Previously, getCacheTime would default to the current time, potentially
causing the return value to change over subsequent calls. With this change,
the value is determined on the first call, and then remembered for subsequent
calls.
Bug: T205464
Change-Id: If240161c71d523ad5b0d33b9378950e0bebceb6e
Various miscellaneous clean ups with no change to any of the
logical code. This to make the next commit have a cleaner diff
for easier review.
* Make internal millitime() non-static.
* Improve documentation and add missing @covers annotations.
* Correct getTimestampedID88() documentation to state that
only two values need to be passed, not three.
This is significant because the Flow extension is actually
using this method in a subclass and passes only two values.
Bug: T94522
Change-Id: I2a0c51bea58df4cc0c253c1c10de3ac383f04c8e
Return existing errors instead of empty array in checkUserConfigPermissions().
Returning an empty array wiped out previously-found errors.
Also add test coverage for patrol action.
Bug: T206130
Change-Id: I2df0551c5837adc578b27082ab6ba2ac95d937f8
Transactional databases normally roll back when a connection is closed
with an open transaction rather than committing them, so MediaWiki
committing them is unexpected.
There are two cases being changed here: automatic transactions without
writes and manual transactions. For the former it shouldn't make a
difference if we commit or roll back since no writes were done anyway.
The latter has logged a message since MW 1.31 (I0992f9a8), and that
warning has not been logged in Wikimedia production in the past 60 days
so we should be ok there too.
Bug: T206147
Change-Id: Ieceef4deb49044db8f0622d38ee76c9d9f39704c
Otherwise I get errors every time I try to run PHPUnit on includes/ or
includes/parser, because it tries to run ParserIntegrationTest.php and
fails. Apparently the <exclude> in suite.xml doesn't work if PHPUnit is
invoked on a directory.
Bug: T201278
Change-Id: I7d09576bee2705d8516152e8fa671da8dac40233
Let's see if they work now that services are reset between tests.
This reverts commit 7f843b0c04.
Bug: T201776
Change-Id: Iea7c74f8c77a97d83385b4399e500cf8129a1158
image_comment_temp was always intended to be temporary, until an
expensive schema change on Wikimedia Commons's image table could be
done. Now that that has been done, stop writing image_comment_temp and
add a migration script to copy existing data into img_description_id.
Ic8efeddc will remove the reads from image_comment_temp and drop the
image_comment_temp table.
Bug: T188132
Change-Id: Iab5f521577a415b2dc213b517ee8a0dca4fdd0aa
The old behavior was that the audience was RAW if the revision object
parameter got passed in, otherwise PUBLIC. This was undocumented and
not used outside core; this patch gets rid of it in favor of an
explicit argument.
Bug: T205578
Change-Id: Ic7cdb38f658f6d85c48ff13c7f84c64a45c9b1ee
For preferences like 'skin' that have a limited number of values, null
is not a valid value, thus attempts to reset them fail with
"Validation error for \"skin\": This value is required."
Bug: T65080
Change-Id: I86554a6d30c8ab970740d8682fb2261476de0677
This change adds the possibility to specify ext-* keys under the 'platform'
key introduced in I6744cc0be2 to require given PHP extensions. Note that
it's impossible to add constraints different from '*', as there is no universal
way to retrieve PHP extension versions.
Bug: T197535
Change-Id: I510de1e6d80f5c1d92dc1d1665aaa6c25bf28bf7
Seeing {closure} in the logs as caller is not helpful
Also add some missing caller name, which avoids Database::query as
caller in the logs
Change-Id: I3cab186cd63b295d1e4d1ca5232bc81925a85eb0
The translate extension registers the LanguageLinks hook which is run by
OutputPage::addParserOutputMetadata with a Title as an argument. If
our mock doesn't provide a valid Title, then
PageTranslationHooks::addLanguageLinks() in Translate will throw a
TypeError in OutputPageTest::testParserOutputCategoryLinks().
Change-Id: I495c51731670f841e5ab752a3a1e014c86ef643d
wgStructuredChangeFiltersShowPreference, wgStructuredChangeFiltersShowWatchlistPreference,
and wgStructuredChangeFiltersOnWatchlist were introduced for progressive rollout
of the RCFilters app on RC and WL.
These variables and their related conditional code is no longer needed.
Bug: T196033
Change-Id: Id3799fefd21cd9bea0e089a5e12576ee9ea1085e
There are three methods affected: `OutputPage::addWikiTextTidy()`,
`OutputPage::addWikiTextTitleTidy()`, and
`OutputPage::addWikiTextWithTitle()`.
There's a special case in Parser.php which adds the wrapper class from
ParserOptions to the ParserOutput only if "interface mode" is off; the
affected methods default to adding output in "content language" mode
(not "interface language" mode), but they seem to be used for
"interface messages in the content language" (rare) and so should also
be unwrapped. This would make all the `OutputPage::addWikiText*()`
methods consistent.
The `OutputPage::addWikiTextTidy()` method is only used once in the WMF
repositories, where it is used to insert an interface message in the
content language:
91cd2a928f/SpecialProofreadPages.php (40)
The `OutputPage::addWikiTextWithTitle()` method is used by no one:
https://codesearch.wmflabs.org/search/?q=addWikiTextWithTitle%5C(
The `OutputPage::addWikiTextTitleTidy()` method is used only in core:
3888c001a1/includes/EditPage.php (2669)
It seems clear that the output in this case is intended to be
unwrapped as well (the codepath adds its own explicit wrapper).
