Bawolff (Brian Wolff)
Security

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Oct 25 2014, 1:53 AM (212 w, 3 d)
Availability
Available
IRC Nick
Bawolff
LDAP User
Brian Wolff
MediaWiki User
Bawolff [ Global Accounts ]

I work on the MediaWiki Security Team.

Recent Activity

Yesterday

Bawolff changed the visibility for T207777: audit password policy check for constant time string comparisons.
Mon, Nov 19, 9:29 PM · Google-Code-in-2018, MediaWiki-User-management, Security
Bawolff added a project to T207777: audit password policy check for constant time string comparisons: Google-Code-in-2018.

Sounds good to me. Even as far as timing attacks this is extremely minor (read impossible) as its only comparing the entered password not actual. But i think its good to use hash_equals for any comparison involving a password just in case

Mon, Nov 19, 9:29 PM · Google-Code-in-2018, MediaWiki-User-management, Security
Bawolff added a comment to T209802: Cannot vote on votewiki.

One thing that was confusing me was why timeout in limit.sh wasnt killing the process eventually. But after reading docs i guess that is because it didnt have a -k flag

Mon, Nov 19, 7:39 PM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Jdforrester-WMF awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Mon, Nov 19, 4:24 PM · Repository-Ownership-Requests
Jakob_WMDE awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Mon, Nov 19, 10:07 AM · Repository-Ownership-Requests
Lucas_Werkmeister_WMDE awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Mon, Nov 19, 10:02 AM · Repository-Ownership-Requests
Bawolff updated the task description for T209802: Cannot vote on votewiki.
Mon, Nov 19, 4:44 AM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Bawolff updated the task description for T209802: Cannot vote on votewiki.
Mon, Nov 19, 3:55 AM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Bawolff added a project to T209805: Wikipedia sends WebP thumbnails when Opera claims to support it but lies: Multimedia.

Can you link to which image is being returned as webp?

Mon, Nov 19, 3:49 AM · Performance-Team, Traffic, Operations, Multimedia
Bawolff added a comment to T209802: Cannot vote on votewiki.

So looking in the logs, it seems like a log event is generated for importing the key into gpg, but there is no log event for actually encrypting the voting record (The next step after importing the key). This makes me wonder if its an issue with shelling out to gpg.

Mon, Nov 19, 3:25 AM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Bawolff updated the task description for T209804: Can't create election: SecurePollContentHandler::makeContentFromElection() must be an instance of SecurePoll_Election, bool given.
Mon, Nov 19, 3:14 AM · MediaWiki-extensions-SecurePoll
Bawolff added a comment to T209802: Cannot vote on votewiki.

As an aside, telling x-wikimedia-debug to send me to a php7 seemed to make it work, so definitely seems hhvm related.

Mon, Nov 19, 3:00 AM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Bawolff added a project to T209804: Can't create election: SecurePollContentHandler::makeContentFromElection() must be an instance of SecurePoll_Election, bool given: MediaWiki-extensions-SecurePoll.
Mon, Nov 19, 2:46 AM · MediaWiki-extensions-SecurePoll
Bawolff created T209804: Can't create election: SecurePollContentHandler::makeContentFromElection() must be an instance of SecurePoll_Election, bool given.
Mon, Nov 19, 2:46 AM · MediaWiki-extensions-SecurePoll
Bawolff added a comment to T209802: Cannot vote on votewiki.

I had a feeling it is related to FastCGI as well (just like the other two mentioned above). Sadly, I have no knowledge of FastCGI troubleshooting. I will quietly monitor this thread. Positively surprised that this did not happen during T207560.

Mon, Nov 19, 2:12 AM · Patch-For-Review, Operations, Wikimedia-production-error, MediaWiki-extensions-SecurePoll
Bawolff added a comment to T208668: Do not ask for password on reauthentication when 2FA is enabled.

Depending on the specifics of "reauthentication", this may be a duplicate of T203256.

