[00:00:13] <MirahezeRelay>	 <abaddriverlol> there used to be like 30-40 at a time a few months ago
[00:00:26] <MirahezeRelay>	 <abaddriverlol> (ones I created; I don't have access to any others)
[00:00:58] <MirahezeRelay>	 <abaddriverlol> considering the state of WMF phab I wouldn't be surprised if there were multiple high severity security tasks that have been open for years
[00:01:04] <MirahezeRelay>	 <abaddriverlol> just like all of the bug reports and feature requests
[00:01:12] <MirahezeRelay>	 <tmwyk> Those that are currently going off on my end are PHP related (and I hate it)
[00:01:38] <MirahezeRelay>	 <tmwyk, replying to abaddriverlol> cries in triage volunteer
[00:02:01] <MirahezeRelay>	 <abaddriverlol, replying to tmwyk> in recent times JS has caused a lot of issues especially in WMF-deployed code
[00:02:10] <MirahezeRelay>	 <abaddriverlol> because PHP code is checked for XSSs in CI while JS code is not
[00:02:20] <MirahezeRelay>	 <tmwyk> JS always causes issues
[00:02:31] <MirahezeRelay>	 <abaddriverlol> like the fact that https://phabricator.wikimedia.org/T396413 just existed and nobody noticed it
[00:02:48] <MirahezeRelay>	 <tmwyk> which is why my next WMF tool is in JS :BleachMayuriLmao:
[00:02:51] <MirahezeRelay>	 <bartomelow> [1/2] is this thing basically a widget? i thought it came with Monaco itself tbh
[00:02:51] <MirahezeRelay>	 <bartomelow> [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1432157562379178135/MonacoWidgetExample1.png?ex=6900082b&is=68feb6ab&hm=10878b8328d4e87e95dd23722f2a7c63ab7cc7f276c9322596f2ce8dbcb32f72&
[00:03:10] <MirahezeRelay>	 <abaddriverlol, replying to tmwyk> rip
[00:03:31] <MirahezeRelay>	 <abaddriverlol, replying to bartomelow> whatever it is, it kinda looks like it's been broken and dead for >10 years as most monaco features
[00:03:37] <MirahezeRelay>	 <bartomelow> lol
[00:03:39] <MirahezeRelay>	 <blankeclair, replying to abaddriverlol> my fucking god
[00:03:52] <MirahezeRelay>	 <blankeclair> couldn't have made a more obvious ctf if you tried
[00:03:57] <MirahezeRelay>	 <abaddriverlol, replying to blankeclair> wait you saw that only now?
[00:04:01] <MirahezeRelay>	 <blankeclair> yeah
[00:04:10] <MirahezeRelay>	 <abaddriverlol> https://phabricator.wikimedia.org/T402698 is basically the same btw
[00:04:13] <MirahezeRelay>	 <blankeclair, replying to blankeclair> we will be doomed if someone hosts a mediawiki ctf
[00:04:48] <MirahezeRelay>	 <abaddriverlol> fr
[00:05:16] <MirahezeRelay>	 <tmwyk> 😀
[00:05:41] <MirahezeRelay>	 <tmwyk> well.
[00:06:24] <MirahezeRelay>	 <tmwyk> Let’s revisit this in a few weeks 🙂
[00:06:51] <MirahezeRelay>	 <tmwyk> (you shouldn’t have summoned forth that idea)
[00:07:07] <MirahezeRelay>	 <blankeclair> how many xsses are in core i wonder?
[00:07:25] <MirahezeRelay>	 <90gq29, replying to bartomelow> 2010 facebook looking skin
[00:07:26] <MirahezeRelay>	 <abaddriverlol, replying to blankeclair> before the legacy parser removal or after it?
