https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
Oliver Keyes oke...@wikimedia.org changed:
What|Removed |Added
Status|NEW |RESOLVED
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #16 from MZMcBride b...@mzmcbride.com ---
What's the status of this bug report? Given that bug 56506 is marked
resolved/fixed, I hope that this bug is largely resolved/fixed as well. :-)
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #17 from Oliver Keyes oke...@wikimedia.org ---
As I understand it, done assuming all of the patches are reviewed, but I'd like
to keep it open until I can poke the devs on Monday.
--
You are receiving this mail because:
You are on
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #15 from Erik Bernhardson ebernhard...@wikimedia.org ---
Escape $options in RevisionStorage:findInternal -
https://gerrit.wikimedia.org/r/100521
Handle username suppression and renames - For this one we took a different
path, we
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #12 from Chris Steipp cste...@wikimedia.org ---
Ok, I've finished reviewing all of the codes, so this should be the last of the
issues:
includes/View/PostActionMenu.php
* Document getAction()'s $content is unescaped
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #13 from Chris Steipp cste...@wikimedia.org ---
(In reply to comment #9)
* Usernames containing a ' - Could you provide more details on where this
causes issues? I ran through the various pages and actions and don't see
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #14 from Erik Bernhardson ebernhard...@wikimedia.org ---
includes/Model/UUID
* removed debugging backtrace in https://gerrit.wikimedia.org/r/99285
includes/Repository/SelectQueryBuilder
* removed unused class in
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #7 from Erik Bernhardson ebernhard...@wikimedia.org ---
Hooks.php line 234 - addressed in https://gerrit.wikimedia.org/r/99019
The board-history is also now working again, you shoulsd be able to run fuzz
testing.
Thanks for
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #8 from Chris Steipp cste...@wikimedia.org ---
(In reply to comment #5)
* Different users are getting the same token value
This was unrelated
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #9 from Erik Bernhardson ebernhard...@wikimedia.org ---
* includes/ParsoidUtils.php disable external entities -
https://gerrit.wikimedia.org/r/99164
* includes/Templating.php - display of suppressed revision -
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #10 from Chris Steipp cste...@wikimedia.org ---
includes/Model/UUID.php
* only show backtrace if $wgShowExceptionDetails is true
includes/Repository/SelectQueryBuilder.php
* escape or validate table, field and op in query()
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #11 from MZMcBride b...@mzmcbride.com ---
(In reply to comment #0)
The Flow extension deployment to a handful of pages on mediawiki.org is
scheduled for Wednesday Dec 4.
(In reply to comment #2)
[Setting this to high priority
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #3 from Chris Steipp cste...@wikimedia.org ---
I'm still working through this, but wanted to get these documented so they can
be fixed sooner.
* {{done}} The sql handling really needed extra sanitization (otherwise,
prevention of
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #4 from Chris Steipp cste...@wikimedia.org ---
And from our in-person meeting:
* Username suppression needs to be checked (check for a block with
ipb_deleted/mHideName set to 1)
* (not a blocker for deployment) User renaming needs
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #5 from Chris Steipp cste...@wikimedia.org ---
While doing some blackbox testing, I'm also noticing that
* Different users are getting the same token value
* Usernames containing a ' cause a lot of problems
--
You are receiving
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #6 from Chris Steipp cste...@wikimedia.org ---
A few more specific issues:
Hooks.php
* Line 234 - please escape $action in query
includes/RecentChanges/Formatter.php
* Should use Linker instead of building a's yourself. Not a
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Priority|Unprioritized |High
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #1 from sp...@wikimedia.org ---
The WMF core features team tracks this bug on Mingle card
https://mingle.corp.wikimedia.org/projects/flow/cards/495, but people from the
community are welcome to contribute here and in Gerrit.
--
18 matches
Mail list logo