Remove {ParserOutput,OutputPage}::preventClickjacking, deprecated since 1.38

This was removed by a getter/setter pair with a more standard name: ::{set,get}PreventClickjacking() in both ParserOutput and OutputPage. In addition, OutputPage::allowClickjacking(), similiarly deprecated, was removed. Bug: T305161 Change-Id: I141ec9e9cb4a285edc633c0f9b61516c33f9281c
2023-07-27 18:40:08 -04:00 · 2023-07-27 18:40:08 -04:00 · f33e71f1f4
commit f33e71f1f4
parent 3dd061a5bb
3 changed files with 12 additions and 46 deletions
--- a/RELEASE-NOTES-1.41
+++ b/RELEASE-NOTES-1.41
@ -361,6 +361,9 @@ because of Phabricator reports.
  been removed:
  - ::addWarning()
  - ::hideNewSection()
+  - ::preventClickjacking()
+* OutputPage::allowClickjacking() and ::preventClickjacking(), deprecated
+  since 1.38, have been removed.
 * ResourceFileCache has been removed without deprecation. There were no known
  uses outside of core.
 * Many LocalisationCache constants, properties and methods that have no known
--- a/includes/Output/OutputPage.php
+++ b/includes/Output/OutputPage.php
@ -2640,32 +2640,6 @@ class OutputPage extends ContextSource {
 		}
 	}

-	/**
-	 * Set a flag which will cause an X-Frame-Options header appropriate for
-	 * edit pages to be sent. The header value is controlled by
-	 * $wgEditPageFrameOptions.
-	 *
-	 * This is the default for special pages. If you display a CSRF-protected
-	 * form on an ordinary view page, then you need to call this function.
-	 *
-	 * @param bool $enable
-	 * @deprecated since 1.38, use ::setPreventClickjacking( true )
-	 */
-	public function preventClickjacking( $enable = true ) {
-		$this->mPreventClickjacking = $enable;
-	}
-
-	/**
-	 * Turn off frame-breaking. Alias for $this->preventClickjacking(false).
-	 * This can be called from pages which do not contain any CSRF-protected
-	 * HTML form.
-	 *
-	 * @deprecated since 1.38, use ::setPreventClickjacking( false )
-	 */
-	public function allowClickjacking() {
-		$this->mPreventClickjacking = false;
-	}
-
 	/**
 	 * Set the prevent-clickjacking flag.
 	 *
--- a/includes/parser/ParserOutput.php
+++ b/includes/parser/ParserOutput.php
@ -2138,7 +2138,13 @@ class ParserOutput extends CacheTime implements ContentMetadataCollector {
 	}

 	/**
-	 * Set the prevent-clickjacking flag
+	 * Set the prevent-clickjacking flag.  If set this will cause an
+	 * `X-Frame-Options` header appropriate for edit pages to be sent.
+	 * The header value is controlled by `$wgEditPageFrameOptions`.
+	 *
+	 * This is the default for special pages.  If you display a CSRF-protected
+	 * form on an ordinary view page, then you need to call this function
+	 * with `$flag = true`.
 	 *
 	 * @param bool $flag New flag value
 	 * @since 1.38
@ -2148,33 +2154,16 @@ class ParserOutput extends CacheTime implements ContentMetadataCollector {
 	}

 	/**
-	 * Get the prevent-clickjacking flag
+	 * Get the prevent-clickjacking flag.
 	 *
 	 * @return bool Flag value
 	 * @since 1.38
+	 * @see ::setPreventClickjacking
 	 */
 	public function getPreventClickjacking(): bool {
 		return $this->mPreventClickjacking;
 	}

-	/**
-	 * Get or set the prevent-clickjacking flag
-	 *
-	 * @since 1.24
-	 * @param bool|null $flag New flag value, or null to leave it unchanged
-	 * @return bool Old flag value
-	 * @deprecated since 1.38:
-	 *   use ::setPreventClickjacking() or ::getPreventClickjacking()
-	 */
-	public function preventClickjacking( $flag ): bool {
-		wfDeprecated( __METHOD__, '1.38' );
-		$old = $this->getPreventClickjacking();
-		if ( $flag !== null ) {
-			$this->setPreventClickjacking( $flag );
-		}
-		return $old;
-	}
-
 	/**
 	 * Lower the runtime adaptive TTL to at most this value
 	 *