Mon, Nov 19, 1:30 AM · MediaWiki-extensions-OATHAuth, MediaWiki-Authentication-and-authorization, Security

Sun, Nov 18

takidelfin awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sun, Nov 18, 7:50 PM · Repository-Ownership-Requests
takidelfin awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sun, Nov 18, 7:50 PM · Repository-Ownership-Requests
Shreyasminocha awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sun, Nov 18, 7:11 PM · Repository-Ownership-Requests
samuelguebo awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Orange Medal token.
Sun, Nov 18, 7:09 PM · Repository-Ownership-Requests
Zoranzoki21 awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sun, Nov 18, 3:04 PM · Repository-Ownership-Requests
Bawolff added a comment to T209773: RFC: Proposal to add wl_addedtimestamp attribute to the watchlist table.

From what I understand (This is bit beyond my expertise), for things like watchlist where a large number of rows are potentially scanned, its important to keep the tables narrow, so that more of it fits into a page of memory. (Assuming that's true... Which i have no idea. This is beyond my db knowledge) perhaps it makes sense to instead of adding more fields to the watchlist table, instead have a watchlist_info table in a 1:1 relationship which can have more information field (also move wl_notificationtimestamp over there).

Sun, Nov 18, 12:24 AM · DBA, TechCom-RFC, MediaWiki-Database
Ebe123 awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sun, Nov 18, 12:19 AM · Repository-Ownership-Requests

Sat, Nov 17

Bawolff closed T209344: When upgrading via the web installer, in the event of a query error, form displays previous step. as Resolved.
Sat, Nov 17, 11:44 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Volker_E awarded T209775: Nominate Alangi Derick for +2 on mediawiki/* a Like token.
Sat, Nov 17, 11:37 PM · Repository-Ownership-Requests
Bawolff created T209775: Nominate Alangi Derick for +2 on mediawiki/*.
Sat, Nov 17, 11:33 PM · Repository-Ownership-Requests
Bawolff closed T209228: Action api should reject requests with unsupported http methods with a 405 as Resolved.
Sat, Nov 17, 10:43 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff added a comment to T209656: Cannot create new poll on votewiki.

Those two patches, well good things, probably dont fix whatever is causing fastCGI to explode.

Sat, Nov 17, 1:53 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, MediaWiki-extensions-SecurePoll

Fri, Nov 16

Bawolff added a comment to T119366: Disable caching on the main page for anonymous users.

Fwiw: im of the opinion that date magic words should reduce varnish cache to at least 24 hours, maybe six hours. Im doubtful that super long cache times for all pages in varnish are really that worth it...

Fri, Nov 16, 11:49 PM · Traffic, Operations, Wikimedia-General-or-Unknown
Bawolff added a comment to T119366: Disable caching on the main page for anonymous users.

For me, it seems that the issue has grown even bigger in time. The delay with Estonian Wikipedia is often like 3 weeks (!!!), that means not-logged-in-users hardly ever see up-to-the-date info when they visit the main page. Could it please be fixed somehow?

Fri, Nov 16, 11:46 PM · Traffic, Operations, Wikimedia-General-or-Unknown
Bawolff closed T209341: Running DatabaseUpdater::purgeCache via WebInstaller should handle exceptions more gracefully as Resolved.

Good work :)

Fri, Nov 16, 11:26 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff added a comment to T209726: Need to shut down a list, mediation-en-l.

[You should probably include the name of the mailing list in the task title]

Fri, Nov 16, 8:50 PM · Wikimedia-Mailing-lists, Operations
Bawolff changed the visibility for T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist.
Fri, Nov 16, 4:17 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
Bawolff added a comment to T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist.

[Making public is blocks work again]

Fri, Nov 16, 4:17 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security
Bawolff added a project to T209674: Fatal: Cannot block user at wikitech: Table 'labswiki.ipblocks_restrictions' doesn't exist: Anti-Harassment.

Definitely sounds partial block related. Cc'ing some AHT people.

Fri, Nov 16, 2:10 PM · Anti-Harassment, MediaWiki-User-management, Wikimedia-production-error, wikitech.wikimedia.org, Security

Thu, Nov 15

Bawolff added a comment to T209656: Cannot create new poll on votewiki.

Oh i found some varnish/apache errors:

Thu, Nov 15, 11:18 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, MediaWiki-extensions-SecurePoll
Bawolff added a comment to T209656: Cannot create new poll on votewiki.

