Checking the acting user against the revision's author in
DerivedPageDataUpdater::isReusableFor would lead to false
negatives.
Also removes a check of the current acting user against the
cached revision's author, for the same reason: for null edits,
the acting user and the revision author are unrelated.
Bug: T205369
Change-Id: I48f59dce6c25062b3d6ff4248e1171269766c507
Added __EXPECT_UNUSED_CATEGORY__ as a behavioral switch. Adding
this switch to category pages prevents them from appearing in
Special:UnusedCategories.
Bug: T96041
Change-Id: I055e59f5311347155e0f801dd5ec9a6d4a68c9cc
The current phrasing for non-editing partial blocks was not clear.
Adding 'specified' as part of the message to avoid confusion.
Bug: T208806
Change-Id: If6fe6397060a38dd5036d2c0c1d58aa9e798ecc1
Remex is pure PHP so there is no reason to use an external tidy any
more. Configuration variables and implementation classes were
deprecated in 1.32 or earlier. We've kept only $wgTidyConfig
which can be used for experimental features or debugging Remex.
Bug: T198214
Change-Id: I99d48f858d97b6e1d1e6cd76a42c960cc2c61f9f
The method over-enforces partial blocks by preventing users from performing
the action on unrelated pages.
Bug: T209284
Change-Id: I4ee0e7c0188d491cf8fc0bbbbf7e492cdf309f45
Currently, not all actions are processed by User::isBlockedFrom(). This results
in users who are partially blocked from specific pages to be blocked from
moving and deleting all pages.
Bug: T208862
Change-Id: I6312a36911e5b73d773452fefef7ff25b9af08a4
So that using this hook it's possible to prevent the move, also
providing some more context.
Also, clean error message: instead of going with "you do not have
permission blah blah" for *every* kind of error, use it only when the
error is actually about permissions, and use a generic message
otherwise.
Bug: T208907
Change-Id: I4733724075b7514e9db59e7be772d9409aa9da87
This adds a method to LinkFilter to build the query conditions necessary
to properly use it, and adjusts code to use it.
This also takes the opportunity to clean up the calculation of el_index:
IPs are handled more sensibly and IDNs are canonicalized.
Also weird edge cases for invalid hosts like "http://.example.com" and
corresponding searches like "http://*..example.com" are now handled more
regularly instead of being treated as if the extra dot were omitted,
while explicit specification of the DNS root like "http://example.com./"
is canonicalized to the usual implicit specification.
Note that this patch will break link searches for links where the host
is an IP or IDN until refreshExternallinksIndex.php is run.
Bug: T59176
Bug: T130482
Change-Id: I84d224ef23de22dfe179009ec3a11fd0e4b5f56d
PHP JSON decoding has surprising behavior on some edge cases.
Documented this via comments, added related tests, and tweaked
related CommentStore code.
Bug: T206411
Change-Id: I6927fdaf616b37a04d81a638a0ed257afac9b844
Using domains means thats JobQueueDB has the right value to use for calls
like LoadBalancer::getConnection(). The full domain includes the schema in
the case of Postgres. This makes calls to getConnection() less awkward by
not relying on the fallback logic in reallyOpenConnection() for null schemas.
Make getWikiIdFromDomain/isCurrentWikiDomain account for the schema if it
is both defined and is not simply the generic "mediawiki" schema MediaWiki
uses by default. If all wikis use the default schema, the wiki IDs can get
by with DB/prefix alone, which various config and methods may be built around.
Otherwise, the config callbacks must account for schema and the config must
include it in various wiki domain ID lists to properly disambiguate wikis.
Also, clean up SiteConfiguration::siteFromDB() since it is not meant
to handle schemas unless the callback method was taylored to do so.
Finally, add more comments to DefaultSettings.php about already existing
limitations of wiki domain IDs and their components.
Change-Id: I8d94a650e5c99a19ee50551c5be9544318eb05b1
Remove all functions that have been hard (or superhard, with exceptions)
deprecated previously. They all had no callers with one exception:
* getTimezoneOptions() is called from 3rd party extention, already broken
anyway.
Mark the remaining functions for removal in 1.34, where whole class
will become {{db-empty}}. They in principle have no callers already, but
let's follow the proper process and give extension developers a bit more
time.
Change-Id: I0e3e98ed1e6242b6ab7c5f21d71478c392fe89a9
Future parsers will not support the output generated with tidy disabled.
Parser tests using untidied output will also be deprecated (and
rewritten) in a follow-up patch.
No new release notes necessary since user-visible tidy configuration
was deprecated previously (in 1.32), and individual methods which had
disabled tidy during execution were individually release-noted as they
were updated.
Bug: T198214
Depends-On: I0f417f75a49dfea873e9a2f44d81796a48b9f428
Depends-On: If5c619cdd3e7f786687cfc2ca166074d9197ca11
Change-Id: I592e0e0dfef7d929f05c60ffe4d60e09725b39cc
The fix applied in d67121f6d took care of the immediate issue in
T208398, but after further analysis it was not a correct fix.
* Near line 770, the method shouldn't even be called unless the target
is TYPE_USER.
* Near line 1598, it isn't dealing with a target at all.
* Near line 1813, you're not going to get a sensible result trying to
call `$user->getTalkPage()` for a range or auto-block ID. What you
would really need there to handle range and auto-blocks correctly is
to pass in the User actually making the edit.
But after some pushback in code review about passing the User into
Block::preventsEdit() to make line 1813 work, we'll instead replace the
method with Block::appliesToTitle() and put the check for user talk
pages back into User::isBlockedFrom().
Bug: T208398
Bug: T208472
Change-Id: I23d3a3a1925e97f0cabe328c1cc74e978cb4d24a
The regex in JavaScriptContent and CssContent was trying to pass
urlencoded stuff to Title::newFromText(), which would fail. Make sure we
urldecode it first.
Bug: T208264
Change-Id: I189c4c308da2875839ad8c1061332500f0e6d244
$r->getIP() should return what was set by $r->setIP(); currently
that breaks for DerivativeRequest as get reads from the base but
set writes on the derivative.
Change-Id: If30c233931ceb1ca05da8866da3c3ab78de1a339
Non-breaking change. Remaining uses are public interfaces (a constant, two
globals, a config sub-parameter, SQL queries, storage function names), one i18n
message key, and a whole lot of maintenance scripts with calls to the deprecated
function wfWaitForSlaves().
Change-Id: I6ee5ca92ccf6a80c08f53d9efe38ebb4b05064d7
Previously, they were always displayed in defult language unless
forced explicitly in wikitext, e.g. [[File:Foo.svg|lang=ru]].
This change adds a feature flag that would enable always trying to
display in page language.
* If enabled, Parser will pass a new parameter - 'pagelang' - to
the media handler.
* SvgHandler uses page language when determining what language to
render the image in.
* 'pagelang' can always be overridden by 'lang'.
* If no translation in page language is available, the default
language (English) will be used for thumbnail URLs, to prevent
cluttering media storage and HTTP caches with useless copies.
Performance: this requires accessing image's metadata during parsing.
My testing indicates there were no code path where this wasn't the
case already, so no performance hit is expected, however we should
still keep an eye on page save performance.
Bug: T205040
Change-Id: I348840ef405e1370cc0c17d69051bce30153c9c0
Also improved the atomicity and affected row count logic for
insert/replace with sqlite.
Also remove unused "fileHandle" code from insert().
Change-Id: If7b9148fd44f3a958899885753c7c86ba66bf193
Use these in place of various wfWikiID() calls.
Also cleanup UserRightsProxy wiki ID variable names and removed unused
and poorly named getDBname() method.
Change-Id: Ib28889663989382d845511f8d34712b08317f60e
The OutputPage::parse() and OutputPage::parseInline() methods behave
misleadingly different from the OutputPage::addWikitext*() methods:
they don't tidy their output, they have different defaults for
interface/content language selection, and they (sometimes) add
wrapper divs. Deprecate these and add new methods with tidy output,
clear language selection, and consistent defaults:
OutputPage::parseAsContent(), OutputPage::parseAsInterface(),
and OutputPage::parseInlineAsInterface().
Unify the implementation of the parse* methods with the addWikiText*
methods, to reduce the likelihood that the behavior will diverge again
in the future.
Bug: T198214
Change-Id: Ica79c2acbc542ef37f971c0be2582ae771a23bd0
We should probably strip the <div> wrapper in OutputPage::parse() as
well: this behavior was added in 1.30, but it only applies when
$interface is false. However, that requires a more careful audit
(a lot more places call parse() than parseInline()) and so I'll defer
that for now.
Change-Id: Iad5412f03af29c04deb653969dd71f6c86f0ae50
This should reduce excess contention and lock timeouts.
Previously, it used a pre-commit hook which ran just before the
end of the DB transaction round.
Also removed unused User::incEditCountImmediate() method.
Bug: T202715
Depends-on: I6d239a5ea286afb10d9e317b2ee1436de60f7e4f
Depends-on: I0ad3d17107efc7b0e59f1dd54d5733cd1572a2b7
Change-Id: I0d6d7ddd91bbb21995142808248d162e05696d47
Also do so in various other test classes.
Follows-up 170c49d61c. Fixes Travis CI regression:
> 1) MediaWiki\Tests\Revision\MutableRevisionRecordTest::testSetGetPageId
> Failed asserting that 2 is identical to 0.
> tests/phpunit/includes/Revision/MutableRevisionRecordTest.php:129
Change-Id: I41c8bda8e620ebe7608a393d81f3b0f13af68ba7
The rd_fragment field is 255 bytes wide, but there is no limit on how
long title fragments can be. We don't want to let the database silently
truncate the fragment for us, because that can result in invalid UTF-8.
Instead, truncate it before insertion in a UTF-8-aware way.
Bug: T207876
Change-Id: I12745f3f4c174eaced56d80f3661a71d0e5637e6
Tidy will always be enabled with our future parsers. Hard-deprecate
this method which doesn't tidy the output.
Users of `OutputPage::addWikiText()` will be converted one-by-one to
`OutputPage::addWikiTextAsInterface()` so that any unexpected issues
(deliberately untidy wikitext added, which should be rare) can be
addressed.
Bug: T198214
Depends-On: I778ba9e6efed576605f492c9a073c7203b6c0477
Depends-On: I16529879a3b3aed960c5dc006e2af513d7e91fcd
Change-Id: If8353c37245d9d233d589f82c198668ccb3fce05
The ApiQueryBlocks and ApiQueryUserinfo endpoints will now return whether or not the block is
sitewide or partial. Partial block restrictions can be returned with ApiQueryBlocks.
Bug: T197141
Change-Id: I76eb4cac4dc989c621a00a39996faebd0eb9892c
The Special:BlockList page will be updated to show details from the Partial
Block within the "Block parameters" column. The format of the column will
change to make the details more readable.
Bug: T197143
Change-Id: Ibd79b049d93e427c2d541f8ef93005847482ef59
Enforce partial blocks and display a slightly different block
notice depending on if the block is sitewide or not
Bug: T197117
Depends-On: I675316dddf272fd0d6172ecad3882160752bf780
Change-Id: I8a3635a4a04a33912eb139b7b13c4bd874183d31
Block information needs to be more detailed if a block is not
sitewide. With this change, page restrictions will be visible
as part of the block information in Special:Contributions,
Special:Block, and Special:Log and via API
Bug: T197108
Change-Id: I5d2ef606f709bdd60bf52e2a048890b0f6360fca
Make the necessary UI changes to Special:Block in order to set/update
partial blocks.
Bug: T197109
Change-Id: Ib3067824b5dcbdd893ab1f165d169a35d0716cb2
Partial blocks logic will be used in multiple places. This
classes will group block restriction functionality to avoid
code duplication
Bug: T202036
Change-Id: I675316dddf272fd0d6172ecad3882160752bf780
In d59f27aeab we made
LanguageConverter::validateVariant() try harder to convert a variant
into an acceptable MediaWiki-internal form, looking at deprecated
codes and BCP 47 aliases. However, this misled Language::hasVariant()
into thinking that bogus names (like all-uppercase strings) were
acceptable variant names, which then led exceptions when they were
passed to the various conversion methods.
This is a belt-and-suspenders patch for T207433 -- in that case we
shouldn't have created a Language object with code 'sr-cyrl' in the
first place, but once one was created we shouldn't have tried to
ask LanguageSr to convert texts to 'sr-cyrl'. The latter problem
is fixed by this patch.
Bug: T207433
Change-Id: Id993bc7989144b5031a551662e8e492bd23f698a
The hooks that used to be called by this class will be removed in
I24d6fa963. The only reason to keep this class around is that
someone might have added it to $wgAuthManagerConfig so removing
it would trigger class lookup failures, so make sure any use
of the class triggers a deprecation warning.
Change-Id: I9755288eda7461ecf3dcd35de2081fbb3eb04ae3
These were introduced in MW 1.17 and are always true in production.
They were useful to allow folks to defer title conversion, but it's
been a long time now. We don't need to make this optional any more.
Change-Id: I65dcfe80dc3e1dfeb4d63924a8928655e012a20c
Setting the Title by calling setTitle clears the WikiPage, and the
next time getWikiPage() is called, it will be lazy-initialized to a
different instance of WikiPage.
This is mostly okay (the behavior has been like this for years and no
one noticed any problems), but it turns out that some extensions
(ConfirmEdit) use custom properties on the WikiPage object to pass
data between different hooks, which are lost when it's re-initialized.
Bug: T207065
Change-Id: I2881895f337bcfb1f86d5fc5a994fa9b0dcc768a
With this change, adding large numbers (500+) of items to one's Watchlist via
Special:EditWatchlist/raw will no longer trigger DBPerformance warnings
for "max affected rows expectation not met". The same code mechanism is added
for bulk removal of watchlist items.
Bug: T171898
Depends-On: Ia0f496b8bfb2b68217d0f45f892045538494bfdc
Change-Id: I832b1843d1341b05227cdee2549bdcefa21eb300
The documentation says "This must be a valid SQL fragment", but as
written it breaks if given anything other than a field name. It's easy
enough to fix by adding an alias to the internal select() call.
Bug: T201781
Change-Id: I76428af6d3aadc266254fdb24109a0ac2db3761f
Special:RedirectExternal is an unlisted special page that accepts a URL as
the first argument, and redirects the user to that page.
Example: Special:RedirectExternal/https://mediawiki.org
At the moment, this is intended to be used by the GrowthExperiments project in
order to track outbound visits to certain external links. But it could be
extended in the future to provide parameters for showing a message to the user
before redirecting, or explicitly requiring a user to click on the link, which
could help improve security when users follow on-wiki links to off-wiki sites.
Bug: T207115
Change-Id: I822af14a84569aab22249e2f16a662a60e60f76a
Without this patch, getRevisionText would fail silently (by
returning false) when the text table no longer gets joined,
due to the switch to the new MCR schema.
Bug: T205808
Change-Id: Iffc25c82a5d2b865c28070c76156d39d390cc675
This change ensures that the output is tidy, and is necessary to support
future parsers which will not be able to produce untidy output.
Bug: T198214
Change-Id: I743f4185a03403f8d9b9db010ff1ee4e9342e062
This patch introduces a new method,
OutputPage::wrapWikiTextAsInterface(), which wraps the result of
OutputPage::addWikiTextAsInterface() in a tidy and robust way that
won't break if the wrapped message contains double newlines, extra
</div>, or other nasties.
This replaces a common unsafe pattern:
$output->addWikiText( '<div class="..."' .... '</div>' );
Bug: T205624
Change-Id: I1040c7cf0ec1f5c4bef7c06d4486f50d85f2dc0f
We are incrementally removing places where the parser is used with
tidy disabled, since future parsers will not support such operation.
Bug: T198214
Change-Id: I0f417f75a49dfea873e9a2f44d81796a48b9f428
Also clean up empty schema handling in DatabaseDomain
This reverts commit f23ac02f4f.
Bug: T193565
Change-Id: I95fde5c069f180ca888a023fade25ec81b846d44
Follow up to a3d6c1411d.
This avoids extra queries for messages that have a software defined value.
Bug: T193271
Change-Id: I25aa0e27200a0b417721cf1fbd34a82095405b89
T194585 raises a use case for callers to be able to know why an action
is not allowed. We can make that possible easily enough. The default
remains to return only a boolean.
This also deprecates inprop=readable in favor of intestactions=read,
since they both just return `$title->userCan( 'read', $user )`.
(ApiQueryInfoTest added by David Barratt)
Bug: T194585
Change-Id: Ib880f0605880eac776d816ea04e0c7ab9cfbaab1
Co-Authored-By: David Barratt <dbarratt@wikimedia.org>
PHP 7.3 doesn't like it if session_id() is called when the session has
been started, so we need to be sure to close it first in a few tests.
Bug: T207112
Change-Id: Ief36c1bb7b5c9066f158b5bb0d6d785a7f7ddd3c
Asking users to select from a list that is in a namespace
other than their user language can be quite difficult.
Transition a number of use cases. This was applied via a flag
to avoid unexpectedly changing extensions also utilizing
the namespace selector.
Pages updated:
* Special:Search
* Special:Watchlist
* Special:RecentChanges
* Special:Contributions
* Special:Import
* Special:WhatLinksHere
Bug: T174057
Change-Id: I3fdac72179a124849ef7ad1e0e54eb66396c3c6e
The tests here were only testing when user and content language
are the same, but the way things are rendered when they differ
is perhaps more interesting as it allows ensuring the two are used
in the correct places.
Change-Id: I357f50b082882fee485a95323d3a0a7cadb9a63c
The `Key` header was a draft IETF specification which expired without
becoming a standard. It does not appear to be in active use anywhere.
Change-Id: I3924a1b5ff428b107573d2827c40e4af8adaaeb1
Instead of passing the LoadBalancer and than get the LBFactory from the
service,
store the LBFactory on creation
Bug: T206601
Change-Id: I4c0d3712da591b2c5ddf2a65855d2cc9142417d2
