T201698.patch1 KBDownload
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Aug 15 2018
Aug 15 2018
Ciencia_Al_Poder added a project to T201698: blog-by-user-category message can potentially inject arbitrary strings and parameters when passed to preg_match_all: Patch-For-Review.
Ciencia_Al_Poder claimed T201698: blog-by-user-category message can potentially inject arbitrary strings and parameters when passed to preg_match_all.
I've tested setting blog-by-user-category to end in /e#, and it displays a PHP Warning: preg_match_all(): Unknown modifier '#'. That means the PCRE comment character isn't taken as a comment when present in the modifiers section of the regexp, making it not exploitable (unless a more ancient PHP version allows for that).
Aug 14 2018
Aug 14 2018
Aug 10 2018
Aug 10 2018
Ciencia_Al_Poder updated subscribers of T201698: blog-by-user-category message can potentially inject arbitrary strings and parameters when passed to preg_match_all.
Maybe the message should be passed through preg_quote, and then replace $1 (without spaces) with (.*). Sadly I have no time now to test this :( Maybe in a couple of days...
Aug 3 2018
Aug 3 2018
Ciencia_Al_Poder removed a project from T200911: Renaming a Blog page causes a fatal when running jobs: Patch-For-Review.
Ciencia_Al_Poder closed T152764: Fatal errors when running refreshLinks.php and rebuildall.php with Extension:Comments enabled as Resolved.
With the previous patch, refreshLinks does not fatal anymore. It should be fixed now
Aug 1 2018
Aug 1 2018
Ciencia_Al_Poder added a comment to T152764: Fatal errors when running refreshLinks.php and rebuildall.php with Extension:Comments enabled.
Looks like this could be fixed by gerrit change 449761. The code path is not the same, but maybe the code was reorganized some time ago...
Ciencia_Al_Poder moved T200911: Renaming a Blog page causes a fatal when running jobs from Backlog to Bugs on the MediaWiki-extensions-Comments board.
This actually is a fault of the Comments extension (incidentally, blogs have comments 😁). I'm not sure why this happens when the blog page is renamed, and not otherwise, though, although using $wgOut can be the source of a lot of problems.
Ciencia_Al_Poder added a comment to T146588: Link to user's blogs on the userpage within SocialProfile.
Okay, I was looking for the $wgUserProfileDisplay['articles'] on the SocialProfile extension... Also, I forgot to run jobs, so the user category wasn't populated and hence nothing was displayed.
Okay, my comment was about the T45646#4447303 idea, which would be a major breakage in legal terms. Gerrit changeset 449626 would be fine, though, if it doesn't follow the path of renaming system messages.
Jul 31 2018
Jul 31 2018
Does a special page exists which lists all blog pages by author? I can't find it. Ideally, this shouldn't be a magic word, but an includable special page. The special page on its own could be linked from the social profile (see T146588)
Ciencia_Al_Poder added a comment to T146588: Link to user's blogs on the userpage within SocialProfile.
In T146588#2665741, @ashley wrote:You mean $wgUserProfileDisplay['articles'] = true; ?
Jul 30 2018
Jul 30 2018
Ciencia_Al_Poder added a comment to T200653: Error undeleting page: IncompleteRevisionException: sha1 field must not be !.
You can try running populateRevisionSha1.php. I though it may not generate it for deleted revisions, that will have this issue on undeletion, but apparently it also takes cares of deleted revisions, so there shouldn't be any case missing. This script should have been run automatically on upgrade when the field was added.
Ciencia_Al_Poder renamed T200653: Error undeleting page: IncompleteRevisionException: sha1 field must not be ! from Problem on restoring/undeleting revisions on updated wiki to Error undeleting page: IncompleteRevisionException: sha1 field must not be !.
Ciencia_Al_Poder edited projects for T200653: Error undeleting page: IncompleteRevisionException: sha1 field must not be !, added: Multi-Content-Revisions, MediaWiki-Revision-deletion; removed MediaWiki-Page-deletion.