I don't see anything obvious in logstash logs for votewiki. A bunch of:

Thu, Nov 15, 11:12 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, MediaWiki-extensions-SecurePoll
Bawolff added a comment to T209656: Cannot create new poll on votewiki.

Can you include the date and full url accessed? (To narrow it down in log files)

Thu, Nov 15, 11:08 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, MediaWiki-extensions-SecurePoll
Bawolff added a comment to T86210: MobileFrontend throws away warnings and other data from action=parse.

Its kind of unclear to me if just earnings should be copied over, or if it should loop through all the returned data and copy everything there over

Thu, Nov 15, 8:47 PM · Readers-Web-Backlog (Readers-Web-Kanbanana-Board-2018-19-Q2), Patch-For-Review, Google-Code-in-2018, Need-volunteer, MobileFrontend
Bawolff added a comment to T151010: Add logging to OATHAuth.

This task already is public.

Thu, Nov 15, 8:03 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Unknown Object (Project), Wikistorm, Patch-For-Review, MediaWiki-extensions-OATHAuth
Bawolff created T209586: Make the stored session id be a hash of the used session id to isolate them.
Thu, Nov 15, 1:51 PM · Security-Team, Security, MediaWiki-Authentication-and-authorization
Bawolff added a comment to T205972: Fixup Phan errors in SecurePoll.

Well that's odd. My test change didn't trigger any errors: https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SecurePoll/+/473726/

Thu, Nov 15, 12:45 PM · MW-1.33-notes (1.33.0-wmf.4; 2018-11-13), Patch-For-Review, phan-taint-check-plugin, MediaWiki-extensions-SecurePoll
Bawolff created T209579: MediaWiki should log user out of all sessions when going to Special:Userlogout.
Thu, Nov 15, 12:44 PM · MediaWiki-Authentication-and-authorization, Security
Bawolff added a comment to T205972: Fixup Phan errors in SecurePoll.

Did https://gerrit.wikimedia.org/r/#/c/integration/config/+/473724 to make it non-voting until kinks are worked out

Thu, Nov 15, 12:17 PM · MW-1.33-notes (1.33.0-wmf.4; 2018-11-13), Patch-For-Review, phan-taint-check-plugin, MediaWiki-extensions-SecurePoll
Bawolff added a comment to T207297: Phan SecurityCheck-XSS and SecurityCheck-SQLInjection errors in SecurePoll extension.

The api-auth one is likely because the mime type is not text/html but the script still thinks it is (Thought i already suppressed that)

Thu, Nov 15, 12:13 PM · Patch-For-Review, MediaWiki-extensions-SecurePoll, Security
Bawolff changed the visibility for T207297: Phan SecurityCheck-XSS and SecurityCheck-SQLInjection errors in SecurePoll extension.
Thu, Nov 15, 12:12 PM · Patch-For-Review, MediaWiki-extensions-SecurePoll, Security
Bawolff added a comment to T209320: User that was created by OAuth cannot set password.

Wait, so how can oauth create a user with no password? Should this sort of thing require a password reset via email instead?

Thu, Nov 15, 12:01 PM · User-Urbanecm, Google-Code-in-2018, WMCZ-Tracker
Bawolff added a comment to T28508: Content Security Policy (CSP).

I updated Chrome to version 70.0.3538.102 and this doesn't happen now.

@Bawolff where you see dl.metabar.com on my screenshots? I want to know what of my userscripts accesses this URL.

Thu, Nov 15, 11:17 AM · Front-end-Standards-Group, Security, Security-Team, WorkType-NewFunctionality, MediaWiki-General-or-Unknown
Bawolff awarded T209556: In AuthManager, avoid encrypted storage of the password in the session a Like token.
Thu, Nov 15, 10:20 AM · Security, MediaWiki-Authentication-and-authorization

Wed, Nov 14

Bawolff moved T208188: Proposal for partial opt-out method for Content security policy from Under discussion to Request IRC meeting on the TechCom-RFC board.
Wed, Nov 14, 11:56 PM · TechCom-RFC, TechCom, Security-Team, Security
Bawolff moved T208188: Proposal for partial opt-out method for Content security policy from Backlog to In Progress on the Security-Team board.

