This commit adds a custom collation order for
Northern Sami ('se'). Northern Sami exists in ICU,
but the version of ICU that Wikimedia uses is a
few years old, and does *not* include Northern
Sami. It could be years before Wikimedia's production
servers use the one that includes Northern Sami (see
bug), so this is a temporary workaround to amend this
issue.
Bug: T181503
Change-Id: Ib8a48b8db99bef8ec4b05144aace5dbdcacfeded
Importing revisions in MediaWiki has long been weird: if the username on
the imported revision exists locally it's automatically attributed to
the local user, while if the name does not exist locally we wind up with
revision table rows with rev_user = 0 and rev_user_text being a valid
name that someone might later create. "Global" blocks too create rows
with ipb_by = 0 an ipb_by_text being a valid name.
The upcoming actor table change, as things currently stand, would
regularize that a bit by automatically attributing those imported
revisions to the newly-created user. But that's not necessarily what we
actually want to happen. And it would certainly confuse CentralAuth's
attempt to detect its own global blocks.
Thus, this patch introduces "interwiki" usernames that aren't valid for
local use, of the format "iw>Example".[1] Linker will interpret these
names and generate an appropriate interwiki link in history pages and
the like, as if from wikitext like `[[iw:User:Example]]`.
Imports for non-existant local users (and optionally for existing local
users too) will credit the edit to such an interwiki name. There is also
a new hook, 'ImportHandleUnknownUser', to allow extension such as
CentralAuth to create local users as their edits are imported.
Block will no longer accept usable-but-nonexistent names for 'byText' or
->setBlocker(). CentralAuth's global blocks will be submitted with an
interwiki username (see Ieae5d24f9).
Wikis that have imported edits or CentralAuth global blocks should run
the new maintenance/cleanupUsersWithNoId.php maintenance script. This
isn't done by update.php because (1) it needs an interwiki prefix to use
and (2) the updater can't know whether to pass the `--assign` flag.
[1]: '>' was used instead of the more usual ':' because WMF wikis have
many existing usernames containing colons.
Bug: T9240
Bug: T20209
Bug: T111605
Change-Id: I5401941c06102e8faa813910519d55482dff36cb
Depends-On: Ieae5d24f9098c1977447c50a8d4e2cab58a24d9f
Introduces a FirejailCommand class, which can be used to add additional
restrictions to a command, for increased security. For now, firejail
containment needs to be enabled on a per-command basis.
The following restrictions are implemented:
* NO_ROOT - disallows any root access, including via setuid binaries
* SECCOMP - block dangerous syscalls with seccomp
* PRIVATE_DEV - create a private /dev
* NO_NETWORK - deny all network access
* NO_EXECVE - block the execve syscall
A convenient Shell::RESTRICT_DEFAULT is equivalent to NO_ROOT | SECCOMP
| PRIVATE_DEV, with the expectation that more restrictions may be added
to it in the future.
In addition, specific paths can be whitelisted with
Command::whitelistPaths(). Any file/directory that isn't whitelisted in
that top level directory (e.g. /srv) won't exist inside the firejail.
$wgShellRestrictionMethod can be set to false for no restriction system,
'firejail' to explicitly use it, or 'autodetect' to autodetect whatever
system is available. In the future the default should be changed to
autodetection once firejail is tested more.
Bug: T173370
Change-Id: Id74df0dbba40e1e7c07c4368aacffb6eb06a17c5
This is a first pass at Latin/Cyrillic translitertion for Crimean
Tatar (crh).
Includes transliteration tables, prefix/suffix mappings, regex
mappings, and exceptions lists for words and abbreviations.
Regularize CRH language name in messages/* files.
Fix "varient" typos in qqq.json.
Add unit tests for CRH transliteration.
Bug: T23582
Change-Id: I424703f99adf837f6217872b882d1ea26bfdd068
This provides a narrow view on a user identity, providing access to
ID and name.
This has been extracted from I140f43a6fb443b for re-use with Actors,
on Anomie's request.
Change-Id: Ief00db5ce382537c5bf992159eae6baf096ae4be
Using a real HTML tokenizer fixes bugs when < or > appear in attribute
values. The old implementation used delimiterReplace(), which didn't
handle this case:
> print Sanitizer::stripAllTags( '<p data-foo="a<b>c">Hello</p>' );
c">Hello
We also can't use PHP's built-in strip_tags() because it doesn't handle
<?php and <? correctly:
> print strip_tags('1<span class="<?php">2</span>3');
1
> print strip_tags('1<span class="<?">2</span>3');
1
Bug: T179978
Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e
* Convert to use Maintenance
* Clean up
* I want to use the class name UserOptions for something else
so rename it.
Change-Id: Ic441087702376b1ca0e70554c71cdf7ecad908af
Refactor Installer::locateExecutableInDefaultPaths() into a separate
utility class, ExecutableFinder. This class is already used in plenty of
places outside of the installer, so it's ripe for being extracted.
This class is located in utils/ due to the dependency upon
Shell::command(). Once that no longer has a dependence upon MediaWiki,
this class can be moved to libs/ too.
Change-Id: I175465acc0d64f990445ce05fabcee8b88a0b259
Extensions with custom content models (e.g. ProofreadPage) will extend
EditPage to provide a customized editing experience. However when
another extension like TwoColConflict wants to change just how edit
conflicts look, this causes problems since only one class can take the
place of EditPage.
So instead, split most of the frontend code for edit conflicts into
TextConflictHelper, and call it from edit page. Extensions can override
with the instance created by calling
EditPage::setEditConflictHelperFactory().
And to make that split possible also move EditPage::addNewLineAtEnd()
and ::buildTextboxAttribs() into a separate TextboxBuilder class that
both EditPage and TextConflictHelper can use.
Bug: T176393
Change-Id: Ie415edd84329c02d5762477f8a171fced85b01a2
Blobs in the text table created by MediaWiki <1.5 running on PHP 4 had class
names coerced to lowercase. In order to succcessfully resolve these class
names, the autoloader creates a copy of the autoload class array with
lowercased keys, which is pretty inefficient. So instead, make sure the
auto-generated autoload map contains lowercase variants for these specific
classes.
Bug: T166759
Change-Id: I6d751ef516e936e04c056d70a1ecd17960a39ceb
This allows scheduling of updates that need to start their own
transaction round. Specifically for cases where the ability to
commit early is not enough (which is already possible via LBFactory
getEmptyTransactionTicket and commitAndWaitForReplication).
Change-Id: I0910587b61c8ddf825f91e92c2f93582cc7ebd80
This adds a maintenance script that removes all expired user group
entries from the user_groups table and adds them to the
user_former_groups table.
Bug: T176754
Change-Id: Ie0f4afd3dbecd3af42e89bb99cf03dbe03768d07
Throw DBQueryTimeoutError if a database query error is detected
to be a timeout.
Only DatabaseMysqlBase has been updated here.
This is a subclass of DBQueryError, so existing catch'es will work.
Bug: T175775
Change-Id: I4749dc33ad530d9b22504f02106b1ca49e8eb167
This function has gotten so unwieldy that a helper was
introduced. Instead, here's this class that makes
shelling out easier and more readable.
Example usage:
$result = Shell::command( 'shell command' )
->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] )
->limits( [ 'time' => 300 ] )
->execute();
$exitCode = $result->getExitCode();
$output = $result->getStdout();
This is a minimal change, so lots of stuff remains
unrefactored - I'd rather limit the scope of this commit.
A future improvement could be an ability to get stderr
separately from stdout.
Caveat: execution errors (proc_open is disabled/returned error) now
throw errors instead of returning a status code. wfShellExec() still
emulates this behavior though.
Competing commit: I7dccb2b67a4173a8a89b035e444fbda9102e4d0f
<legoktm> MaxSem: so you should continue working on your patch and I'll
probably refactor on top of it later after its merged :P
Change-Id: I8ac9858b80d7908cf7e7981d7e19d0fc9c2265c0
This works by using the new table introduced with T156318.
The only thing that differs from normal Special:Contribs is we are
showing the IP address next to each entry. This is it how it is
displayed if you request to see newbie contributions:
https://en.wikipedia.org/wiki/Special:Contributions?contribs=newbie
For the time being, Special:DeletedContributions does not support
IP ranges. Various other irrelevant links such as Uploads and Logs
are also hidden.
Refer to P4725 for a way to automate creation of edits by random
IPs in your dev environment.
IP::isValidBlock() has been deprecated with this dependent change:
https://gerrit.wikimedia.org/r/#/c/373165/
Bug: T163562
Change-Id: Ice1bdae3d16cf365da14c6df0e8d91d2b914e064
Allowing slashes in config key names allows us to trivially support the
proposed hierarchical structure with a single EtcdConfig object, by
fetching values with the relevant prefixes on startup.
Bug: T156924
Change-Id: Ica0914e61baba9c0462481925be15d79b66dc342
It's often forgotten because MySQL and Sqlite don't use it, the only
users are PostgreSQL and Oracle. And when used, if inserts to multiple
tables are being done it's easy to get the ordering wrong.
This patch reimplements DatabasePostgres::insertId() in terms of PG's
lastval() function, and adds triggers to the Oracle schema to make it
work the same as the other databases.
Bug: T164900
Change-Id: Ib308190c52673a9266c8495a589ae644f9fbefce
It hasn't been updated properly since 2006 so many fields aren't being
copied to the archive table. Tim suggests it'd be best to just delete it
and, if someone needs the ability to delete or revdel revisions from the
command line, properly abstract out the deletion code instead of
duplicating it.
Change-Id: I400b8ac30b31802e7dd9f6e4d0ec10918eba0183
