Re: [Wikitech-l] MediaWiki unit testing and non-MySQL databases
On Wed, Oct 26, 2011 at 01:33, Dmitriy Sintsov ques...@rambler.ru wrote: * Jeremy Baron jer...@tuxmachine.com [Wed, 26 Oct 2011 01:09:07 -0400]: Should I do not use table aliases at all? Aliases should be fine. (at least per the docs I found and reedy's example) If they are fine, why my second converted query (last post in bug 31534) https://bugzilla.wikimedia.org/show_bug.cgi?id=31534 fails to execute on MySQL ? I think you found the problem already in your comment 2 but I missed it the first time around: произошёл из функции «qp_PollStore::pollVotersPager». База данных возвратила ошибку «1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''qup' INNER JOIN `wiki_qp_users` 'qu' ON ((qup.uid = qu.uid)) WHERE pid = 7 LI' at line 1 (127.0.0.1)». The Database class built query is identical to manually built query, except the Database class wraps table aliases into single quotes. Original query works. Seems pretty clearly broken; we should fix the way we quote. (and maybe not break anyone because anyone using the syntax that triggers this would already be broken because of this) Maybe we need backticks instead of quotes? I can test when I'm less sleepy but maybe someone else knows. Looks like it per http://dev.mysql.com/doc/refman/5.0/en/identifiers.html However my far goal is to make the whole extension compatible to non-MySQL DBMS, I guess this query will probably work, but I have another queries, like that second one with INNER JOIN. Maybe I should get rid of table aliases, the simpliest way. That may be a solution but either way the bug shouldn't be ignored. Hopefully (if someone (e.g. domas) agrees that it's safe) this can be backported to 1.17 and you could use it. I'm not too familiar with the standard backporting criteria for point releases. -Jeremy ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100718]: Revision status changed
User Nikerabbit changed the status of MediaWiki.r100718. Old Status: deferred New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100718 Commit summary: throw out bc code ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100734]: Revision status changed
User Nikerabbit changed the status of MediaWiki.r100734. Old Status: deferred New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100734 Commit summary: throw out bc code ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100690]: New comment added
User QuestPC posted a comment on MediaWiki.r100690. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100690#c24869 Commit summary: Fixed regression in question type text when prefilled text inputs were not displayed. Added textarea and select multiple view modes for question type text categories via introduced height and multiple category attributes. Allow unquoted integer value for xml-like attributes. Comment: I removed is_numeric() in r100796. Probably should be faster and cleaner with preg_match() - few comparsions and it would not pass insanely large integer numbers. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r93581]: New comment added
User Fomafix posted a comment on MediaWiki.r93581. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/93581#c24870 Commit summary: Fixing Bug 27540 : width of gallery always 100%, by setting display to inline-block. Comment: Yes, this is an other disadvantage of codeul.gallery { display: inline-block; }/code: Text before gallery style=display: inline-block File:Köln_Panorama.jpg File:Köln_Panorama.jpg File:Köln_Panorama.jpg /gallery Text after With codeul.gallery { display: block; }/code this can't happen: Text before gallery style=display: block File:Köln_Panorama.jpg File:Köln_Panorama.jpg File:Köln_Panorama.jpg /gallery Text after ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100794]: Revision status changed
User Reedy changed the status of MediaWiki.r100794. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100794 Commit summary: svn:eol-style=native ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] MediaWiki unit testing and non-MySQL databases
Jeremy Baron wrote: Seems pretty clearly broken; we should fix the way we quote. (and maybe not break anyone because anyone using the syntax that triggers this would already be broken because of this) Maybe we need backticks instead of quotes? I can test when I'm less sleepy but maybe someone else knows. Looks like it per http://dev.mysql.com/doc/refman/5.0/en/identifiers.html Yes, the problem is that it is using parameter quoting instead of identifier quoting. Was quite obvious once I was looking at it on mysql-cli. Not particulary useful in this case, but when dealing with wrapper selects you may enjoy http://toolserver.org/~platonides/mwtools/ExpandSelect.php /spam ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] MediaWiki unit testing and non-MySQL databases
Platonides wrote: Jeremy Baron wrote: Seems pretty clearly broken; we should fix the way we quote. (and maybe not break anyone because anyone using the syntax that triggers this would already be broken because of this) Maybe we need backticks instead of quotes? I can test when I'm less sleepy but maybe someone else knows. Looks like it per http://dev.mysql.com/doc/refman/5.0/en/identifiers.html Yes, the problem is that it is using parameter quoting instead of identifier quoting. Was quite obvious once I was looking at it on mysql-cli. However, conversion is done correctly for me both in trunk and REL1_18. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] etherpad-lite
On 26/10/11 00:07, Jeremy Baron wrote: On Oct 25, 2011 5:40 PM, Sumana Harihareswara wrote: And I have submitted a request to Wikimedia's ops team to upgrade our etherpad.wikimedia.org installation to Etherpad Lite. RT #? The ops ticket is #1720 : https://rt.wikimedia.org/Ticket/Display.html?id=1720 -- Antoine hashar Musso ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Welcome, Antoine Musso! (hashar)
On 22/10/11 00:24, Platonides wrote: snip That was my first concern, wasn't that supposed to be secretly kept?? I did confirm to Rob it was fine to reveal my identity. It already leaked everywhere on the internet anyway :-) Moreover, people tended to confuse me with Asher Feldman since Asher and Hashar sounds a like. -- Antoine hashar Musso ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100663]: New comment added
User G.Hagedorn posted a comment on MediaWiki.r100663. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100663#c24871 Commit summary: search suggestions and interwiki links Comment: please consider tagging for 1.18 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100765]: New comment added
User G.Hagedorn posted a comment on MediaWiki.r100765. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100765#c24872 Commit summary: search suggestions and interwiki links Comment: please consider tagging for 1.18 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100686]: New comment added
