Page MenuHomePhabricator

ashley (Jack Phoenix)
Senior Software Developer

Projects (50)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Oct 4 2014, 1:59 PM (300 w, 3 d)
Availability
Available
IRC Nick
ashley
LDAP User
Jack Phoenix
MediaWiki User
Jack Phoenix [ Global Accounts ]

I've been developing MediaWiki since 2008, maintaining social tools as well as a few other extensions and skins.

Since 2013 I've had +2 rights to mediawiki/skins/* repositories.

I'm also a staff member at ShoutWiki, a wiki hosting service.

Recent Activity

Today

ashley committed rECPG0f1c568e3ac1: Remove unused $passCaptcha variable from CreatePageMultiEditor.php (authored by ashley).
Remove unused $passCaptcha variable from CreatePageMultiEditor.php
Tue, Jul 7, 1:22 PM

Tue, Jun 30

ashley closed T162571: Separate Dusk CSS into separate ResourceLoader modules, a subtask of T162568: [GOAL] Separate CSS in skin repositories into their own proper ResourceLoader modules , as Resolved.
Tue, Jun 30, 2:32 PM · Goal, Performance Issue, Technical-Debt, CSS, Other-skins
ashley closed T162571: Separate Dusk CSS into separate ResourceLoader modules as Resolved.

Mostly (though not completely) resolved by the aforementioned patch, hence closing this task.

Tue, Jun 30, 2:32 PM · Dusk, Performance Issue, Technical-Debt, CSS

Sun, Jun 28

ashley closed T248385: Information leak and other bad stuff in SocialProfile's ApiUserProfilePrivacy as Resolved.

Yeah, this was fixed back in March.

Sun, Jun 28, 4:29 PM · Social-Tools, Vuln-Infoleak, SocialProfile, Security, Security-Team
ashley closed T237704: Favorites: No such action on &action=favorite as Resolved.

I guess this is now resolved since I merged the patch earlier this month.

Sun, Jun 28, 3:21 PM · User-Zoranzoki21, MediaWiki-extensions-Other
ashley updated subscribers of T256566: Provide a polyfill for Object.values in core for IE compatibility.
Sun, Jun 28, 11:46 AM · MediaWiki-ResourceLoader, Performance-Team, Patch-For-Review, User-DannyS712, JavaScript
ashley created T256566: Provide a polyfill for Object.values in core for IE compatibility.
Sun, Jun 28, 11:39 AM · MediaWiki-ResourceLoader, Performance-Team, Patch-For-Review, User-DannyS712, JavaScript

Wed, Jun 24

ashley closed T255943: Call to private Comment::__construct() from context 'CommentsPage' as Resolved.

As we discussed on IRC, this was apparently caused by an incompatibility between Comments and MediaWiki-extensions-CommentStreams, for the constructor method for Comments' Comment class was, is, has always been and remains public. Your CommentStreams patch hopefully addressed this incompatibility in an adequate manner.

Wed, Jun 24, 5:43 AM · Comments, Social-Tools

Tue, Jun 16

ashley committed rEPGAb0155d76d6df: Stop using the SkinTemplateNavigation::SpecialPage hook in favor of the… (authored by ashley).
Stop using the SkinTemplateNavigation::SpecialPage hook in favor of the…
Tue, Jun 16, 7:16 PM

Sat, Jun 13

ashley committed rEPGA3b086c4c0298: Unbreak picture game creation (authored by ashley).
Unbreak picture game creation
Sat, Jun 13, 3:54 PM

