Page MenuHomePhabricator

labster (Brent Laabs)
User

Projects

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Thursday

  • Clear sailing ahead.

User Details

User Since
Apr 8 2016, 1:28 AM (166 w, 4 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
BrentLaabs [ Global Accounts ]

Recent Activity

Jan 10 2018

labster added a comment to T119908: [RfC]: Migrate code review / management from Gerrit to Phabricator.

It's not as big of a a barrier to contribution as you think. Generally, when I want to commit something on a project hosted by WMF, I push a commit to somewhere else like Github, and then ask someone else who understands Gerrit to merge it. Usually, this is the extension developer, and from there they can either do git remote add or download a patch file.

Jan 10 2018, 4:48 AM · TechCom-RFC, Developer-Advocacy, releng-201516-q3, Gerrit, Gerrit-Migration, Phabricator, Release-Engineering-Team

Sep 16 2017

labster added a comment to T173835: Invalid magic word 'cscore' when trying to rebuild LC with Contribution Scores.

This one is marked as resolved in our tracker at Miraheze, @Reception123. Is it ok to close this bug, or did someone find the cause?

Sep 16 2017, 9:07 PM · ContributionScores

Aug 28 2017

labster created T174373: Extension:ArticleToCategory2 -- HTML comments are not valid JS.
Aug 28 2017, 7:10 PM · MediaWiki-extensions-Other

May 21 2017

labster added a comment to T150634: README.md mentions $gcwikis but the code doesn't.

Huh. I didn't expect when I wrote this ticket that it would be resolved by deleting all the documentation. Thanks, I guess?

May 21 2017, 3:43 AM · Documentation, Technical-Debt, GlobalContribs

Apr 17 2017

labster added a comment to T152929: WikiForum overwrites $wgCaptchaTriggers when adding a new permission.

Well, I'll fire our sysadmins just as soon as I start paying them :P

Apr 17 2017, 8:33 PM · MW-1.31-release-notes (WMF-deploy-2017-10-31 (1.31.0-wmf.6)), ConfirmEdit (CAPTCHA extension), MW-1.30-release-notes (WMF-deploy-2017-08-29 (1.30.0-wmf.16)), Patch-For-Review, Social-Tools, WikiForum

Mar 25 2017

labster added a comment to T161387: Change AutoCreateCategoryPages to not have to grab entire namespace.

That credit works for me.

Mar 25 2017, 7:41 PM · MediaWiki-extensions-AutoCreateCategoryPage
labster added a comment to T161387: Change AutoCreateCategoryPages to not have to grab entire namespace.

Hi, I'm here, a little. Just going to say that caching the entire category namespace sounds like a nightmare, if only because of the cache invalidation problem. So I just removed the TODO, because that seems like the Wrong Thing.

Mar 25 2017, 8:49 AM · MediaWiki-extensions-AutoCreateCategoryPage

Feb 13 2017

labster added a comment to T152858: Replace YUI color picker in Special:FanBoxes.

Just want to let you know that this task is what kept us from installing this extension on allthetropes.org. Using an unsupported third-party library doesn't inspire confidence from a privacy point-of-view.

Feb 13 2017, 8:52 PM · JavaScript, Technical-Debt, Social-Tools, FanBoxes

Feb 10 2017

labster created T157770: Extension:CreateRedirect doesn't handle categories gracefully.
Feb 10 2017, 5:44 AM · MediaWiki-extensions-Other
labster added a comment to T28898: CreateRedirect extension needs code cleanup.

Just a comment: this seems like a cleanup here would be a easy task. The body file is under 200 lines of code.

Feb 10 2017, 5:36 AM · Technical-Debt, MediaWiki-extensions-Other

Jan 18 2017

labster added a comment to T154076: MWExceptionRenderer::reportOutageHTML() produces invalid HTML.

Just because the issue has come up again and I've done more reading since then... apparently <html> and <body> elements aren't required for valid HTML 5. But the <!DOCTYPE html> is missing, and that is required. Same suggested solution as in the comment above.

