* Remove redundant file-level description and ensure the class desc
and ingroup tag are on the class block instead.
Ref https://gerrit.wikimedia.org/r/q/owner:Krinkle+message:ingroup
* Widen `@covers` annotations in unit tests.
Ref https://gerrit.wikimedia.org/r/q/owner:krinkle+is:merged+message:covers
* Create "Debug" documentation group, covering the debug/ directory.
This will show up on doc.wikimedia.org under "Modules", where
each class is listed, and the class page will also link back to
the group as part of its breadcrumb navigation.
Test with `php maintenance/mwdocgen.php --file docs/,includes/debug/`
and then view /w/docs/html/
* Improve docs of various classes and explain relationships better.
In particular, reformat to ensure each class has a oneline
description that captures its essential function.
Change-Id: I5d1143a9244b7fd888e1dc31f0fd7965272aa900
This creates a new language code, 'x-xss', which is enabled using the
setting $wgUseXssLanguage (similar to how $wgUsePigLatinVariant enables
the 'en-x-piglatin' language code, and likewise defaults to false; will
be enabled in development settings soon).
In this language code, all messages become “malicious”, trying to run
some alert() JavaScript; if any alert() actually fires in the browser,
the message was not escaped properly. ($wgRawHtmlMessages are exempt,
since they’re already known to be “unsafe” and require more rights to
edit on-wiki.) Messages that are not escaped properly are generally a
minor security issue; they effectively let a user with 'editinterface'
right (such as a sysop, on many wikis) run arbitrary JS, without needing
the 'editsitejs' right (normally restricted to interface admins).
Developers can use this language code to more easily check their code
for escaping issues / cross-site scripting vulnerabilities.
Bug: T340201
Change-Id: Ia9a1cf712b139fea5da72046e37035e6de39d8d5
Disabled by default in WMF production, and currently enabled on
www.mediawiki.org and other group0 wikis.
To gain exposure through WMF CI and to provides its value immediately
to local development, enable it in MW core also.
If issues come up prior to 1.41.0, we can switch this back off,
and instead enable it in DevelopmentSettings.php to limit it to CI
and local dev.
Bug: T47514
Change-Id: I0cb58631b465bbd32ce70f9daae039d420d6bb3d
The use of Article::getRedirectHeaderHtml() has been discouraged for a
while, since WikitextContentHandler can (should) be used to insert the
redirect header. Further, since I20db09619999919bfeda997d79561d21e3bf8718
the header should be added as an extension data property instead of
directly concatenated to the HTML. Regardless, this functionality
logically should live in LinkRenderer.
Change-Id: I4d0de0e72473ae039dca420a2733bc746d8c2951
Follows-Up: I3d01ab5467d1cf496d144781ef57a221b1476347
doc: Make extension.schema.v2.json a valid JSON schema.
The following validation errors have been fixed:
* The required validation keyword must be an array.
* Remove trailing commas
* Remove improper use of "".
Change-Id: I5f0dc8b2ab51c999f7ad3a827c66dbdc08113313
ParserOutput::addOutputHook() has been deprecated since 1.38, and without
any calls to ::addOutputHook() the associated ::getOutputHooks() and
$wgParserOutputHooks configuration do nothing.
Bug: T292321
Bug: T305161
Change-Id: Ib770c680d5e0697980e7e36a323ec56ba1d806b8
Why:
Temporary accounts introduced as part of IP Masking are supposed
to expire 1 year after their registration. Accounts can have
multiple registration timestamps when in a wiki-farm setup,
depending on which wiki we consult.
To implement the account expiration logic, we need to know the global
(first) registration timestamp.
Similar to CentralIdLookup, a concept of a registration date
provider is introduced. Unlike IDs, users can have multiple
kinds of registration dates (Wikimedia recognizes local and global,
but third parties can have different needs). For that reason,
any number of registration providers can be registered at any
given time; caller determines which one is requested. The default
is `local`, which is the only provider that is guaranteed to exist.
What:
* Add UserRegistrationLookup
* Add UserRegistrationProviders config variable
Bug: T344694
Change-Id: If9fa12a392064dd504590a861a175e3604a34fab
In order to check all existing rate limits through Authority, the limit
keys must function as user rights. However, we do not want them to be
"normal" permissions, since they cannot sensibly be revoked, and they
should not clutter the user interface.
To solve this, we introduce the concept of "implicit rights", which are
always granted, but limitable.
Change-Id: I0ea6f29130da1d68d022d47d9221fe878bc9beae
This setting can be used to optimize externallinks queries for certain
domains that have many entries in the externallinks table, but also big
“gaps” where the table contains no entries for that domain. By putting
those gaps (whose el_id values would usually have been obtained on the
analytics databases) into the configuration, we can have MediaWiki tell
the database to skip those ranges of the table instead of scanning
through them. (This is only relevant for domains that have enough
entries that the database chooses to scan the table in primary key order
rather than using the el_to_domain_index_to_path index and filesorting.)
Bug: T341000
Change-Id: Iec4fe01aaa595fbaf3b427b7baa68a9d7209b117
Follows-up 7c2c016e46 (I086e275148). This separates the link from
the response such that when it gets copied elsewhere, hosted elsewhere,
saved offline, proxied, archived, or otherwise served from a different
place or with different content; the header is most likely naturally
not copied along.
This is based on upstream experience by the jQuery Team where e.g.
distributions of jQuery, or concatenations, etc would lead to
confusing errors or inability to see any source in the devtools.
In the Wikimedia community we two similar use cases:
1. people sometimes copy load.php responses to a wiki page, e.g.
as a way to "distribute" a ResoureLoader-built gadget or to
fork/debug some core code.
2. the Internet Archive stores copies of our responses, but doesn't
proactively download source map links.
For example, archiving
https://people.wikimedia.org/~krinkle/wikimedia-minify-2.5.0-test-sourcemap/combine.html
results in:
> … /~krinkle/wikimedia-minify-2.5.0-test-sourcemap/combine.html
> … /~krinkle/wikimedia-minify-2.5.0-test-sourcemap/combine.min.js
> Archived at
> http://web.archive.org/web/20230905211332/https://people.wikimedia.org/~krinkle/wikimedia-minify-2.5.0-test-sourcemap/combine.html
Bug: T47514
Change-Id: I3e85c2afb107ce1185651ab038379e4abe87a445
Already dropped from production
Also dropping FixExtLinksProtocolRelative as it's not useful anymore and
it has been run in previous releases so it's not worth fixing.
Bug: T312666
Change-Id: I1dd6e704b34e685ada6e316da11243d10827d769
This moves the core part of wfGetPrivilegedGroups() out of Wikimedia
config and makes it possible to move functionality built on it into
core.
Bug: T208477
Change-Id: I6536ef2909caeed047447e8b6a25831d6f00d827
Building blocks of CP don't really need to depend on LBF. Even the
config value for CP stash type is also different. But it's being passed
around along the rest of LB/LBF config and possibly down to the DB
object.
This is making the code much harder to understand, adds more coupling
than it needs to, and it's making pieces that don't need to rely on LFB
(like load.php) actually depend on LBF just to disable CP.
This clean up also helps improving DI of LB/LBF and building of DB
objects down the road.
Bug: T275713
Change-Id: Ic27269a1f1190ee7a03c6a422ada7ff293c3cab1
In the debugger of Firefox and Chrome, without any special debug mode,
you will be able to see the original unminified JavaScript source, and
to set breakpoints in it and step through it.
Main visible changes:
* Add a config variable controlling the generation of source map links,
off by default for now.
* For script responses, move errors to the bottom of the response. This
avoids disturbing the source map.
* mw.loader.impl() calls will have less whitespace in debug mode,
because minification is no longer done as a post-processing step on
these calls.
Details:
* Use an index map when multiple responses are requested. This requires
an update to the minify library.
* Add a boolean "sourcemap" query parameter which causes load.php to
deliver source map output instead of regular minified content.
* Bundle sources into the source map and use two kinds of fake URL if a
real debug URL is not available. "Open in new tab" on a fake URL is
not functional.
* In the source map mode, respond with 404 if the version is mismatched
or if the content type is unimplemented.
* Fix createLoaderURL() so that $extraQuery is not ignored when there
are conflicting context parameters, so that we can successfully
override the version. The source map version should match the
delivered content, not the requested version.
* Since minification with source map tracking can't use filter(),
add a new cache for module source maps and minification. Add hit rate
stats.
Also:
* Fix unnecessary array_map() in getCombinedVersion()
Bug: T47514
Change-Id: I086e275148fdcac89f67a2fa0466d0dc063a17af
Mark as deprecated now that it's false by default and deployed as such,
so that we can remove all the dead paths in a future version.
Bug: T314318
Change-Id: If514d058cc92408c67ffb7625e47f224bb510838
Move parts of implementation code comments into something that is
discoverable and understable to a general audience of MW core and skin
developers (not hidden in code mostly seen by maintainers
and contributors to ResourceLoader internals).
Most notably, that the system is turned off by default (and how to
turn it on), that it is limited to requests by unregistered users,
and that the class must follow a certain pattern.
$wgResourceLoaderClientPreferences is removed as part of this.
This is not considered a breaking change as the feature is now
automatically on in the skins needs it (via skin.json), and previously
it was marked experimental and off by default.
Skins are naturally required to have knowledge of this system, as they
need to call into it to persist classes for feature toggles. By removing
the need to also enable it at the site-level we get a few benefits:
1) make skins like Vector easier to correctly install and configure.
2) ease maintenance for skin devs by removing the need to manually
export and check $wgResourceLoaderClientPreferences before calling
mw.user.clientPrefs or otherwise hinting in UI or docs that the
feature persists when it might not be turned on on a given MW site
or WMF wiki.
3) ease browser testing in CI.
Bug: T344069
Depends-On: If9b83dd559cda2dac315afcb65a4761b9e97f319
Change-Id: Ib0b5ee29ec7accb7b291830d2ab6566fe4f4c0c5
The global variable AjaxUploadDestCheck is deprecated and unused since
6c4ac7ddc5 included in MediaWiki 1.38.
Bug: T291375
Change-Id: Ie406adb97bf323cc54041aca2b0204db8b4da859
I think we should set it back to optional since this affected XML
dumps generated after the schema ver 0.11 was published.
We can change it to non-optional in the next version if necessary,
with the exporter fixed.
Bug: T343622
Change-Id: Ic12b7c573a9fc8dc390a74dae694ff6eca3d0604
Instead of replacing isRegistered with isNamed
in the watchlist component, (re)assign the watchlist
rights (`editmywatchlist` and `viewmywatchlist`) to
the `user` group, instead of `*`. This should hide
watchlist-related interface from temp accounts, as
those are not a member of the `user` group.
isRegistered() is kept in watchlist, as technically,
any user with an ID could have a watchlist (it is now
a matter of rights / product decision, rather than
technological reasons).
This patch partially reverts
Ib935fc04387100f25cafd75c632ac5ae7114d5d5.
This is an alternative to Ifeedbbfb520ec26680134279bd44fec98754d897.
What is left is to change the "User registration"
filters to match expectations for temp. accounts
(to be done in a follow-up patch; see T343322).
Bug: T341976
Change-Id: I1ccda3878a658d4251429ae65ebee04c09d81243
The "nonce" CSP feature has been never been properly tested and is not
on track to be enabled at WMF or in MW by default. The use of
nonce-protected eval is not particularly meaningful. It is trivially
bypassed by mw.loader.implement, mw.loader.store, or importScript();
all of which allow any code to be executed directly, or to be stored
and loaded from a first-party origin.
The "nonce" feature is not required for the T208188 roadmap, and with
change I51b8535b2b21a3 there is now also a (small) performance reason
to keep this disabled long-term.
Until and unless there is a plan for enabling this particular aspect
of CSP, we might as well remove it so that we don't waste time our
time building abstraction layers and satisfying dependency injection
through many years for something that might never be used.
Note that this does not remove CSP support from ResourceLoader, and
does not take away from the future of enabling CSP in MediaWiki to
e.g. strictly block third-party scripts, or to require domains to
opt-in by site config or user pref (T208188).
Change-Id: I5a176c41a06a484a11e64bdacdc42b40811fe72e
This test was not being run because the docs directory wasn't included
in the PHPUnit XML config files. As a direct consequence, the test was
extremely broken: it used the non-namespaced DumpTestCase class which no
longer exists, it referenced XML files with the wrong path, and then the
test had other non-error failures to fix.
Change-Id: I188cbb1de68d39c7a484d4c6f808678af80d11ab
Introduce a Telemetry singleton for propagating `tracestate` and
`traceheaders` during a MW web request. This class allows for easier
testing and mocking.
In the future we might use this as a wrapper for OpenTelemetry.
Bug: T320559
Change-Id: I3e5e54afa21f8c099877b3765c769f2d2f8f5d61
The following validation errors have been fixed:
* The "required" validation keyword must be an array.
* Remove trailing commas
* Remove improper use of "$ref".
Change-Id: I3d01ab5467d1cf496d144781ef57a221b1476347
In https://gerrit.wikimedia.org/r/c/mediawiki/core/+/745386 and
https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/ASODV6622T4YUAY3JO5ZVBL3B5ZQDX2U/
a compelling case is made that we can drop $wgLegalTitleChars as a
configuration option. Extension::TitleBlacklist or, in the near
future, Extension:AbuseFilter can be used to restrict the character
set for those who still have that need.
Similarly, it doesn't seem compelling to make IllegalFileChars
configurable; probably most libraries don't even realize that the
set of legal title characters after a `File:` prefix is different
from the set of legal title characters, and of those that actually
implement this, probably no one is actually respecting a reconfigured
value for $wgIllegalFileChars, because it's not even exported in
siteinfo.
A patch to remove the configurability will land later (probably based
on I70b60ca548e36c676da90553ad8684507096bb28) but for now let's just
announce our intention to fix the set of legal title/file characters
for all wikis and let that ride out into the world in our next
release.
Bug: T297340
Change-Id: If48257ff6e800451b992ed0748abc878fa5e16d3
The current documentation is referring to the deprecated $wgExtensionCredits
extension.schema.v2.json and additional it is confusing, if not wrong.
Change-Id: Ie361bcf2f3fe874c33a29bbd8e9e9540e0e2d972
This adds the core parts of the feature with only the minimum
possible functionality: saving while editing; restoring
when an edit form is re-opened; and deleting (on saving etc.).
Bug: T341844
Change-Id: Ie556a7c981c68e8fe98deba8bf7995bf6c27ecd3
* Add an API-only user preference for diff type
* Retain query parameter stickiness but fix it so that the diff-type
from user preferences does not leak into the query string. So the
no-JS control continues to work. If a no-JS user has the inline
preference set, respect it on the initial load, but add an explicit
diff-type=table to the query string of the table link so that the
preference can be overridden.
