csteipp closed blocking task T129177: Security review of Hovercards before
beta->default conversion as "Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T111231
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Yair_r
csteipp closed blocking task T120212: Security review of EventBus extension as
"Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T114443
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Ottomata, csteipp
Cc: yuvipanda, JanZerebecki
csteipp closed blocking task T100413: "You are centrally logged in." toast on
every page view on commons as "Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T112087
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Be
csteipp closed this task as "Resolved".
csteipp added a comment.
Herald added a subscriber: JEumerus.
It looks like general labs access is being worked on in
https://phabricator.wikimedia.org/T62835, and the specific requests (wikidata,
pageviews) is working. So closing this for n
csteipp closed blocking task T118268: Security Review of Article Placeholder as
"Resolved".
TASK DETAIL
https://phabricator.wikimedia.org/T117965
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucie, csteipp
Cc: Nemo_bis, greg.
csteipp closed this task as "Resolved".
csteipp claimed this task.
csteipp added a comment.
Fixes look good, thanks!
TASK DETAIL
https://phabricator.wikimedia.org/T118268
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc:
csteipp moved this task to In Progress on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T118268
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucie
csteipp moved this task to Waiting/Blocked on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T118268
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp removed a project: Security.
TASK DETAIL
https://phabricator.wikimedia.org/T85368
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Bene, csteipp
Cc: Tobi_WMDE_SW, JanZerebecki, Bene, Liuxinyu970226, gerritbot, Florian,
thiemowmde, adrianheine
csteipp added a comment.
Hi @Lucie,
I took a look at this again from commit
https://phabricator.wikimedia.org/rEARPc0c5b0c84ef27e91cbcc2791f3f07cdff1dfd74a.
Two minor issues that need to be fixed before this gets deployed:
- Line 103: `$this->getOutput()->setPageTitle( $thi
csteipp moved this task to Waiting/Blocked on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp moved this task to Waiting/Blocked on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp moved this task to Backlog on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp moved this task to Scheduled on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T118268
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Lucie
csteipp moved this task to Scheduled on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dpatrick
csteipp removed a project: Security.
csteipp changed the visibility from "Custom Policy" to "Public (No Login
Required)".
csteipp changed the edit policy from "Custom Policy" to "All Users".
csteipp changed Security from Software security bug to None.
csteipp moved this task to Done on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T90115
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp added a comment.
In https://phabricator.wikimedia.org/T99358#1579459, @Lydia_Pintscher wrote:
> @csteipp: Is this good to go from your side once
> https://phabricator.wikimedia.org/T103912 is closed?
Yes
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFE
csteipp triaged this task as "High" priority.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Lydia_Pintscher, gerritbot, soeren.oldag, JanZerebecki, Jonaskeutel,
Tamsl
csteipp moved this task to Ready on the Security-Reviews workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
Herald added a subscriber: Aklapper.
TASK DETAIL
https://phabricator.wikimedia.org/T69118
WORKBOARD
https://phabricator.wikimedia.org/project/board/944/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Aklapper, Jimkont, Liuxinyu970226
csteipp edited projects, added Security-Reviews; removed Security.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: hoo, csteipp
Cc: Aklapper, csteipp, Matanya, Jdlrobson, Krenair, hoo, JanZerebecki
csteipp added a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: hoo, csteipp
Cc: Aklapper, csteipp, Matanya, Jdlrobson, Krenair, hoo, JanZerebecki, He7d3r,
Petrb, Magnus
csteipp added a comment.
m.wikidata.org will get fixed with a general mobile fix-- it should already
work for non-js browsers. I just haven't had the time to put in the js fix,
but if wikidata is getting significant mobile traffic, I can up the
priority of that.
TASK DETAIL
https
csteipp added a comment.
Thanks Lydia. https://phabricator.wikimedia.org/T100413 is the task for that
work.
TASK DETAIL
https://phabricator.wikimedia.org/T108101
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Legoktm, csteipp
Cc: jeremyb, Matanya
csteipp added a comment.
