Add checks to token-returning functions to prevent returning tokens in
jsonp mode. This affects action=tokens, action=login,
action=createaccount, and action=query&list=deletedrevs.
Also, remove the "gettoken" parameter to action=block and
action=unblock, which has been deprecated since 1.20.
Bug: 49090
Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7
ApiPageSet is calling $this->profileOut(), then calling a function that
calls $this->profileDBIn(). Move that function to after a new
$this->profileIn().
Also, add a unit test for this situation.
Bug: 51821
Change-Id: Ib4dbfb567faadcd5e3d7d058ca6bdf8b4c83f634
These are needed for OAuth grants.
Note that we don't bother with a 'viewmyoptions' right, since the
majority will be determinable from just observing the interface.
Note that the fact of having a confirmed email address cannot be
reliably hidden, and if the user has 'sendemail' they may be able to
determine the real name and email address by sending an email to another
account that they control.
Change-Id: I3f03dd010020e8d43cc2d3bca7b3ef7196d1c548
Follows-up I1343872de7, Ia533aedf63 and I2df2f80b81.
Also updated usage in text in documentation and the
installer LocalSettingsGenerator.
Most of them were handled by this regex:
- find: (require|include|require_once|include_once)\s*\(\s*(.+?)\s*\)\s*;$
- replace: $1 $2;
Change-Id: I6b38aad9a5149c9c43ce18bd8edbab14b8ce43fa
Squiz.WhiteSpace.LanguageConstructSpacing:
Language constructs must be followed by a single space;
expected "require_once expression" but found
"require_once(expression)"
It is a keyword (e.g. like `new`, `return` and `print`). As
such the parentheses don't make sense.
Per our code conventions, we use a space after keywords like
these. We appeared to have an unwritten exception for `require`
that doesn't make sense. About 60% of require/include usage
was missing the space and/or had superfluous parentheses.
It is as silly as print("foo") or return("foo"), it works
because keywords have no significance for whitespace between
it and the expression that follows, and since experessions can
be wrapped in parentheses for clarity (e.g. when doing string
concatenation or mathematical operations) the parenthesis
before and after basiclaly just ignored.
Change-Id: I2df2f80b8123714bea7e0771bf94b51ad5bb4b87
Also update some previous inconsistencies pointed out by Krinkle in change IDs:
* Ide20743a2e84ff68549286120e6cff9d9f396f54
* I811ca957b6588085d67606ebc0cd4033a1e53839
Change-Id: Ife33b931870d0d7e04fcb40974997436d27f528f
Greatly simplifies query result iteration by the clients
by providing a mechanism to track sub-iterations (props in generated set)
Assuming the client has the param=>value dictionary with the original request
parameters, client will only need to perform this operation in their language
to get all results from the server regardless of what query they make.
$request = array_merge( $request, $result['continue'] );
Related changes:
* Moved dieContinueUsageIf() from ApiQueryBase to ApiBase
* Internal calls will also return unused param warnings
* Reworked query unit tests for easier testing
Change-Id: Ieb45241fc6db2109f1d92fa3381165ec30701b63
ApiAccountCreationTest::testInvalidEmail() no longer
needs LocalSettings to have $wgEnableEmail = true;
Change-Id: I97803be116fda8194e46fe0021c7b32d7b703b1d
This need to be made a global feature that will be applied to any test.
This reverts commit 2025a89d5b
Change-Id: Ia7165b78b4f80738ed9b769319e159cd86fc7bdf
· Use env(1) in shebangs instead of hardcoding paths.
· $IP is already set in the constructor of Maintenance classes.
· Add sapi guard to some phpunit files.
Change-Id: I6c6fd6c61e2861b5992f2ccd67a4e3f62e2c445e
* $wgAPIGeneratorModules is now obsolete and will be ignored
* Removed generator tests - obsolete because there is no more list
Change-Id: I014260a42226854a2178345dc3cd0f50b41b3c08
* PageSet can now be used in any action to process titles/pageids/revids
or any generator, redirects resolution, and converttitle functionality.
* action=purge proper usage of MustBePosted()
* Add supports for all pageset capabilities - generators, redirects, converttitles to
action=purge and action=setnotificationtimestamp
* BREAKING CHANGE: ApiPageSet constructor now has two params instead of three, with only the
first one keeping its meaning. ApiPageSet is now derived from ApiBase.
* BREAKING CHANGE: ApiQuery::newGenerator() and executeGeneratorModule() were deleted.
Change-Id: I7a3d7b6eb015d21ec1a9b9d9c6af9d97663f3f9a
* Several tests to verify query with prop=, list=, and generator
* Moved query related tests to query\ dir
* Added a generic ApiTestCase::editPage() to simplify page creation
* Fixed minor warnings complained by jenkins/phpcs
Change-Id: I5e3984d797178ae03f048792c7bac8e6a881aa41
Fix almost all occurences of the following sniffs:
Generic.CodeAnalysis.UselessOverridingMethod.Found
Generic.Formatting.NoSpaceAfterCast.SpaceFound
Generic.Functions.FunctionCallArgumentSpacing.SpaceBeforeComma
Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine
Generic.PHP.LowerCaseConstant.Found
PSR2.Classes.PropertyDeclaration.ScopeMissing
PSR2.Files.EndFileNewline.TooMany
PSR2.Methods.MethodDeclaration.StaticBeforeVisibility
Change-Id: I96aacef5bafe5a2bca659744fba1380999cfc37d
All tests based on APITestCase can be slow. I've also seen more than one
Jenkins failure due to GlobalTest::testMerge timing out.
Also, added a meta-test on APITestCase to make sure that all its
subclasses are marked with @group medium or @group large, to prevent new
tests from re-causing the bug.
Change-Id: I48630736a3d06574876fd1fa3d90899cfbc48012
Added the "resetkinds" option to action=options, so that when the
"reset" option is set, the user can control which kinds of options
are reset, rather than having to do all or none.
Also added documentation to the "change" parameter, since passing
it option keys without any "=value" after it will result in resetting
that specific option to its default value.
Change-Id: Id5bc1fffa0d487c0f152b79115205d2722f380d3
Before change I98df55f2 it was possible to set arbitrary preferences (ie.
with anything as the key) using the action=options API. That change
removed this ability by enforcing full validation of the preferences, also
introducing several regressions which were fixed by follow-ups.
Per the discussion on bug 40124, this changeset aims to restore this
ability, but in a slightly restricted way: arbitrary preferences' names
must start with userjs- prefix, to avoid any possibility of conflicting
with new MediaWiki versions or extensions.
The contents of these preferences is not escaped, sanitized nor validated
in any way; script authors are expected to sanitize them themselves to
prevent XSS attacks and other security vulnerabilities.
This commit also adds the User::getOptionsKinds() method (to determine
whether given preference keys are used by MediaWiki itself or an extension,
intended to be used via the API, or entirely unknown) and enhances the
User::resetOptions() method to allow for resetting only preferences of
chosen kinds.
These changes allow for fixing of Special:Preferences not to clear those
additional fields when saving user settings.
Change-Id: I5f9ba5b0dfe7c2ea5458d836f03429cf6d93969d
1) ApiCreateAccountTest::testInvalidEmail
Failed asserting that exception of type "UsageException" is thrown.
Also explicit log out the user
Change-Id: I1d90c2b78bbcef494dc91822feeba37eebb8ca20
The ApiCreateAccountTest::testValid() test does multiple API request
which might end up being a bit slow. That randomly cause random
failures when running the test suite which tends to confuse people.
Change-Id: I35a6670c61c7917522b2472a3a8e782e97e837f4