User G.Hagedorn posted a comment on MediaWiki.r100686. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100686#c24873 Commit summary: fixed bug 31821 (Special:Book not allowing saving) Comment: please consider tagging for 1.18 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] etherpad-lite
Does etherpad-lite also fix the annoying problems with current etherpad: last chat line half visible, scrolling jumps directly to very top or very bottom, cannot resize chat pane? -- Niklas Laxström ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100797]: New comment added
User Catrope posted a comment on MediaWiki.r100797. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100797#c24874 Commit summary: Commit ReferenceTooltips extension. It gives the content of a reference as a tooltip Comment: pre +/** + * MoodBar extension + * Allows specified users to send their mood back to the site operator. + */ /pre ORLY? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[Wikitech-l] Temporary password too short
I've been around a long time (2003) and have old accounts that I never use, usually explicitly setup to prevent folks from creating accounts with different capitalization for misleading user names in comments. After SUL, that case variance problem should be handled correctly. But those existing variants could still be re-activated. Many of these accounts have expired email, so I don't see any notices. Recently, one that has a current email sent me a notice that reads in relevant part: # Temporary password: YH2MnDD # # This temporary password will expire in 7 days. # You should log in and choose a new password now. If someone else made this # request, or if you have remembered your original password, and you no longer # wish to change it, you may ignore this message and continue using your old # password. # I use fairly long passwords with special characters (a 96 character set including space). This replacement password is much more easily guessed. The account could have been stolen within minutes or hours. https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength (Merely 7 case insensitive alphanumeric characters is equivalent to only 40-bits of strength.) Please update the password generator to use at least 17 characters, with at least some punctuation! (Users reading the text might have trouble noticing blanks, so don't use the space character.) Of course, I know that various studies show that 12 to 15 characters using a 95 character set are probably enough. And that's fine for the user's choose. But this is an automatically generated replacement, emailed out in the clear. It should be something stronger! ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
William Allen Simpson wrote: This replacement password is much more easily guessed. The account could have been stolen within minutes or hours. Is this true? (Yes, I know that a fast machine can try zillions of passwords per hour in theory, but for a reasonably designed system, certainly not in practice.) Please update the password generator to use at least 17 characters, That seems like far too many. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100758]: Revision status changed
User Jack Phoenix changed the status of MediaWiki.r100758. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100758 Commit summary: Set $messages at the beginning. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100793]: New comment added, and revision status changed
User Catrope changed the status of MediaWiki.r100793. Old Status: new New Status: fixme User Catrope also posted a comment on MediaWiki.r100793. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100793#c24875 Commit summary: FeedbackDashboard: Rearrange to allow showing/hiding by AJAX. Also make sure that we test everything correctly in AJAX responses Comment: pre + alert( response.feedbackdashboard.error ); /pre Per our IRC chat, error handling should use something nicer than alert(). OK otherwise. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100803]: Revision status changed
User Catrope changed the status of MediaWiki.r100803. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100803 Commit summary: Improve error handling ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100793]: Revision status changed
User Catrope changed the status of MediaWiki.r100793. Old Status: fixme New Status: resolved Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100793 Commit summary: FeedbackDashboard: Rearrange to allow showing/hiding by AJAX. Also make sure that we test everything correctly in AJAX responses ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100761]: New comment added
User Nikerabbit posted a comment on MediaWiki.r100761. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100761#c24876 Commit summary: Followup to r97033 - removed wgWhatlinksherelimit and started the conversion to wgQueryPageDefaultLimit, but didn't see too many places using a default of 50. Comment: Release notes? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] Temporary password too short
On Wed, Oct 26, 2011 at 1:55 PM, William Allen Simpson william.allen.simp...@gmail.com wrote: # Temporary password: YH2MnDD # # This temporary password will expire in 7 days. # You should log in and choose a new password now. If someone else made this # request, or if you have remembered your original password, and you no longer # wish to change it, you may ignore this message and continue using your old # password. # I use fairly long passwords with special characters (a 96 character set including space). This replacement password is much more easily guessed. The account could have been stolen within minutes or hours. https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength (Merely 7 case insensitive alphanumeric characters is equivalent to only 40-bits of strength.) I do seriously wonder whether it is possible to steal such a password 'within minutes or hours'. My calculation says that to do it within 24 hours, one needs to test 40 million passwords per second. And remember that 'testing' in this case means sending a message to the Wikimedia servers and waiting for an answer. Surely getting over 1000 times the normal number of requests per second (I have no number for the total number of requests, but the number of page requests seems to be around 6000 per second) is something that would not remain unnoticed at the Wikimedia servers for 24 hours. Please update the password generator to use at least 17 characters, with at least some punctuation! (Users reading the text might have trouble noticing blanks, so don't use the space character.) The more sensitive way of working, in my opinion, would be to invalidate the temporary password after a certain, low, number of tries, and allow a temporary password only a restricted number of times within a certain period. For example, if the password is expired after 5 failed login attempts, and a new temporary password is only sent once a minute, an attacker is effectively reduced to one attempt per 12 seconds, making cracking a 62-alphabet, 7-character key such as this one a task which takes in the order of one million years. -- André Engels, andreeng...@gmail.com ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100776]: Revision status changed