Fri, Jun 12

ashley added a subtask for T248390: Better NoJS support: T165712: SocialProfile: Pressing the "cancel" button when asked if the end-user is sure they want to remove a specific user from friends list doesn't do anything.
Fri, Jun 12, 8:19 PM · JavaScript, Social-Tools
ashley added a parent task for T165712: SocialProfile: Pressing the "cancel" button when asked if the end-user is sure they want to remove a specific user from friends list doesn't do anything: T248390: Better NoJS support.
Fri, Jun 12, 8:19 PM · JavaScript, Social-Tools, SocialProfile
ashley merged T194985: consider getting rid of $wgUseTwoButtonsSearchForm into T42622: Deprecate and remove $wgUseTwoButtonsSearchForm from core.
Fri, Jun 12, 8:11 PM · MW-1.35-notes (1.35.0-wmf.39; 2020-06-30), MediaWiki-Core-Skin-Architecture, Design, MediaWiki-Interface
ashley merged task T194985: consider getting rid of $wgUseTwoButtonsSearchForm into T42622: Deprecate and remove $wgUseTwoButtonsSearchForm from core.
Fri, Jun 12, 8:11 PM · Nostalgia, Gamepress, DuskToDawn, Bouquet, MonoBook, CologneBlue, Modern, MediaWiki-Interface
ashley closed T238202: Message "apihelp-blogpage-param-pageName" should be in lowercase as Resolved.

The whole API module was removed in 6b108f850027baa93ba3bc7109e9671bc6f2271b so thus the message is also gone.

Fri, Jun 12, 8:08 PM · Social-Tools, BlogPage
ashley committed rESPR467b9a21dce2: Correct SQL file name (authored by ashley).
Correct SQL file name
Fri, Jun 12, 12:39 AM
ashley closed T255218: Could not open "UserProfile/sql/patches/drop-up_id.sql" as Resolved.

Thanks for the bug report & fix! I've submitted it to the repository & merged the change.

Fri, Jun 12, 12:20 AM · Social-Tools, SocialProfile

Tue, Jun 9

ashley added a comment to T254835: rev_user and rev_user_text == NULL in wmf_raw.mediawiki_revision.

Can't speak for the WMF's analytics setup etc. but in general mw:Actor migration is a thing, so yes, attempting to use rev_user and/or rev_user_text would indeed result in NULLs. You'll need to JOIN the actor table (and for the time being, the revision_actor_temp table as well).

Tue, Jun 9, 8:22 AM · Analytics
ashley closed T254730: Comments not working on 1.34.1 as Invalid.

Update Comments and/or SocialProfile and/or any and all other Social-Tools to their latest version (master, not REL1_34 or any other release branch version! See social tools' MW compatibility policy for details.) Comments hasn't referenced SocialProfile's user_stats' stats_user_id field since late January 2020 (7c9a27d996aa27b3cb7669c28b96784e19ff3dd6).

Tue, Jun 9, 8:19 AM · Comments, Social-Tools

Jun 6 2020

ashley committed rECPG16b7ba6affac: Pre-1.34 versions of MediaWiki aren't supported (authored by ashley).
Pre-1.34 versions of MediaWiki aren't supported
Jun 6 2020, 6:43 PM

Jun 5 2020

ashley committed rESPR0858807bcae1: Fix issue where the board msg would be sent twice if sent via Special:UserBoard? (authored by ashley).
Fix issue where the board msg would be sent twice if sent via Special:UserBoard?
Jun 5 2020, 12:18 AM

Jun 3 2020

ashley added a comment to T253783: [EPIC] Deprecate SkinTemplateToolboxEnd hook in favor of SidebarBeforeOutput hook.

SkinTemplateToolboxEnd is super legacy and basically all even remotely maintained code uses BaseTemplateToolbox instead. That being said, almost (if not) all skins implement SkinTemplateToolboxEnd currently, so we should remove that technical debt from all other skins as well while at it.

Jun 3 2020, 2:04 AM · Technical-Debt (Deprecation process), MW-1.35-notes (1.35.0-wmf.37; 2020-06-16), MW-1.35-release, MediaWiki-Core-Skin-Architecture

Jun 1 2020

ashley committed rESPR706ac666acc3: Fix accepting/rejecting friends on Special:ViewRelationshipsRequests w/ JS… (authored by ashley).
Fix accepting/rejecting friends on Special:ViewRelationshipsRequests w/ JS…
Jun 1 2020, 8:58 PM
ashley committed rESPRa1e5ca8f85ff: Fix removing friends (authored by ashley).
Fix removing friends
Jun 1 2020, 7:42 PM

