Page MenuHomePhabricator

Dylsss (Dylan)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Sunday

  • Clear sailing ahead.

User Details

User Since
Jan 28 2021, 2:41 PM (168 w, 22 h)
Availability
Available
LDAP User
Dylsss
MediaWiki User
Unknown

Recent Activity

Apr 18 2023

Dylsss added a comment to T334897: Security Issue Access Request for krabina.

See also:

Apr 18 2023, 12:47 AM · SecTeam-Processed, Security-Team, Security

Mar 31 2023

Dylsss added a watcher for Phabricator: Dylsss.
Mar 31 2023, 10:12 AM
Dylsss added a watcher for Security: Dylsss.
Mar 31 2023, 10:12 AM

Mar 24 2023

Dylsss added a comment to T332850: Undeploy DoubleWiki Extension from Wikimedia production .

If the issue is severe enough as T257062: Lilypond seemingly not subject to restrictions (CVE-2020-29007), it should be emergency disabled but reenabled once it is fixed (and there would be a task for reenable it).

Mar 24 2023, 2:00 AM · User-notice, MediaWiki-extensions-DoubleWiki, Code-Stewardship-Reviews

Mar 15 2023

Dylsss added projects to T332220: Acquire enwp.org: Domains, SRE, Traffic.

See also: T32861

Mar 15 2023, 8:42 PM · Traffic, SRE, Domains

Mar 2 2023

Dylsss edited projects for T330969: MediaViewer displays incorrect free license from Commons (after moving file from Commons to English Wikipedia), added: CommonsMetadata; removed MediaWiki-Action-API.
Mar 2 2023, 10:58 AM · CommonsMetadata

Feb 21 2023

Dylsss added a comment to T316199: "Tags" field doesn't contain project when new task is opened in a new tab via the workboard.

I uploaded a patch for this task in Phorge upstream: https://we.phorge.it/D25068.

Feb 21 2023, 3:10 AM · Upstream, Phabricator (Upstream)
Dylsss closed T164468: Visually show that a task has "stalled" status on workboards as Resolved.

Open states such as In Progress and Stalled are displayed on workboards now so it must have been implemented by the upstream at some point.

Feb 21 2023, 2:36 AM · Upstream, Phabricator (Upstream), WMSE-Bug-Reporting-and-Translation-2017
Dylsss added a comment to T330115: A simpler way to edit the mediawiki code.

Unless you want to edit another user's patch, you don't need to. You can still create and edit your own patches.

Feb 21 2023, 1:48 AM · Gerrit
Dylsss added a comment to T330115: A simpler way to edit the mediawiki code.

It's because you need to be in the Gerrit Trusted-Contributors group to edit another user's patch.

Feb 21 2023, 1:44 AM · Gerrit
Dylsss closed T330115: A simpler way to edit the mediawiki code as Declined.

You can already use the Gerrit web interface to make simple changes. T329726 is unrelated to the web interface, you would still be denied even if you used a command line.

Feb 21 2023, 1:34 AM · Gerrit
Dylsss added a project to T330113: phab.wmflabs.org 502 Bad Gateway: VPS-project-Phabricator.
Feb 21 2023, 12:57 AM · VPS-project-Phabricator
Dylsss created T330113: phab.wmflabs.org 502 Bad Gateway.
Feb 21 2023, 12:57 AM · VPS-project-Phabricator
Dylsss edited projects for T328200: Phabricator dashboard tab panel loads two panels' content, added: Phabricator (Upstream); removed Phabricator.

I created a fix for this in Phorge upstream: https://we.phorge.it/D25067 / https://we.phorge.it/T15146. In the mean time, someone may be able to fix this just by removing and re-adding the "Newcomer tasks" tab until the bug goes away (the bug is a type juggling issue related to the tab ID, see the upstream task for explanation).

Feb 21 2023, 12:39 AM · Upstream, Phabricator (Upstream)

Feb 18 2023

Dylsss added a comment to T329974: Show "other assignee" avatar on tasks in workboard.

