Page MenuHomePhabricator
Feed Advanced Search

Today

dbarratt added a comment to T237852: System Adminstrator avoids CSRF attacks on MediaWiki REST API.

@eprodromou welp! that explains why none of the REST APIs you looked at use CSRF tokens. 馃榾

Mon, Nov 11, 4:24 PMSecurity-Team, Story, Core Platform Team Workboards (User Stories), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
dbarratt added a comment to T237852: System Adminstrator avoids CSRF attacks on MediaWiki REST API.

technically you don't need CSRF tokens with a REST API (assuming you are using JSON or XML) because the write request is no longer a simple request and therefore will trigger a preflight request. Since that preflight request would fail on a cross-origin request, then there isn't a way to send the data.

Mon, Nov 11, 4:12 PMSecurity-Team, Story, Core Platform Team Workboards (User Stories), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
dbarratt added a comment to T237852: System Adminstrator avoids CSRF attacks on MediaWiki REST API.

To be clear, my previous comment applied only to oAuth 1, oAuth2 is a really different protocol (its not really the next version so much as two totally different protocols). It sounds likely that oAuth2 would be more applicable, but im not as familar with it as oauth1, so i wouldnt want to comment without reading through the spec to refresh my memory

Mon, Nov 11, 3:48 PMSecurity-Team, Story, Core Platform Team Workboards (User Stories), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)
dbarratt added a comment to T237852: System Adminstrator avoids CSRF attacks on MediaWiki REST API.

Here are some thoughts I have...

  1. It doesn't really matter what the private API does. I suppose this is a question if we can make such a distinction or not. Are all our APIs "public" or are some of them "private" (private as in, limited to the current origin)?
  2. An option could be.. if a CSRF token is provided, then load the session from the cookie. In this way it's 100% required, but if it's missing (which would be the case for public requests... then that is fine, the cookie is ignored).
  3. Instead of making an endpoint to get the token, perhaps it would be better to embed the token on the HTML page itself? If the only use case to do this is JavaScript on the same origin, then I don't see why you would need to make another request just to get a token. Unless you can have a session, but get a cached page in MediaWiki? I don't think that is possible... but I might be missing something
  4. If you have to pass a token for each request.... why look at the Cookies/Session at all? Why not just have a "token" (a JWT or whatever) that contains everything needed to authorize the user?
  5. Taking this yet another step further... why not embed a client id and secret on the page... and authorize with OAuth 2 like everyone else?
  6. @Bawolff see https://www.oauth.com/oauth2-servers/single-page-apps/ for how OAuth 2 can be accomplished without a server or an app secret. Effectively it relies on HTTPS (and the server) giving the client id and secret to only the registered app domain. In this way, unless the app gives away the client secret (or the client does) requests from that client id and secret are known to come only from that application. I'm not sure if this can be accomplished with OAuth 1.0 as it does not require HTTPS (afaik).
Mon, Nov 11, 3:13 PMSecurity-Team, Story, Core Platform Team Workboards (User Stories), MediaWiki-REST-API, CPT Initiatives (Core REST API in PHP)

Sat, Nov 9

dbarratt added a comment to T237472: Should it be possible to add statements to a statement group?.

Removing campsite as this is not something the team will work on without further thought and discussion.

Sat, Nov 9, 5:10 AMWikidata, MediaWiki-extensions-WikibaseRepository

Fri, Nov 8

dbarratt added a comment to T235047: [Spike: 4 hours] RedirectSpecialPage not setting block cookies after redirect.

@dmaza After the server returns a 301/302 and the page gets redirected... why doesn't the next request (that results in a 200) have the cookies?

Fri, Nov 8, 4:28 PMAnti-Harassment (The Letter Song), Spike, MediaWiki-User-management
dbarratt updated the task description for T237472: Should it be possible to add statements to a statement group?.
Fri, Nov 8, 3:03 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt moved T236981: CheckUser 2.0: Create a new Special page in CheckUser for the redesigned version from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Fri, Nov 8, 3:47 AMPatch-For-Review, Anti-Harassment (The Letter Song), CheckUser
dbarratt updated the task description for T235389: IP Address ranges (CIDR) are stored as strings and cannot be queried.
Fri, Nov 8, 2:05 AMPatch-For-Review, MediaWiki-extensions-WikibaseRepository, Wikidata
dbarratt added a comment to T174553: Create a mechanism that allows fetching geolocation and subnet data for IP addresses.