Looks like I put this under "request IRC meeting" by mistake last week. @Bawolff, do you think this would benefit from a public IRC meeting soon?

Wed, Nov 14, 11:55 PM · TechCom-RFC, TechCom, Security-Team, Security
Bawolff lowered the priority of T28508: Content Security Policy (CSP) from High to Normal.

@MaxBioHazard CSP is in test only mode - which means it puts errors in the console, but doesn't actually do anything (yet). Any issues you are having is not caused by the CSP warnings.

Wed, Nov 14, 5:53 PM · Front-end-Standards-Group, Security, Security-Team, WorkType-NewFunctionality, MediaWiki-General-or-Unknown
Bawolff closed T209495: Please upload large file to Wikimedia Commons as Resolved.

Done - https://commons.wikimedia.org/wiki/File:Opening_ceremony_of_First_accusation_protest_against_presumption_of_guilt_of_judicial_branch.webm

Wed, Nov 14, 5:37 PM · Commons, Wikimedia-Site-requests
Bawolff claimed T209495: Please upload large file to Wikimedia Commons.
Wed, Nov 14, 5:17 PM · Commons, Wikimedia-Site-requests
Bawolff added a comment to T209490: Date field will be prefilled with invalid date on Special:Log if 0000 is submitted.

If I go to html source view-source:https://meta.wikimedia.org/wiki/Special:Log?type=&user=Bawolff&page=&wpdate=0000-00-00&tagfilter=

Wed, Nov 14, 2:33 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), MediaWiki-Logging
Bawolff updated the task description for T209490: Date field will be prefilled with invalid date on Special:Log if 0000 is submitted.
Wed, Nov 14, 2:31 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), MediaWiki-Logging
Bawolff updated subscribers of T209490: Date field will be prefilled with invalid date on Special:Log if 0000 is submitted.

Looks like @Legoktm fixed the server side part of this in f198154d76782 / T201411 but the client side error is still present.

Wed, Nov 14, 2:26 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), MediaWiki-Logging
Bawolff created T209490: Date field will be prefilled with invalid date on Special:Log if 0000 is submitted.
Wed, Nov 14, 2:22 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), MediaWiki-Logging

Tue, Nov 13

Bawolff added a comment to T207560: Carry out the 2018 fawiki elections on votewiki.

@4nn1l2 there is no way for us to know if the election was encrypted or not (because our election admin access was removed, appropriately, prior to the election being finalized). But I assume that ALL elections are encrypted by Joe or James. Once the election is complete, they can run the tallies for us.

Language change is not a priority; it is just the right thing to do, and there is no reason to delay it :)

Tue, Nov 13, 5:25 PM · Patch-For-Review, Trust-and-Safety, Wikimedia-Site-requests
Bawolff closed T200279: Security review for WikibaseMediaInfo as Resolved.

Ok looks good. thanks for your patience on this, I know i was a bit delayed.

Tue, Nov 13, 2:10 PM · Patch-For-Review, SDC Engineering, Security-team-backlog, Security-Reviews
Bawolff closed T200279: Security review for WikibaseMediaInfo, a subtask of T206545: Implement fixes from first pass of MediaInfo security review, as Resolved.
Tue, Nov 13, 2:10 PM · MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)), SDC Engineering, Multimedia-Team-Working-Board, Multimedia
Bawolff added a project to T209358: phan-taint-check currently doesn't load extension dependencies properly when run via jenkins: phan-taint-check-plugin.
Tue, Nov 13, 1:28 PM · phan-taint-check-plugin
Bawolff created T209358: phan-taint-check currently doesn't load extension dependencies properly when run via jenkins.
Tue, Nov 13, 1:28 PM · phan-taint-check-plugin
Bawolff claimed T201492: Security review for FormWizard extension.
Tue, Nov 13, 1:17 PM · FormWizard, Security-Reviews
Bawolff added a comment to T208524: RfC: Standards for external services that integrate with MediaWiki.

Can we add to the "and in addition must" criteria, something along the lines of, have someone responsible for fixing any security issues that come up. Particularly for things we make ourselves, they don't just need to pass security review now, there also needs to be someone responsible for responding to security issues over the long-term, possibly long after development is done. (Things like the lack of response on T207222 are making me concerned about this point)

Tue, Nov 13, 1:10 PM · TechCom, TechCom-RFC
Bawolff closed T209285: Upgrade from 1.16 failed as Invalid.

