[00:22:14] is there any documentation on the "mwstore://" URLs introduced in mediawiki 1.19? i developed on 1.18, and am now testing it out on 1.19, and am seeing errors like "Could not create directory "mwstore://local-backend/local-public/archive/d/d8", which others have been seeing (e.g. at http://www.mediawiki.org/wiki/Thread:Project:Support_desk/Trouble_uploading_after_installation) [00:22:34] i developed an extension* [00:24:59] there's a bug open on this at https://bugzilla.wikimedia.org/show_bug.cgi?id=34238, but that tickets seems to've been inactive for about 2 months. other instances of problems with mwstore:// URLs: http://www.google.com/search?q=mwstore+%2F%2Flocal-backend%2Flocal-public [00:58:28] Emw, those urls are virtual now [00:58:40] it was added for supporting swift [00:59:01] so the files may not be in the local fiulesystem now [00:59:19] you need to change the call to getPath to getLocalPath or something like that [00:59:49] you will probably find some comment about it on includes/filerepo/ [01:02:51] Platonides: thanks [01:24:59] is the typical version of mediawiki currently used on new labs deployments 1.19 or 1.20? [04:01:55] !g Ib40d09071ba315da6b17fc94cca5746ed4c26342 [04:01:56] https://gerrit.wikimedia.org/r/#q,Ib40d09071ba315da6b17fc94cca5746ed4c26342,n,z [14:15:34] New patchset: Krinkle; "(bug 34815) Use QUnit ?module= query parameter." [integration/testswarm] (master) - https://gerrit.wikimedia.org/r/11830 [14:24:06] New patchset: Krinkle; "(bug 34815) Use QUnit ?module= query parameter." [integration/testswarm] (master) - https://gerrit.wikimedia.org/r/11830 [14:24:30] New review: Krinkle; "(no comment)" [integration/testswarm] (master) - https://gerrit.wikimedia.org/r/11830 [20:46:49] hi [20:47:03] could ":" be declared an invalid char for username create? [20:47:14] There are people creating fake IPV6 as usernames [20:47:26] http://en.wikipedia.org/wiki/Special:Contributions/200:0DB8:0016:0005:0ACE:0BD1:07BE [20:50:48] they shouldn't be able to [20:51:05] well they can :) [20:51:24] we just got this one, Platonides - http://enwp.org/User:200:0DB8:0016:0005:0ACE:0BD1:07BE [20:51:51] it's been referred to UAA as disruptive,although it's not a correct IPv6 addy though [20:52:26] var_dump( IP::isValid("200:0DB8:0016:0005:0ACE:0BD1:07BE" ) ); [20:52:26] bool(false) [20:54:01] its a fake yes [20:54:08] but it looks valid [20:54:15] i think it's more likely we need an abuse filter to catch this [20:54:33] it misses one block [20:55:08] it's 2 octets short, Platonides - start of the address should be 4 chars, then 1, then another 4 - this is 3, then 0, then 4 [20:55:23] 2 digits missed [21:00:07] I think even invalid IPv6 addresses should be caught by that [21:00:21] AbuseFilter may be able to do it, as BarkingFish said [21:00:55] I'm just looking at the workings of the edit filter, I've used it a while back elsewhere, just looking to see (without any actions in place) if I can make something which will hit it. [21:01:08] what code does var_dump( IP::isValid("200:0DB8:0016:0005:0ACE:0BD1:07BE" ) ); call? [21:01:45] wouldnt banning ":" from newer usernames fix the problem? [21:01:57] Usernames shouldnt contain :'s anyways [21:04:49] All I have to make sure with the edit filter is that it only catches users who make accounts using that style, not people actually editing from an IPv6 address [21:07:14] I have prepared the code for blocking their creation [21:07:18] BarkingFish, can you open a bug for this? [21:07:22] or ToAruShiroiNeko [21:07:44] Platonides, it needs to go to enwp's title blacklist, not the edit filter :) [21:08:03] BarkingFish, it's going to mediawiki :) [21:08:07] i just got told that the edit filter doesn't halt account creation [21:08:11] ah, ok then [21:08:19] i thought you were prepping regex :P [21:08:44] well, I did a general regex for that :P [21:09:18] ok [21:09:23] filing a bug [21:09:37] could I get a copy of that Platonides - so it can be added to the Title blacklist until you can implement the code please? [21:10:06] I just did: preg_match( '/^[0-9A-Fa-f]{0,10}:([0-9A-Fa-f]{0,10}:)*([0-9A-Fa-f]{0,10})?(?:\/' . RE_IPV6_PREFIX . ')?$/', $ip ) [21:10:19] excellent :) [21:10:30] looks general enough to catch anything people could confuse with an IPv6 [21:10:32] thank you [21:12:06] https://bugzilla.wikimedia.org/show_bug.cgi?id=37884 [21:12:40] Platonides but would it catch valid IPV6? :p [21:13:11] wasnt there a prize for the person filing the 37884th bug? [21:13:38] ToAruShiroiNeko, it will [21:13:38] the quickest way out would be as you say, ToAruShiroiNeko - simply restrict the use of : in a username [21:13:41] yes but it's been given to another person, then that bug was deleted so that nobody knows who he is [21:13:43] https://gerrit.wikimedia.org/r/12782 [21:14:43] now we need someone to merge it [21:16:00] I cannot think of any concievable reason why someone would use : in a username [21:16:04] incidentally [21:16:26] if someone creates an IPV6 username and an IP edits, with that - what would happen? [21:17:03] it's impossible for a username to be created with an IPv6 name [21:17:26] what my change does is to also make it impossible when it looks like a IPv6 address [21:17:43] Platonides now you cant, but what if user created it like a year ago [21:18:15] aha, so it hits people trying to make a real IPv6 address into a username, or one that looks like it's real, right? [21:18:50] ips dont have preferences [21:19:01] soemthings would break probably [21:19:05] BarkingFish, no, valid IP addresses were already forbidden [21:19:17] IPV6 ones were too? [21:19:54] ToAruShiroiNeko, that code banning IPv6 usernames have been there for ages [21:20:21] even if someone had created such username in 2002, the account name would be deemed as invalid [21:20:36] I think that means it would be rejected on the login page [21:21:48] nice [21:21:52] people were planning ahead [21:22:11] no, just using libraries I think [21:22:19] mmm [21:22:22] <3 libraries [21:25:18] Platonides, just speaking to Shirik - he needs to know the value of the RE_IPV6_PREFIX constant.. any clues on that please? [21:25:29] I already found it define( 'RE_IPV6_PREFIX', '(12[0-8]|1[01][0-9]|[1-9]?\d)'); [21:25:38] ah, ok [21:25:46] nvm Platonides - sorry to have bothered you :) [21:26:39] Platonides: really could do with some unit tests to go with that (not necessary for deployment), purely due to its nature [21:29:15] yes, it'd be nice to have [21:29:56] Surely there's a quicker way, as ToAruShiroiNeko suggested, Reedy - which would simply be to invalidate the use of the colon in a registered username. [21:33:47] colon and its variants [21:33:50] unicode and etc [21:34:14] :： [21:34:28] not the same character [21:45:40] have you guys merged 12787 in already? [21:46:19] I was just testing the titleblacklist entry at enwp for ipv6, and get clearly told "You have not specified a valid username" [21:46:40] I don't think so [21:47:31] btw, enwiki has 4298 usernames with an embedded colon [21:50:03] sure [21:50:10] worry is creation of new ones [21:50:17] Yep, and that's still possible [21:50:22] 4298 of them, how many are blocked? [21:50:41] I just made a new account at enwp with a username in the same fashion as the one I pasted to you earlier, Platonides - and it went straight through. [21:50:49] Again, 2 digits missing, per the other one [21:50:54] Shirik just blocked it [21:51:10] I'm still making sure I actually copied it in right [21:51:33] did you add the preg_match at the front, Shirik? [21:51:39] that is not part of the regex [21:51:59] hm [21:52:04] yeah according to my tester, the regex on the blacklist matches that IP address [21:52:06] it should not have gotten through [21:52:23] its magic! [21:53:47] I wonder do I need the User: in front? [21:54:22] yes I do [21:59:23] should an username like '::Abe::' be allowed or not? [22:00:59] hm [22:01:36] personally, I'd say no. You already have technical restrictions on some punctuation in mediawiki usernames, i don't see why that can't be added to the list [22:06:46] well, there's a user named ::Abi::, why not Abe? [22:07:56] there are really weird usernames [22:08:02] "ADOLF HITLER: GREATEST MAN WHO EVER LIVED ON EARTH!!!" [22:08:17] "ATTN VANDALS: Most tor nodes still work. Vandalize! Vandalize!" [22:09:08] "Attn:All Infidels PRAISE ALLAH! ALLAH! EYEYIEYIEYIE!!!!!" [22:09:13] Platonides, if the * and other punctuation marks are technically restricted due to their use for specific purposes in the interface, why can the colon not be restricted? [22:09:30] No, you can create an username with a * inside [22:10:53] ah, sorry - it's # / . and \ which are restricted, and _ disappears entirely [22:11:07] no, \ is not restricted [22:11:14] in fact, there's a user called "C:\" [22:11:26] / is restricted for subpage purposes [22:11:40] and # because it's not allowed in titles [22:11:41] # is an illegal title symbol due to fragment links [22:11:56] er, then Special:UserLogin/signup (when you're logged out) is wrong [22:11:59] I quote: [22:12:01] For technical reasons, a username cannot include the #, / and \ symbols. Any underscores will be converted to spaces. The first letter of a username is automatically capitalized. [22:12:12] Weird [22:12:21] It does not mention [, ], and | [22:12:26] Which are certainly forbidden [22:12:43] they are [22:13:13] hehe, someone going around the / ban: Http:\\www.bestandworst.com\r\74230.htm Poll about Hephaestos [22:13:23] If \ is not restricted, that page needs updating :) [22:13:37] I guess that's up to #mediawiki though :) [22:13:59] There are few restrictions for usernames [22:14:06] Which are not true for general titles [22:14:37] even so, symbols which can't be used should be made clear [22:14:41] It should not be an IP, have / in it, exceed maximun username length or have any exotic space or private use area symbols [22:15:26] since I'm not a dev, incidentally, feel free please to tell me to gtfo if I'm actually not supposed to be here :) [22:15:56] []{}|#<>/ [22:16:01] Those are the ones forbidden [22:16:15] There are more, but nobody uses them really [22:17:16] BarkingFish, you're welcome here [22:17:36] thanks, Platonides - appreciate it. [22:17:48] At least as long as we are not in the middle of something very important [22:18:32] if you're in the middle of something like that, I'll happily stfu if you want or just leave you in peace. I have gotten very used to knowing when to get the hell out of a channel :D [22:19:08] brb [22:19:56] ::Abi:: does not really sound as a legit username [22:20:07] At least that guy will probably be unable to have a userpage [22:20:27] turns out it wouldn't be allowed due to leading colons [22:21:14] * Platonides checks [22:21:16] it was .::Abi::. [22:52:38] there's a user named :ex:: [22:52:45] how could he create the account? [23:01:36] maybe it was renamed? [23:02:05] I wonder if there is a user :en: [[en:User::ex::]] [23:03:31] no, that's the only one beginning with : [23:03:51] can you take over it and try to edit with it? <3 [23:03:59] I cant even see its edits [23:04:21] http://en.wikipedia.org/wiki/Special:Contributions/:ex:: [23:04:26] or no edits? [23:04:48] http://en.wikipedia.org/wiki/Special:Log/:ex:: [23:04:50] broked? [23:05:28] how many usernames with : have a userpage? [23:06:44] quick fix is asking/requiring users with : to rename themselves [23:06:50] very few are legitemate anyways [23:06:54] if any [23:21:43] what do you think? https://en.wikipedia.org/w/index.php?limit=50&tagfilter=&title=Special%3AContributions&contribs=user&target=2001%3Ad06%3A6A1%3A78+ [23:24:33] or https://en.wikipedia.org/w/index.php?limit=50&tagfilter=&title=Special%3AContributions&contribs=user&target=DB8%3A16%3A5%3A0%3AACE%3ABD1 [23:24:39] Platonides: User faking a ipv6 address [23:24:46] (one : is missing) [23:25:22] ^seconded [23:25:28] needs whacking. [23:25:37] The real address would be 2001:d06:6A1::78 ;-) [23:25:46] (and I don't think they handed out that yet) [23:30:30] :::: [23:39:37] https://github.com/mattdiamond/fuckitjs [23:48:39] wtf? [23:49:09] also, it's 'Copyright 2012, Matt Diamond" [23:49:19] it should use the WTFPL [23:52:44] Night guys, see you around - I need to go get some sleep. [23:52:47] bbfn