http://phpdoc.org/docs/latest/references/phpdoc/types.html
If IDEs have many warnings, we don't look at them.
Let's minimize the number of warnings, and make them useful again.
* Some function docs fixes
* Removed unused $iwprefixes var in ApiQuerySearch.php
* declared private $blockStatusByUid in SpecialActiveusers
* declared private $repo in UploadFromChunks
Change-Id: Ifd20f78b168b9a913fdb8d89dc26a76a173b1c29
Spotted on beta:
--------
commonswiki-375c0c3e:
0.0752 1.9M mime: <image/png> extension: <png>
--------
With lot of requests, that causes them to be interlayed and ungreppable.
Change-Id: Ib99bc9547bdecb9efa59b7d292ddd7d10a552652
- Swap "$variable type" to "type $variable"
- Added missing types
- Fixed spacing inside docs
- Makes beginning of @param/@return/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: Ie419638e909a47aa72a274043604247830ee1a81
json, csv, and tsv are often detected as text/plain. However that's
not right. This patch causes MediaWiki to look at the file extension
of files detected as text/plain, and if the file extension is
for a "textual" type, use the mime type associated with that extension.
This change also changes the "does mime type match uploaded file
extension" check to use the mime based on the file contents
plus extension, as opposed to just the file contents. Various
documentation suggests this is more appropriate (e.g. line 807
of MimeMagic.php). In my opinion we should use just the file
contents when verifying file is not on blacklist, but use ext
when verifying file type matches extension, and for decided
what handler specific checks to run. Not the detect mime type
with extension doesn't override the detected mime type with
the extension, but only uses the extension if content based
detection is ambigious or not specific enough.
This patch should be reviewed by csteipp before merge for
any potential security implications.
Note: This is partially fixing a regression from 3846d10487,
where previously csv and json files were allowed to be uploaded,
and that change prevented them
Bug: 66036
Bug: 45424
Change-Id: Ib637fe6850a81b26f84dc8c00ab4772f3d3a1f34
On bug 65724, it was discovered that a user could upload SVG images
with embedded <image> elements that pulled in the resource via http.
This could allow an attacker to track all viewers of an SVG by having
the image embed another image hosted on their own server.
While testing the patch, I also identified 3 more element namespaces
that have been used on commons and seem harmless, so I added those to
the whitelist.
Change-Id: Iaaabc3a60c0ec4e6e426a8680d7a2cef5d469d29
Noticed that we have several old images on commons that use these
namespaces. They seem harmless, so I think we should add them.
Change-Id: Ib80298256c5d4717867eb857d5404a9487fed784
* Fixed bug where even using Swift/Azure on Windows
would disallow non-ASCII file names.
bug: 1780
Change-Id: I19ed72da0b099d35cae74fb08eeb22c113da1065
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Also added some missing @param.
Change-Id: I8804ebe0922d3a414863b162a2110e0b9e49b80f
In the event of a bad filename warning record the relavent variables
so that we can figure out what is causing the failure.
See also change I532f8ee7c7455e43862b0204a7fff23d6792412e
Bug: 62241
Change-Id: If5d8b9e7f34c0f9bd09684d7dada8fafd7f5f7c2
- Added spaces after if/foreach/catch
- Added new line before end of file
- Added or removed spaces before/after parenthesis, comma
- Added spaces around string concat
Change-Id: I0590070f1b3542108e242730e8d9a3ba9831e94f
When we are doing blacklisted extensions, we count all extensions
as some programs (like apache sometimes) consider extensions that
aren't the final extension. However when doing whitelists we need
to only count the last extension, otherwise people can name files
foo.goodExt.BadExt. For example [[commons:File:Deamado ko.png.bmp]]
I do not believe this represents a security risk as bad files are
still filtered out. However it does allow unwanted files to be
uploaded.
Bug: 62451
Change-Id: Ie27c15f749812710571f432bc5915e498f8017e3
Disallow uploading non-whitelisted namespaces. Also disallow iframe
elements.
User will get an error including the namespace name if they use a non-
whitelisted namespace.
Bug: 60771
Change-Id: Id5c022543184b19b77ad32d9a8a0c2dbbc5e9038
Return an error from UploadBase::detectScriptInSvg when the svg has
XML that cannot be parsed. Usually the XML is invalid, or the parser has
run out of memory trying to parse the file.
This patch is rebased on top of bug 57550.
Bug: 58553
Change-Id: I32661a27d7417cc2c69b844c805b190d6486d17a
When an file is being uploaded, we tell the user if it has been
uploaded and deleted in the past. But we shouldn't reveal the title
under which that was done if the file was suppressed via RevDel.
Note this introduces a breaking API change: clients may now receive a
"deleted-archive" warning with an empty value if the title was
suppressed.