Related: T235389: IP Address ranges (CIDR) are stored as strings and cannot be queried

Fri, Nov 8, 2:03 AMUser-Daimona, Patch-For-Review, User-Huji, MediaWiki-extension-requests, Stewards-and-global-tools, MediaWiki-extensions-LoginNotify, CheckUser
dbarratt updated the task description for T235389: IP Address ranges (CIDR) are stored as strings and cannot be queried.
Fri, Nov 8, 2:03 AMPatch-For-Review, MediaWiki-extensions-WikibaseRepository, Wikidata

Thu, Nov 7

dbarratt claimed T236981: CheckUser 2.0: Create a new Special page in CheckUser for the redesigned version.
Thu, Nov 7, 10:41 PMPatch-For-Review, Anti-Harassment (The Letter Song), CheckUser
dbarratt moved T236981: CheckUser 2.0: Create a new Special page in CheckUser for the redesigned version from Ready to In Progress on the Anti-Harassment (The Letter Song) board.
Thu, Nov 7, 10:41 PMPatch-For-Review, Anti-Harassment (The Letter Song), CheckUser
dbarratt added a comment to T210790: Should the Action API allow cross-origin requests by default?.

@eprodromou any update on this?

Thu, Nov 7, 10:30 PMCore Platform Team, Patch-For-Review, Security-Team, MediaWiki-API
dbarratt removed a subtask for T237039: [Epic] CheckUser 2.0: Preliminary check: T237295: Add form fields to new CU special page.
Thu, Nov 7, 10:24 PMEpic, CheckUser, Anti-Harassment
dbarratt removed a parent task for T237295: Add form fields to new CU special page: T237039: [Epic] CheckUser 2.0: Preliminary check.
Thu, Nov 7, 10:24 PMCheckUser, Anti-Harassment
dbarratt removed a subtask for T237039: [Epic] CheckUser 2.0: Preliminary check: T237294: Create the special page for the new extension.
Thu, Nov 7, 10:24 PMEpic, CheckUser, Anti-Harassment
dbarratt removed a parent task for T237294: Create the special page for the new extension: T237039: [Epic] CheckUser 2.0: Preliminary check.
Thu, Nov 7, 10:24 PMCheckUser, Anti-Harassment
dbarratt added a parent task for T237298: CheckUser 2.0: Display the data fetched on special page: T237300: Add filtering, sorting, pagination(?) to the data table.
Thu, Nov 7, 10:23 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a subtask for T237300: Add filtering, sorting, pagination(?) to the data table: T237298: CheckUser 2.0: Display the data fetched on special page.
Thu, Nov 7, 10:23 PMCheckUser, Anti-Harassment
dbarratt added a subtask for T237299: Allow the highlight to be "locked" if a user clicks: T237298: CheckUser 2.0: Display the data fetched on special page.
Thu, Nov 7, 10:22 PMCheckUser, Anti-Harassment
dbarratt added a parent task for T237298: CheckUser 2.0: Display the data fetched on special page: T237299: Allow the highlight to be "locked" if a user clicks.
Thu, Nov 7, 10:22 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a parent task for T236981: CheckUser 2.0: Create a new Special page in CheckUser for the redesigned version: T237034: CheckUser 2.0: Input form.
Thu, Nov 7, 10:21 PMPatch-For-Review, Anti-Harassment (The Letter Song), CheckUser
dbarratt added a subtask for T237034: CheckUser 2.0: Input form: T236981: CheckUser 2.0: Create a new Special page in CheckUser for the redesigned version.
Thu, Nov 7, 10:21 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt removed a parent task for T122296: Allow checking by last 64 bits of an IPv6 address: T237034: CheckUser 2.0: Input form.
Thu, Nov 7, 10:20 PMIPv6, Stewards-and-global-tools, CheckUser
dbarratt removed a parent task for T146837: Add ability to search by user agent from CheckUser interface: T237034: CheckUser 2.0: Input form.
Thu, Nov 7, 10:20 PMStewards-and-global-tools, CheckUser
dbarratt removed subtasks for T237034: CheckUser 2.0: Input form: T146837: Add ability to search by user agent from CheckUser interface, T122296: Allow checking by last 64 bits of an IPv6 address.
Thu, Nov 7, 10:20 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a parent task for T237034: CheckUser 2.0: Input form: T237298: CheckUser 2.0: Display the data fetched on special page.
Thu, Nov 7, 10:19 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a subtask for T237298: CheckUser 2.0: Display the data fetched on special page: T237034: CheckUser 2.0: Input form.
Thu, Nov 7, 10:19 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a parent task for T237296: CheckUser 2.0: Create service and methods for new CU extension: T237298: CheckUser 2.0: Display the data fetched on special page.
Thu, Nov 7, 10:18 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt added a subtask for T237298: CheckUser 2.0: Display the data fetched on special page: T237296: CheckUser 2.0: Create service and methods for new CU extension.
Thu, Nov 7, 10:18 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt placed T235050: RawAction not setting block cookies up for grabs.
Thu, Nov 7, 7:58 PMAnti-Harassment, MediaWiki-User-management
dbarratt placed T236751: Allow OutputPage to set maxage up for grabs.
Thu, Nov 7, 7:58 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt added a comment to T237669: Expose the device in the user-agent from the app requests.

This isn't very difficult to add, but wouldn't it have security implications? (i.e. wouldn't it reduce the anonymity of the user?)

Thu, Nov 7, 7:37 PMWikipedia-iOS-App-Backlog, iOS-app-Bugs, Wikipedia-Android-App-Backlog, Anti-Harassment, Android-app-Bugs, CheckUser
dbarratt updated the task description for T237669: Expose the device in the user-agent from the app requests.
Thu, Nov 7, 7:37 PMWikipedia-iOS-App-Backlog, iOS-app-Bugs, Wikipedia-Android-App-Backlog, Anti-Harassment, Android-app-Bugs, CheckUser
dbarratt added projects to T237669: Expose the device in the user-agent from the app requests: iOS-app-Bugs, Wikipedia-iOS-App-Backlog.
Thu, Nov 7, 7:27 PMWikipedia-iOS-App-Backlog, iOS-app-Bugs, Wikipedia-Android-App-Backlog, Anti-Harassment, Android-app-Bugs, CheckUser
dbarratt updated the task description for T237472: Should it be possible to add statements to a statement group?.
Thu, Nov 7, 4:44 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt added a comment to T235050: RawAction not setting block cookies.

Note that RawAction is not a blockable action (requiresUnblock returns false).

Thu, Nov 7, 4:39 PMAnti-Harassment, MediaWiki-User-management
dbarratt updated the task description for T237472: Should it be possible to add statements to a statement group?.
Thu, Nov 7, 2:25 PMWikidata, MediaWiki-extensions-WikibaseRepository

Wed, Nov 6

dbarratt reopened T236862: Add tests to OutputPage::sendCacheControl, a subtask of T236751: Allow OutputPage to set maxage, as Open.
Wed, Nov 6, 11:10 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt reopened T236862: Add tests to OutputPage::sendCacheControl as "Open".
Wed, Nov 6, 11:10 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt closed T236862: Add tests to OutputPage::sendCacheControl, a subtask of T236751: Allow OutputPage to set maxage, as Resolved.
Wed, Nov 6, 11:10 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt closed T236862: Add tests to OutputPage::sendCacheControl as Resolved.
Wed, Nov 6, 11:10 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt moved T236751: Allow OutputPage to set maxage from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Wed, Nov 6, 10:56 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt added a project to T237472: Should it be possible to add statements to a statement group?: Wikidata-Campsite.
Wed, Nov 6, 9:45 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt updated the task description for T237472: Should it be possible to add statements to a statement group?.
Wed, Nov 6, 9:03 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt added a comment to T216533: Mobile web "you are blocked" notice should truncate long block reasons.

I'm happy to review if I know how to replicate and what the solution should look like, but right now the description is not clear enough for me to help with that!

Wed, Nov 6, 8:24 PMReaders-Web-Backlog (Tracking), Anti-Harassment, MobileFrontend, MediaWiki-User-management
dbarratt moved T236862: Add tests to OutputPage::sendCacheControl from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Wed, Nov 6, 6:09 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General

Tue, Nov 5

dbarratt moved T227412: Partial blocks leads to wrong error messages from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Tue, Nov 5, 10:38 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), Beta-Cluster-reproducible, MediaWiki-User-management, User-DannyS712
dbarratt updated the task description for T237472: Should it be possible to add statements to a statement group?.
Tue, Nov 5, 10:05 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt created T237472: Should it be possible to add statements to a statement group?.
Tue, Nov 5, 10:03 PMWikidata, MediaWiki-extensions-WikibaseRepository
dbarratt updated the task description for T237296: CheckUser 2.0: Create service and methods for new CU extension.
Tue, Nov 5, 8:04 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt updated the task description for T237296: CheckUser 2.0: Create service and methods for new CU extension.
Tue, Nov 5, 8:04 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt renamed T237296: CheckUser 2.0: Create service and methods for new CU extension from Create class and methods for new CU extension to Create service and methods for new CU extension.
Tue, Nov 5, 7:46 PMAnti-Harassment (The Letter Song), CheckUser

Mon, Nov 4

dbarratt moved T236862: Add tests to OutputPage::sendCacheControl from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Mon, Nov 4, 11:55 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt closed T227005: Don't require that the blocker be a User for a SystemBlock as Resolved.
Mon, Nov 4, 10:51 PMPatch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt closed T227005: Don't require that the blocker be a User for a SystemBlock, a subtask of T225011: Clean up code related to blocking, as Resolved.
Mon, Nov 4, 10:51 PMMediaWiki-User-management
dbarratt closed T227005: Don't require that the blocker be a User for a SystemBlock, a subtask of T227892: [BUG] InvalidArgumentException "Blocker must be a local user or a name that cannot be a local user", as Resolved.
Mon, Nov 4, 10:51 PMMW-1.35-notes (1.35.0-wmf.5; 2019-11-05), Anti-Harassment (The Letter Song), MediaWiki-User-management

Fri, Nov 1

dbarratt closed T236501: Autoblocks expands templates before storing in database as Resolved.
Fri, Nov 1, 5:10 PMMW-1.35-notes (1.35.0-wmf.5; 2019-11-05), Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt updated the task description for T225939: System and composite block messages on mobile contain confusing information.
Fri, Nov 1, 3:27 PMAnti-Harassment (The Letter Song)

Wed, Oct 30

Restricted Application added a project to T191939: How to deal with blocked messages on client that require advanced parsing?: Core Platform Team.

I think this is probably the simplest way to go:

Provide HTML in the blockinfo API responses or have a way for clients to render these blocks.

Wed, Oct 30, 11:46 PMMW-1.32-notes (WMF-deploy-2018-05-22 (1.32.0-wmf.5)), Readers-Web-Backlog (Tracking), Language-Team, Anti-Harassment, MediaWiki-API, Front-end-Standards-Group, MediaWiki-User-management, MediaWiki-Parser
dbarratt added a comment to T236970: Block reasons should be parsed on mobile as they are on desktop.

I think this might be a duplicate of T191939

Wed, Oct 30, 11:34 PMAnti-Harassment, VisualEditor, Mobile, MediaWiki-User-management
dbarratt moved T236862: Add tests to OutputPage::sendCacheControl from Review to In Progress on the Anti-Harassment (The Letter Song) board.
Wed, Oct 30, 10:49 PMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a comment to T236797: How should the MachineVision extension interact with external APIs from production?.

I would assume that running in the client would defeat the purpose of storing such information trustfully.
On the other hand, I assume we would soon hit any rate-limiting google has on that API if we just run it from production (all requests will be coming from 2 IPs). We will need to tune the concurrency of such jobs, and also add a rate-limiting of sorts in change-propagation I guess.

