User "Renklauf" posted a comment on Wikimedia.r483. Full URL: http://www.mediawiki.org/wiki/Special:Code/Wikimedia/483#c23401 Commit summary:
Computing tables of randomly sampled traffic from banner impressions. This is necessary to normalize category counts from article samples. DataMapper.py -> gather_random_traffic_samples() - Randomly samples traffic from banner impression logs. TrafficSamplesTableLoader - data loader class to interact with faulkner.traffic_samples. this table stores the page title, id, and request times of the traffic samples. Comment: re DataLoader.py: see r531 - Added escaping to all SQL queries taking parameters as input re DataMapper.py: 294/395/483: I'd argue that these are actually benign as the args are either completely determined in the method or restricted to local folders where no real damage can be done. 483: see above - grep commands are particularly benign 205: >> unescaped post on 874/875? (maybe others) This is escaped in DataLoader.py LandingPageTableLoader class at the point of the SQL call _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
