[01:12:06] Hi Yaron , I was looking into the bug-51505 (https://bugzilla.wikimedia.org/show_bug.cgi?id=51505) , I have found a solution but it involves a minor change in mediawiki-core as well. Will that be acceptable? [01:12:31] pawan_seerwani: you'd have to ask the MediaWiki developers about that one. [01:12:56] Okay. Thanks. I will ask them and get back. [01:13:01] There's no way to fix this without modifying MediaWiki? [01:14:02] There might be. I haven't looked into other possibilities yet. [01:15:50] [SemanticResultFormats] JeroenDeDauw created pathz (+1 new commit): http://git.io/g4nVNA [01:15:50] SemanticResultFormats/pathz 2d070b6 jeroendedauw: Fix initialization of srfgScriptPath [01:16:15] [SemanticResultFormats] JeroenDeDauw opened pull request #25: Fix initialization of srfgScriptPath (master...pathz) http://git.io/5bul3A [01:16:34] pawan_seerwani: can you explain what the MediaWiki change is? [01:22:21] Yaron, the change required is adding a new const parameter to includes/EditPage.php [01:22:36] The parameter is as follows : [01:22:44] const AS_INCORRECT_EDIT_TOKEN = 241; [01:23:04] The msg generally shown on incorrect csrf token ( edit token) is different than other messages. So inorder to identify this special error, I was thinking of adding the above const parameter [01:35:39] pawan_seerwani: hm, that's interesting - it's surprising that there isn't already an error constant for that. [01:36:12] Of course, you could just have the SFAutoeditAPI define its own error constant for it... [01:37:47] Yaron, Oh. I will try that.. [01:38:21] Just make sure the number is not too close to the other numbers. :) [01:38:42] Sure. [01:39:50] Also, my patch is available at http://pastebin.com/ww8Q0fE5 More comments would be helpful :) [01:41:38] That's it? Where is the "incorrect edit token" error thrown? [01:43:22] Inside the 'switch' clause. [01:43:53] No, not where it's caught, where it's thrown. [01:44:39] It seems like you were planning to modify EditPage not just to add that new constant, but also to make use of it? [01:45:26] ---> throw new MWException( "This appears to be a cross-site request forgery; canceling save."); [01:45:44] The above line does throw exception, or am I missing something? [01:46:07] Yes, it throws an exception, but it doesn't throw AS_INCORRECT_EDIT_TOKEN. [01:47:47] Oh, well. Actually the the error msg for wrong-edit-token across SF uses the same above msg. [01:48:40] Alright; I don't think we understand each other, but in any case, Stephan would be the better person to talk to about this patch. [01:49:03] I needed the constant so that I can set value for $status variable and then use it in 'switch' clause [01:50:20] Right. But hes isn't online. I will wait for him then. [02:27:13] [SemanticMaps] JeroenDeDauw pushed 4 new commits to master: http://git.io/B2l72w [02:27:14] SemanticMaps/master c415005 jeroendedauw: Remove pointless newline [02:27:14] SemanticMaps/master 57e1227 jeroendedauw: Add SF to the suggest list [02:27:14] SemanticMaps/master 45ce92a jeroendedauw: Also run tests with PHP 5.6 [02:49:42] [SemanticMaps] JeroenDeDauw pushed 2 new commits to master: http://git.io/_QQh1g [02:49:42] SemanticMaps/master a212528 jeroendedauw: Some cleanup [02:49:42] SemanticMaps/master 9159e93 jeroendedauw: Fix center parameter bug [02:53:26] [SemanticMaps] JeroenDeDauw pushed 1 new commit to master: http://git.io/ZDP0hw [02:53:26] SemanticMaps/master ac695d5 jeroendedauw: Update rel notes [02:55:14] [SemanticMaps] JeroenDeDauw pushed 1 new commit to master: http://git.io/fBgc8g [02:55:14] SemanticMaps/master d9e3eee Jeroen De Dauw: Update README.md [06:57:32] (CR) Raimond Spekking: "Abandon this patch set was not logical. Now the translatewiki export scripts will commit in the old way and this conflicts with the GitHub" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:10:26] (CR) Siebrand: "Jeroen, please let Raimond know before the end of an afternoon that the Gerrit repo has been updated to use JSON i18n. Otherwise we're get" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:11:22] (CR) Siebrand: "Is this extension maintained at GitHub? If so, Jeroen, please let Raimond know before the end of an afternoon that the Gerrit repo has bee" [extensions/SemanticMaps] - https://gerrit.wikimedia.org/r/121354 (owner: Siebrand) [07:26:48] (CR) Jeroen De Dauw: [C: 2 V: 2] Migrate to JSON i18n [extensions/SemanticMaps] - https://gerrit.wikimedia.org/r/121354 (owner: Siebrand) [07:27:28] [SemanticMaps] JeroenDeDauw pushed 2 new commits to master: http://git.io/CsT83w [07:27:28] SemanticMaps/master 751b563 Siebrand Mazeland: Migrate to JSON i18n... [07:27:28] SemanticMaps/master bb61cc9 jeroendedauw: Merge branch 'master' of ssh://wmfgerrit/mediawiki/extensions/SemanticMaps [07:29:12] (CR) Jeroen De Dauw: "This has been merged already." [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:29:46] (CR) Jeroen De