Screenshot from above patch:

Screenshot 2023-02-18 055125.jpg (894×1 px, 72 KB)

Feb 18 2023, 5:55 AM · collaboration-services, Phabricator, Patch-For-Review, Release-Engineering-Team (Radar), User-brennen

Feb 3 2023

Dylsss added a comment to T326752: Security Issue Access Request for Stevemunene.

Just to clarify (our Phabricator has quite a complex permission hierarchy), @Stevemunene was able to add themselves because they were already a member of acl*sre-team. acl*sre-team grants edit access to acl*security, and anyone with edit access on a parent project can edit a subproject, and anyone with edit access can also join that project (see https://secure.phabricator.com/book/phabricator/article/projects/#parent-projects). Therefore they were able join acl*security_sre because is is a subproject of acl*security which they could edit. FWIW Security is not supposed to be used for permissions in any way, as it is joinable by anyone, it is just for tracking tasks.

Feb 3 2023, 1:06 AM · SecTeam-Processed, Security-Team, Security

Jan 16 2023

Dylsss closed T327105: Incorrectly attributed as the author of a random commit I have nothing to do with in a repository I've never touched as Resolved.

It was actually assigned to the correct account, but a spam user changed it here: https://phabricator.wikimedia.org/diffusion/identity/view/33242/ which wasn't reverted unfortunately, probably because it is pretty obscure and doesn't show up on the accounts activity.

Jan 16 2023, 9:53 PM · Diffusion, Phabricator

Dec 2 2022

Dylsss closed T314460: After a deployment, Phabricator errors out with `Unable to load the "Arcanist" library. Put "arcanist/" next to "phabricator/" on disk.` as Resolved.

Error is gone. I guess someone has fixed it.

Dec 2 2022, 8:58 PM · Release-Engineering-Team (Escape Goats🐐), User-brennen, Phabricator, VPS-project-Phabricator

Nov 25 2022

Dylsss closed T323816: Inability to (indefinitely) block some users on pmswiki as Invalid.

Not a bug (MediaWiki doesn't understand "për sempe"). You can also just choose other and type "infinite".

Nov 25 2022, 12:57 PM · MediaWiki-Blocks
Dylsss added a comment to T323816: Inability to (indefinitely) block some users on pmswiki.

I'm pretty sure this is because their MediaWiki:Ipboptions message is incorrect (they've double translated the English and localized text). I recommend just deleting the message.

Nov 25 2022, 12:52 PM · MediaWiki-Blocks

Nov 18 2022

Dylsss reopened T304540: Train blockers task throws exceptions on strange version numbers as "Open".
Nov 18 2022, 2:28 PM · Phabricator, Wikimedia-Phabricator-Extensions, Release-Engineering-Team (Priority Backlog 📥)
Dylsss updated the task description for T303828: Delete wmf branches from Gerrit repositories.
Nov 18 2022, 1:11 PM · Release-Engineering-Team (Onboarding 🚀)
Dylsss added projects to T310936: "Call to phutil_nonempty_string() expected null or a string, got: int." when attempting to view Subversion repos: Developer Productivity, Release-Engineering-Team, Phabricator (Upstream), Upstream.
Nov 18 2022, 1:10 PM · User-brennen, Upstream, Phabricator (Upstream), Release-Engineering-Team, Developer Productivity

Nov 2 2022

Dylsss added a comment to T322232: When uploading on mobile and switching to another browser tab, page will have refreshed and abandoned file upload.

This is just a side effect of aggressive RAM management on iOS/Android. There isn't any solution to this apart from persisting the progress so that it is reloaded when a user returns, which would probably require a lot of work to do.

Nov 2 2022, 5:24 PM · MediaWiki-Uploading, Advanced Mobile Contributions, Mobile

Oct 26 2022

Platonides awarded T306275: Javascript on Special:RecentChanges performs GET requests which include a Content-Type request header a Yellow Medal token.
Oct 26 2022, 12:54 AM · MW-1.39-notes (1.39.0-wmf.9; 2022-04-25), Growth-Team, MediaWiki-Recent-changes

Oct 20 2022

Dylsss merged T321227: Bug switching between 'Default' and 'Phabricator' result formats into T320323: TypeError when switching result format.
Oct 20 2022, 12:49 AM · VPS-project-Codesearch
Dylsss merged task T321227: Bug switching between 'Default' and 'Phabricator' result formats into T320323: TypeError when switching result format.
Oct 20 2022, 12:49 AM · VPS-project-Codesearch

Oct 14 2022

Dylsss added a comment to T320648: Custom task form permissions for Data Platform Team PMs.

acl*phabricator can also create custom maniphest forms, full administrator is not required.

