Replaces \TestingAccessWrapper (defined in core) with
\Wikimedia\TestingAccessWrapper (defined in the composer package
wikimedia/testing-access-wrapper).
See https://gerrit.wikimedia.org/r/#/q/topic:librarize-testing-access-wrapper
for downstream patches.
The core version of the class is kept around for a while to avoid
circular dependency problems.
Bug: T163434
Change-Id: I52cc257e593da3d6c3b01a909e554a950225aec8
System messages may take parameters from untrusted sources. This
may include taking parameters from urls given by unauthenticated
users even if the wiki is a read-only wiki. Allowing <html> tags
in such a context seems like an accident waiting to happen.
Bug: T156184
Change-Id: I661f482986d319cf41da1d3e7b20a0f028a42e90
I was bored. What? Don't look at me that way.
I mostly targetted mixed tabs and spaces, but others were not spared.
Note that some of the whitespace changes are inside HTML output,
extended regexps or SQL snippets.
Change-Id: Ie206cc946459f6befcfc2d520e35ad3ea3c0f1e0
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I46261416f7603558dceb76ebe695a5cac274e417
The old code was similar to Message::params(), but Message::params()
was unable to handle "special" parameters and received an overhaul
in 7f2663f, yet wfMessage remained broken. To avoid duplication,
wfMessage shall call Message::params() to correctly handle these
parameters.
CategoryMembershipChange::getChangeMessageText and its caller has
been updated so as not to take advantage of this bug.
Bug: T153747
Change-Id: I6667acf7e71c9db07fefc9fbb741c160e15823ff
Message::params() wants to take parameters either varargs-style or as a
single array. But it also detects "special" parameters like those
returned from Message::numParam() as an array of parameters instead of
as a single "special" parameter.
Bug: T152603
Change-Id: Idef2437470eee843a17ff23f4cefe8f3132988bd
This allows for passing a list of values that will be turned into a list
in the context of the language for which the Message is being processed.
For example, currently you'd have to do
$msg = new Message( 'something', [ $language->commaList( $list ) ] );
which isn't going to give correct results if the message is later
changed to a different language with a different value for
'comma-separator'.
Now, you can do this instead
$msg = new Message( 'something', [ Message::listParam( $list, 'comma' ) ] );
and it will be listified properly no matter what language is later used to
parse $msg.
Change-Id: I66868c61832260870449998fef14c842f17753ee
If a Message object is a parameter of another Message object, it should
use the same language, use-database flag, and so on as the outer Message
when it's being stringified.
Change-Id: I92762a1a63c90a16e8581edc96bd1da699880157
This is a direct follow up to my comments in Ia6ec10d.
Relevant for T146416 are the two messages I added. They explain why these
assertions are duplicated.
assertEquals behaves bogus when used with strings, especially when used
with formatters and parsers, which is the case here. For example,
assertEquals( '9a', 9 ) succeeds. assertEquals is useful when comparing
objects.
Bug: T146416
Change-Id: Ie8df41b3ce6678f3add55bab6701b56b66447a2e
Message::__toString() used the same formatting mode that the last
explicit transformation used:
$msg = new Message( 'foo' );
echo $msg; // escaped
echo $msg->plain();
echo $msg; // not escaped
This is not particularly useful and makes code review hard, so let's
get rid of it.
The same behavior with $msg->toString() is left intact (and logged)
for now.
Bug: T146416
Change-Id: Ia9b2a1dcf09d52348b2c6d8299fd849b809f6e74
If you have a non-existent message in the output, chances are its
user-controlled. If the message has the ->plain() or ->text()
format, the output used to be not safe for html. Obviously people
should not be using those format types where html is being outputted,
but sometimes that happens. I think we should prioritize always being
safe over the fallback content not potentially being double escaped.
Additionally switch the enclosing brackets to be fancy unicode
characters, to sidestep the escaping issue on the enclosing brackets.
So previously, wfMessage( 'script>alert(1)</script' )->text() would
have outputted <script>alert(1)</script>. Now it outputs
⧼script>alert(1)</script⧽. No sane message key will include
< or >, so this would really only come up if the user can control
the message key name.
This goes somewhat against T68199.
Change-Id: Ic8a60892b8e847e6021494c10968814aac391731
Instead of constructing a new Message from the Message as
a MessageSpecifier, just clone the existing Message which will preserve
subclass data.
Also, make use of this to simplify the logic in ApiBase::parseMsg().
Change-Id: I9545acb8da752c0c21e16d8b1d37d8802fcb329d
This can happen e.g. when something processes Status contents
and expects [$key, $param1, ...] and instead gets [$messageObject]
Change-Id: I346b35e08bd38ce231e16d0616438ea408b55bff
Improves Ida647973a which unified message handling for form fields
but did not make the functionality available to HTMLForm itself.
Change-Id: I2e6195ba13afbd8b993acb47409fab1be91c547e
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* forking processes
* integration tests (which must of the existing phpunit tests are)
Depends-On: I5d638ad415fc3840186a0beaa09ac02ea688539b
Change-Id: Ie98bf5af59208f186dba59a9e971c72ea0b63e69
Removed redundant set up in these classes (same as their paren
class MediaWikiLangTestCase does already).
* BlockTest
* ExportTest
* MWTimestampTest
* TitlePermissionTest
Change-Id: I28d18cb797bb249981727b02dffce4f0d8682b02
This allows them to be stored in the session, for example.
Note that properly serializing a Message requires that all its
parameters be serializable as well; we don't attempt to account for that
here.
