In T245850#5912492, @sbassett wrote:Whoops, I think this task was being edited as the Security-Team was reviewing it :) Did the above commit get deployed to any relevant wikis (I know ext:Widget isn't part of WMF production)? That should probably happen soon since the patch for master is public. We should also try to backport this to supported release branches.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Feb 24 2020
Feb 24 2020
Alexia added a comment to T245850: Invoking any namespaced page with {{#widget:}} will run the page's contents as a widget; even if the page is not in Widget namespace (CVE-2020-9382).
Alexia closed T245850: Invoking any namespaced page with {{#widget:}} will run the page's contents as a widget; even if the page is not in Widget namespace (CVE-2020-9382) as Resolved.
This has been merged.
Feb 21 2020
Feb 21 2020
Dec 16 2019
Dec 16 2019
Alexia updated the task description for T240895: The "afl_change_deleted_patrolled" database patch is not applied by onLoadExtensionSchemaUpdates..
Alexia updated the task description for T240895: The "afl_change_deleted_patrolled" database patch is not applied by onLoadExtensionSchemaUpdates..
Nov 12 2019
Nov 12 2019
Alexia added a comment to T238150: patch-drop-ct_tag.sql causes duplicate entries for key change_tag_rc_tag_id.
I am closing this as invalid. There is a context issue with the DynamicSettings FarmInstaller that is causing this maintenance script to run against the wrong database. We will fix that on our end.
Alexia added a comment to T238150: patch-drop-ct_tag.sql causes duplicate entries for key change_tag_rc_tag_id.
I deleted the updatelog entry and ran it manually. This time around it actually did the task. This is consistent behavior across every wiki that is being upgraded. It fails during update.php with a successful message, is logged as completed, but did not actually do anything. I am going to do tests against the MW 1.31 version of the database with debugging to see what is happening.
Alexia added a comment to T238150: patch-drop-ct_tag.sql causes duplicate entries for key change_tag_rc_tag_id.
The maintenance script did run though:
Running maintenance/populateChangeTagDef.php... done. Adding index change_tag_rc_tag_id to table change_tag ...done. Adding ipb_sitewide field to table ipblocks ...done. Creating ipblocks_restrictions table ...done. Merging image_comment_temp into the image table Merging image_comment_temp into the image table... Completed merge of image_comment_temp into the image table, 0 image rows updated, 0 image_comment_temp rows deleted. done. Dropping table image_comment_temp ...done. Table change_tag contains ct_tag field. Dropping ...General exception while running update: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: ALTER TABLE `change_tag` MODIFY ct_tag_id int unsigned NOT NULL
Jul 8 2019
Jul 8 2019
Alexia renamed T227461: PHPRedis module >= 5.0.0 throws deprecation warnings for delete(). from PHPRedis >= 5.0.0 throws deprecation warnings for delete(). to PHPRedis module >= 5.0.0 throws deprecation warnings for delete()..
Jun 14 2019
Jun 14 2019
Krinkle awarded T225843: Performance: Prevent double query for the same User::idFromName() call. a Orange Medal token.
Jun 11 2019
Jun 11 2019
Alexia added a comment to T208881: CSS using var() to create exponential sized calc() on wiki page will crash visitor's browser.
Locally on Gamepedia we are removing this patch due to it negativity affecting many of our wikis breaking styling and layout. This issue only affects Chrome the worst, does not crash Safari(though never finishes loading), and loads fine in Firefox. It should be fixed by the browser vendors as needed.
Alexia added a comment to T211233: Setting the EditPage::POST_EDIT_COOKIE_KEY_PREFIX cookie on every edit causes the Cookie header to be truncated for bots and browsers..
In T211233#5250018, @Jdforrester-WMF wrote:Sounds like this is a known bug in the bots, then?
Alexia added a comment to T211233: Setting the EditPage::POST_EDIT_COOKIE_KEY_PREFIX cookie on every edit causes the Cookie header to be truncated for bots and browsers..
In T211233#5228363, @Jdforrester-WMF wrote:The cookie expires after 20 minutes, and should be removed immediately on successful edit by the JS anyway. Is this not happening in the client?
Jun 9 2019
Jun 9 2019
Alexia added a comment to T211442: Database errors during MovePage operations for file moves causes data loss..
Looks good to me!
Jun 2 2019
Jun 2 2019
Jan 9 2019
Jan 9 2019
Alexia added a comment to T212013: A non-numeric value encountered in includes/LinksUpdateHookHandler.php:142..
The $wgThumbLimits setting is default/stock in the Gamepedia stack.
Alexia added a comment to T212013: A non-numeric value encountered in includes/LinksUpdateHookHandler.php:142..
In T212013#4865266, @thiemowmde wrote:@Alexia, please check the local $wgPageImagesScores setting you are using in your wiki (farm). It seems it contains strings, but should only contain integers.
Dec 14 2018
Dec 14 2018
Dec 10 2018
Dec 10 2018
Alexia added a comment to T211442: Database errors during MovePage operations for file moves causes data loss..
I goofed and submitted a buggy patch. See the new patch set.
