Importing revisions in MediaWiki has long been weird: if the username on
the imported revision exists locally it's automatically attributed to
the local user, while if the name does not exist locally we wind up with
revision table rows with rev_user = 0 and rev_user_text being a valid
name that someone might later create. "Global" blocks too create rows
with ipb_by = 0 an ipb_by_text being a valid name.
The upcoming actor table change, as things currently stand, would
regularize that a bit by automatically attributing those imported
revisions to the newly-created user. But that's not necessarily what we
actually want to happen. And it would certainly confuse CentralAuth's
attempt to detect its own global blocks.
Thus, this patch introduces "interwiki" usernames that aren't valid for
local use, of the format "iw>Example".[1] Linker will interpret these
names and generate an appropriate interwiki link in history pages and
the like, as if from wikitext like `[[iw:User:Example]]`.
Imports for non-existant local users (and optionally for existing local
users too) will credit the edit to such an interwiki name. There is also
a new hook, 'ImportHandleUnknownUser', to allow extension such as
CentralAuth to create local users as their edits are imported.
Block will no longer accept usable-but-nonexistent names for 'byText' or
->setBlocker(). CentralAuth's global blocks will be submitted with an
interwiki username (see Ieae5d24f9).
Wikis that have imported edits or CentralAuth global blocks should run
the new maintenance/cleanupUsersWithNoId.php maintenance script. This
isn't done by update.php because (1) it needs an interwiki prefix to use
and (2) the updater can't know whether to pass the `--assign` flag.
[1]: '>' was used instead of the more usual ':' because WMF wikis have
many existing usernames containing colons.
Bug: T9240
Bug: T20209
Bug: T111605
Change-Id: I5401941c06102e8faa813910519d55482dff36cb
Depends-On: Ieae5d24f9098c1977447c50a8d4e2cab58a24d9f
Several classes have a "selectFields()" static method to tell callers
which fields to select from the database. With the recent comment table
change and the upcoming actor table change, this pattern has become too
simplistic as a SELECT will need to join several tables to be able to
retrieve all the needed fields.
Thus, we deprecate the selectFields() methods in favor of getQueryInfo()
methods that return tables and join conditions in addition to the
fields.
Change-Id: Idcfd15568489d9f03a7ba4460e96610d33bc4089
This would allow extensions to define custom attributes on title link,
such as put information in "title", change attributes depending on
specific search hit, etc.
Now Wikidata does the same by overriding LinkBegin, but this applies
to all links, not specifically to search result link.
Since ShowSearchHitTitle is always used with the link, I think it makes
sense to enable this specific customization.
Change-Id: I19f64e0909d92e32ddf6271f74c014e8b65d5014
Add the test entry point, because it contains documented hooks.
Filter out empty args, coming from trailing commas
Removed empty lines from hooks.txt, because a hook must be one block
without newlines between.
Change-Id: I71e0625da96cad03f5e38a000fa61d1d2bdac8ef
Add deprecation notice to $wgResourceLoaderLESSVars and
hook 'ResourceLoaderGetLessVars'. Warnings to be added in 1.31.
Users should migrate to exposing variables via the individual module's
getLessVars() method.
- Ensures better cache invalidation.
- Separates concerns for getting information and exposing information
as less variables. And allows an extension to, for example, use
a different variable name for something if needed.
The 'deviceWidthTablet' variable will need to be migrated to
either a regular configuration variable that individual modules
can expose in their getLessVars() method - or, alternatively, we
can deprecate it altogether in favour of exposing it through
a less import file instead (see T112747). That would mean, however,
that the value can only be changed in core, not by site config.
Bug: T140804
Change-Id: I61cff1d9652d88dc53c43075dd5053b7707809e6
Example implementation using this hook: wikiHow's ChineseVariantSelector
extension, installed on zh.wikihow.com, which uses cookies to store the
preferred language variant, allowing anonymous users to change the
language variant without registering/logging in.
Change-Id: I5295a26578b45a8d51f2b7550938088fec18404f
Adds RecentChangesPurgeRows hook which gets called in the same
transaction where old recentchanges rows are purged, and gets the
list of deleted rows. Extensions which store data for joining to
recentchanges can use this to purge their own data.
Bug: T159753
Change-Id: I03f1d485a1a3004412e0859d9d878b7895c95b40
Also update the hooks documentation. Now that it is using HTMLForm the
<fieldset> is closed before the submit button is added. The old code
was closing the <fieldset> after adding the submit button so the
documentatio made sense.
Bug: T111999
Change-Id: I109065100e40fef0c56a010c444de04a40950479
* UnitTestsAfterDatabaseSetup
* UnitTestsBeforeDatabaseTeardown
Bug T168802 necessitates that CentralAuth creates its tables
before any user tests are run, due to its extensive hooking
into everything. This change adds two hooks for that, called
after DB initialization is done and before teardown begins. The
corresponding CentralAuth change is
at I618840fafd22d9b6471eb470ef0414e354aa17f5
Bug: T168802
Change-Id: If7050513719833d4167a24283885d7c10a25856b
Changes:
- added one argument to PreferencesFormPreSave hook,
a $oldUserOptions array which contains set of all user
options before save
- updated documentation
Bug: T169365
Change-Id: I28003c5898d64031e1efb212cb0bec58ff44b958
We have several types of change lists (old RC/watchlist/related
changes, enhanced RC/watchlist, history) with slightly different
HTML, each with their own idiosyncracies. JavaScript code trying
to identify lines by log ID / revision ID has to jump through all
kinds of hoops to work with that.
