Page MenuHomePhabricator

suffusion_of_yellow (Suffusion of Yellow)
User

Projects

User does not belong to any projects.

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Friday

  • Clear sailing ahead.

User Details

User Since
Oct 15 2018, 6:19 PM (193 w, 1 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
Suffusion of Yellow [ Global Accounts ]

Recent Activity

May 16 2022

suffusion_of_yellow added a comment to T306660: [Goal] Table of contents on narrow screens in vector-2022.

@suffusion_of_yellow , no, that's not true. Narrow screen doesn't mean mobile screen. Vector (intentionally) doesn't define a viewport, so users there will never get a narrow screen. Users on a mobile device will continue to see the desktop site with a desktop viewport zoomed out like so:

May 16 2022, 7:52 PM · Readers-Web-Backlog (Kanbanana-FY-2021-22), Desktop Improvements
suffusion_of_yellow added a comment to T306660: [Goal] Table of contents on narrow screens in vector-2022.

Something to remember: People using Vector on "narrow screens" are likely to be mobile users who dislike the (Minerva) mobile site. So a "solution" that makes Vector more like Minerva (e.g. collapsed sections) is exactly the wrong one. That would leave no escape, except logging in from every device, and every private tab, just to read a page.

May 16 2022, 7:05 PM · Readers-Web-Backlog (Kanbanana-FY-2021-22), Desktop Improvements

Mar 29 2022

suffusion_of_yellow added a comment to T305011: Simple regular expression fails on 10000 character string.

Original thread was here. I'm trying to find if something occurs inside a table with an "Album" heading:

Mar 29 2022, 11:23 PM · AbuseFilter
suffusion_of_yellow created T305011: Simple regular expression fails on 10000 character string.
Mar 29 2022, 10:12 PM · AbuseFilter

Jan 29 2022

suffusion_of_yellow added a comment to T223195: Invalid IPv6 URL on page causes all non-autoconfirmed edits to trigger CAPTCHA.

And another one: http://Draft:Getscreen.me. I got a CAPTCHA (from a non-AC account) even for a null edit on Wikipedia:Teahouse until I made this change.

Jan 29 2022, 3:45 AM · ConfirmEdit (CAPTCHA extension)

Dec 8 2021

suffusion_of_yellow added a comment to T295429: "You have new messages" alert not showing on testwiki when logged out.

I tried again on testwiki, enwiktionary, and enwikinews, and got an alert every time. Thanks for fixing this! Now where do we talk about disabling LiquidThreads on all WMF wikis?

Dec 8 2021, 10:45 PM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications

Nov 23 2021

suffusion_of_yellow updated subscribers of T296349: Session not created on VoteWiki when using desktop site with a mobile user agent.
Nov 23 2021, 10:11 PM · Mobile, MediaWiki-extensions-SecurePoll
suffusion_of_yellow created T296349: Session not created on VoteWiki when using desktop site with a mobile user agent.
Nov 23 2021, 10:09 PM · Mobile, MediaWiki-extensions-SecurePoll

Nov 12 2021

suffusion_of_yellow added a comment to T295429: "You have new messages" alert not showing on testwiki when logged out.

It's installed but at Special:Version it's spelled "Liquid Threads" instead of "LiquidThreads". And I get no message bar. You can see the full list at https://noc.wikimedia.org/conf/highlight.php?file=InitialiseSettings.php. EIther wmgUseLiquidThreads or wmgLiquidThreadsFrozen force the extension to load.

Nov 12 2021, 9:00 PM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications
suffusion_of_yellow updated subscribers of T295429: "You have new messages" alert not showing on testwiki when logged out.

Maybe some extension/feature only enabled on testwiki is interfering? No idea what that could be.

Nov 12 2021, 8:45 PM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications

Nov 11 2021

suffusion_of_yellow updated subscribers of T284642: Add yellow talk page message banner to non-main namespace pages on mobile.

First, @bwang and @ovasileva (and anyone else I've missed) thank you for implementing this! As you might know it's long been a pet peeve of mine.

Nov 11 2021, 8:10 PM · User-notice, Patch-For-Review, MW-1.38-notes (1.38.0-wmf.7; 2021-11-02), MobileFrontend, MinervaNeue, Readers-Web-Backlog (Kanbanana-FY-2021-22)
suffusion_of_yellow reopened T295429: "You have new messages" alert not showing on testwiki when logged out as "Open".

(Unless you experience this on an uncached view - you can tell apart cached views from the response headers having X-Cache-Status: hit or something similar vs. miss or pass on uncached views. Please reopen if you see this on an uncached view.)

Nov 11 2021, 7:34 PM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications
suffusion_of_yellow reopened T295429: "You have new messages" alert not showing on testwiki when logged out, a subtask of T284642: Add yellow talk page message banner to non-main namespace pages on mobile, as Open.
Nov 11 2021, 7:33 PM · User-notice, Patch-For-Review, MW-1.38-notes (1.38.0-wmf.7; 2021-11-02), MobileFrontend, MinervaNeue, Readers-Web-Backlog (Kanbanana-FY-2021-22)
suffusion_of_yellow updated the task description for T295429: "You have new messages" alert not showing on testwiki when logged out.
Nov 11 2021, 7:31 PM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications

Nov 10 2021

suffusion_of_yellow created T295429: "You have new messages" alert not showing on testwiki when logged out.
Nov 10 2021, 12:15 AM · MW-1.38-notes (1.38.0-wmf.12; 2021-12-06), Readers-Web-Backlog (Kanbanana-FY-2021-22), MobileFrontend, Notifications

Oct 8 2021

1234qwer1234qwer4 awarded T289385: Modified HTTP headers allow XSS in SecurePoll (CVE-2021-42045) a The World Burns token.
Oct 8 2021, 4:25 PM · MW-1.38-notes (1.38.0-wmf.3; 2021-10-05), SecTeam-Processed, MediaWiki-extensions-SecurePoll, Vuln-XSS, Security, Security-Team

Oct 7 2021

AntiCompositeNumber awarded T289385: Modified HTTP headers allow XSS in SecurePoll (CVE-2021-42045) a Yellow Medal token.
Oct 7 2021, 9:19 PM · MW-1.38-notes (1.38.0-wmf.3; 2021-10-05), SecTeam-Processed, MediaWiki-extensions-SecurePoll, Vuln-XSS, Security, Security-Team

Oct 2 2021

suffusion_of_yellow added a comment to T291481: Determine approach for notifications for IP Editors on Android.

Thanks @Dbrant for getting to this!

Oct 2 2021, 9:08 PM · Wikipedia-Android-App-Backlog (Android Release FY2021-22)

Aug 20 2021

Platonides awarded T289385: Modified HTTP headers allow XSS in SecurePoll (CVE-2021-42045) a Barnstar token.
Aug 20 2021, 11:08 PM · MW-1.38-notes (1.38.0-wmf.3; 2021-10-05), SecTeam-Processed, MediaWiki-extensions-SecurePoll, Vuln-XSS, Security, Security-Team
suffusion_of_yellow added projects to T289385: Modified HTTP headers allow XSS in SecurePoll (CVE-2021-42045): Vuln-XSS, MediaWiki-extensions-SecurePoll.
Aug 20 2021, 10:19 PM · MW-1.38-notes (1.38.0-wmf.3; 2021-10-05), SecTeam-Processed, MediaWiki-extensions-SecurePoll, Vuln-XSS, Security, Security-Team
suffusion_of_yellow created T289385: Modified HTTP headers allow XSS in SecurePoll (CVE-2021-42045).
Aug 20 2021, 10:18 PM · MW-1.38-notes (1.38.0-wmf.3; 2021-10-05), SecTeam-Processed, MediaWiki-extensions-SecurePoll, Vuln-XSS, Security, Security-Team

