Basically turning Mediawiki to MediaWiki as all other classes exist
in that namespace
Bug: T217128
Change-Id: I95039a1a54c9900a2f2414b5a6ccce5fb6e5e612
So far, everything we had was vulnerable to newest advances in
GPU cracking and timing side-channel attacks. Argon2 was designed
specifically to address these problems.
Unfortunately, PHP support is lagging, with some builds missing
Argon2id or even Argon2i.
Change-Id: Ifdf648f5d8a734a663e630286724a6d0a87c7510
This way it can be subclassed in extensions, like AbuseFilter
(Ic755526d5f989c4a66b1d37527cda235f61cb437).
Bug: T188180
Change-Id: Idf320232011c72e39267b1f3c39848aea35d37fe
For config vars, add a virtual package file called 'config.js', and use
require( './config.js' ) in the module. For most data modules, add a
virtual package file called 'data.js', use require( './data.js' ) in the
module. Where needed, add wrapper files that put the data in the
relevant global object and in module.exports.
LanguageDataModule is the only special-purpose module not being removed
in this commit, because it uses languageScripts, and those are not
compatible with packageFiles (yet).
Also merge mediawiki.ForeignStructuredUpload.config into
mediawiki.ForeignStructuredUpload, since that was the only thing that
used it.
Change-Id: I203d4e3ecdeeeb16729eba2dcf40d11a41d2e582
When a unit test fails it is possible, perhaps even likely in some
cases, that some code that was run logged useful information about
how that failure came to be.
Help people out, tell them what happened!
Change-Id: I30bbc31799a65024868678d052fec9aafacc1aff
The classes were renamed in 9bf39163, this updates the test cases to
match. Also take care of XCF while we're at it too.
Change-Id: Iaaeee93e496af6cdd610df5bc75302ecfe273f64
Provide backward compatibility for callback functions in
GuzzleHttpRequest, which was missing in T202110, and restore
GuzzleHttpRequest as the default provided by HttpRequestFactory.
Bug: T212175
Depends-On: I4b45e79d35252d13f714f3271b87301ca515121a
Change-Id: I60d1a034b44874f6d24a04058db264eeb565f5e1
* Introduce MSCompoundFileReader, which reads the CFB directory and
detects the file type from well-known names in the root directory
* Do not detect a ZIP file if the EOCDR is not at the end. Other
containers, especially CFB files, may contain ZIP files embedded
within them in the last 64KB, but this is not a security concern
unless the EOCDR is exactly at the end of the file.
Bug: T40432
Change-Id: Id5b1a258ccf3c3c8951e32f6b7a5b1bafe941082
This was originally directly under includes/htmlform. This is
a specific type of field, so it should go here instead.
Follows-up d0c31ac988.
Change-Id: Iac196068ce2cbca063948bc78d21913482717d9a
This code doesn’t use any MediaWiki-specific code, so rename
MediaWiki\Services to Wikimedia\Services and move it below libs/. (Of
course, this does not apply to the MediaWikiServices subclass.)
Class aliases are added to retain backwards compatibity for now.
Bug: T211608
Change-Id: Ic14ea28ef21c359695b309d4293dbaaf5deedc09
TitlesMultiselectWidget and UsersMultiselectWidget share
a lot of functionality, so implement a common base class.
This also adds some things to UsersMultiselectWidget:
* shows a pending element to users with JavaScript
* makes the input configurable
Change-Id: Ie6649b476c64e795254f457e3863fa7f14aa05ac
Create a GuzzleHttpRequest class using the external Guzzle
(docs.guzzlephp.org) library. This will be the new default request type,
but CurlHttpRequest and PhpHttpRequest remain available and accessible
via Http::$httpEngine.
Bug: T202110
Change-Id: Ie720be2628d7baf427b002847f103fd86ee4cff3
Depends-On: I143a6410d111e75f01dbbfd43f300e2e60247451
This formatter extends LogstashFormatter to prefix records with "cee token"
used for syslog and JSON structured logging. See also related task for more
context.
Bug: T211124
Change-Id: I3cdeb4c666f54039b5e8ecc67bd4937220333526
Add a Profiler subclass for the new excimer extension. Since it does not
provide function counts, it's a little bit awkward to return it in the
format required by getFunctionStats(), but getOutput() works quite well.
Fix totally broken ProfilerOutputDb, the first parameter to the
onTransactionCommitOrIdle callback is not a Database. It is in the
second parameter, but most callers do not use it.