User Nikerabbit changed the status of MediaWiki.r100776. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100776 Commit summary: some eol w/s ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] Temporary password too short
On Wed, 26 Oct 2011 04:55:11 -0700, William Allen Simpson william.allen.simp...@gmail.com wrote: I've been around a long time (2003) and have old accounts that I never use, usually explicitly setup to prevent folks from creating accounts with different capitalization for misleading user names in comments. After SUL, that case variance problem should be handled correctly. But those existing variants could still be re-activated. Many of these accounts have expired email, so I don't see any notices. Recently, one that has a current email sent me a notice that reads in relevant part: # Temporary password: YH2MnDD # # This temporary password will expire in 7 days. # You should log in and choose a new password now. If someone else made this # request, or if you have remembered your original password, and you no longer # wish to change it, you may ignore this message and continue using your old # password. # I use fairly long passwords with special characters (a 96 character set including space). This replacement password is much more easily guessed. The account could have been stolen within minutes or hours. https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength (Merely 7 case insensitive alphanumeric characters is equivalent to only 40-bits of strength.) Please update the password generator to use at least 17 characters, with at least some punctuation! (Users reading the text might have trouble noticing blanks, so don't use the space character.) Of course, I know that various studies show that 12 to 15 characters using a 95 character set are probably enough. And that's fine for the user's choose. But this is an automatically generated replacement, emailed out in the clear. It should be something stronger! Assuming a scenario where a brute force attacker were able to make 1000 password guesses a second this 7-char [a-zA-Z0-9] password would take 1.14 centuries to crack. And it expires in 7 days. Not to mention, if memcached is being used, we should be rate limiting password guesses. Admittedly if someone managed to crack into the database and see the contents of the user table within 7 days of submitting the password reset, done on the local system this temp password could take 1s to crack. However that's not really something we should care about. Our user table contains a user_token whichcan be used to fake a login as a user. It's easier to use than it is to crack a temp password. If a site accidentally leaks it's user table it has to reset the user_token column for every user to make the site secure, and with your note likewise they should also reset user_newpassword when they reset user_token. The ONLY advantage they gain from cracking the temp password is the ability to change the e-mail and hold onto the account after the password is reset or the system administrator resets the database's user table. Maybe we should make a maintenance script to reset these columns. Admittedly I don't really like the idea of a new 'password'. What I do like the idea of a long cryptorandom reset token on link like we have for e-mail confirmation. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
On 26/10/11 13:03, Steve Summit wrote: William Allen Simpson wrote: This replacement password is much more easily guessed. The account could have been stolen within minutes or hours. Is this true? (Yes, I know that a fast machine can try zillions of passwords per hour in theory, but for a reasonably designed system, certainly not in practice.) Please update the password generator to use at least 17 characters, That seems like far too many. In practice, that password is probably much stronger than most users' real passwords. It might perhaps be worth adding one more character, but the simplest way to increase security on this would be to just put a limit on the number of reactivation attempts for that particular password. Assuming the seven-character password given, YH2MnDD, uses the character set [A-Za-z0-9], there should be 62^7 ~= 3.5 x 10^12 possible such passwords. Automatically expiring that temporary password after say, 10 failed reactivation attempts, would reduce the probability of successfully guessing that particular password to around 3 x 10^-12 -- probably safe enough for wiki purposes. Based on this, I don't think it's likely to be nearly as much of a problem as brute-force attacks on ordinary login passwords that go for the low-hanging fruit of users with passwords like 1234 or password1. Even these can be substantially mitigated by a mixture of per-account and per-client-IP-address throttling, and CAPTCHAs. If there's one measure I'd like to see that isn't (as far as I know) yet implemented, it would be to require admins and other privileged users to set strong passwords, perhaps initially by Javascript-based warnings, and later by locking out those accounts completely, after a warning period of perhaps one year. - Neil ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
On Wed, Oct 26, 2011 at 11:13, Neil Harris n...@tonal.clara.co.uk wrote: If there's one measure I'd like to see that isn't (as far as I know) yet implemented, it would be to require admins and other privileged users to set strong passwords, perhaps initially by Javascript-based warnings, and later by locking out those accounts completely, after a warning period of perhaps one year. +1 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100795]: New comment added
User Nikerabbit posted a comment on MediaWiki.r100795. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100795#c24877 Commit summary: Split out checkExecutePermissions() function from userCanExecute() in FormSpecialPage. The former handles actual execute() calls and throws exceptions, the later inherits its purpose from SpecialPage. It just checks the page restriction to see if a user generally *could* execute. This avoids the breakage that came up in r100723 where Special:SpecialPages was throwing permission errors due to the getUsablePages() call. Comment: Took a while to identify the clause for me, only to find out it was already fixed :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100797]: New comment added, and revision status changed