* Get the diff type from the initial state of the no-JS button. Infuse
the widget to access the active property using the OOUI public API.
* For a logged-in user, when the JS toggle is clicked, fetch the new
diff body and update the user preference.
* For an anonymous user, when the JS toggle is clicked, update the
prev/next links to include the correct diff-type query parameter.
Bug: T336713
Change-Id: Ie409d79ac8222dfa6ec8fd170b76be088be80b3a
It was so close already, it seemed like an effort was being made.
Unfortuately it is not possible to use @phpcs-require-sorted-array
since it breaks ReflectionClassConstant::getDocComment().
Change-Id: I296bb333a49adc973f65b094b727edf7f6143ba1
These two messages were marked as RawHtmlMessages, but didn't have
any raw HTML, and so it was unnecessary to mark them as such. Instead
make sure they are parsed properly where they are used to avoid any
potential XSS exploits.
There is an override for one of these messages in WikimediaMessages,
and that override used to use raw HTML in order to get target="_blank"
on a link. This adds that functionality to this part of the code
instead, allowing that message to be parsed as normal wikitext
instead.
Bug: T204470
Depends-On: I075bc904a40b3ea224fa44f9627814e3f9cab051
Change-Id: I67922005288cf3fe2da43d92d49de54f88e98926
Since the default for wgParserEnableLegacyMediaDOM is now `false`, this
config will also be set to `false` and wikis can enable it while it's
still necessary.
The plan will be to gradually roll this change out, as was done for
wgParserEnableLegacyMediaDOM, to develop a migration path for templates
and extensions that mimic the legacy media output.
We can start on officewiki.
Bug: T318433
Change-Id: I70e537b2beb99de9a41e7dc66a0d60a508009887
As a first pass, inject various services into the job as this is
now supported by JobFactory.
The second pass will have to survey callers of fixRedirects() and
pass in various services that would be used in the static method.
Also, we need to do same for getFinalDestination() which needs a
DBLoadBalancerFactory service.
Bug: T265942
Change-Id: If61a32b6ce32dc934533603a0e99414ab5771909
Add a switch that allows toggling between inline and two-column format
when Wikidiff2 is installed.
Inline toggle should also support no-JS toggling
The legend should toggle when switching from table to inline after the
first load.
Introduced a temporary feature flag to show this inline toggle so that
we can merge and easily continue the improvements. It will be removed
when ready for production.
Bug: T336712
Bug: T330229
Change-Id: Ie6a48e495f2bb299d8b984e7c40363d534c7915b
- Update the count of HookRunner (since d04f0409)
- Hooks::runner() is deprecated (f452ffe9), should be removed from doc
- hooks.txt is a stub only, history are still in git if needed
Change-Id: I483f249a20853a42767646dc91f50e6187c51c7f
This was a temporary flag to allow setting the migration stage for a
comment migration with a temp table.
Since the rev_comment_id migration is done, this is no longer needed.
Dropping the compatibility code for temp tables will be done in
follow-ups.
Bug: T299954
Change-Id: I290a74f27b05cd7e062dda78766911ffe3053d08
- [x] Add Wikimedia Icons to project
- [x] Fetch Interwiki icons if they exist
- [x] Fallback to previous functionality for icons not available in OOUI
- [x] Create config to override icons
Bug: T315269
Change-Id: I5d904e467a978847bbc9af65fdba1ef729068993
Add wgSVGNativeRendering to allow clientside rendering of SVG files
Default is false. When enabled with true, will serve ALL SVG files
as is to the browser.
When set to the string 'partial' it will conditionally serve SVG
files based on criteria. Currently it will force PNG rasterization
for translated SVGs and for SVGs over wgSVGNativeRenderingSizeLimit
wgSVGNativeRenderingSizeLimit is a byte size limit to avoid larger
SVG files (potentially much bigger than a PNG) from being served
directly to browser.
Native SVG rendering does not provide PNG fallback. SVG support in
browsers has evolved far enough that this should rarely be a problem.
Bug: T208578
Change-Id: I9647fdd72f868c821eb20f67b239826f23655a1c
To implement source maps, we want FileModule::getScript() to return
an array with path information, but that would break subclasses of
FileModule which concatenate to the return value of parent::getScript().
So allow scripts to be generated by a callback, eliminating the need for
concatenation in subclasses.
* Factor out most of the loop body of expandPackageFiles() into
expandFileInfo(). Add 'name' to the return value. Ensure 'filePath'
is always a FilePath object since we need that to safely return it
to ResourceLoader later. Document the return value.
* Make sure the base path is always set in FilePath objects returned by
expandFileInfo().
* Factor out the loop body of the final stage of file info expansion
into readFileInfo(). Retain filePath, do not unset it.
* Assert that $fileInfo['content'] is definitely set.
* Convert array_map() in getDefinitionSummary() to a loop.
* Migrate LanguageDataModule.
Bug: T47514
Change-Id: I97d61b5793159cea365740e0563f7b733e0f16de
Add an extension/skin attribute and a command line option for
manageForeignResources.php, for management of an extension's or
skin's foreign resources. This is less clumsy and more
introspectable than each extension/skin creating its own copy
of manageForeignResources.php.
Bug: T330508
Change-Id: I5df95ea4799d0efce60b58a35cb916c8e0f555b0
The UA sniffs that overrode the feature tests are no longer needed.
* MSIE 10: Fine, rejected by feature checks.
* UC Mini "Speed Mode": Redundant, the version that this sniff
matched is pre-ES6. Current versions of UC Mini don't appear to
support enabling "Speed Mode" on random websites nor does it offer
it for Wikipedia specifically.
Details at https://phabricator.wikimedia.org/T178356#8740573.
* Google Web Light: Redundant, shutdown as of 2022.
Any references or extensions that still reach the proxy, get
redirected to our online URLs
https://googleweblight.com/?lite_url=https://en.m.wikipedia.org/wiki/Bananahttps://phabricator.wikimedia.org/T152602https://en.wikipedia.org/wiki/Google_Web_Light
* MeeGo: Redundant, discontinued and presumed rejected.
Either way, unsupported.
* Opera Mini: Fine, rejected by checks.
Details at https://phabricator.wikimedia.org/T178356#8740573.
* Ovi Browser: Redundant, discontinued and presumed rejected.
Either way, unsupported.
* Google Glass: Improve UX (since 2013, T58008).
* NetFront: Redundant. Old versions are presumed rejected.
Current versions are Chromium-based and presumed fine.
The exclusion was not UX based, but due to jQuery explicitly not
supporting it in 2013. This is no longer the case, so we can let
the feature test lead the way here.
* PlayStation: Redundant, same story as NetFront.
The version that matched the sniff is presumed rejected.
Current versions probably fine, but even not, don't match
our sniff so are already enabled today.
Bug: T178356
Change-Id: Ib6263ce3ffd11af5e501de8857f3e48a248c6210
This is an initial quick-and-dirty implementation. The
ParsoidParser class will eventually inherit from \Parser,
but this is an initial placeholder to unblock other Parsoid
read views work.
Currently Parsoid does not fully implement all the ParserOutput
metadata set by the legacy parser, but we're working on it.
This patch also addresses T300325 by ensuring the the Page HTML
APIs use ParserOutput::getRawText(), which will return the entire
Parsoid HTML document without post-processing. This is what
the Parsoid team refers to as "edit mode" HTML. The
ParserOutput::getText() method returns only the <body> contents
of the HTML, and applies several transformations, including
inserting Table of Contents and style deduplication; this is
the "read views" flavor of the Parsoid HTML.