To simplify the lives of frontend / gadget maintainers and provide
something approaching an API for these pages, we now expose the basic
attributes of each change line (revision ID for edits, log type/action
and ID for log events) as data attributes.
The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
EnhancedChangesListModifyBlockLineData, PageHistoryLine,
ContributionsLineEnding and DeletedContributionsLineEnding hooks
are updated accordingly. New hooks (LogEventsListLineEnding and
NewPagesLineEnding) are added for the change list pages which did
not yet have them.
Change-Id: I6dd006d0b1b0fd35c0020f0f9eea9113eca30b35
* ParserOptions is reorganized so it knows all the options and their
defaults, and can report whether the non-key options are at their
defaults.
* Definition of the "canonical" ParserOptions (which is unfortunately
different from the "default" ParserOptions) is moved from
ContentHandler to ParserOptions.
* WikiPage uses this to throw an exception if it's asked to cache
with options that aren't used in the cache key.
* ParserCache gets some temporary code to try to avoid a massive cache
stampede on upgrade.
Bug: T110269
Change-Id: I7fb9ffca96e6bd04db44d2d5f2509ec96ad9371f
Depends-On: I4070a8f51927121f690469716625db4a1064dea5
Callers to the EditPageBeforeEditToolbar hook can now return false to
signal that the toolbar is over-written, in which case this old code
won't be called (so no deprecation warnings for users of WikiEditor,
CodeEditor, etc.).
Bug: T30856
Depends-On: I5e755ef5dffb843368563511044d3123f14dc4bc
Change-Id: I3bed70a20e4b94fe3d04a00925b8012312202574
This patch introduces a new special page named AutoblockList.
Its design is reused from Special:BlockList.
Bug: T146414
Change-Id: I811d23c98be749d8df36700b07a295355691af77
Allows search engine to suggest deleted titles for undelete search.
Note that the titles are still verified against the archive table,
to ensure search engine is not out-of-date.
Bug: T109561
Change-Id: Id6099fe9fbf18481068a6f0a329bbde0d218135f
getCheckboxes() directly generated the HTML for the
"This is a minor edit" and "Watch this page" checkboxes,
and allowed extensions to add more HTML checkboxes (and
modify existing ones) using the 'EditPageBeforeEditChecks'
hook. This prevents us from ever changing the format of
the HTML (e.g. to use OOUI checkboxes).
Introduce new method getCheckboxesDefinition(), which
generates the checkboxes in a machine-readable format,
with a new hook 'EditPageGetCheckboxesDefinition'.
Rewrite getCheckboxes() in terms of that. The old hook
'EditPageBeforeEditChecks' is now deprecated.
Change-Id: I3dbe973dcac6cba0c3a1ac5d983cafcfb49d833c
Directly mention ChangesListBooleanFilterGroup and
ChangesListStringOptionsFilterGroup so people know what to construct.
Change-Id: I3c105d072889c1da26f94402326ba48635081833
Explicitly block two filters in the same group from having the same
name.
Before, it would be left to registerFilter, which would just cause
the second one to win.
Also, avoid a getFilter warning when the filter does not exist.
Do the same for getFilterGroup on ChangesListSpecialPage
Finally, a minor related doc fix.
Change-Id: I6b3880a5c7cc381c169bbd969cd4814559b49c91
This reverts commit 1525f6cd45.
This should be functionally equivilent to what was being done
before. When go is triggered but does not cause a redirect the
hook is called. Nothing is done with the result of the hook, same
as before.
Not going to bother deprecating, it doesn't particularly hurt the
architecture in any way, it was removed for being what appeared as dead
code due to a long removed feature. There are apparently a few usages of
this in extensions that may or may not work with recent releases of
mediawiki.
Bug: T160441
Change-Id: I368dec79431fbcc8d04f95afed8bbc7262a2e5de
Generate old RC, Related changes (it was already displayed and working
on 'Related changes' before this change), and Watchlist/etc. and data
for new UI from back-end.
This moves everything used for defining the old (unstructured) and new
(structured) filters into unified objects, ChangesListFilter and
ChangesListFilterGroup (and sub-classes).
This includes the query logic (see below) and logic for adding
CSS attribution classes.
This is a breaking change (for subclasses of ChangesListSpecialpage)
due to the signature (and name) change of buildMainQueryConds and
doMainQuery. An alternative that I don't think is a breaking change
would be to put the filter->DB logic in runMainQueryHook, but then it's
doing more than just running a hook.
This is because it used to only build $conds here, but it's clear from
filterOnUserExperienceLevel filters need more than this. I added all
the DB parameters from the hook, but this could be debated.
I have an checked and fixed the WMF-deployed extensions affected by
this.
Other than that, there should be full back-compat (including legacy
filters not using the new system).
* add hidepatrolled/hideunpatrolled to new UI.
* Move userExpLevel from RC to ChangesListSpecialPage. Although for
now the structured UI only displays on RC anyway, when it displays on
watchlist, it seems we'll want userExpLevel there.
