Page MenuHomePhabricator

MrStradivarius (Mr. Stradivarius)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Oct 14 2014, 11:30 AM (491 w, 6 d)
Availability
Available
IRC Nick
MrStradivarius
LDAP User
Mr. Stradivarius
MediaWiki User
Mr. Stradivarius [ Global Accounts ]

I'm Mr. Stradivarius, active on the English Wikipedia. I've been converting templates to Lua since the summer of 2013, and I have filed a few bugs in the Scribunto extension, and have even submitted a patch or two.

My profile picture is the Lady Blunt Stradivarius, named after its first known owner, Lady Anne Blunt. Lady Blunt was the daughter of Ada Lovelace, which means that the instrument is probably the geekiest Strad before the turn of the 19th century. ;) The picture is taken from Wikimedia Commons.

Recent Activity

Sep 27 2023

MSGJ awarded T71441: Feature request: add detection for disambiguation pages to Scribunto a Evil Spooky Haunted Tree token.
Sep 27 2023, 8:46 AM · Patch-Needs-Improvement, MediaWiki-extensions-Disambiguator, Scribunto

Oct 30 2022

MrStradivarius added a comment to T212071: Missing CSRF token in scribunto api console.
Oct 30 2022, 1:19 AM · User-notice-archive, MW-1.40-notes (1.40.0-wmf.5; 2022-10-10), Vuln-CSRF, SecTeam-Processed, Security, Scribunto

Feb 11 2022

MrStradivarius closed T301564: DisamAssist user script: lack of escaping in page title link as Resolved.
Feb 11 2022, 3:23 PM · JavaScript
MrStradivarius added a comment to T301564: DisamAssist user script: lack of escaping in page title link.

I have now applied the fix to all of the above pages, so I am closing this issue.

Feb 11 2022, 3:23 PM · JavaScript
MrStradivarius added a comment to T301564: DisamAssist user script: lack of escaping in page title link.

I found the following affected pages from global search:

Feb 11 2022, 3:12 PM · JavaScript
MrStradivarius created T301564: DisamAssist user script: lack of escaping in page title link.
Feb 11 2022, 3:09 PM · JavaScript

Feb 7 2022

MrStradivarius closed T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page as Resolved.
Feb 7 2022, 12:39 PM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

Ok, I have now patched all affected scripts, so I'm closing this task. Thanks everyone for your help.

Feb 7 2022, 12:38 PM · SecTeam-Processed, Security, Security-Team

Feb 6 2022

MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I found a problem with T300743-enwiki2.patch - disabling and uninstallation was broken for imports containing escaped characters, as they were searching for the unescaped script name instead of the escaped script name. I've fixed this in T300743-enwiki3.patch below. I'm confident that the patch is working properly now, so if everything looks good I will go ahead and roll it out. @Enterprisey, does this look OK to you?

Feb 6 2022, 8:03 AM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

Here's the new patch:

Feb 6 2022, 4:17 AM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

However, if you then normalise the import for that script, the gadget will then parse it from common.js without decoding it, and then double encode it when it saves the page, so you will get foo\\\'bar.js.

Feb 6 2022, 4:06 AM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I believe the line terminator characters are not allowed to be in MediaWiki page titles, so if it's not too much extra effort I'd suggest rejecting them outright (crashing or alert()'ing would be fine, the installation links would have to be severely broken anyway).

Feb 6 2022, 3:32 AM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I've tested the patch, and there is a problem with it - it breaks round tripping between the common.js and the gadget. If a script name contains a single quote like foo'bar.js, when saving it to common.js it will be escaped as foo\'bar.js, which is correct. However, if you then normalise the import for that script, the gadget will then parse it from common.js without decoding it, and then double encode it when it saves the page, so you will get foo\\\'bar.js. This will break the import, as that is a different MediaWiki page title than the original script name.

Feb 6 2022, 3:20 AM · SecTeam-Processed, Security, Security-Team

Feb 4 2022

MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I've created a patch for the enwiki gadget. @Enterprisey: how does this look to you?
I haven't tested the patch locally yet - I'll do that after work.