We need to be careful of the interaction of the `useParsoid` flag with
the ParserCacheMetadata. Effectively `useParsoid` should *always* be
marked as "used" or else the ParserCache will assume its value doesn't
matter and will serve legacy content for parsoid requests and
vice-versa. T330677 is a follow up to address this more thoroughly by
splitting the parser cache in ParserOutputAccess; the stop gap in this
patch is fragile and, because it doesn't fork the ParserCacheMetadata
cache, may corrupt the ParserCacheMetadata in the case when Parsoid
and the legacy parser consult different sets of options to render a
page.
Bug: T300191
Bug: T330677
Bug: T300325
Change-Id: Ica09a4284c00d7917f8b6249e946232b2fb38011
The 7% increase in css shipped is because of styles added for the
content-media feature, without dropping content-thumbnail. This is
noted in T297984#8525146
Getting rid of content-thumbnail won't be possible until templates and
extensions that mimic the parser output have been migrated, which is
being worked on in T318433.
Bug: T314318
Bug: T297984
Bug: T318433
Depends-On: Ib54b49d546423dd1b4416c82585bbb686950b29c
Change-Id: Ic587b1b9b8d22f3aef38e8823613815faaa09d9d
Split concepts of "match pattern" and "reserved pattern". Add config
"reservedPattern" which specifies a username pattern to be denied for
creation, but unlike matchPattern, it does not immediately flag all
accounts with such names as temp accounts. This can be used before
migration or after rollback to safely prevent creation of conflicting
accounts.
* Add TempUserConfig::isTempName(), which does what isReservedName()
previously did, i.e. determines if a name is a temp username.
* Make TempUserConfig::isReservedName() return true if the name matches
either the match pattern or the reserved pattern.
* UserNameUtils::isTemp() continues to determine whether a username is
actually a temp username.
* Add UserNameUtils::isTempReserved() as a proxy for
TempUserConfig::isReservedName()
Bug: T307064
Change-Id: I26755731fad89530a06824181106cd7b4e077d9e
* Use IConnectionProvider
* Inject services into the job
* Use JobSpecification to avoid unnecessary service construction
Bug: T27482
Change-Id: I75ac8c53b874742a3a54526692767d0f549e5259
We always wrap the local cluster cache, and there are no subclasses
of WANObjectCache. It was never documented or recommended how these
would be used. It is a left-over from the original 2015 Multi-DC plan
in which WANObjectCache would work differently. See task for details.
Note that this requires no configuration changes, even in the
theoretical case of these variables being used, as the only
option is to use the main cache, and that's also the default.
* Update WAN overrides to override the underlying main cache
instead.
* Fix EditPageTest which was previously implicitly using a 'hash'
as main cache but also relying on wan cache to be 'none'.
The part that it actually needs is the 'none'. When WAN cache is
enabled, testUpdateNoMinor fails due to an edit conflict because
one of the edits it makes is made with a current timestamp whereas
it expects to simulate wpEdittime in the year 2012 which, when
caching is enabled, is ignored and becomes the current time instead.
I don't understand exactly why, but I'm going to conserve that
behaviour for now.
* Fix TemplateCategoriesTest, which was failing due to an unexpected
cache hit:
> [objectcache] fetchOrRegenerate(…:page:10:…): volatile hit
This could be solved in a more realistic way by splitting the test,
or by explicitly resetting services half-way the test to clear
WikiPageFactory, PageStore and WANCache process state.
For now, keep the prior behaviour of no cache in this test.
Bug: T305093
Bug: T329680
Depends-On: If890622eed0d0f8b4bd73d36ba1815a3d760ea05
Depends-On: Ie1def75208822bdf19bb2cfd7e6edf32c2000e6b
Depends-On: I35cce61dc3ee90dcee3dd6f0b36f84133be029ed
Change-Id: I53781a8c06ebb2583f6ca83dd91bbfe8a5c88b13
This supported mostly IE 6 and 7 as well as some very old Safari
versions against sniffing. Browsers later implemented
X-Content-Type-Options: nosniff which should protect against this
problem.
Bug: T309787
Change-Id: Iea61bd82033551008eb1832fe899ea28ccb23385
* Remove duplicate descriptions from file blocks in favour of class
doc blocks. This reduces needless duplication and incorrect or
outdated copies, and helps to make the file header more consistently
visually ignorable.
* Clean up the file header, similar to other commits under
<https://gerrit.wikimedia.org/r/q/message:ingroup+owner:Krinkle>.
Change-Id: I31b137b1d6c75eb042d935b99f92ef47652596ec
Copy the Renameuser extension into core, with minimal code changes. The
hook handlers are inlined into Article, SpecialLog and
SpecialContributions.
Bug: T27482
Change-Id: I314021f4138773df6aaf2753b33ab8283cd16974
This changes the name of the rate limits to match the name of the
corresponding permission:
1) "emailuser" is now "sendemail".
2) "changetag" is now "changetags".
This is done in preparation for merging rate limit checks into Authority.
Backwards compatibility is retained, but the old keys trigger a settings
warning which will be shown by the updater.
Bug: T310476
Change-Id: I59163c88a3f9237ee4592f4b51e3f56359f73fc0
Special:Log allows to have the type, the user or type + user as subpage,
link to this page to show logs from me.
- Special:MyLog redirects to Special:Log/<me>
- Special:MyLog/create redirects to Special:Log/create/<me>
This does not show logs against me (like blocks)
Bug: T327565
Change-Id: Id624cb84d8bbac87d2f820c7c283d4c13866bff5
The currently supported groups are documented in database.md.
While at it, prefer the string form of the $groups parameter where
possible, since the complexity of an array is never utilized, as the
groups either can't overlap, or are decided on by the caller instead.
This also helps with the simpler LBFactory::getConnection() proposed
in T326274.
Bug: T263127
Bug: T326274
Change-Id: I7a31a07a8c3f1e265ac43ab59f23326590b407c3
Follows-up If5476e69dd6d6. There is no need to provide the current
path to this class as this not only easy to look up, but in most text
editors it is faster to open the file without a path than with,
e.g. by clicking on the class name in IDEs, or in simpler editors
by simply copying the word "LBFactoryMulti" and using quick open to
view the first matching file with that in its name.
We don't do this elsewhere either, and actually adds confusion on
doc.wikimedia.org where it's not clear how to folllow the instruction.
Change-Id: Iade0dafe2ad0e924d5c8a9fda76065bc806517c5
Fix documentation related to ExtraInterlanguageLinkPrefixes
configuration: it should be a list, not a map, and described usage
better.
In ApiQuerySiteInfo, third-party clients (like Parsoid) need to know
whether a given language link core corresponds to a deprecated
language code or a "real" one; the API was also missing information
regarding which language code an "extra language link" prefix
corresponds to (given by InterlanguageLinkCodeMap in the
configuration).
Finally, add the corresponding bcp47 codes for these interlanguage
links, so third-party clients don't need to know details of mediawiki
internal and deprecated language codes.
Change-Id: I82465261bc66f0b0cd30d361c299f08066494762
Add a "SkinCodexThemes" key to skin.json, that works just like
"SkinOOUIThemes". Based on the value the skin sets,
ResourceLoader\CodexModule loads the correct Codex theme for the skin.
The default theme is wikimedia-ui, meant for skins with a 16px base font
size. Skins with a 14px base font size (like Vector) should override
this to use wikimedia-ui-legacy.