Change this to make 'all' exclude unregistered users.
* Don't have front-end convert none-selected to 'all' on string_options.
* Needs the hideanons/hideliu special redirect to be done before this
is merged (T151873)
Bug: T152754
Bug: T152797
Change-Id: Iec2d82f6a830403d1c948a280efa58992e0cdee7
Use of &$this doesn't work in PHP 7.1. For callbacks to methods like
array_map() it's completely unnecessary, while for hooks we still need
to pass a reference and so we need to copy $this into a local variable.
Bug: T153505
Change-Id: I8bbb26e248cd6f213fd0e7460d6d6935a3f9e468
This patch adds an ug_expiry column to the user_groups table, a timestamp
giving a date when the user group expires. A new UserGroupMembership class,
based on the Block class, manages entries in this table.
When the expiry date passes, the row in user_groups is ignored, and will
eventually be purged from the DB when UserGroupMembership::insert is next
called. Old, expired user group memberships are not kept; instead, the log
entries are available to find the history of these memberships, similar
to the way it has always worked for blocks and protections.
Anyone getting user group info through the User object will get correct
information. However, code that reads the user_groups table directly will
now need to skip over rows with ug_expiry < wfTimestampNow(). See
UsersPager for an example of how to do this.
NULL is used to represent infinite (no) expiry, rather than a string
'infinity' or similar (except in the API). This allows existing user group
assignments and log entries, which are all infinite in duration, to be
treated the same as new, infinite-length memberships, without special
casing everything.
The whole thing is behind the temporary feature flag
$wgDisableUserGroupExpiry, in accordance with the WMF schema change policy.
The opportunity has been taken to refactor some static user-group-related
functions out of User into UserGroupMembership, and also to add a primary
key (ug_user, ug_group) to the user_groups table.
There are a few breaking changes:
- UserRightsProxy-like objects are now required to have a
getGroupMemberships() function.
- $user->mGroups (on a User object) is no longer present.
- Some protected functions in UsersPager are altered or removed.
- The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted
extension) has a change of parameter.
Bug: T12493
Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa
Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8
Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
Reasons:
* $text is vague. It's the label of the link. There is a function named
getTitleSnippet, which is what I'm reusing for the variable name.
* $page is vague. It's not the page of the search result, but the search
special page.
* $queryString is not a string but an array of strings.
I also updated https://www.mediawiki.org/wiki/Manual:Hooks/ShowSearchHitTitle
accordingly.
Change-Id: Ia18dbf5ccf7f9fcc8890ad01641d0b7ff3e6eee8
Changing hook signatures with no deprecation period is a no-no.
Fixes Ib527fc3a3c39eb2e56985e5d1e4905fc4562353c
Reverts I153a7d590faceb1e2c4fe7d95a5cb931cda0c301
Bug: T155625
Change-Id: I2b408691fc4435ef24fc62360bd7ad6114f385c7
In general, there's no reason to use by-ref on objects unless
the hook is supposed to replace them (this one isn't).
Change-Id: I153a7d590faceb1e2c4fe7d95a5cb931cda0c301
This was suggested at a Developer Summit session as a way to get people
to know about the mailing list.
This also adds a hook so ApiFeatureUsage can mention itself in
deprecation warnings too.
Bug: T148855
Change-Id: I04a7cf89e87e48f6504803dd173e779017a205d0
So that extensions like MessageCommons can try to use this (and
$wgLanguageCode) instead of $wgLang->getCode()/$wgContLang->getCode(), as
the latter ones cause fatals and recursion, at least with the Gadgets
extension also enabled at the same time.
Change-Id: If71fe1ded26c7a1c771128397783783ad5715b00
First step in refactoring the search results page. Pulls out widgets
to render our two styles of search result, Full and Simple.
Bug: T150390
Change-Id: If78cb0c29ae394f16e465c15a8e8246c1b56dcea
Currently, there is no hook that runs before a user's groups are changed. Adding a hook here will allow for action before the groups are changed.
Bug: T49338
Change-Id: I87dbb6a8eb897f4a40215d33d1a0b24af7efa871
Currently, there are two hooks ('BlockIP' and 'BlockIPComplete') that run when a user or IP is blocked in Special:Block, but no similar hooks when a user is unblocked in Special:Unblock. Adding these two hooks allows an extension to add and remove criteria about a user/IP unblock before it occurs and for possible action after an unblock is completed.
Bug: T50546
Change-Id: I9d9888dc5f1bb6a8bc62e90e6a423bf56b05173b
This will allow for checking passwords against the wiki's password
policy from the account creation and password change forms.
Bug: T111303
Change-Id: I0de281483bd83e47d80aa1ea37149d14f2ae5ebd
This passes the id of the revision that was undone to the
PageContentSaveComplete hook, since this hook is now inside a deferred
update so extensions can no longer rely on 'wpUndidRevision' being
present in the request.
Change-Id: I50dcb841cd0616acc2d69c3a685ba3cb339986c3
For mucking with the class member variable mNewContent and optionally
allowing the suppression of the "missing revision" message when revision
data is not found for a requested revision.
Originally implemented as the "GetUserMessagesDiffCurrent" hook (yes,
these three separate hooks in three separate places were essentially the
same) by Wikia for their SiteWideMessages extension.