User MaxSem changed the status of MediaWiki.r100797. Old Status: new New Status: fixme User MaxSem also posted a comment on MediaWiki.r100797. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100797#c24878 Commit summary: Commit ReferenceTooltips extension. It gives the content of a reference as a tooltip Comment: # Tooltips include up arrow # Why not just include these bits into Cite? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] Temporary password too short
Admins should be required (At least at wmf) to use an authenticator, no? On Wed, Oct 26, 2011 at 9:24 AM, Helder helder.w...@gmail.com wrote: On Wed, Oct 26, 2011 at 11:13, Neil Harris n...@tonal.clara.co.uk wrote: If there's one measure I'd like to see that isn't (as far as I know) yet implemented, it would be to require admins and other privileged users to set strong passwords, perhaps initially by Javascript-based warnings, and later by locking out those accounts completely, after a warning period of perhaps one year. +1 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
No, maybe stewards but not admins. On Oct 26, 2011 9:40 AM, Olivier Beaton olivier.bea...@gmail.com wrote: Admins should be required (At least at wmf) to use an authenticator, no? On Wed, Oct 26, 2011 at 9:24 AM, Helder helder.w...@gmail.com wrote: On Wed, Oct 26, 2011 at 11:13, Neil Harris n...@tonal.clara.co.uk wrote: If there's one measure I'd like to see that isn't (as far as I know) yet implemented, it would be to require admins and other privileged users to set strong passwords, perhaps initially by Javascript-based warnings, and later by locking out those accounts completely, after a warning period of perhaps one year. +1 ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
On 26/10/11 14:24, Helder wrote: On Wed, Oct 26, 2011 at 11:13, Neil Harrisn...@tonal.clara.co.uk wrote: If there's one measure I'd like to see that isn't (as far as I know) yet implemented, it would be to require admins and other privileged users to set strong passwords, perhaps initially by Javascript-based warnings, and later by locking out those accounts completely, after a warning period of perhaps one year. +1 Thanks. Proper password-strength-checking is sufficiently compute- and dictionary-intensive that it should probably be done server-side, during the period when the password is still temporarily available in plaintext during the login operation, and always done after the user logs in successfully, even when the user doesn't have Javascript enabled. Ideally, it could be also done interactively keystroke-by-keystroke on the password change dialogue, using AJAX callbacks to the server. All this should, of course, be forced to be done over HTTPS -- as, eventually, should all logged-in or password-related activity of any sort. - N. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Temporary password too short
On Wed, Oct 26, 2011 at 7:59 AM, Andre Engels andreeng...@gmail.com wrote: I do seriously wonder whether it is possible to steal such a password 'within minutes or hours'. My calculation says that to do it within 24 hours, one needs to test 40 million passwords per second. And remember that 'testing' in this case means sending a message to the Wikimedia servers and waiting for an answer. Surely getting over 1000 times the normal number of requests per second (I have no number for the total number of requests, but the number of page requests seems to be around 6000 per second) is something that would not remain unnoticed at the Wikimedia servers for 24 hours. Ignoring the fact that most wiki's are throttled to 5 login attempts in 5 minutes per IP. So you can really only check 60 an hour or 1440 a day per IP. So with 114 Billion/hr rate needed and limited to 60/hr you'd need about 2.4 Billion IP addresses. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] Please review: MediaWiki architecture document
I encourage anybody who's spent any time developing for MediaWiki to go and read https://www.mediawiki.org/wiki/MediaWiki_architecture_document/text -- it's thorough! There are some FIXMEs in there where Guillaume requests more details about performance, caching, and skins, so if you can add some more info on the talk page this week, that would be great. And it would be wonderful if someone with some Inkscape ability could put together a diagram or two that would help readers understand the architecture of MediaWiki. (Trevor?) Guillaume mentioned to me that he's looked at all the existing diagrams and none are quite right. Sumana Harihareswara Volunteer Development Coordinator Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100805]: New comment added
User Platonides posted a comment on MediaWiki.r100805. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100805#c24879 Commit summary: script to parse wikitext from CLI Wikitext can be given by stdin or using a file. The wikitext will be parsed using 'CLIParser' as a title. This can be overriden with --title option. Example1: $ php parse.php --title foo ''[[foo]]''^D pistrong class=selflinkfoo/strong/i /p Example2: $ echo '''bold''' /tmp/foo $ php parse.php --file /tmp/foo pbbold/b /p$ Example3: $ cat /tmp/foo | php parse.php pbbold/b /p$ Comment: Didn't something like this already exist? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100804]: Revision status changed
User MaxSem changed the status of MediaWiki.r100804. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100804 Commit summary: Update header from r100797 :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100813]: New comment added
User Dantman posted a comment on MediaWiki.r100813. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100813#c24880 Commit summary: Bug 31609 - Option to change reCAPTCHA theme Patch by Nx.devnull Comment: Too good for codeXml::encodeJsVar( array( 'theme' = $wgReCaptchaTheme, 'tabindex' = 1 ) )/code and codeHtml::inlineScript/code are we? :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100805]: New comment added
User Hashar posted a comment on MediaWiki.r100805. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100805#c24881 Commit summary: script to parse wikitext from CLI Wikitext can be given by stdin or using a file. The wikitext will be parsed using 'CLIParser' as a title. This can be overriden with --title option. Example1: $ php parse.php --title foo ''[[foo]]''^D pistrong class=selflinkfoo/strong/i /p Example2: $ echo '''bold''' /tmp/foo $ php parse.php --file /tmp/foo pbbold/b /p$ Example3: $ cat /tmp/foo | php parse.php pbbold/b /p$ Comment: beside eval.php, I have looked at most maintenance scripts and did not find any. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100807]: New comment added
