https://bugzilla.wikimedia.org/show_bug.cgi?id=15129
--- Comment #26 from Bryan Tong Minh <bryan.tongm...@gmail.com> 2011-05-24 08:38:32 UTC --- Except for the second one, my comments in #13 were not addressed: > A few general comments on this: > * You are basically duplicating the CheckUser interface. This is bad because > changes in one part of the CheckUser code will not affect other parts. Code > duplication should be avoided when possible. > * You are constructing raw sql, whereas using the wrapper functions is > strongly > recommended > * Limits are hardcoded > * XFF is added as /xff. In the api you will simply want to use a boolean xff > parameter Especially with a high sensitivity module such as CU, I really do want to have a common backend for the special page and the API module. With all the code duplication the chances that are high that security vulnerabilities and other bugs that are found in the API module and fixed are not propagated to the special page and vice versa. Considering the sensitivity of CheckUser I do not think that this is acceptable. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
