Implicitly marking parameter $... as nullable is deprecated in php8.4,
the explicit nullable type must be used instead
Created with autofix from Ide15839e98a6229c22584d1c1c88c690982e1d7a
Break one long line in SpecialPage.php
Bug: T376276
Change-Id: I807257b2ba1ab2744ab74d9572c9c3d3ac2a968e
It didn't have any use outside the core so went for the removal
instead of raising warning and hard deprecation.
Change-Id: I08dab348a89f1fe1adccfad4f003d9fb8b233f0d
wfGetServerUrl is deprecated since 1.39, let's remove the
only use and turn it into a hard deprecation.
Change-Id: I82be851fe411cd002c9c5847fe3924a6c0a4ba50
wfUrlProtocols is deprecated since 1.39, let's remove the uses and turn it
into a hard deprecation.
Change-Id: Ic5f827f6e4563bab1b28f090da8f8613b124fcc5
In change I625a48a6ecd3fad5c2ed76b23343a0fef91e1b83 I am planning to
make Wikimedia\Message\MessageValue use it, and we try to pretend that
it is a library separate from MediaWiki, so it makes sense to move
MessageSpecifier to the same namespace under Wikimedia\.
Bug: T353458
Change-Id: I9ff4ff7beb098b60c92f564591937c7d789c6684
Changes to the use statements done automatically via script
Addition of missing use statement done manually
Change-Id: Ic4d4dd61de5ab896fb6173eb579c81f164a1e4a3
This patch introduces a namespace declaration for the
Wikimedia\FileBackend to FileBackend and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Id897687b1d679fd7d179e3a32e617aae10ebff33
Some of these have been marked in-code as deprecated for a long while,
but haven't ever been announced in the RELEASE-NOTES (and later,
HISTORY) file, so let's mark them up now so we can get the ball rolling
at least.
Per Gergo, the AuthManager one was 'born deprecated' and should only
have been used by humans also reading the deprecation notice given in
the code, and indeed no uses are known to code search, so also emit
deprecation warnings there immediately; others will have to wait until
uses have been migrated.
Change-Id: I0c1c71d8f4293623039302da35d58d2a24367e97
Given this is a big deal, stealing the top-spot in the
release notes.
Pointing users primary to ICP rather than DBL as the
simpler, better route to take (ahead of us deprecating
the latter).
Bug: T273239
Change-Id: Idfe1e9dde7cdaf9c5241ff89f908a032d383304e
In I6c9dcfdbbb2c6eff9414e24d3f2693ebe576505a it was pointed out that
we were missing a case here.
Followup-To: I34f2fa8c329e6f6771453b2f94dc4afbec31dac8
Change-Id: I6ae142883c8af8c2fd3766d99a2d417cf353928a
wfEscapeWikiText() has accidentally supported `null` and `false` as
input before, and now we should stay compatible with that.
Bug: T357032
Change-Id: I966e4c091dcd3234936f3a232ae0a629852051e4
* Switch out raw Exceptions, mostly for InvalidArgumentExceptions.
* Fake exceptions triggered to give Monolog a backtrace are for
some reason "traditionally" RuntimeExceptions, instead, so we
continue to use that pattern in remaining locations.
* Just entirely give up on PostgresResultWrapper's resource vs. object mess.
* Drop now-unneeded false positive hits.
Change-Id: Id183ab60994cd9c6dc80401d4ce4de0ddf2b3da0
The array spread operator is documented to behave identical to
array_merge. The syntax is just much shorter and easier to read in
situations like this, in my opinion.
Change-Id: I3b016e896e552af53d87d5e72436dc4e29070ce1
The result of wfEscapeWikiText() did not consider inclusion of a string
within table context, and so `!!` and `!` at start of line were not
previously escaped.
Additionally, if you are inserting the result of wfEscapeWikiText()
into a wikitext string, the result can inadventently form new tokens
at the left and right edges. For example:
{|
|<escaped string>
When the escaped string starts with a `-` or `+` it forms the `|-` or `|+`
token and changes the parse.
On the right side:
<escaped string>_FORCETOC__
is not a magic word unless the escaped string ends with a `_`.
Token-gluing can also occur with the double newline token denoting
a paragraph separator.
This patch adds additional cases to wfEscapeWikiText to armor
its output against all contexts in which the output may be
inserted.
Depends-On: I56147520620d56a4b98c2f22d1f469b49aed761f
Change-Id: I34f2fa8c329e6f6771453b2f94dc4afbec31dac8
This makes the code quit a bit more readable, I believe.
strpos is especially confusing because it can return false when a
string doesn't contain the needle, as well as 0 when the string
starts with the needle. This is sometimes used as a feature (i.e. to
check if a string contains the needle, but doesn't start with it),
but that's not the case here.
A slightly more complicated change is made in TitleTest. But this is
only in a test and should verify itself when the test still succeeds.
Change-Id: I355ad1dc8e1725ae7a1eb652ec047ce7ff589cdf
This code exists since I706ef8a from 2022. It's hard to follow for
humans as well as tools like IDEs when the method name is hidden in
a string. There is no need to do this here.
Change-Id: Ib8438e6b7cc714f3657051ba546372735e925326
Move it to the StringUtils class, and make it throw a dedicated
exception. Update code in media/ to use the new method. Those seemed to
be the only usages across all known MW code [1], so hard-deprecate the
method as well.
[1] - https://codesearch.wmcloud.org/search/?q=wfUnpack&files=&excludeFiles=&repos=
Change-Id: I82ce96b6373443cf57a48b98595ca05290f37349
This code should only be executed in development environments, never
in production, so it should be safe to mess with it.
Bug: T313841
Change-Id: I8cab7704b244db1432f4266b2e06e03452ffc98f
* Remove docs for unchecked exception (T321683).
* Remove use of MWException, prefer more specific type (T86704).
* Remove use of AtEase (T253461).
* Merge `is_dir||mkdir||is_dir` into one check to more clearly express
that our success criteria is explicitly one or the other, with
a repeat for race conditions. This makes them not seem like unrelated
checks or early returns, rather than the main code.
This also fixes the seemingly unintentional difference where one
check was before normalized $dir and one after.
* Use native trigger_error() directly as does not add value to use
MWDebug::warning() with merely the default parameters. The last
edge case was $wgDebugToolbar which got fixed with I62d864823ec8a.
Change-Id: Ic44798299a64f902decbc4cf2dbf2206a96c3837
The base phan config uses a file_exists check to determine whether to
use the namespaced class name, but it doesn't work when running against
core because MW_INSTALL_PATH isn't set. So specify the type in the local
config, and remove @phan-var annotations added in I6bbdbbe6.
Also use `::class` instead of string literals for classes.
Change-Id: I994a0ed32ea948253ed07ee3cc8868a0eaa6d8b9
wfReportTime is deprecated sice 11e0fba3b0 included in MedaWiki 1.40.
The last usage of 'reporttime' is in the hard-deprecated function
BaseTemplate::getTrail.
Change-Id: I47c7a70f5ead7d9639f2646dcd129864b05f61e6
Follows-up 472a914c63 (I706ef8a50aafb51), which moved various
functions here en-mass, but these two don't require any state.
The warnings about parse_url() in UrlUtils.php have been obsolete
since about PHP 5.4, when it started to support protocol-relative
URLs, non-slash protocols like "mailto", and deal with spaces/newlines
correctly (https://3v4l.org/YWUkl).
Rather than complicate many components that would otherwise remain
stateless and unit-testable, fix these to once again be the static
functions they were.
For impact, see upto PS17 of change I5117eab95f57297eb02bed.
Bug: T227900
Change-Id: Ifb3f720fc429b107348644c98eb9cd8e1113a42a
The "nonce" CSP feature has been never been properly tested and is not
on track to be enabled at WMF or in MW by default. The use of
nonce-protected eval is not particularly meaningful. It is trivially
bypassed by mw.loader.implement, mw.loader.store, or importScript();
all of which allow any code to be executed directly, or to be stored
and loaded from a first-party origin.
The "nonce" feature is not required for the T208188 roadmap, and with
change I51b8535b2b21a3 there is now also a (small) performance reason
to keep this disabled long-term.
Until and unless there is a plan for enabling this particular aspect
of CSP, we might as well remove it so that we don't waste time our
time building abstraction layers and satisfying dependency injection
through many years for something that might never be used.
Note that this does not remove CSP support from ResourceLoader, and
does not take away from the future of enabling CSP in MediaWiki to
e.g. strictly block third-party scripts, or to require domains to
opt-in by site config or user pref (T208188).
Change-Id: I5a176c41a06a484a11e64bdacdc42b40811fe72e
We haven't supported custom file extenisons in a long time (e.g.
".php5" or ".phtml"). Use the same terminolgy we use elsewhere
these days, regarding calling it an entry point.
Change-Id: I57873680d779bcced049cb92b060b3e80aedf783