Jan 18 2017, 3:25 AM · MediaWiki-General-or-Unknown

Jan 15 2017

labster created T155336: CategoryTree shows dropdown when subcategory size is negative.
Jan 15 2017, 7:41 AM · MediaWiki-extensions-CategoryTree

Dec 29 2016

labster added a comment to T154106: Hardcoded username in resources/js/twitter.js.

Thanks for the quick turnaround!

Dec 29 2016, 3:13 AM · good first bug, Gamepress

Dec 25 2016

labster created T154106: Hardcoded username in resources/js/twitter.js.
Dec 25 2016, 10:46 AM · good first bug, Gamepress
labster added a comment to T154076: MWExceptionRenderer::reportOutageHTML() produces invalid HTML.

OK @Aklapper, I'll bite. Convince me that the second part is a separate task, and I'll open another task. I'm rather thinking that if the call to reportOutageHTML() moved into reportHTML() ... right around here ... that all of the above will be solved at the same time.

Dec 25 2016, 10:29 AM · MediaWiki-General-or-Unknown

Dec 24 2016

labster updated the task description for T154076: MWExceptionRenderer::reportOutageHTML() produces invalid HTML.
Dec 24 2016, 5:24 AM · MediaWiki-General-or-Unknown
labster created T154076: MWExceptionRenderer::reportOutageHTML() produces invalid HTML.
Dec 24 2016, 5:22 AM · MediaWiki-General-or-Unknown

Dec 17 2016

labster added a comment to T153557: Extension:MassEditRegex branch REL1_28 is incompatible with MW 1.28.

Ah, OK. You just said "already fixed in master" and assigned a duplicate task that is already closed, but didn't say that there was a fix for this branch. I assumed that you didn't understand the request.

Dec 17 2016, 10:49 PM · MediaWiki-extensions-Other
labster changed the status of T153557: Extension:MassEditRegex branch REL1_28 is incompatible with MW 1.28 from Duplicate to Declined.

If you're not going to fix the problem, don't just close the ticket resolved. I'm taking this to mean that you're declining to fix this issue.

Dec 17 2016, 10:43 PM · MediaWiki-extensions-Other
labster created T153557: Extension:MassEditRegex branch REL1_28 is incompatible with MW 1.28.
Dec 17 2016, 9:24 PM · MediaWiki-extensions-Other

Dec 12 2016

labster added a comment to T135367: Potential query optimization on getComments.

Your guide seems pretty good, I'll give it a shot the next time I think of a patch. Actually, BlogPageClass.php is taunting me with:

Dec 12 2016, 10:52 PM · Performance, Social-Tools, Comments
labster added a comment to T143511: Integrate closable/openable content sections in Refreshed skin.

Nope. The sectioning is done here:
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend/blob/master/includes/MobileFormatter.php#L541 That looks complicated.

Dec 12 2016, 8:05 AM · Refreshed, Brickimedia
labster added a comment to T146114: Refreshed is zoomable on mobile, which allows the user interface to break .

As of iOS 10, all pages are zoomable. There is no API to prevent zooming on a page.

Dec 12 2016, 3:42 AM · Brickimedia, Refreshed
labster created T152939: Refreshed: Header floats above content with wikitable in site notice.
Dec 12 2016, 3:22 AM · CSS, Design, Refreshed

Dec 11 2016

labster added a project to T152929: WikiForum overwrites $wgCaptchaTriggers when adding a new permission: WikiForum.
Dec 11 2016, 10:04 PM · MW-1.31-release-notes (WMF-deploy-2017-10-31 (1.31.0-wmf.6)), ConfirmEdit (CAPTCHA extension), MW-1.30-release-notes (WMF-deploy-2017-08-29 (1.30.0-wmf.16)), Patch-For-Review, Social-Tools, WikiForum
labster created T152929: WikiForum overwrites $wgCaptchaTriggers when adding a new permission.
Dec 11 2016, 10:03 PM · MW-1.31-release-notes (WMF-deploy-2017-10-31 (1.31.0-wmf.6)), ConfirmEdit (CAPTCHA extension), MW-1.30-release-notes (WMF-deploy-2017-08-29 (1.30.0-wmf.16)), Patch-For-Review, Social-Tools, WikiForum

Dec 5 2016

labster added a comment to T146712: all kinds of mixed issues with miraheze table (was: allthetropes is not updating on wikistats).

You chose the worst day to start working on this as our db server decided to crash today. I'll get back to you when we're back online.

Dec 5 2016, 10:38 PM · Patch-For-Review, VPS-project-Wikistats

Nov 14 2016

labster created T150634: README.md mentions $gcwikis but the code doesn't.
Nov 14 2016, 5:27 AM · Documentation, Technical-Debt, GlobalContribs

Nov 5 2016

labster created T150082: Extension:SiteScout needless use of eval in JS.
Nov 5 2016, 9:21 AM · Social-Tools

Oct 16 2016

labster created T148316: PHP warning with exactly one avatar uploaded.
Oct 16 2016, 4:25 AM · Patch-For-Review, Social-Tools, RandomUsersWithAvatars

Oct 7 2016

labster added a comment to T135367: Potential query optimization on getComments.

Can anyone take over maintainership for this extension?

Oct 7 2016, 10:02 PM · Performance, Social-Tools, Comments

Oct 5 2016

labster changed the status of T146564: With VisualEditor beta-disabled, pipes are missing on other extensions using SkinEditSectionLinks from Stalled to Open.

I don't understand. How is mw-editsection-divider an internal class for VE if it's in includes/skins/Skin.php? And if SkinEditSectionLinks is not a public API, why is it mentioned in docs/hooks.txt as replacement for a different public API?

Oct 5 2016, 2:52 AM · VisualEditor-MediaWiki, VisualEditor

Sep 26 2016

labster created T146712: all kinds of mixed issues with miraheze table (was: allthetropes is not updating on wikistats).
Sep 26 2016, 11:07 PM · Patch-For-Review, VPS-project-Wikistats

Sep 25 2016

labster created T146564: With VisualEditor beta-disabled, pipes are missing on other extensions using SkinEditSectionLinks.
Sep 25 2016, 1:08 AM · VisualEditor-MediaWiki, VisualEditor

Sep 21 2016

labster added a comment to T142314: Null byte in old versions of Replace Text may cause arbitrary execution.

In terms of the DOS attack @Bawolff mentioned, maybe ini_set on some PCRE options would be useful?

Sep 21 2016, 6:15 AM · MediaWiki-extensions-ReplaceText, Security

Sep 3 2016

labster placed T135367: Potential query optimization on getComments up for grabs.

No activity in over 3 months. If no one is interested in merging this code, can they please decline the task?

Sep 3 2016, 8:01 PM · Performance, Social-Tools, Comments

Aug 7 2016

labster added a comment to T142314: Null byte in old versions of Replace Text may cause arbitrary execution.

If you are unable to upgrade to PHP 5.5.9, then you can use MediaWiki 1.23.13, which requires PHP version 5.3.2 or later

Aug 7 2016, 7:17 AM · MediaWiki-extensions-ReplaceText, Security
labster added a comment to T73027: RegExp search and replace doesn't work with MS Sql SERVER.

As far as I can tell, SQL Server does not support regular expressions -- or at least not without using a CLR function.

Aug 7 2016, 1:59 AM · MSSQL, MediaWiki-extensions-ReplaceText
labster added a project to T142314: Null byte in old versions of Replace Text may cause arbitrary execution: MediaWiki-extensions-ReplaceText.
Aug 7 2016, 1:10 AM · MediaWiki-extensions-ReplaceText, Security
labster created T142314: Null byte in old versions of Replace Text may cause arbitrary execution.
Aug 7 2016, 1:10 AM · MediaWiki-extensions-ReplaceText, Security

Jul 31 2016

labster created T141706: Skin:Erudite: Is method msgWikiNoEdit() still needed?.
Jul 31 2016, 5:23 AM · Other-skins

Jul 21 2016

labster added a comment to T132125: Cannot remove a site by editing $wgSiteMatrixSites.

Thanks, this is great work. Sorry I didn't reply earlier, as I've been swamped by $dayjob stuff. I do have some other suggestions, but I'll reply in T140941.

Jul 21 2016, 9:30 PM · MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)), Patch-For-Review, MediaWiki-Configuration, SiteMatrix

May 22 2016

labster added a comment to T133511: Extension:MsCalendar XSS vulnerability.

I just suggested updating the extension because I thought it would be easiest. If you want, you just just do some HTML filtering in the original extension -- a good place to start would be here:

May 22 2016, 10:49 PM · MediaWiki-extensions-MsCalendar, Security-Extensions, Vuln-XSS, Security
labster added a comment to T133511: Extension:MsCalendar XSS vulnerability.

We're nearing 2 months since I first reported the vulnerability to the authors. Is there any WMF guidance as to how long before I can publicly disclose the vulnerability?

May 22 2016, 1:31 AM · MediaWiki-extensions-MsCalendar, Security-Extensions, Vuln-XSS, Security
labster updated subscribers of T133511: Extension:MsCalendar XSS vulnerability.
May 22 2016, 1:26 AM · MediaWiki-extensions-MsCalendar, Security-Extensions, Vuln-XSS, Security

May 16 2016

labster created T135367: Potential query optimization on getComments.
May 16 2016, 9:44 AM · Performance, Social-Tools, Comments

May 9 2016

labster added a comment to T134546: CommentIgnoreList warning about extension message alias.

OK. If wfLoadExtension is recommended, then there was a docs bug on https://www.mediawiki.org/wiki/Extension:Comments I went ahead and added registration=1 to the install template.

May 9 2016, 8:35 AM · Patch-For-Review, Comments, Social-Tools

May 6 2016

labster added a comment to T134546: CommentIgnoreList warning about extension message alias.

Oh, right, I have $wgShowDevelopmentWarnings = true;, but doesn't everyone? 🤓

May 6 2016, 2:55 AM · Patch-For-Review, Comments, Social-Tools
labster created T134546: CommentIgnoreList warning about extension message alias.
May 6 2016, 2:50 AM · Patch-For-Review, Comments, Social-Tools

May 5 2016

Restricted Application updated subscribers of T45646: "MediaWiki:Copyright" message allows raw HTML.
May 5 2016, 8:05 PM · MW-1.32-notes (WMF-deploy-2018-08-28 (1.32.0-wmf.19)), Vuln-XSS, MediaWiki-General-or-Unknown, Security

May 2 2016

labster added a comment to T134153: Swap order of statements to save a DB query.

The same thing applies at https://git.wikimedia.org/blob/mediawiki%2Fextensions%2FComments/master/CommentClass.php#L175 and L317

May 2 2016, 9:26 AM · Patch-For-Review, Comments, Social-Tools
labster created T134153: Swap order of statements to save a DB query.
May 2 2016, 8:28 AM · Patch-For-Review, Comments, Social-Tools

May 1 2016

labster added a comment to T131515: extension.json is poorly documented.

Agreed, documentation is extremely poor.

May 1 2016, 7:27 AM · Documentation, MediaWiki-Documentation

Apr 25 2016

labster added a comment to T133511: Extension:MsCalendar XSS vulnerability.

That was me informing the authors. With the same message as above. Felipe Schenone replied back to me with this message on 30 March:

Apr 25 2016, 12:36 AM · MediaWiki-extensions-MsCalendar, Security-Extensions, Vuln-XSS, Security

Apr 24 2016

labster created T133511: Extension:MsCalendar XSS vulnerability.
Apr 24 2016, 10:31 PM · MediaWiki-extensions-MsCalendar, Security-Extensions, Vuln-XSS, Security
labster added a comment to T132125: Cannot remove a site by editing $wgSiteMatrixSites.

If it is intentional, I suppose we could host a fork of this. All we'd have to do is delete a few lines from the extension.json file, track upstream otherwise, and warn people outside the WMF to use our fork instead of the official one. Somehow this solution seems suboptimal, but I'd be willing to do it.

Apr 24 2016, 4:38 AM · MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)), Patch-For-Review, MediaWiki-Configuration, SiteMatrix

Apr 8 2016

labster created T132125: Cannot remove a site by editing $wgSiteMatrixSites.
Apr 8 2016, 2:31 AM · MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)), Patch-For-Review, MediaWiki-Configuration, SiteMatrix