dpatrick added a comment.
Many apologies for the delay here. I reviewed this back in June, failed to add my notes, then re-reviewed last week due to code changes since the last time I looked at it. I found no issues while reviewing this library. I checked for the following:
XSS via unescaped
dpatrick added a comment.
@Lydia_Pintscher Ping.TASK DETAILhttps://phabricator.wikimedia.org/T159709EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: dpatrickCc: dpatrick, Ricordisamoa, Aklapper, Lydia_Pintscher, QZanden, Acer, D3r1ck01, Izno, Luke081515
dpatrick added a comment.
@Lydia_Pintscher, can you give us an update on this ticket?TASK DETAILhttps://phabricator.wikimedia.org/T99358EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Lydia_Pintscher, gerritbot, soeren.oldag
dpatrick added a comment.
@Lydia_Pintscher, can you update the description of this ticket with the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!TASK DETAILhttps://phabricator.wikimedia.org/T159709EMAIL PREFERENCEShttps
dpatrick closed this task as "Declined".Herald removed a subscriber: Liuxinyu970226.
TASK DETAILhttps://phabricator.wikimedia.org/T69118EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Aklapper, Jimkont, Wikidata-
dpatrick removed a project: Security-Reviews.
TASK DETAILhttps://phabricator.wikimedia.org/T103912EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: dpatrickCc: StudiesWorld, Lydia_Pintscher, aaron, Wikibase-Quality-External-Validation, Aklapper, Liuxinyu970226
dpatrick added a comment.
Is this review still needed? We will assume not if no response is given by August 18th, 2016.TASK DETAILhttps://phabricator.wikimedia.org/T69118EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Aklapper
dpatrick added a comment.
This task may be rendered moot if "Access-Control-Allow-Origin: *" is
implemented, re. https://phabricator.wikimedia.org/T62835. Absent that, I think
it would be safe to allow read-only access from labs by adding the domain(s) to
the
dpatrick moved this task to In Progress on the Security-Team workboard.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
WORKBOARD
https://phabricator.wikimedia.org/project/board/1179/
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dpatrick
dpatrick claimed this task.
TASK DETAIL
https://phabricator.wikimedia.org/T65808
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dpatrick
Cc: Aklapper, csteipp, Matanya, Jdlrobson, Krenair, hoo, JanZerebecki, He7d3r,
Petrb, Magnus, Snowolf, wikibugs
dpatrick triaged this task as "Low" priority.
dpatrick set Security to None.
TASK DETAIL
https://phabricator.wikimedia.org/T115788
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: dpatrick
Cc: hoo, Aklapper, Mvolz, dpatrick, Wikidata-
dpatrick added subscribers: csteipp, dpatrick.
dpatrick added a comment.
@hoo, @csteipp and I discussed this a bit today. Third-parties who run this
code may end up unintentionally exposing backend information in this uncaught
exception. Is it onerous to work up a fix for this issue?
TASK
12 matches
Mail list logo