For decades MediaWiki has allowed "extra" px modifiers in image size
specifications, for example `100pxpx`. It has been suggested since at least
2008 (T15500#174968) that this behavior should be deprecated. This is
not localized, so (for example) on eowiki we allow `100rapx` as well (!).
As one small step toward eventually removing this weird corner case behavior
add a tracking category whenever it is used on wiki.
In the process, emit deprecation warnings for
ImageGalleryBase::setWidths() or ::setHeights() if called without
ImageGalleryBase::setParser() having been set. The ::setParser() method
already includes in its documentation that "If you do not set this and
the output of this gallery ends up in parser cache, the javascript will
break!", so please set the parser appropriately.
Bug: T15436
Bug: T15500
Bug: T372935
Change-Id: If86d949189a7d105595404d21447477499873b03
Some wikis treat the category list from ParserOutput as a /set/, others
as an /ordered list/. For those who don't care about the order of
categories, provide the option for wikis to sort the categories
in OutputPage.
This can also be activated with a query parameter, `&sortcat=1`, which
is useful to the Parsoid team when doing visual diff testing to avoid
false positives caused by differences in category ordering.
Bug: T373480
Change-Id: Idd14650a1898c6a49c88441ef024ce3012903bbe
Update a few tests that relied on the feature flag to ignore
the 'requireemail' preference on "User1" to instead use "User2",
who doesn't have the preference set.
Bug: T242406
Change-Id: I996d3996272d704a071d1d2094c3568247b80f98
This method has a weird behavior where it resets the category *link* list
while not resetting the category *list*. It turns out that no one actually
needs that weird behavior; in fact no one needs this method at all, since
the only external user is the Translate extension, which could use the
OutputPage::addCategoryLinks() method instead, which has existed since
2014 (Id25041a7891f588ffa787fdd2c092342eecd30c8).
Deprecate this method with warnings.
Bug: T373480
Depends-On: Id25041a7891f588ffa787fdd2c092342eecd30c8
Change-Id: I7b07d761eb8cd5ad1e6da2dd836e969a0d492c2b
Add a new hook that can be used to prevent authentication just
before AuthManager takes the main action (writing the session
for login, creating the local user account for account creation).
The driving use case is a wiki which supports both a local and
a central (wiki-farm-level) login or signup flow - various
security options (such as 2FA) are needed during local login
but unnecessary during central login (which will have those
security features centrally), so we need to skip much of the
security when the user is taking the central route, and a bug
in how that's done could result in circumvention of security
features during local login. The hook makes it easy to inspect
and potentially interrupt login near the end, when we know for
sure what route it took. (Specifically, we know which primary
provider was used. The hook doesn't expose other details,
such as the list of preauth or secondary provders that were
invoked, because they were not needed for the immediate use
case, but they are easy to add in the future.)
The hook is called after the secondary providers for login
and before them for account creation, since secondaries can
interrupt login but cannot interrupt account creation.
A shortcoming is that since the hook is called after a primary
provider succeeded, it cannot prevent the primary provider from
doing work, ie. it cannot prevent creation of the remote account
during account creation (although it will prevent the creation
of the local account). This is not great but acceptable, since
creating a new account isn't very security-sensitive.
This also means the hook would not be useful during account
linking, as AuthManager does not do anything there, all the work
happens in the primary provider. This is even less great but
few authentication extensions implement account linking.
The hook is not called for authentication happening via
CreatedAccountAuthenticationRequest, which is a weird internal
hack hook handlers should not have to know about.
Also rename a confusingly named variable.
Change-Id: I835b2fe2f43e6e81f23348165cbb9c93832e6583
Allow disabling authentication providers. This allows for
extensions to replace core providers with their own.
This is using the $wgAuthManagerAutoConfig keys instead of
AuthenticationProvider::getUniqueId() as the keys to filter.
This makes it more useful for site administrators, and also
it's probably the better known of the two identifiers so
more intuitive.
No effort is made to prevent the hook from filtering
differently in different steps of the same authentication
process.
Bug: T369180
Change-Id: If5435b54a4fc08f685c04fc10eb44c6d72cd78fa
First export in commit 5c6b75659f
(Change-Id Ied5002d2ca82a05d69e55442561f254f610e0d5c ).
Language codes nan, nan-hani, nan-latn will be used for language
converter codes.
Bug: T354937
Bug: T369899
Change-Id: If68512a24cac67daa033a634b1fb57d872d0039c
Introduced in 2013 by I939551bd228 (fdef79d9f2), and originally used
for PostgreSqlLockManager. This was removed again in Ia8f802b2c68
(2fa8eb2c80).
Change-Id: I7ae15703f919c9ff890056648aad8e86bccf34ab
Follow-up to 298ec8382b, which replaced
`public $errors` with `public $status`, causing T372181.
* Add a deprecated fallback getter/setter for $errors
* Make $permission private and add a deprecated getter/setter
* Make $status private
Bug: T372181
Change-Id: If44b2256289d6bde9e9abb901d9dc145555c971f
It is difficult to distinguish this method from OutputPage::addJsConfigVars()
in code search:
https://codesearch.wmcloud.org/search/?q=%5BOo%5Dut%28put%29%3F%28%5C%28%5C%29%29%3F-%3EaddJsConfigVars%5C%28
We generally try to replace $output with $parserOutput or $pOutput
as we touch code, to improve the ability of codesearch to dig up
deprecated ParserOutput methods.
A future project will unify those parts of OutputPage which duplicate
ParserOutput: T301020.
Bug: T300307
Bug: T305161
Depends-On: I39ae7d7a40190eedaa024097a6442cd02b6a02e7
Depends-On: I2c660972b289bbad730ceee1325d70d5ba75d27e
Change-Id: I53c28ee7c80b889c893c1d00f37678e716e55783
This new key name should better signal to developers that this key
will be used as-is without escaping
Bug: T356971
Change-Id: I98849b2e45cc4555eca7674875b9bed89f128310