Wed, Oct 30, 4:57 PMPatch-For-Review, Operations, serviceops, Product-Infrastructure-Team-Backlog, Machine vision
dbarratt added a comment to T236797: How should the MachineVision extension interact with external APIs from production?.

As far as UX is concerned...

Wed, Oct 30, 4:46 PMPatch-For-Review, Operations, serviceops, Product-Infrastructure-Team-Backlog, Machine vision
dbarratt moved T236862: Add tests to OutputPage::sendCacheControl from Ready to Review on the Anti-Harassment (The Letter Song) board.
Wed, Oct 30, 1:16 AMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt moved T236751: Allow OutputPage to set maxage from Review to In Progress on the Anti-Harassment (The Letter Song) board.
Wed, Oct 30, 1:16 AMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt created T236862: Add tests to OutputPage::sendCacheControl.
Wed, Oct 30, 1:11 AMMW-1.35-notes (1.35.0-wmf.8; 2019-11-26), Anti-Harassment (The Letter Song), MediaWiki-General

Tue, Oct 29

dbarratt added a subtask for T227005: Don't require that the blocker be a User for a SystemBlock: T236814: Improve blocker information on mobile block error message drawer.
Tue, Oct 29, 9:26 PMPatch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt added a parent task for T236814: Improve blocker information on mobile block error message drawer: T227005: Don't require that the blocker be a User for a SystemBlock.
Tue, Oct 29, 9:26 PMAnti-Harassment (The Letter Song), Readers-Web-Backlog (Tracking), MobileFrontend
dbarratt claimed T236751: Allow OutputPage to set maxage.
Tue, Oct 29, 7:49 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt moved T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Tue, Oct 29, 7:49 PMMW-1.35-notes (1.35.0-wmf.5; 2019-11-05), Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt moved T236501: Autoblocks expands templates before storing in database from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Tue, Oct 29, 7:49 PMMW-1.35-notes (1.35.0-wmf.5; 2019-11-05), Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T236751: Allow OutputPage to set maxage from Ready to Review on the Anti-Harassment (The Letter Song) board.
Tue, Oct 29, 5:10 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt edited projects for T236751: Allow OutputPage to set maxage, added: MediaWiki-General, Anti-Harassment (The Letter Song); removed Anti-Harassment.
Tue, Oct 29, 5:10 PMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt added a project to T236814: Improve blocker information on mobile block error message drawer: MobileFrontend.
Tue, Oct 29, 4:42 PMAnti-Harassment (The Letter Song), Readers-Web-Backlog (Tracking), MobileFrontend
dbarratt closed T232510: Add namespace filter to the interaction-timeline API as Resolved.
Tue, Oct 29, 1:44 PMAnti-Harassment (The Letter Song), InteractionTimeline
dbarratt closed T232510: Add namespace filter to the interaction-timeline API, a subtask of T190973: Timeline: Namespace filter, as Resolved.
Tue, Oct 29, 1:44 PMInteractionTimeline
dbarratt closed T188435: Bring consistency to visual design of Interaction Timeline, a subtask of T186271: Interaction Timeline V2, as Resolved.
Tue, Oct 29, 1:44 PMEpic, InteractionTimeline
dbarratt closed T188435: Bring consistency to visual design of Interaction Timeline as Resolved.
Tue, Oct 29, 1:44 PMAnti-Harassment (The Letter Song), Readers-Web-Backlog (Design), InteractionTimeline, Design
dbarratt closed T230616: Upgrade node.js to v10 as Resolved.

I would say so! :)

Tue, Oct 29, 1:26 PMInteractionTimeline, Anti-Harassment (The Letter Song)
dbarratt added a parent task for T236751: Allow OutputPage to set maxage: T235050: RawAction not setting block cookies.
Tue, Oct 29, 2:59 AMAnti-Harassment, MediaWiki-General, Patch-For-Review
dbarratt added a subtask for T235050: RawAction not setting block cookies: T236751: Allow OutputPage to set maxage.
Tue, Oct 29, 2:58 AMAnti-Harassment, MediaWiki-User-management
dbarratt created T236751: Allow OutputPage to set maxage.
Tue, Oct 29, 2:58 AMAnti-Harassment, MediaWiki-General, Patch-For-Review