Change-Id: I3a42a2a883e8eef900eeb02355fc3b064411f642
* Remove unnecessary use of ReflectionClass. It was testing
internal properties that aren't part of the API. Using the
getters instead.
* Remove need for func_get_args that was making the test more
complex and the data provider hard to read. Simply maintain
it as array of expected params and array of variadic arguments.
* Rename tests to more closely match tested methods.
* Rename data providers to provide*, and make them static.
* Reorder tests to more closely match logical order of the class.
* Improve line coverage from 31% to 67%.
Also:
* Remove testParams (dupes testConstructorParams).
* Add tests for RawMessage class.
* Add tests for transformation and parsing.
* Add tests for wfMessage().
* Add tests for Message::newFrom*.
* Add tests for "$*" replacement.
* Add tests for __toString.
Change-Id: I2b183a66f9e9f51bd800088e174b1ae4d3284d8d
I have run into numerous issues trying to utilize unsafe user
provided content as an argument to a Message instance. Specific
cases are enumerated in MessageTest.php
Typically the solution to using user provided text is to use
Message::rawParam, but this pushes escaping of the parameter to
the caller. This patch introduces Message::plaintextParams which
handles escaping of the string parameter to match the requested
output format.
The functionality is:
* plain and text: exactly like rawParams()
* escaped, parse and parseAsBlock: escape it but don't do brace expansion
Additionaly, similar to Message::rawParam, plaintext parameters are not
valid parser function arguments.
Change-Id: I320645cd23c98fea4bfc32ab22b7ef8d320957cb
The output of Message::text() should always be acceptable to pass into
external html escaping, such as when the response is returned over an
API request and escaped by the client side code. Calling ->text() on a
non-existent key was returning the entity encoded value which leads to
double encoding down the line, this patch fixes that oversight.
Bug: 66199
Change-Id: Ieec94d4e4c7e5c36e5e68bbf01792e96368e54e0
Follows-up b36d883.
By far most data providers are static (and PHPUnit expects them
to be static and calls them that way).
Most of these classes already had their data providers static
but additional commits sloppily introduced non-static ones.
* ResourceLoaderWikiModuleTest, 8968d8787f.
* TitleTest, 545f1d3a73.
Odd unused method 'dataTestIsValidMoveOperation' was introduced
in 550b878e63.
* GlobalVarConfigTest, a3e18c3670.
Change-Id: I5da99f7cd3da68c550ae507ffe1f725d31e7666f
Message objects may be constructed with a list of keys as a
simple fallback mechanism. This patch assures consistent
handling of this case.
Change-Id: I458c0af3114754ddf3d721f6c374e249f482e4cf
Without this patch, it's not possible to get text in different
languages from the same Message object.
Change-Id: I0bb915b0d9205e78ac4599ced5efacacf2cf0240
This helps with testability to not have to rely on $wgLang
and setting globals in tests.
This also provides convenience, so one does not necessarily
need to call Message::inLanguage() if language is known
at time of constructing the message object.
Also added tests to cover this change.
Change-Id: I14ee98972c7be954e04398ece9e6103f96ab60dd
- Added spaces after if/foreach/catch
- Added new line before end of file
- Added or removed spaces before/after parenthesis, comma
- Added spaces around string concat
Change-Id: I0590070f1b3542108e242730e8d9a3ba9831e94f
Similar to numParams(), added functions for other parameters
that can be formatted by the Language class. Adds functions for
expiry, size, timePeriod, duration, and bitrate parameters so
that the formatting doesn't have to be done at the caller.
Change-Id: I7b435fcc11824ead55e4c0f5512418187eae9a6f
This commit depends on the introduction of
MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4.
Various tests already set their globals, but forgot to restore
them afterwards, or forgot to call the parent setUp, tearDown...
Either way they won't have to anymore with setMwGlobals.
Consistent use of function characteristics:
* protected function setUp
* protected function tearDown
* public static function (provide..)
(Matching the function signature with PHPUnit/Framework/TestCase.php)
Replaces:
* public function (setUp|tearDown)\(
* protected function $1(
* \tfunction (setUp|tearDown)\(
* \tprotected function $1(
* \tfunction (data|provide)\(
* \tpublic static function $1\(
Also renamed a few "data#", "provider#" and "provides#" functions
to "provide#" for consistency. This also removes confusion where
the /media tests had a few private methods called dataFile(),
which were sometimes expected to be data providers.
Fixes:
TimestampTest often failed due to a previous test setting a
different language (it tests "1 hour ago" so need to make sure
it is set to English).
MWNamespaceTest became a lot cleaner now that it executes with
a known context. Though the now-redundant code that was removed
didn't work anyway because wgContentNamespaces isn't keyed by
namespace id, it had them was values...
FileBackendTest:
* Fixed: "PHP Fatal: Using $this when not in object context"
HttpTest
* Added comment about:
"PHP Fatal: Call to protected MWHttpRequest::__construct()"
(too much unrelated code to fix in this commit)
ExternalStoreTest
* Add an assertTrue as well, without it the test is useless
because regardless of whether wgExternalStores is true or false
it only uses it if it is an array.
Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
* MessageCache::singleton() calls wfGetMessageCacheStorage() directly instead of using $messageMemc, just in case this would be called before that variable is set
* Per TimStarling: also removed deprecated methods in MessageCache class: addMessages() and related, [get|set|enable|disable]Transform(), loadAllMessages(), loadMessageFile() and some others. Same for the legacyData stuff in LocalisationCache that was only used by MessageCache::addMessages() and related.
* Converted remaining extensions
