Some less trivial cases. Also update variable names.
This doesn't really change anything, but I hope it helps promote
getConnectionProvider() as the common way to do this.
Follow-up to 8604c384f6.
Change-Id: I6657d783375fac5c7fa856b884ff1fb09285e94c
This creates a new language code, 'x-xss', which is enabled using the
setting $wgUseXssLanguage (similar to how $wgUsePigLatinVariant enables
the 'en-x-piglatin' language code, and likewise defaults to false; will
be enabled in development settings soon).
In this language code, all messages become “malicious”, trying to run
some alert() JavaScript; if any alert() actually fires in the browser,
the message was not escaped properly. ($wgRawHtmlMessages are exempt,
since they’re already known to be “unsafe” and require more rights to
edit on-wiki.) Messages that are not escaped properly are generally a
minor security issue; they effectively let a user with 'editinterface'
right (such as a sysop, on many wikis) run arbitrary JS, without needing
the 'editsitejs' right (normally restricted to interface admins).
Developers can use this language code to more easily check their code
for escaping issues / cross-site scripting vulnerabilities.
Bug: T340201
Change-Id: Ia9a1cf712b139fea5da72046e37035e6de39d8d5
editPage() converts strings to Title object, but parsing title is
expensive. When a title object already exists, reuse this object to
avoid this in the test run.
Also avoids that a NS_MAIN get reparsed as NS_CATEGORY in
CategoryChangesAsRdfTest
Bug: T225730
Change-Id: I6be4f34bb7fa9789c7eee111317bffe60e34227c
Using a helper object instead of a trait allows for dependency
injection through PageRestHelperFactory. This will make it easier to add
language variant redirects in the next step.
Change-Id: I1d4f26c380797e28e1b97051400bb9b1301b89ab
This continues the work in the child patch to replace callers
of setMwGlobals() with the appropriate method. Directory this
patch covers is `tests/phpunit/integration/`.
Change-Id: I0a9abf0d2a43587f2ffa029b68024a1ba5165fc7
Move MockTitleTrait::makeMockTitleCodec to DummyServicesTrait, and
replace the two existing uses, which are in core. Add some new
uses instead of mocking each time.
Unfortunately, we cannot use an actual MediaWikiTitleCodec
for the tests in BadFileLookup, because those tests are unit tests
and a MalformedTitleException cannot be created in the context
of a unit test. BadFileLookupTest gets around this by using
a mock that throws a mock exception - add a comment inline
explaining why we cannot use a real MediaWikiTitleCodec.
Paired with adding of NamespaceInfo to make mocking the language
methods related to namespaces easier by matching the real
logic in the Language class to the extend possible. Update a few
tests to use the DummyServicesTrait for their NamespaceInfo services.
Change-Id: Ibd691ccf0e632e1bf0bc1f7e9ddc0c660d5cad32
The functionality of creating title mocks is generally useful
and this will also allow to make HandlerTestTrait more narrow.
Bug: T264058
Change-Id: I76eca48dfcff65a6203fccde5366912a2d66c495
Mutating the interwiki table invalidates the Title codec and in
general leads to a bunch of complications. Easier to just use the
`wgInterwikiCache` mechanism, as a lot of other phpunit tests do.
Bug: T271287
Change-Id: Id1899a89ae6b55e7032befe73990d215370828d8
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
