Last modified: 2013-06-09 07:16:31 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T51175, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 49175 - GuidedTour adds MW namespace scripts to login page
GuidedTour adds MW namespace scripts to login page
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
GuidedTour (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Matthew Flaschen
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-05 10:51 UTC by Matthew Flaschen
Modified: 2013-06-09 07:16 UTC (History)
12 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Patch to fix issue (1.10 KB, patch)
2013-06-05 10:53 UTC, Matthew Flaschen 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Flaschen 2013-06-05 10:51:56 UTC 
GuidedTour can add on-wiki tours (which are JavaScript files in the MW namespace) to pages where user JS is not supposed to be allowed.

I have a fix locally, which I'll upload shortly as a patch (I can do a Gerrit draft if that's secure too).
Comment 1 Matthew Flaschen 2013-06-05 10:53:33 UTC 
Created attachment 12467 [details]
Patch to fix issue
Comment 2 Chris Steipp 2013-06-05 19:33:53 UTC 
Hi Matt, Please keep it out of gerrit for now. We'll most likely patch the cluster first, and then put it into gerrit.
Comment 3 Matthew Flaschen 2013-06-07 01:05:53 UTC 
I did this during the E3 deployment in the GuidedTour directories.

However, it disappeared, because I forgot to also do a local SECURITY commit bumping the submodule.  I checked that it's still deployed, though.  So I did the local submodule bump to mediawiki (both directories again), and it should be correct now.

Let me know when we can make this public.
Comment 4 Chris Steipp 2013-06-07 18:11:14 UTC 
Since our next security release is a couple weeks out, and it's patched on the cluster, it probably best to just commit it in gerrit and communicate to your users that they should update. I'm not sure how much it's used outside the WMF, so you may not need to do much.

Once it's merged, feel free to close this bug and make move it to the MediaWiki Extensions Product so it will be public.
Comment 5 Matthew Flaschen 2013-06-07 22:57:12 UTC 
Merged to master.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links