Made a check of the tvtropes history and unless logo boy is kris27, it isn't his content to add.
All The Tropes Wiki Project, Part XXI
|
RE: All The Tropes Wiki Project, Part XXI
08-30-2021, 11:56 AM (This post was last modified: 08-30-2021, 11:59 AM by robkelk.)
It looks like something in the new Translate code is breaking Infobox formatting.
"Infobox book" used to have "V · D · E" in the lower-right corner. Now, the template shows "<span style="" title="<translate nowrap> View this template</translate>"><translate> v</translate> · <span style="" title="<translate nowrap> Discuss this template</translate>"><translate> d</translate> · <span style="" title="<translate nowrap> Edit this template</translate>"><translate> e</translate>" in the lower-right corner. "Template:Infobox" and "Template:Infobox book" have not been changed.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown
RE: All The Tropes Wiki Project, Part XXI
08-30-2021, 01:42 PM (This post was last modified: 08-30-2021, 02:10 PM by GethN7.) (08-30-2021, 11:56 AM)robkelk Wrote: It looks like something in the new Translate code is breaking Infobox formatting. I'm looking into it, and it just looks like we may have a stray CSS style sheet that needs fixed to Sanitized CSS, I'll get back to you shortly, this should be an easy fix. Update: We need to reimport the Wikipedia version for his template, then copy our version changes to it. The Translate extension is fine, what we have here is one of the modules that makes the template work missing other module data for foreign language translation, nothing aside from that is broken. Weather is messing with my signal, or I'd do it myself, but this is normal, we just need to reimport some WMF stuff again and modify it for our needs.
RE: All The Tropes Wiki Project, Part XXI
08-30-2021, 02:16 PM (This post was last modified: 08-30-2021, 02:24 PM by robkelk.)
Thanks, Geth. We probably don't need to modify Template:Infobox very much if at all - especially considering that we're using the default documentation for the template.
As for the SQL issue, the Stewards report that it's a copy of the VoteNY schema. Not as bad as we thought, but it still raises the question as to why somebody would add that as their very first edit on the wiki. EDIT: And the two global accounts marked "Trust and Safety" that now show up on our user list are related to this. Meta page on T&S.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown
Yeah, I could have told you that it wasn't a SQLI attack, but it is really weird. Seriously, we're not a programming wiki.
"Kitto daijoubu da yo." - Sakura Kinomoto
(08-30-2021, 05:41 PM)Labster Wrote: Yeah, I could have told you that it wasn't a SQLI attack, but it is really weird. Seriously, we're not a programming wiki. Didn't think so either, but given MediaWiki is not immune to code injection attacks (much like how TV Tropes is still so leaky I bet you can still run PHP code you insert via plain editing, admittedly MW is not half as bad off, but it's got security issues too), I lean on the side of harsh crackdowns on anyone who does this sort of thing. It can frighten those less informed, it's not on topic, and just in case there is a security hole, no sense throwing it open by allowing such bizarre posting.
Okay, so Geth mentioned that the idea I came up with about Takamachi Nanoha being on the autism spectrum has enough merit that it can go on the WMG page for the Magical Girl Lyrical Nanoha page.
That said, is there anything specific I need to know before putting it up? Also, "Open 2" is getting long in tooth. Do we perhaps need an "Open 3"? Or maybe even a means of sorting by subject matter? (e.g.: dividing them up by being character specific, specific to a group like Riot Force Six, etc.) It might also be a good idea to shift WMG entries to their relevant works, such as WMG entries on Hayate, The BoD/ToNS, Reinforce (both incarnations), and the Wolkenritter shifted out of the page for the original series and into the pages for A's, StrikerS, etc. where appropriate. (08-30-2021, 06:56 PM)Black Aeronaut Wrote: Okay, so Geth mentioned that the idea I came up with about Takamachi Nanoha being on the autism spectrum has enough merit that it can go on the WMG page for the Magical Girl Lyrical Nanoha page. Concur entirely, sort to where it belongs and split if need be if things are getting too bloated and unwieldy.
RE: All The Tropes Wiki Project, Part XXI
08-30-2021, 08:38 PM (This post was last modified: 08-30-2021, 08:39 PM by robkelk.) (08-30-2021, 07:55 PM)GethN7 Wrote:(08-30-2021, 06:56 PM)Black Aeronaut Wrote: Okay, so Geth mentioned that the idea I came up with about Takamachi Nanoha being on the autism spectrum has enough merit that it can go on the WMG page for the Magical Girl Lyrical Nanoha page. Agreed. "Open 1", "Open 2", and so on is worse than useless except for a chronological list of what was added when. "Open Nanoha", "Open Midchilda", "Open Devices", and so on is much better. EDIT: And there's nothing specific you need to know before putting it up. I've seen longer WMG entries on other pages.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown (08-30-2021, 05:41 PM)Labster Wrote: Yeah, I could have told you that it wasn't a SQLI attack, but it is really weird. Seriously, we're not a programming wiki. Given this, did we overreact with the instant permaban?
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown
RE: All The Tropes Wiki Project, Part XXI
08-30-2021, 08:51 PM (This post was last modified: 08-30-2021, 08:52 PM by Black Aeronaut.) (08-30-2021, 08:41 PM)robkelk Wrote:(08-30-2021, 05:41 PM)Labster Wrote: Yeah, I could have told you that it wasn't a SQLI attack, but it is really weird. Seriously, we're not a programming wiki. Unlikely. I'm no coder, but from the sound of things, even if it wasn't malicious in intent, the fact still stands that such a blatant disregard for the order of things is highly undesireable. They should have honestly have known better than to just come along and try to execute code willy nilly on someone else's website. This is not a hacker's sandbox! (08-30-2021, 08:51 PM)Black Aeronaut Wrote:(08-30-2021, 08:41 PM)robkelk Wrote:(08-30-2021, 05:41 PM)Labster Wrote: Yeah, I could have told you that it wasn't a SQLI attack, but it is really weird. Seriously, we're not a programming wiki. Maybe an overreaction, but not by much. Without access to the nginx logs I can’t really determine if it was an attempted attack or not, but the code I see here is benign. So you’re left to guess at motive, and I can’t think of a reason to post something so off-topic. If they wanted to talk about the schema for some reason, a link would have sufficed. The possibilities are pretty much limited to: SQLI attempt or user who doesn’t understand what our website is about. Neither are likely to be productive users.
"Kitto daijoubu da yo." - Sakura Kinomoto
The only possible "over" was not allowing talk page privileges so they could defend themselves, still a really shady first edit.
I think that part of the overreaction was due to the at-first percieved attempt to capture personal info of other users, which would have been illegal as all hell in a good few places. That's bound to make someone hit the SCRAM button like it was a big, scary looking bug.
In other news, I don't seem to know what I'm doing, and I'm too tired to figure it out right now. If anyone would like to look at what I've been trying to do, please do so by all means. I'll come at it again later when I'm more in possession of my mental faculties.
I'm fairly clueless when it comes to programming of any sort, and this thought may be on the paranoid side...
But while the initial code wasn't malicious, could it have been a sort of test? See if the website allows it to work, if it does but gets caught "Oh I'm sorry", but revealing an opening for a later, more thought out and hostile code to be inserted. maybe I'm just tired...
No, I think we ought to have zero tolerance for anyone whose first edit is code and not content, for just that reason. A couple years back we had someone who thought he could just come in and make changes to style sheets and install stuff in other users' personal areas without asking, and we made the mistake of not jumping on him right away. We were lucky in that he wasn't actually malicious, just obnoxious, but we still ended up having to ban him when he wouldn't stop despite being asked. If he had been malicious we would have probably paid a high price. We don't want to risk that again.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold....
RE: All The Tropes Wiki Project, Part XXI
08-31-2021, 07:31 PM (This post was last modified: 08-31-2021, 07:32 PM by Black Aeronaut.)
Okay. I'm lost. How the heckin' heck do you get subfolders to autopopulate? Example: Confirmed, Jossed, and Open subfolders showing up in the main WMG page for a given work. I mean, it has to be automatic, right? Since whenever I look at the source for the WMG page, I don't see any links to the folders themselves.
This is why I hate messing around on Wikis. "Pass me the sage and the chicken blood."
Try the {{Examples on subpages}} template.
Like a lot of our templates, it can take an alternate caption as a parameter: {{Examples on subpages|I'm calling it something else}} Also, after you add the template, purge the page (it's on the little "More" dropdown menu next to the search on the top of the page). That forces the page to refresh from scratch instead of using a cached copy.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold.... (08-31-2021, 12:16 AM)Norgarth Wrote: I'm fairly clueless when it comes to programming of any sort, and this thought may be on the paranoid side... This is absolutely what I do when I'm playing Red Team. I'm usually Blue Team though, and there I always start with something harmless as an exploit proof of concept before executing something that mutates data. Again, with server logs it might be possible to see if there were some odder requests being sent from the same IP -- a lot of times people just try a lot of requests and see if any of them get through. Certain security mistakes are distressingly common. Anyway I can tell you that this kind of attack will not succeed, but also that reporting it to Miraheze staff was the right thing to do anyway. And if I were trying to hack, I'd ignore wiki pages and concentrate almost exclusively on the extensions. Wikimedia security is generally pretty hard, because Wikipedia is a big fat target. But all of this extension code written by randos (very nice randos giving free code, I may add) is much more likely to have a bug we missed in security review. Drive-by (ostensible) attacks like this past one won't succeed, but I think a more focused attack could. It's all about whether the hostile actor really gets the threat model, or if he's just after easy pickings.
"Kitto daijoubu da yo." - Sakura Kinomoto
So we're all agreed (at least the bureaucrats are all agreed - we haven't asked on-wiki) that this was definitely off-topic and looks like a pen-test, and thus it was correct to institute the block.
Thanks. One less thing to carry over to the next ATT Project thread.
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown (09-01-2021, 08:17 AM)robkelk Wrote: So we're all agreed (at least the bureaucrats are all agreed - we haven't asked on-wiki) that this was definitely off-topic and looks like a pen-test, and thus it was correct to institute the block. Judging by the lack of outcry, I imagine no one else is particularly fussed. Shawn's made a new addition to the Fun Size YMMV per Moderation log, I'll let another admin check whether this one is A-OK. Also as I'm slowly but surely am fully cleaning up Immortality/Sandbox, it would be great if some of you would offer consensus on what type Q is per https://allthetropes.org/wiki/Topic:Wfjl3938itjfrmo6
RE: All The Tropes Wiki Project, Part XXI
09-01-2021, 10:10 AM (This post was last modified: 09-01-2021, 10:12 AM by Bob Schroeck.)
I have checked Shawn the Plagiarist Boy's latest change to Fun Size/YMMV and determined that it is once again the same passage deleted before for copyright issues, which save for the insertion of six or seven words is once again a word-for-word copy of text from TVT. It's been rejected and he's received his two-week ban, as warned two days ago.
In the process I realized that Fun Size/YMMV page, which he created, is for a movie, but he created it under a trope. I've created a stub page for the film, and moved the YMMV page there. Shawn the Pain in the Ass Boy is either a troll or incredibly hard-of-thinking; either way we probably don't want to be cleaning up after him in the future. He's received a perm-ban warning for a third instance of copyright violation; let's see if he tries again.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold.... (08-30-2021, 01:42 PM)GethN7 Wrote:(08-30-2021, 11:56 AM)robkelk Wrote: It looks like something in the new Translate code is breaking Infobox formatting. Okay, that's been fixed. Now the image and caption are left-aligned instead of being centered. Is that something I need to fix in the infobox template?
--
Rob Kelk Sticks and stones can break your bones, But words can break your heart. - unknown (09-01-2021, 11:06 AM)robkelk Wrote:I'd probably need to see a side-by-side comparison in context of an article to make judgement(08-30-2021, 01:42 PM)GethN7 Wrote:(08-30-2021, 11:56 AM)robkelk Wrote: It looks like something in the new Translate code is breaking Infobox formatting.
And that's 300 messages; time to close this thread. The next iteration can be found here.
-- Bob
I have been Roland, Beowulf, Achilles, Gilgamesh, Clark Kent, Mary Sue, DJ Croft, Skysaber. I have been called a hundred names and will be called a thousand more before the sun grows dim and cold.... |
« Next Oldest | Next Newest »
|
Users browsing this thread: 11 Guest(s)