Jul 27 2021

suffusion_of_yellow created T287542: API action=parse&prop=headhtml leaking user tokens and other private info in cross-origin requests (again).
Jul 27 2021, 11:53 PM · SecTeam-Processed, Platform Engineering, Regression, Vuln-Infoleak, Vuln-CSRF, MediaWiki-Action-API, Security, Security-Team

Jul 4 2021

suffusion_of_yellow created T286140: AbuseLog no longer recording revids of saved edits.
Jul 4 2021, 12:09 AM · MW-1.37-notes (1.37.0-wmf.15; 2021-07-19), User-DannyS712, Regression, AbuseFilter

Jun 8 2021

suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

(All this also applies to T276147. Only responding in one place.)

Jun 8 2021, 11:17 PM · Wikipedia-Android-App-Backlog
suffusion_of_yellow added a comment to T276147: Android application does not show block messages.

See T276149#7144054. (Should these tasks be merged...?) With 2.7.50362-beta-2021-06-04, the block message is there now, but it's not parsed. @Dbrant implied there might a newer version that does parse the message, but I can't find it.

Jun 8 2021, 8:46 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21)
suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

@Dbrant: That link is a 404 but I tested on 2.7.50362beta-2021-06-04, which is the latest on https://releases.wikimedia.org/mobile/android/wikipedia/betas

Jun 8 2021, 8:40 PM · Wikipedia-Android-App-Backlog

May 28 2021

suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

! In T276149#7122539, @Dbrant wrote:

May 28 2021, 6:45 PM · Wikipedia-Android-App-Backlog

May 27 2021

suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

Tested in 2.7.50359-alpha-2021-05-27 on testwiki

May 27 2021, 11:27 PM · Wikipedia-Android-App-Backlog
suffusion_of_yellow added a comment to T276139: Android application does not display custom AbuseFilter messages.

Tested in 2.7.50359-alpha-2021-05-27 on enwiki

May 27 2021, 10:16 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter

May 26 2021

Ciencia_Al_Poder awarded T240889: Mobile IP editors not given any indication that they have new messages a Mountain of Wealth token.
May 26 2021, 8:16 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

May 18 2021

EpicPupper awarded T240889: Mobile IP editors not given any indication that they have new messages a Like token.
May 18 2021, 3:46 AM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
EpicPupper awarded T240976: Mobile "new messages" notification should be more intrusive by default a Like token.
May 18 2021, 3:45 AM · Growth-Team-Filtering, Growth-Team, MobileFrontend

May 17 2021

suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

So it seems that the only kind of block that gives me any details is a global block:

May 17 2021, 10:28 PM · Wikipedia-Android-App-Backlog

May 15 2021

suffusion_of_yellow added a comment to T276149: Android application sometimes falsely claims that an user account is blocked.

I tried on a few random IPs, and most of the time I saw a (correctly parsed) block message. But once I saw a message claiming that my user account had been blocked. No, I didn't write down the IP; sorry.

May 15 2021, 1:20 AM · Wikipedia-Android-App-Backlog
suffusion_of_yellow added a comment to T276147: Android application does not show block messages.

The problem still exists for me, with 2.7.50358-r-2021-05-11.

May 15 2021, 12:41 AM · Wikipedia-Android-App-Backlog (Android Release FY2020-21)

May 12 2021

suffusion_of_yellow added a comment to T276139: Android application does not display custom AbuseFilter messages.

@Dbrant: Try making any edit to https://en.wikipedia.org/wiki/Wikipedia:Edit_filter/Message_tests. Filter 1147 will disallow all edits to that page, (currently) with the default disallow message.

May 12 2021, 8:30 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter
suffusion_of_yellow added a comment to T276139: Android application does not display custom AbuseFilter messages.

Tested with 2.7.50357-alpha-2021-05-10.

May 12 2021, 1:03 AM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter

May 8 2021

suffusion_of_yellow added a comment to T282183: Hiding own edits on watchlist and recentchanges results in hiding all IP edits.

Could it be this?

	if ( $user->isAnon() ) {
		$conds[] = 'actor_name<>' . $dbr->addQuotes( $user->getName() );
	} else {
		$conds[] = 'actor_user<>' . $dbr->addQuotes( $user->getId() );
	}
May 8 2021, 7:40 PM · MW-1.37-notes (1.37.0-wmf.4; 2021-05-04), Platform Team Workboards (Clinic Duty Team), MediaWiki-Recent-changes, Regression, Growth-Team, MediaWiki-Watchlist

May 7 2021

suffusion_of_yellow added a comment to T282183: Hiding own edits on watchlist and recentchanges results in hiding all IP edits.

But the API seems to work:

May 7 2021, 8:19 PM · MW-1.37-notes (1.37.0-wmf.4; 2021-05-04), Platform Team Workboards (Clinic Duty Team), MediaWiki-Recent-changes, Regression, Growth-Team, MediaWiki-Watchlist
suffusion_of_yellow added a comment to T282183: Hiding own edits on watchlist and recentchanges results in hiding all IP edits.

This also happens at Special:RecentChanges and Special:Special:RecentChangesLinked. https://en.wikipedia.org/w/index.php?title=Special:RecentChanges&hideliu=1&hidemyself=1&days=30 and https://en.wikipedia.org/w/index.php?title=Special:RecentChangesLinked&hideliu=1&hidemyself=1&days=30&target=Main_Page show me nothing at all, for example.

May 7 2021, 7:59 PM · MW-1.37-notes (1.37.0-wmf.4; 2021-05-04), Platform Team Workboards (Clinic Duty Team), MediaWiki-Recent-changes, Regression, Growth-Team, MediaWiki-Watchlist

Apr 30 2021

suffusion_of_yellow created T281544: MobileFrontend doesn't show AbuseFilter messages when editing a talk page.
Apr 30 2021, 12:21 AM · User-Ryasmeen, Editing-team (FY2021-22 Kanban Board), MobileFrontend (MobileFrontend (Editor)), AbuseFilter

Apr 13 2021

suffusion_of_yellow updated the task description for T280092: Android application does not show CC-BY-SA message when editing a talk page.
Apr 13 2021, 11:51 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), WMF-Legal
suffusion_of_yellow created T280092: Android application does not show CC-BY-SA message when editing a talk page.

As the WMF-Legal project tag was added to this task, some general information to avoid wrong expectations:
Please note that public tasks in Wikimedia Phabricator are in general not a place where to expect feedback from the Legal Team of the Wikimedia Foundation due to the scope of the team and/or nature of legal topics. See the project tag description.
Please see https://meta.wikimedia.org/wiki/Legal for when and how to contact the Legal Team. Thanks!

Apr 13 2021, 11:46 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), WMF-Legal

Mar 26 2021

MJL awarded T240889: Mobile IP editors not given any indication that they have new messages a The World Burns token.
Mar 26 2021, 10:11 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Mar 24 2021

suffusion_of_yellow added a comment to T274359: Mobile REST API delivers year old+ content for very select pages.

Getting the same thing on enwiki, try https://en.wikipedia.org/api/rest_v1/page/mobile-html/Wikipedia:Administrators'_noticeboard%2FIncidents

Mar 24 2021, 3:33 AM · User-TheresNoTime, Platform Engineering, Page Content Service, Product-Infrastructure-Team-Backlog, Wikipedia-Android-App-Backlog, RESTBase-API, affects-Kiwix-and-openZIM

Mar 2 2021

suffusion_of_yellow added a comment to T95396: Inform the user, when there is a new message on their talk page.

I just tried leaving a message on my IP's talk page. I was using app version 27.50341-r2021-02-02. I got no alert.

