If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.
We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.
Issue reported by: Abdullah Hussam
Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
Having such comments is worse than not having them. They add zero
information. But you must read the text to understand there is
nothing you don't already know from the class and the method name.
This is similar to I994d11e. Even more trivial, because this here is
about comments that don't say anything but "constructor".
Change-Id: I474dcdb5997bea3aafd11c0760ee072dfaff124c
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
Change Ia9baaf0b changed the visibility of member variables (many of which are not
otherwise exposed, e.g. by a method) and by that introduced a major API change
breaking extensions.
This patch explicitly marks affected variables as public again, keeping the intent
of the original patch of making phpcs-strict pass on includes/ directory.
Bug: 67522
Bug: 67984
Change-Id: I498512b2a1e615365bb477c1fd210aaa3241ca03
It was a stylesheet loaded with our RSS and Atom feeds, intended to make
them legible when shown in a regular browser. Browsers these days tend
to have their own UI for feeds (for example IE 11 and Firefox 31), and
these that don't pretty-print the XML, which means the stylesheet
provides very little added value.
Per discussion on I6268d663.
Bug: 69277
Change-Id: I2ce9650c01f8f245707f5e88ee46520c5e598ce4
- Swap "$variable type" to "type $variable"
- Added missing types
- Fixed spacing inside docs
- Makes beginning of @param/@return/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: I783e4dbfe5f6f98b32b9a03ccf6439e13e132bcc
This change adds redirect=no in the URL of redirect entries in the RecentChanges or in the Watchlist.
Entries which are not redirects will not be affected.
Some typos in documentation were also fixed.
Bug: 890
Change-Id: I79593811d92b2f57abd742c8ba9e66769d8bc9b7
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Also added some missing @param.
Change-Id: I0056b4a8df243cfc0c5f25378de48f7a35170aca
* Ran spell-checker over code comments in /includes/
* A few spellchecking fixes for wfDebug() calls
Found one very strange (NOOP?) line in Linker.php - see "TODO: BUG?"
Change-Id: Ibb86b51073b980eda9ecce2cf0b8dd33f058adbf
Doxygen expects parameter types to come before the
parameter name in @param tags. Used a quick regex
to switch everything around where possible. This
only fixes cases where a primitve variable (or a
primitive followed by other types) is the variable
type. Other cases will need to be fixed manually.
Change-Id: Ic59fd20856eb0489d70f3469a56ebce0efb3db13
The ChannelFeed class has always been considered as an abstract class.
Looks like we forgot to update its definition since PHP switched to
support class abstractions.
Also marked abstract the three inner methods that must be extended:
ChannelFeed::outHeader()
ChannelFeed::outItem()
ChannelFeed::outFooter()
Change-Id: Ie0111786af37531d53ee3fc845e0125136ca298f
Doxygen does recognize abstract methods when it is properly marked as
abstracted. That keyword is a left.
Change-Id: I7df790058edf0eefb07eb4c37a2586b5c16898e3
* Moved constant definitions from the constructor to the class definition
* Removed default values from the class definition for members that are always set in the constructor
sed -i 's/$wgContLanguageCode/$wgLanguageCode/g'
These are now the same, always. Per and since r15827.
$wgLanguageCode wins due to being the one set by LocalSettings.
$wgContLanguageCode definition at includes/Setup.php kept for now.