Ia58910164baaca608cea3b24333b7d13ed773339 will add additional
documentation to clarify the distinction between the different
OutputPage::addWikiText*() methods, but I felt it safer to make
this particular change first as a standalone patch, just in case
it had unexpected side effects or merited further discussion.
Change-Id: I3e5b598d358819191562b56d40ebf1cb6f3cda41
`OutputPageTest::testMakeResourceLoaderLink()` and
`OutputPageTest::testBuildExemptModules()` tried to force
`$wgResourceLoaderDebug=false` before running the test, but they
neglected to clear the resource loader debug cache
(`ResourceLoader::clearCache()`) so the user's local setting of
`$wgResourceLoaderDebug` would be used despite it all.
Change-Id: I3e7dec762c8a02683fc66a630c950b72a4840a9b
Tests should not interfere with each other; disabled deprecation
warnings should be disabled for a single test case only.
Bug: T191960
Change-Id: Ic9b892bc83ba6d71c1077df0d93c95dde36988bb
This will be unsupported by future wikitext parsers, which always
construct well-formed HTML.
Bug: T198214
Change-Id: Ic189cd1b38bca5b9ec0ef9810555fe0cbd8b733d
Follow up to efaaa2c1d6 (which was a
follow up to Iae0e2ce3).
These are exposed when T191960 is fixed.
Change-Id: I7c517b5a7cccfe9c324d0a9eeb7d774aa1be8adb
We already had a $filterCacheVersion variable, but it was
only used for the internal cache for JS and CSS minification,
which is not enough. If there is a breaking change in either
of these processes, we also need to invalidate version hashes.
This commit renames ResourceLoader::$filterCacheVersion to
ResourceLoader::CACHE_VERSION and takes it into account in
getVersionHash(). Adding it to getDefinitionSummary() is not
sufficient, because content-hashed modules also need to be
invalidated when there's a breaking change in the minifiers.
This cache version can also be incremented when there's a
breaking change in image embedding or LESS compilation,
although content hashing deals with that already, so we
could also add a separate cache version for those that's
only added to getDefinitionSummary().
Bug: T176884
Change-Id: Ife6efa71f310c90b9951afa02212b2cb6766e76d
This seems quite nuclear. I'd actually like to deprecate the
wgCacheEpoch variable more generally in favour of a handful
of more specific version constants, but as starting point,
remove it from the hash used for load.php urls and localStorage
keys.
The latter is also controlled by wgResourceLoaderStorageVersion
already.
Also ref T32956 about a more standalone ResourceLoader.
Change-Id: I913f846090e82d3d822653b9b7ce22233cdb5e90
If users provide invalid input to the date option on Special:Log (most likely
an intentional thing given the calendar input widget), don't let the
TimestampException bubble up - just discard the invalid date.
Integration test included, which fails without this patch.
Bug: T201411
Change-Id: Ie1a9a84343ae4e78e076586f759917e5fd5af33c
While MediaWiki Core already sets requirements for PHP versions, it should be
possible for extensions to tighten these requirements. This mirrors the PHP
parameter of extension infoboxes as well.
This change introduces a new 'platform' key (in addition to 'MediaWiki', 'skins'
and 'extensions', where non-MediaWiki software requirements will be listed
in the future, starting with a PHP version constraint. Further keys are
supposed to be added to allow setting constraints against php extensions
and other abilities of the platform.
Bug: T197535
Change-Id: I6744cc0be2363b603331af9dc860eb8603a1a89a
This has been soft-deprecated since MW 1.26; this hard-deprecation
sets the stage for future removal of this old cruft.
Bug: T198214
Depends-On: Idf246d05d116f63a73105b50a1929a7721fbe7b9
Change-Id: I2e7d990da1da378eb6e828d4b3c0f5a41791dd92
This changes the user name to "User unknown" when constructing a RevisionRecord
from a database row that has an empty ar_user_text resp rev_user_text field.
This may cause "User unknown" to be written to the database, if the
RevisionRecord is used as the basis for a new revision that is being created,
particularly during undeletion. Since "Unknown user" is listed in
$wgReservedUsernames, this should never lead to conflicts with actual user
names.
It is assumed that empty ar_user_text and rev_user_text fields will be
fixed during migration to the new actor based database schema.
Bug: T195692
Change-Id: I506c513b019778d83741e47f0d11093f5ab67a54
Expose this constant for internal use by Navigation Timing,
so that it can compute mwLoadEnd based on when these modules
finish loading.
The way mwLoadEnd is currently computed is by building a list
of all registered module names, and narrowing it down to the
ones in 'loading' state at the time that ext.navigationTiming.js
executes. The problem with doing that, is that it is includes
various lazy-loaded modules that aren't critical to the page and
aren't meant to be tracked by that metric. For example:
* Preloading of modules from various extensions (including VE,
and Popups).
* Background chains for EventLogging schemas from mw.loader.using,
including the one started by Navigation Timing itself.
On my local install, the list of filtered down modules always
includes 'schema.SaveTiming', '...rumSpeedIndex', etc.
Exporting the list passed to the initial load() call as constant
will enable Navigation Timing to instead only await only those
modules (and their dependneices).
