```
PHP Deprecated: strrpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /srv/mediawiki/1.42/includes/libs/filebackend/FileBackend.php on line 1588
```
Bug: T384851
Change-Id: I36c401587d94e7c1ab444d355b03ea88da8fb6e8
(cherry picked from commit 1a4d7d410c527f6a9f57b5c3e6f733a4a64f41c1)
This patch reworks RestrictionStore::getCascadeProtectionSourcesInternal
to return a third and fourth array:
* One for cascading restrictions originating from templatelinks
* Another for those originating from imagelinks
They are used in PermissionManager::checkCascadingSourcesRestrictions
to differentiate cascading protection of file content and file page,
but could also be used in the future by action=info and other callers.
Bug: T24521
Bug: T62109
Bug: T140010
Change-Id: Ia5863f418538106f4fd657c672298ff6ac835805
(cherry picked from commit 7a4952ef2c5d593fae9419bad39f3e9894f42adf)
Users should have 'reupload' or 'reupload-own' rights to do file revert.
Bug: T304474
Change-Id: I2d0eaeeea237286741708c2b5920fe7cca3acf50
(cherry picked from commit 7b4aee237e257954195c4d695b2cfe2a9a3b4116)
For the positive-delta case since the row can't be negative the
`GREATEST` is useless, so delete it. For the negative-delta case do the
GREATEST before the subtraction so that it doesn't try to temporarily go
negative.
Bug: T315573
Change-Id: I0a27a57835048ee6a06266d377ed8f3f52ddf435
(cherry picked from commit 4017d2b6d60c6eb5c02ca48c8d8eeb74a18ba262)
The extraneous sequence \r\n is not required.
Avoid the use of hexcode to avoid future confusions.
Bug: T388733
Change-Id: I1092ff76ed5e8221e43ea7b70cf0c9d9d3abb1f3
(cherry picked from commit 6753123a0629de81ce4899958180272736e7ba61)
iconv() can still emit notices even when '//IGNORE'
string flag is passed.
Bug: T387690
Change-Id: I16f1e99f7c25457aa0b35cb428391c42dec7b91d
(cherry picked from commit 357f2b61e815e071147583e07b388801189462bf)
Why:
- PermissionManager::getUserPermissions() checks whether the user is
blocked if $wgBlockDisablesLogin = true, so that it can then limit
user's permissions to the set of permissions assigned to unregistered
users if so.
- This causes the GetUserBlock hook to run, which may itself check
permissions on the user (e.g. in the GlobalBlocking extension),
causing an infinite loop.
- Since the decision whether the user is blocked isn't yet final by the
time GetUserBlock runs, any permission checks triggered by
GetUserBlock handlers should see the user's full set of permissions.
What:
- Stash the user's permissions in PermissionManager's in-memory cache
before running block checks if BlockDisablesLogin = true.
- Add tests.
Bug: T384197
Change-Id: I3e3804fe518627e9edc2b574cce88f533fd93fe4
(cherry picked from commit 27062b9f8752cc853a65e8a46c9d7d1a9af32c48)
In theory PHP should use coerce objects with a __toString method
to string when passing them to a method which has a string-typed
argument, but with the native Exception class this doesn't seem
to be working, so cast explicitly.
Bug: T388171
Change-Id: I310b97164877445837babed2a4c47795f1c2c277
(cherry picked from commit a14ef848f758612ac9d4e8c881ecdbbccf3e1158)
Trying to load the session user in an MW_NO_SESSION resulted in
an exception thrown from SessionManager::getSessionFromInfo(),
but User::$mLoadedItems has been set by that point, so if
something catches the exception, future attempts to access that
user object would result in unexpected behavior.
Bug: T388066
Change-Id: Ia3f6d0a96209471db3ce1baf6870a57e1cf1b6b2
(cherry picked from commit a32247211585123565498d2a1e4e54bed6ade6fb)
Why:
- Revision meta-data output was failingfor revisions with suppressed
user or comment
What:
- Handle suppressed user and comment gracefully
- add regression test
Bug: T386368
Bug: T387397
Change-Id: Ic6d3fc89d24030f5c3fd422637816de9976fc709
(cherry picked from commit 8c53a15ba0fae2677aa8e28055f06ef557595be6)
Use php build-in support via headers_sent() to get the
relevant file and line for the log message.
Keep the exception for more details.
Change-Id: Ief301710efc19df9b5eaa6d94f138570e3be6290
(cherry picked from commit 8e4a0638bd92620ff216cf8bdd21e3da003130b3)
Log a warning with preg_replace error instead of passing null to trim.
Bug: T385519
Change-Id: If4ad78168d7899685f4fa1f1d89245c85f0beb0b
(cherry picked from commit 270499b6e1f96f402c852843d446a7946589986b)
Why:
- Setting the increment to 0 should check the limit without bumping it.
- This was apparently broken by If3e66491306f22650.
What:
- Use LimitBatch::peek if the increment amount is 0
Bug: T381033
Change-Id: Ife76a1976a2063f051f00302e5adaebd701e6367
(cherry picked from commit e09606b3dc44711571cc6cf2d0d11bd7784d0cdd)
If $mailparts does not contain two elements (which would be the case when the separator `@` is not present in the string), then we cannot
access $mailparts[1].
In this case, the entire path as is, is treated as the host.
Bug: T380880
Change-Id: I10187c93e67ce9294ff0b3866939d2c7d7292a9a
(cherry picked from commit c2db58c55bef207dd37ac5fe0b07aa28ee4bd2d5)
It is not clear who the "brand-new users" are in this case so help-message is required here.
Bug: T381205
Change-Id: Idfc1b7e4b5b1686f0edf69b32e0d4152b30e54ae
(cherry picked from commit 141be6c7f7a3be92d702db1e26ba7d0493aa8a0f)
Why:
Both AtomFeed::formatTime() and RSSFeed::formatTime() short-circuit with
null if the input is falsy. This caused deprecation warnings down the
line, as the return value was later fed into str_replace(), which raises
a deprecation warning on PHP 8 if it gets null.
It also caused unexpected output on all PHP versions: the Mustache
templates for both Atom and RSS conditionally emit the date elements
(<updated> in Atom, <pubDate> in RSS), but this conditional output is
skipped only if the variable is null, not when it’s an empty string –
which is exactly what the XML encoding returned on all PHP versions.
What:
Introduce a new method, xmlEncodeNullable(), which properly handles null
values, and returns them as-is, without trying to encode them. This:
- Avoids the deprecation warnings on PHP 8, since str_replace() is no
longer called.
- Makes the conditional output work: the <updated>/<pubDate> elements
are no longer output if no date is available.
- This makes the RSS output spec-compliant, as no garbage is output
anymore. The RSS <pubDate> is optional [1].
- It doesn’t make the Atom output entirely spec-compliant, as Atom
requires <updated> to be present [2], but the removal of garbage
(it was a single letter Z) should still increase compatibility.
[1] https://www.rssboard.org/rss-specification#hrelementsOfLtitemgt
[2] https://validator.w3.org/feed/docs/atom.html#requiredEntryElements
Bug: T385332
Change-Id: Iafd89c0d61baecd7c68f62b2a0764cc78cf25069
(cherry picked from commit 60c57b0fd5303e9627b7684ebac4cd369c1fe7a6)
php8.4 validates the locale and rejects invalid one.
Just use the fallback chain to find an usable language, mostly en.
Cache the created NumberFormatter instance, to avoid performance impact
for some languages due to more attempts to create a NumberFormatter.
Also C is rejected, so resolve it directly with Locale::getDefault()
Bug: T376711
Change-Id: I686f77baea33ea2852c546e30e9cc08618d44321
(cherry picked from commit 8b2cc12bd3724cd213ac581d220b50f91e282630)
* Fix getInfoBox to not be a warning box, but an information notice
like it is intended to be.
* Update getInfoBox() to use codex class names, same as showMessage().
* Update getInfoBox() to bold the "Information" title, as per Codex
examples and guidelines, e.g.
https://doc.wikimedia.org/codex/latest/components/demos/message.html#multiline
* Remove infoBox() utility, it was used only once, in getInfoBox().
The `mw-installer-box-*`, `mw-installer-infobox-*` CSS classes
are also unusd now, however there is nothing to remove because
these were already removed in a previous refactor.
* Introduce showWarning(), and apply it to showMessage() calls that
convey non-fatal issues.
Bug: T384524
Change-Id: I6722346ef81a0a9cf8983153271be579905c7898
The image passed to ::getInfobox is never passed to ::infoBox() it is
only called twice with an image which also doesn't work, it is never
called with 'class' option so remove both.
Bug: T383646
Change-Id: I4abe9f608e9b5dd657e3948988f28ad991495f25
(cherry picked from commit 412e602cd6586b9ce25b9c3cc9fcde14748fa146)
Why:
- The REST API takes an optional renderid param when converting HTML
back to source wikitext, which is user-provided and may be invalid.
- Invalid render IDs cause an InvalidArgumentException to be thrown that
causes a 500 response.
What:
- Introduce a new error message for invalid render IDs in the REST API.
- Return a 400 with this new error message for HTML reverse-parses with
an invalid render ID.
Bug: T385568
Change-Id: I062419fe8952329a39781a49cdca2e94c3996447
(cherry picked from commit cd1d42a5066e4bcb9b9d4ed9b4f7714fd428fea3)
Why:
- ParsoidRenderID::newFromKey() validates incoming keys and throws an
InvalidArgumentException if a required key component was missing.
- It does so by eagerly destructuring the return value of explode(),
which causes a PHP Notice for invalid inputs as the expected offsets
won't exist then.
What:
- Check the count of key parts before destructuring.
- Add unit tests.
Bug: T385567
Change-Id: I1d936ae038f85ffa2e5d1d3d8a75fdc75e4c8ef8
(cherry picked from commit eec130925c081c2da1c475f9a9ce719e6838ca51)
A regression in 69ad795df7 caused virtual
files with a versionFilePath to be silently dropped from the version
hash computation. This caused changes in these files to not be reflected
in the version hash of the file.
Bug: T385055
Change-Id: Ibde41f07bb6fa7610660cb5b7a3f7aafbe9d6bd3
(cherry picked from commit bce48b6358cd2176d9fbc9a7c22f008bfbcf73d2)
Special pages for login and signup contain language selector links
to change the interface language, the available languages are defined
via the `loginlanguagelinks` message. Invalid codes will make the
pages completely inaccessible, preventing account creation and login.
This patch improves the link generation logic to only create links
for codes considered valid by LanguageNameUtils.
Bug: T384995
Change-Id: I4f470dc417a773225ba335f95da1151525a2f620
(cherry picked from commit da179c65056d65dc5d610af1e29fed57df4f1082)