May 28 2020

ashley created T253867: PHP Notice: Undefined variable: content in ../includes/page/WikiPage.php on line 3916 (L3825 on REL1_34).
May 28 2020, 1:58 PM · MediaWiki-Core-Hooks
ashley committed rEMCOe1401dbbe0b2: Fix fatal: "Call to undefined method MediaWiki\Revision\RevisionStore::getSlot… (authored by ashley).
Fix fatal: "Call to undefined method MediaWiki\Revision\RevisionStore::getSlot…
May 28 2020, 11:09 AM

May 26 2020

ashley committed rEMCOd0fd57d6ce21: Replace call to deprecated (in MW 1.32) Revision::getRevisionText() (authored by ashley).
Replace call to deprecated (in MW 1.32) Revision::getRevisionText()
May 26 2020, 2:44 PM

May 25 2020

ashley added a comment to T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.

Alright, with the aforementioned patch being reviewed and merged, all that's left here is to close this task and make it public. Could someone do that, please?

May 25 2020, 11:16 PM · Social-Tools, PollNY, Security, Security-Team
ashley committed rERICc74bd74013c0: Convert $wgMemc use to WANObjectCache, require MW 1.34+ & minor cleanup (authored by ashley).
Convert $wgMemc use to WANObjectCache, require MW 1.34+ & minor cleanup
May 25 2020, 1:35 AM
ashley committed rERGU30b5917240a9: Convert $wgMemc use to WANObjectCache (authored by ashley).
Convert $wgMemc use to WANObjectCache
May 25 2020, 1:35 AM

May 24 2020

ashley committed rENOWfd78155a5bbe: Convert $wgMemc use to WANObjectCache (authored by ashley).
Convert $wgMemc use to WANObjectCache
May 24 2020, 11:51 PM
ashley committed rENSUe1b294fe5ce7: Convert $wgMemc use to WANObjectCache (authored by ashley).
Convert $wgMemc use to WANObjectCache
May 24 2020, 11:27 PM
ashley committed rEPGAbc9e3eef7858: Convert $wgMemc use to WANObjectCache (authored by ashley).
Convert $wgMemc use to WANObjectCache
May 24 2020, 11:06 PM
ashley committed rEIMRef0296155750: Convert $wgMemc use to WANObjectCache (authored by ashley).
Convert $wgMemc use to WANObjectCache
May 24 2020, 10:45 PM

May 23 2020

ashley added a comment to T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.


Proposed patch, which also contains parts of T248390: Better NoJS support for PollNY because splitting them up would've been quite a pain.

May 23 2020, 10:58 PM · Social-Tools, PollNY, Security, Security-Team

May 22 2020

ashley committed rESPR7cc4ed03601b: Better no-JS support (authored by ashley).
Better no-JS support
May 22 2020, 7:34 PM
ashley added a comment to T253249: Visiting the user page of an IP address causes fatal error.

Should be mitigated by 8e46a284bd7d80c3d2a09d2db1064144cb1767f0 (already merged a few days ago), but please check.

May 22 2020, 10:17 AM · Social-Tools, SocialProfile

May 18 2020

ashley committed rESPR8e46a284bd7d: Fix viewing of anons' User: pages by ensuring that an IP address is never… (authored by ashley).
Fix viewing of anons' User: pages by ensuring that an IP address is never…
May 18 2020, 9:53 AM

May 16 2020

ashley committed rESPRd6e0286ff4f0: Rename BoardBlast error message keys to indicate they won't be JS-only in the… (authored by ashley).
Rename BoardBlast error message keys to indicate they won't be JS-only in the…
May 16 2020, 5:23 PM

May 1 2020

ashley committed rESPR4fee9afb8eab: Fix up namespacing (authored by ashley).
Fix up namespacing
May 1 2020, 6:16 PM

Apr 13 2020

ashley updated subscribers of T250033: SocialProfile prevents display of GlobalUserPage.

This is sorta "by design", although I do agree that this is a valid feature request/bug report.

Apr 13 2020, 11:49 AM · User-RhinosF1, SocialProfile, Social-Tools, GlobalUserPage

Mar 30 2020

ashley added a comment to T248651: 20% of hooks appear to be unused.

I'd like to propose keeping some of these hooks, at least:

Mar 30 2020, 9:04 PM · MediaWiki-Core-Hooks, Technical-Debt

Mar 29 2020

ashley added a comment to T248764: Archive the EnhanceContactForm extension.