Feb 4 2022, 2:43 AM · SecTeam-Processed, Security, Security-Team

Feb 3 2022

MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

Thanks for making the patch. I had a look at it, and I think that the URL needs to be escaped differently, with URL encoding instead of JS string escaping. In fact, there are four different contexts here, that each require different escaping:

Feb 3 2022, 3:07 PM · SecTeam-Processed, Security, Security-Team

Feb 2 2022

MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I have global interface admin rights now, so I can patch all of the affected wikis. It will take me a little while to get the patches ready, though, and it's too late here for me to do it today.

Feb 2 2022, 3:40 PM · SecTeam-Processed, Security, Security-Team
MrStradivarius added a comment to T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.

I'm finding the following instances of the gadget using this global search query:

Feb 2 2022, 3:36 PM · SecTeam-Processed, Security, Security-Team
MrStradivarius updated the task description for T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.
Feb 2 2022, 3:19 PM · SecTeam-Processed, Security, Security-Team
MrStradivarius created T300743: XSS vulnerability in the script-installer gadget: improper escaping of page names results in users installing untrusted code into their common.js page.
Feb 2 2022, 3:13 PM · SecTeam-Processed, Security, Security-Team

Jan 12 2022

MrStradivarius added a comment to T29766: Allow loading gadget module by URL query parameter.

By default, I think gadgets should be treated as safe.

Jan 12 2022, 5:42 AM · User-notice-archive, MW-1.38-notes (1.38.0-wmf.19; 2022-01-24), Security-Team, MediaWiki-extensions-Gadgets

Jan 9 2022

MrStradivarius closed T298481: XSS vulnerability in the FormWizard default gadget on enwiki as Resolved.
Jan 9 2022, 3:06 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team
MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

I had a look with the global search tool and couldn't find any more instances, so I think we're now actually safe to close this issue. Feel free to reopen if you find any others.

Jan 9 2022, 3:05 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team
MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

@Urbanecm Yes, those all look good to me. Thank you!

Jan 9 2022, 2:56 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Jan 7 2022

MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

@Urbanecm I've made patches for the instances that @sbassett found. Could you apply these as well?

Jan 7 2022, 11:05 PM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Jan 6 2022

MrStradivarius closed T298481: XSS vulnerability in the FormWizard default gadget on enwiki as Resolved.
Jan 6 2022, 12:32 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team
MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

I think I applied all of them correctly -- can you check that please?

Jan 6 2022, 12:31 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Jan 5 2022

MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

@Urbanecm I made patches for each of the listed wikis. If you could apply them, it would be much appreciated.

Jan 5 2022, 3:12 PM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Jan 4 2022

MrStradivarius added a comment to T298481: XSS vulnerability in the FormWizard default gadget on enwiki .

Hm, it might be best if I ask for global interface admin permissions - then I can just update them all myself. I had those permissions previously for a multi-wiki maintenance task, so hopefully I will be able to get them again.

Jan 4 2022, 12:44 AM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Jan 3 2022

MrStradivarius added a project to T298481: XSS vulnerability in the FormWizard default gadget on enwiki : FormWizard-Gadget.
Jan 3 2022, 3:00 PM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team
MrStradivarius created T298481: XSS vulnerability in the FormWizard default gadget on enwiki .
Jan 3 2022, 2:58 PM · Vuln-XSS, User-Urbanecm, FormWizard-Gadget, Security, Security-Team

Nov 30 2020

RoundNutz78 awarded T99335: Sandbox link should follow redirects a 100 token.
Nov 30 2020, 2:26 AM · MediaWiki-extensions-SandboxLink

Mar 10 2018

MrStradivarius added a comment to T32750: [Epic] Ping/notify user when username used in an edit summary.

Will user subpages be included? The first of the acceptance criteria above is not clear on this point.

Mar 10 2018, 12:49 AM · User-notice-archive, Growth-Team, MW-1.31-release-notes (WMF-deploy-2018-02-27 (1.31.0-wmf.23)), Epic, Community-Wishlist-Survey-2017, Community-Tech, Collaboration-Team-Triage, Notifications, MediaWiki-Page-editing

Feb 14 2018

Liuxinyu970226 awarded T114384: Standardise procedures for deprecating public-facing code a Love token.
Feb 14 2018, 1:29 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Feb 1 2018

MrStradivarius created T186221: Scribunto converts template arguments with explicit keys of 0, -1, -2 etc. to numeric keys of frame.args.
Feb 1 2018, 2:38 PM · Scribunto

