[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
Bawolff added a comment. In T149082#2968137, @Addshore wrote: In T149082#2966632, @Bawolff wrote: I assume this is not using the LinkUpdates related hooks because it only wants to deal with new pages not edits (?) However it seems that this still triggers on all edits. Perhaps it should look at the EDIT_NEW flag in the onPageSaveComplete hook to avoid some unnecessary database interaction. Cognate needs to know when pages are edited to determine if the redirect state has changed: redirect -> regular page = needs to be added to the db regular page -> redirect = needs to be removed from the db If I had both the new and the last content then I would be able to check the redirect state of each and only act where needed here. I'll have a further look. Oh. This makes sense to me now. When i was first looking at it I didnt realize it needed to do thatTASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: BawolffCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334041 merged by jenkins-bot: Switch to sha256 hash https://gerrit.wikimedia.org/r/334041TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334032 merged by jenkins-bot: Add note about interwiki lang link assumption to README https://gerrit.wikimedia.org/r/334032TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334033 merged by jenkins-bot: Adjust index on pages table https://gerrit.wikimedia.org/r/334033TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334031 merged by jenkins-bot: populateCognatePages use mw db layer for IN query https://gerrit.wikimedia.org/r/334031TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
Addshore added a comment. Everything from the security review now either has a patch linked to this ticket or a subtask has been created. In response to the issue with hash conflicts, pages that create duplicate hashes will simply not be written to the database / ignored, thus it should not be an attack vector in terms of vandalism. I have created a sub task to confirm this, and add some logging when conflicts do happen (if they do) and add some extra testing in the area.TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: AddshoreCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334041 had a related patch set uploaded (by Addshore): Switch to sha256 hash https://gerrit.wikimedia.org/r/334041TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
Addshore added a comment. In T149082#2966632, @Bawolff wrote: I assume this is not using the LinkUpdates related hooks because it only wants to deal with new pages not edits (?) However it seems that this still triggers on all edits. Perhaps it should look at the EDIT_NEW flag in the onPageSaveComplete hook to avoid some unnecessary database interaction. Cognate needs to know when pages are edited to determine if the redirect state has changed: redirect -> regular page = needs to be added to the db regular page -> redirect = needs to be removed from the db If I had both the new and the last content then I would be able to check the redirect state of each and only act where needed here. I'll have a further look.TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: AddshoreCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334033 had a related patch set uploaded (by Addshore): Adjust index on pages table https://gerrit.wikimedia.org/r/334033TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334032 had a related patch set uploaded (by Addshore): Add note about interwiki lang link assumption to README https://gerrit.wikimedia.org/r/334032TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, Th3d3v1ls, Ramalepe, Liugev6, Lewizho99, Maathavan, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
[Wikidata-bugs] [Maniphest] [Commented On] T149082: Security review for Cognate Extension
gerritbot added a comment. Change 334031 had a related patch set uploaded (by Addshore): populateCognatePages use mw db layer for IN query https://gerrit.wikimedia.org/r/334031TASK DETAILhttps://phabricator.wikimedia.org/T149082EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: gerritbotCc: gerritbot, Bawolff, daniel, Aklapper, Addshore, Lydia_Pintscher, D3r1ck01, Andrew-WMDE, dpatrick, Izno, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm___ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