Oct 14 2022, 9:19 AM · Release-Engineering-Team, Data Pipelines, Phabricator

Oct 12 2022

Dylsss added a comment to T320663: Special:Contribute shows an unknown message <special-tab-beiträge-short>.

It's a concatenation of the localized name of the "contributions" special page. On French Wikipedia the special page is just called "contributions" and the message exists so the message is displayed. Another example of this bug is on Spanish Wikipedia where the localized contributions page is called "Contribuciones" and Special:Contribute shows message key "special-tab-contribuciones-short". It should probably concatenate the English name of the special page rather than the localized name?

Oct 12 2022, 5:10 PM · MW-1.40-notes (1.40.0-wmf.6; 2022-10-17), Web-Team-Backlog (Kanbanana-2022-23-Q2), Campaign-Tools, MobileFrontend, SectionTranslation, MediaWiki-Core-Skin-Architecture (Menus 2.0)

Sep 28 2022

Dylsss moved T318547: Deleting a file server-side results in exception: Unknown edge constant "26"! at PhabricatorEdgeType.php:214 from To Triage to Upstream on the Phabricator board.
Sep 28 2022, 9:42 PM · Upstream, Phabricator (Upstream)
Dylsss renamed T318802: Spam from What are security guard salaries like in the USA? to spam.
Sep 28 2022, 11:56 AM · Trash
Dylsss added a comment to T314460: After a deployment, Phabricator errors out with `Unable to load the "Arcanist" library. Put "arcanist/" next to "phabricator/" on disk.`.

This error could also be caused if Phabricator was updated but not Arcanist, or vice versa. The error is output here https://github.com/phacility/phabricator/blob/9426765a2c6a149f5b0ed2d9132cd1e4e7ee152d/scripts/init/lib.php#L14

Sep 28 2022, 9:55 AM · Release-Engineering-Team (Escape Goats🐐), User-brennen, Phabricator, VPS-project-Phabricator

Sep 20 2022

valerio.bozzolan awarded T306587: Infoleak on https://wiki.wikimedia.it due to CVE-2021-44858 and Lockdown a Love token.
Sep 20 2022, 10:32 AM · SecTeam-Processed, MediaWiki-extensions-Lockdown, WMIT-Infrastructure, Security

Sep 19 2022

Dylsss updated Dylsss.
Sep 19 2022, 10:58 PM

Sep 13 2022

Dylsss closed T298453: Upload protection shown as an applicable restriction for non-existent files as Resolved.
Sep 13 2022, 11:16 AM · MW-1.40-notes (1.40.0-wmf.1; 2022-09-12), MediaWiki-Page-protection

Sep 11 2022

Dylsss closed T317485: click jacking bug report as Invalid.

There's nothing sensitive you can do on that page, MediaWiki already breaks frames on sensitive pages with x-frame-options. Unless the user can be tricked into performing some action, then there's no clickjacking attack present.

Sep 11 2022, 3:12 AM · Security
Dylsss merged T317486: click jacking bug report into T317485: click jacking bug report.
Sep 11 2022, 3:06 AM · Security
Dylsss merged task T317486: click jacking bug report into T317485: click jacking bug report.
Sep 11 2022, 3:06 AM

Sep 8 2022

Dylsss removed a project from T317284: The search no longer works with the WMF28 (CirrusSearch): Phabricator (Search).
Sep 8 2022, 9:00 AM · PHP 8.1 support, MediaWiki-User-Interface (autocomplete search), CirrusSearch, Discovery-Search