Dec 22 2016

MrStradivarius renamed T153933: OOjs-ui TextInputWidget broken if a label is supplied with labelPosition=before from OOjs-ui textInputWidget broken if a label is supplied with labelPosition=before to OOjs-ui TextInputWidget broken if a label is supplied with labelPosition=before.
Dec 22 2016, 1:33 AM · OOUI (OOjs-UI-0.19.0), Regression
MrStradivarius updated the task description for T153933: OOjs-ui TextInputWidget broken if a label is supplied with labelPosition=before.
Dec 22 2016, 1:29 AM · OOUI (OOjs-UI-0.19.0), Regression
MrStradivarius created T153933: OOjs-ui TextInputWidget broken if a label is supplied with labelPosition=before.
Dec 22 2016, 1:21 AM · OOUI (OOjs-UI-0.19.0), Regression

Dec 19 2016

MrStradivarius created T153679: Page titles on watchlist add/remove notifications use underscores, long titles run off side of page.
Dec 19 2016, 2:17 PM · Regression, MediaWiki-Watchlist

Dec 5 2016

MrStradivarius added a comment to T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png.

I just managed to delete the file using the normal web interface.

Dec 5 2016, 11:43 PM · SRE-swift-storage, Wikimedia-Site-requests
MrStradivarius closed T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png as Resolved.
Dec 5 2016, 11:43 PM · SRE-swift-storage, Wikimedia-Site-requests

Nov 1 2016

Jackmcbarn awarded T71441: Feature request: add detection for disambiguation pages to Scribunto a Dislike token.
Nov 1 2016, 12:09 AM · Patch-Needs-Improvement, MediaWiki-extensions-Disambiguator, Scribunto

Aug 23 2016

Liuxinyu970226 awarded T63993: Babel language codes should be normalised to lower case when used in categories a The World Burns token.
Aug 23 2016, 11:08 PM · MW-1.28-release (WMF-deploy-2016-08-16_(1.28.0-wmf.15)), MediaWiki-extensions-Babel

Jul 11 2016

MrStradivarius added a comment to T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png.

I'm reopening this. @Pokefan95: the issue does seem to be the same as at the other bug, but the page still needs to be deleted. That will require help from someone with access to the database, I'm guessing. I just tried to delete it again today, and it failed with the same error, so it doesn't look like waiting will help things.

Jul 11 2016, 3:47 AM · SRE-swift-storage, Wikimedia-Site-requests
MrStradivarius reopened T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png as "Open".
Jul 11 2016, 3:45 AM · SRE-swift-storage, Wikimedia-Site-requests

Jul 10 2016

MrStradivarius updated the task description for T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png.
Jul 10 2016, 6:03 AM · SRE-swift-storage, Wikimedia-Site-requests
MrStradivarius added a project to T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png: MediaWiki-File-management.
Jul 10 2016, 5:58 AM · SRE-swift-storage, Wikimedia-Site-requests
MrStradivarius added a project to T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png: MediaWiki-Page-deletion.
Jul 10 2016, 5:58 AM · SRE-swift-storage, Wikimedia-Site-requests
MrStradivarius created T139873: Can't delete en:File:Testing_protection_level_reset_on_delete_and_restore.png.
Jul 10 2016, 5:57 AM · SRE-swift-storage, Wikimedia-Site-requests

May 27 2016

MrStradivarius updated the task description for T136375: Rollback T88044 (broke rollback-related utilities).
May 27 2016, 11:16 PM · User-notice-archive, MediaWiki-Page-history, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), Patch-For-Review, Regression, MediaWiki-Page-diffs
MrStradivarius updated subscribers of T136375: Rollback T88044 (broke rollback-related utilities).
May 27 2016, 11:10 PM · User-notice-archive, MediaWiki-Page-history, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), Patch-For-Review, Regression, MediaWiki-Page-diffs
MrStradivarius added a comment to T136375: Rollback T88044 (broke rollback-related utilities).

This was also affecting my ConfirmRollback script.

May 27 2016, 11:09 PM · User-notice-archive, MediaWiki-Page-history, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), Patch-For-Review, Regression, MediaWiki-Page-diffs
MrStradivarius added a comment to T136375: Rollback T88044 (broke rollback-related utilities).

