Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

If you are going to do this anyway, despite the warnings given, use some regex to strictly find all function & method invocations and only allow a very small whitelisted set. Err on the side of caution with the regex finding too many matches including false positives. On Sun, 2 Jul 2017 07:57

Re: [MediaWiki-l] Error converting MediaWiki database from 1.4.5 to 1.5.8

On 29/06/17 09:15, Geert Van Pamel wrote: > Tim, > > Your proposal to use buffered query worked. Thanks for that. > > Now I am running into the following problem: > > > 2017-06-28 22:49:58: Migrating image table to image_temp... > PHP Fatal error: Call to undefined function wfGetMimeMagic()

Re: [MediaWiki-l] Parsing barelinks to generate full citations

The Citoid service can perform this task: < https://www.mediawiki.org/wiki/Citoid>. You can try it out here: < https://en.wikipedia.org/api/rest_v1/#!/Citation/getCitation>. On July 1, 2017 at 8:12:42 PM, Jean Valjean (jeanvaljean2...@gmail.com) wrote: What are the best tools for parsing

[MediaWiki-l] Parsing barelinks to generate full citations

What are the best tools for parsing barelinks to generate full citations? E.g., converting https://www.youtube.com/watch?v=lRcthTPP0s4 to {{cite web|author=SecularSkin|date=11 November 2013|title=Christy0Mistys Series On Feminism|publisher=YouTube|url=

[MediaWiki-l] (no subject)

___ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Well it does have a certain coolness factor to do everything through the wiki. It's kind of like how Mark Zuckerberg wanted Facebookers to be able to do everything they needed to do on the web without leaving Facebook. Facebook would have email, messaging, games, video, search, and even Wikipedia

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Most people just use a git repo for version controlling their LocalSettings.php If you really really want to do this onwiki approach, try verifying the file with `php -l` before saving. -- brian On Saturday, July 1, 2017, Jean Valjean wrote: > Yeah, that's already

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Yeah, that's already happened a few times (typo taking the site down). What I did on another wiki farm was have one wiki in charge of the other wiki's config files, so that if you messed up LocalSettings.php, it wouldn't take down the wiki that was modifying it. My goal was to have some sort of

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Even ignoring the security issues, if one of your users makes a typo, they take down the site and they cannot revert because the site is then down. From a security prespective, this is equivalent to giving your users shell access to your server. They can run any arbitrary program, do anything,

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

On 07/01/2017 03:16 PM, Jean Valjean wrote: > I want to let some of my administrators (in the wizards group) edit > LocalSettings.php, so I used this snippet, which allows them to make > changes by editing the Project:Shared_config.php page. Then I protected the > page so that only wizards can

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Well I did take my passwords out of webroot. https://www.mediawiki.org/wiki/Manual:Securing_database_passwords#Keep_MySQL_Passwords_Out_Of_Webroot On Sat, Jul 1, 2017 at 6:18 PM, John wrote: > Yes, making localsettings.php world readable/editable is a huge security >

Re: [MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

Yes, making localsettings.php world readable/editable is a huge security issue. On Sat, Jul 1, 2017 at 6:16 PM, Jean Valjean wrote: > I want to let some of my administrators (in the wizards group) edit > LocalSettings.php, so I used this snippet, which allows them to

[MediaWiki-l] Any security problems involved in letting administrators edit LocalSettings.php via a wiki page?

I want to let some of my administrators (in the wizards group) edit LocalSettings.php, so I used this snippet, which allows them to make changes by editing the Project:Shared_config.php page. Then I protected the page so that only wizards can edit it. Do you think this presents any security

Re: [MediaWiki-l] deleteOldRevisions.php is an accident waiting to happen

Yeah, the reason I didn't submit it as a patch is that all I did was hack the extension to operate based on namespace rather than page IDs. Some people might look at that as a regression, if they wanted to continue using page IDs. I'm not really sure what would be the best way to make it capable

Re: [MediaWiki-l] deleteOldRevisions.php is an accident waiting to happen

Github is only a mirror of the code base-we dont use it for pull requests. If you want to submit a change, put a unified diff in https://tools.wmflabs.org/gerrit-patch-uploader/ or submit the change directly to gerrit.wikimedia.org (using the user account from wikitech.wikimedia.org). There is

Re: [MediaWiki-l] deleteOldRevisions.php is an accident waiting to happen

On Sat, Jul 1, 2017 at 2:41 AM, Jean Valjean wrote: > I came up with something a little safer and easier for those who just want > to delete old revisions from one namespace: https://www.mediawiki.org/ > wiki/User:KryptoKronic/deleteOldRevisions.php I don't know how

Re: [MediaWiki-l] deleteOldRevisions.php is an accident waiting to happen

On Sat, Jul 1, 2017 at 12:07 AM, Jean Valjean wrote: > Today, a friend of mine had a few really long wiki pages whose revision > histories he wanted to delete (specifically, chapters 1-117 of The Count of > Monte Cristo), to save some space in his database. So, he went

Re: [MediaWiki-l] Architecture document

On Sat, Jul 1, 2017 at 12:52 PM, Brian Wolff wrote: > Thats awesome that you are making this. > > One small correction - wmf no longer uses cdb files for interwiki cache. We > now use just a php array thats included so that the hhvm opcode cacher can > cache it. > > Thanks for

Re: [MediaWiki-l] Architecture document

Thats awesome that you are making this. One small correction - wmf no longer uses cdb files for interwiki cache. We now use just a php array thats included so that the hhvm opcode cacher can cache it. -- bawolff On Saturday, July 1, 2017, Greg Rundlett (freephile) wrote: >

[MediaWiki-l] Architecture document

On my wiki, I'm working on an architecture document [1] to explain how you would best serve MediaWiki in a scalable, performant way. One goal of this paper is to update the information at mw:Manual:MediaWiki architecture [2] so that people everywhere can learn best how to implement MediaWiki.

Re: [MediaWiki-l] deleteOldRevisions.php is an accident waiting to happen

I came up with something a little safer and easier for those who just want to delete old revisions from one namespace: https://www.mediawiki.org/ wiki/User:KryptoKronic/deleteOldRevisions.php The output looks like this: $ php deleteOldRevisions.php --delete 4 Delete old revisions Limiting to