Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
isset() does two things: It checks if a variable (or array element)
is declared, *and* it checks if it is null. If a variable is null,
isset() fails as if the variable was not set. All these additional
null checks are dead code.
Change-Id: I71e8cc26dac839c9d081bf00b4164b7b5147e586
One use case of display title is to localise page names with Translate
extension or without. While the page title changes, the subheadings still
say something like "Pages in category Foo/de".
Also converted one raw HTML message to be a parsed message.
First version of this patch caused an issue when previewing
because page title in h1 is not the same as page display title.
This issue is fixed by promoting page display title as it's own member
in OutputPage. Also added getUnprefixedDisplayTitle that attempts to
strip away the namespace prefix to mimic Title::getText() but which
works with display title instead.
Bug: T43720
Bug: T46197
Change-Id: I6097a873297eb57759252fc56ad6d02c44e4c366
Directly use the UTF-8 encoding of the 'NO-BREAK SPACE' (U+00A0) instead of
the HTML/XML entities   or   or .
With the UTF-8 character the generated HTML is shorter and better to read.
Also change the special value for the label in HTMLForm from   to
U+00A0 but also support   for backward compability.
Bug: T154300
Change-Id: I882599ac1120789bb4e524c4394870680caca4f4
prev-page and next-page were being escaped when they were a
link, but not when they were plain text. They should be escaped
in both cases.
This issue was discovered with an experimental phan plugin I'm
working on.
Change-Id: I6caac76299b21a54cd7cb732ad93187e3d37c99e
Fixes regression from 1885a1ac46, which accidentally removed
page_namespace and page_title as select fields.
Bug: T146873
Change-Id: I19cff0cf5bc015da7311196749a9201a8e458b49
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
One use case of display title is to localise page names with Translate
extension or without. While the page title changes, the subheadings still
say something like "Pages in category Foo/de".
A display title is now used if provided. There is one questionable thing
what to do with namespaces and display title. In this case I think it is
better to have the namespace prefix displayed (or not) according to what
the site admin wants, because we cannot safely strip the namespace prefix
from display title.
By using the page title from OutputPage, we already get a name which is
safe for HTML with no further processing. The name is passed as a raw
parameter which breaks magic words (if any) trying to access the value.
It is easy to fix this by using FULLPAGENAME magic word instead.
Also converted one raw HTML message to be a parsed message.
Bug: T43720
Change-Id: Ide7d4a9ee5c76b6360b53aefd76a2e17a139173f
Links 'next 200' and 'previous 200' don't always list 200 items.
Hence changed the labels to 'previous page' and 'next page'. Also,
added new messages for the same.
Bug: T59414
Change-Id: Id5c30e92227e863acdeb3cadc132200ef2bc48c8
The categories on Category page were listed using table layout. This layout has
been changed to the responsive css column structure, which is 3 column wide
beyond 768px, otherwise shrinks to a single column.
break-inside is used which needs some consideration, see here:
http://css-tricks.com/almanac/properties/b/break-inside/
Bug: T55130
Change-Id: I437e6079b20e110047f93fb5c09aae40189f1ec0
Patch adds two hook which are described in hooks.txt. This
is being used to allow Flow to offer two links instead of just
one that are relevant to the page that was categorized.
The default output without these hooks is:
<a href="...">Topic:Soiasdf90f09</a>
This patch allows flow to provide context as to where this topic came
from, by replacing that with:
<a href="...">Topic:Soiasdf90f09</a> on <a href="...">Talk:Help</a>
(Note that the names of pages within the Topic namespace will also
become more friendly soonish, but outside the scope of this patch).
Bug: T87793
Related-Flow-Change: Ia4f2953bcd807ba3990e762a2efcaab428c40147
Change-Id: I182e6e35fcc3a2a298e928e088579bdb22e145ff
Xhprof generates this data now. Custom profiling of various
sub-function units are kept.
Calls to profiler represented about 3% of page execution
time on Special:BlankPage (1.5% in/out); after this change
it's down to about 0.98% of page execution time.
Change-Id: Id9a1dc9d8f80bbd52e42226b724a1e1213d07af7
Change Ia9baaf0b changed the visibility of member variables (many of which are not
otherwise exposed, e.g. by a method) and by that introduced a major API change
breaking extensions.
This patch explicitly marks affected variables as public again, keeping the intent
of the original patch of making phpcs-strict pass on includes/ directory.
Bug: 67522
Bug: 67984
Change-Id: I498512b2a1e615365bb477c1fd210aaa3241ca03
Have to pass a context to the constructor to acutally use it for
settings.
Also adds a RequestContext::getMainAndWarn to get a default warning,
when using the main request, but it would be better to pass one.
Change-Id: I1628a1790c45d44aa4239701486b8b1b7c59a0e6
- use tab as indent instead of spaces
- Added space after closures "function"
- Added spaces around string_concat
- Added newline inside empty blocks
- Removed four spaces after comma
Change-Id: I4425b0c6a69b36f40acfea6511b8950cf09ce2b2
with until=param
When an until parameter is given i.e. going to a previous page, the
category page does the sql query in descending order. In that case,
the previous page link was given an until paramter that was one more
than the last needed result, since until= is interpreted as up-to but
not including, unlike from=, which is starting from and including.
Bug: 36964
Change-Id: I7eaf58d78136ac069a2d9122bca03f87863d2c0b