Dauw: "And it has been synced, so it is as if it was merged here from the TWN perspective." [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:31:39] [SemanticMediaWiki] JeroenDeDauw pushed 1 new commit to master: http://git.io/gSUu2A [07:31:39] SemanticMediaWiki/master 923a294 Jeroen De Dauw: Update .travis.yml [07:31:48] (Restored) Raimond Spekking: Migrate to JSON i18n [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:31:55] (CR) Raimond Spekking: [C: 2] Migrate to JSON i18n [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:32:00] (Merged) jenkins-bot: Migrate to JSON i18n [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:33:27] (CR) Jeroen De Dauw: "??? It was already on master in this git repo. You clicking the merge button here did not change the state of the git repo at all... Anywa" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [07:35:00] (CR) Raimond Spekking: "How that? With what patch set?" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [08:51:13] (CR) Siebrand: "Thanks Jeroen and Raimond." [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [09:35:49] (CR) Jeroen De Dauw: "> How that? With what patch set?" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [09:38:07] (CR) Raimond Spekking: "It does make sense, at least for me. Every direct push is lost for my workflow and I have no chance to handle changes for translatwiki.net" [extensions/SemanticMediaWiki] - https://gerrit.wikimedia.org/r/121356 (owner: Siebrand) [14:22:03] [SemanticMediaWiki] mwjames pushed 1 new commit to maintenance-datarebuilder: http://git.io/6Bscmw [14:22:03] SemanticMediaWiki/maintenance-datarebuilder 320d36e mwjames: Add --query parameter... [14:57:30] [SemanticMediaWiki] mwjames pushed 1 new commit to maintenance-datarebuilder: http://git.io/jscCNw [14:57:30] SemanticMediaWiki/maintenance-datarebuilder 1254063 mwjames: Manipulating $GLOBALS['smwgQMaxLimit'] [15:42:46] (PS1) Jatin: making js files pass jshint [extensions/SemanticFormsInputs] - https://gerrit.wikimedia.org/r/121679 [16:00:55] (CR) Foxtrott: "I do not have the time to do a validation of this bug." [extensions/SemanticFormsInputs] - https://gerrit.wikimedia.org/r/121679 (owner: Jatin) [16:48:25] Hi FoxT , I was looking into the bug 51505(https://bugzilla.wikimedia.org/show_bug.cgi?id=51505), I just want to confirm that the token being sent by the user is a part of the query string itself right? [16:49:45] pawan_seerwani: Yes, if the data is sent as GET parameters then it should be part of the query string. [16:53:48] FoxT: Ok, but if its a POST request then there is no need to check for edit token, correct? [16:58:23] Why not [16:58:50] ? [16:59:46] The edit token seems to change with every session [17:00:44] Yes, of course. That's the whole point. It is used to make sure that the edit of a user is intentional. [17:01:50] pawan_seerwani: Seehttp://www.mediawiki.org/wiki/Manual:Edit_token [17:02:27] Okay, I will read about it :) [17:30:13] FoxT, I read about it. I knew most of the part though. My question is what does the user send in Token parameter when using, #autoedit parser function... He sends the entire hash string of token or something else like the salt value? [17:31:04] I'd say the entire hash string [17:31:57] In that case, how would the user know what is the hash string to be used and where would he get that from? [17:32:33] I think there is an api function [17:34:27] But in the end you don't need to concern yourself with how a user of the api would get the token. [17:35:22] Considering the user sends the hash string as token parameter.. I have a patch ready for it. But as said, my concern is how does the user generate hash string in the first place. [17:35:24] Well, ok, you would need to concern to test your fix [17:36:42] Should I submit the patch? Or first make sure that such a work flow exists where a user can generate the the hash string? [17:37:10] an api call for editing the main page could be http://127.0.0.1/mw/api.php?action=query&prop=info&intoken=edit&titles=Main%20Page [17:37:23] I think [17:37:50] You could also ask on the bug report how they expect to get their token [17:38:13] Ok.. I will do that. [17:47:32] (PS1) Pawanseerwani: Add token parameter to SF Autoedit API [extensions/SemanticForms] - https://gerrit.wikimedia.org/r/121698 [18:46:05] (PS2) Jatin: Making js files pass jshint [extensions/SemanticFormsInputs] - https://gerrit.wikimedia.org/r/121679 [19:17:59] (PS3) Jatin: Making js files pass jshint [extensions/SemanticFormsInputs] - https://gerrit.wikimedia.org/r/121679 [21:20:47] [SemanticResultFormats] mwjames created tagcloud-null-title (+1 new commit): http://git.io/0fy8zg [21:20:47] SemanticResultFormats/tagcloud-null-title 42e098a mwjames: Check for instanceof Title [21:22:56] [SemanticResultFormats] mwjames opened pull request #27: Check for instanceof Title (master...tagcloud-null-title) http://git.io/ACZAkQ