Bug: T204426
Change-Id: Ida134b4dfee218db16c2d1f88d4f26e8d761e154
* There is only a single non-test caller to this method in the entire
codebase, and no callers elsewhere (Wikimedia Git, Codesearch).
It's only used with an array, so remove the other unused code paths,
and mark it internal (to my knowledge, nothing ever used it outside
RL in the past, either).
* Add test coverage for the module indexing logic.
Change-Id: I9e0f95416d5b2fdd87323288231ee6d8c85d88e7
Added spaces around .
Removed empty return statement which are not required
Removed return after phpunit markTestIncomplete,
which is throwing to exit the test, no need for a return
Change-Id: I2c80b965ee52ba09949e70ea9e7adfc58a1d89ce
Certain html tags imply a word break, but our html stripping doesn't
understand that at all. Adjust the html stripping to inject whitespace
for all block level tags (per MDN) along with the <br> element.
Bug: T195389
Change-Id: I9fbfac765ea88628e4f9b2794fb54e1cd0060203
This adds getSecondaryDataUpdates and getDeletionUpdates
to ContentHandler, and updates WikiPage and DerivedPageDataUpdates
to handle DataUpdates from all slots.
Bug: T194038
Bug: T194037
Change-Id: I75c96318f58a5cdda48484f7040ae41e6f42392a
Neither SpecialWatchlistFilters nor SpecialRecentChangesFilters are used in any
code known to Wikimedia code search. The related code to use these hooks was
only ever used within the MediaWiki repo.
Change-Id: Ib631d49d7b5835c665171dbad3e8a646b80827ef
When submiting using the 'go' feature of Special:Search (standard
usecase for autocomplete) a nearby title can be selected.
Unfortunately a fragment only title is considered valid, which
sends the user to Main_Page#searchterm.
Instead don't allow a search starting with # to trigger the go
feature.
Bug: T182452
Change-Id: I8ce3ce8633e23db41ae6eafb9996ca7294f8445a
This introduces a check that allows magic words like {{REVISIONUSER}}
to still work even when an incomplete fake RevisonRecord is provided to
RevisionRenderer. In such a case, the revision is loaded from the database
if needed. This lets old code that only has access to a Content object for
rendering use that Content object in a fake RevisionRecord, instead of
having to load the full revision from the database in all cases.
Bug: T174035
Change-Id: I658eab97a8282b8943baf7968f3256da35789ec1
RevisionRecord::isReadForInsertion provides a concise way to check
whether a revision is complete enough to be inserted into the database.
Change-Id: I0c79f55c0b935bce9943163ed4c2cc8b5f9c82d5
This patch exists to see if CI passes with
$wgMultiContentRevisionSchemaMigrationStage set to
SCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_NEW.
NOTE: verify that $wgMultiContentRevisionSchemaMigrationStage
is explicitly set toSCHEMA_COMPAT_WRITE_BOTH | SCHEMA_COMPAT_READ_OLD
in production config (T197816) before merging this.
Bug: T198561
Depends-On: Ib718868d2c768b6ea851355eef047bc0e6593495
Change-Id: I15989adae2b5916577d164c50d7da88774e49324
With the new schema, undeletion does not create now slot rows.
However, when in read-old mode, we may still have un-migrated
archive rows. When undeletion based on such a row, we do need
to insert a slot row.
This also changes the return value of SlotRecord for
SCHEMA_COMPAT_READ_OLD mode from null to the negative value of
rev_text_id, for consistency. Conceptually, the emulated slots
in SCHEMA_COMPAT_OLD now have a "virtual" content ID, hich is
however distinct from any real content ID that may exist in
the future. Such virtual content IDs are however not assigned
in SCHEMA_COMPAT_WRITE_BOTH mode. In that mode, unmigrated
rows can be detected by calling hasContentId() on the main
slot. Migrated rows will return true here and provide the
id of the associated content row, even in
SCHEMA_COMPAT_READ_OLD mode. This is particularly essential
for undeletion, which needs to maintain the association
between revision and slot rows even in SCHEMA_COMPAT_READ_OLD
mode.
Bug: T174024
Bug: T194015
Bug: T183488
Change-Id: I88ee9809b9752e1e72d635d62e82008315402901
Also enable some tests for PostgreSQL that are fixed by the new version.
Bug: T195807
Change-Id: Id0d016f620662836b3a17de5f118715c1cbe3e69
Depends-On: I3bd8df5236600963be89602b2a52d0d95d640d66
This consolidates tests for getQueryInfo, getArchiveQueryInfo,
getSlotQueryInfo, and similar methods that help application logic
be compatible with different migration stages of different aspects
of the revision storage schema.
Bug: T198561
Change-Id: I8e4ae69d7e00721a0af125afaf9a708f7fe99b0a
The GetPreferences hook lets extensions register additional user
preferences. They show up on the form and that breaks the hardcoded
assertion that exactly 5 preferences are available.
Disable the hook in case the test is run with extensions loaded in (ex:
BetaFeatures).
Change-Id: I78b11e989110407cd721e8a3fbbe81d28ca4be5b
Follows-up b7b84d55d4, which embedded the whole of the three 'mediawiki'
JS files inside of startup.js, but did so inside of the pre-existing
closure that was there.
This adds some overhead we don't get value of, so best to remove
it and embed it as a sibling of startup.js in the same top-level
scope.