Change-Id: Icb20f3a5b0b09ff2905f1711f3681c398aa026e2
Depends-On: I6a9ccf5a12ef998e029033adf08af95c42fb7f8e
Create a PendingTextInputWidget and use it in
TitlesMultiSelectWidget instead of the multiline
text area for users who have JavaScript.
Bug: T210080
Change-Id: I824fea6a3df580d342e6087ab901fec025f0e70b
This adds a method to LinkFilter to build the query conditions necessary
to properly use it, and adjusts code to use it.
This also takes the opportunity to clean up the calculation of el_index:
IPs are handled more sensibly and IDNs are canonicalized.
Also weird edge cases for invalid hosts like "http://.example.com" and
corresponding searches like "http://*..example.com" are now handled more
regularly instead of being treated as if the extra dot were omitted,
while explicit specification of the DNS root like "http://example.com./"
is canonicalized to the usual implicit specification.
Note that this patch will break link searches for links where the host
is an IP or IDN until refreshExternallinksIndex.php is run.
Bug: T59176
Bug: T130482
Change-Id: I84d224ef23de22dfe179009ec3a11fd0e4b5f56d
AbortAutoAccount, AbortNewAccount, AbortLogin, LoginUserMigrated,
UserCreateForm, and UserLoginForm are all unused in Wikimedia
production and rare in other extensions.
This also scraps the FakeAuthTemplate and LoginForm classes and
the occasional remainig references thereto.
Bug: T193755
Change-Id: I24d6fa963f402d4311fa00fc11536a37ee3bd31e
This assures that MergeableUpdate tasks that lazy push job will actually
have those jobs run instead of being added after the lone callback update
to call JobQueueGroup::pushLazyJobs() already ran.
This also makes it more obvious that push will happen, since a mergeable
update is added each time lazyPush() is called and a job is buffered,
rather than rely on some magic callback enqueued into DeferredUpdates at
just the right point in multiple entry points.
Bug: T207809
Change-Id: I13382ef4a17a9ba0fd3f9964b8c62f564e47e42d
This should reduce excess contention and lock timeouts.
Previously, it used a pre-commit hook which ran just before the
end of the DB transaction round.
Also removed unused User::incEditCountImmediate() method.
Bug: T202715
Depends-on: I6d239a5ea286afb10d9e317b2ee1436de60f7e4f
Depends-on: I0ad3d17107efc7b0e59f1dd54d5733cd1572a2b7
Change-Id: I0d6d7ddd91bbb21995142808248d162e05696d47
Add the widget in both PHP and JS for OOUI, and into HTMLForm
definitions.
In JS, the widget uses the engine from mw.widgets.TitleWidget
with the async support from OO.ui.mixin.RequestManager.
The PHP version provides a textarea, like UsersMultiselectWidget.php
which is then infused if JS is available.
Also, add highlightSearchQuery option for TitleWidget to allow for
not highlighting the partial search query the user typed in, if the
UI requires it. This option (highlighting partial result) is already
optional in the TitleOptionWidget, so this config exposes that
optionality in the TitleWidget widget for its menu children.
Notes:
HTMLTitlesMultiselectField is a duplication of HTMLUsersMultiselectField
except for:
- The configuration variable changed to 'titles' (from 'users')
- OOUI modules were adjusted for the TitlesMultiselectWidget
- The PHP version instantiates a MediaWiki\Widget\TitlesMultiselectWidget
TitlesMultiselectWidget is a duplication of UsersMultiselectWidget
except for:
- $usersArray was renamed to $titlesArray
- getJavascriptClassName returns the correct js class for
mw.widgets.TitlesMultiselectWidget for infusion.
Bug: T197109
Depends-On: I675316dddf272fd0d6172ecad3882160752bf780
Change-Id: Ie96947a35f70b76731e16ae5b85de815dfa4a8ce
Special:RedirectExternal is an unlisted special page that accepts a URL as
the first argument, and redirects the user to that page.
Example: Special:RedirectExternal/https://mediawiki.org
At the moment, this is intended to be used by the GrowthExperiments project in
order to track outbound visits to certain external links. But it could be
extended in the future to provide parameters for showing a message to the user
before redirecting, or explicitly requiring a user to click on the link, which
could help improve security when users follow on-wiki links to off-wiki sites.
Bug: T207115
Change-Id: I822af14a84569aab22249e2f16a662a60e60f76a