This was also affecting my ConfirmRollback script. If you have the script installed and click on a rollback link on a page that you have set to "confirm", then the script will pop up a dialog saying "Revert n edits by SomeUser?" After the change, the rollback would occur directly after the initial click on the rollback link, regardless of the dialog.

May 27 2016, 10:31 PM · User-notice-archive, MediaWiki-Page-history, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), Patch-For-Review, Regression, MediaWiki-Page-diffs
MrStradivarius updated the task description for T136375: Rollback T88044 (broke rollback-related utilities).
May 27 2016, 10:31 PM · User-notice-archive, MediaWiki-Page-history, MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), Patch-For-Review, Regression, MediaWiki-Page-diffs

Mar 22 2016

MrStradivarius added a comment to T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj?.

Could not load notifications from xxx.org. This may be caused by an ad blocker or other browser extension blocking the request.

Mar 22 2016, 9:34 AM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications

Mar 17 2016

MrStradivarius added a comment to T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj?.

I also agree with @Jay8g that it would be good to do something about the notification being stuck in the menu with no obvious way to dismiss it. If the notification could link to the proper page on the remote domain that would work, if that is possible with the current architecture. Dropping the notification after one view would also work. One of those options plus a descriptive error message would be the sweet spot for this particular issue, I think.

Mar 17 2016, 2:22 PM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications
MrStradivarius removed a project from T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj?: All-and-every-Wikisource.
Mar 17 2016, 1:56 PM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications
MrStradivarius added a comment to T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj?.

I believe this is caused by the NoScript browser extension, and you just need to whitelist the domain.

Mar 17 2016, 1:54 PM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications

Mar 13 2016

MrStradivarius renamed T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj? from Cross-wiki notifications from itwikisource: "Error Access to the remote domain was denied." to Cross-wiki notifications from Wikisource: "Error Access to the remote domain was denied.".
Mar 13 2016, 3:43 AM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications
MrStradivarius created T129764: New Error Message for "Error Access to the remote domain was denied." (echo-api-failure-cross-wiki) message and use errorObj?.
Mar 13 2016, 3:36 AM · Collaboration-Team-Triage, MW-1.28-release (WMF-deploy-2016-06-07_(1.28.0-wmf.5)), MW-1.28-release (WMF-deploy-2016-05-17_(1.28.0-wmf.2)), Patch-For-Review, Collab-Team-2016-Apr-Jun-Q4, Crosswiki, Notifications

Feb 14 2016

MrStradivarius updated subscribers of T126553: "Mobile sidebar preview" gadget on en.wp misses Toggle icon in horizontal toolbar.
Feb 14 2016, 2:41 PM · WMF-General-or-Unknown
MrStradivarius updated subscribers of T126553: "Mobile sidebar preview" gadget on en.wp misses Toggle icon in horizontal toolbar.
Feb 14 2016, 2:40 PM · WMF-General-or-Unknown

Jan 12 2016

MrStradivarius added a comment to T114384: Standardise procedures for deprecating public-facing code.

Was this topic discussed at the Summit?

Jan 12 2016, 9:35 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Jan 5 2016

MrStradivarius updated the task description for T89733: Allow ContentHandler to expose structured data to the search engine..
Jan 5 2016, 9:42 PM · MW-1.28-release-notes, TechCom-RFC (TechCom-RFC-Closed), Wikidata, Wikimedia-Developer-Summit-2016, MediaWiki-ContentHandler

Dec 27 2015

MrStradivarius added a comment to T119735: mw.wikibase.getEntity(nil) returns an entity object on Flow page preview, but nil on page save.

I don't think there's anything we can do in Wikibase to "fix" this and I'm not sure Flow should mess with the title used for parsing either. It might be a good idea to also use a random Topic: namespace title during comment previews in flow, but despite of that, I don't think this is actionable. Wontfix?