In local testing (Chrome stable, CPU 1/6th) this reduced startup
run-time from 73-78ms to 63-65ms.
Also:
* Declare isCompatible() as a normal function.
Disable the implicit-globals warning given this isn't a regular module,
this file is intentionally in the global scope.
* Unfold the private startUp() function to its call site.
Change-Id: Ida51ab20898c9e4ae6cbf7ad2968d88d824a1483
The PHP interface still supports it without deprecation, but there
is no need for the client to support it given it is only ever called
from the startup module, which always passes it an object.
Follows-up 6815e35575, which did the same for `state(key, val)`.
Also simplify the implementation to avoid extra calls and optimise
for the only signature.
Mark the method as @private, and change the existing use of
@protected to @private (doesn't really make sense in JavaScript).
Change-Id: I24786f90bcfb256b2e7c37f7760bba1a5e399443
Partially and temporarily reverts I1641b7995 to deal with cached
HTML the same way the old code did.
Bug: T203716
Change-Id: I29846a6513f6b580b429c0bfe6c310ada50b28bb
Try to paste and preview this in the wikitext as well as the summary
line: [[:a]] [[ :a]]
The wikitext will show "a a", but the summary line will show "a :a".
This is only a display issue, all 4 links correctly link to the
article [[A]].
Change-Id: I08253a6d0b55b9aa3eace519bbdc1a456400bf84
This injects the new, unsaved RevisionRecord object into the Parser used
for Pre-Save Transform, and sets the user and timestamp on that revision,
to allow {{subst:REVISIONUSER}} and {{subst:REVISIONTIMESTAMP}} to function.
Bug: T203583
Change-Id: I31a97d0168ac22346b2dad6b88bf7f6f8a0dd9d0
Replaces Content::getSecondaryDataUpdates with
WikiPage::getSecondaryDataUpdates so that aggregation of
data updates from multiple page slots can be handled without
the caller having to care about it.
Also adds a WikiPage::updateParserCache method for convenience.
This is a temporary measure until DerivedPageDataUpdater
(or its replacement) can be exposed directly, at which point
the WikiPage methods will be deprecated.
Also fixes a parameter handling bug in DerivedPageDataUpdater.
Bug: T194043
Change-Id: Idbe7d582b49fcb7c90aea813773b7610ad44b1a8
This allows variables defined in an outer context to be used in inner
contexts. For example:
<h2>{{foo}}</h2>
<ul>
{{#things}}
<!-- bar is a property of each thing, foo is an outer variable -->
<li>{{foo}} is a {{bar}}</li>
{{/things}}
</ul>
Bug: T203209
Change-Id: Ib0ae0fb0b4be6b161f548c79db6fb6f4b831f7c1
With a separate service for each of the NameTableStore tables, it
wasn't possible to instantiate a NameTableStore for a foreign wiki,
leading to the inelegant situation of having RevisionStoreFactory
construct a new NameTableStoreFactory every time a RevisionStore for a
foreign wiki was requested. These NameTableStore objects were not
tracked in any structured way, so there was no way to reset them for
tests.
So, introduce NameTableStoreFactory, which tracks object instances for
both local and remote table access.
This also avoids having schema details in ServiceWiring.php.
Depends-On: I5c78cfb8bf90eca935a3264592366f63517c4fad
Bug: T202641
Change-Id: Ic0f2d1d94bad9dcc047ff19a1f92db89b7e014ce
As it's quite common that extensions and skins interact with each other, it's
useful to have a simple way to check if an extension version satisfies a
given constraint, as extensions change over time.
Bug: T202955
Change-Id: I19f9713caf89d647072a2bd7d598e739be383f4a
Trying to avoid resetting services introduces a lot of complexity and
several bugs. We were doing a reset for 70% of @group Database tests
anyway.
Instead:
* Reset services at the start of MediaWikiTestCase::run().
* Capture the actual original service container instead of making a
special shared service container.
* The test-isolated local service container can now only be initialised
non-statically. Revert the recent conversion of overrideMwServices()
to static.
* Store a reference to the local service container in the test case
object. In MediaWikiTestCase, always use the original or local service
container directly, to avoid confusion about which one is active at
the time.
* Remove a lot of unnecessary teardown
* Always call ServiceContainer::destroy() before forceGlobalInstance()
since the memory is not otherwise freed.
Change-Id: I4a17c1c7ec92c14e3bc471f0216473ebe19477b9
Title::getRootText() uses the text form (spaces) of the title, while
$wgRawHtmlMessages was specifying them in dbkey form (underscores).
And add tests while we're at it. Which spotted that the existing
code didn't work. Whoops. Fixed.
Change-Id: I05eea553c588e0f99f862e07ad15386507ed0728
We can't allow the main slot to be deleted. DifferenceEngine assumes it
exits.
We also shouldn't allow parameters such as `tosection-{role}` to be used
without the corresponing `totext-{role}`. This will help prevent people
from being confused into thinking that `tosection-{role}` will do
anything in that situation (as opposed to `tosection`, which did).
Bug: T203255
Change-Id: I58573bb2c1ee68e6907ef2e88385fe36e5184076
This allows optimization for situations in which a caller
needs the meta-data of a ParserOutput, and the respective
ContentHandler can provide that meta-data without generating
HTML output.