Sep 6 2022

Dylsss closed T309757: Public Phabricator dump includes restricted project columns as Resolved.
Sep 6 2022, 6:28 PM · Release-Engineering-Team (Doing), SecTeam-Processed, Vuln-Infoleak, Dumps-Generation, Phabricator, Security

Jul 29 2022

Dylsss changed Release Version from 1.40.0-wmf.2 to 1.40.0-wmf.2 on T314191: 1.40.0-wmf.2 deployment blockers.
Jul 29 2022, 10:08 PM · Patch-For-Review, Release-Engineering-Team (Priority Backlog 📥), Release, Train Deployments

Jul 22 2022

Dylsss updated the task description for T308013: Assign SPDX headers to puppet.git.
Jul 22 2022, 11:08 PM · Patch-For-Review, Infrastructure-Foundations, SRE

Jul 1 2022

Dylsss added a comment to T311797: Add ability to append text to a page via url parameter.

https://mediawiki.org/wiki/Extension:UrlGetParameters already adds a parser function to get a url parameter.

Jul 1 2022, 1:54 AM · MediaWiki-Page-editing

Jun 20 2022

Dylsss added a comment to T310936: "Call to phutil_nonempty_string() expected null or a string, got: int." when attempting to view Subversion repos.

https://secure.phabricator.com/rP2167016aebba5952a33d3f3c304533f8756072a5 fixes this.

Jun 20 2022, 10:37 PM · User-brennen, Upstream, Phabricator (Upstream), Release-Engineering-Team, Developer Productivity

Jun 19 2022

Dylsss added a comment to T310833: Uploaded files via the drag-and-drop are defaulting to private-access.

{D1203} adds support for all upload workflows, so you can use the edit form upload dialog, copy-paste, or drag-and-drop. Resolving T310850 alone will fix attachment workflows for copy-paste and drag-and-drop though.

Jun 19 2022, 9:17 PM · Release-Engineering-Team (Priority Backlog 📥), Upstream, Phabricator (Upstream), User-brennen
Dylsss closed T213364: Readme says hacking is done in Arcanist as Resolved.
Jun 19 2022, 8:10 PM · User-MarcoAurelio, Wikimedia-IEG-grant-review

Jun 18 2022

Dylsss closed T310935: "A non well formed numeric value encountered" error when attempting to view T300203 as Resolved.

Removed Release Version which seems to be causing this error as it was formatted in a non-standard way.

Jun 18 2022, 6:27 PM · Release-Engineering-Team, Phabricator
Dylsss removed Release Version on T300203: 🧪🚂 Trainsperiment Week: 1.39.0-wmf.1, 1.39.0-wmf.2, 1.39.0-wmf.3, 1.39.0-wmf.4 deployment blockers.
Jun 18 2022, 6:14 PM · Patch-For-Review, Release-Engineering-Team (🚂🧪 Trainsperiment Week), Release, Train Deployments
Krinkle awarded T310850: Phabricator loading outdated JavaScript a Orange Medal token.
Jun 18 2022, 12:29 AM · User-brennen, Release-Engineering-Team, Phabricator

Jun 17 2022

Dylsss added a comment to T310833: Uploaded files via the drag-and-drop are defaulting to private-access.

I don't think this is new behavior in that they have always defaulted to the uploader. It's just noticeable now because files don't get attached automatically. They should get automatically attached when you drag-and-drop, but this isn't working due to T310850.

Jun 17 2022, 3:14 AM · Release-Engineering-Team (Priority Backlog 📥), Upstream, Phabricator (Upstream), User-brennen
Dylsss created T310850: Phabricator loading outdated JavaScript.
Jun 17 2022, 3:01 AM · User-brennen, Release-Engineering-Team, Phabricator

Jun 16 2022

Dylsss added a comment to T307750: Possible to make restricted files public on Phabricator via Diffusion.

I assume that T309430 will fix this

Jun 16 2022, 8:46 PM · Vuln-MissingAuthz, Release-Engineering-Team, SecTeam-Processed, Phabricator (Upstream), Security

Jun 15 2022

Dylsss added a comment to T310742: Editing tasks results in "You cannot add more than 0 objects to the relationship" error.

It wasn't broken by an upstream change, it was only deployed today and the change doesn't work properly because only ManiphestTaskMergeInRelationship and ManiphestTaskCloseAsDuplicateRelationship specify a value in getMaximumSelectionSize(). This means other relationship types default to null here: https://github.com/wikimedia/phabricator/blob/0f94052396d1a7f1da1d0ed48a414c388efe38b3/src/applications/search/relationship/PhabricatorObjectRelationship.php#L108.

Jun 15 2022, 7:45 PM · Regression, Release-Engineering-Team, Phabricator

Jun 11 2022

Dylsss added a comment to T299694: Adding sicilian language (scn).

Actually, there is a deployment next week and there are scn translations in the repository, but according to rPHTR Phabricator Translations, the language needs to be added to src/locales/ before it will show up. Which I'm not sure I fully understand since there are languages in settings which have translations, but don't have a file in that directory (e.g. zh-hans/zh-hant).

Jun 11 2022, 8:45 PM · Patch-For-Review, translatewiki.net, Phabricator, I18n
Dylsss added a comment to T299694: Adding sicilian language (scn).

This should get deployed this coming week.

Jun 11 2022, 8:24 PM · Patch-For-Review, translatewiki.net, Phabricator, I18n

Jun 8 2022

Dylsss closed T310008: Checkuser API uses CSRF token name other than 'token' which results in testing issues, a subtask of T201154: Code coverage for CheckUser is very low, as Resolved.
Jun 8 2022, 12:50 AM · MW-1.39-notes (1.39.0-wmf.18; 2022-06-27), User-Huji, Test-Coverage, Essential-Work, Technical-Debt, CheckUser
Dylsss closed T310008: Checkuser API uses CSRF token name other than 'token' which results in testing issues as Resolved.
Jun 8 2022, 12:50 AM · MW-1.39-notes (1.39.0-wmf.16; 2022-06-13), CheckUser

Jun 7 2022

Dylsss claimed T310008: Checkuser API uses CSRF token name other than 'token' which results in testing issues.
Jun 7 2022, 10:31 PM · MW-1.39-notes (1.39.0-wmf.16; 2022-06-13), CheckUser
Dylsss claimed T308958: "View author information" URL doesn't update when navigating between images.
Jun 7 2022, 10:30 PM · MW-1.39-notes (1.39.0-wmf.21; 2022-07-18), MediaViewer
Dylsss added a comment to T308958: "View author information" URL doesn't update when navigating between images.

This is due to cached HTML from the previous image being returned:

	/**
	 * Returns the text content of a html string, with the `<a>`, `<i>`, `<b>` tags left intact.
	 * Tries to give an approximation of what would be visible if the HTML would be displayed.
	 *
	 * @param {string} html
	 * @return {string}
	 */
	HUP.htmlToTextWithTags = function ( html ) {
		var $html;
		if ( !cache.textWithTags[ html ] ) {
			$html = this.wrapAndJquerify( html );
			this.filterInvisible( $html );
			this.appendWhitespaceToBlockElements( $html );
			this.whitelistHtml( $html, 'a, span, i, b, sup, sub' );
			cache.textWithTags[ html ] = this.mergeWhitespace( $html.html() );
		}
		return cache.textWithTags[ html ];
	};

jQuery object gets converted to array key [object Object] which results in ununique key and causes incorrect cached HTML to be returned:

} else {
	this.creditField.set(
		$( '<a>' )
			.addClass( 'mw-mmv-credit-fallback' )
			.prop( 'href', filepageUrl )
			.text( mw.message( 'multimediaviewer-credit-fallback' ).plain() )
	);
}
Object { "Test": "Test", "[object Object]": "<a class=\"mw-mmv-credit-fallback\" href=\"http://localhost:8080/wiki/File:Test.PNG\">View author information</a>", Capture: "Capture" }
mmv.HtmlUtils.js:234:11
Jun 7 2022, 10:00 PM · MW-1.39-notes (1.39.0-wmf.21; 2022-07-18), MediaViewer
Dylsss renamed T310098: acl*wmcs-team, acl*blog-admins joinable by anyone from acl*wmcs-team, acl*blog-admins joinable by anyone. to acl*wmcs-team, acl*blog-admins joinable by anyone.
Jun 7 2022, 7:25 PM · User-MarcoAurelio, Phabricator, Security, Security-Team
Dylsss added a comment to T310098: acl*wmcs-team, acl*blog-admins joinable by anyone.