For what it's worth, I don't think it's a good practise to archive extensions without ever contacting their maintainer(s)/author(s), especially as in this case the maintainer/author -- me -- still happens to be around.

Mar 29 2020, 1:16 PM · translatewiki.net, MediaWiki-extensions-Other, Wikimedia-GitHub, Repository-Admins, Projects-Cleanup
ashley added a comment to T248781: Remove Special:Lockdb and Special:Unlockdb from MediaWiki core.

I'm aware of $wgReadOnly and such; what I'm not aware of is how exactly its existence obsoletes the very useful special pages. At ShoutWiki we regularly use those special pages for locking and unlocking wikis, as using an on-wiki special page does not require server access and it's thus theoretically possible to even create a user group which can (only) lock wikis without giving the relevant users server access. (Plus, let's be fair, even if you do have SSH access, special pages are so much easier to use for tasks like these.)

Mar 29 2020, 12:56 PM · MediaWiki-extension-requests, MediaWiki-Special-pages
ashley added a comment to T248764: Archive the EnhanceContactForm extension.

Uhh, wait what? Why?

Mar 29 2020, 12:41 PM · translatewiki.net, MediaWiki-extensions-Other, Wikimedia-GitHub, Repository-Admins, Projects-Cleanup
ashley added a comment to T248781: Remove Special:Lockdb and Special:Unlockdb from MediaWiki core.

They are long deprecated feature.

[citation needed]

Mar 29 2020, 12:40 PM · MediaWiki-extension-requests, MediaWiki-Special-pages

Mar 26 2020

ashley claimed T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.
Mar 26 2020, 1:55 PM · Social-Tools, PollNY, Security, Security-Team
ashley created T248583: PollNY: Classic CSRF in Special:CreatePoll & Special:UpdatePoll + API module.
Mar 26 2020, 1:55 PM · Social-Tools, PollNY, Security, Security-Team

Mar 25 2020

ashley reopened T240791: Convert CreateAPage to use extension registration, a subtask of T98668: Convert all extensions and skins on gerrit to use extension registration, as Open.
Mar 25 2020, 2:33 AM · Patch-For-Review, Google-Code-in-2019, Google-Code-in-2018, User-Zoranzoki21, MediaWiki-extensions-General, Goal, MediaWiki-Configuration
ashley reopened T240791: Convert CreateAPage to use extension registration as "Open".

Reopening since the task itself is very much valid and something that should eventually be done, though it isn't quite as simple as "just run convertExtensionToRegistration.php on it and commit the result" since the AJAX code (/includes/specials/SpecialCreatePage_ajax.php) needs to be rewritten as API modules, given that extension registration intentionally does not support setting $wgAjaxExportList in an extension.json file.

Mar 25 2020, 2:33 AM · MediaWiki-extensions-Other

Mar 24 2020

ashley committed rESPRa6ea1107cdbc: [SECURITY] Don't allow spoofing the user in profile visibility API module (authored by ashley).
[SECURITY] Don't allow spoofing the user in profile visibility API module
Mar 24 2020, 11:51 PM
ashley created T248390: Better NoJS support.
Mar 24 2020, 2:13 PM · JavaScript, Social-Tools
ashley claimed T248385: Information leak and other bad stuff in SocialProfile's ApiUserProfilePrivacy.
Mar 24 2020, 12:08 PM · Social-Tools, Vuln-Infoleak, SocialProfile, Security, Security-Team
ashley created T248385: Information leak and other bad stuff in SocialProfile's ApiUserProfilePrivacy.
Mar 24 2020, 12:07 PM · Social-Tools, Vuln-Infoleak, SocialProfile, Security, Security-Team

Mar 23 2020

ashley committed rESPR0d2711697bc1: UserRelationship: fix E_NOTICE about undefined property (authored by ashley).
UserRelationship: fix E_NOTICE about undefined property
Mar 23 2020, 9:46 PM
ashley committed rESPR9d54fdec3411: UserRelationship: fix undefined variable after adding a foe/friend (authored by ashley).
UserRelationship: fix undefined variable after adding a foe/friend
Mar 23 2020, 9:38 PM
ashley committed rESPRc8c61d6f73da: UserGifts: move hardcoded string from JS file to i18n file(s) (authored by ashley).
UserGifts: move hardcoded string from JS file to i18n file(s)
Mar 23 2020, 7:58 PM

Mar 18 2020

ashley closed T247807: Can't post comments, 1.31.5 LTS as Declined.