Bug: T194048
Change-Id: I786d294d18a6a2e3cea61577313e21b578c44f1e
This significantly simplifies the getVersionHash implementation for
StartupModule, and fixes a couple of bugs.
Previously, the startup module's E-Tag was determined by the
'getDefinitionSummary' method, which combined the E-Tag values
from all registered modules, plus what we thought is all information
used by 'getScript' (config vars, embedded script files, list
of base modules, ...)
However, this were various things part of the manifest that it
forgot about, including:
* Changes to the list of dependencies of a module.
* Changes to the name of module.
* Changes to the cache group of module.
* Adding or removing a foreign module source (mw.loader.addSource).
These are all quite rare, and when they do change, they usually
also involve a change that *was* tracked already. But, sometimes
they don't and that's when bugs happened.
Instead of the tracking array of getDefinitionSummary, we now
use the 'enableModuleContentVersion' option for StartupModule,
which simply calls the actual getScript() method and hashes that.
Of note: When an exception happens with the version computation of
any individual module, we catch it, log it, and continue with the
rest. Previously, the first time such error was discovered at
run-time would be in the getCombinedVersion() call from
StartupModule::getAllModuleHashes(). That public getCombinedVersion()
method of ResourceLoader had the benefit of also outputting details
of that exception in the HTTP response output. In order to keep that
behaviour, I made outputErrorAndLog() public so that StartupModule
can call it directly now. This is covered by
ResourceLoaderTest::testMakeModuleResponseStartupError.
Bug: T201686
Change-Id: I8e8d3a2cd2ccd68d2d78e988bcdd0d77fbcbf1d4
This follows 5ddd7f91c7, which factored out response building
from ResourceLoader.php to ResourceLoaderModule::buildContent.
As optimisation, I made this method only return the array keys
needed for the current response; based $context->getOnly().
The reason for this refactoring was the creation of the
'enableModuleContentVersion' option to getVersionHash(), which
would use this method to create a module response, and hash it.
During the implementation of that option, I ran into a problem.
getVersionHash() is called by the startup module for each
registered module, to create the manifest. The context for the
StartupModule request itself has "only=scripts". But, we must
still compute the version hashes for whole modules, not just
their scripts.
I worked around that problem in aac831f9fa by creating a mock
context in getVersionHash() that stubs out the 'only' parameter.
This worked, but made the assumption that the scripts and styles
of a module cannot differ based on the 'only' parameter.
This assumption was wrong, because the 'only' parameter is part
of ResourceLoaderContext and available to all getters to vary on.
Fortunately, the 'enableModuleContentVersion' option is off by
default and nobody currently using it was differing its output
by the 'only' parameter.
I intend to make use of the 'enableModuleContentVersion' option
in StartupModule to fix T201686. And StartupModule outputs a
manifest if the request specifies only=scripts, and outputs
a warning otherwise. As such, it cannot compute its version
if the 'only' parameter is stubbed out.
* Remove the 'only' parameter stubbing.
* Remove the selective building from the buildContent() method.
This was not very useful because we need to build the whole
module regardless when computing the version.
As benefit, this means the in-process cache is now shared between
the call from getVersionHash and the call from makeModuleResponse.
Bug: T201686
Change-Id: I8a17888f95f86ac795bc2de43086225b8a8f4b78
RevisionRenderer is the MCR replacement for Content::getParserOutput,
as outlined in <https://www.mediawiki.org/wiki/User:Daniel_Kinzler_(WMDE)/MCR-PageUpdater>.
Note: This change also introduces quite a bit of code for
merging ParserOutput objects.
Bug: T194048
Change-Id: I871978bf79f67c9e7954fb3fc8528d6e365f2cc1
It's insecure to allow apps to modify their own source, that's how file
write vulnerabilities escalate to code execution.
Change-Id: I0f79b2b7c7502405a62dcb176d8be4633ce4eda5
There are three problems with the CDATA approach:
1. It doesn't work.
HTML5 already interprets the contents of <script> tags as CDATA,
which means escaping of characters like & is not needed. In fact,
in HTML5 mode, a plain script tag with <script>0&1;</script>
would be a syntax error. Indicating it is not interpreted as
text, but as CDATA. Effectively, the only thing an HTML parser
looks for is </script>.
And that's exactly the problem. Producing an inline script
containing the characters "</string>" for legitimate reasons,
is currently broken.
No alternate wrapping or setting can make it work, either.
See also:
https://people.wikimedia.org/~krinkle/200506-html-inlinescript.html
which contains:
<script>/*<![CDATA[*/
if (true && true) {
console.log('This is a <script></script> tag (original)');
}
/*]]>*/</script>
In a browser, the script is terminated by the first "</script>",
leaving the code unfinished, throwing a SyntaxError, and outputting
the rest of the script as plain text on the page.
2. CDATA is only for XML mode, whereas MediaWiki does not support
the XML/XHTML output mode (since MediaWiki 1.22). Instead, we only
output HTML (5). Code that does need to produce XML, should use the
class from Xml.php instead.
3. It gives a false sense of security.
We could just remove the CDATA code as-is and that in itself would be an
improvement per point 2 and 3, and would break nothing per point 1.
However, this commit attempts to address the underlying bug by rejecting
the characters "</script>" from input. If this is needed in a literal,
it is the responsibility of the caller to escape it in a way that is
appropiate for how it is used (string, comment, regex, etc.).