Mar 2 2021, 11:09 PM · Wikipedia-Android-App-Backlog, android-app-feature-notifications, good first task, WorkType-NewFunctionality
suffusion_of_yellow added a comment to T276147: Android application does not show block messages.

Also partial blocks give the same "Your user account has been blocked from editing on this wiki". There is no indication that it's a partial block, and the user can edit other pages. Not sure if that should be a separate task.

Mar 2 2021, 10:22 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21)

Mar 1 2021

suffusion_of_yellow added a project to T276139: Android application does not display custom AbuseFilter messages: AbuseFilter.
Mar 1 2021, 10:15 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter
suffusion_of_yellow added projects to T276142: Android application does not parse spam blacklist message: Wikipedia-Android-App-Backlog, SpamBlacklist.
Mar 1 2021, 10:15 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), SpamBlacklist
suffusion_of_yellow added a project to T276149: Android application sometimes falsely claims that an user account is blocked: Wikipedia-Android-App-Backlog.
Mar 1 2021, 10:13 PM · Wikipedia-Android-App-Backlog
suffusion_of_yellow renamed T276147: Android application does not show block messages from Android application does show block messages to Android application does not show block messages.
Mar 1 2021, 10:12 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21)
suffusion_of_yellow added a comment to T276139: Android application does not display custom AbuseFilter messages.

Yes. What other app can be used to edit enwiki?

Mar 1 2021, 8:33 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter
suffusion_of_yellow created T276149: Android application sometimes falsely claims that an user account is blocked.
Mar 1 2021, 7:20 PM · Wikipedia-Android-App-Backlog
suffusion_of_yellow created T276147: Android application does not show block messages.
Mar 1 2021, 7:03 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21)
suffusion_of_yellow created T276142: Android application does not parse spam blacklist message.
Mar 1 2021, 6:38 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), SpamBlacklist
suffusion_of_yellow created T276139: Android application does not display custom AbuseFilter messages.
Mar 1 2021, 6:22 PM · Wikipedia-Android-App-Backlog (Android Release FY2020-21), AbuseFilter

Feb 19 2021

suffusion_of_yellow added a comment to T242821: Separate access to tools and test features from ability to view private filters.

@sbassett: I thought the idea was to have canTestTools(), in the future, also allow users some new right (abusefilter-test, etc.). If that's done, then users with that new right will also be able to view private filters, with an URL like the one above.

Feb 19 2021, 7:24 PM · SecTeam-Processed, MW-1.36-notes (1.36.0-wmf.32; 2021-02-23), AbuseFilter (Overhaul-2020), Security, MediaWiki-User-management, User-DannyS712
suffusion_of_yellow added a comment to T242821: Separate access to tools and test features from ability to view private filters.

As a reminder, Special:AbuseFilter/test still allows you to view private filters with a URL like https://en.wikipedia.org/wiki/Special:AbuseFilter/test/2.

Feb 19 2021, 6:48 PM · SecTeam-Processed, MW-1.36-notes (1.36.0-wmf.32; 2021-02-23), AbuseFilter (Overhaul-2020), Security, MediaWiki-User-management, User-DannyS712

Feb 7 2021

suffusion_of_yellow added a comment to T273809: Spurious "this regular expression matches the empty string" warning.

That was quick! Probably should have said that the new "live" syntax checker is a really great improvement; thank you for implementing that!

Feb 7 2021, 1:47 AM · MW-1.36-notes (1.36.0-wmf.30; 2021-02-09), AbuseFilter

Feb 3 2021

suffusion_of_yellow created T273809: Spurious "this regular expression matches the empty string" warning.
Feb 3 2021, 7:42 PM · MW-1.36-notes (1.36.0-wmf.30; 2021-02-09), AbuseFilter
Dreamy_Jazz awarded T240889: Mobile IP editors not given any indication that they have new messages a Yellow Medal token.
Feb 3 2021, 9:46 AM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Jan 13 2021

suffusion_of_yellow added a comment to T271487: Uncaught SyntaxError: Failed to execute 'open' on 'XMLHttpRequest': Invalid URL / Uncaught SyntaxError: Failed to execute 'open' on 'XMLHttpRequest': Invalid URL / Malformed URIs in AbuseFilter worker-abusefilter.js.

The problem is gone for me on enwiki. And the Ace editor now warns me about invalid syntax. Thanks!

Jan 13 2021, 2:31 AM · MW-1.36-notes (1.36.0-wmf.25; 2021-01-05), AbuseFilter, Wikimedia-production-error

Jan 11 2021

suffusion_of_yellow added a comment to T271487: Uncaught SyntaxError: Failed to execute 'open' on 'XMLHttpRequest': Invalid URL / Uncaught SyntaxError: Failed to execute 'open' on 'XMLHttpRequest': Invalid URL / Malformed URIs in AbuseFilter worker-abusefilter.js.

So it's this line.

Malformed URIs occur when you run encodeURIComponent on something that cannot be encoded.

Jan 11 2021, 2:16 AM · MW-1.36-notes (1.36.0-wmf.25; 2021-01-05), AbuseFilter, Wikimedia-production-error
suffusion_of_yellow added a comment to T242821: Separate access to tools and test features from ability to view private filters.

Instead of a rate limit, what if unprivileged uses of /test were limited to at most N cores and M bytes of memory? Then the only "service" anyone could "deny" is /test itself, which doesn't seem like a worthwhile target. Something similar is done with regex and Special:Search, if I recall.

Jan 11 2021, 1:57 AM · SecTeam-Processed, MW-1.36-notes (1.36.0-wmf.32; 2021-02-23), AbuseFilter (Overhaul-2020), Security, MediaWiki-User-management, User-DannyS712

Sep 13 2020

Proc awarded T240889: Mobile IP editors not given any indication that they have new messages a Cookie token.
Sep 13 2020, 12:18 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
ToBeFree awarded T240889: Mobile IP editors not given any indication that they have new messages a Burninate token.
Sep 13 2020, 9:53 AM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Aug 26 2020

suffusion_of_yellow added a comment to T251661: TOTP throttle not enforced cross-wiki (CVE-2020-25827).

In any case, if I am correct, then we could just set a per-IP limit for the badoath action, which would then be counted across all wikis.

Aug 26 2020, 7:20 PM · MW-1.36-notes (1.36.0-wmf.8; 2020-09-08), Platform Team Workboards (Clinic Duty Team), MediaWiki-extensions-OathAuth, MediaWiki-Authentication-and-authorization, Security, Security-Team

Jul 16 2020

suffusion_of_yellow added a comment to T223195: Invalid IPv6 URL on page causes all non-autoconfirmed edits to trigger CAPTCHA.

I also get a captcha request if the string tel:// is already on the page. See https://en.wikipedia.org/w/index.php?title=User:Suffusion_of_Yellow/CaptchaBug&diff=968045535&oldid=968045267.

Jul 16 2020, 10:14 PM · ConfirmEdit (CAPTCHA extension)

May 13 2020

suffusion_of_yellow added a comment to T208907: CSRF vulnerability in Special:MovePage.

Does this still need to be private?

May 13 2020, 10:50 PM · Security, Privacy, AbuseFilter, Vuln-CSRF, MediaWiki-Special-pages

May 2 2020

suffusion_of_yellow added a project to T251661: TOTP throttle not enforced cross-wiki (CVE-2020-25827): MediaWiki-extensions-OathAuth.
May 2 2020, 5:18 PM · MW-1.36-notes (1.36.0-wmf.8; 2020-09-08), Platform Team Workboards (Clinic Duty Team), MediaWiki-extensions-OathAuth, MediaWiki-Authentication-and-authorization, Security, Security-Team
suffusion_of_yellow created T251661: TOTP throttle not enforced cross-wiki (CVE-2020-25827).
May 2 2020, 5:22 AM · MW-1.36-notes (1.36.0-wmf.8; 2020-09-08), Platform Team Workboards (Clinic Duty Team), MediaWiki-extensions-OathAuth, MediaWiki-Authentication-and-authorization, Security, Security-Team

Apr 22 2020

suffusion_of_yellow added a comment to T219279: Some pages will become completely unreachable after PHP7 update due to Unicode changes.

@tstarling: I just set enwiki filter 68 to exclude bots.

Apr 22 2020, 5:54 PM · MW-1.38-notes (1.38.0-wmf.6; 2021-10-26), Patch-For-Review, MW-1.35-notes (1.35.0-wmf.28; 2020-04-14), User-notice, Platform Team Workboards (Clinic Duty Team), MW-1.34-notes (1.34.0-wmf.16; 2019-07-30), serviceops, SRE, PHP 7.2 support, MediaWiki-General

Feb 13 2020

suffusion_of_yellow added a comment to T245094: Abusefilter: restricted action blockautopromotion is available, shouldn't be.

It looks like the only actions that are disabled by default are block, rangeblock, and degroup. The reason blockautopromote is available on enwiki is that no one's ever explicitly disabled it with $wgAbuseFilterActions['blockautopromote'] = false;, yes? The question is, do we need "community consenus" to get that line added, given that AFAIK no one has used that option in years on enwiki?

Feb 13 2020, 2:31 AM · AbuseFilter, Security, Security-Team

Jan 29 2020

suffusion_of_yellow added a comment to T240976: Mobile "new messages" notification should be more intrusive by default.

Marking this as low priority for now. @suffusion_of_yellow - could you expand a bit on why you think that the red circle is not a good enough indicator? I agree that we are most definitely not a social media site, but regardless I think it's an effective way to notify.

Jan 29 2020, 7:15 PM · Growth-Team-Filtering, Growth-Team, MobileFrontend

Jan 12 2020

suffusion_of_yellow renamed T242558: LogicException when parsing section with list-defined references from LogicException when previewing section with list-defined references to LogicException when parsing section with list-defined references.
Jan 12 2020, 11:32 PM · Cite
suffusion_of_yellow created T242558: LogicException when parsing section with list-defined references.
Jan 12 2020, 11:18 PM · Cite

Dec 18 2019

suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@suffusion_of_yellow regarding "range talk", lets assume for a moment that it did exist - how would you expect notification/clearing of such a notification to function?

Dec 18 2019, 8:13 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

I'm curious how high the rate of IP users is that are not ignoring "their" talk page. Especially if they don't have a static IP. (Anybody having any numbers?)

Dec 18 2019, 6:10 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@ovasileva: Why was this one marked low priority? I understand that people might disagree with me about T240976, and I'll respond to your question there later, but this one's a big deal. We literally have no way whatsoever to initiate a discussion with logged-out mobile users. Worse, we think we're talking to them.

Dec 18 2019, 5:30 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Dec 17 2019

suffusion_of_yellow updated subscribers of T71367: page_recent_contributors leaks revdeleted user names (CVE-2021-31545).
Dec 17 2019, 6:17 PM · Patch-For-Review, MW-1.36-notes (1.36.0-wmf.35; 2021-03-16), AbuseFilter (Overhaul-2020), Privacy Engineering, Security, Vuln-Infoleak
suffusion_of_yellow added a project to T240976: Mobile "new messages" notification should be more intrusive by default: MobileFrontend.
Dec 17 2019, 5:46 PM · Growth-Team-Filtering, Growth-Team, MobileFrontend
suffusion_of_yellow created T240976: Mobile "new messages" notification should be more intrusive by default.
Dec 17 2019, 5:44 PM · Growth-Team-Filtering, Growth-Team, MobileFrontend
suffusion_of_yellow renamed T240889: Mobile IP editors not given any indication that they have new messages from Logged-out mobile editors not given any indication that they have new messages to Mobile IP editors not given any indication that they have new messages.
Dec 17 2019, 5:09 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow renamed T240889: Mobile IP editors not given any indication that they have new messages from Mobile editors not shown new messages banner to Logged-out mobile editors not given any indication that they have new messages.
Dec 17 2019, 5:08 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@Xaosflux: Thanks! I consider the IP issue a high priority problem, the logged-in issue less so. I had assumed that the goal had been to deliver the banner to all users, in one form or another (as on desktop), and a simple bug was preventing the display. Now that I know that part of this is intentional, I will split the task.

Dec 17 2019, 5:04 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 17 2019, 5:38 AM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@Ammarpad: I only see the red circle when I'm logged in. I see no indication of any kind that there is a message, when logged out. Do you?

Dec 17 2019, 5:38 AM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Dec 16 2019

suffusion_of_yellow created T240907: Block message does not transclude template for mobile editors when Reason field includes a template.
Dec 16 2019, 9:55 PM · MediaWiki-User-management, Mobile
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 9:32 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

If this ticket is about the lack of a "You have new messages" banner in the mobile interface for logged out users, then I do not see any bug here. Not sure as the steps are confusing and don't explicitly list an expected and an actual outcome, and if that was in mobile or desktop or in that one window or that other window.

Dec 16 2019, 8:09 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow added a comment to T240889: Mobile IP editors not given any indication that they have new messages.

@suffusion_of_yellow: Is one of these browser windows in private mode, or not?

Dec 16 2019, 8:05 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow updated the task description for T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 7:28 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team
suffusion_of_yellow created T240889: Mobile IP editors not given any indication that they have new messages.
Dec 16 2019, 7:25 PM · Growth-Team-Filtering, MinervaNeue (Tracking), Notifications, Growth-Team

Dec 14 2019

suffusion_of_yellow added a comment to T240115: Some filter hits have old_wikitext === new_wikitext.

Certainly seems resolved on enwiki. I re-enabled the filter in the task, and there were no hits in about a day. Thanks!

Dec 14 2019, 5:29 PM · MW-1.35-notes (1.35.0-wmf.10; 2019-12-10), Platform Engineering, AbuseFilter

Dec 13 2019

suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).

It's a good default to try to find and test vulnerabilities like this locally, but again, sometimes that's just incredibly inconvenient or even impossible and so discreet testing somewhere like the testwikis becomes the only viable option to fixing these vulnerabilities.

Dec 13 2019, 7:37 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
Jdlrobson awarded T240487: XSS in MinervaNeue skin (CVE-2019-19910) a Like token.
Dec 13 2019, 7:34 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS
suffusion_of_yellow added a comment to T240487: XSS in MinervaNeue skin (CVE-2019-19910).

How do I find out if an XSS impacts production? I don't want to save anything like that on testwiki, even if I delete it one minute later.
Anyhoo, this page works for me even with $wgFragmentMode = [ 'html5', 'legacy' ];:

Dec 13 2019, 5:56 AM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS

Dec 11 2019

suffusion_of_yellow added a project to T240502: Raw HTML in MobileFrontend: MobileFrontend.
Dec 11 2019, 8:35 PM · MobileFrontend (MobileFrontend Special Pages), Security, Readers-Web-Backlog (Kanbanana-2019-20-Q3)
suffusion_of_yellow created T240502: Raw HTML in MobileFrontend.
Dec 11 2019, 8:32 PM · MobileFrontend (MobileFrontend Special Pages), Security, Readers-Web-Backlog (Kanbanana-2019-20-Q3)
suffusion_of_yellow added a project to T240487: XSS in MinervaNeue skin (CVE-2019-19910): MobileFrontend.
Dec 11 2019, 6:43 PM · Security, user-sbassett, MinervaNeue, Readers-Web-Backlog (Kanbanana-2019-20-Q2), Vuln-XSS