Page MenuHomePhabricator
People Dianliang233

Dianliang233
User

Projects

User does not belong to any projects.

Calendar

Today

  • No visible events.

Tomorrow

  • No visible events.

Saturday

  • No visible events.

User Details

User Since
Jun 9 2019, 2:38 AM (349 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Dianliang233 [ Global Accounts ]

Recent Activity
View All

Jul 8 2025

Dianliang233 added a comment to T397521: CVE-2025-12004: The compare API module breaks Extension:Lockdown.

Should this be set to public now that it's been fixed?

Jul 8 2025, 7:10 AM · MW-1.45-notes (1.45.0-wmf.8; 2025-07-01), SecTeam-Processed, MediaWiki-Action-API, MW-Interfaces-Team, Vuln-Infoleak, Security, Security-Team

Jun 20 2025

Dianliang233 removed Author Affiliation on T397524: CVE-2025-53501: Scribunto title.getContent() doesn't respect $wgNonincludableNamespaces.
Jun 20 2025, 2:54 PM · Vuln-Infoleak, MediaWiki-extensions-Lockdown, Scribunto, Security, Security-Team
Dianliang233 updated subscribers of T397524: CVE-2025-53501: Scribunto title.getContent() doesn't respect $wgNonincludableNamespaces.
Jun 20 2025, 2:52 PM · Vuln-Infoleak, MediaWiki-extensions-Lockdown, Scribunto, Security, Security-Team
Dianliang233 added projects to T397524: CVE-2025-53501: Scribunto title.getContent() doesn't respect $wgNonincludableNamespaces: Scribunto, MediaWiki-extensions-Lockdown, Vuln-Infoleak.

To further clarify, this is especially a problem for pages protected by Extension:Lockdown. Security issue because the stated purpose of this setting is "[a]mong other things, this may be useful to enforce read-restrictions that may otherwise be bypassed by using the template mechanism."

Jun 20 2025, 2:52 PM · Vuln-Infoleak, MediaWiki-extensions-Lockdown, Scribunto, Security, Security-Team
Dianliang233 added a project to T397521: CVE-2025-12004: The compare API module breaks Extension:Lockdown: Vuln-Infoleak.
Jun 20 2025, 2:48 PM · MW-1.45-notes (1.45.0-wmf.8; 2025-07-01), SecTeam-Processed, MediaWiki-Action-API, MW-Interfaces-Team, Vuln-Infoleak, Security, Security-Team
Dianliang233 updated the task description for T397521: CVE-2025-12004: The compare API module breaks Extension:Lockdown.
Jun 20 2025, 2:17 PM · MW-1.45-notes (1.45.0-wmf.8; 2025-07-01), SecTeam-Processed, MediaWiki-Action-API, MW-Interfaces-Team, Vuln-Infoleak, Security, Security-Team
Dianliang233 added a project to T397521: CVE-2025-12004: The compare API module breaks Extension:Lockdown: MediaWiki-extensions-Lockdown.
Jun 20 2025, 2:10 PM · MW-1.45-notes (1.45.0-wmf.8; 2025-07-01), SecTeam-Processed, MediaWiki-Action-API, MW-Interfaces-Team, Vuln-Infoleak, Security, Security-Team
Dianliang233 created T397521: CVE-2025-12004: The compare API module breaks Extension:Lockdown.
Jun 20 2025, 2:10 PM · MW-1.45-notes (1.45.0-wmf.8; 2025-07-01), SecTeam-Processed, MediaWiki-Action-API, MW-Interfaces-Team, Vuln-Infoleak, Security, Security-Team

Mar 20 2025

Dianliang233 removed a watcher for Codex: Dianliang233.
Mar 20 2025, 11:56 PM

Feb 15 2025

Dianliang233 added a watcher for Chinese-Sites: Dianliang233.
Feb 15 2025, 1:36 PM
Dianliang233 added a watcher for MediaWiki-Language-converter: Dianliang233.
Feb 15 2025, 1:35 PM

Jan 8 2025

Dianliang233 added a comment to T383077: [EPIC] Re-license Codex under MIT.
In T383077#10438489, @egardner wrote:
In T383077#10438414, @bd808 wrote:
In T383077#10435734, @Volker_E wrote:

Another option, as stated in the wikitech-l thread, were to dual-license Codex – as in adding MIT license.
IANAL, but from my understanding we would have to get written author permissions to re-license for using all parts of contributors until this moment. It could be a bit less disruptive to add MIT license and avoid legal or community complexities associated with re-licensing. New users or projects can opt for the permissive MIT license.

A more permissive license cannot just be arbitrarily added. If that were possible then anyone who wanted a more permissively licensed library could just fork the upstream and add the license of their choosing. In order to relicense from GPL all current license holders must agree to the change. Because the Wikimedia projects do not use a Contributor License Agreement (CLA) that assigns all rights to the project this means that all contributors must be contacted for approval. If the project incorporates code from an upstream project by copying the rights holders to the upstream content must also be contacted.

That sounds correct to me. I assume we'd need to contact all the code contributors listed in https://github.com/wikimedia/design-codex/blob/main/AUTHORS.txt and ask them to agree to a change in license.

Jan 8 2025, 2:39 AM · Design-System-Team (Roadmap), Epic, Codex, Software-Licensing

Nov 27 2024

Dianliang233 added a watcher for Codex: Dianliang233.
Nov 27 2024, 1:25 AM
Dianliang233 removed a watcher for VisualEditor-MediaWiki-2017WikitextEditor: Dianliang233.
Nov 27 2024, 1:10 AM

Jun 9 2019

Dianliang233 added a watcher for VisualEditor-MediaWiki-2017WikitextEditor: Dianliang233.
Jun 9 2019, 2:40 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits