aug 3 2018, 6:39 PM
Bencemac subscribed.Aug 4 2018, 6:36 PM
kaldari subscribed.Aug 16 2018, 12:12 AM

@Reedy - Any update? Did you want to do a walkthrough with the developer for this one or just look at the code?

Reedy added a comment.Aug 16 2018, 1:04 PM
In T198666#4505911, @kaldari wrote:

@Reedy - Any update?

My hand is getting better, stitches are coming out tomorrow. Due to a mixture of restrictive dressings and my hand being sore (I'm right handed), putting pressure on my little finger just makes it more so. As such for the last two weeks I've been limiting the amount of time I spend on my laptop because it just ends up being uncomfortable and sore. Not so useful for healing.

Which has meant more broken up time, and other stuff to do.

To answer your actual question... I'm hoping to get this finished off by the end of the week

Niharika added a comment.Aug 22 2018, 2:36 AM

@Reedy Poke. I see you avoided saying end of *which* week. :)

Reedy closed this task as Resolved.Aug 22 2018, 1:10 PM

Haha. I did mean the end of the current week, ie the one just finished.

It's ok from me

Minor aside: PhpStorm is complaining about the objects in the PHP functions being passed by reference, but don't need to be.

Niharika mentioned this in T202545: Deploy TemplateWizard.Aug 22 2018, 3:18 PM
kaldari added a comment.Aug 22 2018, 6:22 PM

@Samwilson: ^ (In case you want to want to fix the variables passed by reference.)

gerritbot subscribed.Aug 22 2018, 11:00 PM

Change 454716 had a related patch set uploaded (by Samwilson; owner: Samwilson):
[mediawiki/extensions/TemplateWizard@master] Remove redundant pass-by-reference for objects in hook handlers

https://gerrit.wikimedia.org/r/454716

gerritbot added a project: Patch-For-Review.Aug 22 2018, 11:00 PM
Samwilson added a comment.Aug 22 2018, 11:00 PM

My PhpStorm doesn't seem to have an inspection for that. What's it called?

Reedy added a comment.Aug 22 2018, 11:08 PM
In T198666#4525279, @Samwilson wrote:

My PhpStorm doesn't seem to have an inspection for that. What's it called?

It's a plugin, has quite a few useful/interesting things - "Php Inspections (EA Extended)"

https://github.com/kalessil/phpinspectionsea

gerritbot added a comment.Aug 22 2018, 11:50 PM

Change 454716 merged by jenkins-bot:
[mediawiki/extensions/TemplateWizard@master] Remove redundant pass-by-reference for objects in hook handlers

https://gerrit.wikimedia.org/r/454716

sbassett moved this task from Incoming to Done on the deprecated-security-team-reviews board.Apr 24 2019, 6:07 PM
chasemp removed a project: deprecated-security-team-reviews.Jan 8 2020, 4:15 PM
chasemp added a project: Application Security Reviews.Jan 8 2020, 4:39 PM
chasemp moved this task from Incoming to Our Part Is Done on the Application Security Reviews board.Jan 8 2020, 4:43 PM
chasemp added a project: secscrum.Mar 10 2020, 8:11 PM
chasemp moved this task from Incoming to Our Part Is Done on the secscrum board.Mar 10 2020, 8:19 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL