On 18 Dec 2014, at 06:44, Brian Wolff bawo...@gmail.com wrote:
== Security fixes in 1.24.1, 1.23.8, 1.22.15 and 1.19.23 ==
* (bug T76686) [SECURITY] thumb.php outputs wikitext message as raw HTML,
which could lead to xss. Permission to edit MediaWiki namespace is
required
to exploit
Not entirely. Unlike message copyright, the message used on thumb.php
(badtitletext) is not a raw html message. It is meant to be parsed and
displayed regularly. And always was. Except it was re-used for thumb.php,
and
forgotten to be parsed there. I won't go into details, but it's
Hi!
New version, with nicer UI/UX. Check it out. :-)
Mitar
On Mon, Dec 15, 2014 at 4:02 AM, Ori Livneh o...@wikimedia.org wrote:
On Sat, Dec 13, 2014 at 11:01 AM, Mitar mmi...@gmail.com wrote:
Hi!
I made a a Meteor DDP API to the stream of recent changes on all
WikiMedia wikis. Now you
Le 17/12/2014 23:57, Antoine Musso a écrit :
Hello,
I found out we do not run on extensions the 'structure' testsuite of
mediawiki/core. It is made of three tests in tests/phpunit/structure
AutoLoaderTest.php verify classes are properly registered, and the
autloader entries point to an
I would appreciate anyone's participation on this proposal
https://www.mediawiki.org/wiki/Thread:Template_talk:ExtensionLicense/SPDX_names
I've started to use standard identifiers for licenses. Thanks in advance.
___
Wikitech-l mailing list
Hello,
Jenkins runs the MediaWiki core unit tests under HHVM and the job will
now prevent changes to be merged if it fails.
Huge thanks to everyone that helped fix tests and HHVM code base!
--
Antoine hashar Musso
___
Wikitech-l mailing list
On 18 Dec 2014, at 09:01, Brian Wolff bawo...@gmail.com wrote:
I don't disagree that its a bug, but in order to exploit user would have to:
*Convince user to go rather obscure thumb.php page
*already have the ability to add javascript to any page on wiki
In which case, why wouldn't evil
Is Zend PHP still tested also?
On 18 December 2014 at 17:11, Antoine Musso hashar+...@free.fr wrote:
Hello,
Jenkins runs the MediaWiki core unit tests under HHVM and the job will
now prevent changes to be merged if it fails.
Huge thanks to everyone that helped fix tests and HHVM code base!
On Thu, Dec 18, 2014 at 12:30 PM, David Gerard dger...@gmail.com wrote:
Is Zend PHP still tested also?
Yes, tests are run in parallel against PHP5 5.3.10 on Ubuntu 12.04
hosts and the WMF custom build of HHVM 3.3.1. Failure of the test
suite under either PHP interpreter will keep the proposed
Okay I had a long hard think about this.
I would suggest the following EventLogging experiment on the mobile website:
Question to answer: If section collapsing is provided to users in such
a way that sections are open by default, do users find the ability to
collapse sections a useful feature?
Hi folks!
According to the Git log, on December 19, 2004, the 'live preview'
functionality made its first appearance in MediaWiki core.
(for the record: commit c05eeb66755f74272b4a5f82acc6caaeafc0fb54
https://git.wikimedia.org/commit/mediawiki%2Fcore/c05eeb66755f74272b4a5f82acc6caaeafc0fb54,
I am experimenting with catching Javascript errors with raven.js [1] (see
the JS error logging RfC [2] for background; see T1345 [3] for a prototype
for JS error logging). For various reasons, Javascript does not have a
reliable way to install a global exception handler like e.g. PHP does with
(CCing wikitech-l)
Dimitar, this is great news! Second year with a Wikimedia stand. With
Wikimedia Belgium officially constituted and conversations started with the
Wikimedia Shop, we should have a much better setup this year. We should get
other European chapters as well, so they can bring swag
13 matches
Mail list logo