Per mw:Social tools/MediaWiki compatibility, the only supported combination is latest stable version of MediaWiki + master version of the desired social tools; any and all other combinations, including whatever you're trying to do here, are unsupported. Sorry. Please upgrade to MediaWiki 1.34 and try installing the master version of Comments and it should work. If not, please file a new bug.

Mar 18 2020, 12:16 AM · Social-Tools, Comments

Mar 15 2020

ashley committed rEIMR79535065dccb: The message is already always called with ->parse() so just use wikitext… (authored by ashley).
The message is already always called with ->parse() so just use wikitext…
Mar 15 2020, 11:46 AM

Mar 14 2020

ashley committed rESPR8f447f133432: No more raw HTML in SystemGifts' i18n messages! (authored by ashley).
No more raw HTML in SystemGifts' i18n messages!
Mar 14 2020, 12:38 AM

Mar 13 2020

ashley added a comment to T154078: Gerrit group creation request: Create group for Social-Tools.

@ashley if this is still desired (per above comment), should it still be stalled?

I'm not sure why this seemingly simple request has now taken 3+ years to be completed, frankly. I'd have done this myself years ago but to the extent that I'm aware of, I don't have the relevant access rights to create these kind of groups. That being said, my comment from 2018 is still as relevant now as it was when I originally posted it, for better or for worse.

Mar 13 2020, 1:33 AM · Social-Tools, Gerrit

Mar 11 2020

ashley closed T217871: spamRegexList#deleteFromList is suspectible to CSRF as Resolved.

You might want to use the error code sessionfailure for the case the token doesn't match.

Otherwise this looks good.

Mar 11 2020, 7:45 AM · Security, SpamRegex
ashley committed rESRX3dae67662a0e: [SECURITY] Fix CSRF in spamRegexList#deleteFromList by adding token checks (authored by ashley).
[SECURITY] Fix CSRF in spamRegexList#deleteFromList by adding token checks
Mar 11 2020, 12:35 AM

Mar 10 2020

ashley committed rESPR8bcd5b1619cf: Fix edit counters for good (authored by ashley).
Fix edit counters for good
Mar 10 2020, 11:16 PM
ashley closed T247184: Undefined property: stdClass::$rev_actor as Resolved.

Should now be fixed in master, please upgrade your copy of SocialProfile. Thanks for reporting the bug and thanks to @Bawolff for pinging me about the MW.org thread and reviewing the patch!

Mar 10 2020, 10:55 PM · Social-Tools, SocialProfile
ashley moved T217871: spamRegexList#deleteFromList is suspectible to CSRF from Backlog to Bugs on the SpamRegex board.
Mar 10 2020, 10:23 PM · Security, SpamRegex
ashley updated subscribers of T217871: spamRegexList#deleteFromList is suspectible to CSRF.

cc @Bawolff for CR

Mar 10 2020, 10:22 PM · Security, SpamRegex

Mar 4 2020

ashley added a comment to T246816: User Board messages are showing up on anybody's profile.

Thanks for the report, this should now be fixed in master; can you update your copy and see if I'm correct & then close this task if so?

Mar 4 2020, 2:50 AM · Social-Tools, SocialProfile

Mar 3 2020

ashley committed rESPR4da2d5deae96: Fix issue with board messages displaying incorrectly on wrong users' profiles (authored by ashley).
Fix issue with board messages displaying incorrectly on wrong users' profiles
Mar 3 2020, 11:21 PM

Feb 28 2020

ashley added a comment to T246408: Video undeletion hook is non-functional.

Hi Tim, thanks for taking the time to report this!

Feb 28 2020, 10:28 PM · Video (non-WMF), Social-Tools

Feb 27 2020

ashley committed rESPR0073627d6231: SystemGifts: add i18n message documentation (authored by ashley).
SystemGifts: add i18n message documentation
Feb 27 2020, 1:27 PM
ashley committed rESPR27c3c4d7cb6a: UserStats: add i18n message documentation (authored by ashley).
UserStats: add i18n message documentation
Feb 27 2020, 12:49 PM
ashley added a comment to T242679: SocialProfile needs uses of global $wgUser removed.

@ashley I was going to update UserProfile::getProfileComplete to accept a user as a parameter as part 4, but it doesn't seem to have any calls: https://codesearch.wmflabs.org/search/?q=getProfileComplete&i=nope&files=&repos=
Is it safe to remove?

getProfileComplete was originally used by various ArmchairGM skins; as the current documentation notes, it is indeed unused currently but, I quote, "looks useful enough to be kept around". You should be able to swap the global $wgUser to $this->user in that method to update it to have the global removed since it's not a static method.

Feb 27 2020, 12:09 PM · User-DannyS712, Social-Tools, SocialProfile, Technical-Debt

Feb 26 2020

ashley committed rESPR80ddfbab74ac: UserRelationship: add i18n message documentation (authored by ashley).
UserRelationship: add i18n message documentation
Feb 26 2020, 3:51 PM

Feb 25 2020

Jdlrobson awarded T246135: Don't flat-out hide *all* checkboxes on Special:CreateAccount when you only want to hide the "keep me logged in" checkbox a Like token.
Feb 25 2020, 11:21 PM · Readers-Web-Backlog (Kanbanana-2019-20-Q3), MW-1.35-notes (1.35.0-wmf.26; 2020-03-31), Patch-For-Review, NewSignupPage, MinervaNeue (3rd party support)
ashley committed rESPRf16ac0d391eb: Add a bunch of "does the old field even exist?" checks to the actor migration… (authored by ashley).
Add a bunch of "does the old field even exist?" checks to the actor migration…
Feb 25 2020, 10:22 PM
ashley committed rESPRc1e4f822dd16: UserProfile: add i18n message documentation (authored by ashley).
UserProfile: add i18n message documentation
Feb 25 2020, 10:09 PM
ashley committed rESPR6ff5646a12d1: Fix up the wording of the "action-populate-user-profiles" i18n msg (authored by ashley).
Fix up the wording of the "action-populate-user-profiles" i18n msg
Feb 25 2020, 10:04 PM
ashley committed rESPR502ce9dd45b9: UserBoard: add i18n message documentation (authored by ashley).
UserBoard: add i18n message documentation
Feb 25 2020, 7:50 PM
ashley created T246135: Don't flat-out hide *all* checkboxes on Special:CreateAccount when you only want to hide the "keep me logged in" checkbox.
Feb 25 2020, 5:59 PM · Readers-Web-Backlog (Kanbanana-2019-20-Q3), MW-1.35-notes (1.35.0-wmf.26; 2020-03-31), Patch-For-Review, NewSignupPage, MinervaNeue (3rd party support)
ashley committed rESPRf5f9164a1ced: UserGifts: add i18n message documentation (authored by ashley).
UserGifts: add i18n message documentation
Feb 25 2020, 2:39 PM
ashley committed rESPRc64b36990460: UserGifts: remove unused i18n msg key g-give-list-select, only g-select-a… (authored by ashley).
UserGifts: remove unused i18n msg key g-give-list-select, only g-select-a…
Feb 25 2020, 2:38 PM
ashley committed rESPReb75592417e5: No more raw HTML in UserWelcome's i18n messages! (authored by ashley).
No more raw HTML in UserWelcome's i18n messages!
Feb 25 2020, 2:33 PM
ashley committed rESPR56076569e274: No more raw HTML in UserRelationship's i18n messages! (authored by ashley).
No more raw HTML in UserRelationship's i18n messages!
Feb 25 2020, 2:16 PM
ashley committed rESPRb806295e76aa: No more raw HTML in UserGifts' i18n messages! (authored by ashley).
No more raw HTML in UserGifts' i18n messages!
Feb 25 2020, 2:16 PM
ashley committed rESPR5769a5897039: Fix viewing of private user board messages on Special:UserBoard (authored by ashley).
Fix viewing of private user board messages on Special:UserBoard
Feb 25 2020, 2:07 PM
ashley committed rESPR54c84ae47650: Fix E_NOTICE about undefined indexes on Special:SendBoardBlast (authored by ashley).
Fix E_NOTICE about undefined indexes on Special:SendBoardBlast
Feb 25 2020, 2:03 PM
ashley committed rESPR2d62112eabce: Use wikitext parsing instead of full HTML parsing in the 'user-board-login… (authored by ashley).
Use wikitext parsing instead of full HTML parsing in the 'user-board-login…
Feb 25 2020, 1:57 PM

Feb 23 2020

ashley committed rESPR3cddc75f88eb: Fix E_NOTICE about undefined indexes on Special:GiveGift with the gift_id URL… (authored by ashley).
Fix E_NOTICE about undefined indexes on Special:GiveGift with the gift_id URL…
Feb 23 2020, 3:12 AM

Feb 20 2020

ashley committed rESPRde776d2faa00: Documentation tweak to make CI slightly happier (authored by ashley).
Documentation tweak to make CI slightly happier
Feb 20 2020, 11:11 PM
ashley closed T202272: Special:ToggleUserPage should require a POST submit to perform changes as Resolved.
Feb 20 2020, 3:14 PM · Social-Tools, SocialProfile
ashley closed T242689: SocialProfile: classic CSRF (no token check) in various special pages which perform write actions as Resolved.

Now fixed in https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/SocialProfile/+/573580/ , thanks to @Legoktm for the +2. :)

Feb 20 2020, 3:14 PM · Security, Social-Tools, Vuln-CSRF, SocialProfile, Security-Team
ashley added a comment to T242679: SocialProfile needs uses of global $wgUser removed.

@ashley is actor support for SocialProfile done?

Largely done, yes; ditto for other social tools, naturally. I'm keeping the task open for a little while longer in case if some issues resulting from the actor patch still pop up. If there's code you wish to commit, please feel free to! The actor work is no longer blocking anything, even if I'm keeping the ticket open.

Feb 20 2020, 3:12 PM · User-DannyS712, Social-Tools, SocialProfile, Technical-Debt
ashley committed rESPR824bc59fe9b0: [SECURITY] Add token checks to prevent CSRF to various places which do write… (authored by ashley).
[SECURITY] Add token checks to prevent CSRF to various places which do write…
Feb 20 2020, 3:03 PM

Feb 18 2020

ashley updated subscribers of T110655: Extension HitCounters: Add PostgreSQL support.

@ashley Thanks a ton for authoring the change.

Feb 18 2020, 9:58 PM · PostgreSQL, Regression, MediaWiki-extensions-HitCounters

Feb 17 2020

ashley updated subscribers of T242689: SocialProfile: classic CSRF (no token check) in various special pages which perform write actions.

cc'ing @Bawolff for some thoughts as I'd like to get this merged during February.

Feb 17 2020, 11:46 AM · Security, Social-Tools, Vuln-CSRF, SocialProfile, Security-Team

Feb 16 2020

ashley created T245363: AbuseFilterBypass GitHub mirror: Switch master as the default branch, remove the dev branch entirely.
Feb 16 2020, 3:54 PM · User-MarcoAurelio, Repository-Admins, Wikimedia-GitHub
ashley committed rESPR0ffd65bf49f2: Fix QuizGame integration in UserProfilePage to not refer to the now-dropped… (authored by ashley).
Fix QuizGame integration in UserProfilePage to not refer to the now-dropped…
Feb 16 2020, 3:43 PM

Feb 9 2020

ashley closed T244656: Trying to play QuizGame on a Miraheze Wiki, you can't get past the "Loading" display as Invalid.

This was fixed by 46a13167e125e7dbaaef6004485612c425fe4e3b a while ago. Miraheze should update their version of QuizGame (and be mindful of T227345: Actor support for social tools while doing so).

Feb 9 2020, 7:42 PM · User-RhinosF1, Social-Tools, QuizGame
ashley committed rESPR3a566ea749e9: Drop $type as the 1st param to UserFanBoxes#getUserFanboxes since it does… (authored by ashley).
Drop $type as the 1st param to UserFanBoxes#getUserFanboxes since it does…
Feb 9 2020, 11:59 AM