[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Nikerabbit posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22699 Commit summary: Switch JSON to (un)serialize Comment: About? The new code stores array of parameters as serialized blob. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Bawolff posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22667 Commit summary: Switch JSON to (un)serialize Comment: Is there any security considerations for using unserialize like this? Its not unconcievable that the log_params for some log types could be entirely user supplied (although off hand I don't know if there are any logs that that is true for). I know that unserializing objects will call __wakeup() on them (that requires an already existing class with a __wakeup method that does something evil though). I don't really know if we have any classes where you can do evil stuff with that (or if their is other more applicable ways of doing evil with serialized objects), but it sounds kind of sketchy to test if the log_params are a serialized array by simply unserializing it. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Nikerabbit posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22669 Commit summary: Switch JSON to (un)serialize Comment: I don't think there is any, and the hole will soon close up when logs are converted to produce new style param storage. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Aaron Schulz posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22672 Commit summary: Switch JSON to (un)serialize Comment: Moar details? :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User DaSch posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22350 Commit summary: Switch JSON to (un)serialize Comment: this changes seams to cause the following bug https://bugzilla.wikimedia.org/show_bug.cgi?id=30854 ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Aaron Schulz posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22231 Commit summary: Switch JSON to (un)serialize Comment: Does this really need b/c for JSON just to support a few revs back in /trunk? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Nikerabbit posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22232 Commit summary: Switch JSON to (un)serialize Comment: Not really, it is only me who has few of those. But who knows if the default is still going to be switched few times :) ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Aaron Schulz posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22174 Commit summary: Switch JSON to (un)serialize Comment: Why the switch? How easy would it be for non-PHP scripts scanning the DB tables (or dumps) to unserialize the params now? ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Nikerabbit posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22175 Commit summary: Switch JSON to (un)serialize Comment: On wikitech it was pointed out that we already use serialized data on many database fields. I don't believe performance plays a role here. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User Aaron Schulz posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22176 Commit summary: Switch JSON to (un)serialize Comment: Are those fields that people might be interested in for offline purposes? Are there stand-alone PHP serialization format unserialize tools that don't need PHP? I know there are a million JSON parsers in lots of languages by now. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
[MediaWiki-CodeReview] [MediaWiki r96585]: New comment added
User MaxSem posted a comment on MediaWiki.r96585. Full URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/96585#c22178 Commit summary: Switch JSON to (un)serialize Comment: Join the ML discussion. ___ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview