The user_id is an unsigned integer in the database. But not all database
abstractions we use are guaranteed to return integer values as PHP
integers. Sometimes it's a string and needs an integer cast first.
Want proof? Search for usages of this method. Almost all add an (int)
cast. This is weird and should not be necessary.
Change-Id: If1d706f73350fca5b3a0f1e0de59e4518162445b
When MySQL is using repeatable-read transaction isolation (which is the
default), the following sequence of events can occur:
1. Request A: Begin a transaction.
2. Request A: Try to select the actor ID for a user. Find no rows.
3. Request B: Insert an actor ID for that user.
4. Request A: Try to insert an actor ID for the user. Fails because one
exists.
5. Request A: Try to select the actor ID that must exist. Fail because of
the snapshot created at step 2.
In MySQL we can avoid this issue at step #5 by using a locking select
(FOR UPDATE or LOCK IN SHARE MODE), so let's do that.
Bug: T210621
Change-Id: I6c1d255fdd14c6f49d2ea9790e7bd7d101e98ee4
blocked' option on partial blocks.
Partial blocks currently ignore this option as it gets into an edge case. The
option should take precidence if it is true, but should be ignored if it is
false. On sitewide blocks, the option should always be honored.
Bug: T210475
Change-Id: I33177b48a5c261ec3f510ce01998c1b096077b85
The fix applied in d67121f6d took care of the immediate issue in
T208398, but after further analysis it was not a correct fix.
* Near line 770, the method shouldn't even be called unless the target
is TYPE_USER.
* Near line 1598, it isn't dealing with a target at all.
* Near line 1813, you're not going to get a sensible result trying to
call `$user->getTalkPage()` for a range or auto-block ID. What you
would really need there to handle range and auto-blocks correctly is
to pass in the User actually making the edit.
But after some pushback in code review about passing the User into
Block::preventsEdit() to make line 1813 work, we'll instead replace the
method with Block::appliesToTitle() and put the check for user talk
pages back into User::isBlockedFrom().
Bug: T208398
Bug: T208472
Change-Id: I23d3a3a1925e97f0cabe328c1cc74e978cb4d24a
If $name is a User object, some code magically works because the object
gets converted to a string, but other code blows up because objects
aren't valid array keys. Prevent this from happening by explicitly
forcing $name to be a string.
Bug: T208469
Change-Id: Icc9ebec93d18609605e2633ccd23b90478e05e51
Non-breaking change. Remaining uses are public interfaces (a constant, two
globals, a config sub-parameter, SQL queries, storage function names), one i18n
message key, and a whole lot of maintenance scripts with calls to the deprecated
function wfWaitForSlaves().
Change-Id: I6ee5ca92ccf6a80c08f53d9efe38ebb4b05064d7
Use these in place of various wfWikiID() calls.
Also cleanup UserRightsProxy wiki ID variable names and removed unused
and poorly named getDBname() method.
Change-Id: Ib28889663989382d845511f8d34712b08317f60e
The revision_actor_temp table has denormalized copies of rev_page and
rev_timestamp to support the actor indexes equivalent to
`actor_timestamp` and `page_actor_timestamp`. But to get these to be
used, we need to have the WHERE and ORDER BY use the denormalized fields
instead of the main revision-table fields.
We can take generally advantage of the fact that "ORDER BY field" uses
aliased field names before the names in the actual table, but WHERE
conditions do need to explicitly vary.
Bug: T204669
Change-Id: I992aa50f02c35d76e91a5a28e05c870f8a32f858
This should reduce excess contention and lock timeouts.
Previously, it used a pre-commit hook which ran just before the
end of the DB transaction round.
Also removed unused User::incEditCountImmediate() method.
Bug: T202715
Depends-on: I6d239a5ea286afb10d9e317b2ee1436de60f7e4f
Depends-on: I0ad3d17107efc7b0e59f1dd54d5733cd1572a2b7
Change-Id: I0d6d7ddd91bbb21995142808248d162e05696d47
Enforce partial blocks and display a slightly different block
notice depending on if the block is sitewide or not
Bug: T197117
Depends-On: I675316dddf272fd0d6172ecad3882160752bf780
Change-Id: I8a3635a4a04a33912eb139b7b13c4bd874183d31
When this was originally written, the plan was to read both the old and
new fields during the transition period, while stopping writes to them
midway through. It turns out that the WHERE conditions to do read-both
correctly are generally not handled well by the database and working
around that would require a lot of complicated code (see what's being
removed from ApiQueryUserContribs here, for example).
We can simplify things greatly by instead having it write both fields
during the transition period, reading from the old for the first part
and the new for the second part, as is being done for MCR.
Bug: T204669
Change-Id: I4764c1c7883dc1003cb12729455c8107319f70b1
Depends-On: I845f6ae462f2539ebd35cbb5f2ca8b5714e2c1fb
Depends-On: I88b31b977543fdbdf69f8c1158e77e448df94e11
Add wfDeprecated for User::checkPassword(), User::setPassword(),
User::setInternalPassword() and User::checkTemporaryPassword().
With AuthManager mediating between the caller and a set of
authentication providers in a potentially multi-step process,
a password check or change now cannot always be expressed
with a single-step succed-or-fail process. Callers should use
AuthManager::beginAuthentication() with a PasswordAuthenticationRequest
for password checks, and AuthManager::changeAuthenticationData()
for a password change.
