Two messages were added to wgRawHtmlMessages instead of just
fixing the way they were parsed so they can't contain raw
HTML. This fixes that.
In order to avoid breakage on-wiki for old customized messages
that took advantage of them being parsed as raw HTML, rename
the messages too. Also rename a few other messages from the
same set to stay consistent.
Note: These messages are suppressed in favour of Echo's messages
when Echo is enabled, and Echo is enabled on all Wikimedia wikis,
so the existing customized messages on Wikimedia wikis are basically
no-ops.
Bug: T353316
Change-Id: Ib0d1c79247fe091f2806b7c23ffb2fe22cc4df4a
For readability. Allowed since PHP 7.4.
I searched for integer literals of 6 or more digits, and also changed
some nearby smaller numbers for consistency.
Bug: T353205
Change-Id: I8518e04889ba8fd52e0f9476a74f8e3e1454b678
Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually
Change-Id: I443aada1c18c8628b02671aa9fd6f441961e5c2e
So engines can easily parse the site name of MediaWiki pages, let’s
allow site config to provide an OpenGraph site_name property through
a <meta> tag.
Besides T142090 (about og:description)
Bug: T348203
Change-Id: I80cfb89ee7b49bb2d1c41d958f1a0f2c7b447f9f
It is more properly named `$isLinkConversionDisabled`, and since it is
a private property we can easily rename it. The configuration option
still holds onto the old name, though.
Followup-To: I8949f88866ae6bb343edc5febc34c1f5cae83831
Change-Id: Iab4984511e684681dc4b171671b450880f1f470d
This was introduced but never really used outside of core[1]. The only
place that used it in core was MainStash setting which under the hood
will use CACHE_DB (SqlBagOStuff).
This patch removes the "db-replicated" key in $wgObjectCaches without
deprecation because it was never really used in the first place and
had a replacement already when it got released, see: T352481.
[1] https://codesearch.wmcloud.org/search/?q=ReplicatedBagOStuff&files=&excludeFiles=&repos=
Bug: T352481
Change-Id: I8e19ee262a64b00742bb9203b2a2610ec0cc39fa
Following up Id9539a28f0f143539334002c3:
* Don't run the script twice.
* Wrap the decoded dump in an array with key "data".
* The default assignment for DJVU_DUMP and DJVU_TXT had the effect of
running the scripts anyway if the configuration variables are null.
Don't do that.
* If both $wgDjvuDump and $wgDjvuTxt are null, don't run the shellbox
script.
* Centralise shell location configuration.
* Factor out call to convertDumpToJSON().
* Instead of txt_exit_code, just use existence of the file to
communicate success. This avoids a deprecation warning if
txt_exit_code was not received, due to passing null to trim.
* Check for the existence of the result files instead of just trying to
use them.
* Check the exit status of the overall script.
* Confirm that the BoxedCommand branch is functional and works in CLI
mode by using it in DjvuTest.
* Change the service name from "media" to "djvu". Existing examples are
"pagedtiffhandler" and "pdfhandler", i.e. named after the extension,
there is no other core caller. I think it should be more fine-grained
than "media". The name was possibly a conflation with the
ProductionServices array key.
Also:
* Check the exit status of djvudump and don't use the output file if it
is non-zero.
* Check the return value of convertDumpToJSON().
* Don't use isset() unless error suppression is intended.
Bug: T352515
Change-Id: If41a2baada2e4e2462518c1f437af458feb29632
This change was first introduced in Ic4e3dff and then reverted because
of a regression on CLI. So for now forward-port the code from that patch
and put it under a feature flag we can remove once we've debugged
the current issue.
Bug: T289228
Bug: T352515
Change-Id: Id9539a28f0f143539334002c356026b0d185450b
Pages that are fast to render can be omitted from the parser cache
to preserve disk space and cache write operations.
The threshold is configurable per namespace, so the tradeoff can
be evaluated based on different access patterns. For example, pages
that are accessed rarely, like file description pages on commons,
may have a high threshold configured, while pages that are read
frequently, like wikipedia articles, may be configured to be always
cached, using a 0 threshold.
Filtering is based on a time profile recorded in the ParserOutput.
A generic mechanism for capturing the timing profile is implemented
in the ContentHandler base class. Subclasses may implement a more
rigorous capture mechanism.
Bug: T346765
Change-Id: I38a6f3ef064f98f3ad6a7c60856b0248a94fe9ac
Support migration stages when reading and writing blocks.
I tried to set it up for an easy next stage, in which support for the
old schema is removed. I tried to avoid factoring out of shared code
between the two schemas, so that the old schema cases can simply be
deleted without the need to revert unnecessary abstractions.
However, I added HideUserUtils to factor out ipb_deleted queries. Code
review showed that this was already quite complex, with multiple
approaches to the problem, so it benefits from refactoring even without
the schema abstraction.
HideUserUtils is a service rather than a standalone class to support
unit tests, since unit tests do not allow global config access. When
the migration stage config is removed, it will be a service with no
constructor parameters -- an unnecessary abstraction which should
ideally be resolved at that time.
When interpreting result rows, it is possible to share code by using
field aliases. But when constructing WHERE conditions, the actual field
names need to be used, so the migration is more intrusive in
ApiQueryBlocks and SpecialBlockList, where complex conditions are used.
Bug: T346293
Bug: T51504
Bug: T349883
Change-Id: I408acf7a57b0100fe18c455fc13141277a598925
Why:
To inform temporary users about their account expiring
10 days before it is effectively expired.
What:
- Add optional int `notifyBeforeExpirationDays` to $wgAutoCreateTempUser,
for setting how many days before account expiration should users be notified
- Add AutoCreateTempUser config to the tempUserBanner script to use
config values for the popup alerting text logic
- Set the popup default state to open when temp user needs to be notified
- Disable the auto-close option for the popup so users need to
explictly dismiss it.
Bug: T344694
Change-Id: I530e911733c9822d6308ce92fafd425e50942d43
mcrouter-primary-dc was added in 9c14bb5 (I9bc589ec57f4c6), follow
the reverts and reapply too for more context as a way to store tokens
across all servers that run the application, and later purged afterward.
This patch introduces a MediaWiki wrapper service for interfacing
with mcrouter-primary-dc instead of accessing the setting directly
via operations config. This service will be configured by a setting
through $wgMicroStashType.
Testing plan
============
We can begin to directly use this patch as a way to test core rate
limiter via WRStatsFactory. So if that works accurately with this
patch without breaking CI, then that's good news.
In this patch also, MainConfigNames::StatsCacheType setting has been
removed in favor of MicroStashType via a wrapper service. NOTE that
there is already a config patch to take care of the switch and the
former will be removed (on cleanup later).
Bug: T336004
Depends-On: I96f6f7c0240a46e43a785dbd3c0a5a524d4eabc3
Change-Id: I08ebea5e8a601f161fcd678068cecb77f8e15c7c
This config has been set to false in production since 2018 (Ie4ea1dc0d3927).
This doesn't provide much benefit and its impact yet to be proven and
it's blocking removal of ILoadBalancer::getAnyOpenConnection()
That removal makes $dbwSerial unconditionally false which turned the
whole method into a one-liner and since it was used only once,
we just replaced that.
Bug: T325389
Depends-On: I24f33a15d214d49bfb6c6013e7fd64c7d0eb0086
Change-Id: I19043e775fce9f7ddded128cb2c9395b46dd19a3
Why:
Temporary accounts (introduced as part of IP Masking)
are supposed to expire 1 year after their registration.
Automatic account expiration can be done via a maintenance
script, which would be periodically executed via cron / systemd.
Make it possible for extensions to provide their own logic
for generating a list of temporary accounts to invalidate.
This is used in CentralAuth to base registration timestamp
on the global registration timestamp.
The default behavior is "temporary accounts do not expire",
given the feature requires a maintenance script to run
periodically, which will not be the case on third party
instances.
What:
* Add `expireAfterDays` to $wgAutoCreateTempUser, controlling
how many days temporary accounts have.
* Add UserSelectQueryBuilder::whereRegisteredTimestamp(),
filtering accounts based on user_registration.
* Add ExpireTemporaryAccounts maintenance script, which is
@stable to extend.
Bug: T344695
Change-Id: If17bf84ee6620c8eb784b7d835682ad5e7afdfcc
Add $wgEnableMultiBlocks and $wgBlockTargetMigrationStage vars that will
allow for multi-stage migration.
Bug: T346671
Change-Id: Id356445605870abf279f056490040cb2b5921d7a
* qualify class names where needed
* one @see per line
* @see to class constants instead of $wg... variables
* add missing docs for GrantPermissionGroups
Change-Id: Iead0593b227e704ebcf8217608bb2bde82f78c45
In https://phabricator.wikimedia.org/rMW3617c982c9db793515818e1468fa827ae5880358,
the "cookie redirect check" was removed but the setting that controlled
this set was not removed alongside.
Also, double checking that this setting is not configured in production
via our prod configs and always defaults to false is the case today.
Bug: T349791
Change-Id: Ia2a57b57c4c0a9848798f469181738646e0f8dc8
Add a config var named `$wgEditRecoveryExpiry`
(default 2592000s, 30d) instead of hard coding 30d.
Bug: T348593
Change-Id: I67ca48ef9265a102665e0b89b09b0273d3e69a04
The "purge" permission was defined in $wgGroupPermissions, but not
checked in ActionPurge, SpecialPurge, or ApiPurge (until I9fee34f5b4).
The permission check for 'purge' was apparently lost in 2016 (see
I5749ff470d99). Ever since, we have been applying rate limits to
purging, but no permission checks.
Because of this, 'purge' should be declare to be an implicit right,
just like its sibling 'linkpurge'.
Note that the 'purge' permission was not granted to anon users per
default, yet RESTbase has Mocha tests that rely on being able to purge
pages without having to log in. Currently, CI tests for RESTbase are
broken because I9fee34f5b4 inadvertent restored permission checks for
'purge'.
Bug: T291316
Followup-To: I9fee34f5b44e947a00f1aaf2d28202d009e2caec
Change-Id: Iaceea6186a2216ae98118cb70a69ea20882fd982
This creates a new language code, 'x-xss', which is enabled using the
setting $wgUseXssLanguage (similar to how $wgUsePigLatinVariant enables
the 'en-x-piglatin' language code, and likewise defaults to false; will
be enabled in development settings soon).
In this language code, all messages become “malicious”, trying to run
some alert() JavaScript; if any alert() actually fires in the browser,
the message was not escaped properly. ($wgRawHtmlMessages are exempt,
since they’re already known to be “unsafe” and require more rights to
edit on-wiki.) Messages that are not escaped properly are generally a
minor security issue; they effectively let a user with 'editinterface'
right (such as a sysop, on many wikis) run arbitrary JS, without needing
the 'editsitejs' right (normally restricted to interface admins).
Developers can use this language code to more easily check their code
for escaping issues / cross-site scripting vulnerabilities.
Bug: T340201
Change-Id: Ia9a1cf712b139fea5da72046e37035e6de39d8d5
Disabled by default in WMF production, and currently enabled on
www.mediawiki.org and other group0 wikis.
To gain exposure through WMF CI and to provides its value immediately
to local development, enable it in MW core also.
If issues come up prior to 1.41.0, we can switch this back off,
and instead enable it in DevelopmentSettings.php to limit it to CI
and local dev.
Bug: T47514
Change-Id: I0cb58631b465bbd32ce70f9daae039d420d6bb3d
The use of Article::getRedirectHeaderHtml() has been discouraged for a
while, since WikitextContentHandler can (should) be used to insert the
redirect header. Further, since I20db09619999919bfeda997d79561d21e3bf8718
the header should be added as an extension data property instead of
directly concatenated to the HTML. Regardless, this functionality
logically should live in LinkRenderer.
Change-Id: I4d0de0e72473ae039dca420a2733bc746d8c2951
ParserOutput::addOutputHook() has been deprecated since 1.38, and without
any calls to ::addOutputHook() the associated ::getOutputHooks() and
$wgParserOutputHooks configuration do nothing.
Bug: T292321
Bug: T305161
Change-Id: Ib770c680d5e0697980e7e36a323ec56ba1d806b8
Why:
Temporary accounts introduced as part of IP Masking are supposed
to expire 1 year after their registration. Accounts can have
multiple registration timestamps when in a wiki-farm setup,
depending on which wiki we consult.
To implement the account expiration logic, we need to know the global
(first) registration timestamp.
Similar to CentralIdLookup, a concept of a registration date
provider is introduced. Unlike IDs, users can have multiple
kinds of registration dates (Wikimedia recognizes local and global,
but third parties can have different needs). For that reason,
any number of registration providers can be registered at any
given time; caller determines which one is requested. The default
is `local`, which is the only provider that is guaranteed to exist.
What:
* Add UserRegistrationLookup
* Add UserRegistrationProviders config variable
Bug: T344694
Change-Id: If9fa12a392064dd504590a861a175e3604a34fab