Change-Id: Ie0c175af2af418d4ed3de28c94df918115312da3
API warnings and error messages are currently hard-coded English
strings. This patch changes that.
With a few exceptions, this patch should be compatible with non-updated
extensions:
* The change to ApiBase::$messageMap will blow up anything trying to
mess with it.
* The changes to the 'ApiCheckCanExecute' hook will cause a wrong
(probably unparsed) error message to be emitted for extensions not
already using an ApiMessage. Unless they're currently broken like
Wikibase.
Bug: T37074
Bug: T47843
Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898
Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec
Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6
Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed
Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c
Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b
Depends-On: I535344c29d51521147c2a26c341dae38cec3e931
Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
This was added in I56b6600 in an attempt to work around a bug in
CentralAuth, but the bug has since been fixed in a better way. No hook
functions in Gerrit use the parameter (or ever have, as far as I can
tell), and anything that was passing a value other than the default
'login' has since been removed. So let's just get rid of it instead of
keeping it around doing nothing.
Change-Id: Ie604e03d268706221161ac93eb866f477e466fb4
Added for use in the CategoryTree extension to show the category count
on the special page, see If3815586c2a280b4e8958c13010c9f7436b8723d
Change-Id: If195fb55dee1350a6de095892ce89e6565287cd9
Also updated on mw.org.
This array never has language keys (at least not
unless other extensions add them) but core will
always just have numerical keys.
Change-Id: Ie9c42ac2b4ff143e36d07642f57cca769e8c00e7
The hook was removed in Ia8e17008cb9d9b62ce5645e15a41a3b402f4026a
The mentioned file in the documenation was renamed:
parserTest.inc -> ParserTest.php -> ParserTestRunner.php
Change-Id: I8fcf8302b84254d1dc5a3b629f425616bd1f5d13
The hook was readded with Iad2646acde79b8a59710bb9fd5fbbfea5a39c341
The text is from I2783c46c6d80f828f9ecf5e71fc8f35910454582
Change-Id: I5e26e0c9bef06e0a6213fd219bda58a61da80665
The main interface already has javascript enhancement to use
the API and mw.notify. This patch affects permalinks without
tokens, and opening the link without javascript.
This will match the current behaviour of action=watch.
Bug: T130946
Change-Id: I6be2c07824c17b165e068fc4ac36ab192e12bc9d
In order for an extension to add data to ApiQueryWatchlist, we need to
provide a way to allow it to manipulate the database query made by
WatchedItemQueryService. We also need some hooks in ApiQueryWatchlist to
handle the marshalling of data to and from WatchedItemQueryService.
To better handle hooking, this also moves some of the continuation logic
from ApiQueryWatchlist to WatchedItemQueryService.
Bug: T147939
Change-Id: Ie45376980f92da964a579887b28175c00fd8f57e
This allows extension to consistently use their WikiPage subclasses.
Currently the only way a subclass would be used is if Article::newPage()
was called.
Change-Id: I74cce5f9627c4bc4b92502aff74beb2daeb78d17
This will allow extensions to inject into the query to implement
"xxshow" parameters, and to add additional properties to the output
data for "xxprop" parameters.
Also, call these new hooks from ApiQueryRevisions, ApiQueryAllRevisions,
ApiQueryUserContributions, and ApiQueryRecentChanges since I701e8e19 is
going to be wanting them.
Bug: T143614
Bug: T143616
Change-Id: Id6b42c7f2eb53a6f659d0d61383287f41d96ca00
This creates a hook triggered when updating change tags, so that
extensions can take actions when tags are updated.
When tagging accompanies the action, the recent change is passed
while when tagging is subsequent to the action, the user who
performs the tagging is passed.
Bug: T118698
Change-Id: Ifb0cdc43252c4185e4f216d23b8a21fb31595a37
When it becomes impossible to load the content of a page due to some
error or misconfiguration, we still want to be able to delete that
page. This change makes WikiPage::doDeleteArticle more robust by catching
any exceptions that may be thrown while trying to load the page content
during the deletion process.
See T128466 for context.
Change-Id: I19f2d16850a3c1af5b504a70a27b9bf1330bc68d
Currently UsersPager::doBatchLookup() assumes that group data comes *only*
from one place, the (local) user_groups DB table. But this isn't correct
when an extension like [[mw:Extension:GlobalUserrights]] is installed.
With the current master version of the GlobalUserrights ext. installed
under MW 1.27, only the *local* groups are shown on Special:ListUsers.
Even if you have a global group called 'staff' and you go to the
[[Special:ListUsers/staff]] page, it *will* display the correct list of
users, but the group data in parentheses is wrong; it's either 1) missing
(if the user is only a member of a global group but not any local groups)
or 2) incorrect in that it omits global group membership(s) entirely.
With this hook, an extension such as GlobalUserrights is able to query an
additional source of user group data (such as the global_user_groups table
in $wgSharedDB in the case of the GlobalUserrights ext.) and have this
data stored in the cache to ensure that global group data shows up as it
should.
Change-Id: Ied2c0f2d5738cf96a66a9672182345d630285639
UploadBase:
* Introduce a new method, tryStashFile(), as a replacement for the
now-soft-deprecated stashFile(). The method runs the new hook and
returns a Status object, with an error (if the hook returned an
error) or a value (if it didn't).