In https://phabricator.wikimedia.org/T109038#1540332, @JanZerebecki wrote:
@csteipp Sorry I missed that. I don't have the tab open anymore. I don't
remember the order but in the Cookie HTTP header there where two key-value
pairs for centralauth_Token with different
csteipp added a comment.
@bblack, if you're able to reproduce, can you capture the headers and send
them to me? Or post here if you're comfortable.
I'm guessing you ended up with two token/session cookies, and either guy
the wrong one or the browser sends both and we're parsing the wrong one
out
csteipp closed blocking task T90115: BlazeGraph Security Review as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T85159
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Addshore, Laddo, bd808, MBlissett, Krenair, waldyrious
csteipp closed this task as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T90115
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Deskana, ksmith, JanZerebecki, Bene, MoritzMuehlenhoff, GWicke,
Thompsonbry.systap, Smalyshev, Joe
csteipp closed blocking task T90115: BlazeGraph Security Review as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T105196
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: csteipp, Smalyshev, Legoktm, Lydia_Pintscher, ksmith
csteipp added a comment.
@Deskana, waiting for the patch on https://phabricator.wikimedia.org/T108101 to
get merged
TASK DETAIL
https://phabricator.wikimedia.org/T90115
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Deskana, ksmith
csteipp added a comment.
This doesn't need to be present in the initial deployment, but it would be
good to add in a followup step.
Stas, how much time is Discovery going to be dedicating to this in Q2? I was
under the impression that once it's in production, Discovery was planning to
move
csteipp created this task.
csteipp added a subscriber: csteipp.
csteipp added a project: Wikidata-Query-Service.
Herald added a subscriber: Aklapper.
Herald added projects: Wikidata, Discovery.
TASK DESCRIPTION
From T90115
I don't have any concerns/objections about setting this up, I
csteipp added a comment.
So it looks like the only remaining issue is mitigating
https://phabricator.wikimedia.org/T105427, which @Smalyshev has a warning
message for (and process to involve an ops person if someone accidentally does
a suppressed delete). Once we're sure that is going to get
csteipp added a comment.
@csteipp: Discovery plans to deploy this in beta status, and then (based on
my understanding), we plan to shift to other priorities while we wait for
feedback to come in. Our level of effort after that will depend in part on
that feedback.
It will be up
csteipp added a comment.
1 2 are probably related, so I'll add some comment here. Happy to move to
another forum if needed.
The threats I've seen laid out, and my (very rough) evaluation of their risk.
Happy to be corrected if it seems like I have assumptions that are wrong, or
you disagree
csteipp added a comment.
@Joe / @MoritzMuehlenhoff, ping again on this-- are you guys comfortable that
we can detect/contain Blazegraph if it gets exploited?
TASK DETAIL
https://phabricator.wikimedia.org/T90115
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel
csteipp added a comment.
@Smalyshev, before we deploy this, can we task someone with updating
$wgCrossSiteAJAXdomains to remove it from CORS domains, and set cookies for
only the specific wikidata subdomains from CentralAuth?
TASK DETAIL
https://phabricator.wikimedia.org/T107602
EMAIL
csteipp created this task.
csteipp added subscribers: JohnLewis, hoo, GWicke, greg, Lydia_Pintscher,
csteipp, jcrespo, Legoktm, gerritbot, Smalyshev, BBlack, Joe, daniel,
RobLa-WMF, Aklapper, aude, JanZerebecki, JeroenDeDauw, MrStradivarius,
waldyrious, Krenair, MBlissett, bd808, Laddo
csteipp added a comment.
In https://phabricator.wikimedia.org/T107602#1507585, @JanZerebecki wrote:
The intent is for the service to allow CORS, but I'm not sure about the
implications. Anyway that that means it is not an argument for wikimedia.org
and against wikidata.org. So we are left
csteipp added a subscriber: hoo.
csteipp added a comment.
In https://phabricator.wikimedia.org/T107602#1508326, @Smalyshev wrote:
Aren't our tokens HTTP only?
Our session cookies are, but anti-csrf tokens are available via API call. So
javascript running on a wikidata.org subdomain can edit
csteipp added a subscriber: csteipp.
csteipp added a comment.
@Stas, is wikidata.org required for some reason? Or was that just ok with them?
Running on wikimedia.org would have a number of benefits for security-- no
cookies, and no CORS accepted from the service.
TASK DETAIL
https
csteipp added a comment.
I'm out this week, but I should be able to get to it next week.
Do you have an external driver on this?
TASK DETAIL
https://phabricator.wikimedia.org/T98029
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp added a comment.
https://phabricator.wikimedia.org/T105427 in progress
TASK DETAIL
https://phabricator.wikimedia.org/T105196
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: csteipp, Smalyshev, Legoktm, Lydia_Pintscher, ksmith
csteipp added a comment.
Yes, I'll be doing the review.
Who on SD is primarily working on this piece?
Can I get a link to the existing design docs and code so I can do an initial
scoping? After that, I'd like to meet with the people working on this to make
sure we have a dataflow diagram
csteipp added a comment.
@ksmith, there should be a separate task for that, depending on this. Any other
code to be deployed should have a separate security review request.
TASK DETAIL
https://phabricator.wikimedia.org/T90115
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings
csteipp added a comment.
In https://phabricator.wikimedia.org/T99358#1404599, @gerritbot wrote:
https://gerrit.wikimedia.org/r/221107
That looks right. Thanks.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel
csteipp added a comment.
In ComparisonResult you guard setting the result to a list of constant strings,
but in ReferenceResult that only happens on object creation. ReferenceResult
should do the same as ComparisonResult.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL
csteipp added a comment.
In https://phabricator.wikimedia.org/T99358#1402101, @csteipp wrote:
SpecialCrossCheck::buildResultTable
$referenceStatus = $this-msg( wbqev-crosscheck-status- .
$result-getReferenceResult()-getStatus() )-text();
Either user escaped() or don't use rawhtml
csteipp added a comment.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: soeren.oldag, JanZerebecki, Jonaskeutel, Tamslo, csteipp,
Andreasburmeister, Liuxinyu970226, Aklapper
csteipp created this task.
csteipp assigned this task to aaron.
csteipp added subscribers: soeren.oldag, JanZerebecki, Jonaskeutel, Tamslo,
csteipp, Andreasburmeister, Liuxinyu970226, Aklapper,
Wikibase-Quality-External-Validation, aaron.
csteipp added projects: Wikibase-Quality, Security-Team
csteipp created this task.
csteipp added subscribers: soeren.oldag, JanZerebecki, Jonaskeutel, Tamslo,
csteipp, Andreasburmeister, Liuxinyu970226, Aklapper,
Wikibase-Quality-External-Validation.
csteipp added projects: Wikibase-Quality, Security-Team, Wikidata,
Security-Reviews, Wikibase
csteipp added a comment.
SpecialCrossCheck::buildResultTable
$referenceStatus = $this-msg( wbqev-crosscheck-status- .
$result-getReferenceResult()-getStatus() )-text();
Either user escaped() or don't use rawhtml in the table cell.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL
csteipp moved this task to Waiting on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp closed this task as Resolved.
csteipp claimed this task.
csteipp added a comment.
Constants are ok
TASK DETAIL
https://phabricator.wikimedia.org/T103439
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: soeren.oldag, Wikibase
csteipp closed blocking task T103439: Ex:WikibaseQualityExternalValidation -
DumpMetaInformationRepo needs to strictly validate table names as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp created this task.
csteipp claimed this task.
csteipp added subscribers: JanZerebecki, Jonaskeutel, Tamslo, csteipp,
Andreasburmeister, Liuxinyu970226, Aklapper,
Wikibase-Quality-External-Validation.
csteipp added projects: Wikibase-Quality, Security-Team, Wikidata,
Security-Reviews
csteipp removed a blocking task: Restricted Task.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: JanZerebecki, aaron, Andreasburmeister, csteipp, Tamslo, Liuxinyu970226
csteipp added a comment.
Fix looks good
TASK DETAIL
https://phabricator.wikimedia.org/T101306
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dominic.sauer, csteipp
Cc: soeren.oldag, Wikibase-Quality-Constraints, Aklapper, Lydia_Pintscher,
Tamslo
csteipp changed the title from Security review of
Wikibase-Quality-Constraints to Security review of
Wikibase-Quality-Constraints - v1 branch.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp moved this task to In Progress on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp created this task.
csteipp added subscribers: JanZerebecki, Jonaskeutel, Tamslo, csteipp,
Andreasburmeister, Liuxinyu970226, Aklapper,
Wikibase-Quality-External-Validation.
csteipp added projects: Wikibase-Quality, Wikidata, Security-Reviews,
Wikibase-Quality-External-Validation.
TASK
csteipp added a comment.
ExternalDataRepo should also validate its $tableName
TASK DETAIL
https://phabricator.wikimedia.org/T103439
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Wikibase-Quality-External-Validation, Aklapper
csteipp created this task.
csteipp added subscribers: JanZerebecki, Jonaskeutel, Tamslo, csteipp,
Andreasburmeister, Liuxinyu970226, Aklapper,
Wikibase-Quality-External-Validation.
csteipp added projects: Wikibase-Quality, Wikidata,
Wikibase-Quality-External-Validation.
TASK DESCRIPTION
csteipp closed blocking task T99355: Security review of
Wikibase-Quality-Constraints - v1 branch as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99354
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: JanZerebecki
csteipp closed this task as Resolved.
csteipp claimed this task.
csteipp added a comment.
OK, blockers have all been resolved for v1. We will need another review before
violations are deployed.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https
csteipp moved this task to Done on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp closed this task as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: JanZerebecki, csteipp, Andreasburmeister, Liuxinyu970226, Lydia_Pintscher,
Wikibase-Quality
csteipp closed blocking task T99352: Security review of Wikibase-Quality as
Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99351
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Tamslo, JanZerebecki, Yair_rand, Liuxinyu970226
csteipp moved this task to Ready on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp moved this task to Waiting on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp added a comment.
Yes, that's ok for now
TASK DETAIL
https://phabricator.wikimedia.org/T101467
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: Jonaskeutel, csteipp
Cc: thiemowmde, Jonaskeutel, Wikibase-Quality-Constraints, Aklapper
csteipp added a comment.
@Tamslo, are you asking if this can be closed? Definitely not. Both of the
other extensions have serious issues that need to be addressed before they can
be deployed, and I've only started reviewing this one. If plans change on
wmde's side, please let me know.
TASK
csteipp created this task.
csteipp claimed this task.
csteipp added subscribers: csteipp, Andreasburmeister, Liuxinyu970226,
Lydia_Pintscher, Wikidata-Quality, Aklapper.
csteipp added projects: Security-Team, Wikidata, Security-Reviews,
Wikidata-Quality.
TASK DESCRIPTION
As a library
csteipp closed blocking task T101469: Ex: WikibaseQualityConstraints -
CommonsLinkChecker should sanitize / escape user input in urls as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp closed blocking task T101308: Ex:WikidataQualityConstraints -
EntityId::getSerialization() is not guaranteed to be safe for HTML as
Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences
csteipp closed this task as Resolved.
csteipp claimed this task.
csteipp added a comment.
Fix looks good
TASK DETAIL
https://phabricator.wikimedia.org/T101468
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: gerritbot, Wikidata-Quality
csteipp closed blocking task T101468: Ex: WikibaseQualityConstraints -
CommonsLinkChecker makes unsafe connections as Resolved.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: aaron
csteipp closed this task as Resolved.
csteipp claimed this task.
csteipp added a comment.
Fixes look good
TASK DETAIL
https://phabricator.wikimedia.org/T101469
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: gerritbot, Wikidata-Quality
csteipp added a comment.
I'm not sure what kinds of regexes are expected here, so can't give great
guidance on the best solution. Theomowmde's solution of only allowing admins to
add them will prevent mass exploitation, but would still allow admins to attack
the server in the case of another
csteipp closed this task as Resolved.
csteipp added a comment.
Fix looks correct
TASK DETAIL
https://phabricator.wikimedia.org/T101308
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dominic.sauer, csteipp
Cc: gerritbot, soeren.oldag, Wikidata
csteipp created this task.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226,
Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints.
csteipp added projects: Wikidata, Wikidata-Quality-Constraints,
Security-Reviews.
TASK DESCRIPTION
User input is added to the url
csteipp removed a project: Security-Reviews.
csteipp set Security to None.
TASK DETAIL
https://phabricator.wikimedia.org/T101306
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag
csteipp created this task.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226,
Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints.
csteipp added projects: Wikidata, Wikidata-Quality-Constraints,
Security-Reviews.
TASK DESCRIPTION
CommonsLinkChecker needs to use
csteipp added a comment.
I'm done with the initial review. All the blockers need to get resolved before
this is closed.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: aaron
csteipp changed the title from T101468: Ex: WikibaseQualityConstraints -
CommonsLinkChecker should sanitize / escape user input in urls to Ex:
WikibaseQualityConstraints - CommonsLinkChecker should sanitize / escape user
input in urls.
csteipp set Security to None.
TASK DETAIL
https
csteipp moved this task to Ready on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp claimed this task.
csteipp added a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T99358
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: csteipp, Andreasburmeister, Liuxinyu970226, Aklapper, Wikidata-bugs
csteipp claimed this task.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: csteipp, Andreasburmeister, Liuxinyu970226, Lydia_Pintscher, Aklapper,
Wikidata-bugs, aude, Krenair, Ainali
csteipp moved this task to Ready on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp added a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T99352
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: csteipp, Andreasburmeister, Liuxinyu970226, Lydia_Pintscher, Aklapper,
Wikidata-bugs, aude
csteipp created this task.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226,
Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints.
csteipp added projects: Wikidata, Wikidata-Quality-Constraints,
Security-Reviews.
TASK DESCRIPTION
As is, the CSV value can
csteipp edited the task description.
csteipp added a subscriber: aaron.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: aaron, Andreasburmeister, csteipp, Tamslo, Liuxinyu970226
csteipp removed a project: Security-Reviews.
csteipp set Security to None.
TASK DETAIL
https://phabricator.wikimedia.org/T101303
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: aude, Aklapper, Lydia_Pintscher, Liuxinyu970226, Tamslo
csteipp moved this task to Waiting on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc
csteipp added a project: Security-Team.
TASK DETAIL
https://phabricator.wikimedia.org/T99355
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: aaron, Andreasburmeister, csteipp, Tamslo, Liuxinyu970226, Lydia_Pintscher,
Aklapper, Wikidata
csteipp removed a project: Security-Reviews.
TASK DETAIL
https://phabricator.wikimedia.org/T101469
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag, Tamslo,
Tobi_WMDE_SW, Aklapper
csteipp removed a project: Security-Reviews.
csteipp set Security to None.
TASK DETAIL
https://phabricator.wikimedia.org/T101308
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag
csteipp removed a project: Security-Reviews.
csteipp set Security to None.
TASK DETAIL
https://phabricator.wikimedia.org/T101305
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: csteipp
Cc: Wikidata-bugs, dominic.sauer, Jonaskeutel, soeren.oldag
csteipp created this task.
csteipp added subscribers: Andreasburmeister, csteipp, Tamslo, Liuxinyu970226,
Lydia_Pintscher, Aklapper, Wikidata-Quality-Constraints, aude.
csteipp added projects: Wikidata, Wikidata-Quality-Constraints,
Security-Reviews.
TASK DESCRIPTION
In it's current form
1 - 100 of 120 matches
Mail list logo