Bug: 59167
Change-Id: I01a3ac2ba0cbac6b28de26a7f1a1d09b6b02097e
Split the variable assignment and the return statement in two lines for
better readability.
When there was two return statements in one method the logic was swapped
to have only one return statement.
Change-Id: Id7a01b4a2df96036435f9e1a9be5678dd124b0af
The Line continuation Coding conventions prefers the closing parenthesis
on the same line than the beginning curly braces. This is done for ifs
and functions.
Also move some boolean operator from the end of a line to the beginning
and changed some indentation to make the condition hopefully better
readable.
Change-Id: Id0437b06bde86eb5a75bc59eefa19e7edb624426
The former is only really used to refer to the older hphp compiler.
Now all docs pretty much exclusively are referring to HHVM and
that's the project's name going forward.
While we're here, swap HPHP_VERSION for HHVM_VERSION. Either work,
but the latter is more correct.
Only affected extension (in Git or SVN) is GWToolset, fixing in
I3a490ef.
Change-Id: I81e4ce5d14e344e67045050261f91b3c0159f222
This adds an option to wfShellExec (and convenience function
wfShellExecWithStderr), to make sure all stderr is duplicated
to stdout. The previous method of doing this was to include
2>&1 on the command line. However this did not redirect errors
from limit.sh (For example cgroups not set up, or if a command
reached the file size limit set by ulimit).
Not sure if this is the best approach, but it seems to work well,
and compared to most other approaches I considered, actually gets
the ulimit errors redirected too.
Currently some files fail to render with no error whatsoever,
hopefully this patch will make what went wrong more obvious.
Also fix a comment in wfShellExec that was incorrect (trailing \n),
and make the initial value of the return value variable be 200, so
if there's ever a bug in php where its not being set properly, it
would be immediately obvious what is happening.
Bug: 53824
Change-Id: I833aeb3ab9da726ecb97331369ea187daad7e795
If a file type was added to $wgFileExtensions by both local configuration
and defaults in an extension (eg TimedMediaHandler and LocalSettings.php
both adding 'ogg' and 'ogv') it was being listed twice in the UI messages
listing acceptable types.
Runs array_unique() over the array on various outputs.
Bug: 54378
Change-Id: I14cd098d8b27099f8f803630535f33549740295c
Previously if a file had a format, where we didn't have an
extension associated with it in mime.types, people could upload
it with any extension that is in $wgFileExtensions. This meant
people could upload a non-allowed file type if it had an allowed
extension, and the non-allowed file type didn't have a canonical
extension in mime.types
Bug: 39012
Change-Id: Ib373fafdfceceed65fbd23cf468f3c19196545c9
These are needed for OAuth grants.
Note that, even if 'editmywatchlist' is not granted, various actions
will still allow for adding but not removing of pages.
Change-Id: Ie33446a228dd6ed0114730935c1bf65667f5ce01
Some browsers will interpret obscure xml encodings as UTF-8, while
PHP/expat will interpret the given encoding in the xml declaration.
bug: 47304
Change-Id: I3b311a7078d977ae89c51e95e625d79fba183cfc
And added/removed spaces around some other tokens,
like +, -, *, /, <, >, =, !
Fixed windows newline style
Change-Id: I0b9c8c408f3f6bfc0d685a074d7ec468fb848fc8
ERROR: Closing brace must be on a line by itself
Squiz.WhiteSpace.ScopeClosingBrace.ContentBefore
- For non-empty scopes it means the closing brace must be on a separate
line. This is already the case in most classes in some cases the "lazy
closing" is still used.
array(
'x' ); // Moved } to next line
function () { return 'x'; } // Moved } to next line
case 1:
stuff; break; // Moved break to next line
- For empty function it serves as a visual distinction between there not
being a scope block / function body and there being an empty function
body.
function foo(); // No body
function foo() {} // Empty body - violation
function bar() { // Empty body corrected
}
Change-Id: I0310ec379c6d41cc7d483671994d027a49f32164
*Any class that is not part of the UploadBase class
(so it can't call protected functions or members on an UploadBase object).
If you, for example,build an extension that uses an UploadBase instance,
there is no way to get the title validation error.
Bug: 38221
Change-Id: Ie6c3f95a09ef84777313c3ec2edd31c50c397e28
* Removed spaces around array index
* Removed double spaces or added spaces to begin or end of function
calls, method signature, conditions or foreachs
* Added braces to one-line ifs
* Changed multi line conditions to one line conditions
* Realigned some arrays
Change-Id: Ia04d2a99d663b07101013c2d53b3b2e872fd9cc3
* Ran spell-checker over code comments in /includes/
* A few spellchecking fixes for wfDebug() calls
Found one very strange (NOOP?) line in Linker.php - see "TODO: BUG?"
Change-Id: Ibb86b51073b980eda9ecce2cf0b8dd33f058adbf