Bug: T324367
Change-Id: I7435413928f2b8c5d43c34d9e2e7df470d710c93
== What
* Trigger "lagged replica mode" even when all replicas are lagged.
This partially undoes I53b261dfe (f59e4ad95e).
This restores "shorten CDN cache" behaviour for third-party wikis.
* Change "lagged replica mode" to no longer have the side-effect of
making primary DBs read-only, under any circumstances.
* Change "getLaggedReplicaMode" to no longer trigger a connection.
If no data was queried, no stale data was served (mostly, there is
potential via Memcached, but we don't measure that either way, and
should be taken care of by rebound purges for production, though
as explained below, this mode doesn't matter for production).
== Why
Follows-up I53b261dfe (f59e4ad95e), which changed lagged-replica
mode to no longer be triggered when all replicas are lagged. This
was motivated by the fact that
1. It is understood that at WMF it is impossible for all replicas to
be lagged due to MySQL semi-sync, and
2. That this mode often triggers at WMF anyway due to how we measure
lag, and
3. When this mode is activated it needlessly makes MW read-only.
This has as downsides that it means lagged-replica mode no longer
triggers for third-parties without semi-sync either, and thus the
side-effect of shortening caches doesn't work, and the Skin footer
message wouldn't be shown either.
The problem we want to solve, which I think translates to both WMF
and thid-parties, is that MediaWiki doesn't need to be responsible
for turning the site read-only when a replica is lagged. For scales
where that is a big problem, MySQL semi-sync can be used by the site
admin, and smaller sites either don't have replicas or are small enough
to not yet have this problem, and likely would be bottlenecked well
before the DB level anyway.
As such, solve T314975 differently by removing this activation of
read-only mode instead, and preserve/restore the rest of it in simpler
form.
== Background
The docs were very outdated, in particular the statement about
30 seconds. Historical references to that changing:
* 2015: The MW default setting was lowered from 30s to 10s,
with commit I56a7f35382 (453d88605b, T95501).
* 2015: The WMF config for 'max lag' in $wgLBFactoryConf was gradually
lowered from 30s to 6s, e.g. commit I7f71d75b (744722e784) and
I02b1789095 (e8276e074f).
* 2019: The MW default was lowered from 10s to 6s,
with commit Ic2e82a8cc (e8276e074f).
Bug: T314975
Change-Id: Ie55aad42d99c71c54137c7c4138093082e561097
Minor clean up:
* Fix broken `@see` in MainConfigSchema.
* Add missing `@since`.
* Doc experimental nature, as per the Ic3b6eec1995393 msg.
* Doc anonymous scope, and mention general strategy for elsewhere.
* Dependency inject, to separate concerns and keep ClientHtml
decoupled from MediaWiki settings like wgCookiePrefix, which
otherwise break testing this class with only RL-specific config.
* Apply JS conventions. Made easier by using "JS" as the heredoc
identifier, which IDEs recognise as for highlighting.
* Move code together with the other documentElement.className
statement. This helps both with understanding the PHP side in terms
of related logic and how it interacts, as well as the frontend as
it literally brings <html script>, client-js, and clientpref all
next to each other.
HTML weight of default Main_Page on localhost, logged-out:
* vector : 23.21 kB / 140.48 kB
* vector-2022 : 24.17 kB / 146.43 kB +6.0 kB
* vector-2022 ClientPref=true before : 24.28 kB / 146.70 kB +6.3 kB
* vector-2022 ClientPref=true after : 24.27 kB / 146.68 kB +6.2 kB
Given:
* $wgResourceLoaderClientPreferences = true;
Test plan:
1. View /wiki/Main_Page?useskin=vector-2022 while logged-out,
confirm the inline script is there, and
"vector-feature-limited-width-content" is set on <html class>,
layout width appears fixed.
2. Run mw.cookie.set('mwclientprefs', 'vector-feature-limited-width-content');
3. Refresh and confirm the class is changed at runtime and layout
width is fluid.
Use mw.cookie.set('mwclientprefs', null) to undo.
Bug: T321498
Change-Id: I07f471b815ffadfca9eb4f7bd228cb72dfd1ec9b
This allows the body classes of skins to be customized for anonymous
users. Enable using $wgResourceLoaderClientPreferences = true;
* Only classes of the form <prefix>-(disabled|enabled)
can be toggled.
* For now no client side API is provided as this should not be
considered stable.
* Storage mechanism is cookie, stored under "mwclientprefs"
* Preferences apply to all skins. This means setting a preference
in Vector 2022 would also lead to class manipulation in Minerva.
This is by design to allow for skin-agnostic preferences. Up to
caller to make sure the class being manipulated is limited to the
skin if required ie. don't use generic classes.
* Avoids try/catch and JSON parsing by storaging as a string
* Places inline script before body tag before first stylesheet to
avoid breaking the article's ability to parse the article
concurrently with stylesheet download.
Usage:
Given a document with classes
"client-js vector-feature-limited-width-enabled ext-feature-enabled"
Set:
document.cookie = 'mwclientprefs=vector-feature-limited-width'
Will result in toggling off the limited width.
Bug: T321498
Change-Id: Ic3b6eec19953932c697ab5bf48c33a4ac1841b07
* Allow for DI of config and PoolCounterConnectionManager.
* Manage the PoolCounterConnectionManager singleton without using
a global/static field.
* Allow for test overrides (in ParserOutputAccessTest) without needing
to bring all of ObjectFactory and 'factory' and thus exposing class
constructors to stable interface (except not really since the args
are hardcoded in practice).
Bug: T201223
Change-Id: I514fee20b388f04f9c85c5a1373845d621c65395
This patch introduces ParsoidParserCachePrewarm job
that is used to warm PC with parsoid outputs in order
to speed up page reads on large wikis.
Bug: T322427
Change-Id: Ib63a02d3cf5348b36f4f166ff6939f4d2e7fef6f
This was marked as deprecated to indicate that it shouldn't be used
to share arbitrary database tables between wikis. However, this has
never been officially supported and so doesn't actually warrant
deprecation.
The only use case for $wgSharedDB that MediaWiki supports (and even
encourages in documentation) is for global accounts shared between
wikis.
Recently, update.php started to block upgrades when a deprecated
setting is used, which has brought this otherwise-innocent deprecation
comment to light. Remove it as such since the feature for which it
exists isn't deprecated, and we don't have any other (supported and
documented) ways of sharing accounts between wikis.
In the future, we might rename this and turn it into a boolean so
that it is easier to understand and maintain, but that's for another
day.
Bug: T308536
Change-Id: I1598630f2ab2c9bd443a5f3e6fc0997ceb52c5b2
This patch introduces a configuration variable that allows one
to control the migration stage in production.
Bug: T299954
Change-Id: I36f1e3cd9fb0f25fd43f4dbb97f791da5eb1147b
This let migrateActors.php creating an actor id for it
(the script itself is already removed from 1.40 in c910301)
Bug: T223027
Change-Id: Id5c3b26bfdcd69391cf6f0d18423a5991ac8b887
Despite being documented, this seems to have never worked correctly,
causing confusing exceptions.
Rather than try to fix it in this scary legacy code, just document the
alternative that actually is supported: specifying a file that doesn't
exist.
Change-Id: I00b5e144350add475a8379ead62868ed21fefb81
Code moved as-is from the extension repo with minor changes:
* Adopt PSR-4 namespace.
* Keep backward-compatibility with "PoolCounter_Client"
in LocalSettings, from before the extension was namespaced recently.
* Document how `connect_timeout` actually works, and that it
was introduced in MW 1.28 (via extension).
