[00:01:36] <grrrit-wm>	 (PS2) Awight: Rename config loading function to reflect its increased responsibilities [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281061
[00:01:38] <grrrit-wm>	 (PS2) Awight: Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063
[00:01:40] <grrrit-wm>	 (PS2) Awight: Default function defines data transformers from config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281062
[00:02:47] <cwd>	 awight: neat!
[00:03:06] <cwd>	 wait...did the name of loadConfig regress somehow?
[00:03:40] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] Rename config loading function to reflect its increased responsibilities [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281061 (owner: Awight)
[00:04:16] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063 (owner: Awight)
[00:04:27] <awight>	 cwd: I must have rebase failed... or mebbe your patch is lurking in review
[00:04:34] * awight looks around
[00:04:36] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] Default function defines data transformers from config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281062 (owner: Awight)
[00:04:55] <cwd>	 awight: looks to have merged, can you rebase on master?
[00:05:42] <awight>	 yah my bad
[00:07:17] <ejegg|away>	 AndyRussG: sorry, that was a zendesk ticket
[00:07:25] <ejegg|away>	 you can ask MBeat for access or details
[00:07:49] <AndyRussG>	 ejegg|away: ah k thx!
[00:08:16] <grrrit-wm>	 (PS3) Awight: Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063
[00:08:18] <grrrit-wm>	 (PS3) Awight: Default function defines data transformers from config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281062
[00:09:35] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063 (owner: Awight)
[00:11:53] <grrrit-wm>	 (PS4) Awight: Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063
[00:17:13] <cwd>	 i'm trying to get a valid banner url for the NL campaign but can't seem to...where would i look?
[00:17:29] <awight>	 cwd: Good question!
[00:17:43] <awight>	 Try CentralNotice on metawiki, there's a "Preview" link
[00:18:29] <Seddon>	 cwd: https://meta.wikimedia.org/w/index.php?title=Wikipedia_15/Events/El_salvador&banner=B1516_0401_mlATNL_dsk_p1_lg_bkg_cnt&uselang=nl&country=NL&force=1
[00:18:43] <awight>	 & so you can find it again,
[00:18:44] <awight>	 https://meta.wikimedia.org/w/index.php?title=Special:CentralNotice&subaction=noticeDetail&notice=C1516_nlNL_dsk_FR
[00:18:58] <awight>	 https://meta.wikimedia.org/wiki/Special:CentralNoticeBanners/edit/B1516_0401_mlATNL_dsk_p1_lg_bkg_cnt
[00:19:15] <awight>	 Preview on-wiki -> https://meta.wikimedia.org/w/index.php?title=Special:Random&banner=B1516_0401_mlATNL_dsk_p1_lg_bkg_cnt&uselang=en&force=1
[00:19:24] <cwd>	 great, thanks!
[00:19:31] <awight>	 You'll probably want to add &country=NL at some point, like Seddon sed
[00:22:05] <cwd>	 i really wish these modsecurity log lines would spit out the full request
[00:23:40] <awight>	 cwd: garrrgh
[00:24:06] <awight>	 I can't think of a workaround.
[00:24:22] <awight>	 unrelated, TODO: move Worldpay account config into yaml
[00:24:35] <awight>	 cos, FATS
[00:24:56] <grrrit-wm>	 (CR) Awight: [C: 2] Move Worldpay currencies to config (1 comment) [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281043 (owner: Ejegg)
[00:25:46] <grrrit-wm>	 (CR) Awight: [C: 2] Restore lookup table for WP submethod api name [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281052 (owner: Ejegg)
[00:26:22] <grrrit-wm>	 (Merged) jenkins-bot: Move Worldpay currencies to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281043 (owner: Ejegg)
[00:26:30] <grrrit-wm>	 (CR) Awight: Restore lookup table for WP submethod api name [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281052 (owner: Ejegg)
[00:26:45] <grrrit-wm>	 (CR) Awight: "Oops, didn't realize there was an alternative to this patch... looking." [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281052 (owner: Ejegg)
[00:36:49] <cwd>	 awight: do you know off the top of your head, are we ever passing the referer [sic] in the request payload somehow?
[00:37:02] <grrrit-wm>	 (CR) Awight: "Wow, that is so funky. I wouldn't mind it at all, if the apparatus to make these lookups were outside of the gateway class." [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[00:38:06] <grrrit-wm>	 (PS2) Awight: Random cleanups [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281036 (owner: Ejegg)
[00:38:51] <grrrit-wm>	 (CR) Awight: [C: 2] Random cleanups [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281036 (owner: Ejegg)
[00:39:05] <awight>	 cwd: Which request payload?
[00:39:15] <awight>	 I believe it is sucked into DonationData
[00:39:25] <cwd>	 ah ha, yeah that makes sense
[00:39:41] <cwd>	 the request from donatewiki->payments i believe
[00:39:53] <awight>	 Not grepping it, though
[00:40:11] <awight>	 Ooh, good call--maybe it's only grabbed on donatewiki.
[00:40:19] <awight>	 ??
[00:40:21] <awight>	 mmmph
[00:40:29] <awight>	 todo: document ;)
[00:40:35] <cwd>	 hehe
[00:41:14] <cwd>	 well by far the most common blocking match these owasp rules find is looking for a protocol string at the beginning of a request var, and it looks to me like the referer
[00:41:25] <grrrit-wm>	 (Merged) jenkins-bot: Random cleanups [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281036 (owner: Ejegg)
[00:43:51] <cwd>	 some devious black hat hackers sticking remote resources in url params
[00:45:05] <cwd>	 and some seriously hardened web apps going "curl <urlparam> | sh"
[00:46:23] <cwd>	 ...which is to say i doubt disabling that rule would get us owned
[00:47:49] <awight>	 Having that rule, disabled, would be more than we have now ;)
[00:48:11] <awight>	 We could encode the referer, or send as protocol-relative
[00:48:38] <awight>	 kid is awake, I might have to split in a minute
[00:48:44] <cwd>	 why do we need it in a url param instead of just reading the header?
[00:48:54] <cwd>	 yeah it's already the weekend
[00:49:10] <grrrit-wm>	 (PS3) Awight: Move var_map to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280783 (owner: Ejegg)
[00:50:19] <grrrit-wm>	 (CR) Awight: [C: 2] "Fun with knives!" [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280783 (owner: Ejegg)
[00:50:28] <grrrit-wm>	 (PS2) Awight: Move data constraints to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280790 (owner: Ejegg)
[00:51:38] <grrrit-wm>	 (Merged) jenkins-bot: Move var_map to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280783 (owner: Ejegg)
[00:51:49] <awight>	 cwd: cos it's being forwarded from another box
[00:52:47] <cwd>	 oh right
[00:53:06] <grrrit-wm>	 (CR) Awight: [C: 2] Move data constraints to config (2 comments) [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280790 (owner: Ejegg)
[00:54:08] <cwd>	 well stripping the protocol shouldn't be too gnarly...
[00:54:22] <grrrit-wm>	 (Merged) jenkins-bot: Move data constraints to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/280790 (owner: Ejegg)
[00:55:15] <cwd>	 that rule accounts for like 90% of the false positives that would actually block a request
[00:57:04] <awight>	 cool!  There's no contract on that variable on the receiving end, consumers just jam it in contribution_tracking with no validation. do whatchu like!
[00:57:19] <awight>	 hehe, poor Mari is learning about peeing in the bed.
[00:57:30] <cwd>	 baww
[00:57:32] <awight>	 She got over the mad at the world, tho
[00:57:35] <awight>	 and is just singing.
[00:57:43] <awight>	 have a weekend!
[00:57:46] <cwd>	 what song?
[00:58:09] <awight>	 donno!  It sounds like a new language
[00:58:38] <cwd>	 awesome
[00:59:02] <grrrit-wm>	 (PS3) Awight: Use generalized lookup table builder for WP [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[00:59:14] <awight>	 oh.  that was "MAMA"
[01:07:38] <grrrit-wm>	 (PS4) Awight: Use generalized lookup table builder for WP [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[01:08:02] <grrrit-wm>	 (CR) Awight: "PS 4: Lean on PHP library" [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[01:08:40] <grrrit-wm>	 (CR) Awight: [C: 1] "CR+2 but leaving for cross-check" [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[01:08:52] <awight>	 gtg, have fun!
[01:08:55] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] Use generalized lookup table builder for WP [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[01:08:59] <awight>	 bah
[01:09:59] <cwd>	 have a good weekend!
[01:10:17] * awight curses at php 5.3
[01:11:11] * cwd rubs 5.3 test behind the ears
[01:12:55] <grrrit-wm>	 (PS5) Awight: Use generalized lookup table builder for WP [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281054 (owner: Ejegg)
[01:13:12] <awight>	 haha, with the array_column polyfill I'm back to the original line count.
[01:13:15] <awight>	 Don't look.
[01:13:35] <cwd>	 heheh
[01:16:09] <cwd>	 awight: do we have more instances than api_name that need a lookup table?
[01:18:17] <cwd>	 just seems like the config files are already lookup tables, albeit without a nice interface
[01:18:29] <cwd>	 depending
[01:19:13] <cwd>	 good idea
[05:22:02] <grrrit-wm>	 (Abandoned) Awight: Rename config loading function to reflect its increased responsibilities [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281061 (owner: Awight)
[07:05:08] <grrrit-wm>	 (PS5) Awight: Move data transformers to config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063
[07:05:10] <grrrit-wm>	 (PS4) Awight: Default function defines data transformers from config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281062
[07:05:31] <grrrit-wm>	 (CR) Awight: "PS 5: manual rebase" [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281063 (owner: Awight)
[07:24:48] <grrrit-wm>	 (PS1) Awight: Move most error mapping into config [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281081
[07:36:11] <grrrit-wm>	 (PS6) Krinkle: kvStoreMaintenance: Refactor to use requestIdleCallback [extensions/CentralNotice] - https://gerrit.wikimedia.org/r/254326 (https://phabricator.wikimedia.org/T111456)
[08:05:30] <grrrit-wm>	 (PS1) Awight: [WIP] Explore encapsulating validation along with transformations [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281084
[15:07:18] <grrrit-wm>	 (PS2) Awight: [WIP] Explore encapsulating validation along with transformations [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281084
[15:10:27] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] [WIP] Explore encapsulating validation along with transformations [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281084 (owner: Awight)
[15:26:22] <grrrit-wm>	 (PS1) Awight: [WIP] Hack to highlight invalid fields in Mustache forms [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281181
[15:27:57] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] [WIP] Hack to highlight invalid fields in Mustache forms [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281181 (owner: Awight)
[15:29:47] <grrrit-wm>	 (PS3) Awight: [WIP] Explore encapsulating validation along with transformations [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281084
[15:29:49] <grrrit-wm>	 (PS2) Awight: [WIP] Hack to highlight invalid fields in Mustache forms [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281181
[15:31:30] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] [WIP] Explore encapsulating validation along with transformations [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281084 (owner: Awight)
[15:33:03] <grrrit-wm>	 (CR) jenkins-bot: [V: -1] [WIP] Hack to highlight invalid fields in Mustache forms [extensions/DonationInterface] - https://gerrit.wikimedia.org/r/281181 (owner: Awight)