Amongst other things, this version of phan bundles taint-check, which is
however disabled in the config file because there are lots of issues to
be fixed.
Upgrading phan alone now means that we can have a clean baseline for the taint-check upgrade.
Bug: T248630
Change-Id: I8ab7ef9a9e73952098664176aad6c2b3b88095ee
Updated Doxygen markup in several .php files triggering warnings when mwdocgen.php is executed. Removed
obsolete settings MSCGEN_PATH and TCL_SUBST from Doxyfile. The former would generate a warning in 1.8.16
while TCL support was removed in 1.8.18. Since TCL_SUBST was blank anyway, it was removed prior to getting
to .18 in production. Increased DOT_GRAPH_MAX_NODES from 50 to 200 since Doxygen complained about it being
too low for API and Maintenance.
Bug: T248706
Change-Id: I9c67f0807d1b43089d351263d4f591dee5501f36
The HTMLUsersMultiselectField and HTMLUserTextField fail validation when an
empty string is passed to a non-required form field. To prevent this, the
widget should pass the validation to the parent when the value is an empty
string.
Bug: T246958
Change-Id: I39df2b575b90a4648188ed3ef4cc0c38ac553636
Continuing the work for 441e12f2d9,
which did this for the main HTMLForm errors (grouped at the top of
the form). This handles errors for individual fields.
This fixes the display of error/warning messages on Special:CreateAccount,
and should not break anything else too badly (it helps that most forms
are using OOUI these days).
Bug: T246894
Change-Id: If1ccdff10bebe0c2eeca4c15d82271c9de1af164
The status object, which can be returned after validating an HTMLForm,
can contain message objects. These message objects can be constructed
with the full feature set provided by Message, e.g. raw parameters.
The handling of these status objects in HTMLForm basically prevented
some features of the Message object in the status, as it parsed the
messages through the Parser, which does not recognize these raw
parameters as such and escapes them wrongly.
This behaviour is fixed with this change.
Bug: T240774
Change-Id: I152ec51f317799572bf6791e110cd72c42da82a0
This was a server-side check that made certain <button> elements
render as <input> for IE6 and IE7. MediaWiki no longer offers
basic support for these browsers per RFC T232563.
Change-Id: Ibd27b6fda3929bf94a5362a0369b3744e42de121
"Other methods call done after that" should be "Other method calls
done after that" (though "Other methods called after that" would
work too.
Change-Id: I9fe8194647c134e6d2aea7b88c3fd4140ffb9883
Scalar casts are still allowed (for now), because there's a huge amount
of false positives. Ditto for invalid array offsets.
Thoughts about the rest: luckily, many false positives with array offsets
have gone. Moreover, since *Internal issues are suppressed in the base
config, we can remove inline suppressions.
Unfortunately, there are a couple of new issues about array additions
with only false positives, because apparently they don't take
branches into account.
Change-Id: I5a3913c6e762f77bfdae55051a395fae95d1f841
Repeating the variable name doesn't do anything. Documentation
generators don't need it. It's more stuff to read that doesn't add new
information. And it can become outdated.
Note there are two types of @var docs. When used inline (and not on a
class property) the variable name is needed.
Change-Id: If5a520405efacd8cefd90b878c999b842b91ac61
Pass through config options from HTMLUserTextField that allow the
field to accept an IP address and/or range, and specify the maximum
allowed range size.
Bug: T238277
Change-Id: I0e0f6b6fd6801d5cd561def28917e81a81b3f7d4
Introduce a more specific message for when the number of selected items
exceeds the maximum number allowed.
Change-Id: I359b65ac397b4acef32940ff8ff9af33651f7a7b
When there's an error in one of the fields "below the fold" or in
another tab, it's hard notice that it wasn't saved, especially since
the success message is very subtle.
In normal forms, there's a red error message at the top (in addition
to messages next to invalid fields), which was missing from the
preferences form.
I ran into this while experimenting with signature field validation.
Change-Id: If365e35d15a52939397f2093b1b8f5113a62e22b
Most of the original scope of this patch was implemented in 8665536045
What remains is to use the splat operator in the method signature as
well which is more readable than using func_get_args and doesn't annoy
phan. This is now possible, because we are no longer testing on HHVM and
these mocking in HHVM tests was the only place where this was broken.
Change-Id: I52912d1810b955b05cd17fab424f80c201883411
Previously the form was only collapsible/expandable using the small
link-button on the far right. Now you can click on the entire header
to do it, and it has an appropriate pretty icon.
We add appropriate ARIA `role` and textual labels. Together with
recently added `toggleARIA` option of jquery.makeCollapsible in
Ic457bda58e56f we feature a screen reader workable output.
Bug: T222904
Change-Id: I6964296bc6870550478de662d21f12a1fc084c15
This is for classes with a single undeclared property - aside from
BlockManager: I3f51fd3579514b83b567dfe20926df2f0930dc85 removed the
declaration of $permissionManager without actually removing all uses.
Change-Id: Ic2a95f77071312041be6e0633ea9b5325e98de42
This allows us to remove many suppressions for phan false positives.
Bug: T231636
Depends-On: I82a279e1f7b0fdefd3bb712e46c7d0665429d065
Change-Id: I5c251e9584a1ae9fb1577afcafb5001e0dcd41c7
All of these suppression prevent the detection of many common mistakes,
and could easily prevent things like T231488. Especially if there are
few issues of a given type, it's way better to suppress them inline,
instead of disabling them for the whole core.
This patch only touches the one with a lower count (although those
counts may be out of date).
Bug: T231636
Change-Id: Ica50297ec7c71a81ba2204f9763499da925067bd
Alters the SelectWithInput to allow a required config to be passed from a
parent widget. Also handles the required state dynamically. If the widget is
an OR widget, then only the select dropdown is required. The text input will
be required when the other option is selected. If the widget is an AND widget
then both the select dropdown and the text input will be required.
Bug: T220533
Change-Id: I8479743126756f2b1bd7bcd53b100a0134f34d07
