Yeah, I have had a Gerrit account for seven years but I have finally gotten around to figuring out how it works. Hopefully this is what you need.

In T236809#6164955, @thiemowmde wrote:

The release notes currently say:

* The following parser-related hooks have been deprecated:
  […]
  - ParserSectionCreate
    * No replacement; <section> tag wrapping will be done by core in future.
  - ParserPreSaveTransformComplete
    * No replacement; Content::preSaveTransform() provides for customizable PSTs
  - BeforeParserrenderImageGallery
    * No replacement; MediaHandler provides for customizable media rendering

I'm not exited to see "no replacement". What I wish we would have done is to first get rid of deprecated calls in codebases we actively monitor, and only then hard-deprecate stuff. What are the next steps now? Rewrite code that relies on these hooks? Who is supposed to do this? When? Consuming which budget? And a rewrite seems what's now necessary to keep the Wigo3 extension running.

I don't own any of the codebases in question, so I have not much reason to care about them. I'm not even paid to look after them. But what I care about is that we try to help volunteers as good as we can. And I think we can do better.

It is a public wiki where it could be seen three years ago for a couple months. It has since disappeared -- not sure if there was some maint script that has been run in the meantime, but there have been several MW version upgrades since then. Likely pages added to the category, too. Can no longer reproduce, sorry.

It's not as big of a a barrier to contribution as you think. Generally, when I want to commit something on a project hosted by WMF, I push a commit to somewhere else like Github, and then ask someone else who understands Gerrit to merge it. Usually, this is the extension developer, and from there they can either do git remote add or download a patch file.

This one is marked as resolved in our tracker at Miraheze, @Reception123. Is it ok to close this bug, or did someone find the cause?

Huh. I didn't expect when I wrote this ticket that it would be resolved by deleting all the documentation. Thanks, I guess?

Well, I'll fire our sysadmins just as soon as I start paying them :P

That credit works for me.

Hi, I'm here, a little. Just going to say that caching the entire category namespace sounds like a nightmare, if only because of the cache invalidation problem. So I just removed the TODO, because that seems like the Wrong Thing.

Just want to let you know that this task is what kept us from installing this extension on allthetropes.org. Using an unsupported third-party library doesn't inspire confidence from a privacy point-of-view.

Just a comment: this seems like a cleanup here would be a easy task. The body file is under 200 lines of code.

Just because the issue has come up again and I've done more reading since then... apparently <html> and <body> elements aren't required for valid HTML 5. But the <!DOCTYPE html> is missing, and that is required. Same suggested solution as in the comment above.

Thanks for the quick turnaround!

OK @Aklapper, I'll bite. Convince me that the second part is a separate task, and I'll open another task. I'm rather thinking that if the call to reportOutageHTML() moved into reportHTML() ... right around here ... that all of the above will be solved at the same time.

Ah, OK. You just said "already fixed in master" and assigned a duplicate task that is already closed, but didn't say that there was a fix for this branch. I assumed that you didn't understand the request.

If you're not going to fix the problem, don't just close the ticket resolved. I'm taking this to mean that you're declining to fix this issue.

Your guide seems pretty good, I'll give it a shot the next time I think of a patch. Actually, BlogPageClass.php is taunting me with:

Nope. The sectioning is done here:
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend/blob/master/includes/MobileFormatter.php#L541 That looks complicated.

As of iOS 10, all pages are zoomable. There is no API to prevent zooming on a page.

You chose the worst day to start working on this as our db server decided to crash today. I'll get back to you when we're back online.

Can anyone take over maintainership for this extension?

I don't understand. How is mw-editsection-divider an internal class for VE if it's in includes/skins/Skin.php? And if SkinEditSectionLinks is not a public API, why is it mentioned in docs/hooks.txt as replacement for a different public API?

In terms of the DOS attack @Bawolff mentioned, maybe ini_set on some PCRE options would be useful?

No activity in over 3 months. If no one is interested in merging this code, can they please decline the task?

If you are unable to upgrade to PHP 5.5.9, then you can use MediaWiki 1.23.13, which requires PHP version 5.3.2 or later

As far as I can tell, SQL Server does not support regular expressions -- or at least not without using a CLR function.

Thanks, this is great work. Sorry I didn't reply earlier, as I've been swamped by $dayjob stuff. I do have some other suggestions, but I'll reply in T140941.

I just suggested updating the extension because I thought it would be easiest. If you want, you just just do some HTML filtering in the original extension -- a good place to start would be here:

We're nearing 2 months since I first reported the vulnerability to the authors. Is there any WMF guidance as to how long before I can publicly disclose the vulnerability?

OK. If wfLoadExtension is recommended, then there was a docs bug on https://www.mediawiki.org/wiki/Extension:Comments I went ahead and added registration=1 to the install template.

Oh, right, I have $wgShowDevelopmentWarnings = true;, but doesn't everyone? 🤓

The same thing applies at https://git.wikimedia.org/blob/mediawiki%2Fextensions%2FComments/master/CommentClass.php#L175 and L317

Agreed, documentation is extremely poor.

That was me informing the authors. With the same message as above. Felipe Schenone replied back to me with this message on 30 March:

If it is intentional, I suppose we could host a fork of this. All we'd have to do is delete a few lines from the extension.json file, track upstream otherwise, and warn people outside the WMF to use our fork instead of the official one. Somehow this solution seems suboptimal, but I'd be willing to do it.