Anything urgent we should get in before releasing?

@matmarex would you mind taking a look at https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1055617 which is where I envision this going next - should that patch be split up into multiple smaller steps? Or does it work as a single patch?

In T370669#10005023, @matmarex wrote:

The fix has been deployed to all Wikimedia wikis.

@Dragoniez for now you can tell the jawiki admin that they can go to action=delete for the target and delete it manually

Actually, caused by ad1e36d6f6d94827b4928094c708e8340d086e5b so thankfully its only been an issue for a few weeks rather than since 77781b08c7d9268b8ba6aea8ac8e667ba5666d57 4 years ago - just a missing !

Oh, um, this might be related to the delete-redirect right I added

Can we please also keep codesniffer on gerrit, so that existing contributors (like myself) don't need to learn a new workflow? Our codesniffer rules are primarily mediawiki-related

In T157658#9978408, @matmarex wrote:

In T157658#9975405, @DannyS712 wrote:

the biggest part of this will still be blocked by T251588, which hasn't had any progress - can I convince one of the subscribers or teams watching to take that up?

We've had some plans on the MediaWiki-Platform-Team to work on T20654: EditPage.php needs rewrite: Separate DB and UI logic (the parent task for all of this work), but it has been deprioritized for now in favor of finishing the SUL3 work earlier. I am hopeful that we'll come back to it afterwards, but no promises yet.

Okay, so coming back to this after a *while*, I'm going to try to make some more progress

• some more logic can be moved to constraints (first patch for that already sent ^)
• internalAttemptSave() isn't called anywhere in core or deployed extensions outside of EditPage.php and tests, so we can make it private (with a changed name) and replace the public version with a hard deprecated wrapper for the private one - after the hard deprecation, we can remove the public-ness of the method, and then refactoring the interface will be a lot simpler
• the biggest part of this will still be blocked by T251588, which hasn't had any progress - can I convince one of the subscribers or teams watching to take that up? I'm happy to provide code review

The primary reason I filed this was that I was thinking about writing a bot to automatically mark pages for translation when there are edits that got reverted, i.e. where the current source text is identical to the text that was most recently marked for translation, since those pages are still listed as waiting to have their changes marked for translation - either of the approaches work for me (not sure if other developers are going to use this api for anything) since the bot would just be doing the equivalent of submitting without changing the defaults

Granted for 1 year https://zh.wikipedia.beta.wmflabs.org/wiki/Special:Redirect/logid/10419

In T367968#9916294, @Bugreporter wrote:

Closing as duplicate for now; but may be reopened if the target task is declined.

In T367968#9908254, @Bugreporter wrote:

Before doing so in my opinion we need to:

1. Find all currently unattached accounts and rename or merge them (this is basically doing SUL finalisation again, but in a much smaller scale).

In T366821#9871127, @thcipriani wrote:

Thanks for adding all the needed info @SCherukuwada

Processing this as a trusted organization add per the privilege policy.

@IKhitron if adding

#ext-globalwatchlist-toolbar {
	background: var(--background-color-base)
}

is really all that is needed, maybe you want to try sending a patch yourself and I can review it?

@tstarling MergeUserTest::testMergeEditcount is now failing in a bunch of repos and blocking merges since it is loaded as a dependency. See, e.g., https://gerrit.wikimedia.org/r/c/mediawiki/extensions/DiscussionTools/+/1029837

@Kizule I see you awarded a "thumbs down" token - can I ask why you oppose this?

For (\r\n|\r|\n)+ how about [\r\n]+?

Prior attribute-related change that can be used as a reference if helpful: https://gerrit.wikimedia.org/r/c/mediawiki/tools/codesniffer/+/786408

@Iniquity if you fill in the

Link to scc output for general sizing of codebases (https://github.com/boyter/scc):

part of the task description it might be easier for the security team to prioritize given just how *tiny* this extension really is (120 lines of PHP total and by my count 57 of those are comments and 14 are blank, so really 49 lines of PHP; no JavaScript)

In T353938#9702532, @DannyS712 wrote:

@Dreamy_Jazz any chance that this can be prioritized by T&S during your ongoing work of CU?

@Dreamy_Jazz any chance that this can be prioritized by T&S during your ongoing work of CU?

Just want to add a link to @Terasail's amazing script https://www.wikifunctions.org/wiki/User:Terasail/ReadableDiff.js which does some of this in the meantime client-side

In T241457#9693802, @Jdforrester-WMF wrote:

Extension has been archived per T352884.

In T361860#9691600, @Xover wrote:

In T361860#9691323, @DannyS712 wrote:

@Xover I created https://phabricator.wikimedia.org/P59624 that is restricted to WMF-NDA members and the subscribers of the paste (currently you), which should be secure to put the full headers

Thanks. But Phab still won't let me edit that paste. Only members of WMF-NDA and the author have the "Can Edit" capability...

@Xover I created https://phabricator.wikimedia.org/P59624 that is restricted to WMF-NDA members and the subscribers of the paste (currently you), which should be secure to put the full headers

Also affects ContentTranslation, https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ContentTranslation/+/1015683

Since I never learned the precedence rules, for me and anyone else reviewing patches that fix this: && is higher precedence than || per https://www.php.net/manual/en/language.operators.precedence.php

Just to connect: was previously archived at T248758 and then unarchived at T261923

<sorry, misclick>

Can you confirm that the user also cannot be blocked by specifying their user ID in the block API?

Doesn't this require the rights to move subpages though, i.e. generally only exploitable by advanced users?

Confirmed that the option shows up for me

https://phabricator.wikimedia.org/project/members/6986/ reports "Joinable By" as "All Users"
Moving to unbreak now since my understanding is that the project automatically allows access to the security tasks and now allows *anyone* to access security issues

<Adding to Project-Admins just for tracking>

Not sure when I'm going to have time for this, if someone else wants to work on it I don't want to block them

In T354577#9503830, @Htriedman wrote:

Hi @DannyS712! Have you made any progress on this?

@Jdforrester-WMF I created the patch linked above for LibUp to run upgrades (we missed this for 42.0.0) but we should first make sure that we manually get upgrades to one or two repos to make sure that things are working properly, it looks like there was a failure for the WikiLambda patch.

Because its not giving its own +2 the full tests for the gate-and-submit pipeline are running instead of the dedicated i18n tests, so this is taking up more CI processing and also leads to unrelated failures that then need to be manually merged (example https://gerrit.wikimedia.org/r/c/mediawiki/extensions/BlueSpiceUEModulePDFRecursive/+/992870)

Sorry if I didn't tag the right projects, wasn't sure where this should go

In T287234#9484807, @pmiazga wrote:

I tried to make a stab at this work some time ago (patches that Krinkle mentioned ) but then I abandoned the idea. Now I want to get this thing done and noticed you made a ticket for it and pushed a PR. Nice. Thanks.

@DannyS712 are you going to work on this? If not, let me take over this work.

Stalled for years with no movement/progress, no compelling reason articulated - boldly closing

In T354577#9451983, @MBH wrote:

I think there should be an option - hide previous versions or not. Currently ruwiki's bot hides all revisions, for example - all revisions of Putin's article since 2003.

Going to try and implement this. I'm assuming that this is all meant to be oversight-level suppression, rather than admin-level (unless we want both as options). Questions that will need an answer at some point

• Should editors be told that their names will be immediately hidden as editors?
• Should enabling/disabling this be in the public protection log (if editors are informed before saving then probably) (only a question if the suppression is oversight-level)
• Should each edit be logged individually as a revision deletion/suppression action? If not it might be confusing if the edits are later made visible. If yes, under what name - maintenance script?
• Should enabling this retroactively apply to all prior edits, or just new ones?

In T246674#8259078, @Aklapper wrote:

Removing task assignee due to inactivity as this open task has been assigned for more than two years. See the email sent to the task assignee on August 22nd, 2022.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome!
If this task has been resolved in the meantime, or should not be worked on ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!

In T352182#9364058, @CDanis wrote:

Users are no longer impacted.

Unfortunately due to the nature of the outage (a DDoS) we can't publish more details.