Mon, Oct 28

dbarratt claimed T235050: RawAction not setting block cookies.
Mon, Oct 28, 5:50 PMAnti-Harassment, MediaWiki-User-management
dbarratt moved T235050: RawAction not setting block cookies from Ready to In Progress on the Anti-Harassment (The Letter Song) board.
Mon, Oct 28, 5:50 PMAnti-Harassment, MediaWiki-User-management
dbarratt closed T226990: Block messages are inconsistent if a user is blocked from email as Resolved.
Mon, Oct 28, 5:48 PMMW-1.35-notes (1.35.0-wmf.4; 2019-10-29), Anti-Harassment (The Letter Song), MediaWiki-Email
dbarratt closed T228950: Replace UserIsHidden with GetUserBlock in CentralAuth as Resolved.
Mon, Oct 28, 5:48 PMMW-1.35-notes (1.35.0-wmf.4; 2019-10-29), MW-1.34-notes (1.34.0-wmf.21; 2019-09-03), Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth
dbarratt closed T227110: Provide more informative block error message for Special:CreateAccount as Resolved.
Mon, Oct 28, 5:46 PMMW-1.35-notes (1.35.0-wmf.4; 2019-10-29), Anti-Harassment (The Letter Song), MediaWiki-User-management, MediaWiki-User-login-and-signup
dbarratt closed T213604: Why are Senses not first-class entities? as Invalid.

Thanks for your reply! I don't even understand my own question anymore, but I appreciate your response. :)

Mon, Oct 28, 2:39 PMWikidata, Lexicographical data
dbarratt added a comment to T231930: Introduce ActingUser to represent the user performing the current request.

For an example of what @Simetrical is saying... see: https://symfony.com/doc/current/service_container/request.html I'm not saying that we should necessarily do that or not, just wanted to express that the pattern is not unheard of.

Mon, Oct 28, 2:28 PMMediaWiki-User-management, CPT Initiatives (Decoupling (CDP2))

Fri, Oct 25

dbarratt placed T233597: Refactor ApiMain to use OutputPage::sendCacheControl up for grabs.
Fri, Oct 25, 6:41 PMCore Platform Team Workboards (Clinic Duty Team), Patch-For-Review, MediaWiki-API
dbarratt reassigned T234279: Get some statistics from CheckUser log from dbarratt to Niharika.
Fri, Oct 25, 6:41 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt moved T234279: Get some statistics from CheckUser log from In Progress to Review on the Anti-Harassment (The Letter Song) board.

Here is the query used to generate the statistics:

SELECT cul_type,  COUNT(cul_type) AS count FROM cu_log GROUP BY cul_type;
Fri, Oct 25, 2:48 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt shifted T234279: Get some statistics from CheckUser log from the S1 Public space to the Restricted Space space.
Fri, Oct 25, 2:18 PMAnti-Harassment (The Letter Song), CheckUser
dbarratt closed T236486: Cannot access production replica database from mwmaint1002 as Invalid.
Fri, Oct 25, 2:05 PMOperations
dbarratt added a comment to T236486: Cannot access production replica database from mwmaint1002.

You can just do sql enwiki which will connect you to a slave - in most cases you don't need to specify a replica

Fri, Oct 25, 2:05 PMOperations
dbarratt created T236486: Cannot access production replica database from mwmaint1002.
Fri, Oct 25, 2:01 PMOperations

Thu, Oct 24

dbarratt moved T236425: Fatal Error: "Call to a member function getId() on string" from BlockListPager.php from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Thu, Oct 24, 11:37 PMMW-1.35-notes (1.35.0-wmf.3; 2019-10-22), Anti-Harassment (The Letter Song), MediaWiki-User-management, Wikimedia-production-error
dbarratt moved T236425: Fatal Error: "Call to a member function getId() on string" from BlockListPager.php from Ready to Review on the Anti-Harassment (The Letter Song) board.
Thu, Oct 24, 7:41 PMMW-1.35-notes (1.35.0-wmf.3; 2019-10-22), Anti-Harassment (The Letter Song), MediaWiki-User-management, Wikimedia-production-error