User Nikerabbit posted a comment on MediaWiki.r100807. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100807#c24882 Commit summary: Tool to verify the correctness of php message files. Ensures that the given files adhere to a safe subset of php. The provided update-msgs.sh can be used to svn up files only if they are message files, so it can run unattended. Comment: Wouldn't it be easier to just not use PHP as message storage format? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100770]: New comment added
User MarkAHershberger posted a comment on MediaWiki.r100770. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100770#c24883 Commit summary: From Bug #31794 - [Users.php] HTML5 \o/ Patch from p858snake. Comment: Email with your comment had the \t in it ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100770]: New comment added
User Reach Out to the Truth posted a comment on MediaWiki.r100770. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100770#c24884 Commit summary: From Bug #31794 - [Users.php] HTML5 \o/ Patch from p858snake. Comment: And it's still in the page source, if anyone wants to take a look. :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100723]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100723. Old Status: fixme New Status: resolved Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100723 Commit summary: Port Special:Lockdb and Special:Unlockdb to HTMLForm using FormSpecialPage ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] Announcing Fabrice Florin and Oliver Keyes
Welcome, Fabrice and Oliver! You can read an interview with Oliver in the newest Wikipedia Signpost -- http://en.wikipedia.org/wiki/Wikipedia:Wikipedia_Signpost/2011-10-24/Interview -- and Oliver and Fabrice will be participating in an IRC office hours session (in #wikimedia-office) tomorrow, on Thursday 27 October, at 19:00 UTC. Sumana Harihareswara Volunteer Development Coordinator Wikimedia Foundation On Mon, Oct 24, 2011 at 12:03 PM, Howie Fung hf...@wikimedia.org wrote: Everyone, I am pleased to announce that we have two contractors joining the Technology team. Fabrice Florin will be joining us for the next six months as Product Consultant, leading the development of the next version of the Article Feedback Tool. Oliver Keyes (User: Ironholds on enwp) will be joining us as a community liaison for the next three months. His role is to help ensure that the community input is better incorporated into WMF’s product development process. Fabrice has extensive background in the fields of education and journalism. He is founder and executive director of NewsTrust, a nonprofit social news site devoted to good journalism -- as well as Truthsquad, a network dedicated to fact-checking the political claims made during election campaigns. His previous ventures include: Handtap, a wireless content service for mobile phones; shockwave.com, a web entertainment site at Macromedia; Apple Computer's Multimedia Lab, a new media RD group; and a variety of other roles in media and technology. Fabrice earned four patents for his interactive TV work at Apple and was recently elected an Ashoka Fellow for his work as social entrepreneur [1]. Read more in his online bio[2]. Oliver has been an editor since 2006 and is both an administrator and an OTRS volunteer on the English Wikipedia. With strong experience in content creation as well as administrative tasks, he has a broad base of knowledge that will undoubtedly be helpful in coordinating community feedback, organizing discussions, and making sure more voices are heard as part of the product development process. As many of you know, the Tech department continues to look for ways to gather input from our experienced editors when designing new features. Oliver’s job will be to act as a conduit between WMF’s development team and members of the community, helping editors make suggestions on feature development and helping ensure that the Foundation incorporates this input. Fabrice may be reached at fflorin at wikimedia dot org, as well as his userpages on the English Wikipedia and Mediawiki ([[User:Fabrice Florin]]). Oliver will be on the projects as [[User:Ironholds]] and [[User:Okeyes (WMF)]]; he can also be contacted directly via http://en.wikipedia.org/wiki/Special:EmailUser/Okeyes_%28WMF%29. We’re very excited to be working with Fabrice and Oliver. Please join me in welcoming them! Howie Fung Senior Product Manager Wikimedia Foundation [1] http://www.ashoka.org/fellow/fabrice-florin [2] http://newstrust.net/about/bio_florin ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100807]: New comment added
User Platonides posted a comment on MediaWiki.r100807. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100807#c24885 Commit summary: Tool to verify the correctness of php message files. Ensures that the given files adhere to a safe subset of php. The provided update-msgs.sh can be used to svn up files only if they are message files, so it can run unattended. Comment: I suggested that back then, when TsIntuition was going to be coded. It has also appeared in some wikitech-l discussions. Still, it is what it's being used*, so it's useful to validate a not-much-trusted file is just messages and nothing more. nowiki*/nowiki I admit it has several good points: it is easy to read and write, fast to parse from php and supported by twn. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100807]: New comment added
User Nikerabbit posted a comment on MediaWiki.r100807. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100807#c24886 Commit summary: Tool to verify the correctness of php message files. Ensures that the given files adhere to a safe subset of php. The provided update-msgs.sh can be used to svn up files only if they are message files, so it can run unattended. Comment: Yeah, and it is also hard to generate, prone to syntax errors when editing manually and just unnecessary vulnerability surface. Speed isn't a concern anymore since translations are cached. I would happily switch to another format for mediawiki. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100696]: New comment added
User Hashar posted a comment on MediaWiki.r100696. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100696#c24887 Commit summary: maint script dumping email message This script format the 4 different type of email notification and show them to the user with parameters filled up. This might help tweaking the mail notification message. TODO: allow language selection. For now messages use the default wiki language. Comment: Fixed by Ialex with r100706 . That changes come from git svn, I am not sure I can commit a svn property this way. I have fixed my svn configuration for trunk. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100807]: New comment added
