Page MenuHomeMiraheze

Request Commentbox extension
Closed, ResolvedPublic

Event Timeline

@HopelessNightOwl Hi. Would you be willing to consider an extension we already have installed: https://www.mediawiki.org/wiki/Extension:Comments ?

Unknown Object (User) moved this task from Backlog to Security Review Needed on the Extensions board.Dec 18 2020, 18:27

This extension is not submitting wpUnicodeCheck and therefore all attempts to save comments using it will fail. Also, it is adding an edit token after the comment form has been submitted rather than adding it inside a hidden element in the form beforehand. And the extension has not had real updates without dependency or localisation updates in months. As such, I am not very confident about this extension.

RhinosF1 claimed this task.
In T6607#130140, @R4356th wrote:

This extension is not submitting wpUnicodeCheck and therefore all attempts to save comments using it will fail. Also, it is adding an edit token after the comment form has been submitted rather than adding it inside a hidden element in the form beforehand. And the extension has not had real updates without dependency or localisation updates in months. As such, I am not very confident about this extension.

Declining for now based on the above and the issues raised upstream. The code gives me serious concerns about how it's written given what I've seen.

Redmin added a subscriber: Samwilson.

Reopening since the upstream task has been resolved and the extension is working once again.

In T6607#130140, @R4356th wrote:

Also, it is adding an edit token after the comment form has been submitted rather than adding it inside a hidden element in the form beforehand.

@Samwilson, since you sent some patches for this extension including the above mentioned task, I was wondering if you could share your opinion regarding this part.

Unknown Object (User) removed RhinosF1 as the assignee of this task.Jan 7 2021, 15:18

I'll have a look at improving it.

Unknown Object (User) closed this task as Declined.Jan 8 2021, 00:46
Unknown Object (User) claimed this task.

It's still declined for now, if the extension is improved as @Samwilson mentioned above then maybe it can be approved later

Southparkfan subscribed.

Improvements have been merged: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/654567

At first glance, this is a low risk extension. It even rejects external links since there's no support for https://www.mediawiki.org/wiki/Extension:SpamBlacklist. Seems fine to enable, what do you think?

I have no objections following @Samwilson's patch and the explanation of html escaping by Scott

Improvements have been merged: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/654567

At first glance, this is a low risk extension. It even rejects external links since there's no support for https://www.mediawiki.org/wiki/Extension:SpamBlacklist. Seems fine to enable, what do you think?

I think it's fine to enable also. After closing this again yesterday I reviewed the code and forgot to re-open and it does look fine to me also now.

Unknown Object (User) closed this task as Resolved.Jan 9 2021, 05:40