It may be another instance of T195692: Attempt to undelete page causes error: Fatal exception of type IncompleteRevisionException: user_text field must not be ''!, but this one is on a different field
Jul 29 2018
Jul 29 2018
Ciencia_Al_Poder added a project to T200652: DPLForum: Double-encoded link text on the generated list (at least for double quotes): good first task.
Adding ashley as cc since he's the only de-facto maintainer (at least in the previous 2-3 years). I can probably come up with a patch if nobody does that before. Tagging as easy because it looks easy to reproduce and fix.
Ciencia_Al_Poder updated the task description for T200652: DPLForum: Double-encoded link text on the generated list (at least for double quotes).
Jul 27 2018
Jul 27 2018
Ciencia_Al_Poder added a comment to T197087: Remove or limit edituserjs and similar rights from users with "higher" access than the editor.
edituserjs/editusercss/edituserjson permissions have been revoked from sysops in rMWdb888bc5ad
Ciencia_Al_Poder added a comment to T200471: LBFactorySimple breaks ExternalStorage, trying to connect to external server with local database name.
Yeah, sorry. The code is very complex and hard to test. I'll try to investigate in case I'm able to provide a patch, however feel free to submit a patch yourself if you can. This problem is blocking my ability to upgrade my wiki
Jul 26 2018
Jul 26 2018
Well, apparently this did surfaced on development (this task) but didn't got sufficient attention, maybe because thinking it only affected vagrant. But this affects real setups (see T200471)
Ciencia_Al_Poder updated subscribers of T200471: LBFactorySimple breaks ExternalStorage, trying to connect to external server with local database name.
This may be caused by rMW14ee3f210782 self-merged by @aaron
Jul 24 2018
Jul 24 2018
Ciencia_Al_Poder added a comment to T200291: MultilineTextInputWidget creates 2 textareas (one visible, another hidden).
Looks like the second textarea may be intentional for the "autosize" property, because if I remove it later, the textarea does not autosize.
Why not simply change the usage of the current message as to not output raw HTML? Wikis which don't have the message customized, will continue to work. Wikis that use raw HTML, will display visible HTML code, but that will be also very noticeable for site admins that can adapt the message. This will prevent the problem of displaying a wrong copyright message: it would be correct, but badly formatted, only for the cases where non-allowed HTML tags are used.
Jul 23 2018
Jul 23 2018
Ciencia_Al_Poder reopened T197261: Undefined variable: mappings in extensions/ExternalData/ED_ParserFunctions.php on line 535 as "Open".
The issue hasn't been resolved. I've just created a new page and the error appears again at the top of the page:
Jul 22 2018
Jul 22 2018
Ciencia_Al_Poder removed a project from T200158: $wgUploadBaseUrl not honored for Avatars: Patch-For-Review.
Done for SocialProfile (-core?), other satellite extensions may need update too.
Ciencia_Al_Poder renamed T200164: Uploading a gift image does nothing (the default image is displayed instead) from Uploading a profile to Uploading a gift image does nothing (the default image is displayed instead).
Jul 17 2018
Jul 17 2018
Ciencia_Al_Poder added a comment to T87140: Regularly run GenerateSitemap.php on Farsi Wikinews to improve Google crawling.
Someone with access to google search console can add the Special:NewPages atom feed. This will help to index new articles created
Ciencia_Al_Poder added a comment to T198976: Make it easier for search engines to index anchors on mobile.
What about a floating button on the bottom-right corner, that when pushed opens the table of contents? That way you can easily access the TOC, independently on the scroll position (also useful to reach the top of the page). Of course, this would be more an improvement to UX, not SEO itself (depending on how it's done)
Jul 15 2018
Jul 15 2018
Ciencia_Al_Poder updated the task description for T199648: Edits in quick succession on several translation units may not get reflected on the translated page.
Jul 2 2018
Jul 2 2018
Ciencia_Al_Poder raised the priority of T197830: All pages have an error in the graphs section: unable to write file from High to Needs Triage.
Ciencia_Al_Poder awarded T145832: Create Trusted Contributors project? a Like token.
@Hagarshilo I can view it with a program called VLC
Jul 1 2018
Jul 1 2018
Ciencia_Al_Poder added a comment to T198552: Vandalism on Phabricator: Undo changes made (2018-07-01).
In T198552#4362457, @Aklapper wrote:We introduced the limit a few hours ago.
Ciencia_Al_Poder renamed T197444: Our Phabricator is being attacked from ruaaaaaaaa to Our Phabricator is being attacked.
Ciencia_Al_Poder renamed T197456: Remove security vandalism of various tasks (2018-06-15) from fuaaaaaaaa to Remove security vandalism of various tasks.
Ciencia_Al_Poder awarded T198552: Vandalism on Phabricator: Undo changes made (2018-07-01) a Barnstar token.
Jun 30 2018
Jun 30 2018
Ciencia_Al_Poder awarded T128566: Allow specialized licensing options for specialized wikis in in-editor upload feature a Mountain of Wealth token.
Ciencia_Al_Poder edited projects for T198518: Attempting to edit MediaWiki.org page produces PHP fatal error: Call to undefined method LanguageCode::getCode(), added: MediaWiki-extensions-Translate; removed WMF-General-or-Unknown.
The problem can be easily reproduced by simply placing {{#translation:}} on the page.
Ciencia_Al_Poder added a comment to T145545: "No active login attempt is in progress for your session." when trying to log in on wikisource.org.
Another instance of the error when logging to commons, on mobile: T198515
Jun 29 2018
Jun 29 2018
Ciencia_Al_Poder added a comment to T196864: Revisions have disappeared since migration to WMF hosting.
Is going to be any data loss for the edits made recently?
Jun 26 2018
Jun 26 2018
Ciencia_Al_Poder awarded T198180: MediaWiki 1.31 Release notes states that THIS IS NOT A RELEASE YET! a Pterodactyl token.
Ciencia_Al_Poder added a comment to T198180: MediaWiki 1.31 Release notes states that THIS IS NOT A RELEASE YET!.
I've added a reminder of the "THIS IS NOT A RELEASE YET!" text on the comments section, just in case, because it's not the first time something like this happens :)
Jun 25 2018
Jun 25 2018
Ciencia_Al_Poder added a comment to T177666: AbuseFilter's update keys aren't guaranteed to be stable.
Ugh, I install every MediaWiki update on a different path, and then change the web published directory to point to the new one...
Ciencia_Al_Poder added a comment to T198005: Allow users to specify the execution order for all active filters.
In T198005#4310057, @Daimona wrote:
- Allow to retrieve info from any filter in a way like T186960#4310018
Where (2.) completely prevents order customization and thus isn't really good.
Jun 24 2018
Jun 24 2018
In T186960#4310025, @Daimona wrote:I think that we'd better allow users to specify the execution order and avoid setting one without explicitly reporting it. This would give users more control and simplify coding the feature.
AbuseFilter tests filters ordering them by number. Thus, we may limit this functionality to only checking previous filter (=filters with smaller number).
Ciencia_Al_Poder added a comment to T198005: Allow users to specify the execution order for all active filters.
I think sharing variables or add subroutines in Abuse Filter does not require to have a specific order of execution, or at least the implementation of those features shouldn't require this.
Jun 21 2018
Jun 21 2018
Ciencia_Al_Poder added a comment to T197830: All pages have an error in the graphs section: unable to write file.
@DeepBlue: Wikiapiary is down atm. You probably know, but pinging just in case.
Jun 20 2018
Jun 20 2018
Ciencia_Al_Poder added a comment to T19577: Thumbnail urls should be versioned and sent with Expires headers.
I use a custom-made extension that adds the file timestamp to the URLs (thumbnails and original file). If anyone is interested, the code is here and can be seen on wikidex.net
Jun 15 2018
Jun 15 2018
Ciencia_Al_Poder added a comment to T197087: Remove or limit edituserjs and similar rights from users with "higher" access than the editor.
Do you plan to decide based on the number of user rights/permissions of each user? permissionCount(userA) > permissionCount(userB)
Ciencia_Al_Poder added a comment to T197486: prop=revisions API timing out for a specific user and pages they edited.
rvexcludeuser may be the problem here. Queries with explicitly exclude something are usually expensive (where not exists, where X not in, or where A <> B). Maybe this is causing the query to not using the proper indices.
Ciencia_Al_Poder added a comment to T197087: Remove or limit edituserjs and similar rights from users with "higher" access than the editor.
An option to reduce the attack vector, while allowing other users to "clean" broken code, would be the ability to only blank or delete the page, instead of modifying it. Blanking the page wouldn't compromise anything.
I'd expect a centralized way to set uploads to readonly
Okay, I read from the documentation that this setting is "To disable file delete/restore temporarily. " This makes the variable useless.
Ciencia_Al_Poder renamed T197444: Our Phabricator is being attacked from Our website is being attacked to Our Phabricator is being attacked.
Jun 14 2018
Jun 14 2018
Jun 9 2018
Jun 9 2018
In T117332#4269316, @MusikAnimal wrote:Can you think of a way to find these uncategorized pages?
In T117332#4269288, @MusikAnimal wrote:This happened again with https://en.wikipedia.org/wiki/User:TimSGearhart/sandbox. A speedy deletion tag was added on April 16 but the page was never put in the category. I have since made a null edit and that fixed it.
Maybe we could run a query to look for Template:Db (and variants) transclusions where the page is not in Category:Candidates for speedy deletion?
May 30 2018
May 30 2018
Ciencia_Al_Poder awarded T196017: Hide no-op update.php actions behind a verbose flag a Like token.
May 27 2018
May 27 2018
May 26 2018
May 26 2018
Ciencia_Al_Poder awarded T155283: Remove ugly hack in Gamepress meant for responsiveness a Y So Serious token.
Ciencia_Al_Poder updated the task description for T155283: Remove ugly hack in Gamepress meant for responsiveness.
May 25 2018
May 25 2018
Ciencia_Al_Poder added a comment to T186456: PHP Fatal error: Call to undefined method PEAR::encodeHeader() when Echo is enabled.
In T186456#4230198, @demon wrote:My addition (removing non-composer support for SMTP) is in master and REL1_31.
May 18 2018
May 18 2018
Ciencia_Al_Poder added a comment to T194848: Fatal error: $this is null in Echo/includes/model/Event.php on line 345.
In T194848#4212433, @mmodell wrote:@Ciencia_Al_Poder Indeed that is probably caused by this one, however, I just merged the fix so if your problem persists it must be something else.
May 17 2018
May 17 2018
Ciencia_Al_Poder added a comment to T194848: Fatal error: $this is null in Echo/includes/model/Event.php on line 345.
I'm not seeing any notifications since about 2 days in mediawiki.org from flow posts, even though my watchlist has changes from them. I assume the cause is this task, right? Or do you prefer to open a new task for investigation?
May 14 2018
May 14 2018
Ciencia_Al_Poder added a comment to T106990: Provide a wikitext mechanism to add <meta> tags to the page's <head> element.
Ok, maybe I did not understood the problem correctly. With $wgAllowMicrodataAttributes = true;, <meta> tags are allowed on wikitext, but only as a normal element in the same place where they appear in wikitext, they aren't put in the <head> section.
Ciencia_Al_Poder added a comment to T192965: Error installing MediaWiki on MSSQL: "Implicit conversion from data type varchar to varbinary is not allowed" (externallinks table).
Apparently, on SQLServer the default for varbinary should be (0x)
May 13 2018
May 13 2018
Ciencia_Al_Poder renamed T194609: database error on uploading an avatar with SocialProfile 1.13 and Mediawiki 1.30.0 related to user_stats from database error on uploading an avatar with SocialProfile 1.13 and Mediawiki 1.3.0 related to user_stats to database error on uploading an avatar with SocialProfile 1.13 and Mediawiki 1.30.0 related to user_stats .
Ciencia_Al_Poder updated the task description for T188710: Adapt grabbers to support the new actor table.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL