Three new checks are now applied to user signatures in preferences:
* Disallow invalid HTML and lint errors (T140606)
Since 15e0e9bb4b we can rely on Parsoid to check the signature for
lint errors. (The old PHP Parser doesn't have this capability.)
Most importantly, this will disallow unclosed HTML tags. Unclosed
formatting tags like `<i>` (and also wikitext markup like `''`)
could affect the entire page with the bad markup.
New configuration variable $wgSignatureAllowedLintErrors is added
to allow ignoring some errors. The default value ignores the
'obsolete-tag' error (caused by HTML tags like `<font>` and `<tt>`.)
* Require a link to user page, talk page or contributions (T237700)
Various tools don't work correctly when such a link is missing. For
example, Echo notifications are not sent, DiscussionTools will not
allow replying to these comments, English Wikipedia's SineBot treats
these comments as unsigned.
Such requirement has been present for a long time in many Wikimedia
wikis' policies, but it was not enforced by software.
* Disallow "nested" substitution in signature (T230652)
Clever abuse of "subst" markup and tildes allows users to save edits
containing wikitext in which substitution occurs again when the page
is next saved. Disallow this in signatures, at least.
New configuration variable $wgSignatureValidation is added to control
what we do about the result of the validation described above. The
options are:
* 'warning':
Only displays a warning near the field on Special:Preferences if
the current signature is invalid. Signatures can still be changed
regardless of validity and will be used when signing comments.
* 'new':
In addition to the above, if a user tries to change their signature,
the new one must be valid. Existing invalid signatures are still
used when signing comments.
* 'disallow':
In addition to the above, existing invalid signatures are no longer
used when signing comments.
Bug: T140606
Bug: T237700
Bug: T230652
Change-Id: I07c575c2d9d2afe7a89c4847d16ac044417297bf
* Convert to a single map.
* Simplify source code.
* Remove deprecation warning for something we're not likely to
remove. This was embedded into LocalSettings.php files and
should generally just keep working and is easy and cheap to do.
Also note clear why one half warned and the other half didn't
(because that's the one we happen to use in prod.)
* Simplify the tests. A lot of the boilerplate was no longer needed.
* Reduce abstraction in the test as was was not more complex
than the source it tests.
Change-Id: If3e7e25dbf3bb408581fc16ac8e556b44b1855ad
EditResult is an immutable object created during a page update by
the PageUpdater using a builder object, the EditResultBuilder.
EditResult is a container for information on how the edit
interacted with the page and previous revisions. It also aims to
provide a standardized way of describing reverts and reverted
edits. It is as simple as possible, with no dependencies on the DB
or global variables. Most of the logic is encapsulated in the
builder.
PageUpdater::getEditResult() replaces the following methods:
* getOriginalRevisionId()
* getUndidRevisionId()
They are both available in the EditResult object.
PageUpdater::markAsRevert() replaces
PageUpdater::setUndidRevisionId()
Bug: T254074
Change-Id: Ie04c38043d9c295552e488109436ec1df20bb2ca
ContributionsLookup::getRevisionsByUser() returns a ContributionSegment,
but the function name was misleading. Renamed to getContributions()
to more accurately reflect the return value.
Change-Id: Id94549f1f8d2dc5ca5769fcb4696a454fdb851ac
This fixes an issue with HTML tags inside the <script> tag.
Remex also doesn't throw errors on attributes like @click, although it
does mangle them when producing DOM. To work around this, don't use DOM
serialization for the template HTML, but parse everything again using a
Remex parse+serialize pipeline that extracts the template and
(optionally) removes comments and strips whitespace.
One important effect of this change is that we'll have to forbid
self-closing tags in Vue templates, because Remex doesn't handle those
correctly (or rather, handles them *too* correctly). But on the up side,
we can now allow shorthands for v-bind/v-on/v-slot again.
Bug: T253334
Bug: T255587
Depends-On: I2253a2317187fe0d781ba5bfefab95e0f97d0a80
Change-Id: Id9a9728b7163601cc60bc587be07b70977d41970
Deprecating something means to say something nasty about it, or to draw
its character into question. For example, "this function is lazy and good
for nothing". Deprecatory remarks by a developer are generally taken as a
warning that violence will soon be done against the function in question.
Other developers are thus warned to avoid associating with the deprecated
function.
However, since wfDeprecated() was introduced, it has become obvious that
the targets of deprecation are not limited to functions. Developers can
deprecate literally anything: a parameter, a return value, a file
format, Mondays, the concept of being, etc. wfDeprecated() requires
every deprecatory statement to begin with "use of", leading to some
awkward sentences. For example, one might say: "Use of your mouth to
cough without it being covered by your arm is deprecated since 2020."
So, introduce wfDeprecatedMsg(), which allows deprecation messages to be
specified in plain text, with the caller description being optionally
appended. Migrate incorrect or gramatically awkward uses of wfDeprecated()
to wfDeprecatedMsg().
Change-Id: Ib3dd2fe37677d98425d0f3692db5c9e988943ae8
If a changeslist item has an expiry date, add a grey clock icon
after the page title, with a tooltip indicating when the item
expires.
Bug: T250212
Change-Id: I38f8c85321cf257eeea8de5a3bd73bbc0b5ea393
Add a function that calculated the number of days remaining before a
watched item expires. This function will be used in several places, like
the watchstar tooltip and the clock icon that will appear on
Special:Watchlist on pages that are being temporarily watched.
Bug: T253936
Change-Id: I5b50a6707fb6a8e5ad868b5c30917027266ab82a
ContributionsLookup needs to have the acting user (the authority) passde
in explicitly, so suppressed user contributions can be filtered according
to the user's permissions.
Bug: T252202
Change-Id: I94098f87ae45cd4e1db4a7168bf6e9478e9e32fc
This is part of a chain of patches that implement the user
contributions endpoint. This patch adds the ability to navigate
towards newer newer contributions from a response listign older
contributions.
Bug: T252202
Change-Id: I54c43f3c7bd5d2fa55431eda733291a7067bfc75
The new SkinMustache class is based on the emerging class in Vector.
Having this in core, will allow Vector to make use of this class
immediately and provide a minimal generic mechanism going forward
for rendering skins using Mustache. For now, I've fleshed out the minimum
possible data in getTemplateData which are based on existing functions in
Vector.
The Skin class now takes a generic options parameter which allows
registration of a skin using the SkinMustache class with a templateDirectory
option pointing to the associated template. A `styles` option can be passed
to define stylesheets that should be associated with the skin.
The SkinApi and SkinFallback classes are reduced significantly.
There are no known uses of SkinApiTemplate and it is thus removed.
SkinFallbackTemplate is removed and its functions copied across to
SkinFallback
End user changes:
* The fallback skin no longer prints the confusing warning message if the default
skin is setup incorrectly. Previously viewing the fallback skin with useskin
indicated that wgDefaultSkin was not set correctly which was misleading and confusing.
* Factory functions now receive skin options as a second parameter and the service as a
first - this is due to how ObjectFactory handles the extraArgs key for 'factory' key
- placing it at the beginning.
Bug: T254048
Change-Id: Ibbabd1d0f26efebf8f8ff068966685dc2191c527
Per my caller survey in the linked bug, it is hard to find a caller
which actually needs a long timeout, but many callers used the default
timeout without reviewing it. The default was increased from 300 to 900
as a quick hack to fix T226979, but that has now been fixed by overriding
the timeout in SwiftFileBackend specifically.
Reduce the default to 30 since that is a more reasonable value to use when
serving web requests. Since everything that previously used this default
was migrated to use HttpRequestFactory::createMultiClient(), the timeout
for them was already reduced from 900 to 25 with no apparent ill
effects. This cleanup change should have no production impact.
Bug: T245170
Change-Id: Id6029afa4e3f1c6551cd823c3b0def01afcdc571
Create a simple APCUBagOStuff subclass and also fix
APCUBagOStuff::incrWithInit() default $init value.
Change-Id: If84963fe7dcfedd6edebfb8785235263e0868ece