[00:07:32] <MirahezeRelay>	 <blankeclair> both tbh
[00:07:45] <MirahezeRelay>	 <abaddriverlol> [1/2] before: probably a ton
[00:07:45] <MirahezeRelay>	 <abaddriverlol> [2/2] after: half a ton
[00:07:51] <MirahezeRelay>	 <blankeclair> i could think of a ctf setup
[00:08:23] <MirahezeRelay>	 <blankeclair> [1/3] user whose email address is the flag
[00:08:23] <MirahezeRelay>	 <blankeclair> [2/3] automated browser that opens any url provided by the user (as long as it's on the proper domain)
[00:08:23] <MirahezeRelay>	 <blankeclair> [3/3] user can edit wiki
[00:08:31] <MirahezeRelay>	 <tmwyk> Wikimania 2026 CTF :hyperthonking:
[00:08:39] <MirahezeRelay>	 <blankeclair> (maybe remove the last allowance if you want a spicy vuln)
[00:08:58] <MirahezeRelay>	 <abaddriverlol, replying to blankeclair> (maybe remove the second one if you want an SQLI or RCE)
[00:09:23] <MirahezeRelay>	 <blankeclair> i laughed so hard i coughed lmao
[00:09:37] <MirahezeRelay>	 <abaddriverlol> lol
[00:09:50] <MirahezeRelay>	 <blankeclair> btw, how _do_ you take advantage of sqlis in mediawiki?
[00:10:18] <MirahezeRelay>	 <blankeclair> seems like using multiple statements isn't possible, so you can't do `; DROP TABLE Students; --'
[00:10:21] <MirahezeRelay>	 <tmwyk> I’ll sleep on it (and have a dream with the whole thing planned in it, as per usual with my lucid ass dreams)
[00:10:32] <MirahezeRelay>	 <abaddriverlol, replying to blankeclair> DOS would be easy
[00:10:36] <MirahezeRelay>	 <abaddriverlol> idk how else tbh
[00:10:48] <MirahezeRelay>	 <abaddriverlol> and I don't feel like putting sth like that in my PoC lol
[00:10:49] <MirahezeRelay>	 <blankeclair> DOS?
[00:10:57] <MirahezeRelay>	 <abaddriverlol, replying to blankeclair> SLEEP(1000)
[00:11:01] <MirahezeRelay>	 <blankeclair> ah
[00:11:17] <MirahezeRelay>	 <abaddriverlol> I use it for my PoCs
[00:11:25] <MirahezeRelay>	 <tmwyk, replying to abaddriverlol> https://tenor.com/view/windows-vista-windows-vista-ultimate-windows-vista-shutting-down-windows-vista-turn-off-windows-vista-turning-off-gif-1067972796648846593
[00:11:27] <MirahezeRelay>	 <abaddriverlol> e.g. `'//OR//SLEEP(5)//OR//''//=//'` in https://phabricator.wikimedia.org/T406380
[08:03:00] <MirahezeRelay>	 <blankeclair> https://github.com/9001/copyparty/issues/495
[09:00:35] <MirahezeRelay>	 <originalauthority, replying to abaddriverlol> I should've guessed the author before clicking the link
[09:07:21] <MirahezeRelay>	 <abaddriverlol, replying to originalauthority> [1/2] tbf I think he didn't write this code
[09:07:22] <MirahezeRelay>	 <abaddriverlol, replying to originalauthority> [2/2] > yes, I'm the closest thing this extension has to a maintainer.
[09:38:09] <MirahezeRelay>	 <honoka55, replying to bartomelow> [1/2] says citizen
[09:38:09] <MirahezeRelay>	 <honoka55, replying to bartomelow> [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1432302339993243689/image.png?ex=69008f00&is=68ff3d80&hm=6966eb58f20decce5bef064a7389ef3fc25904f0e3a011bfdb8c745031eaaa4b&
[09:40:46] <MirahezeRelay>	 <honoka55> [1/2] and says vector 2022
[09:40:46] <MirahezeRelay>	 <honoka55> [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1432302999509667870/image.png?ex=69008f9d&is=68ff3e1d&hm=98d9269821036f9d95baaa347e497b106bfa493da6bed3d5541e281b9dd490dd&
[09:49:35] <MirahezeRelay>	 <honoka55> [1/2] i think it's only amirage bug that the icon's css is lost (randomly picked a wiki with the skin from [[mh:communities:List of wikis by default skin]]
[09:49:35] <wm-bot>	 https://mh.wikipedia.org/wiki/communities:List_of_wikis_by_default_skin
[09:49:36] <MirahezeRelay>	 <honoka55> [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1432305220678844548/image.png?ex=690091af&is=68ff402f&hm=b83f199afb9caa45b9f5e0fcc98313719d515f5f81dd0b7eb2992376eb119442&
[09:49:36] <MirahezeRelay>	 <Wiki-Bot#2998> <https://communities.miraheze.org/wiki/List_of_wikis_by_default_skin>
[09:51:22] <MirahezeRelay>	 <honoka55> btw even one of the most popular skins, citizen, has a similar bug (they forget to add wikilove icon to css, which is obviously by design
[09:51:51] <MirahezeRelay>	 <theoneandonlylegroom> [1/2] polish vintage synth for your soul
[09:51:52] <MirahezeRelay>	 <theoneandonlylegroom> [2/2] https://www.youtube.com/watch?v=8lxoejgzNcA
[11:37:11] <MirahezeRelay>	 <tangoer_man> waaa my laptop just died
[11:40:45] <MirahezeRelay>	 <tmwyk> sorrows
[11:42:15] <MirahezeRelay>	 <theoneandonlylegroom> rip
[12:01:07] <MirahezeRelay>	 <tangoer_man> HOLY SHIT NEVERMIND
[12:01:28] <MirahezeRelay>	 <tangoer_man> apparently i had the misfortune of TWO bad chargers and thats why i thought my laptop was obliterated
[12:01:40] <MirahezeRelay>	 <tangoer_man> third time's the charm they say
[12:03:19] <MirahezeRelay>	 <theoneandonlylegroom> yay
[12:03:55] <MirahezeRelay>	 <tangoer_man> https://cdn.discordapp.com/attachments/1385686339483074651/1389837864665219153/caption.gif
[13:52:52] <MirahezeRelay>	 <tangoer_man> i just had a dream where miraheze had ads on youtube and that it said there were 2.2 million wikis hosted
[13:53:24] <MirahezeRelay>	 <tangoer_man> is this a sign that miraheze will succeed well
[13:53:58] <MirahezeRelay>	 <pskyechology> the good ending?
[13:55:33] <MirahezeRelay>	 <tangoer_man> there was also a mascot that was like a mix between a furry and a bee
[13:55:51] <MirahezeRelay>	 <zppix> No why would we advertise on youtube, were gonna advertise on Fandom /j
[13:56:54] <MirahezeRelay>	 <tangoer_man, replying to zppix> i think if we actually did that fandom wouldnt feel the best
[13:57:01] <MirahezeRelay>	 <tangoer_man> in terms of money
[13:57:31] <MirahezeRelay>	 <zppix> And?
[13:59:09] <MirahezeRelay>	 <tangoer_man> miraheze servers would also probably crash and burn
[14:02:51] <MirahezeRelay>	 <theoneandonlylegroom> hopefully loads of money = more servers
[14:22:47] <MirahezeRelay>	 <groupnebula563_0765, replying to tangoer_man> i think we actually discussed that
[14:23:08] <MirahezeRelay>	 <groupnebula563_0765> i'm still in favor of it, we need a good mascot
[14:23:27] <MirahezeRelay>	 <groupnebula563_0765> can you like draw what it looked like or describe it a bit more?
[14:23:53] <MirahezeRelay>	 <groupnebula563_0765> because it would be really funny if when people asked where our mascot was from we could say "it came to us in a dream"
[14:24:21] <MirahezeRelay>	 <theoneandonlylegroom> there's a thread in #general
[14:24:54] <MirahezeRelay>	 <groupnebula563_0765> ooh ok
[14:24:56] <MirahezeRelay>	 <theoneandonlylegroom> ive been saying that miraheze needs a mascot for years atp lol
[14:24:58] <MirahezeRelay>	 <groupnebula563_0765> will check that out
[14:25:59] <MirahezeRelay>	 <tangoer_man, replying to groupnebula563_0765> it looked like ur usual furry but with a yellow and black colour scheme and bee wings
[14:26:12] <MirahezeRelay>	 <theoneandonlylegroom> wdym usual furry lol
[14:26:34] <MirahezeRelay>	 <theoneandonlylegroom> ive seen once an awesome wasp fur suit btw
[14:26:35] <MirahezeRelay>	 <tangoer_man> fuck lemme think more
[14:26:50] <MirahezeRelay>	 <tangoer_man> sort of like a fox?
[14:27:35] <MirahezeRelay>	 <tangoer_man> there was like a collar of yellow floof too
[14:30:41] <MirahezeRelay>	 <bartomelow, replying to tangoer_man> remember guys, a good mascot NEEDS to be a furry
[14:42:41] <MirahezeRelay>	 <tangoer_man, replying to bartomelow> https://cdn.discordapp.com/attachments/1141936516311023726/1242886761215164547/attachment.gif
[14:42:53] <MirahezeRelay>	 <bartomelow, replying to tangoer_man> what
[14:43:36] <MirahezeRelay>	 <theoneandonlylegroom> the term furry really goes outside of just animals btw
[14:44:02] <MirahezeRelay>	 <theoneandonlylegroom> so basically, not human
[14:45:31] <MirahezeRelay>	 <bartomelow> fish
[14:47:42] <MirahezeRelay>	 <bartomelow, replying to theoneandonlylegroom> wtff can we have this as our mascot
[17:44:50] <MirahezeRelay>	 <tangoer_man> images on miraheze have two sides:
[17:45:39] <MirahezeRelay>	 <tangoer_man> slower than an ignorant ape missing legs
[17:45:56] <MirahezeRelay>	 <tangoer_man> or faster than an disobiediant dog when they run outside
[17:46:20] <MirahezeRelay>	 <tangoer_man> 90 percent of the time its the first
[17:46:53] <MirahezeRelay>	 <bartomelow> [1/2] mirage is kinda fire
[17:46:54] <MirahezeRelay>	 <bartomelow> [2/2] https://cdn.discordapp.com/attachments/615786602454581249/1432425336414535781/image.png?ex=6901018d&is=68ffb00d&hm=974ce0230b19e552f694dee50ad691ba7906b37a7d2dcc5d9c8031aa1b042c89&
[19:20:13] <MirahezeRelay>	 <eytirth, replying to bartomelow> Is this a new ustom skin?
[20:07:24] <MirahezeRelay>	 <bartomelow, replying to eytirth> No it's mirage
[20:09:25] <MirahezeRelay>	 <bartomelow> [[mw:Skin:Mirage]]
[20:09:25] <wm-bot>	 https://www.mediawiki.org/wiki/Skin:Mirage
[20:09:27] <MirahezeRelay>	 <Wiki-Bot#2998> <https://www.mediawiki.org/wiki/Skin:Mirage>
[20:10:19] <MirahezeRelay>	 <eytirth, replying to wm-bot> Really? How much CSS have you suck on that?
[20:22:13] <MirahezeRelay>	 <bartomelow, replying to eytirth> wdym?
[20:22:33] <MirahezeRelay>	 <eytirth, replying to bartomelow> vcery diffant look
[20:23:19] <MirahezeRelay>	 <bartomelow> not really ... it's just linear gradient
[20:24:31] <MirahezeRelay>	 <bartomelow> thanks though