[11:08:11] <snitch>	 [[Tech]]; 2A00:23C5:800B:CA00:386A:7973:CC1B:898A; /* pofe32urey3r */ new section; https://meta.wikimedia.org/w/index.php?diff=17997065&oldid=17996081&rcid=11800990
[11:11:03] <snitch>	 [[Tech]]; Hoo man; Reverted changes by [[Special:Contributions/2A00:23C5:800B:CA00:386A:7973:CC1B:898A|2A00:23C5:800B:CA00:386A:7973:CC1B:898A]] ([[User talk:2A00:23C5:800B:CA00:386A:7973:CC1B:898A|talk]]) to last version by Peachey88; https://meta.wikimedia.org/w/index.php?diff=17997067&oldid=17997065&rcid=11800995
[14:40:52] <srdjan_m>	 is it possible to change the email address used in gerrit?
[17:41:11] <webchat254>	 good afternoon
[17:41:34] <webchat254>	 can anyone tell me if https://www.mediawiki.org/wiki/Manual:Parameters_to_index.php/en is still up to date?
[17:42:30] <webchat254>	 (i'm having trouble with saving the page. #Parameters that are needed to save)
[17:46:36] <Z5>	 it is for the zeusmode tool https://nl.wikipedia.org/w/index.php?title=Gebruiker%3AZanaq%2FZeusmode%2Fwhatlinkshere.js&type=revision&diff=51579147&oldid=51579088
[17:51:40] <Z5>	 e.g. wpTextbox1=%5B%5BSofist%20(Plato)%7CSofist%5D%5D%0A&wpStarttime=20180505174502&wpEdittime=20180505110833&wpEditToken=92958ae011a9f7091fdfc98d2e33c11e5aeded9e%2B%5C&wpAntispam=&editingStatsId=dd8f2a1e8cbc610339e68e5063e0d212&editRevId=51577515&wpAutoSummary=d41d8cd98f00b204e9800998ecf8427e&oldid=0&format=text%2Fx-wiki&model=wikitext&editingStatsId=dd8f2a1e8cbc610339e68e5063e0d212
[17:54:41] <bawolff>	 You should probably not pasye wpEdittoken
[17:55:34] <bawolff>	 as it would allow me to make edits as if i was you (or at least sort of. Truth is slightly more complex)
[17:57:34] <Z5>	 i presume those are invalidated after i use them.
[17:57:48] <Z5>	 anyway, the problem is that it is not working, bawolff ;-)
[17:58:23] <bawolff>	 No, they wont invalidate unless you log out and then log in again
[17:58:35] <Z5>	 ah good to know thanks.
[17:59:26] <Z5>	 but it still doesnt work ;-)
[17:59:49] <bawolff>	 Ah. I just joined channel and misses initial context
[17:59:54] <Z5>	 is the documentation up to date? i suspect the new parameter wpAntispam
[18:00:30] <Z5>	 i asked: can anyone tell me if https://www.mediawiki.org/wiki/Manual:Parameters_to_index.php/en is still up to date?
[18:00:38] <Z5>	 i'm having trouble with saving the page. #Parameters that are needed to save
[18:00:50] <Z5>	 for the zeusmode tool https://nl.wikipedia.org/w/index.php?title=Gebruiker%3AZanaq%2FZeusmode%2Fwhatlinkshere.js&type=revision&diff=51579147&oldid=51579088
[18:01:56] <bawolff>	 wpAntispam is not new. It should be empty
[18:02:21] <Z5>	 then it is something else that's the problem
[18:02:21] <bawolff>	 it used to be part of an extension
[18:02:40] <Z5>	 but i have no clue what it could be
[18:02:50] <bawolff>	 basically hidden textbox to stop spam boys that fill every feel
[18:03:15] <bawolff>	 what errors are you getting? Have you checked javascript console
[18:03:22] <Z5>	 yes.
[18:03:22] <bawolff>	 s/boys/bots
[18:03:55] <Z5>	 the request is submitted correctly, but then the editpage is returned from the request, and nothing is saved.
[18:05:07] <bawolff>	 Itd be better probably to use the api, you would get better errors probably
[18:05:10] <Z5>	 on correct save a normal page should be returned, not an edit page.
[18:05:58] <Z5>	 that is slightly more work: it used to work correctly this way, so i'm hoping for a small tweak ;-)
[18:06:21] <bawolff>	 edit page could be returned if edittoken is wrong, if not post, if preview button pressed, etc so there is a lot of potential causes
[18:06:53] <Z5>	 the diff display works fine, only saving fails.
[18:07:14] <Z5>	 preview parameter is not given.
[18:07:21] <bawolff>	 As an aside, im pretty sure that script has XSS issues
[18:07:51] <Z5>	 just xmlhttp.send(params);
[18:08:23] <Z5>	 in what way?
[18:08:32] <bawolff>	 one way of debugging is looking at a normal page save in network tab in browser tab and compare with what your request looks like
[18:09:04] <Z5>	 mmmmmm
[18:09:29] <bawolff>	 E.g. hbl = '<input type=button value="' + wgTitle + ' (hoofdbetekenis)' + '" onClick="javascript:replaceLink(\'' + clickedLi + '-' + i + '\', \'' + escape(wgTitle + ' (hoofdbetekenis)') + '\')">';
[18:10:39] <bawolff>	 What if you are viewing a page named: "_onmouseover=doevil()_a="
[18:12:09] <bawolff>	 Generally speaking innerHTML is very dangerous from an XSS perspective
[18:12:13] <Z5>	 mmmmmmm2
[18:12:59] <Z5>	 the application is filled with these kind of things
[18:13:23] <bawolff>	 Honestly, so is a lot of wikipedia user scripts
[18:13:33] <bawolff>	 :S
[18:17:07] * bawolff longs to break the gadget world with CSP
[18:18:01] <Z5>	 looking at the difference. it is difficult to compare. regular request gives "Request payload" and xmlhttp gives "Form data"
[18:20:41] <Z5>	 probably rewrite it using the api. thx.
[18:21:42] <bawolff>	 Also, remember to throw stuff through mw.escape() if putting variables in innerHTML
[18:25:24] <Z5>	 thx for the tip