There are two ways this can be used currently in core:
* User input as exported through JSON (e.g. mw.config, or mw.messages).
This is already fine as both FormatJson::encode and json_encode handle
escape either < or / in the string by default already.
* Previews of edits to user scripts. This is currently already broken and
causes the script to end early and produce arbitrary HTML on the page.
This commit limits the impact by refusing to output such script in a
broken way. I will further address that use case in a follow-up.
Bug: T200506
Change-Id: I67ceb34eabf2f62fd3f3841b8f1459289fad28fb
Instead of applying wrapping the the parser and unwrapping in
ParserOutput::getText(), turn this around and apply wrapping in getText(),
and only if desired.
This avoids search&replace logic for unwrapping, and it also makes it a lot
easier to merge the output of multiple slots for MCR output.
This changes behavior in two hopefully irrelevant ways:
1) the limit report comments will be inside the wrapper div, instead of
following it.
2) if HTML with a wrapper div is explicitly injected into a ParserOutput
object, it will not be possible to unwrap the text.
Bug: T174035
Change-Id: I1641b7995af9bd297f1acd610d583fbf874f34e0
This existed for internal use by OutputPage, which is no longer
the case as of I11b390f2e4f5e7db.
Also move the unit tests from OutputPageTest,
to ResourceLoaderSkinModuleTest.
Change-Id: I8b23f976f5f89b1005b387a827f75031f5c96141
I confirmed that wgCommentTableSchemaMigrationStage needs to be set, and
getActorQueryFields() implies that the actor table migration stage needs
to be set as well.
Change-Id: I153ff985c8753b291d2201ebeed10515acb0cd36
This was introduced in OutputPage before support for getPreloadLinks()
was added to ResourceLoader. The introduction in ResourceLoader was
actually inspired by this original implementation.
Now that we have it, we should make use of it for this module
as well. Doing so has several benefits:
* Makes the code cleaner by not requiring every skin to implement
the extra boolean method. Instead, it naturally works. If
the skin loads the SkinModule, it gets the preload as well.
If not (such as Minerva, which has a different logo config),
then it also doesn't get the preload link.
Naturally, automatic.
* Makes code cleaner by not having static methods, and by not
having OutputPage call into a Module class.
* Fixes the problem where, if a site's logo is changed, all cached
HTML is preloading the old logo whilst the stylesheet fetches
the newer one. Causing both to be downloaded.
* Still preloads the logo well before it can render.
Change-Id: I11b390f2e4f5e7db8b4506ab547839152888005c
When loading revision slots from the new MCR schema, slot role names
and content model names need to be resolved. Doing so programmatically
based on an in-memory cache avoids having to join against two additional
table every time we load slot meta-data.
This relies on NameTableStore, which was designed for exactly this use
case.
Bug: T198561
Change-Id: Ic005931b669f9d0173ef47ac17331d44fb1141ca
Resetting the content_model and slot_role tables between test runs
requires the corresponding NameTabelStore instances to be reset
as well. We may however have many of them, buried in various services.
There is no easy way to reset them consistently.
Letting information in these tables persist between tests seems
harmless. Tests that need these tables reset can simply add them
to the tablesUsed array.
This is needed for unit tests to work with the new MCR schema.
Bug: T198561
Change-Id: I63e61e1ab74e00c20930a83d3a3f5df53092a197
The main external change here is that it can now return diffs per slot,
and the various parameters for providing text are deprecated in favor of
templated per-slot versions.
Also, this deprecates the 'fromsection' and 'tosection' behavior
introduced for T183823 (extracting a section's content for the diff) in
favor of the more logical behavior requested in T185723 (expanding
'fromtext-{slot}'/'totext-{slot}' as if for a section edit).
Bug: T200569
Bug: T183823
Bug: T185723
Change-Id: I700edfa766bbc320887f2e0b7507fcdb11e72cdc
MySQL until 8.0 and MariaDB until some version after 10.1.34 don't save
the auto-increment value to disk, so on server restart it might reuse
IDs from deleted revisions. We can fix that with an insert with an
explicit rev_id value, if necessary.
Bug: T202032
Change-Id: I14e5b6c8ec8b5f1aeb2305fae4b103665f8f6686
Move logic for rendering a diff between two content objects out of
DifferenceEngine, into a new SlotDiffRenderer class. Make
DifferenceEngine use multiple SlotDiffRenderers, one per slot.
This separates the class tree for changing high-level diff properties
such as the header or the revision selection method (same as before:
subclass DifferenceEngine and override ContentHandler::getDiffEngineClass
or implement GetDifferenceEngine) and the one for changing the actual
diff rendering for a given content type (subclass SlotDiffRenderer and
override ContentHandler::getSlotDiffRenderer or implement
GetSlotDiffRenderer). To keep B/C, when SlotDiffRenderer is not overridden
for a given content type but DifferenceEngine is, that DifferenceEngine
will be used instead.
The weak point of the scheme is overriding the DifferenceEngine methods
passing control to the SlotDiffRenderers (the ones calling
getDifferenceEngines), without calling the parent. These are:
showDiffStyle, getDiffBody, getDiffBodyCacheKeyParams. Extensions doing
that will probably break in unpredictable ways (most likely, only
showing the main slot diff). Nothing in gerrit does it, at least.
