wikimedia/mediawiki-extensions-Echo
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/Echo synced 2024-11-23 15:36:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/Echo
7280 commits 164 branches 0 tags 74 MiB
PHP 69%
JavaScript 28%
Less 2.9%
Go to file
Matěj Suchánek 11b9e66f9f Disallow anonymous non-IP agents, handle truncated names 
Why:
* Echo stores agents by their user id or by the name if the user
  is not registered. This works for IPs since the "event_agent_ip"
  field has limit of 39 bytes (32× [0-9A-F] + 7× colon for IPv6).
* However, it's possible to hold a user identity that is not
  an IP address, but the user name has not been or cannot be
  registered (e.g., external users). Echo wouldn't validate this
  and would attempt to insert the user name into "event_agent_ip",
  possibly causing silent truncation and data corruption.

What:
* Do not let events with such agents be saved. For now, log an
  error in the production. Wikibase, the only known source of this
  problem, has already been fixed.
* In runtime, replace every possibly corrupted user name with
  a placeholder to avoid unexpected null values and exceptions
  in production.

Bug: T367638
Change-Id: Ic2bd218b10651d13da9e9aea54dd2d668a33d946
Depends-On: I03b4367355dc5a3fc0c14aad5fdf19fbcd0caa3d
Depends-On: I92eb93983e81708b289e9f7d837884d539dade0b
2024-11-14 11:44:19 +01:00
.phan Use HookHandlers for UserMerge hook 2023-08-16 05:30:19 +00:00
i18n Localisation updates from https://translatewiki.net. 2024-11-12 08:17:49 +01:00
images Remove all traces of cross-wiki beta feature 2019-04-17 22:18:13 -07:00
includes Disallow anonymous non-IP agents, handle truncated names 2024-11-14 11:44:19 +01:00
maintenance Use namespaced classes 2024-10-20 00:55:03 +02:00
modules Merge "Fix improper @private documentation in .js code" 2024-10-08 11:23:15 +00:00
scripts Use namespaced classes 2024-10-20 00:55:03 +02:00
sql Drop schema updates from MW 1.33 and 1.34 2023-12-22 01:56:23 +00:00
tests Disallow anonymous non-IP agents, handle truncated names 2024-11-14 11:44:19 +01:00
.eslintignore eslint: Use .eslintignore 2022-05-09 14:00:02 +01:00
.eslintrc.json eslint: remove redundant ruleset wikimedia/jsdoc 2024-05-15 17:31:36 +00:00
.gitignore Add DS_Store to gitignore 2021-07-13 13:58:44 -05:00
.gitreview
.mailmap Update Legoktm's mailmap entry 2021-04-11 19:15:52 -07:00
.phpcs.xml tests: Resolve phpunit filename deprecation errors 2023-08-12 21:07:15 +02:00
.stylelintrc.json stylelint: Enable selector-pseudo-element-colon-notation 2023-03-30 00:24:47 +02:00
.svgo.config.js build: Update SVGO to v3.0.2 & re-crush icons 2023-06-14 19:12:11 +00:00
CODE_OF_CONDUCT.md build: Updating mediawiki/mediawiki-codesniffer to 22.0.0 2018-09-03 01:46:10 +00:00
composer.json build: Updating mediawiki/mediawiki-codesniffer to 45.0.0 2024-11-02 07:16:27 +00:00
COPYING
Echo.alias.php Add aliases for Simplified & Traditional Chinese 2024-01-07 16:55:25 +08:00
extension.json tests: Namespace the PHP classes 2024-10-03 20:30:06 +00:00
Gruntfile.js eslint: Use .eslintignore 2022-05-09 14:00:02 +01:00
jsdoc.json build: Update jsdoc-wmf-theme to 1.1.0 2024-06-26 11:31:52 +01:00
package-lock.json build: Updating micromatch to 4.0.8 2024-08-25 00:45:50 +00:00
package.json build: Update jsdoc-wmf-theme to 1.1.0 2024-06-26 11:31:52 +01:00
quibble.yaml build: Add quibble.yaml and enable early warning bot feedback 2023-03-31 11:42:44 +02:00
README.md Replace jsduck with jsdoc 2024-04-30 15:29:06 +01:00
RELEASE_NOTES
ServiceWiring.php Merge "Inject service RevisionStore into RevisionLocalCache" 2024-03-18 09:06:16 +00:00

README.md

The Echo extension provides an in-wiki notification system that can be used by other extensions.