[00:00:13] <BlankEclair>	 oh, by "something" you meant secret keys
[00:01:39] <BlankEclair>	 my touchpad is perfectly engineered so that it's a pain in the arse for me to copy exception details
[00:07:10] <BlankEclair>	 https://issue-tracker.miraheze.org/T12516#252963; 
[00:07:15] <BlankEclair>	 "fine, i'll do it myself" energy
[01:00:57] <MirahezeRelay>	 <originalauthority> I wonder what these "other purposes" its used for if not session tokens
[02:01:54] <MirahezeRelay>	 <songngu.xyz> Sinces we are using PHP 8.2 and the author just has made an 1.42 compatible stable version, I'm gonna make a PR real quick
[02:02:19] <BlankEclair>	 no context but okay
[02:03:29] <MirahezeRelay>	 <songngu.xyz> context: it was disable globally way back from April does to non-compatible
[02:03:35] <BlankEclair>	 what is "it"?
[02:03:46] <MirahezeRelay>	 <songngu.xyz> uh... Tweeki skin?
[02:03:52] <BlankEclair>	 oh okay
[02:08:37] <MirahezeRelay>	 <songngu.xyz> >https://github.com/miraheze/mw-config/pull/5673>
[02:43:37] <MirahezeRelay>	 <originalauthority> I mean you can't blame BE for being confused the conversation had very much moved on from Tweeki
[09:05:25] <BlankEclair>	 tempted to write my own argument parser...
[09:50:34] <RhinosF1>	 BlankEclair: is mwscript that bad?
[10:03:27] <BlankEclair>	 RhinosF1: nah, i just didn't see the github issue i found
[10:04:01] <RhinosF1>	 BlankEclair: which
[10:04:19] <BlankEclair>	 https://github.com/python/cpython/issues/106235
[10:05:15] <RhinosF1>	 Ah
[10:05:59] <BlankEclair>	 that being said, mwscript is a bit stinky
[10:06:55] <RhinosF1>	 BlankEclair: a bit?
[10:07:02] <RhinosF1>	 It's very stinky
[10:07:24] <BlankEclair>	 i stopped looking because i didn't want to rewrite the entire thing
[10:07:31] <RhinosF1>	 BlankEclair: thats my job
[10:07:38] <RhinosF1>	 After I get the packaged versions deployed
[10:07:54] <BlankEclair>	 https://github.com/miraheze/python-functions/blob/23766f717f48fcd7957d97aa0320f9d4d78fb575/miraheze/mediawiki/mwscript.py#L64; why *['all'], why??
[10:08:08] <BlankEclair>	 https://github.com/miraheze/python-functions/blob/23766f717f48fcd7957d97aa0320f9d4d78fb575/miraheze/mediawiki/mwscript.py#L70; prod debug print, and not even stderr
[10:08:39] <BlankEclair>	 https://github.com/miraheze/python-functions/blob/23766f717f48fcd7957d97aa0320f9d4d78fb575/miraheze/mediawiki/mwscript.py#L129; that unterminated string because of the string concatenation happening below O.O
[10:09:00] <BlankEclair>	 https://github.com/miraheze/python-functions/blob/23766f717f48fcd7957d97aa0320f9d4d78fb575/miraheze/mediawiki/mwscript.py#L158; double calling?
[10:09:04] <RhinosF1>	 BlankEclair: line 64 is merging two arrays
[10:09:18] <RhinosF1>	 70 fair
[10:09:22] <BlankEclair>	 RhinosF1: ['all', *validDBLists]
[10:09:27] <RhinosF1>	 It's a fatal error
[10:09:31] <RhinosF1>	 BlankEclair: good point
[10:09:46] <RhinosF1>	 70 fatals the script so ye it should be stderr
[10:10:08] <BlankEclair>	 and the general use of os.popen and os.system is just >~< to me
[10:10:23] <RhinosF1>	 Logcommand is messy
[10:10:41] <RhinosF1>	 BlankEclair: 158 + 159 is bad
[10:11:01] <BlankEclair>	 yeah
[10:11:05] <RhinosF1>	 BlankEclair: someone started mixing os.popen and os.system without my review
[10:11:08] <RhinosF1>	 I want to fix that up
[10:11:17] <BlankEclair>	 well now i want to remove that simply out of spite
[10:11:19] <RhinosF1>	 they shouldn't be using os. Anyway directly
[10:11:22] <RhinosF1>	 There's a wrapper
[10:11:26] <BlankEclair>	 subprocess!!
[10:11:49] <RhinosF1>	 BlankEclair: well yes but also we have a wrapper so you can prompt the user and log the command too without duplication
[10:12:09] <BlankEclair>	 uh, what?
[10:12:15] <RhinosF1>	 Oh that's only mwdeploy
[10:12:20] <RhinosF1>	 It should do the same as mwdeploy
[10:12:23] <RhinosF1>	 Urgh
[10:12:25] <BlankEclair>	 i'm talking about the subprocess module
[10:12:39] <RhinosF1>	 This is vomit
[10:12:51] <RhinosF1>	 BlankEclair: yes it should be using that too
[10:12:56] <RhinosF1>	 That's been on the list for a bit
[10:13:08] <BlankEclair>	 and no documentation for the args too
[10:13:08] <RhinosF1>	 I need to dedupe mwscript and mwdeploy too
[10:13:14] <RhinosF1>	 I'll fix that when I do that
[10:13:45] <RhinosF1>	 BlankEclair: and probably me
[10:13:52] <RhinosF1>	 s/and/bad
[10:14:01] <RhinosF1>	 I forgot how bad that code is
[10:14:12] <BlankEclair>	 "In Which Claire and RhinosF1 Complain About Messy and Potentially Insecure Code"
[10:14:35] <RhinosF1>	 BlankEclair: input to mwscript is considered trusted
[10:14:42] <RhinosF1>	 You shouldn't call it with unsafe input
[10:14:48] <BlankEclair>	 yeah, hence why i didn't treat it as a security issue
[10:14:58] <BlankEclair>	 but like... unescaped user input still makes me >~<
[10:15:10] <RhinosF1>	 If it was designed to be safe against user input, it would be a walking nightmare
[10:15:14] <RhinosF1>	 So would mwdeploy
[10:15:18] <BlankEclair>	 i mean, true
[10:15:30] <RhinosF1>	 They both have about a million instance of unescaped input
[10:15:48] <BlankEclair>	 (actually i say that and i knowingly have a module on the rainverse wiki that does not escape user input :p)
[10:16:16] <RhinosF1>	 Bad Claire
[10:16:25] <RhinosF1>	 But ye, mwscript is trusted input
[10:16:28] <BlankEclair>	 sowwy T_T
[10:16:43] <RhinosF1>	 You have to have shell access and be able to become www-data to do anything useful with it
[10:16:47] <BlankEclair>	 but yeah, still tickles my "ew" senses
[10:17:06] <BlankEclair>	 in my case, i was too lazy to write a string sanitization function
[10:17:13] <RhinosF1>	 It's only a wrapper cause I got bored of writing out full commands
[10:17:36] <RhinosF1>	 sudo -u www-data /srv/mediawiki/.... blah
[10:17:38] <RhinosF1>	 Gets boring
[10:17:57] <RhinosF1>	 Both mwscript and mwdeploy exist cause im lazy BlankEclair
[10:18:02] <BlankEclair>	 touche
[10:18:37] <RhinosF1>	 BlankEclair: you used to have to run like 4 maintenance scripts in the correct order on every server
[10:18:53] <RhinosF1>	 So like 24 commands to do a deploy
[10:19:08] <RhinosF1>	 I geniunely just got so pissed off with doing it I wrote mwdeploy
[10:19:25] <RhinosF1>	 And made it 1
[10:19:32] <BlankEclair>	 i suppose 75% of programming are fueled by frustration
[10:19:40] <RhinosF1>	 Probably
[10:20:51] <RhinosF1>	 BlankEclair: if you want terrible code, look at https://github.com/rhinosf1/railstats
[10:21:01] <RhinosF1>	 Oh that's a 404
[10:21:05] <RhinosF1>	 It's called something like that
[10:21:08] <RhinosF1>	 Has rail in the name
[10:21:12] <BlankEclair>	 anyway time to actually add the test lol
[10:29:52] <BlankEclair>	 RhinosF1: new commit: https://github.com/miraheze/python-functions/pull/67
[10:55:08] <RhinosF1>	 BlankEclair: I suggested more tests
[11:01:26] <RhinosF1>	 BlankEclair: the prefix matching sounds awful tbh
[11:01:29] <RhinosF1>	 We could disable it
[11:07:40] <BlankEclair>	 RhinosF1: wdym by "it's passed twice with the same parameter"?
[11:08:10] <RhinosF1>	 BlankEclair: mwscript --extension=test --extension=test
[11:08:25] <BlankEclair>	 hmm we'd be more like testing argparse then
[11:08:36] <BlankEclair>	 are you expecting that test will be for both mwscript and the maint script?
[11:29:50] <RhinosF1>	 BlankEclair: we only test up to when we generate the command
[11:30:00] <RhinosF1>	 We don't have a working mediawiki instance for them tests
[11:30:08] <RhinosF1>	 Or php available
[11:30:20] <BlankEclair>	 no i mean
[11:30:24] <RhinosF1>	 BlankEclair: and ye it but I'll make sure we don't change anything in future and regress
[11:30:35] <BlankEclair>	 do you expect the param to be given to both mwscript and the maint script in this case?
[11:31:01] <RhinosF1>	 BlankEclair: oh I think ye that should be given to the maint script
[11:31:12] <BlankEclair>	 i don't think argparse does that...
[11:31:22] <RhinosF1>	 BlankEclair: then we should document that
[11:31:28] <BlankEclair>	 where tho
[11:31:36] <RhinosF1>	 Cause that's most likely what people will want
[11:31:46] <RhinosF1>	 To pass the same extension parameter through
[11:31:52] <RhinosF1>	 It should be a pass through
[11:31:54] <BlankEclair>	 it might be possible, i'll need to check further
[11:32:07] <BlankEclair>	 but i'm currently in the groove of messing with being able to send server-side requests =w=
[11:32:23] <RhinosF1>	 And yes, some of the tests do test argparse itself but it makes sure we don't regress how we use it
[11:32:23] <BlankEclair>	 (not sure if it's ssrf yet, i just started and couldn't find anything interesting to do)
[11:32:35] <RhinosF1>	 If argparse suddenly changes in a future version, we'll know
[11:40:32] <BlankEclair>	 it's weird how i can immediately tell that an extension was written by yaron by how data is passed through
[11:40:43] <BlankEclair>	 he loves to do arrays with string keys
[11:57:02] <BlankEclair>	 alright, who wrote invalid types for ArgumentParser.get_known_args()?
[11:57:05] <BlankEclair>	 parse*
[11:59:01] <RhinosF1>	 BlankEclair: me
[11:59:13] <BlankEclair>	 wait you wrote the types for that function?
[12:00:01] <RhinosF1>	 BlankEclair: oh maybe not
[12:00:09] <BlankEclair>	 i'll have to debug this later
[12:00:12] <RhinosF1>	 If it's the types within mwscript, me
[12:00:13] <RhinosF1>	 If not
[12:00:18] <RhinosF1>	 Not me
[12:02:18] <BlankEclair>	 lmao nvm it's because i redefined a type
[12:02:22] <BlankEclair>	 variable*
[12:02:48] <RhinosF1>	 Oh
[12:03:02] <RhinosF1>	 I thought we had a separate check for redef tbh
[12:03:14] <BlankEclair>	 i really thought someone butchered the typing for a stdlib function lol
[12:05:20] <RhinosF1>	 BlankEclair: you gonna add the other tests
[12:05:24] <BlankEclair>	 eventually
[12:05:31] <BlankEclair>	 > [22/09/2024 21:32] <BlankEclair> but i'm currently in the groove of messing with being able to send server-side requests =w=
[12:05:34] <RhinosF1>	 If you add the other tests in next like 40 minutes, I can merge
[12:05:40] <RhinosF1>	 Otherwise it'll have to wait a few others
[12:05:41] <BlankEclair>	 hmm alright then
[12:05:42] <RhinosF1>	 Hours
[12:05:57] <RhinosF1>	 I'll be away in like 40 minutes time for like 3 hours
[12:06:24] <RhinosF1>	 Build CI passed which is good
[12:06:31] <RhinosF1>	 Build CI is the important one
[12:06:42] <RhinosF1>	 You probably won't break deb or deploy
[12:07:50] <RhinosF1>	 Deploy only sends it to PyPi if on master
[12:07:59] <RhinosF1>	 If that breaks, you can't even package
[12:08:06] <RhinosF1>	 Deb attempts to test a deb will build
[12:08:36] <BlankEclair>	 pushed
[12:13:47] <RhinosF1>	 BlankEclair: approved and set to auto merge
[12:13:52] <BlankEclair>	 cool ^_^
[12:15:59] <RhinosF1>	 BlankEclair: it will take forever to merge cause I have it set to queue
[12:16:05] <BlankEclair>	 :p
[12:16:06] <RhinosF1>	 Which helps with github auto merge but is all
[12:16:08] <RhinosF1>	 Slow
[12:30:05] <RhinosF1>	 BlankEclair: GitHub automatic queues merges are way slower than they need to b