https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
Oliver Keyes changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #17 from Oliver Keyes ---
As I understand it, done assuming all of the patches are reviewed, but I'd like
to keep it open until I can poke the devs on Monday.
--
You are receiving this mail because:
You are on the CC list for the
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #16 from MZMcBride ---
What's the status of this bug report? Given that bug 56506 is marked
resolved/fixed, I hope that this bug is largely resolved/fixed as well. :-)
--
You are receiving this mail because:
You are on the CC list
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #15 from Erik Bernhardson ---
Escape $options in RevisionStorage:findInternal -
https://gerrit.wikimedia.org/r/100521
Handle username suppression and renames - For this one we took a different
path, we removed all usernames from th
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #14 from Erik Bernhardson ---
includes/Model/UUID
* removed debugging backtrace in https://gerrit.wikimedia.org/r/99285
includes/Repository/SelectQueryBuilder
* removed unused class in https://gerrit.wikimedia.org/r/99282
includes
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #13 from Chris Steipp ---
(In reply to comment #9)
> * Usernames containing a ' - Could you provide more details on where this
> causes issues? I ran through the various pages and actions and don't see
> anything yet, will be look
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #12 from Chris Steipp ---
Ok, I've finished reviewing all of the codes, so this should be the last of the
issues:
includes/View/PostActionMenu.php
* Document getAction()'s $content is unescaped
includes/View/History/HistoryRendere
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #11 from MZMcBride ---
(In reply to comment #0)
> The Flow extension deployment to a handful of pages on mediawiki.org is
> scheduled for Wednesday Dec 4.
(In reply to comment #2)
> [Setting this to high priority during to the Wed
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #10 from Chris Steipp ---
includes/Model/UUID.php
* only show backtrace if $wgShowExceptionDetails is true
includes/Repository/SelectQueryBuilder.php
* escape or validate table, field and op in query()
includes/Data/BoardHistorySt
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #9 from Erik Bernhardson ---
* includes/ParsoidUtils.php disable external entities -
https://gerrit.wikimedia.org/r/99164
* includes/Templating.php - display of suppressed revision -
https://gerrit.wikimedia.org/r/99166
* Username
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #8 from Chris Steipp ---
(In reply to comment #5)
> * Different users are getting the same token value
This was unrelated
--
You are receiving this mail because:
You are on the CC list for the bug.
___
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #7 from Erik Bernhardson ---
Hooks.php line 234 - addressed in https://gerrit.wikimedia.org/r/99019
The board-history is also now working again, you shoulsd be able to run fuzz
testing.
Thanks for digging through this stuff, we
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #6 from Chris Steipp ---
A few more specific issues:
Hooks.php
* Line 234 - please escape $action in query
includes/RecentChanges/Formatter.php
* Should use Linker instead of building 's yourself. Not a blocker.
* Please use escap
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #5 from Chris Steipp ---
While doing some blackbox testing, I'm also noticing that
* Different users are getting the same token value
* Usernames containing a ' cause a lot of problems
--
You are receiving this mail because:
You
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #4 from Chris Steipp ---
And from our in-person meeting:
* Username suppression needs to be checked (check for a block with
ipb_deleted/mHideName set to 1)
* (not a blocker for deployment) User renaming needs to be handleable by t
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #3 from Chris Steipp ---
I'm still working through this, but wanted to get these documented so they can
be fixed sooner.
* {{done}} The sql handling really needed extra sanitization (otherwise,
prevention of sqli depended on severa
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
Andre Klapper changed:
What|Removed |Added
Priority|Unprioritized |High
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=57270
--- Comment #1 from sp...@wikimedia.org ---
The WMF core features team tracks this bug on Mingle card
https://mingle.corp.wikimedia.org/projects/flow/cards/495, but people from the
community are welcome to contribute here and in Gerrit.
--
You
18 matches
Mail list logo