Bug: T91699
Change-Id: Ib0ae8f1ff10ae6c2655d529db8b3a32e0cb489b0
None of the current translations use of "&", "{" or "[", which
presumably means they don't require tranformation. I'd also
very much prefer such dynamic constructs not be added into
this system which would make it rather unpredictable given these
reserved usernames shouldn't change from time to time.
The only match for the below command is qqq.json,
> $ git grep -E '"(double-redirect-fixer|usermessage-editor|\
> proxyblocker|sorbs|spambot.username|autochange-username)"\
> ' | grep -E '[{&[]'
This code was originally introduced with r37928 (5ad5cb4f0a),
which used wfMsgForContent() and made no explicit mention of
transformation, it just happened to be the default. Later, when
that function was deprecated, it got batch-replaced by
->inContentLanguage()->text().
Bug: T189966
Change-Id: Ia4ddf215e83f15de552f8311b9e737559c72b49a
This hook is created specifically for I379e17c.
The purpose of this hook is to override UserGetRights hook and ensure
that the removed rights will not be reinserted by the other callbacks.
Change-Id: Id31b1f25f2eda012bd811f4b96aac525bc3251c4
Added spaces around .
Removed empty return statement which are not required
Removed return after phpunit markTestIncomplete,
which is throwing to exit the test, no need for a return
Change-Id: I2c80b965ee52ba09949e70ea9e7adfc58a1d89ce
Take the user_id variable out of the exception message.
To compensate and still allow one to correlate patterns relating
to a specific user (e.g. a bot), add a warning message that
still contains the variable via context. This way that warning
will also be normalised/grouped, but with the extra context.
This is separate because exceptions do not currently support
context placeholders.
Bug: T202149
Change-Id: Ic0c25f66f23fdc65821da12f949c6224bc03f9b3
To limit the likelihood of incidents like T189665, the ability to
edit sitewide CSS/JSON/JS is split out from editinterface, into
separate 'editsitecss', 'editsitejson' and 'editsitejs' rights.
editsitecss, editsitejs, and the right to edit another (potentially
more privileged) user's personal CSS/JS is removed from sysops, and
a new user group, interface-admin, is created specifically for that
task (along with a new grant group 'editsiteconfig').
interface-admin is granted to the first user of a new wiki, along with
sysop and bureaucrat.
Bug: T120886
Bug: T190015
Depends-On: Ia9b2ea1450aff6121dc0f3777bf029292c8aaad9
Change-Id: Ifefd872640642441e26f8b2f144ffe4b88d2eb12
This normalizes handling of transformations on the boundaries between
preferences and generic form controls and removes the special case
where email-blacklist is passed around as an array internally, leaking
into the API.
As a result of this normalization, meta=userinfo no longer returns an
array of users, using the internal representation like action=options.
Bug: T198935
Change-Id: Iff63da0d215585cfcf083e7f7ec8ed45d5b77301
This change replaces deprecated language codes in the user options by
the new language codes when loading the user setting from database.
The database entry for the user gets updated with the new language code
when the user saves the preferences.
Bug: T131042
Change-Id: I1dd6fb1f240ce3319b132d0f29f0622fba33e655
This introduces PageUpdater to replace WikiPage::doEditContent,
and DerivedPageDataUpdater, to replace WikiPage::doEditUpdates
and WikiPage::prepareContentForEdit.
See docs/pageupdater.txt for a description of their
functionality.
MCR migration notes:
* The interface of PageUpdater is expected to
remain mostly stable after this patch. Code that has been using
WikiPage::doEditContent can be confidently migrated to using the
new mechanism for revision creation.
* This patch keeps the code inside PageUpdater largely aligned
with the old code in WikiPage, to make review easier to to avoid
mistakes. It is intended to be refactored further, moving
application logic into stateless services.
* DerivedPageDataUpdate is intended as a stepping stone for further
refactoring. Its behavior is designed to be compatible with
callback code that currently relies on
WikiPage::prepareContentForEdit. Much of the code that currently
lives in DerivedPageDataUpdate should be factored out into
services, all behavior relevant to calling code should be exposed
via narrow interfaces.
Bug: T174038
Bug: T196653
Change-Id: If610c68f4912e89af616cdcac1d35a1be3946afa
Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
A cookie will be set when ip users try to edit and their IP has been
blocked or if they try to create an account and the block prevents
account creation
This feature is disabled by default and can be enabled by
setting the new $wgCookieSetOnIpBlock config variable to true.
Note: this is meant to discourage vandals that try to avoid blocks by
switching their ip address while editing anonymously.
Bug: T152462
Change-Id: I0b78a5e174bcd882edea39e868a08f9a347f5aba
The block reasons for "system" blocks shouldn't expand wikitext
templates immediately. That should be left for the code parsing the
block reason for display.
This should only affect how these blocks are reported to API clients, as
when the block is displayed in the web UI it's passed through the parser
anyway. The main drawback, as far as the default messages go, is that
MediaWiki:sorbsreason won't have {{SITENAME}} expanded in
the API response anymore.
Bug: T191939
Change-Id: Ib2024721ea0e26358b9b50efdac16316d6d0f0b6
