* Moved $wgUploadMaintenance check after permissions and read only, so that the user doesn't think the error is temporary if he both doesn't have the permission and $wgUploadMaintenance is true
* Show normal error page when $wgUploadMaintenance and added a message for the error title
* Moved watchlist updating to FileDeletForm::execute(), it has nothing to do in doDelete() (would also be executed for api requests, etc.)
* Added $user parameter to FileDeletForm::doDelete() to pass the user doing the action
* Use WikiPage instead of Article
* Make OutputPage::setSubtitle(), OutputPage::addSubtitle() and OutputPage::appendSubtitle() accept a Message object in addition to a string
* Added new method OutputPage::addSubtitle() to replace appendSubtitle() and marked it as deprecated
* Clear the subtitles when showing an error page
* Always show the subtitle from Article::viewRedirect() when showing a page; left the parameter for use in EditPage
* Make Article::setOldSubtitle() add two subtitles and has to set "display:inline;" for the three possible divs to avoid too many spacing
* Removed the six different backlink subtitles and added one new message 'backlinksubtitle' to replace them and added OutputPage::addBacklinkSubtitle() to factorise common code
* Changed EditPage's view source to show "View source for <Page>" with the same backlink in subtitle for consistency with other back links and page titles
* Use the new 'cannotdelete-title' message for the title on error instead of "internal error"
* Don't use OutputPage::showFatalError() but add the content by "normal" methods (related to the item above)
* Don't use the $DeleteReason and $DeleteReasonList member variables in Article and FileDeleteForm but local variables since they are not used anywhere else
* Moved down some variable definitions near where they are used so that they are only set when they will actually be used
* Same for the setPageTitle() call with 'delete-confirm' message in Article::delete() that is now in Article::confirmDelete()
* Added missing "true" as fourth parameter of WikiPage::doDeleteArticle() call that was missing
* Factorised getTitle() and getUser() calls
* Salt token with array( 'delete', 'page title' )
* PermissionsError now calls OutputPage::showPermissionsErrorPage() to display the error (this is needed to make the item above work correctly)
* Removed the override of the HTML title in OutputPage::showPermissionsErrorPage() so that it shows "Permission errors - Sitename" instead of simply "Permission errors" for consistency with the other things
* Pass the error array returned by Title::getUserPermissionsErrors() to PermissionsError where available
* Converted direct calls to OutputPage::showPermissionsErrorPage() to throw an PermissionsError error instead
* Added 'action-rollback' message that will be displayed when accessing action=rollback without sufficient rights
* Changed getRestriction() in subclasses of Action to return null when they previously returned 'read' so that user rights can be check with Title::getUserPermissionsErrors()
* Reordered checks to do first user rights, then block (if needed) and finally read only (also if needed) so that users don't think the error is temporary when they both don't have right and the database is locked
* Removed OutputPage::setPageTitleMsg() and OutputPage::setHTMLTitleMsg() and make OutputPage::setPageTitle() and OutputPage::setHTMLTitle() accept a Message object
* Updated core calls (including some that I missed last time because of non-matching case)
* Added Message::setContext() and use it in RequestContext so that I don't need to duplicate the call in OutputPage
* Yes, I'm calling $this->msg() on places and then setting the context one more time in OutputPage::setPageTitle() or OutputPage::setHTMLTitle(), but at least I won't be confused about which objects $
* Moved wfReadOnly() check after permissions so that users don't think the error is temporary if they and don't have permissions and the database is locked
* Removed "unexpected value of 'oldimage'" message which seems to say there's an internal error somewhere instead that the oldimage parameter is not in correct format
* (bug 27655) Require token for watching/unwatching pages
* Previously done for API (bug 29070) in r88522
* As with markpatrolled, the tokens are not compatible and made that way on purpose. The API requires the POST method and uses a universal token per-session. Since the front-end is all GET based (also per convention like in markpatrolled and rollback) they are stronger salted (title / action specific)
* ajax.watch used the API already and was switched in r88554.
* The actual watching/unwatching code was moved from WatchAction->onView to WatchAction::doWatch. This was done to allow the API to do the action without needing to generate a token like the front-end needs (or having to duplicate code). It is now similar to RecentChange::markPatrolled (in that it also a "central" function that does not care about tokens, it's called after the token-handling)
* JavaScript / Gadgets that utilize action=watch in their scripts:
** Effects should be minimal as they should be using the API (see r88522 and wikitech-l)
** If they use index.php and scrap the link from the page, they can continue to do so.
* There are links to the watch action all over the place. I've tried to catch most of them, but there may be some I miss. Migration in most cases is just a matter of adding an array item to the $query for:
'token' => WatchAction::getWatchToken( $title, $user [, $action] )
or changing:
Action::factory( 'watch', $article )->execute();
to:
WatchAction::doWatch( $title, $user );
While replacing the usages in some cases an instance of Article() no longer had to be created, in others $wgUser had to be retrieved from global (which was implied before but needs to be given directly now)
Other notes:
* Article->unwatch() and Article->watch(), which were deprecated as of 1.18 and are no longer used in core, may be broken in scenarios where the Request does not have a 'token' but is making a call to $article->watch()
* Some extensions need to be fixed, I'm currently running a grep search and will fix them a.s.a.p
[1] http://www.mediawiki.org/wiki/ResourceLoader/Default_modules?mw.user#tokens
* Actions come in two flavours: the show-a-form-then-do-something-with-the-result (delete, protect, edit, etc) and the just-do-something (watch, rollback, patrol, etc). Create abstract base classes Action and FormlessAction to support these two cases. HTMLForm is an integral part of the form-based structure.
* Look mum, no globals! :D Fully context-based.
* Implement watch/unwatch, credits and delete actions in the new system as proof-of-concept. This also gives the delete frontend a much-needed overhaul.
* Stub out the newly-deprecated functions from Article.php. This already reduces its linecount by about 15%, and there are plenty more actions still to do.
* Centralising actions like this is going to render a lot of hooks type-incompatible. There's simply nowhere you can put the ArticleConfirmDelete hook, for instance, where it can be passed an OutputPage as the second parameter. On the other hand, we can implement new hooks like ActionModifyFormFields and ActionBeforeFormDisplay, which can do much prettier stuff to the forms, like adding extra fields the 'right' way. Update LiquidThreads to use these new hooks where appropriate.
