Why:
- Setting the increment to 0 should check the limit without bumping it.
- This was apparently broken by If3e66491306f22650.
What:
- Use LimitBatch::peek if the increment amount is 0
Bug: T381033
Change-Id: Ife76a1976a2063f051f00302e5adaebd701e6367
(cherry picked from commit e09606b3dc44711571cc6cf2d0d11bd7784d0cdd)
If $mailparts does not contain two elements (which would be the case when the separator `@` is not present in the string), then we cannot
access $mailparts[1].
In this case, the entire path as is, is treated as the host.
Bug: T380880
Change-Id: I10187c93e67ce9294ff0b3866939d2c7d7292a9a
(cherry picked from commit c2db58c55bef207dd37ac5fe0b07aa28ee4bd2d5)
It is not clear who the "brand-new users" are in this case so help-message is required here.
Bug: T381205
Change-Id: Idfc1b7e4b5b1686f0edf69b32e0d4152b30e54ae
(cherry picked from commit 141be6c7f7a3be92d702db1e26ba7d0493aa8a0f)
Why:
Both AtomFeed::formatTime() and RSSFeed::formatTime() short-circuit with
null if the input is falsy. This caused deprecation warnings down the
line, as the return value was later fed into str_replace(), which raises
a deprecation warning on PHP 8 if it gets null.
It also caused unexpected output on all PHP versions: the Mustache
templates for both Atom and RSS conditionally emit the date elements
(<updated> in Atom, <pubDate> in RSS), but this conditional output is
skipped only if the variable is null, not when it’s an empty string –
which is exactly what the XML encoding returned on all PHP versions.
What:
Introduce a new method, xmlEncodeNullable(), which properly handles null
values, and returns them as-is, without trying to encode them. This:
- Avoids the deprecation warnings on PHP 8, since str_replace() is no
longer called.
- Makes the conditional output work: the <updated>/<pubDate> elements
are no longer output if no date is available.
- This makes the RSS output spec-compliant, as no garbage is output
anymore. The RSS <pubDate> is optional [1].
- It doesn’t make the Atom output entirely spec-compliant, as Atom
requires <updated> to be present [2], but the removal of garbage
(it was a single letter Z) should still increase compatibility.
[1] https://www.rssboard.org/rss-specification#hrelementsOfLtitemgt
[2] https://validator.w3.org/feed/docs/atom.html#requiredEntryElements
Bug: T385332
Change-Id: Iafd89c0d61baecd7c68f62b2a0764cc78cf25069
(cherry picked from commit 60c57b0fd5303e9627b7684ebac4cd369c1fe7a6)
php8.4 validates the locale and rejects invalid one.
Just use the fallback chain to find an usable language, mostly en.
Cache the created NumberFormatter instance, to avoid performance impact
for some languages due to more attempts to create a NumberFormatter.
Also C is rejected, so resolve it directly with Locale::getDefault()
Bug: T376711
Change-Id: I686f77baea33ea2852c546e30e9cc08618d44321
(cherry picked from commit 8b2cc12bd3724cd213ac581d220b50f91e282630)
* Fix getInfoBox to not be a warning box, but an information notice
like it is intended to be.
* Update getInfoBox() to use codex class names, same as showMessage().
* Update getInfoBox() to bold the "Information" title, as per Codex
examples and guidelines, e.g.
https://doc.wikimedia.org/codex/latest/components/demos/message.html#multiline
* Remove infoBox() utility, it was used only once, in getInfoBox().
The `mw-installer-box-*`, `mw-installer-infobox-*` CSS classes
are also unusd now, however there is nothing to remove because
these were already removed in a previous refactor.
* Introduce showWarning(), and apply it to showMessage() calls that
convey non-fatal issues.
Bug: T384524
Change-Id: I6722346ef81a0a9cf8983153271be579905c7898
The image passed to ::getInfobox is never passed to ::infoBox() it is
only called twice with an image which also doesn't work, it is never
called with 'class' option so remove both.
Bug: T383646
Change-Id: I4abe9f608e9b5dd657e3948988f28ad991495f25
(cherry picked from commit 412e602cd6586b9ce25b9c3cc9fcde14748fa146)
Why:
- The REST API takes an optional renderid param when converting HTML
back to source wikitext, which is user-provided and may be invalid.
- Invalid render IDs cause an InvalidArgumentException to be thrown that
causes a 500 response.
What:
- Introduce a new error message for invalid render IDs in the REST API.
- Return a 400 with this new error message for HTML reverse-parses with
an invalid render ID.
Bug: T385568
Change-Id: I062419fe8952329a39781a49cdca2e94c3996447
(cherry picked from commit cd1d42a5066e4bcb9b9d4ed9b4f7714fd428fea3)
Why:
- ParsoidRenderID::newFromKey() validates incoming keys and throws an
InvalidArgumentException if a required key component was missing.
- It does so by eagerly destructuring the return value of explode(),
which causes a PHP Notice for invalid inputs as the expected offsets
won't exist then.
What:
- Check the count of key parts before destructuring.
- Add unit tests.
Bug: T385567
Change-Id: I1d936ae038f85ffa2e5d1d3d8a75fdc75e4c8ef8
(cherry picked from commit eec130925c081c2da1c475f9a9ce719e6838ca51)
A regression in 69ad795df7 caused virtual
files with a versionFilePath to be silently dropped from the version
hash computation. This caused changes in these files to not be reflected
in the version hash of the file.
Bug: T385055
Change-Id: Ibde41f07bb6fa7610660cb5b7a3f7aafbe9d6bd3
(cherry picked from commit bce48b6358cd2176d9fbc9a7c22f008bfbcf73d2)
Special pages for login and signup contain language selector links
to change the interface language, the available languages are defined
via the `loginlanguagelinks` message. Invalid codes will make the
pages completely inaccessible, preventing account creation and login.
This patch improves the link generation logic to only create links
for codes considered valid by LanguageNameUtils.
Bug: T384995
Change-Id: I4f470dc417a773225ba335f95da1151525a2f620
(cherry picked from commit da179c65056d65dc5d610af1e29fed57df4f1082)
Service is no longer running, so it's a default that doesn't do anything
Bug: T382987
Change-Id: I3a21c12ba689928d38e410cbe2547ab7e616ac8a
(cherry picked from commit 4a6fac8b7dadfdffe6e0e239b8a551436e147d97)
session.use_trans_sid is a PHP antifeature that tells PHP to add
session IDs to all local URLs by modifying the HTML it's told to
output. We have set it to false just in case, but now that's
triggering deprecation warnings.
Bug: T380755
Change-Id: Iace0dcdb23eedb432cc1c032bbb3ce31d34071be
(cherry picked from commit 3b948a3da4be2a20573db01d611d601f2f90f2e5)
E_STRICT is deprecated in PHP 8.4.0.
MediaWiki (and almost all extensions) no longer produces errors at this
level.
To not break the compatibility, let's converts all E_STRICT level errors
to E_USER_NOTICE, which is also mapped to warning severity.
Using '@' operator to avoid generating the deprecation warning of
E_STRICT.
This should addresses the deprecation warning of E_STRICT when another
warning or error is raised.
Bug: T375707
Change-Id: I5937cacdf5b01614042a06d4deb5112ffff51727
This runs migrations that were previously attempted.
Postgres never executed as the renameindex failed and it never ran the
patch either.
MySql did run, but was relying on renameIndex with PRIMARY, which is a
bad idea. The function now runs it as a patch, with upgrade row in the
log, but also checks for the lack of the old index in case the users
were already on 1.44 or if they used 1.43rc
Bug: T379591
Change-Id: I7e74ccbf8cf2b105e8e6dedf812af3487c18113b
(cherry picked from commit def5b99737a296c108310881debe6ecb8bac1b2f)
There's no point in retrying a job when you get "Revision x is not current".
It just causes log spam. Makes people think there's a problem when there isn't as it
logs in the error channel.
Bug: T379656
Change-Id: Iaa5bd006bf3f26277e81ad5bea1387ef4b925f68
Why:
* Special:PasswordReset allows users to send an email containing
a temporary password to the email address attached to an account.
* Temporary accounts do not have passwords and cannot have an email
address set (as they cannot access Special:Preferences).
* Therefore, Special:PasswordReset does not provide holders of
temporary accounts a way to get access back into the temporary
account if they loose access.
* However, the form currently accepts temporary account usernames
and we should update the functionality to reject such usernames.
What:
* Update SpecialPasswordReset to reject temporary account usernames.
* Expand tests for SpecialPasswordReset to check this fix has worked.
Bug: T380085
Change-Id: I004453d4d16cd2a0448ac3922e4d13c24a158c8d
(cherry picked from commit e27be818690820c0df227cb06206da499eb94d38)
Do not pass arbitrary parameters to the generic message whose
purpose is to hide details; parameters can be revealed with
uselang=qqx.
Change-Id: I6e239bc91db9089aea36e91908fe50b5a5a429d8
(cherry picked from commit c5a62853cc2ebc85cbcfcc932f78bc87657a5dc1)