Though the policies of acl*wmcs-team and acl*blog-admins should probably be modified to remove Policy-Admins if there is no need for it.

Jun 7 2022, 7:23 PM · User-MarcoAurelio, Phabricator, Security, Security-Team
Dylsss updated the task description for T310098: acl*wmcs-team, acl*blog-admins joinable by anyone.
Jun 7 2022, 7:11 PM · User-MarcoAurelio, Phabricator, Security, Security-Team
Dylsss removed a member for acl*test_policy_admins: Dylsss.
Jun 7 2022, 7:08 PM
Dylsss added a project to T310098: acl*wmcs-team, acl*blog-admins joinable by anyone: Phabricator.
Jun 7 2022, 7:07 PM · User-MarcoAurelio, Phabricator, Security, Security-Team
Dylsss created T310098: acl*wmcs-team, acl*blog-admins joinable by anyone.
Jun 7 2022, 7:06 PM · User-MarcoAurelio, Phabricator, Security, Security-Team
Dylsss set the color for acl*test_policy_admins to Red.
Jun 7 2022, 7:00 PM
Dylsss set the color for acl*test_policy_admins to Red.
Jun 7 2022, 6:59 PM
Dylsss added a member for acl*test_policy_admins: Dylsss.
Jun 7 2022, 6:57 PM
Dylsss added a comment to T310008: Checkuser API uses CSRF token name other than 'token' which results in testing issues.

Or you can just use doApiRequest and pass the token yourself. E.g., https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/refs/heads/master/tests/phpunit/includes/api/ApiLoginTest.php#121.

Jun 7 2022, 2:04 AM · MW-1.39-notes (1.39.0-wmf.16; 2022-06-13), CheckUser
Dylsss added a comment to T310008: Checkuser API uses CSRF token name other than 'token' which results in testing issues.

It's not really non-standard. lots of APIs have prefixes to prevent parameter conflicts. Submodules of query (which checkuser is) must have parameter prefixes, so removing the prefix is not an option.

Jun 7 2022, 1:55 AM · MW-1.39-notes (1.39.0-wmf.16; 2022-06-13), CheckUser

Jun 5 2022

Dylsss merged T309936: Fail to run update.php on 1.38.0: your composer.lock file is not up to date into T309860: CheckComposerLockUpToDate fails when upgrading from MW 1.37.2 to 1.38.0.
Jun 5 2022, 5:12 AM · MW-1.38-release, MediaWiki-Maintenance-system, MediaWiki-General
Dylsss merged task T309936: Fail to run update.php on 1.38.0: your composer.lock file is not up to date into T309860: CheckComposerLockUpToDate fails when upgrading from MW 1.37.2 to 1.38.0.
Jun 5 2022, 5:11 AM
Dylsss closed T165657: Project details doesn't render our `#acl*name` projects as Resolved.

Release-Engineering-Team now references it correctly (with #acl_releng). Project hashtags can't contain special characters like *, so referencing the project using special characters won't work properly. Special characters should automatically be converted to an underscore when a hashtag with special characters is added.

Jun 5 2022, 5:04 AM · Upstream, Phabricator (Upstream)
Dylsss added a comment to T252150: Change default search scope for Search field in upper right corner from Global to Open Tasks.

Not sure if this is a new feature, but when you change the filter it posts to /settings/adjust/?key=search-scope. So you should only need to change it once. But the default can also be changed for everyone by administrators in the global default settings page.

Jun 5 2022, 4:25 AM · Phabricator (Search)
Dylsss closed T276447: Unhandled exception clicking "Next" button on Notifications page: Rows must have unique IDs. An underlying query may be missing a GROUP BY. as Resolved.

This was deployed in https://phabricator.wikimedia.org/rPHDEP68b31a2817686c9b4d7113a73b017ee3ce4a5bdd.

Jun 5 2022, 4:15 AM · Phabricator (2023-08-23), Upstream
Dylsss added a comment to T293240: Create Growth team blog on Phame.

The link to create a blog is https://phabricator.wikimedia.org/phame/blog/edit/. Any user in acl*phabricator can do so.

Jun 5 2022, 3:46 AM · Phabricator
Dylsss added a comment to T215148: On Phabricator workboard, show status of associated Gerrit patches.

Are people still interested in something like this? I was experimenting with this and created a working prototype, it requests all Gerrit patches using the task IDs and then extracts and caches an array of the relevant data from the Gerrit changes, it's similar to the current Gerrit patches fields on tasks:

Jun 5 2022, 1:14 AM · Release-Engineering-Team (Yak Shaving 🐃🪒), User-MModell, Phabricator

Jun 3 2022

Dylsss added a comment to T181317: Streamline process for uploading private files to public tasks.

https://secure.phabricator.com/w/changelog/2022.21/ essentially resolves this as attachment behavior is changed so that files are only attached when you drag a file into the comment box. If you simply reference the file, it will not get attached so it will not inherit the permissions of the object and will stay private.

Jun 3 2022, 2:01 AM · Phabricator (2023-08-23), Security
Dylsss closed T270696: Exception - Testing for capability "interact" on an object ("PhabricatorBadgesBadge") which does not support that capability. as Resolved.

Seems this is no longer reproducible: https://phabricator.wikimedia.org/badges/view/10/#671.

Jun 3 2022, 1:53 AM · User-DannyS712, Phabricator
Dylsss added a comment to Bug Unraveler.

T270696 @gerritbot @Dylsss @bzimport

Jun 3 2022, 1:50 AM
Dylsss added a comment to T271188: Remove phabricator admin role from oneself via GUI not working.

It's from https://phabricator.wikimedia.org/source/phabricator/browse/wmf%252Fstable/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php$35. If the aim of this task is to allow Phabricator admins to remove their own admin status, then the if condition just needs to be removed.

Jun 3 2022, 1:26 AM · Upstream, Phabricator (Upstream)

Jun 2 2022

Dylsss updated the task description for T309757: Public Phabricator dump includes restricted project columns.
Jun 2 2022, 3:03 AM · Release-Engineering-Team (Doing), SecTeam-Processed, Vuln-Infoleak, Dumps-Generation, Phabricator, Security
Dylsss added a comment to T309757: Public Phabricator dump includes restricted project columns.

The below should prevent non-public project columns from being returned:

diff --git a/wmfphablib/phabdb.py b/wmfphablib/phabdb.py
index e0f7f0b..1376a5f 100755
--- a/wmfphablib/phabdb.py
+++ b/wmfphablib/phabdb.py
@@ -17,7 +17,7 @@ from config import bzmigrate_user
 from config import bzmigrate_passwd
Jun 2 2022, 2:47 AM · Release-Engineering-Team (Doing), SecTeam-Processed, Vuln-Infoleak, Dumps-Generation, Phabricator, Security
Dylsss added projects to T309757: Public Phabricator dump includes restricted project columns: Phabricator, Dumps-Generation.
Jun 2 2022, 2:04 AM · Release-Engineering-Team (Doing), SecTeam-Processed, Vuln-Infoleak, Dumps-Generation, Phabricator, Security
Dylsss created T309757: Public Phabricator dump includes restricted project columns.
Jun 2 2022, 2:00 AM · Release-Engineering-Team (Doing), SecTeam-Processed, Vuln-Infoleak, Dumps-Generation, Phabricator, Security

Jun 1 2022

Dylsss created T309746: Remove unneeded translation overrides.
Jun 1 2022, 11:03 PM · Phabricator
Dylsss closed T228518: Delete unused custom /src/other/CustomLoginHandler.php in Phab extensions as Resolved.

Was done in rPHEX1d9b463a4f1cb540fc6922b64a8d6bbc130a62f9.

Jun 1 2022, 6:18 PM · Phabricator

May 29 2022

Dylsss added a comment to T309480: "No pages returned by the remote API" error for specific files.

Seems to be caused by the iiurlwidth=800&iiurlheight=400 parameters.

May 29 2022, 9:05 PM · Patch-For-Review, WMDE-TechWish-Maintenance, Commons, Move-Files-To-Commons
Dylsss added a comment to T309480: "No pages returned by the remote API" error for specific files.

The API request that FileImporter is making is https://beta.wikiversity.org/w/api.php?action=query&format=json&titles=File%3AJoonitud_EMH_3196_2.tif&prop=info%7Cimageinfo%7Crevisions%7Ctemplates%7Ccategories&iilimit=500&iiurlwidth=800&iiurlheight=400&iiprop=timestamp%7Cuser%7Cuserid%7Ccomment%7Ccanonicaltitle%7Curl%7Csize%7Csha1%7Carchivename&rvlimit=500&rvdir=newer&rvprop=flags%7Ctimestamp%7Cuser%7Csha1%7Ccontentmodel%7Ccomment%7Ccontent%7Ctags&tlnamespace=10&tllimit=500&cllimit=500. Which returns Could not normalize image parameters for Joonitud_EMH_3196_2.tif.

May 29 2022, 9:00 PM · Patch-For-Review, WMDE-TechWish-Maintenance, Commons, Move-Files-To-Commons

May 27 2022

Dylsss added a comment to T307750: Possible to make restricted files public on Phabricator via Diffusion.

Also is F21966 considered private, as it was previously set to WMF-NDA.

May 27 2022, 8:52 PM · Vuln-MissingAuthz, Release-Engineering-Team, SecTeam-Processed, Phabricator (Upstream), Security
Dylsss added a project to T307750: Possible to make restricted files public on Phabricator via Diffusion: PermanentlyPrivate.

This is now fixed in Phabricator upstream, there is now an advisory at https://secure.phabricator.com/T13683 and change summary at https://secure.phabricator.com/w/changelog/2022.21/. This task has details of the attack that were purposely omitted and undisclosed in Phabricator upstream, so I am temporarily adding PermanentlyPrivate to prevent this task from being made public.

May 27 2022, 8:41 PM · Vuln-MissingAuthz, Release-Engineering-Team, SecTeam-Processed, Phabricator (Upstream), Security
Dylsss added a project to T222322: Edit summary box is empty (no default value) when undoing structured data edits: Multi-Content-Revisions.
May 27 2022, 11:43 AM · Multi-Content-Revisions, Structured-Data-Backlog, Structured Data Engineering
Dylsss merged T309348: SDC breaks "undo" auto edit summaries into T222322: Edit summary box is empty (no default value) when undoing structured data edits.
May 27 2022, 11:40 AM · Multi-Content-Revisions, Structured-Data-Backlog, Structured Data Engineering
Dylsss merged task T309348: SDC breaks "undo" auto edit summaries into T222322: Edit summary box is empty (no default value) when undoing structured data edits.
May 27 2022, 11:40 AM · StructuredDataOnCommons

May 26 2022

Dylsss added a project to T309326: STL renderer crashes after some activity: 3D.
May 26 2022, 4:31 PM · 3D
Dylsss closed T309287: Outdated paraminfo in the API as Invalid.

This is intended, the API response specifies the prefix "prefix": "lg". You append the prefix to the parameter names.

May 26 2022, 10:31 AM · MediaWiki-Action-API
Dylsss updated the task description for T309287: Outdated paraminfo in the API.
May 26 2022, 10:09 AM · MediaWiki-Action-API

May 22 2022

Dylsss added a comment to T308946: upstream request timeout on Phabricator.

I think this is the same as T291775 and T258803.

May 22 2022, 5:47 AM · Phabricator (Search)

May 21 2022

Dylsss updated subscribers of T308920: Error while trying to use parsoid (vendor/mediawiki/parsoid/bin/parse.php) in docker.
May 21 2022, 4:14 PM · Docker-Hub-MediaWiki, Parsoid