WMDE-leszek created this task.
WMDE-leszek triaged this task as "High" priority.
WMDE-leszek added projects: Lexicographical data, Wikidata, Security-Reviews.


WikibaseLexeme uses some classes from symfony/validator PHP library for validating its API requests.
The library is not part of mediawiki vendor component yet, so it would need to go through security review before it, and WikibaseLexeme, get deployed.

The library on packagist: https://packagist.org/packages/symfony/validator.

Library source code: https://github.com/symfony/validator.
We intend to use version 3.4.7 of the library for the time being (as the 4.x branch is PHP 7+).

The library has several dependencies:

  • symfony/polyfill-mbstring (already part of mediawiki vendor, thus I assume does not require security review)
  • symfony/translation (also version 3.4.7, source code at https://github.com/symfony/translation)

The soon the review is possible, the better for the requesters. Being able to get the review happened by mid May 2018 would be absolutely fantastic.

We (WMDE Tech/Wikidata dev team) intend to use the library in WikibaseLexeme, with possibility to extend its usage in the other Wikibase-related code.
Library is pretty generic, and it could find other usage in both MediaWiki core, and other extensions. For example, it has been mentioned in T90885 back in 2015.

Should any further information needed to be provided, I will do it.



To: WMDE-leszek
Cc: Aklapper, Pablo-WMDE, Addshore, Jakob_WMDE, RazShuty, Lydia_Pintscher, WMDE-leszek, Lahi, Gq86, Cinemantique, GoranSMilovanovic, QZanden, EBjune, LawExplorer, dpatrick, Luke081515, Wikidata-bugs, aude, JanZerebecki, Darkdadaah, csteipp, Mbch331, Jay8g, Legoktm
Wikidata-bugs mailing list

Reply via email to