A new GetSlotDiffRenderer hook is added to modify rendering for content
models not owned by the extension, much like how GetDifferenceEngine
works.
Also deprecates public access to mNewRev/mOldRev and creates public
getters instead. DifferenceEngine never supported external changes to
those properties, this just acknowledges it.
Bug: T194731
Change-Id: I2f8a9dbebd2290b7feafb20e2bb2a2693e18ba11
Depends-On: I04e885a33bfce5bccc807b9bcfe1eaa577a9fd47
Depends-On: I203d8895bf436b7fee53fe4718dede8a3b1768bc
MediaWiki::emitBufferedStatsdData() is never called for the PerDbName factory,
so stats were being dropped. Instead of having two factories, turn the
PerDbName one into a proxy/wrapper around the main factory that just adds a
prefix in front of all of the keys.
Bug: T202144
Change-Id: I31e376446abb58e41353b4ca3814120d2e914104
And include tests :)
This code is independent of MediaWiki, but not really large enough to be
worth librarizing right now.
Bug: T200626
Change-Id: I022c074e8a708fb5219bc4ff4b53e7e31f60dc4b
fbc1449653 (Make Titles with an unknown namespace ID refer to
Special:Badtitle.) was never implemented in TitleFormatter, so let's do
that.
While we're at it, formatTitle() is now structured in the same format as
Title::prefix(), to make it easier to compare code between the two
implementations. The existing tests verify that this is a no-op. There's
a little extra indirection in getPrefixedDBkey(), which now goes through
dbkeyform -> textform -> dbkeyform, but reduces duplication of code,
which I think is worth it.
Bug: T165149
Change-Id: I4e43487a52663d2a647f9e71d487f58e25474f7a
This way it gets run during extension test runs as well.
Temporarily add a hack allowing 'wbeu' duplicates until T196962 is fixed.
Change-Id: Ic89a22a2ff4525585de9e290a1d47d22cfaaac5e
Calling SpecialPageFactory methods statically is now soft-deprecated.
SpecialPageFactory::resetList() is a no-op, and I changed tests
in core to use overrideMwServices() instead.
Methods that fell back to $wgUser now require a User object being passed.
Depends-On: Ie1f80315871085b9fd4763a265b588849d94414d
Change-Id: Id8a92d57743f790b7d8c377c033cef38d1bb24de
The following pattern of input (found in jquery.js) triggered
this bug:
call( {
key: 1 ? 0 : function () {
return this;
}
} );
The open brace changes state to PROPERTY_ASSIGNMENT (for object literals).
The colon after 'key' sets state to PROPERTY_EXPRESSION.
Each individual parts of an expression (identifiers and literal values)
is recognised with state *_EXPRESSION_OP, such as PROPERTY_EXPRESSION_OP.
The '1' after 'key:' correctly sets the state to PROPERTY_EXPRESSION_OP.
Upto there it goes well, but after that it goes wrong.
The question mark (TYPE_HOOK) in this context was wrongly switching
back to PROPERTY_EXPRESSION. That is a problem because that does not
handle TYPE_COLON, which meant '0: function' was seen together as a
sequence of continuous PROPERTY_EXPRESSION_OP where TYPE_FUNC may
not be handled.
Fixed by changing handling of TYPE_HOOK in PROPERTY_EXPRESSION to
switch states to EXPRESSION_TERNARY, and also performing a push
so that ternary handling can pop back to the property expression.
This mirrors the handling that already exists for ternaries in
the regular handling of EXPRESSION/EXPRESSION_OP (as opposed to
the variant for object literal properties).
Bug: T201606
Change-Id: I6104c839cfc3416257543b54a91b74cb4aa4193b
In PHP, `strtotime('tomorrow')` evaluates to the first midnight
after the current time.
Which means on Aug 14 at 23:59:59, strtotime('tomorrow') refers
to a timestamp merely 1 second in the future (Aug 15 00:00:00).
This causes the test to fail because this timestamp is computed
in a data provider, before the test itself starts. In order to
pass, it needs to be far enough in the future that it will also
be after the point in time where the test creates the page and
revisions in question.
Fix this by:
* ... moving it into the test itself, where even plain time()
should probably suffice, but that's for another time.
* ... using +24*3600 instead of strtotime().
Bug: T201976
Change-Id: Ice5d54af4fb7cffa8db9b657796ba6ebecdaffa0
So callers don't need to do this manually. Pointed out by Tim in T201799.
Depends-On: Ia6c36d5a650095e35093bf47e275e081e89b3daf
Change-Id: Ida62767f3ca53f99609cae01d3a20051bb92ccab
The use of global variables was deprecated in favour of
ResourceLoaderModule::getLessVars() on a per-module basis.
Also moved testLessFileCompilation case to the appropiate file as it
covers ResourceLoaderFileModule.php, not ResourceLoader.php.
Bug: T140804
Depends-On: Ib1b2808df2384473bfac47f53a5d25d7c9bbca2b
Depends-On: I96047f69d01c4736306df2719267e6347daf556f
Change-Id: If708087c85c80355c7e78f1768529b5f2e16ed07
This was supposed to already be the case, but it wasn't. The flag that
was set got cleared and never did anything.
Change-Id: Ide960f8cb9228f9a9d68c540369f122ada0a2a6f
Discovered by adding a test case that uses file_get_contents()
to pass jquery.js, and then scan the PHPUnit output for an entry
containing `return` by itself on a line where the next line
is isn't `;` - then reducing it to a test case as small as possible.
This was reduced from the definition of jQuery.event.addProp.
Bug: T201606
Change-Id: I1f907436c32630102e60e3ded7092dbeb9669fe8
I wasn't sure how to convert the rest of the occurrences in core (there
are a significant number).
Bug: T200881
Change-Id: I114bba946cd3ea8a293121e275588c3c4d174f94
Previously, $push contained:
self::PROPERTY_EXPRESSION_OP => [
self::TYPE_PAREN_OPEN => self::PROPERTY_EXPRESSION_OP
],
But $pop contained:
self::PROPERTY_EXPRESSION_OP => [ self::TYPE_BRACE_CLOSE => true ]
This meant that when a closing brace was found inside a property
expression, it would wrongly pop the stack, eventhough we are still
inside the property expression.
The impact is that everything after this is one level higher in
the stack than it should be, causing various other types to be
misinterpreted. Including in the following contrived example:
call( function () {
try {
} catch (e) {
obj = {
key: 1 ? 0 : {} // A
}; // B
} // C
return name === 'input';
} );
In the above, the closing brace at A would close the 'obj.key' assignment
(PROPERTY_EXPRESSION_OP), instead of waiting for the closing brace at B to
decide that.
Then the closing brace at B would wrongly close the 'catch' block (instead of
the 'obj' assignment). And lastly, the closing brace at C would close the
function body (STATEMENT).
This resulted in keyword 'return' being interpreted while in state
PAREN_EXPRESSION_OP instead of STATEMENT, where PAREN_EXPRESSION_OP is the
arguments list to `call()`. In an argument list, TYPE_RETURN is not valid,
which means we stay in that state, instead of progressing to EXPRESSION_NO_NL,
which then wrongly allows for a line break to be inserted.
Bug: T201606
Change-Id: I07b809a7ca56e282ecb48b5c89c217b4b8da6856
Set maxLineLength to '1' instead of messing with filler content.
This makes it easy to see all potential line-breaks, instead of only
at the 999th offset.
Bug: T201606
Change-Id: I220b145c5bc8e7d1a41efacd2a6cea738545f006
The viewBox attribute of the <svg> element allows both whitespace and
commas to be used as field separators.
https://www.w3.org/TR/SVG/coords.html#ViewBoxAttribute
Bug: T194192
Change-Id: Iae9be3e4fad3a8ffa411d7a76eee2f20cc39b718
Adding everything at the end makes the list arbitrarily ordered, and
also invites lots of merge conflicts as new things are added.
Change-Id: I58bcca4fa79140f5d5f2f6ef447e67035cc37aae
They are supposed to call overrideMwServices() instead, per
documentation. One test does call resetGlobalServices(), probably by
mistake. It can be private so other tests won't make the same mistake.
Change-Id: I11ed598fcc901d0d9951724f2d210d3a7a1482d2
This asserts current behaviour in preparation for changing it
in a later commit (see T200506).
Bug: T200506
Change-Id: I76fd15c32c763754d0825d02a49de3d9973c4f8f
- Add support for radix leading numbers like 0.41
- Add support for scientific number notation
- Add support for plus and minus signs
- Add testcases for SVGUnit parsing and scaling
Bug: T201274
Change-Id: I0446b19b0f22851d968c991007e73255f309f4bc
Previously domEval didn't have CSP nonces, causing it to violate
the policy.
Also removes the meta tag scheme, as I could not make it compatible
with how RL storage works using domEval instead of real eval() and
it didn't provide much protection anyways.
Bug: T196923
Change-Id: I3cd2d7cc295c39b498d0bf37915d4ba167fdd48c
This was naïve, the linked bug documents a case where endTag() was
called despite children of the p-wrap still being in TreeBuilder's
stack. Instead, wait for the parent of the p-wrap to have endTag()
called on it, I've submitted a patch which will clean up the node in
that case.
Bug: T200827
Change-Id: I34694813eace9cadabf2db8f9ccca83d1368cfad
This can be used to discard all values before a certain point in
time, such as periods of severe network problems or misconfiguration
that resulted in missed purges.
Change-Id: I612db8f91a5960b912e9f35645a3d3872df47460
This change adds a PHPUnit test to ApiQueryDisabled as requested in T183885.
A PHPUnit test for ApiDisabled was already in place.
Bug: T183885
Change-Id: I7726c27a5ca74ce26f095afd13af4a71babea82e
Instead of having basically every caller do:
$pf = new PasswordFactory();
$pf->init( RequestContext::getMain()->getConfig() );
Just create a single PasswordFactory via MediaWikiServices and pass that
around. Things that want to use their own config can still pass settings
via the new constructor.
This will eventually let us remove the init() function, removing the
only hard dependency upon MediaWiki, to make it easier to librarize
(T89742).
Change-Id: I0fc7520dc023b11a7fa66083eff7b88ebfe49c7b
Makes debugging test failures way easier than just trying to figure out
what errors a couple lines below mean.
Change-Id: I8e7f6b14cef0954c72b22805eee512051a2b3c86
Similar to other non-php files used by various classes/libs.
This leaves the serialized/ empty (apart from dotfiles), and as
such the directory was removed.
Change-Id: I538ffe0828843220ac4e161cf2e119deb9bd7ac0