User Platonides posted a comment on MediaWiki.r100807. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100807#c24888 Commit summary: Tool to verify the correctness of php message files. Ensures that the given files adhere to a safe subset of php. The provided update-msgs.sh can be used to svn up files only if they are message files, so it can run unattended. Comment: I may became too used to it? Why is it hard to generate? I think it's quite easy to pick how it works, specially for a php developer. Re: prone to syntax errors when editing manually and just unnecessary vulnerability surface, that's what the above revision checks :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
Re: [Wikitech-l] Please review: MediaWiki architecture document
On Wed, Oct 26, 2011 at 7:18 AM, Sumana Harihareswara suma...@wikimedia.org wrote: I encourage anybody who's spent any time developing for MediaWiki to go and read https://www.mediawiki.org/wiki/MediaWiki_architecture_document/text -- it's thorough! There are some FIXMEs in there where Guillaume requests more details about performance, caching, and skins, so if you can add some more info on the talk page this week, that would be great. This is a great document to read even if you have no intent to make any edits. It's great background material. Suggestions on what to cut and optimize would also be appreciated, since we have a length quota for purposes of the AOSA book. Rob ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100807]: New comment added
User Nikerabbit posted a comment on MediaWiki.r100807. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100807#c24889 Commit summary: Tool to verify the correctness of php message files. Ensures that the given files adhere to a safe subset of php. The provided update-msgs.sh can be used to svn up files only if they are message files, so it can run unattended. Comment: I meant generating/editing PHP source code programmatically. It's bearable by hand of course, otherwise we wouldn't develop MediaWiki :). ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r97033]: New comment added, and revision status changed
User Krinkle changed the status of MediaWiki.r97033. Old Status: fixme New Status: new User Krinkle also posted a comment on MediaWiki.r97033. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/97033#c24890 Commit summary: Merged wgWhatlinkshereLimit from Wikia. It defaults to the same value it was hardcoded to before. Comment: Although I haven't deeply investigated if all of these should use the new wgQueryPageDefaultLimit: * codeQueryPage::doFeed( $limit = 50/code * code$wgFeedLimit = 50;/code * codewfCheckLimits( $deflimit = 50/code * codePager { var $mDefaultLimit = 50;/code * codeWebRequest::getLimitOffset( $deflimit = 50/code (codephase3:$ ack '50;' includes/code; codephase3:$ ack ' = 50' includes/code) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r657]: New comment added
User Pgehres (WMF) posted a comment on Wikimedia.r657. Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/657#c24891 Commit summary: reporting fix on winning artifacts. Resolved issue regarding incorrect test winner being reported. Issue stemmed from inconsistent indexing of lists. Comment: I'm a little concerned with the hard-coded indices without checking to make sure they exist, but, yeah. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r657]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r657. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/657 Commit summary: reporting fix on winning artifacts. Resolved issue regarding incorrect test winner being reported. Issue stemmed from inconsistent indexing of lists. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r658]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r658. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/658 Commit summary: fix to log miner wrapper script. Check arg type of str not int. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r659]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r659. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/659 Commit summary: added delete to log mining after logs have been processed ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r660]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r660. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/660 Commit summary: UI mod: added UTC to specify times in live results dashboard template ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r661]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r661. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/661 Commit summary: fix, removed logic from DataMapper.py method for log mining that filtered execution based on time. renamed method. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r662]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r662. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/662 Commit summary: minor fix: replaced regexp function with equality ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r663]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r663. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/663 Commit summary: fix - removed impression counts from LP tests. There were two options here (1) add complexity to the query in order to accurately measure impressions attributable to each landing page in all cases, (2) remove impression stats from LP tests (which makes sense from a methodological point of view) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r664]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r664. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/664 Commit summary: minor fix: removed regexp from queries in favour of '=' ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r665]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r665. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/665 Commit summary: mingle analytics #231 - add a skewness measure (amount normal) to replace amount amount50 modified capture of civi data in campaign pipeline queries ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r666]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r666. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/666 Commit summary: fix: handling of logs timestamped with *12AM* ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r669]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r669. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/669 Commit summary: (re: mingle analytics #231) removed amount50 from summary results ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r672]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r672. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/672 Commit summary: fixed typos ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r673]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r673. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/673 Commit summary: mingle analytics #212 - Change headers for summary statistics (show a legend) Added methods in data reporting that 1) map existing metric headers to the new, standard ones 2) create a legend for the new metric names ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r674]: Revision status changed