* Introduce a new hook, UploadStashFile, allowing extensions to
prevent a file from being stashed. Note that code in extensions
which has not been updated for MediaWiki 1.28 may still call
stashFile() directly, and therefore not call this hook. For
important checks (not just for UI), extension authors should use
UploadVerifyFile or UploadVerifyUpload hooks.
* Extract common code of tryStashFile() and stashFile() to
a new protected method doStashFile().
SpecialUpload:
* Use tryStashFile() when stashing a file after a warning or
"recoverable error" was encountered.
ApiUpload:
* Refactor stashing code so that error handling only happens in one
place, not four different ones. Use Status objects rather than
exception throwing/catching for control flow.
* Simplify the error messages slightly (error codes are unchanged).
Produce better ones by always using handleStashException().
'stashfailed' is now always at root (not nested inside 'warnings'),
behaving the same as 'filekey' does on success.
* Use tryStashFile() when stashing. Handle errors so as to allow
custom API results passed via ApiMessage to be preserved.
Some API result changes for different requests are shown below.
api.php?action=upload&format=json&filename=good.png&file=...&stash=1
Before:
{
"error": {
"code": "stashfilestorage",
"info": "Could not store upload in the stash: Stashing temporary file failed: UploadStashFileException Error storing file in '/tmp/phpB32SRT': Could not create directory \"mwstore://local-backend/local-temp/3/3a\".",
"*": "See http://localhost:3080/w/api.php for API usage"
}
}
After:
{
"error": {
"code": "stashfilestorage",
"info": "Could not store upload in the stash: Error storing file in '/tmp/phpB32SRT': Could not create directory \"mwstore://local-backend/local-temp/3/3a\".",
"*": "See http://localhost:3080/w/api.php for API usage"
}
}
api.php?action=upload&format=json&filename=[bad].png&file=...
Before:
{
"upload": {
"result": "Warning",
"warnings": {
"badfilename": "-bad-.png",
"stashfailed": "Stashing temporary file failed: UploadStashFileException Error storing file in '/tmp/phpB32SRT': Could not create directory \"mwstore://local-backend/local-temp/3/3a\"."
}
}
}
After:
{
"upload": {
"result": "Warning",
"stashfailed": "Could not store upload in the stash: Error storing file in '/tmp/phpB32SRT': Could not create directory \"mwstore://local-backend/local-temp/3/3a\"."
"warnings": {
"badfilename": "-bad-.png",
}
}
}
Bug: T140521
Change-Id: I2f574b355cd33b2e9fa7ff8e1793503b257cce65
Most of the hook functions need context to see what the current user's
permissions are, to generate messages, or the LinkRenderer service to
generate the tool links.
Change-Id: I19fa27c8115ee39dded6cb98f29c35b66b934f8a
* Instead of having messy code to create a hidden HTML
comment of English strings at the bottom of the page,
expose the structured data of the parse information
to JS so tools can use it.
* Make makeConfigSetScript() use pretty output so these
variables are also easy to read in "view source".
* Remove ParserLimitReportFormat hook, since the data
is not formatted to HTML anymore.
Bug: T110763
Change-Id: I2783c46c6d80f828f9ecf5e71fc8f35910454582
This will help to differentiate between actual login and visiting
the login page while already logged in.
Bug: T140853
Change-Id: If8582ff61aee62b1d424e473b230ca883ddb6d05
Now with less fatals and more functionality! At least I sure hope so.
Unlike the first time around (https://gerrit.wikimedia.org/r/206642), the
DifferenceEngineRenderRevisionAddParserOutput and
DifferenceEngineShowEmptyOldContent hooks now only affect things if a
hooked function returns false. Since by default nothing is hooked into
these brand new hooks, the behavior should stay exactly the same as before
this patch and things like bug T139435 shouldn't happen anymore.
These hooks allow things such as:
* adding CSS(/JS) into the OutputPage when viewing diffs
* adding extra HTML content (such as avatars) into diff views
* hiding the bottom "mark as patrolled" link
* altering the parser output that is used by DifferenceEngine
* and more
Example extension using these hooks is wikiHow's
/extensions/wikihow/hooks/, specifically the file DiffHooks.php (but the
hooks are setup in WikihowHooks.php).
Live example of the DiffHooks stuff in action can be found at wikiHow.com,
for example:
http://www.wikihow.com/index.php?title=Set-Your-Homepage&diff=17112892&oldid=15888129
(user avatars, additional CSS, changes to the old/new revision header
texts/links)
Bug: T139526
Change-Id: I10293be4581140c3edf0e4b538b04b31cb6f5730
This paramater contains a map of id => old and new visibility bits.
This allows doPostCommitUpdates to do something useful with the
differences before and after a visibility change. Specifically,
RevDelRevisionList doPostCommitUpdates passes this to the
ArticleRevisionVisibilitySet hook.
Bug: T137287
Change-Id: I1824f56d2aadc15671c442cf30dc1f9f01e821f8
The new hook runs at the beginning of UploadBase::performUpload().
Unlike the existing UploadVerifyFile hook, the new one provides the
information about the file description page being created, and the
user who is performing the upload. It also does not run for uploads
to stash.
The action=upload API and Special:Upload have been changed to treat
errors from UploadBase::performUpload() as recoverable, which means
that they will attempt to stash the file (previously they would require
the user to upload it again). This is mostly intended for errors from
the new hook, but I think it makes sense for the existing ones, which
are mostly transient filesystem erorrs.
Bug: T89302
Change-Id: Ie68801b307de8456e1753ba54a29c34c8063bc36
These hooks allow things such as:
* adding CSS(/JS) into the OutputPage when viewing diffs
* adding extra HTML content (such as avatars) into diff views
* hiding the bottom "mark as patrolled" link
* altering the parser output that is used by DifferenceEngine
* and more
Example extension using these hooks is wikiHow's
/extensions/wikihow/hooks/, specifically the file DiffHooks.php (but the
hooks are setup in WikihowHooks.php).
Live example of the DiffHooks stuff in action can be found at wikiHow.com,
for example:
http://www.wikihow.com/index.php?title=Set-Your-Homepage&diff=17112892&oldid=15888129
(user avatars, additional CSS, changes to the old/new revision header
texts/links)
Change-Id: Icbc987fa4806e7bfc66743375301912b428dc348
Since this updates happens post-send or via the job queue, the
page object will be for a non-existing or newer page/redirect.
Change-Id: I20b583948157dccceca6eb1fbd25121822bf1b2f
This allows extensions (e.g. TemplateSandbox in I77a9aa5a) to better
interact with the ApiParse and ApiExpandTemplates modules.
Change-Id: I72d5cf8e0b86e4250af1459219dc3b42d7adbbb8
This gives finer-grained extensibility than the current ContributionsLineEnding
hook.
Bug: T122537
Change-Id: Ifca9f3f3b838a2915152f0200624ef40ee3f8a19
There is no place for a type before the variable name
Follows 9ec1ef7308 (security patch not in gerrit)
Change-Id: I7c2718f8026c7163553b9135362e5de61a26c9f8
This may negatively affect performance and the whole purpose of the
hook (making it possible to reject an edit from an extension while
providing detailed error information in the API result) has been
invalidated by 09a5febb7b, which lets
EditFilterMergedContent do this too.
I think it was intentional that the hook was called with just the text
passed to action=edit API. Making it actually be called with the text
that's going to be saved would require more work (e.g. for
automatically resolved edit conflicts, T73947).
Very few extensions use this hook. I'm fixing AbuseFilter to use
EditFilterMergedContent in I30c1e3d0a6c10888e6ac53745313434474663cce,
we should also review ConfirmEdit, ProofreadPage and SpamBlacklist to
see what behavior they really expect.
This reverts commit be97167ab6.
Change-Id: I62713419496bcf57364a8fa9de93c0c8ddc3e91c
This is a rewrite of Linker::link() to a non-static, LinkTarget-based
interface. Users of plain Linker::link() with no options can use the
LinkRenderer instance provided by MediaWikiServices. Others that
have specific options should create and configure their own instance,
which can be used to create as many links as necessary.
The main entrypoints for making links are:
* ->makeLink( $target, $text, $attribs, $query );
* ->makeKnownLink( $target, $text, $attribs, $query );
* ->makeBrokenLink( $target, $text, $attribs, $query );
The order of the parameters are the same as Linker::link(), except
$options are now part of the LinkRenderer instance, and
known/broken status requires calling the function explicitly.
Additionally, instead of passing in raw $html for the link text, the
$text parameter will automatically be escaped unless it is specially
marked as safe HTML using the MediaWiki\Linker\HtmlArmor class.
The LinkBegin and LinkEnd hooks are now deprecated, but still function
for backwards-compatability. Clients should migrate to the nearly-
equivalent LinkRendererBegin and LinkRendererEnd hooks.
The main differences between the hooks are:
* Passing HtmlPageLinkRenderer object instead of deprecated DummyLinker
* Using LinkTarget instead of Title
* Begin hook can no longer change known/broken status of link. Use the
TitleIsAlwaysKnown hook for that.
* $options are no longer passed, they can be read (but shouldn't be
modified!) from the LinkRenderer object.
Bug: T469
Change-Id: I057cc86ae6404a080aa3c8e0e956ecbb10a897d5
The header is intended for use with XMLHttpRequest when the request
might be part of an XSS. The hook is for extensions that might need to
add additional checks of some sort.
Bug: T98313
Change-Id: I0e5f2d3b29a79a12461dc33c90c812a56810f536
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in 9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in 29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
(This is part of I6ec374ac9 wich was a re-submit of Ie98bf5af5
which got reverted by Ide7ab563)
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* integration tests (which most of the existing phpunit tests are)
In contrast to I6ec374ac9, this change does not cause singeltons
of legacy services to be reset. It is assumed that legacy services
use global state to access services and configuration, so any
change in confuguration would affect them immediately.
NOTE: the original I6ec374ac9 would cause session information to
get lost if the user session was creatsed before initialization
was complete. This was apparently triggered by the MobileFrontend
extension under some circumstances. Check with Addshore and Catrope.
Change-Id: Ie06782ffb96e675c0aa55dc26fb8f22037e8517d
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* forking processes
* integration tests (which must of the existing phpunit tests are)
Depends-On: I5d638ad415fc3840186a0beaa09ac02ea688539b
Change-Id: Ie98bf5af59208f186dba59a9e971c72ea0b63e69
The service locator, MediaWikiServices, is intended to facilitate
"manual" dependency injection in static entry points.
