Page MenuHomePhabricator
Create Task
Maniphest T331153

Wikimini extensions review
Closed, ResolvedPublic8 Estimated Story Points
Actions

Description

All extensions:

https://fr.wikimini.org/wiki/Sp%C3%A9cial:Version

For each extension, it could be useful to understand the ones that:

  • "disable": we can disable now, and re-discuss in the future when we will need it
  • "wait": we must wait since now it's very important to ...
  • "keep" we should probably keep it always-on since it's useful for ...

Related Objects
Search...

Event Timeline

valerio.bozzolan created this task.Mar 3 2023, 5:06 PM
valerio.bozzolan added a parent task: T278033: Upgrade testing-Wikimini from MediaWiki 1.28.0 to 1.35.Mar 3 2023, 5:11 PM
valerio.bozzolan added a parent task: T268880: Upgrade production Wikimini from MediaWiki 1.28.0 to at least 1.31 (current Debian GNU/Linux stable).
valerio.bozzolan updated the task description. (Show Details)Mar 7 2023, 9:34 AM
Restricted Application added a project: Internet-Archive. · View Herald TranscriptMar 7 2023, 9:34 AM
valerio.bozzolan mentioned this in T268880: Upgrade production Wikimini from MediaWiki 1.28.0 to at least 1.31 (current Debian GNU/Linux stable).Mar 7 2023, 9:34 AM
valerio.bozzolan added a subtask: T331099: Improve "picture of the day" and "quote of the day" to don't require the Include extension and PHP scripts.
valerio.bozzolan updated the task description. (Show Details)
valerio.bozzolan triaged this task as High priority.Mar 7 2023, 3:54 PM
valerio.bozzolan updated the task description. (Show Details)
Raphoraph subscribed.Mar 7 2023, 3:57 PM

secure-include, as I said, is disabled (as was already AWC's forum
extension since around June 2022), by this I mean that LocalSettings do
not call it anymore.

You can safely move the file away as you might have done with AWC to be
sure that it is no more used badly (although it should not as a
standalone file work but who knows…)

valerio.bozzolan updated the task description. (Show Details)Mar 7 2023, 3:57 PM
valerio.bozzolan updated the task description. (Show Details)Mar 7 2023, 4:00 PM
valerio.bozzolan updated the task description. (Show Details)
Raphoraph added a comment.Mar 7 2023, 4:02 PM

LiquidThread is currently unmaintained and has some awful bugs. Didn't
find any security issue yet but don't know what the bugs are about so it
might be linked. However I do not know what will happen to the current
threads when the extension is removed. If it's like StructuredDiscussion
then we're screwed.

Threads ]]: probably unstable - remove?

valerio.bozzolan added a comment.Mar 7 2023, 4:03 PM

(The extensions I removed are now there:)

/var/www/wikimini.org/T331153_QUARANTINE_EXTENSIONS
Raphoraph added a comment.Mar 7 2023, 4:05 PM

did you put some .htaccess or rule in httpd.conf to forbid any access to
it ?

(Correctly set up owner / permission also works)

valerio.bozzolan added a comment.Mar 7 2023, 4:07 PM

Yep it's forbidden since, in short:

# private ↓
/var/www/wikimini.org/T331153_QUARANTINE_EXTENSIONS

# potentially public ↓
/var/www/wikimini.org/www

# much public ↓
/var/www/wikimini.org/www/w

# this and others locations have Deny rules in apache ↓
/var/www/wikimini.org/www/w/extensions
valerio.bozzolan updated the task description. (Show Details)Mar 7 2023, 4:12 PM
valerio.bozzolan updated the task description. (Show Details)
Raphoraph added a comment.Mar 7 2023, 4:15 PM

Usually wikis use both probably because Titleblacklists permits an
easier management in the sense of forbidden title and is probably much
efficient (it does not add a full language, it's a simpler parser, and
it warns the user before even attempting the edits).

> [X] Title Blacklist: keep (in the future, evaluate if can be replaced by
AbuseFilter)

valerio.bozzolan updated the task description. (Show Details)Mar 7 2023, 4:20 PM

Thank you and feel free to continue (I mean for some hours you do not risk edit conflict)

valerio.bozzolan added a comment.Mar 7 2023, 4:32 PM

Wow, LiquidThread is still enabled in Hungarian Wikipedia and maybe others:

https://hu.wikipedia.org/wiki/Szerkeszt%C5%91vita:Teszt_Elem%C3%A9r

I think it would be a good idea to update it now and just keep it, since it still supports MediaWiki 1.29+

valerio.bozzolan lowered the priority of this task from High to Medium.Jun 7 2023, 10:17 AM
valerio.bozzolan raised the priority of this task from Medium to High.
ValerioBoz-WMCH mentioned this in T355744: Tabs on Swedish Wikimini are in French.Jan 31 2024, 8:03 PM
ValerioBoz-WMCH updated the task description. (Show Details)Feb 26 2024, 8:04 AM
ValerioBoz-WMCH set the point value for this task to 8.
ValerioBoz-WMCH closed this task as Resolved.Feb 26 2024, 8:22 AM
ValerioBoz-WMCH claimed this task.
ValerioBoz-WMCH subscribed.

Let's declare this as concluded. We can still comment and update the description. The situation is clearer now.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits