Feed Search

Search
Use Results
Edit Query
Hide Query

May 24 2025

Ckujau updated subscribers of T303888: Mailman3: Stop advertising list subscription/management methods via email in email headers.

This is still happening, and I reported the same to mediawiki-l-owner and @Platonides was kind to respond to better open a phabricator issue for this. But it's already open ;-)

May 24 2025, 12:40 AM · SRE, Wikimedia-Mailing-lists

Jun 6 2021

Ckujau created T284397: Unhandled Exception ("RuntimeException"): Undefined offset: 5 when trying to access T16235.

Jun 6 2021, 1:12 PM · Phabricator (Upstream), Upstream

Jan 30 2020

Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

OK, understood. Thanks for clearing that up! 👍

Jan 30 2020, 8:29 PM · Security, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-Action-API, Vuln-Inject, Security-Team

Ckujau added a comment to T228544: Nessus Scan Revealed High Finding.

While I understand that there's no SQL query executed here, is it really harmless to have Mediawiki echo everything back that is passed in the URL? In a Mediawiki 1.34.0 installation I get:

Jan 30 2020, 12:32 PM · Security, Performance-Team (Radar), MediaWiki-ResourceLoader, MediaWiki-Action-API, Vuln-Inject, Security-Team

Aug 10 2016

Ckujau added a comment to T78159: Fix superfluous Warning: is_executable(): open_basedir restriction in effect in /includes/GlobalFunctions.php on line 2809.

IMHO adding /bin/bash to open_basedir should not be recommended. This directive is often used to explicitly limit file system access for PHP. Allowing PHP to call a system shell doesn't sound like a good idea to me. (MW 1.26 here, the warning is logged 3 times for each picture upload, but no UI errors - only includes/limit.sh is never called, of course.)

Aug 10 2016, 6:24 AM · MediaWiki-General

Jun 9 2016

Ckujau added a watcher for MediaWiki-extensions-Lockdown: Ckujau.

Jun 9 2016, 3:31 AM