See also the Dependency Injection RFC T384 and Service Locator
RFC T124792 for details.
The following key points were implemented according the
discussion surrounding these RFCs:
* a configurable DI container that allows extensions to add and replace services.
* no auto-wiring, since it's prone to add confusion in large and complex applications.
* no 3rd party framework, since they typically do too much.
The following services in MediaWiki core are made accessible via the service locator
mechanism to showcase the bootstrapping mechanism:
* ConfigFactory and MainConfig
* SiteLookup and SiteStore
However, the implementation of these services was not yet converted to using proper DI
throughout the code.
Bug: T124792
Change-Id: I3c25c0ac17300d3dd13e1cf5100558a605eee15f
Allos SpecialPage::beforeExecute() (and the equivalent
SpecialPageBeforeExecute hook) to prevent execution of the page
by returning false.
Needed by I8b52ec8ddf494f23941807638f149f15b5e46b0c.
Change-Id: I71423b920d596ee9ae6da60d95b14255eddfbcd6
Via the argument given by Krinkle in
https://gerrit.wikimedia.org/r/#/c/274751/1/ImageMap_body.php
Quote: "[Returning true is] obsolete for a while and slowly disappearing
from existing code. Only 'return false' is an explicit signal. The
default is true. This was done because it very often is forgotten and
causes broke in production in catastrophic ways on numerous occasions.
This better reflects the mental model of intent and also makes it more
natural when dealing with hooks such as these, which can't be aborted
and as such don't have a sensible purpose in returning false, which
means returning true can be confusing."
Change-Id: I98308ed9105d904e47db3ac7899412f239c2bf9d
Adds a few pieces of information to improve tracking of autocomplete
usage.
* When using Special:Search 'go' feature forward wprov parameter to redirect
* Include a data attribute indicating autocomplete location to
differentiate usage of the header and Special:Search content autocompletes
* Report exact query string that was used for impression-results
* Add handling to allow searchSuggest subscribers to append tracking
information to generated article links
* Add a new hook, SpecialSearchGoResult, that can either change the url
redirected to in the 'go' feature or cancel it entirely.
Bug: T125915
Change-Id: Iec7171fcf301f1659d852afa87ce271f468177c1
This is a pre-requisite to fix a Flow move regression, T127785.
This allows running an atomic entirely within the move with the correct
ordering.
Bug: T127785
Change-Id: Ie772f737f917854e4cfefe52ec3bea4669c9efe0
* check 4 new paths
* strip 'NormalizeMessageKey' hook from docs/hooks.txt,
last call was removed in 1ea4f23b05
Change-Id: Id36ab478b94f74be451cae848d5ef2a318d23040
Pass the cookie options by value to WebResponseSetCookie handlers so
that they may alter them.
Bug: T49647
Change-Id: I69ae55baa7806f14726b0b08215c0df471794b39
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
User keeps most of its token-related methods because anon edit tokens
are special. Login and createaccount tokens are completely moved.
Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
ImportLogInterwikiLink. Hook to change the interwiki link used in log entries and edit summaries for transwiki imports.
Change-Id: I03e054de16d8820c0f3d2c165288e229960d6bb1
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
Also fix USE INDEX so that it won't break if another table is joined.
See related change at I2a7003f9.
Bug: T53124
Change-Id: I9ac910bc4c24196b1f19e2fc7f1e5b88a0dac41b
The EventBus extension needs to forward the created (null) revision ID as
part of the page move event. Looking this value up when the hook fires is
problematic, because without a connection to the master DB the query might
very well return nothing (if it races in before the entry is replicated to
the slave).
This changeset passes the newly created Revision on to the hook so that it
doesn't need to be queried separately.
Bug: T116786
Change-Id: I1b48e2904fc8d99f2cde604f274f79a2b47d7fc2
The next revision in the page history isn't necessarily the previous
revision (due to selective undeletions, history merges, etc). This
passes the next revision to HistoryRevisionTools so extensions can check
if needed. Also, it passes the user to this hook and DiffRevisionTools
to avoid use of wgUser or having to retrieve context.
Change-Id: Ibc68f19040eebe3614e07f753f26bbfd376ae28d
* All updates for an event are atomic for the main DB.
* This follows-up 9e51328790 by reverting the auto-commit
behavoir which was a side-effect of that change.
* Added TitleMoveCompleting hook with is a pre-commit version
of the same hook. Various extension could benefit from the
atomicity of running in the main transaction.
Change-Id: Ife5990bbedca1de78bcf83f2d6fdeeae8086ffad
Check if all hooks in hooks.txt have a &, if the code also have & and
the other way round.
Fix all hooks in hooks.txt to have a clean run of the script.
Change-Id: I1b45253e20dc310e825cdc17e0e2e9c8fb315bab
Using the new system introduced in
1c57794e37 (see T47843).
This change allows Title::getUserPermissionsErrors() to include
MessageSpecifiers instead of string message keys in its return value.
This doesn't seem to have any bad effects, and should work seamlessly as
long as callers aren't trying to do anything stupid and just pass the
value to PermissionsError or OutputPage::showPermissionsErrorPage()
or wfMessage() or some such.
If the callers *are* trying something stupid, nothing worse than
duplicated or otherwise less-than-perfect error messages (in code
which tries to handle some message keys specially) should happen.
(I fixed wfMergeErrorArrays(), but who knows what else lurks in all
this code.) Any problems should only affect new-style errors using
MessageSpecifier, though.
Since MessageSpecifiers tend to be stringable, we probably won't get
fatals, but might get incorrect checks. Should we try to log this
happening somehow?
Goes with I42a0c5b0ea7e61088dd609b764dd7d1396c60cd5 in TitleBlacklist.
Bug: T115258
Change-Id: I1334ba21a2862973a9d8ff5be2c9bec06a82698b
BaseTemplateAfterPortlet: Add colon to match the other arguments
FileUpload: Adjust spacing to match the other arguments
Change-Id: Iae0285b1a39cf851aaaa735cb22e95c839813997
We should be telling extensions whether a deletion is a suppression or not, so
they can behave appropriately.
Change-Id: I2cb6ffd61dd12766fe0266514c9360ff0c90b788
UserMailerTransformContent allows extensions to change the body of
an email sent via UserMailer::send(). This is applied before
low-level transformations such as multipart or content encoding.
UserMailerTransformMessage is similar but it is run after those
transformations.
UserMailerSplitTo allows extensions to request that a certain
user should always be emailed separately (so when UserMailer::send()
is called with an array of target addresses, that user will be split
out into a separate call). This is intended for content
transformations which need to be different per user, such as
encryption.
A side effect is that while before a call to UserMailer::send() was
either fully succeeded or fully failed, now the message might be
delivered to some targets but not others. send() will return a failed
Status object in those cases.
Bug: T12453
Change-Id: I4c3a018110173c3b5d52a753fdcbec397b590ced
Very useful to do things that need to know the actual search
term (eg. to show further things related to that).
The old hook supported that as well, as documented on
https://www.mediawiki.org/wiki/Manual:Hooks/SpecialSearchResultsAppend
That hook has been re-introduced with e7551f16
Change-Id: I7ac6ad95b29f9da0802eb3340e27b8683bf9f76d
The last two parameter were not in documentation.
Follows 3c8c735c56 (r11803)
Follows 06be63aa1c (r28125)
Change-Id: I4fe91a6ad714ef06a187f7cd873fda5237103d2c
The last parameter is not in code, so remove it from documentation.
Was removed with a35fcb0bed (r12207)
Change-Id: I5625f621342c2b71c56df3b3167479ec3884acf8
Currently import sources have to be set into $wgImportSources as part of
wiki startup. This is not practical for the WMF cluster, where we need some
reasonably complex logic to set up the import source structure.
This change allows the import source list to be populated from a new
"ImportSources" hook. This hook is only called when the list of import
sources is actually needed (namely, when a user with relevant permissions
loads Special:Import).
Bug: T17583
Change-Id: Ice9a19cb6dfe53ae72aa71353d0553ee9338f233
This allows extensions (e.g. Echo) to detect who made the change without
relying upon $wgUser. It also allows for differentiation between
autopromotion entries which will pass in `false` as the performer.
Change-Id: Idebd78b54dcea1bdc84c83f402e87b240ab4ade1
Document the missing $error parameter of the EmailUser hook.
Clarify the type of the address parameter
Also add an comment, why a variable is used twice
Follows 38c7c8f895 (r64903)
Change-Id: I1c5636dc378667ef2798c69659b43f70734f4144
* LocalUserCreated: Replaces AuthPlugin::initUser()
* UserGroupsChanged: Replaces AuthPlugin::updateExternalDBGroups()
** The similar UserRights hook is deprecated, mainly to get rid of the
passing of $user by reference.
* UserIsHidden: Replaces AuthPluginUser::isHidden()
* UserIsLocked: Replaces AuthPluginUser::isLocked()
* UserLoggedIn: Replaces AuthPlugin::updateUser()
Also, AuthPlugin::updateExternalDB() is deprecated in favor of the
existing UserSaveSettings hook.
Also, 'ResetSessionID' has been removed. Nothing uses it, I don't know
why I even added it in the first place.
Also, replacing the User object passed to AuthPlugin::initUser() and
AuthPlugin::updateUser() will now raise a warning.
Change-Id: If7474cfb26a29b11c2e78147069419ca3b1cba95
mw.ForeignApi is an extension of mw.Api, automatically handling
everything required to communicate with another MediaWiki wiki via
cross-origin requests (CORS).
Authentication-related MediaWiki extensions may extend it further to
ensure that the user authenticated on the current wiki will be
automatically authenticated on the foreign one. A CentralAuth
implementation is provided in I0fd05ef8b9c9db0fdb59c6cb248f364259f80456.
Bug: T66636
Change-Id: Ic20b9682d28633baa87d22e6e9fb71ce507da58d
Allow callers to specify why they are checking a passwords validity, so
some checks can be modified. Only check the default policy on creation,
since the account doesn't exist it's not a member of any groups.
Bug: T104615
Change-Id: I56b66002562aaa1493d94a90309bc8e4ae3841c8
Introduce a new hook to allow (single) block-level entries.
Very similar to EnhancedChangesListModifyLineData.
Bug: T104399
Change-Id: I6b4715277d44e5f09d7a230b33e956676aeab1c2