* Add stable interface annotations.
Bug: T201223
Change-Id: Iadec5b4b5d2fc7e76509c9be0a8fa605d95c64a7
None are used in WMF-deployed extensions and have been hard deprecated
for multiple releases as well.
Change-Id: I62cfa22291f81295b4908192de8657a750c6716d
This branch fails to compile against PHP 7.4.3, our lowest supported
version, and will not be updated to support that or any newer version:
https://tideways.com/profiler/blog/releasing-new-tideways-xhprof-extension
In doing so, remove the Xhprof class. At this point, it doesn't do
anything other than calling either of two functions from whichever
extension is installed, which can just be done in ProfilerXhprof.
Change-Id: Iba1c16f47c68b36982f5d2dcda3bdf4dcb83501d
for LanguageConverter
"Static default variant" language code won't always be the same of
"language code with converter" when there's one of the variant form
specified as the "default variant language" instead of "mixed-form".
We would like to specify "sh-latn" instead of "mixed-script sh" as the
static default variant language for ShConverter.
The function "getMainCode" was not renamed for compatibility.
Bug: T268033
Change-Id: Ibd0fadf9ba1f740cf4aed06e11138549c9d6dc9f
This restores a rewritten version of
commit 78483caaaf.
- Special:Contribute the default entry point in the menu when enabled
- Otherwise it will link to Special:Contributions (default behaviour)
Depends-On: I65336cfd56e1f6b92c1b3bc83cb5d91bbca065bf
Bug: T319327
Change-Id: I67779b88c4904462f9d847b3edb08a65306b2bfb
JS config vars listed in the 'LateJSConfigVarNames' extension attribute
or in the OutputPage::CORE_LATE_JS_CONFIG_VAR_NAMES constant will now
be added to the end of the HTML response, instead of early in the HTML
head where it blocks rendering/painting.
Bug: T41813
Change-Id: I86d461756398780dc24949013f35b7730a481052
* Inline mbUpperChar(), which is confusingly named and has a rambling
doc comment which duplicates the config documentation.
* Memoize the Config::get() call.
* Add a multibyte no-op case to avoid memory allocation.
* Remove "experimental" tag from the config.
It's around 2x faster for non-ASCII input.
Change-Id: Ie88784a20d8b0b6f6c0efee5c940e3a9a06f4bef
Introduced in 2017 with I7f14b9ca2533032 (2e5eb693) but remains
unused at WMF, and disabled by default.
Follows-up I62107789fa (9e49260fc9) which added reap to LinkCache
test cases in 2021.
Change-Id: I0654c29a671467dd6b366f462d1c09b90a273413
This only supports WRITE_BOTH for now, the rest will be implemented.
Tested locally, works fine.
Bug: T318606
Change-Id: I6f898aa89f7d36f3f8a4eb8c23706c64a90896b0
Equals signs have special meaning in wikitext, they're used in template
parameters and headings. Allowing them in usernames complicates things
as it's not possible to use them in wikitext without escaping them.
This only prevents usage in new accounts, so it doesn't stop the problem
entirely, but it stops it from getting worse.
Bug: T254045
Change-Id: I07c0af2c5e44ff67fc0bc6c1ae1d4ce7255aa0cd
This allows config variables to be declared obsolete. Obsolete config
will be omitted from the schema, defaults, name constants, etc. The
purpose of keeping a declaration of obsolete config around is to allow
the updater to warn admins that they are using a config variable that no
longer has any effect, and provide them with a remedy.
The idea is that support for deprecated config can be removed after one
release per the stable interface policy, but the declaration of
obsolete config should be kept for as long as we support updates,
that is, at least two LTS releases.
See https://www.mediawiki.org/wiki/Topic:X4bh4nf3pe2ho5jj for
discussion.
Change-Id: Ia7a00742ea7a5311e820a6a43b11135a3f2a825f
This global variable was replaced by auto-discovery of parser test
files in extensions and is no longer needed (or used).
Change-Id: Ib616e60f36db32ffd8bc69c71a096f23c0a27910
I particularly want 'factory' to be allowed, but I don't see a reason
to exclude the other properties. They are supported, even if unlikely
to be useful for test modules.
Change-Id: I223f63aab132444833aad7d7c162b27c9e93991c
This at least doubles the speed, which would allow the number of
iterations to be doubled and computation of the password hash to
complete in the same amount of time as before, or maybe even a
slight bit less.
The doubling in speed is due to an optimization[1] that so far has not
been accepted into PHP's hash extension.[2] In addition, OpenSSL has
optimized assembly-language hash function implementations for several
common CPU architectures. These provide a further, yet more slight,
performance improvement.
While OpenSSL's PKCS5_PBKDF2_HMAC() is not the fastest implementation
around, using it does not add a new library dependency. And although
better password hashing functions exist, PBKDF2 is still the default
in MediaWiki. For these reasons, I think this change makes sense.
[1]: https://github.com/openssl/openssl/commit/c10e3f0cffb3820d
[2]: https://github.com/php/php-src/issues/9604
Change-Id: I7b06590d4c42581f8749336f9c17777f973a506c
What was previously a REST API-only feature (the thumbnails
hook allowing for thumbnails for non-file pages via the
PageImages extension) is now also being adopted in the main
search page.
That hook will now be called with NS_FILE result thumbnails
pre-filled, which was not the case previously. PageImages
essentially duplicated NS_FILE thumbnail logic that was
already present in Special:Search, so that can (and will
in a follow-up patch) then be removed there. Special:Search
will then simply take whatever is produced from the provider
(which will include both NS_FILE thumbs - which it handled
already - as well as whatever else it receives from the hook),
as will the REST API (which already received both)
Since thumbnails can now come in for multiple namespaces &
having some of those results with & others without a thumbnail
can be quite jarring, it was decided that we'd display
placeholder images (for certain namespaces). This is now
controlled by $wgThumbnailNamespaces.
I also split up a few things in FullSearchResultWidget::
generateFileHtml for more clarity.
Meanwhile also updated mediawiki.special.search.styles.less
to use variables for known colors.
Also implemented a 'transform' (required for testing this
change properly) and 'getDisplayWidthHeight' (it became
needed after implementing transform) callback function for
mock Files, and updated some existing tests in response to
these changes.
And some more Rest test files have been updated to allow
passing around a HookContainer instead of only an array of
hooks (from which a new HookContainer would then be created)
to allow the same container to be used across all relevant
objects, who may have it injected as dependency.
Bug: T306883
Change-Id: I2a679b51758020d3e822da01a1bde1ae632b0b0a
This was introduced in 2015 with 8e3721a2b9 (Iadb34f24d8b, T89308)
as part of the Multi-DC initiative, with the plan being to use this
job when queueng jobs during a requests that are not guruanteed to
be routed to a primary DC (e.g. during a GET request).
Its use was removed as part of T181216, but the job was kept and has
seen numerous maintenance changes since. I propose we remove it as it
is no longer used in any Wikimedia Gerrit hosted code.
The expectation now is that JobQueue backends are responsible for
making sure new jobs can be accepted in any DC. At WMF this happens
by writing to local EventBus/Kafka and the internal streams converging
and mirroring in both directions.
The built-in JobQueueDB implementation is unlikely to be used in for
large wiki farms, but it too would support writes from secondary DCs
from post-send. I haven't tested JobQueueRedis, but it seems like that
could likely also be used in a way that writes locally and replicates
writes from secondary to primary.
Bug: T89308
Change-Id: Ia84d0e9ca047cd78ab8c0d0d055d4199d0e3e5b6
This policy was just the fall-back set in 2015 with the default length
of 1. As pointed out on MediaWiki-l, it is a bit short nowadays, so
raise it to 8 characters, which is what we use in Wikimedia production.
Change-Id: I4e0e57ed910a16804e015c9f1aaf48a5603bf95f
* CDB stands for "constant database" file, hence also changes references
to "constant" when likely intended to refer to CDB.
* Remove reference to non-existent docs/Configuration.md.
* Remove unused resetLocalCache() method. This was documented as
internal for testing only, but tests did not use it.
It was left behind in 2016 with I7d7424345d0ce3ce90 (025f15a208).
Bug: T315315
Change-Id: I61d9689160d9bf5715c4ff18009fbd16236d34e6
This reverts commit cfed8e7743.
Reason for revert: Will implement a hook rather than changing config at runtime
Change-Id: I5a941b871f9a6347744e800ea63cd82450ab6da3
This patch changes the Special:Preferences menu layout to display as a vertical menu. This function will only work for users with AMC enabled.
It also creates a variable (SpecialPreferencesUseMobileLayout) that changes when a user navigates to Special:Preferences on mobile and has AMC enabled.
Bug: T311717
Change-Id: Ia7a730cd7f009dbb921a810f27fae4a9ee66f793
When the deprecation of wikibits.js originally started, it contained
a ton of things [1] such as:
* user-agent utils, `clientPC` and `is_gecko`.
* addOnloadHook.
* importScript.
* appendCSS.
* stylepath and other config vars.
* tooltip, e.g. updateTooltipAccessKeys.
* portlet, addPortletLink.
* tablesorter, e.g. ts_makeSortable, ts_getInnerText
* searchsuggest.
* notify utils, e.g. jsMsg.
* spinner utils, e.g. injectSpinner.
* event utils, e.g. hookEvent.
* siblings scripts included: mwsuggest, sajax.
Except for two (addOnloadHook, and importScript), these have all found
new homes and been succesfully migrated and replaced over the years
with other platform APIs.
The $wgIncludeLegacyJavaScript variable hasn't been needed for a while
as what it gated no longer exits. Remove it and fold the two remaining
functions into mediawiki.base as defacto stable APIs.
* addOnloadHook: Not worth breaking imho. I've shortened the
implementation which saves a few bytes in WMF prod, and adds a few
bytes for CI/third-party where it was previously absent for new
wikis (thus reducing portability).
* importScript: Never deprecated in the first place as there is no
mw.loader equivalent to this. In order to achieve optimal cache
performance, and benefit from automatic purging after edits, one
must craft a very specificly encoded and ordered canonical
action=raw URL. This is not something end-users need to know about,
and is what imporScript exists for to abstract. Plus, it ensures
de-duplication. One day something like Gadgets 3.0 (T36958) might
take off, but for many years to come, importScript remains the best
and only supported and usable means within the platform to share
and load user scripts.
Tested with: `curl 'http://localhost:8080/w/load.php?modules=mediawiki.String%2Cbase%2Cuser%2Cutil&skin=vector' | gzip -9 | wc -c`.
Before: 9.53KB
After: 9.45KB
[1] https://gerrit.wikimedia.org/g/mediawiki/core/+/1.17.0/skins/common/wikibits.js
[2] https://www.mediawiki.org/wiki/ResourceLoader/Migration_guide_(users)
Change-Id: I10f17f68fea862d510d188b927f4a7b38be0e4a4
Instead of checking the result of uncondiional `['host']` access in
the foreach loop afterward, check the result of url parsing directly.
Also:
* Switch to plain parse_url(), we don't support exotic input here.
* Move parsing to loop, minor optimisation, and will often thus mean
we don't even need to parse or check the LocalRepo case, since the
feature is generally only enabled when a cross-domain ForeignRepo
exists.
* Improve docs.
* Remove experimental warning.
Bug: T317329
Change-Id: I6492f5142861513e4a7eb65fe4c14fa12c46977a
The merge of the addition of the new file e36a8af and the creation of
the first patch for removal in the old file b90d2dd overlaps by time and
the information is still there.
Follow-Up: I736cb74efc267fd2473a3267471735238217251c
Change-Id: I6de1e6874206d8a9c7b207b6322d77f6472d22f5
The day has gone. Still keeping the code as the schema changes are not
done in production but the data migration has been finished.
Bug: T299417
Change-Id: I906e069a63d1dae14924c72318b22b16244371d6
The authentication provider's testUserForCreation() method is for
checking whether a given user name is available. The current
user being IP-blocked has nothing to do with that username's
availability so stop checking that. (AuthManager will check it
via AuthManager::authorizeCreateAccount() elsewhere. Although
that method doesn't seem to be doing anything useful and could
probably just be replaced with a direct call to
PermissionManager, but that's left for a separate, less risky
patch.)
Special-case autocreation though, which doesn't use
the more appropiate AuthManager::authorizeCreateAccount() for
performance reasons so it does need an IP block check.
(At least I think it is for performance reasons. Maybe it's
just an unintentional omission, and that should be used instead?)
While we are at it, also fix a TODO in AuthManager where partial
blocks were taken into account for $wgBlockDisablesLogin, and
clarify in the config schema that they aren't, improve some
comments to make it more obvious why some things are/aren't
done in CheckBlocksSecondaryAuthenticationProvider, and make
the logic more similar to the one in testUserForCreation().
Functional changes:
* Partial blocks are ignored for authentication, account
creation and autocreation.
* On $wgBlockDisablesLogin wikis IP blocks won't prevent
login anymore.
* On $wgBlockDisablesLogin wikis, blocks will now prevent
account autocreation even if they are not configured to
prevent account creation. The assumption is that on such
wikis account creation is restricted via some means.
This probably isn't necessary as blocks should also prevent
the conditions needed for autocreation (e.g. log the user
out centrally), but can serve as defense in depth.
Along with the special-casing of autocreation, this means
on such wikis any IP block will prevent autocreation, which
is not great but seems not worth even more code complexity
to avoid.
* The action=query&list=users&usprop=cancreate API won't take
blocks into account anymore.
Bug: T306018
Bug: T208895
Change-Id: Ie94d61640301192b287275311f3452e606469d25
We’ve been using it in production for two months without issues as far
as I’m aware, so let’s start documenting it as a more permanent feature.
(After all, people querying the table, e.g. via Quarry, need to be aware
of it.)
Bug: T306589
Change-Id: I66d405b34f02c57a337d196124c0d5a4d3a3b20b
When $wgWatchlistExpiry = true and a user adds a page to their
watchlist, they are currently presented with a combo box where they can
pick a duration of permanent, 1 week, 1 month, 3 months, and 6 months.
This patch adds 1 year to the combo box, and raises the maximum age to 1
year. `api.php?action=watch&expiry=1 year` will now also work.
Bug: T313255
Change-Id: Ia84d6f99584ae23feea3831499d5baee2dd1a024
MediaWiki sets a large 'Cache-Control: s-maxage=' directive on page
views only if the request URL matches one of the normal CDN URL forms.
When MediaWiki is behind a CDN that re-orders query parameters on
request URLs, we want the CDN URL matching logic to be insensitive to
the order of query parameters. This change introduces a
'CdnMatchParameterOrder' configuration option that can be used to
control this behavior. It defaults to 'true', which preserves the
existing behavior (order-dependent matching).
Bug: T138093
Change-Id: I3c52ca47e095ba32511892853dac6c87a1cc2321
The doc folder contains (committed) json files with schema definition
for json files
That should be linted as well to spot syntax errors easier
Change-Id: I20ff7abf6b98d2247ee52e2d2b43af88c062f779
The boolean type is unwanted, but it is needed in the schema to allow
"boolean" as old value in an schema change (example 88e30dc)
The key "options" and "unique" are used without check in
DoctrineAbstractSchemaTrait
There are only two values for the "flags" key.
Change-Id: I7cbd0c1cdf770185fdc006f34cf405af88dc3dab
Remove Flash cross-domain policy mangling. Users who are somehow still
using Flash as a browser extension will be exposed to CSRF
vulnerabilities.
Deprecate the config since deprecation has some advantages in the new
config system over simple removal.
Bug: T279496
Change-Id: I2c0e85a430d7e6aaf8d5decd00cf1dade04cebe1
This ensures we don't show ToCs in vector-2022 for Javascript pages
which contain raw <h2> elements.
This version uses the same "canonical options" hack that is used for
language conversion tables. These should both be replaced by a
(not yet existing) mechanism in the future: T313455 is the
task for that.
Bug: T307691
Depends-On: I35e199cca40c0e4359ac493e5806dcf4ae49321c
Change-Id: Iba6a8b6c59bf91e3d06896f0a610c3c3e52e6564
Validating against the live schema on the WMF cluster exposed several
issues with the config schema. Mostly settings declared to be lists
which are actually associative arrays.
This also removes deprecation markers for some settings that are still
in active use, just discouraged or unstable.
Change-Id: I63e816edd1a561bda6063f8558ccce88c113df3f
This adds functionality to SettingsBuilder for collecting warnings to be
logged later, when the logging mechanism has been set up.
This also adds a validation step to update.php that aborts the update
if any warnings have been registered in SettingsBuilder, or the settings
fail to validate against the settings schema.
Change-Id: I387905289fb93591f79b96bf4c6cb5ec692b2aff
I don't recall why I added this. Possibly in a confused effort
to match /tests/phpunit, except /tests/phpunit/suites is not
where test cases live, they live under /tests/phpunit/* directly,
mostly /tests/phpunit/includes named after the source directory.
The correct equivalent to that is /tests/qunit/resources for JS.
While at it, also remove mention of this concept from various other
places where it doesn't add value. It's one more word/concept to
learn, process, understand, or translate mentally. They're just tests,
or for the one or two places where we care about how they are
internally transmitted, a "test module".
Bug: T250045
Change-Id: I5ea22e4965d190357aa69883f29f9049ee8ebf13
- schema change to allow tl_namespace and tl_title being empty
This is done by removing them from primary key. They don't need to be
nullable as they have default value.
- Make sure with WRITE_NEW, updater avoids writing to the old columns
Bug: T306674
Change-Id: I2b8a29043e952060e7a79b6a7a3d647d48cd16fb
For now, this is not used by MediaWiki core itself, but in the future
we may add prompts in the installer and notes in update.php, amongst
other places.
The naming is taken from the `suggests` field as used by Composer.
Bug: T182472
Change-Id: Icc8c189812b231313e6d8b3e907a866c710bae24
The goal is to keep the actual default values for settings in the same
place as the setting is declared, and applied using the regular means
for loading the settings -- not in a separate piece of code that needs
to be loaded through some entirely different mechanism.
SetupDynamicConfig.php now contains a few categories of things:
* Post-processing of configuration settings, where already-set settings
are altered. This could be moved to MainConfigSchema too as a separate
set of methods.
* Processing of old aliases of settings (blacklist, slave) that are not
registered as settings anymore and therefore are not available to
MainConfigSchema. This could perhaps be moved to LocalSettings
processing somehow?
* Setting $wgUseEnotif, which is also not registered as a setting.
Easiest would be just to declare it as a setting and have it set
unconditionally.
* Setting the actual timezone to $wgLocaltimezone. This is not related
to configuration and should just be in Setup.php.
Bug: T305093
Change-Id: Ia5c23b52dbbfcb3d07ffcf5d3b7f2d7befba2a26
A library for storage of counter value time series statistics, based
around the observation that memcached getMulti() is apparently fast
enough to do this in a simple manner, with incremented values stored
in time window buckets.
Bug: T310662
Change-Id: I26b1cdba0a06ad16ad8bb71b455e1b6180924d17
This adds support for JSONSchema style property declarations with nested
schemas. This is a step towards using more nested structured for
configuration, rather than adding to the over 700 keys already defined
in the main config schema.
Defaults from property schemas are aggregated into a default value in
the top level schema. Descriptions are however not yet aggregated.
Change-Id: Iaf46a9ecc83bee3566098c56137a1be66bff2ab9
This patch introduces a ParsoidOutputAccess service for
getting parsoid outputs and warms the cache with pregenerated
outputs.
It also introduces a config variable in ParsoidCacheConfig that
is turned off by default for controlling the cache warming.
Bug: T301371
Change-Id: I6152c42ea765d94093d8d62598b1b4278314adec
This changes the name of a key in the ParsoidCacheConfig array:
StashType is more in line with other configuration variables that refer
to on aobject cache type.
This is not a breaking change since ParsoidCacheConfig was only
introduced recently and is not in used in WMF config nor present in any
release.
This is a Follow-up to Ic67dc43ed9843810e4b180127f9a3bb7608f7608.
Change-Id: I9e61a6f94ec8bf1716c7d735f9bb17af4461fc9c
Cache the parsoid outputs only if a certain time is exceeded on
parse and consider the parse operation within this time limit as
not expensive per that wiki and not cache the parsoid output at all.
Bug: T308588
Change-Id: I7793b77feab13400ccd04343e7878ad701f5e6a7
Fix notice on PHP 7.4+ when the wordmark is false. It is false on the
beta cluster and Mustache doesn't mind if it is false. Update docs.
Use !empty($x) as a shortcut for isset($x) && $x in two nearby places.
Bug: T310767
Change-Id: Ie33f8edf075f1216881428ec6aa29cae1dac4e64
This introduces the ParsoidOutputStash config setting, which defines the
storage backend and cache duration. The storage backend name refers to
an entry in the ObjectCache setting, and defaults to the main stash.
Bug: T267990
Bug: T309016
Change-Id: Ic67dc43ed9843810e4b180127f9a3bb7608f7608
When JSON support was introduced into ParserCache in 1.36, it was
controlled by a feature flag, $wgParserCacheUseJson. The feature flag
was "born deprecated" in 1.36. It can now be removed.
This means that ParserCache will always store entries as JSON.
Support for reading old non-JSON entries remains intact.
This is needed when updating wikis from a version older than 1.36
to the current version.
Change-Id: Id04e42bfb458d98414bac50e0d6c505e8878e5c0
Previously, each of the four derived config schema files had to be
regenerated using a separate maintenance script. This change simplifies
regeneration by combining all for scripts into a single command that can
be used to regenerate all relevant files after changing
MainConfigSchema.
Change-Id: I7d38d8a4aede60475c4bdd0053d2e10e298b9843
Move config defaults to ResourceLoader class, so that the defaults
reside within the component responsibility, and for future standalone
use and unit testing with the same set of defaults.
Bug: T32956
Change-Id: I4a268e11686e526c4377542d45e198a72e57f182
This would be useful in cases that lots of edits happen at the same time
and this would reduce the time waiting to get the row lock.
Bug: T306589
Change-Id: I3b869e3b85dfd66575390ef4247f2f81f19c878e