I've split out the stuff i feel are valid bugs to separate tasks

Tue, Nov 13, 10:51 AM · MediaWiki-Installer
Bawolff moved T209351: Have update.php check it has CREATE, DROP, ALTER before running from Proposed tasks to Information needed on the Google-Code-in-2018 board.
Tue, Nov 13, 10:51 AM · Google-Code-in-2018, MediaWiki-Installer
Bawolff added a project to T209351: Have update.php check it has CREATE, DROP, ALTER before running: Google-Code-in-2018.

This could potentially be a good Google-Code-in-2018 task once we figure out how we actually want to do it.

Tue, Nov 13, 10:51 AM · Google-Code-in-2018, MediaWiki-Installer
Bawolff created T209351: Have update.php check it has CREATE, DROP, ALTER before running.
Tue, Nov 13, 10:50 AM · Google-Code-in-2018, MediaWiki-Installer
Bawolff added a project to T209344: When upgrading via the web installer, in the event of a query error, form displays previous step.: Google-Code-in-2018.
Tue, Nov 13, 10:18 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff added a comment to T209344: When upgrading via the web installer, in the event of a query error, form displays previous step..

https://codein.withgoogle.com/dashboard/tasks/4619079760478208/

Tue, Nov 13, 10:17 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff created T209344: When upgrading via the web installer, in the event of a query error, form displays previous step..
Tue, Nov 13, 10:04 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff renamed T209341: Running DatabaseUpdater::purgeCache via WebInstaller should handle exceptions more gracefully from Running update.php via WebInstaller should handle exceptions more gracefully to Running DatabaseUpdater::purgeCache via WebInstaller should handle exceptions more gracefully.
Tue, Nov 13, 9:31 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff updated the task description for T209341: Running DatabaseUpdater::purgeCache via WebInstaller should handle exceptions more gracefully.
Tue, Nov 13, 9:25 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer
Bawolff created T209341: Running DatabaseUpdater::purgeCache via WebInstaller should handle exceptions more gracefully.
Tue, Nov 13, 9:24 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-Installer

Mon, Nov 12

Bawolff added a comment to T202211: pagelinks and imagelinks table schema update scripts for sqlite have columns in wrong order causing update.php to fail .

So i guess everyone who updated who didnt get the constraint error now have messed up link tables. That's pretty unfortunate, although i guess at least its slowly self-correcting.

Mon, Nov 12, 11:02 PM · MediaWiki-Installer, SQLite, MediaWiki-Database
Bawolff added a comment to T209285: Upgrade from 1.16 failed.

Thanks! Closing as per last comment --- see also https://www.mediawiki.org/wiki/Project:Support_desk for support requests.

Mon, Nov 12, 6:45 PM · MediaWiki-Installer
Bawolff added a comment to T209285: Upgrade from 1.16 failed.

[If i actually treat this more as a bug report asking for better error handling than a support request]:

Mon, Nov 12, 6:43 PM · MediaWiki-Installer
Bawolff added a comment to T209285: Upgrade from 1.16 failed.

[Technically this is not a bug but a support request].

Mon, Nov 12, 6:24 PM · MediaWiki-Installer
Bawolff added a comment to T209228: Action api should reject requests with unsupported http methods with a 405.

submitted as https://codein.withgoogle.com/dashboard/tasks/6603809146011648/

Mon, Nov 12, 3:26 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff updated the task description for T209228: Action api should reject requests with unsupported http methods with a 405.
Mon, Nov 12, 3:26 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff updated the task description for T209228: Action api should reject requests with unsupported http methods with a 405.
Mon, Nov 12, 3:05 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff added a project to T209228: Action api should reject requests with unsupported http methods with a 405: Google-Code-in-2018.

It wouldn't hurt to return an error for unexpected verbs, probably somewhere near the check for POST being required.

I'm a bit on the fence over whether it should return 405 as proposed or if it should match how the API currently handles when GET is used with an action that requires a POST. Leaning towards the former though.

Mon, Nov 12, 2:37 PM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff added a project to T101017: Early security release access for Lcawte (ShoutWiki): Security-Team.
Mon, Nov 12, 12:42 PM · Security-Team, ShoutWiki, WMF-Legal, WMF-NDA-Requests

Sun, Nov 11

Bawolff awarded T196570: Add statistics table to information_schema_p a Mountain of Wealth token.
Sun, Nov 11, 11:08 PM · DBA, Data-Services
Bawolff closed T209248: Allow editing Wikimedia projects via Tor using our user account as Declined.

This is more a political issue than a technical one. Phabricator is the place to discuss technical bugs not political/social problems.

Sun, Nov 11, 10:11 PM · Tor
Bawolff added a comment to T208636: Give users a download of their "User Data'.

I'm not really sure what the expected usecase is for this feature. If it is expected that the majority of people who consume this data using spreadsheets, than I agree that CSV may make sense, regardless of my distaste for it as a data interchange format.

Sun, Nov 11, 9:48 PM · Data-Portability, Community-Tech
Bawolff created T209232: Add a unit test to Scribunto testing it is not vulnerable to CVE-2014-5461.
Sun, Nov 11, 1:03 PM · Google-Code-in-2018, MediaWiki-extensions-Scribunto
Bawolff updated the task description for T209228: Action api should reject requests with unsupported http methods with a 405.
Sun, Nov 11, 11:59 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff created T209228: Action api should reject requests with unsupported http methods with a 405.
Sun, Nov 11, 11:56 AM · MW-1.33-notes (1.33.0-wmf.6; 2018-11-27), Patch-For-Review, Google-Code-in-2018, MediaWiki-API
Bawolff added a comment to T209217: Merge WikiEditor into the MediaWiki Core.

Proposing to decline this task: Users would get no toolbar at all without the WikiEditor extension, but if users don't have the WikIEditor extension then it is because their administrators actively removed/disabled WikiEditor.

Sun, Nov 11, 5:43 AM · MediaWiki-Page-editing, WikiEditor

Sat, Nov 10

Bawolff closed T209214: MediaWiki compares mysql version incorrectly. Thinks 5.5.8 > 5.5.62 as Invalid.

nevermind, i misunderstood

Sat, Nov 10, 1:03 PM · MediaWiki-Database
Bawolff created T209214: MediaWiki compares mysql version incorrectly. Thinks 5.5.8 > 5.5.62.
Sat, Nov 10, 1:00 PM · MediaWiki-Database
Bawolff added a comment to T208636: Give users a download of their "User Data'.

If we must use csv, please be careful about issues like https://www.owasp.org/index.php/CSV_Injection

Sat, Nov 10, 5:13 AM · Data-Portability, Community-Tech
Bawolff added a watcher for Data-Portability: Bawolff.
Sat, Nov 10, 5:04 AM

Fri, Nov 9

Bawolff added a comment to T209084: Generate mediawiki.org extension infobox information automatically from extension.json.

FYI (per request): bot source is at https://www.mediawiki.org/wiki/User:Bawolff_bot/source

Fri, Nov 9, 3:59 PM · Core Platform Team (Extension Management (TEC13)), MediaWiki-General-or-Unknown
Bawolff added a comment to T209084: Generate mediawiki.org extension infobox information automatically from extension.json.

Not sure what happened with the bot, but i tried just running it manually, and it seemed to work.

Fri, Nov 9, 6:42 AM · Core Platform Team (Extension Management (TEC13)), MediaWiki-General-or-Unknown
Bawolff added a watcher for Core Platform Team (Extension Management (TEC13)): Bawolff.
Fri, Nov 9, 5:45 AM
Bawolff added a comment to T208140: Detect/flag potentially malicious gadget/javascript edits .

Special:RecentChanges filtered to JS pages

Fri, Nov 9, 4:42 AM · Scoring-platform-team, Gadgets, Code-Health, artificial-intelligence
Bawolff added a subtask for T135963: Add support for Content-Security-Policy (CSP) headers in MediaWiki: T208188: Proposal for partial opt-out method for Content security policy.
Fri, Nov 9, 4:39 AM · Core Platform Team Backlog (Watching / External), TechCom-RFC (TechCom-Approved), Patch-For-Review, Epic, Security-Team