Dec 27 2015, 11:23 AM · Growth-Team-Filtering, Growth-Team, Wikibase-Lua, MediaWiki-extensions-WikibaseClient, Wikidata, Scribunto, StructuredDiscussions

Dec 20 2015

MrStradivarius created T121994: Signpost notification displaying unwanted pre tags.
Dec 20 2015, 2:09 AM · MW-1.27-release (WMF-deploy-2016-01-12_(1.27.0-wmf.10)), Regression, Patch-For-Review, Collaboration-Team-Archive-2015-2016, Notifications

Dec 10 2015

MrStradivarius created T121085: mw.text.unstripNoWiki also unstrips <math> tags.
Dec 10 2015, 8:35 AM · Scribunto

Nov 27 2015

MrStradivarius renamed T119735: mw.wikibase.getEntity(nil) returns an entity object on Flow page preview, but nil on page save from Flow: A lua error during preview but not after saving to mw.wikibase.getEntity(nil) returns an entity object on Flow page preview, but nil on page save.
Nov 27 2015, 8:57 AM · Growth-Team-Filtering, Growth-Team, Wikibase-Lua, MediaWiki-extensions-WikibaseClient, Wikidata, Scribunto, StructuredDiscussions
MrStradivarius added a project to T119735: mw.wikibase.getEntity(nil) returns an entity object on Flow page preview, but nil on page save: MediaWiki-extensions-WikibaseClient.
Nov 27 2015, 8:52 AM · Growth-Team-Filtering, Growth-Team, Wikibase-Lua, MediaWiki-extensions-WikibaseClient, Wikidata, Scribunto, StructuredDiscussions
MrStradivarius added a comment to T119735: mw.wikibase.getEntity(nil) returns an entity object on Flow page preview, but nil on page save.

The direct cause of this error message is the logic in d:Module:Property documentation. On line 262 it assumes that the global variable id exists if the Wikibase entity returned by mw.wikibase.getEntity also exists on line 257. However, if no id is supplied as an argument to the module, the module is not invoked in the "Property talk" namespace, and mw.wikibase.getEntity(nil) returns the entity for the current page, then the id variable will be nil, and the Wikibase entity will exist. This will result in the error that you saw when the module tries to concatenate id to the URL string in line 262.

Nov 27 2015, 8:51 AM · Growth-Team-Filtering, Growth-Team, Wikibase-Lua, MediaWiki-extensions-WikibaseClient, Wikidata, Scribunto, StructuredDiscussions
MrStradivarius added a member for MediaWiki-extensions-Lua: MrStradivarius.
Nov 27 2015, 7:27 AM

Nov 19 2015

MrStradivarius added a comment to T118977: frame:preprocess does not work when module is called with subst:.

You need to put safesubst in the template you are trying to substitute as well. In Vorlage:en, change {{#if:{{{nolink|}}}|Englisch|[[Englisch]]}} to {{<includeonly>safesubst:</includeonly>#if:{{{nolink|}}}|Englisch|[[Englisch]]}}, and it should work.

Nov 19 2015, 1:30 PM · Scribunto
MrStradivarius added a comment to T118977: frame:preprocess does not work when module is called with subst:.

To add to what Anomie and Jackmcbarn said, if you do need to use frame:preprocess with both substitution and transclusion, you can use safesubst. For example, frame:preprocess( '{{safesubst:Test}}' ) will always get you the expanded {{Test}} template.

Nov 19 2015, 8:38 AM · Scribunto

Nov 12 2015

MrStradivarius added a comment to T14974: The newline added to a template, magic word, variable, or parser function that returns line-start wikicode formatting (*#:; {|) causes unexpected parsing.

I'm just saying that you can't "fix this bug" without fixing the content first.

Nov 12 2015, 4:40 AM · Epic, MediaWiki-Parser

Nov 5 2015

MrStradivarius added a comment to T114384: Standardise procedures for deprecating public-facing code.

This task is mainly about agreeing on expectations on the developers changing APIs, right?

Nov 5 2015, 6:42 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius updated the task description for T114384: Standardise procedures for deprecating public-facing code.
Nov 5 2015, 5:30 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a subtask for T114384: Standardise procedures for deprecating public-facing code: T35355: Provide interface for gadget usage statistics.
Nov 5 2015, 5:29 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a parent task for T35355: Provide interface for gadget usage statistics: T114384: Standardise procedures for deprecating public-facing code.
Nov 5 2015, 5:29 AM · JavaScript, MediaWiki-Special-pages
MrStradivarius added a comment to T35355: Provide interface for gadget usage statistics.

(In reply to comment #5)

Well, if we're talking about a new feature. Then I don't think there's a need
to support user scripts (if that's possible in a good way at all).

If you're referring to /* [[links]] */ and Special:WhatLinksHere.. well, I'd say keep
using that until gadgets are the common way for creating scripts.