Alexia added a comment to T210891: @import are broken due to be concatenated in the middle of output..
Understood. I changed our local CSS to embed the output of the Google Font URL call directly.(Which is not recommended, but not the worst thing.) We only use it in two places.
Alexia closed T210891: @import are broken due to be concatenated in the middle of output. as Declined.
Dec 7 2018
Dec 7 2018
Dec 5 2018
Dec 5 2018
Alexia added a comment to T211233: Setting the EditPage::POST_EDIT_COOKIE_KEY_PREFIX cookie on every edit causes the Cookie header to be truncated for bots and browsers..
This is MediaWiki making many cookies. See EditPage::setPostEditCookie() where it creates the cookie key: $postEditKey = self::POST_EDIT_COOKIE_KEY_PREFIX . $revisionId;
Dec 4 2018
Dec 4 2018
Pcj awarded T210891: @import are broken due to be concatenated in the middle of output. a Orange Medal token.
Dec 3 2018
Dec 3 2018
Alexia added a comment to T210891: @import are broken due to be concatenated in the middle of output..
I wrote a function to hoist @import up to the top of files, but unfortunately in my digging it seems that resource loader is hell bent on keeping every single file separate until the very last moment. I can not find a good place to put this in.
Nov 30 2018
Nov 30 2018
Alexia updated the task description for T210891: @import are broken due to be concatenated in the middle of output..
In T204816#4597618, @Esanders wrote:less.php hasn't been touched in two years and has 88 open issues: https://github.com/oyejorge/less.php :/
Nov 27 2018
Nov 27 2018
Alexia closed T210429: Update to use OOUI JS button and inputs to fix out of place button. as Resolved.
Alexia updated subscribers of T210453: DeleteBatch overwrites the global $wgUser context causing errors and session collisions..
@ashley: You might be interested in this one since you were working on it recently.
Nov 26 2018
Nov 26 2018
Alexia added a comment to T210453: DeleteBatch overwrites the global $wgUser context causing errors and session collisions..
The "MediaWiki-extensions-DeleteBatch" tag does not exist so I can not add it.
Alexia updated the task description for T210429: Update to use OOUI JS button and inputs to fix out of place button..
Alexia updated subscribers of T210429: Update to use OOUI JS button and inputs to fix out of place button..
Nov 18 2018
Nov 18 2018
Nov 15 2018
Nov 15 2018
Nov 14 2018
Nov 14 2018
Oct 30 2018
Oct 30 2018
Oct 29 2018
Oct 29 2018
Alexia updated the task description for T208268: New AbuseFilterCentralDb class to fix using the wrong credentials for external databases..
Alexia added a comment to T207223: getDBLoadBalancerFactory()->getExternalLB() returns a LB with the wrong database..
In T207223#4703891, @aaron wrote:In T207223#4703802, @Alexia wrote:The recommend fix does work for our extension. I apparently had configured Echo properly in the past so it was working properly. For AbuseFilter I had to patch it to use the same pattern since it only specifies the database and not the cluster to use.
What is the patch diff? There shouldn't be any need to change AbuseFilter itself (at least not git master).
Alexia added a comment to T207223: getDBLoadBalancerFactory()->getExternalLB() returns a LB with the wrong database..
The recommend fix does work for our extension. I apparently had configured Echo properly in the past so it was working properly. For AbuseFilter I had to patch it to use the same pattern since it only specifies the database and not the cluster to use.
Oct 23 2018
Oct 23 2018
Alexia added a comment to T207223: getDBLoadBalancerFactory()->getExternalLB() returns a LB with the wrong database..
Extension:GlobalBlock(No 'ing) is an internal extension that works with Gamepedia/Twitch authentication servers. That code example is based on a previous version of Echo.
Oct 17 2018
Oct 17 2018
Alexia added a comment to T207223: getDBLoadBalancerFactory()->getExternalLB() returns a LB with the wrong database..
We applied this patch as a temporary work around for our MW 1.31 testing.
Alexia added a comment to T207223: getDBLoadBalancerFactory()->getExternalLB() returns a LB with the wrong database..
Previously with MW 1.29 in LoadBalancer::reallyOpenConnection( array $server, $dbNameOverride = false ) $server['dbname'] would only be overwritten if an override was passed. An override was never passed though since LoadBalancer::openConnection() was always passing false for that parameter.
Oct 16 2018
Oct 16 2018
May 23 2018
May 23 2018
Alexia added a comment to T191926: The extraInput array key in LoginSignupSpecialPage was accidentally lowercased which broke extensions that relied on it..
The issue was that when I submitted this patch 1.5 years ago that it broke several extensions that relied on it and had not been updated yet.(Such as ConfirmEdit.) Looking at my current local code base all of those extensions have been updated and no longer rely on it. This can be abandoned.
Apr 16 2018
Apr 16 2018
Alexia added a comment to T191931: MailAddress needs to be quoting the name part of the mail headers..
I will fix this patch this week.
Apr 11 2018
Apr 11 2018
Alexia added a comment to T191937: ResourceLoader LESS cache should vary on wiki-global vars (aside from module own vars).
I will add that task to Hydra's internal Jira to move to extending the Module set of classes for this.
Alexia added a comment to T191931: MailAddress needs to be quoting the name part of the mail headers..
I updated the test to match the new conditions.
Apr 10 2018
Apr 10 2018
Alexia updated the task description for T191937: ResourceLoader LESS cache should vary on wiki-global vars (aside from module own vars).
Apr 9 2018
Apr 9 2018
In T191652#4117908, @Krinkle wrote:@Alexia I believe you misunderstood my example. I've altered the second example below, in hope to provide clarity. If needed, I can also elaborate on the JavaScript example, but let us focus on the styles issue first.
Situation s1:
- addModuleStyles( [ 'foo' ] )
- Dependencies supported (e.g. with your patch).
- foo depends on bar.
Outputs:
/wiki/Example<link rel=stylesheet href="load.php... foo, bar">This HTML may be cached. For example, by user web browsers, or by own File Cache, by own cache proxies, or by company cache proxies (office, WiFi, ISP). This cache is public, typically expires after some days, and is validated based on contents and/or timestamp of the wiki page revision.
Situation s2:
- foo no longer depends on bar, but now depends on quux.
- foo.css is changed to assume and override styles from quux. Its logic for "bar" is removed.
Expected outcome:
- Either the page looks the same as before (bar with v1 of "foo", unchanged), or the page looks like the new situation s2.
Actual outcome:
- Users will view "Example" (still cached) with a request for modules=foo,bar (cache expired, result will be fresh).
- The response will not contain "quux".
- The response will contain "bar" and the new version of "foo".
In T191652#4117820, @Nirmos wrote:We also fixed several other context bugs that caused ResourceLoader to rapidly evict the cache due to it not handling cache keys correctly.(Thus causing slow downs due to having to recache constantly.)
Is this referring to T188076?
(I am trying to follow along, but poorly.) If you remove "quux" from the repository then Javascript would not be able to load it either. It is missing. Though if you mean removing "quux" as a dependency and just hoping it gets included somewhere that would be an odd choice to make. I just deployed this ResourceLoader change out to live Gamepedia/Hydra if you wish to see it live. We have a test wiki available: https://meeseeks.gamepedia.com/Meeseeks_Wiki
Apr 6 2018
Apr 6 2018
I put in a work around for this on the Hydra Wiki Platform that removes FOUC and puts all the CSS into one minified file.
Mar 15 2018
Mar 15 2018
Alexia updated the task description for T189812: PF_AutoeditAPI.php logs users out on MediaWiki 1.27+ that use the AuthManager and SessionManager API..
Mar 12 2018
Mar 12 2018
I just got notification of this. Patched on Gamepedia/Hydra wikis. However, our version of MySQL is patched already for the table of death issue.
Feb 28 2018
Feb 28 2018
Feb 1 2018
Feb 1 2018
Alexia added a comment to T186146: Anonymous users editing a page do not trigger Cargo to update a table..
Many years ago there were several third party extensions that had a habit of opening new database transactions, but never closing them. So as a work around in several of Hydra's own extensions we put $db->commit() in place to fix them breaking transactions.
Alexia added a comment to T186146: Anonymous users editing a page do not trigger Cargo to update a table..
This was the entire change. Basically it had not been updated for MediaWiki's newer API for atomic database transactions.
Alexia added a comment to T186146: Anonymous users editing a page do not trigger Cargo to update a table..
I found the issue. Another extension was throwing an exception for logged out users that was causing this issue for Cargo. However, due to an exception handling change in MediaWiki 1.29 those kind of exceptions were quietly being dropped and MediaWiki would go on pretending everything was fine.
Alexia added a comment to T186146: Anonymous users editing a page do not trigger Cargo to update a table..
Morning update: I have found that the hook "PageContentSaveComplete" is not being ran or being interrupted somehow. The onPageContentSaveComplete function in Cargo never gets called.
Alexia added a comment to T186146: Anonymous users editing a page do not trigger Cargo to update a table..
Regular page edits through the standard source editor are what cause this behavior.
Jan 31 2018
Jan 31 2018
Jan 9 2018
Jan 9 2018
Dec 11 2017
Dec 11 2017
Dec 9 2017
Dec 9 2017
Dec 2 2017
Dec 2 2017
@Reception123 DPL3 is meant to replace all previous iterations of DPL.
You should not be running both of these extensions at the same time. Intersection is a legacy extension and fork/branch of the previous iterations of DPL.
Nov 17 2017
Nov 17 2017
It probably will! I will get this fix deployed on the Gamepedia stack today.
Nov 16 2017
Nov 16 2017
A similar error on line 244 of drilldown/CargoFilter.php. Path of Exile has weapons with range so that conflicts with the MySQL reserved word.
Nov 15 2017
Nov 15 2017
Aug 7 2017
Aug 7 2017
I think I know why this happened then. Our development machines are OS X case-insensitive. So most likely at some point it was capitalized way in the past, but future file copies went fine since OS X will not rename/ignore the difference. I will mark this as closed.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL