This helps phan to detect unreachable code and also impossible types
after the functions.
It helps phan to avoid false positives for array keys
when the keys are checked before
Bug: T240141
Change-Id: I895f70e82b3053a46cd44135b15437e6f82a07b2
The non-strict conditions in if/while are true/false without the check.
In some situation the true/false is removed, because it is known to be a
bool (by is_bool check or type hint)
Change-Id: I5ca4c4771af25d2e785e82732df204a73653886e
Make the 'interwiki' option temporarily accept null as well as true/false
(and default to null instead of false) so form fields which disallow
interwiki titles can avoid deprecation warnings. This also includes
implementing the new error message.
The idea is that for the duration of the deprecation process, form fields
can be set explicitly to interwiki => false (which will eventually become
the default). It would be super annoying to have to do this for all
title fields, but this way it's only needed for fields where users actually
submit interwiki titles with some frequency.
Also improve the logic for legacy fields (which do not set the option
either way): since these (while emitting a warning) allow an interwiki
title, it does not make sense to apply namespace etc. checks to that
title.
Bug: T288155
Change-Id: Ic00f4a0f27747b5ff0893b4c01f42f68a99771ab
Rename to 'mw-htmlform-autoinfuse'. This avoids the 'mw-htmlform-field-'
prefix normally only used by HTMLFormField subclasses, and matches the
'mw-htmlform-autoinfuse-lazy' class used in related code.
Bug: T278036
Change-Id: I4a73ec6d5993a7e4f10ef8523eef594a70c9abcc
This reverts commit ecf826a2ee.
Reason for revert: need to edit the patch and then it will be GTG in order to finish hard deprecating of User ::getCanonicalName, ::isUsableName, ::isCreatableName
Change-Id: I2f57f56728fcbeada96dc2228f07dc8bcaa5d4f6
Some forms (namely Special:EditGrowthConfig) need to make sure
title exists if possible, but also need to support interwiki
titles.
Bug: T279886
Change-Id: I1bed0aa90dab8c872e915148923a5d78c9dee2f3
Implements HTMLTagMultiselectField, a form field that instantiates
TagMultiselectWidget, the PHP representation of the OOUI's js-based
widget of the same name with the implemented parameters:
* allowArbitrary
* allowedValues
Bug: T278317
Change-Id: I3a6a30506d493be4185f917c577b3837fffd8ae1
Normalise IP addresses in HTMLUsersMultiselectField, to avoid adding multiple equivalent IP addresses
Bug: T275394
Change-Id: I3cbc26cb7c98ddc94bc3effc6bd2ab7108e970f8
Fixes a bug introduced in c12af6e168
where invalid usernames are normalized out.
Nonexistent usernames will still fail the validation step, including
IP addresses if the field has been set up not to accept them.
Bug: T274568
Change-Id: I229afdfff2144fd4db8d49825262010f58f1fe54
Users can pass multidimensional arrays in query parameters to PHP
(e.g. ?foo[a][b]=bar). While filterDataForSubmit() ensured that anyone
using HTMLMultiSelectField in their form did not see them, internal
code here did not handle them correctly when validating the values and
generating the inputs, resulting in warnings deep in other code.
Use is_scalar instead of is_string in case default values somewhere
are integers or other non-string types.
Bug: T274955
Change-Id: I072a722ed025d687bfe755261a9896457f68f2ef
In no-js, there is no on the fly normalization of usernames in
HTMLUsersMultiselectField so both "User A" and "User_A" are
valid representations of "User A" (the canonical representation).
It's also possible to add the same user multiple times with no-js
and this will be considered valid and count toward the max limit.
These are not problems with js enabled since there will be an api
call for every new entry and that call both filters for selected users
and only returns canonical names.
This patchset reproduces that functionality in the PHP layer so that
no-js functions like the infused widget.
Bug: T274568
Change-Id: Ie78c8f37fa8a38b67eeaa6de098e41df2dac3e3e
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
This patch touches all uncontroversial (I hope) places where a chain
of isset(), array_key_exist() and the ternary ?: operator can be
replaced with the much shorter ?? feature from PHP 7.
?? does the same. It checks if the element before the ?? is set and
not null. When this check fails, the element after the ?? is used.
Change-Id: Id612e2782ae928164b26b6f0de676c6c7d8302f3
If the disabled parameter is set, the create/delete buttons
should be disabled by default. If a delete button is passed
along, then it overwrites the default delete button and therefore
needs to manage its own disabled/enabled state
Bug: T273431
Change-Id: Ia424466d26b6f65f01b912c2d556d329eb93f29a
* Make 'accept' an array like it is in OOUI
* Treat $this->mMultiple like the boolean it is
* Don't bother setting 'placeholder' on native inputs
Change-Id: I4c1341181757791c2e1ac2a14c4b3e7c8461ca54
This issue type was globally suppressed in
I849ac4f120fd15b483e8939d4db45c98dc351259 to make reviewer easier.
This adds inline suppressions or @suppress directives on function
docs for false positives, mostly restoring those removed in
I849ac4f120fd15b483e8939d4db45c98dc351259
Bug: T231311
Change-Id: I1b1d814bd907e9d49fcc39f777982936574fc7c6
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
$out has only items, when $optionsOouiSections has items, but when
$options is empty, $out is also empty. In that case $hasSections is
false.
Bug: T232616
Change-Id: Id3959013b7b1db0d4faeecea9148bae97227abcf
Deprecating something means to say something nasty about it, or to draw
its character into question. For example, "this function is lazy and good
for nothing". Deprecatory remarks by a developer are generally taken as a
warning that violence will soon be done against the function in question.
Other developers are thus warned to avoid associating with the deprecated
function.
However, since wfDeprecated() was introduced, it has become obvious that
the targets of deprecation are not limited to functions. Developers can
deprecate literally anything: a parameter, a return value, a file
format, Mondays, the concept of being, etc. wfDeprecated() requires
every deprecatory statement to begin with "use of", leading to some
awkward sentences. For example, one might say: "Use of your mouth to
cough without it being covered by your arm is deprecated since 2020."
So, introduce wfDeprecatedMsg(), which allows deprecation messages to be
specified in plain text, with the caller description being optionally
appended. Migrate incorrect or gramatically awkward uses of wfDeprecated()
to wfDeprecatedMsg().
Change-Id: Ib3dd2fe37677d98425d0f3692db5c9e988943ae8