Nov 5 2015, 5:28 AM · JavaScript, MediaWiki-Special-pages
MrStradivarius updated the task description for T117836: Link and cite explanations overlapped by template selections at the top of articles.
Nov 5 2015, 2:23 AM · VisualEditor
MrStradivarius created T117836: Link and cite explanations overlapped by template selections at the top of articles.
Nov 5 2015, 2:21 AM · VisualEditor

Oct 27 2015

Nnemo awarded T114736: Edit conflict on page move on enwiki results in loss of user input a Pterodactyl token.
Oct 27 2015, 12:07 PM · MediaWiki-Page-editing

Oct 26 2015

Johan awarded T114384: Standardise procedures for deprecating public-facing code a Love token.
Oct 26 2015, 10:01 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Oct 25 2015

MrStradivarius updated the task description for T116532: The key shown in the "Cite error references duplicate key" error message contains underscores instead of spaces.
Oct 25 2015, 1:33 PM · Cite
MrStradivarius created T116532: The key shown in the "Cite error references duplicate key" error message contains underscores instead of spaces.
Oct 25 2015, 1:25 PM · Cite

Oct 14 2015

Ckoerner awarded T114384: Standardise procedures for deprecating public-facing code a Like token.
Oct 14 2015, 2:50 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Oct 13 2015

MrStradivarius moved T115341: Create a standard timetable for deprecating public-facing code across all WMF projects from To Triage to Not ready to announce on the User-notice board.
Oct 13 2015, 3:48 PM · Community-Tech (2015-2017), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius updated the task description for T114384: Standardise procedures for deprecating public-facing code.
Oct 13 2015, 3:47 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a parent task for T115341: Create a standard timetable for deprecating public-facing code across all WMF projects: T114384: Standardise procedures for deprecating public-facing code.
Oct 13 2015, 3:46 PM · Community-Tech (2015-2017), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a subtask for T114384: Standardise procedures for deprecating public-facing code: T115341: Create a standard timetable for deprecating public-facing code across all WMF projects.
Oct 13 2015, 3:46 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius created T115341: Create a standard timetable for deprecating public-facing code across all WMF projects.
Oct 13 2015, 3:45 PM · Community-Tech (2015-2017), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius updated the task description for T114384: Standardise procedures for deprecating public-facing code.
Oct 13 2015, 1:33 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a comment to T114384: Standardise procedures for deprecating public-facing code.

The procedure for api.php deprecation and updates is documented at https://www.mediawiki.org/wiki/Requests_for_comment/API_roadmap (could be moved to a better page I suppose).

Oct 13 2015, 1:31 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius added a comment to T114384: Standardise procedures for deprecating public-facing code.

At the Developer Summit, we should decide whether...

In order to reach to such decision at the Summit, what would need to start being discussed now?

Oct 13 2015, 1:07 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Oct 8 2015

Aklapper awarded T114384: Standardise procedures for deprecating public-facing code a Love token.
Oct 8 2015, 11:56 AM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Oct 6 2015

MrStradivarius added a project to T114736: Edit conflict on page move on enwiki results in loss of user input: MediaWiki-General.
Oct 6 2015, 6:38 AM · MediaWiki-Page-editing
MrStradivarius created T114736: Edit conflict on page move on enwiki results in loss of user input.
Oct 6 2015, 6:38 AM · MediaWiki-Page-editing

Oct 1 2015

Ricordisamoa awarded T114384: Standardise procedures for deprecating public-facing code a Love token.
Oct 1 2015, 9:44 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius claimed T114384: Standardise procedures for deprecating public-facing code.
Oct 1 2015, 4:53 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice
MrStradivarius created T114384: Standardise procedures for deprecating public-facing code.
Oct 1 2015, 4:32 PM · Release-Engineering-Team (Radar), WMF-Product-Development-Process-2015, MediaWiki-Action-API, Developer-Advocacy, User-notice

Sep 24 2015

MrStradivarius added a comment to T108566: Non-finalised input is added to the document when using the Anthy Japanese IME with VisualEditor.

At the moment our undo grouping is completely time based. Other editors appear to be at least partially based on wordbreaks, e.g. undo deletes words at a time. That could help with 1.

Sep 24 2015, 3:25 PM · VisualEditor-ContentLanguage, VisualEditor