This patch only adds and removes suppressions, which must be done in the
same patch as the version bump.
Bug: T298571
Change-Id: I4044d4d9ce82b3dae7ba0af85bf04f22cb1dd347
Otherwise permission checks are directed to the old title which makes it
possibly to bypass protection via redirects.
Bug: T309028
Change-Id: I157df365439b09416639e6ea2beefc01b60e6264
This covers all occurrences of /onfig->.*get( '/ in includes/.
Undoubtedly there are still plenty more to go.
Change-Id: I33196c4153437778496f40436bcde399638ac361
The param is set to min => 0, no extra check needed
Not given parameter are null, but null == 0 is true as well
Found by phan (T259172)
Bug: T259172
Change-Id: I2e4ab82b90370eb9e0f49ce37d680ef4aaddead9
Make phan stricter about array keys
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T304887
Depends-On: I3105a5fd4826f8667b5232834defc5ec93be32a1
Depends-On: Ie9610a6e83731468311edb3ed17f80fc509de385
Change-Id: I701f12ab94478c3b8e7fd82110ade74a8e6b04ef
Make phan stricter about null types by setting null_casts_as_any_type to
false (the default in mediawiki-phan-config)
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T242536
Bug: T301991
Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
The concept of a redirect chain didn't really work for a value of
max redirect > 1. In the ideal world, we just want to have a source
which points to target (source -> target) discarding the concept of
a redirect chain completely.
Having something like: source -> target -> target1 -> target2 doesn't
really work well with the current database design.
NOTE: Support for $wgMaxRedirect will be removed soon hence
deprecation without interfaces for replacement.
Bug: T290639
Change-Id: I469de6f85e405e8ddbe7abaa5b99b77cb9cf415d
Allow specifying the title used for rendering error messages in
ApiErrorFormatter.
Then, specify one in ApiEditPage (and a few similar modules that deal
with single pages) once we've figured out which page is being edited.
Bug: T247661
Change-Id: Ic3d70efc23744ef6e90abc445f3babebf45c4697
Old PHP versions are fine doing a `switch` with anything, even
if the types don't match. This changed. More recent PHP versions
start to bring up notices and such when a `switch` accidentially
compares e.g. an object with an int.
Bug: T255177
Bug: T258790
Change-Id: Ib415bd2fb394b95b02737b6df50e4e1fbbc440d3
is not being changed.""
This reverts commit 149e99f072.
It's not necessary to change the constructor now, the module is already
using service locator to fetch RevisionLookup and ContentHandlerFactory.
The WatchedItemStore can also be gotten from there, voiding the need for
altering the constructor now. As Daniel said in T259960#6380471 dependency
injection for API modules is good but not urgent.
Bug: T261030
Bug: T264200
Change-Id: I16aa942cc800cd66a2cd538680a02b10cb0b1bfe
This reverts commit 07e547f47c.
Reason for revert: LiquidThreads extends the ApiEditPage class,
even though it shouldn't, and thus fails when the dependencies
are not injected.
Bug: T261030
Bug: T264200
Change-Id: Ib14f8a04bb6c723aa502a47ef9ccde6fe96a0ac7
This made it impossible to correctly undo changes if revision IDs are out of
order with respect to timestamps.
Removes block of code responsible for creating this bug, and updates tests to reflect the change
Bug: T190285
Change-Id: Id5837ed958023bdbf544ae0f79e2d5e05c94cc64
This trait is not needed in ApiBase and its presence here is
proving to be problematic. See I795db12.
In this patch, the trait usage (more precisely the 'use statement')
has been removed from ApiBase and accordingly the signatures of
ApiWatchlistTrait::getWatchlistValue() and ::setWatch() have been
altered to now require User object.
With these changes, the abstract getUser() method in the trait is no
longer needed, so it has been removed also.
All core usages of the affected functions are fixed in this patch.
The trait is used in only one extension according to codesearch tool,
the extension will be fixed in Ic22e163.
Bug: T262175
Bug: T248512
Follow-up: Ia18627b9824dca81f44f0571e8420d89b7626cf6
Change-Id: Idabcea71edfca9e7ed42000a258c99ff407873d4
Ensure the content we are trying to save and the base content have
identical content models before proceeding to save so as to forestall
Exception that may be thrown by ContentHandler if it founds they're not.
There are two cases where the models are allowed to differ: Edit that
undoes content model change or edit that's meant to explicitly change
the model. The logic for these is handled separately and may succeed
or fail, but exception will not be thrown.
Bug: T255700
Change-Id: I8782732bb0fc3059693cd7035b7ebb43fd71d333
This introduces an ApiWatchlistTrait that refactors out common code
across APIs that allow you to watch pages. Some methods have been
migrated from ApiBase and changed completely, but codesearch suggests
they aren't being used outside the API modules in this patch.
Bug: T248512
Bug: T248514
Change-Id: Ia18627b9824dca81f44f0571e8420d89b7626cf6
This is to fix issues with reverts being marked incorrectly,
especially when using the undoafter param which, until this patch,
wasn't really supported.
Honestly, EditPage is such a mess that I'm not sure if this is good
or not, but I did a lot of manual testing and it seems to work fine.
WikiPage::doEditContent() now checks whether the provided original
revision really has the same content as the new revision. This was
previously the task of callers, but that doesn't make much sense to
me because:
* This task would fall on EditPage otherwise and it should be more
focused on the UI side of things, without too much worrying about
backend details.
* This would require adding another parameter to WikiPage::
doEditContent(), $undoAfterId. It would be only useful for multiple-
revision undos that are not top revisions. In all other cases it
would be the same as $originalRevId.
* An extra sanity check before applying the value to the PageUpdater
won't hurt. Who knows what crazy ideas extensions might have.
The test cases are almost identical to those written for
McrUndoAction, so I decided to group them in a single file.
This should cover most undo cases.
Bug: T256915
Change-Id: I78641b3de0a012af932ea38265b695362f1f8491
Additionally, use Article::getPage() instead of relying on
Page interface proxy method in ApiEditPage, forgotten before
Bug: T239975
Change-Id: I01696a1b11b2ea5c3d94fcb9a42beea68eb7b804
The basic idea is: The sequence `$var ?? 'default'` either uses the
value from the variable (or array element) if available, or falls back
to the default value. The resulting value is then used in the if()
condition.
if ( $var ?? true ) means the variable should default to true, if not
set.
This is mostly a style change.
In ApiEditPage the $params are impossible to not be set.
Change-Id: Id67b81744fa21fe22a2d2377259e426aab67c479
This adds a baserevid parameter for detecting edit conflicts, as an
alternative to the less precise basetimestamp parameter. This is
introduced for parity with and use by the new REST api.
Bug: T230843
Bug: T34037
Change-Id: Id7565018f66860b5c2ba688777508db1b88700ae
