Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
Disable it in specific files and places where there are legitimate uses
to access $_GET and $_POST directly.
For EditPage, which wants to output $_POST for debugging information,
introduce WebRequest::getPostValues() as a wrapper, matching the
existing ::getQueryValues().
Change-Id: I2cb0a7012fb7ed29dcd720056b42f56508ddc5fa
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
Some extension code appears to have sanity commit() calls
to work around this in places, which is the wrong solution.
Note that there was always the post-send commit, just not
the pre-send one that normal requests have.
Change-Id: I410a1f1097daa4f43481d1b0afbe7f467b86d254
Xhprof generates this data now. Custom profiling of various
sub-function units are kept.
Calls to profiler represented about 3% of page execution
time on Special:BlankPage (1.5% in/out); after this change
it's down to about 0.98% of page execution time.
Change-Id: Id9a1dc9d8f80bbd52e42226b724a1e1213d07af7
- Removed spaces after not operator (!)
- Removed spaces inside array index
- use tab as indent instead of spaces
- Add newline at end of file
- Removed spaces after casts
Change-Id: I9ba17c4385fcb43d38998d45f89cf42952bc791b
Also removed some unnecessary ones. I think I've caught them all.
The spaceless version already appears in core ~300 times (after
accounting for false positives when grepping). Some consistency would
be nice.
Change-Id: I607655b5f4366e66dc78730d5fd2f57ed8776cae
User::groupHasPermission is used for various purposes, from checking
whether it makes sense to show a "hide logged-in users" on
Special:NewPages to showing different error messages in some places when
'user' or 'autoconfirmed' is allowed the action to avoiding unstubbing
$wgUser to check $wgUser->isAllowed( 'read' ) in the common case where
'read' permission is granted to everyone.
For the OAuth work, we need to be able to catch that last type of use
without interfering with the others. This change introduces
User::isEveryoneAllowed() to be used for that type of check, which both
makes sure the right granted to '*' isn't revoked from any group and
calls a hook to allow extensions to indicate that they might remove the
right.
Change-Id: Idfee1b4d0613aaf52e143164acd6022459415c49
It's now totally useless since we are storing it
in the RequestContext object, so this won't prevent
the MediaWiki class to use it.
Change-Id: I10a15a16769f8f208c13bfb9ad38738562c11eac
allow page titles to be enumerated even when they are not guessable.
* (bug 32616) action=ajax requests were dispatched to the relevant internal functions without any read permission checks being done. This could lead to data leakage on private wikis.
Roan: "So what does it do?"
Me: "Converts stuff encoded with JS's escape() back into a normal string, according to the docs."
Roan: "That sounds like a workaround for bad design"
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
* Added support for static member functions as AJAX callbacks.
* Moved all upload-related javascript to upload.js.
* Needs artwork, see TODO in upload.js.
* Removed UploadForm::showSuccess() as per wikitech-l discussion. Redirect to description page unconditionally.
* Seems like an opportune time to introduce "@addtogroup Media" documentation tags.
* Merge "@addtogroup Metadata" (used by Exif.php) into "@addtogroup Media".
* Few more moving comment blocks to above classes.
* Add @addtogroup tags to various classes, to try and group conceptually-related classes together.
* Add brief descriptions to various Special pages, thanks to Phil Boswell.
* Moving some docs to be right above the classes they represent, so that they are picked up.
pick up the appropriate tags, and documentation blobs for classes. This is
the same as per r20769, but with the grouping changes (e.g. removing "@{{") omitted.
Please be advised that more related documentation tweaks may follow later - e.g.
Doxygen generates a log file of warnings that is 574 Kb in size, when run over
the just the trunk/phase3 code ... eek! Thankfully, much of that is just
whining about functions without documentation ;-)
Minor doc tweaks to prevent some PHPDocumentor warnings or errors when run on the includes/ directory. PHPDocumentor uses a syntax very similar to javadoc - mostly we already use this, but there were a few scattered places that were adjusted to make them consistent with the rest of the code. In practical terms, these changes were made:
* @url becomes @link
* @fixme becomes @todo
* HTML tags in descriptions must be closed / balanced.
* @bug was removed (where the bug was long fixed), or changed into a @todo (in the few situations where the bug was still pending)
* @obsolete becomes @deprecated
* Things like "/**@{{" and "/**@}}*/" which cause "unknown tag" warnings were removed
* @access must be a valid access level.
* @desc tag not needed, removed.
* Doesn't seem to like @licence, will accept @license however.
* Use full comment block notation in a few places (i.e. open block with "/**", start each line with " *", and end block with " */")
Then additional to this, to get some class docs associated with their respective classes:
* Moved some docs to right above those classes (deleting blank lines, or moving descriptions from the file headers)
* Marked some classes without docs as "@todo document"
* (done up to "class MIMEsearchPage" on the "classtrees_MediaWiki.html" page for the includes/ directory)
to forestall additional UTF-7-autodetect XSS issues. Probably not an
issue on Apache 2.0+, but most servers send only 'text/html' by default
when the script didn't specify more details.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant
on a previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
* Strict Standards: Undefined index: rs in includes/AjaxDispatcher.php on line 38
Q: Should / could the AjaxDispatcher constructor maybe be using the $wgRequest global instead of accessing $_POST and $_GET directly?
Prevent :
* Strict Standards: Non-static method Title::newFromID() should not be called statically in includes/AjaxFunctions.php on line 147
[stopped AJAX watch/unwatch working for me, as I have errors being logged to the page output]
E_STRICT warnings on truncated GET input (e.g. http://192.168.0.64/wiki/index.php?action=ajax&rs=wfAjaxWatch&rsargs[]=1 , rather than http://192.168.0.64/wiki/index.php?action=ajax&rs=wfAjaxWatch&rsargs[]=1&rsargs[]=u ), prevent by specifying default $watch value of "" (which should result in an error '<err#>' response, which is probably fine).
* Strict Standards: Missing argument 2 for wfAjaxWatch() in includes/AjaxFunctions.php on line 138
* Strict Standards: Undefined variable: watch in includes/AjaxFunctions.php on line 142
E_STRICT warnings on another truncated GET input ( http://192.168.0.64/wiki/index.php?action=ajax&rs=wfAjaxWatch&rsargs= ), prevent by specifying default $pageID value of "" (which again should result in an error '<err#>' response because it's not numeric, which is probably fine).
* Strict Standards: Missing argument 1 for wfAjaxWatch() in includes/AjaxFunctions.php on line 138
E_STRICT warning on bad GET input - "rs" as array, not as a string - (e.g. http://192.168.0.64/wiki/index.php?action=ajax&rs[]= ), adding explicit cast to string:
* Strict Standards: htmlspecialchars() expects parameter 1 to be string, array given in includes/AjaxDispatcher.php on line 58
* Deleted DatabaseMysql.php, no longer necessary, database classes are autoloaded.
* Moved wfGetMimeMagic() to MimeMagic::singleton()
* Fixed a couple of __CLASS__.'::'.__FUNCTION__ things.
