I'm not active any more around the wkimedia universe. If you want to contact me, please send me an direct email (e.g. via MediaWiki)
Oct 7 2018
Since I am not active since a long time ago but this is still assigned to me I reassign it to Daimona, who is more active and has taken over the original patch.
Hope you finish it, @Daimona :)
Sep 21 2018
For all viewers of this task comming from the announcement of MediaWiki Security release of 1.27.5 / 1.29.3 / 1.30.1 / 1.31.1 (Thu, 20 Sep 2018)
Dec 1 2017
Nov 30 2017
Apr 3 2017
Apr 1 2017
Mar 23 2017
Aug 1 2016
similar to T99793. where I currently can't reproduce that bug, but instead got this output behavior.
Apr 20 2016
A quick test by repeating the request suggests that deployment-mediawiki01.deployment-prep.eqiad.wmflabs delivers for Special:Radom a blank page and deployment-mediawiki02.deployment-prep.eqiad.wmflabs correctly redirects.
Feb 19 2016
If he tries to login in repeatedly in a short period of time, then even if the password is correct the api can return "throttled".
By default this is 5 logins within 300 seconds (5 minutes). (from https://www.mediawiki.org/wiki/API:Login#Throttling ).
Feb 9 2016
Wasn't https forced already long before "28/29 Jan 2016"? Nevermind, there are locations in the vb-sourcecode where http is hardcoded. Also even if there were https, afaik there would be per default no cert validation.
This must be fixed in the old visual basic code. but the devs/Petr don't support HG2 any more.
Jan 18 2016
Jan 12 2016
@Niedzielski could you clarify if you mean the test in the app should be fixed?
Or can I assume that you are wondering why the edit goes through? This is as intended (see before) and the text in the warning message. ( "Prevent the user from performing the action in question" unchecked, "Trigger these actions after giving the user a warning" checked in the filter). Please close as invalid if resolved for you.
This isn't a issue of AbuseFilter, is it? The filter is only set to warn, not prevent any edit. So after the warning, if you resubmit it (or something for the same pagename) in the same php session again, it will go through. Doing as intended from AbuseFilter side.
Oct 19 2015
This is a problem with a local gadget https://www.wikidata.org/wiki/MediaWiki:Gadget-PopupsFix.js, not with popups itself.
Please raise this issue on Wikidata.org village pump or gadget talkpage.
Oct 13 2015
PS: A thing where I'm not sure about if this is the right thing is the argument supplied to the matcher-function. Currently it is the href-part of a link, e.g. "/wiki/Mainpage".
But the gadget works/inspects on the title-attribute of the link. Theoretically that could be modified to work on the url, but maybe there are edge cases, which require addition infos.
Ok, I try to explain what this patch aims at.
You can see that approach taken at the wikidata gadget by bene* at https://www.wikidata.org/wiki/MediaWiki:Gadget-PopupsFix.js who overwrites mw.popups.render.article.init.
Oct 12 2015
Oct 7 2015
another option would be QApplication::beep()
Sep 27 2015
Sep 26 2015
Which filter triggers the block? Google translate mentions it could be filter 41?
I can't see it because its private, but from the list entry it tags atm. I suppose blocking has been disabled.
Sep 21 2015
Note: <math> formulars on pages doesn't have to be rendered as a plain png, Extension:Math also supports MathML (browser rendering) with SVG/PNG-fallback or (removed) via MathJax (JS-library) and other modes by itself.
Extension:Math even has a user setting for that on wikimedia-wikis (I won't judge if that makes sense in context for hovercards).
Sep 20 2015
Sep 13 2015
Sep 11 2015
ok, to summarise the features requested here are:
- create edit queues based on selected tags (user config)
- take specific tags into score calculation (per project/user config)
- show edit tags under the edit summary at the top of each edit
Aug 20 2015
Aug 16 2015
See notes on changeset. (hm, somehow my annotations are off by one line)
Aug 15 2015
@Tinaj1234 This patch doesn't cover all the strings that need to be translated in the extension, right?
Aug 6 2015
Jul 15 2015
Jul 14 2015
Jul 2 2015
Jun 28 2015
May 27 2015
May 25 2015
May 24 2015
May 13 2015
readding VisualEditor: was removed without explanation and the correlation seems obvious.
Quoting from another bug, maybe dupe of (T73947: Edits via API (e.g. through VisualEditor) cause AbuseFilter to work on pre-automerged edit):
May 1 2015
This sounds like a simple JS-userscript to execute on a log page, and the API is there. Hasn't noone this idea yet or am I missing something? There is no need for a regex to clean up when it can be interpreted as json.
Apr 8 2015
Apr 6 2015
old bugs reintroduced. I'm not innocent on this one.
Are try-catch in JS code nice?
Mar 27 2015
Mar 26 2015
Mar 24 2015
related: T93319: IE9 does not show reference backlinks around the same lines of CSS.
Mar 21 2015
"[Popups] Missing property "action"" load.php:39:408 "[Popups] Value null is the wrong type for property "duration" (integer expected)" load.php:39:408
Mar 20 2015
Related to this task: Since the change I get emails from watched gerrit projects about submitted l10n changes. This wasn't before (except changes manually approved).
Is there a way to ignore L10n-bot again (particularly changes owned by l10n and submitted by jenkins)?
Mar 17 2015
Mar 13 2015
Mar 12 2015
I will post a notice about this on dewiki's blacklist. It contains a lot of common german insults and also variants of local sysops usernames, which are affected by stalking trolls.
Also enwiki has similiar cases.
So before the switch gets flipped, Glaisher's questions (which would be mine too, from above link), should be answered.
So since this is going to happen, we need a process for migrating reasonable rules from local blacklists to this one (also abusefilters which prevents usernames needs to be disabled and imported here). [...] Glaisher (talk) 12:57, 11 March 2015 (UTC)
any update here? I suspect it is still not working.
The code (module "ext.betaFeatures.popup") is there, but it isn't loaded for me for an unknown reason. Option "betafeatures-popup-disable" is unset for me.
Mar 11 2015
Mar 4 2015
SELECT up_property, up_value, COUNT(*) AS count FROM user_properties INNER JOIN accountaudit_login ON aa_user = up_user WHERE up_property LIKE "%gadget%" AND aa_lastlogin > '201404' GROUP BY up_property, up_value ORDER BY count;
(the query run in August 2014 and needed 1 min 32 sec for dewiki)