Fri, Dec 6
Thu, Dec 5
During TechConf, I've discussed the implication of a periodic purge of the Watchlist table with several people, and there seems to be consensus that the general approach is sound with regards to the new table and the periodic purge of the Watchlist based on indexed timestamps of the watchlist_expiry table (ticket upcoming for the creation of that table+consultation with DBAs)
Wed, Dec 4
Repeating what we discussed (briefly) in an RL meeting -- We need to come up with a way to make sure the pagination works with the same state, but I am not convinced that sessions are the best way to go.
@Rxy The AHT team has taken on rewriting and redesigning CheckUser as part of the general strategy around this area. This means that we are *heavily* editing the code, and the plan is to replace the current CheckUser special page with the new one that we're building.
Tue, Dec 3
Note: We might already have a message about invalid characters in Usernames within the registration page? Worth checking if it's valid to reuse here.
Mon, Dec 2
Ahha! I think there might be an issue of re-processing the contents if it's re-requested.
Basic Functionality: Investigate how users can watch a page temporarily (highest priority)
- Via the "watch" star: Can we add a drop-down menu (when user clicks the "watch" star) that enables them to select a timerange (for example, one day, one month, three months, six months, or permanently)? See the mockup link for examples.
- What are the possible risks or issues associated with implementing this?
Sun, Dec 1
Pull request ready for review: https://github.com/wikimedia/WhoWroteThat/pull/102
Thu, Nov 28
Should have been fixed by https://github.com/wikimedia/WhoWroteThat/commit/0e9e72022751c7f9d003d3a672ed6ab1eeb5768e
Wed, Nov 27
@Halfak Do you know who can fix this test? This is blocking two patches that we need to merge to PageTriage; it comes up as an unrelated test failure, and we can't figure out why or what to do about it.
@Jdlrobson hm, this seems to have been worked on in the 2016 wishlist and seemed to have worked since; is this a new / recent failure? I remember there was conversation about problems with UTF characters when we migrated to PHP7.2, could that be the problem as well?
Mon, Nov 18
Thu, Nov 14
Pull request awaiting review: https://github.com/wikimedia/WhoWroteThat/pull/92
Should be fixed with https://github.com/wikimedia/WhoWroteThat/pull/91
Wed, Nov 13
Oops, the link should be hidden when the system is disabled. I think it's a problem of how I instantiate the system with the wrong starting value.
Nov 6 2019
The second behavior should be fixed when https://github.com/wikimedia/WhoWroteThat/pull/80 is merged
Nov 2 2019
Oct 31 2019
Oct 28 2019
Oct 21 2019
Oct 16 2019
Oct 14 2019
We should still fix the security issues, (perceived or real, regardless)
Oct 12 2019
Oct 10 2019
I'll facilitate this. I'll talk to the group about whether there are specifics we want to make sure are delivered within the given topic.
We've discussed offline but just for posterity here -- the biggest issue we have is that these percentages are calculated based on tokens and on wikitext. Essentially, the second author may have edited things like citations and thumbnails and templates that we do not "see" visually in the visual WWT tool, but make his edits correctly account for 2.1% of the page.
This was fixed (incidentally!) as part of the MVC refactor.
Oct 9 2019
Submitted a PR to handle load/unload of VisualEditor: https://github.com/wikimedia/WhoWroteThat/pull/64
This is more about good practice rather than strictly security.
Oct 8 2019
A pre-requisite is to be able to shut off the system (and disable it) from an event handler. Created T234874: Enable WWT to be turned on and off remotely for that task (PR attached) and will follow up with a VE-specific event handler after that one's merged.
PR available: https://github.com/wikimedia/WhoWroteThat/pull/63
Oct 3 2019
Oct 2 2019
So after an investigation, here are findings on how we can potentially do this.
You're right, we missed that part when discussing the ticket; it was fixing a code review comment by adding extra functionality.
This is merged to master. I will update the self-hosted gadget in the next few days before it moves to product (if all is well :) .
Oct 1 2019
Sep 24 2019
This was merged, and will be available on beta in a few minutes.
Sep 23 2019
Bringing back to review for this patch.
Thanks to the amazing debug (and git blame) skills of @Catrope we found the problem.
Sep 20 2019
@dom_walden I just re-tested this in an effort to figure out what's going on, and I can no longer reproduce it...
Sep 19 2019
First off, thank you @DannyS712 for picking this up :)
Sep 18 2019
Hm I wonder if this has anything to do with the upgrade to jQuery 3.4.1, and that ULS perhaps needs to be adjusted for it.
Sep 17 2019
Sep 8 2019
I'm sorry to hear that. If you ever change your mind, we'll be happy to try and help guide you through the process.
In any case, this page might be able to help as well, if you need it: https://www.mediawiki.org/wiki/Help:TemplateData
Sep 7 2019
TemplateWizard allows you to insert templates into a page if they have TemplateData definition.
TemplateData extension can help you set definitions in your templates.
If you have TemplateData installed, you can add $wgTemplateDataUseGUI = true; to your LocalSettings.php and you'll see a "Manage TemplateData" button when you edit a template.
@AlgorithmGG TemplateWizard requires having TemplateData definition in each template.
Sep 6 2019
Sep 4 2019
One of the biggest issues here is that we call the hook just before we refresh the page, and that the use cases that this hook is for are working asynchronously, which means refreshing immediately after call is not going to help anything
Sep 3 2019
Sweet! I'm so glad that this is working properly and thank you for the feedback.
Aug 30 2019
I will remind everyone that we're talking about a WMF employee here.
@sbassett in that case, I just want to make sure we add to the list the fact that Anti Harassment's Tool team's work touches on blocking tools, which inherently tend to be Security tickets if any bug happens there.
Our upcoming work will involve CheckUser, which, again, almost exclusively has bugs in the security realm. For us, this is not just a matter of this being useful, but a pretty crucial part of the work, in case bugs happen in the part of the code we actively work on.
Aug 29 2019
Aug 28 2019
Aug 27 2019
Aug 23 2019
Aug 22 2019
CSSJanus Webpack plugin: https://github.com/mooeypoo/cssjanus-webpack
Aug 17 2019
While doing some experimentation, I unfortunately discovered it's not as easy to get GuidedTour to activate from the injected script; the naming conventions and the fact that it supposed to run on all pages seem to be a bit more difficult for the extension to load itself with the gains of the cookie and toggling.