Page MenuHomePhabricator
Feed Advanced Search

Jul 2 2023

MarkusRost added a comment to T340921: Make OAuth2 refresh tokens valid for longer than access tokens.

Change 934713 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/OAuth@master] Fix default refresh token expiry

Jul 2 2023, 9:17 PM · MW-1.42-notes (1.42.0-wmf.1; 2023-10-17), MediaWiki-extensions-OAuth
MarkusRost created T340921: Make OAuth2 refresh tokens valid for longer than access tokens.
Jul 2 2023, 8:12 AM · MW-1.42-notes (1.42.0-wmf.1; 2023-10-17), MediaWiki-extensions-OAuth

Jun 30 2022

MarkusRost added a comment to T34959: Private filters should not be visible in recent changes.

I think having edits to abuse filter hidden from recent changes is problematic for admins. It's currently possible that admins will never notice the existence of new filters which might cause problems later on. Trying to solve issues of editors is also made a lot harder when admins don't know that there was a recent abuse filter change which causes the issue.

Jun 30 2022, 3:14 PM · MW-1.35-notes (1.35.0-wmf.5; 2019-11-05), User-DannyS712, AbuseFilter

Jan 4 2021

MarkusRost added a comment to T270713: CVE-2021-30152: action=protect lets users with 'protect' permission protect to higher protection level.

Wouldn't returning a permissions error be the better message? That message should already exist as well and the user is in fact missing the permission to protect to that level.

Jan 4 2021, 6:22 PM · MW-1.36-notes, MW-1.37-notes (1.37.0-wmf.1; 2021-04-13), Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Vuln-MissingAuthz, Security-Team, Security, MediaWiki-Action-API