User Pgehres (WMF) changed the status of Wikimedia.r674. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/674 Commit summary: mingle analytics #212 - Change headers for summary statistics (show a legend) see r673 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r657]: New comment added
User Renklauf posted a comment on Wikimedia.r657. Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/657#c24892 Commit summary: reporting fix on winning artifacts. Resolved issue regarding incorrect test winner being reported. Issue stemmed from inconsistent indexing of lists. Comment: Noted. I added this as a quick fix last Friday (Oct 21st / 11), I can add some exception handling for the time being. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [Wikimedia r657]: New comment added
User Pgehres (WMF) posted a comment on Wikimedia.r657. Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/657#c24893 Commit summary: reporting fix on winning artifacts. Resolved issue regarding incorrect test winner being reported. Issue stemmed from inconsistent indexing of lists. Comment: No worries. On the list of things to fix, that's probably a low priority one. Just trying to account for, and avoid meltdowns during the FR. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100802]: Revision status changed
User Catrope changed the status of MediaWiki.r100802. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100802 Commit summary: rename variable to avoid confusion ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100837]: New comment added
User Jpostlethwaite posted a comment on MediaWiki.r100837. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100837#c24894 Commit summary: Adding modules directory for GlobalCollect. Comment: Added direct debit to GlobalCollect. Simplified switch statement in stage_payment_method() ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100805]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100805. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100805 Commit summary: script to parse wikitext from CLI Wikitext can be given by stdin or using a file. The wikitext will be parsed using 'CLIParser' as a title. This can be overriden with --title option. Example1: $ php parse.php --title foo ''[[foo]]''^D pistrong class=selflinkfoo/strong/i /p Example2: $ echo '''bold''' /tmp/foo $ php parse.php --file /tmp/foo pbbold/b /p$ Example3: $ cat /tmp/foo | php parse.php pbbold/b /p$ ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: New comment added, and revision status changed
User Raymond changed the status of MediaWiki.r100835. Old Status: new New Status: fixme User Raymond also posted a comment on MediaWiki.r100835. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835#c24895 Commit summary: user configuration fixed db Comment: This is a dupe message key. It exists in the Gadget extension too. Therefore this extension cannot be added to Translatewiki.net + 'prefs-gadgets' = 'Gadgets', {{messagedocumentation}} ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: New comment added
User Petrb posted a comment on MediaWiki.r100835. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835#c24896 Commit summary: user configuration fixed db Comment: renamed ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: New comment added
User TheDJ posted a comment on MediaWiki.r100835. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835#c24897 Commit summary: user configuration fixed db Comment: in r100848 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100848]: New comment added
User TheDJ posted a comment on MediaWiki.r100848. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100848#c24898 Commit summary: several fixes including collision fix with gadgets Comment: Conflict issue: r100848 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: Revision status changed
User Raymond changed the status of MediaWiki.r100835. Old Status: fixme New Status: deferred Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835 Commit summary: user configuration fixed db ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: New comment added, and revision status changed
User Petrb changed the status of MediaWiki.r100835. Old Status: deferred New Status: fixme User Petrb also posted a comment on MediaWiki.r100835. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835#c24899 Commit summary: user configuration fixed db Comment: could you tell me how those messages should look like? I didn't find example there ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100835]: New comment added
User TheDJ posted a comment on MediaWiki.r100835. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100835#c24900 Commit summary: user configuration fixed db Comment: See http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/languages/messages/MessagesQqq.php?revision=100558view=markup P.S. when you make fixes, please add something like Follow up to r100835. This will make the original revision findable from your fix, and also will automatically add a follow up indication to the issue that you have fixed itself. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100857]: Revision status changed
User ^demon changed the status of MediaWiki.r100857. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100857 Commit summary: improved messages ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100795]: New comment added
User IAlex posted a comment on MediaWiki.r100795. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100795#c24901 Commit summary: Split out checkExecutePermissions() function from userCanExecute() in FormSpecialPage. The former handles actual execute() calls and throws exceptions, the later inherits its purpose from SpecialPage. It just checks the page restriction to see if a user generally *could* execute. This avoids the breakage that came up in r100723 where Special:SpecialPages was throwing permission errors due to the getUsablePages() call. Comment: Thank you! ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[Wikitech-l] Visual Editor / parser status update meeting notes 2011-10-26
I've copied the live etherpad notes from today's Visual Editor / New Parser update meeting onto wikitext-l for those who may be interested: http://lists.wikimedia.org/pipermail/wikitext-l/2011-October/000463.html -- brion ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[MediaWiki-CodeReview] [MediaWiki r100858]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100858. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100858 Commit summary: Followup r100847, ApiMain now respects $wgShowHostnames ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100847]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100847. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100847 Commit summary: Small todo note about ApiMain ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100778]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100778. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100778 Commit summary: Add, update, tweak documentation Fix document comment blocks Tweak some returns ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100779]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100779. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100779 Commit summary: Add, update, tweak documentation Fix document comment blocks Tweak some returns ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100780]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100780. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100780 Commit summary: Swap /* * for /** * ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100783]: Revision status changed
User Aaron Schulz changed the status of MediaWiki.r100783. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100783 Commit summary: More documentation! ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100790]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100790. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100790 Commit summary: Killing a couple error_log statements I missed in r100133 and r100777 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100787]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100787. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100787 Commit summary: More appropriate default form classes, and allowed rapidHtml forms, for donationinterface. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100785]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100785. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100785 Commit summary: adding globalcollect lightbox ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r99941]: New comment added
User NeilK posted a comment on MediaWiki.r99941. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/99941#c24902 Commit summary: Applied modified patch by Ben Hartshorne bhartshorne at wikimedia dot org: Leverage MW 1.18's improved image metadata extraction to automatically extract GPS coordinates, add them to the review workflow, and add a {{Location dec}} template to the file description page if they have been provided. This also adds a latitude/longitude fields that the user can manually fill in, which ultimately should be replacd with a location picker widget. Tested in IE7, IE8, Chrome 13, Opera 10, FF7, with single and multiple files, with and without coordinates. Comment: to clarify, the validation library I want is jquery.validate.js -- you can see examples of how it's used throughout UploadWizard, whenever .rules and .messages are invoked. basically we need to: - have a hidden label in the form, with a for= attribute for these fields, with the mwe-validator-error class, so it can be called in case of an error. Look at the other examples. - add .rules to these elements with min(value) and max(value) for lat and long, and possibly add a 'required' which checks: if one is nonblank, then the other is required. - add .messages for each rule (the error if the value isn't correct) - obviously, add the entries in UploadWizard.i18n.php and UploadWizardHooks.php for the new messages ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100781]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100781. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100781 Commit summary: Constructed a couple forms a little too aggressively (Oops). r100777 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100777]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100777. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100777 Commit summary: This commit addresses a couple issues in DonationInterface that turned out to be more or less the same issue. First: Makes sure the session gets destroyed at appropriate times. This will take the edit token out with it. Second: Assures that an edit token is actually making it to the form in the first place. Also adds a few more statements to the adapter's debugarray, so we can tell what's going on a little more quickly when we're displaying the debug info. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100775]: New comment added, and revision status changed
User Aaron Schulz changed the status of MediaWiki.r100775. Old Status: new New Status: ok User Aaron Schulz also posted a comment on MediaWiki.r100775. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100775#c24903 Commit summary: Bug 31948 - Special:Contributions doesn't remember tagfilter in options form Patch from MrBlueSky. Comment: I get the '$request-getVal( 'tagfilter' )' change, but why change the options variable keyname...that shouldn't matter. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100769]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100769. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100769 Commit summary: better error handling for globalcollect - localize error messages ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100754]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100754. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100754 Commit summary: adding missing i18n file ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100838]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100838. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100838 Commit summary: Moved resources that get loaded in TwoStepTwoColumn forms out of the constructors into their own function for finer-grained control. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100843]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100843. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100843 Commit summary: Revert r100839. I misunderstood what exactly loadPlaceholders was already doing in TwoStepTwoColumnLetter3 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100839]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100839. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100839 Commit summary: Fixing redundat loadResources() call in TwoStepTwoColumnLetter3 form because the parent will already load the correct resources ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100749]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100749. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100749 Commit summary: last of the i18n message key changes for DonationInterface ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r100748]: Revision status changed
User Jpostlethwaite changed the status of MediaWiki.r100748. Old Status: new New Status: ok Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/100748 Commit summary: more message migration ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview