Change from linking of description to extra link behind the data. Also
reorder the code and language name to match the order on
Special:PageLanguage
Change-Id: I859df5d04c5d937fba55c309034a0350574b5af7
Just link the special page, when it is there, means checking
$wgContentHandlerUseDB
Change Title::quickUserCan to Title::userCan and pass a user object to
avoid a global..
Change some other places to use the local variable, instead of calling
the context source again.
Change-Id: I561899446235165fb77b626b55f35ce716d798c9
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
The main interface already has javascript enhancement to use
the API and mw.notify. This patch affects permalinks without
tokens, and opening the link without javascript.
This will match the current behaviour of action=watch.
Bug: T130946
Change-Id: I6be2c07824c17b165e068fc4ac36ab192e12bc9d
* Renamed mDoneWrites to be clearer at what type it is.
* Also cleaned up a few callers of this method
Change-Id: I45856b210c289c2e2f193cc4328a208e20b4e0a8
This will still clear the local DC parser cache and the CDN cache
in all DCs. Therefore, the next page views served by the local
DC will reflect the refreshed content, as will further GET/HEAD
requests by the client that issued the purge using GET/HEAD.
If the problem was imply a stale CDN cache entry, then all
DCs will be up-to-date. If the problem is stale parser cache,
then a proper POST purge request is required to refresh all DCs.
Bug: T92357
Change-Id: I9af12ca8cfff73298f404fd3e2dd4f546621c546
Linker::formatTemplates() was a static function that depended upon
global state like $wgLang (explicitly), $wgUser & $wgTitle (implicitly).
Moving it to a separate class allows us to clean it up a little bit and
use modern things like RequestContext and LinkRenderer.
Bug: T145177
Change-Id: Icdea8a2b299b4876feb3df3d66df3e4c104dd928
If the user is allowed to change the content model of the page,
then add a link to it on ?action=info, next to the localized content
model name.
Change-Id: I084e8f390f90d29ed2e2d0f8ab43bcdfe8538ad1
Fix regression from 9af38c046c, which made 'from' a required
non-empty parameter where previously an empty value was allowed.
The rollback links always include a 'from' parameter, but it is
set to an empty string by Revision::getUserText if the current
revision has its username hidden.
Test plan:
* Go to action=history, tick latest revision and "Change visibility".
* Tick "Editor's username" and apply the change.
* Hit "rollback" on the history page.
* Before: "missing parameter" error.
After: Success.
Bug: T141985
Change-Id: I20d23e2aeec858f82231910c030c14ffa3af656f
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
There are several reasons for this:
* The file thumbnail shown on the main file page is cached by the
browser, as images tend to be. This often confuses users into
thinking their revert did not work, and into attempting it again.
Recent examples:
* https://commons.wikimedia.org/wiki/Commons:Village_pump/Archive/2016/07#Wrong_SVG_rendering_on_File:DuckDuckGo_logo_and_wordmark.svg
* https://commons.wikimedia.org/w/index.php?title=Commons:Upload_help&oldid=205348523#Reversion_is_not_working_for_me.
Ideally we'd prevent the caching, but preventing repeated reverts
should also work.
* Refreshing the success page causes the revert to be attempted again
(T53383). The usual solution to this is the Post/Redirect/Get
pattern, but we want to show a success message so that would require
some more changes (something similar to the post-edit notification).
* It can serve as a "revert conflict" detection mechanism, crude but
better than none.
In the unlikely case that uploading an identical older version of
the file is necessary, it can still be done using Special:Upload.
Bug: T53383
Change-Id: I37e04a536c5c2fc6cdbe59f6f598bb0c7f25d7a7
* Follow-up to 8b141886ed
* The method is now called after the setCdnMaxage() call
in performAction.
* Allow any CDN urls for the title now, check $wgDebugToolbar,
and allows caching redirects. The multi-step redirect case does
not cache however, for simplicity.
* Removed now-unused code in Article that calculated $timestamp.
Change-Id: Ic4f4e3a79d7d386c2f15ca5b11dddf5c57ff9e9f
Ideally this never happens, but it can, so fail gracefully instead
of just throwing a 'call to a member function on non-object' message
Change-Id: Iac8be9c7994aa3e74ed3c0eecff211524037165e
For the index.php end point, POSTs do not need a token.
This avoids cross-DC writes in active/active DC setups and
avoids DB writes that can be caused by just accidentally
following a link.
There are no links to action=purge by default in MediaWiki.
User scripts that create purge links will continue to work.
However these links will now point to a confirmation form.
To preserve the immediate-purge-redirect effect, these
scripts should be updated to use the API instead.
Bug: T135170
Change-Id: I5749ff470d99c5e3f22e05ff6856394cc05a0f48
addedwatchtext and removedwatchtext uses the phrase "$1 and its discussion page".
As this is inaccurate on talk namespace pages, two new messages, addedwatchtext-talk
and removedwatchtext-talk, have been introduced for use in talk namespace pages.
Bug: T87856
Change-Id: Iafd86402d3a2a65ce2be007c87c981ac08f44e67
Since d629541076 the .updatedmarker element was styled via a JavaScript
module - which caused a flash of unstyled content on the history page
for most users, and was left unstyled for noscript users.
Bug: T137383
Change-Id: I362abacf51160a8305b2b0013f65e89deb2ffc93
Usernames are stored with spaces instead of underscores, so this was
causing exceptions later on when dbkeys were expected to be provided to
TitleValue.
Let Title take care of normalization from spaces format to underscores
in Title::makeTitle(), and pass that object onto LinkBatch instead.
Bug: T137147
Change-Id: Ia3606d30de61173e4d5526a9d7a77bd4b1710a05
This partially reverts commit 9af38c046c.
* The new JS modules continue to exist. While not used by default,
the mediawiki.api.rollback may be used elsewhere by now.
The mediawiki.page.rollback module may still be used on cached
pages and should continue to work.
* The new API behaviour remains.
* To avoid breaking mid-air rollbacks again, the token remains
the same (plain "rollback" salt). We're not re-introducing the
web-specific salt again.
Bug: T136375
Change-Id: Iba17ce55ff9506e838bfc6e70ca280e5a20b77b6
Similar to WatchAction (converted in commit 77cdf1919).
* Make FormAction::getFormFields not abstract.
In most cases this will just be an empty array.
* Convert RollbackAction from FormlessAction to FormAction and implement the
required error handling scenarios (mostly moved out of from the old method, or
duplicated from the WikiPage method where necessary).
* In most cases the in-between form is never used since a JavaScript handler
takes over the link and uses the API over AJAX instead. In the no-js fallback
(as well as for any existing tokenless rollback links) copy the GET parameters
into the form for re-submission as POST (plus token, added by HTMLForm).
* Remove the distinction between WebUI and API tokens. This stronger token salt made it
unnecessarily complex and was only there because it used GET until now. This streamlining of
tokens matches what we already do for 'watch', 'edit', 'patrol' and other actions.
* Fix form submission bugs when 'from' query parameter is missing.
- Ensure the required 'from' query parameter is present before showing a form.
No need for the user to submit a form we know will fail.
- Plain GET request to action=rollback (with no parameters) is now a 400 Bad Request
instead of a form that would fail when submitted.
- Submitting the form without 'form' field now correctly says why it failed.
Previously it emitted a session error, which was a lie.
Bug: T88044
Change-Id: Ia457802fec2e90573c8e7d552bc1f3cee258f10b
This avoids edge cases where the user isn't logged in but we still need
varying for proper cache behavior.
Bug: T125283
Change-Id: I43cde3a48371e62a16bda1291b1b51986e60fe4c
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
When no action is given, e.g. in
https://en.wikipedia.org/wiki/URL
the action defaults to "view". Just like you called
https://en.wikipedia.org/wiki/URL?action=view
But when the action is empty, e.g.
https://en.wikipedia.org/wiki/URL?action=
you get an error message telling you that "the action specified"
can not be "recognized". Wait, I did not "specified" an action.
That's why I left the parameter empty. From the users point of
view I expect the empty string to behave like null/undefined.
This is a resubmit of I331924d without the problematic bits.
Change-Id: I07847600bb24ae078276acf98e6eb244039414d7
Show the "no such action" error message instead.
Normally I wouldn't favor putting this in here, but it's way
too easy to register a missing class by accident, see my rant
on T107921#2128080.
Bug: T107921
Change-Id: I56da8a5810cae3547a0c8f2d3f435dfd790fbeaf
This way the messages are generated in the correct language instead
of relying on the user language from global context.
This should ideally become a non-static method at some point,
but currently there currently many out-of-class callers.
Change-Id: Ifb1756c1a3bddc717387ed66a58dedd4c1a7dab9
This also removes assumptions that when a page
in one Namespace should be watched / removed
that the page in the talk / subject ns for the
page should have the same action applied
This should maintain all backward compatability
for the WatchedItem class
This also includes tests written by:
- WMDE-leszek
- Addshore
Bug: T127956
Change-Id: Iad9abafe4417bb479151a3bfbee6e1c78a3afe3c
This breaks out the toggle checkbox code into a separate class in
includes/ListToggle.php
Bug: T92230
Change-Id: I8d1aefb83008053e63d59abf8b8915b93e15fcc2
Using IContextSource avoids the use of $wgLang and wfMessage which make
use of global $wgTtle.
Add IContextSource as parameter to ChangeTags::formatSummaryRow to avoid
globals. Define an IContextSource instance in all functions which
reference ChangeTags::formatSummaryRow and pass it in ChangeTags::formatSummaryRow
function call.
Also make the default value of IContextSource $context as null in
parameter, to avoid breaking changes for old callers in extensions.
Document default null value of IContextSource and add a @note to prefer
IContextSource over null value.
Remove trailing whitespace, and make code order according to parameter
order.
Bug: T105648
Change-Id: Ib54a6a96b73f6cd8fcdf8e520db2448a1e811cfa
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
The "return to" guess of the patrol action for non-JS users now also
checks uploads, and in that case let users return to Special:NewFiles.
Change-Id: Ib8e472c16b7034524ef3b79a5eb426f7edda6ec2
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
The next revision in the page history isn't necessarily the previous
revision (due to selective undeletions, history merges, etc). This
passes the next revision to HistoryRevisionTools so extensions can check
if needed. Also, it passes the user to this hook and DiffRevisionTools
to avoid use of wgUser or having to retrieve context.
Change-Id: Ibc68f19040eebe3614e07f753f26bbfd376ae28d
* This gets lag information that is useful when
the calling code is about to run queries that
will have their results cached.
* This is now used in place of trxTimestamp() for
WANObjectCache set() and getWithSetCallback().
* The WAN cache will use a low TTL if the lag is
too high to avoid caching stale data for weeks.
* Bumped MAX_COMMIT_DELAY as nothing enforces it.
Bug: T113204
Change-Id: I2a95b4088cff42d6e980351555f81a4b13519e24
* Make FormAction::getFormFields not abstract. In most cases this will just
be an empty array. This is in prep for RollbackAction as well.
* Remove redundant show() in WatchAction. This used to do custom stuff,
but after 77cdf1919 it does exactly the same as the parent FormAction::show.
* Don't add 'redirectparams' hidden field if there were no custom query parameters
(e.g. plain index.php?title=..&action=..)
Change-Id: Ia7f9bb0367c49a23179e9fefa9f529fa8aef8f52
The GET variant was already rarely used because our frontend enchances these links
with a click handler that uses AJAX to make a POST request to the API.
The index.php url, nor its token, were used for the majority of users.
Simplify this by stripping the 'token' query from these urls and requiring a POST
request for index.php?action=watch and unwatch.
* FormAction: Actually set a proper '<form action>' instead of letting HTMLForm
default to a confusing title path (e.g. /wiki/Pagename). Article path should
not be used for POST requests.
* WatchAction: Group all FormAction-related methods together.
* WatchAction: Make token consistent with other actions now that it is POST-only
(no "stronger" salt containing the page title).
* Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax.
* WatchAction: If accessed over GET directly (e.g. for users without javascript)
display a confirmation form that submits the token. Similar to PurgeAction.
Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
* The random I/O due to secondary lookups causes timeouts on
larges pages that keep showing up in the logs.
Change-Id: I9bddcd3ba9ad5ff2f26ccec4553906ecc4a8129b
MWTimestamp::getTimezoneString() returns the timezone name as a message,
that supports wiki localization. The code is moved from Parser::pstPass2.
The default file revert message is currently always in UTC.
This patch sets the default timestamp to be in the wiki timezone (similar
to ~~~~). The timezone is passed as a new parameter to the message, with
the date / time parameters being merged and handled by
$wgContentLang->timeanddate
Bug: T36948
Change-Id: I48772f5f3b1635d33b6185776cedfc4ee1882494
* Potentially long running POST requests often use multiple transactions,
talk to multiple services, or defer updates. Try to make sure they have
a chance to complete all of the work. WMF already sets ignore_user_abort()
across the board in config, but this applies it to key spots for all
installs, in addition to bumping the time limit.
* Eventually this can lower the need for high overall time limits.
Bug: T102890
Change-Id: I893ddd773064dcd63b5b24c84c6391974f4b5aee
We just saved the page, so we know the revision id. Pass it on to
InfoAction::invalidateCache() so it doesn't have to be looked up again.
Follows-up 0452855044.
Change-Id: I990c0da09fae94f403f3550069036d3f208090a6
No behavioural change, but makes the code easier to understand.
It was somewhat all scattered.
* Remove outdated comment about 24 hours.
- ForcedRawSMaxage defaults to 5 minutes.
- SquidMaxage defaults to 5 hours (wmf-config: 31 days).
Change-Id: I7f3b67780ba9e8c024dcbd68772495b91abb2d01
Followup to 09a21c4af8
Now with `|| $user->isAllowed( 'unwatchedpages' )` we can enter
line 337 without having any count to show.
Change-Id: I6826e1c59899d2c8cbbc6d079874d0d583f8783a
Proposed threshold to be considered an "active" watcher:
two times $wgRCMaxAge, configurable with the new
configuration setting $wgWatchersMaxAge.
The information is not displayed when the number given would
be 1 or 0, so that the number (or absence thereof) doesn't
"disclose" that the page is (potentially) unpatrolled or
completely unwatched and hence easier to vandalise.
Configurable with $wgUnwatchedPageSecret too.
Also, we don't display this row at all when the user doesn't
have the right to see the count of total watchers.
Bug: T51506
Change-Id: I10d294a339b131eee94839ed7088ab20d746d881
The info page of a page with {{DEFAULTSORT:0}} shows the page title
as default sort value.
Using empty() will consider the string '0' to be false, so use isset() instead.
Bug: T103745
Change-Id: I56ea5a38dcd33e822e0fc5b8685777fe1d212b22
