Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Change-Id: Ifbb1da2a6278b0bde2a6f6ce2e7bd383ee3fb28a
Removed the option 'Justify paragraphs' from MW Preferences
as it is not a necessary option there.
Added RELEASE NOTES.
Bug: 52810
Change-Id: I1fe6a5857070828726077e6ba229b786c017c858
The table of contents box is auto-inserted, can trivially be hidden or
exposed on a per-page basis with __MAGICWORDS__, includes a sticky
[show|hide] link, and can be easily hidden with site-wide CSS as
necessary. It needlessly adds complexity and user interface clutter.
Bug: 52813
Change-Id: If2139317dae4aa980b373c73d7b81dac627b5af8
Unwanted user preference option in MW adding to the clutter.
Users interested in hiding section-edit links can use per-user
(or site-wide) CSS.
Removed 'editsection' from Defaultsettings.php and
ResourceLoaderUserCSSPrefsModule.php
Updated Release Notes
Bug: 52811
Change-Id: I5fc49106621943ca7180ddb37590b624edac67d5
Split the variable assignment and the return statement in two lines for
better readability.
When there was two return statements in one method the logic was swapped
to have only one return statement.
Change-Id: Id7a01b4a2df96036435f9e1a9be5678dd124b0af
There was a discussion [1] on this on Persian Wikipedia and users
don't want it actually. It is such an UI inconsistency and detecting
links based on their color is hard. It may have problem on Amiri font
but not on System default font and Persian Wikipedia fonts.
[1] https://fa.wikipedia.org/wiki/MediaWiki:Common.css?oldid=10552148
Change-Id: I8168baff1b9e64d0c79dcd7a896b9cbeeed0b266
This requires minor changes in various parts of MediaWiki, and
being extra careful about cached rendered pages' HTML.
Fun fact: editsection links are not made in Parser. They're made in
Linker, in Skin *and* in ParserOutput.
Client-side code and screen-scrapers will have to be adjusted to
handle both cases (old HTML will still be visible on cached page
renders until they are purged); extensions using the DoEditSectionLink
or EditSectionLink hooks might need adjustments as well.
* Linker: Change the HTML of pages to move the link itself from the
beginning of the heading (before <span class="mw-headline">) to the end
of the heading (after the span).
* Skin: Change the class from .editsection to .mw-editsection; we use this
opportunity to clean up old cruft, and this makes it much easier to
handle cached renders (by just detecting the old class).
* ParserOutput: Implement a horrible hack to support cached parser
outputs with the old order of items.
* Ensure everything that should support both classes supports both
classes (this includes print stylesheets and some scripts).
* Implement styles for the new look for all the skins (did this in
shared.css; the styles are non-intrusive and can be overridden
easily, and all of the skins were using the same look before).
Change-Id: I6a6c12a90de3604012420b20c1f520e0ece170ab
If the editfont preference somehow had a value like "foo; color: blue",
we have a CSS injection problem. Normally preference validation should
protect against that, but the API module for setting preferences doesn't
perform any validation.
Change-Id: I5c12aa9a48bf4f6ea4a8fb44554d13189e7757fb
* (bug 35317) CSRF in Special:Upload
Revert r56793, which removed the CSRF check for Special:Upload for normal file
uploads. Cross-site posting of file uploads without user interaction has been
possible since at least as early as Chrome 8 (late 2010) and Firefox 6 (mid
2011).
Commonist has used api.php since version 0.4.0 (April 2010), and the API
already requires an edit token, so Commonist 0.4.0+ is not affected by this
change.
* (bug 34907) Fix for CSRF vulnerability due to mw.user.tokens. Patch by Roan
Kattouw and Tim Starling.
* Filter out private modules early in ResourceLoader::makeResponse() and just
pretend they weren't specified. This means these modules cannot be loaded
through load.php . This filtering must not happen in makeModuleResponse(),
because that would break inlining.
* Force inlining of private modules in OutputPage::makeResourceLoaderLink(),
disregarding $wgResourceLoaderInlinePrivateModules
* Remove $wgResourceLoaderInlinePrivateModules
* Remove special treatment of private modules ($private) in
ResourceLoader::makeResponse() and sendResponseHeaders(), because we're not
allowing private modules to be loaded through here any more
* Remove identity checks in ResourceLoaderUserOptionsModule and
ResourceLoaderUserCSSPrefsModule, they didn't make a lot of sense before but
they're certainly useless now.
* Factored out error comment construction in ResourceLoader.php and stripped
comment terminations from exception messages. I didn't find an XSS
vulnerability but it looked scary.
Patchset2:
Removes whitespace error that prevented automatic merge by Gerrit:
includes/resourceloader/ResourceLoaderUserOptionsModule.php
Change-Id: I2dec8b8caf9db3c64919763865cc10cccdd6a1a3
