When we format API output as HTML, that HTML may contain user secrets
and should not be cacheable, even if the API output would ordinarily be
cacheable.
Bug: T354045
Change-Id: I94fe5f7bfae580e8bda8af1971b9448db8201c22
Mock the needed dependencies to avoid database access when possible, and
add the test to the Database group otherwise.
Bug: T155147
Change-Id: Ic5c39ab35ab4d993721713285180f072497a5a40
Just methods where adding "static" to the declaration was enough, I
didn't do anything with providers that used $this.
Initially by search and replace. There were many mistakes which I
found mostly by running the PHPStorm inspection which searches for
$this usage in a static method. Later I used the PHPStorm "make static"
action which avoids the more obvious mistakes.
Bug: T332865
Change-Id: I47ed6692945607dfa5c139d42edbd934fa4f3a36
Also improve MediaWikiIntegrationTestCase::editPage by accepting
LinkTarget objects and use services instead of static functions
Change-Id: I3d036b0837f212d3500159c1d3a3daa4e706882c
Remove Flash cross-domain policy mangling. Users who are somehow still
using Flash as a browser extension will be exposed to CSRF
vulnerabilities.
Deprecate the config since deprecation has some advantages in the new
config system over simple removal.
Bug: T279496
Change-Id: I2c0e85a430d7e6aaf8d5decd00cf1dade04cebe1
This avoids "Can't create user on real database" errors that can
occur if the order of test classes changes.
Bug: T50217
Change-Id: Iccd6a2d4f207d2a9ddf62544b3a24a9db15bda55
There is a common and reasonable need for longer lines in tests.
The nudge for shorter lines doesn't seem valuable here. The natural
breaks will likely still fall in 80-100 given the enforced practice
for non-test code, e.g. whether through habit, or 80-100 column markers
in text editors, or the finite width of diff and code review
interfaces.
Change-Id: I879479e13551789a67624ce66f0946d2f185e6ee
Results in passing a user where previously the fallback
to $wgUser was being used, mostly in tests.
Bug: T255507
Change-Id: Iabe24315b23c0ad1272353186425e71974528d23
Ended up using
grep -Prl '\->setMethods\(' . | xargs sed -r -i 's/setMethods\(/onlyMethods\(/g'
special-casing setMethods( null ) -> onlyMethods( [] )
and then manual fix of failing test (from PS2 onwards).
Bug: T278010
Change-Id: I012dca7ae774bb430c1c44d50991ba0b633353f1
This data structure is sufficient to generate menus in
all Wikimedia deployed skins.
This new method will be used immediately in Example skin:
Ifb30a2c1314692c2869bd99c523e19c821be1f08
and Vector skin:
I5f7adc1840441b508ffee40139b85b64021789e6
Bug: T262098
Bug: T255924
Change-Id: I1a163cac0bff7620dcac50350cb6b93445a0cfbc
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
This patch fixes all PHPUnit 8 compat issues in the DBless suite, aside
from assertArraySubset.
Bug: T192167
Change-Id: Iea782386509b9e579f06d63687669e14bc437fad
This commit splits changes from Ic14f5debc53e55d6714 to reduce it to
only strictly needed things. It can be merged immediately.
Bug: T192167
Change-Id: I8c541a66ea13421dbe7fa51d197d5455cc4786eb
These help making the code much more readable and explorable. IDEs
now allow to ctrl+click most of the methods to jump to their source.
Change-Id: If1e55fa549de27be2549f245eca6938ecd5cfd82
With Iee04afc27283547dd68d6db93f44ac2e0ebf1258, passing both the $class
and $factory parameter is deprecated in favor of just passing an
ObjectFactory spec as the third parameter.
Change-Id: I7b04d82c9daba52f5dc5e6c528739336279c7550
This will allow constructing API modules that need services.
This overhauls some of the internals of the ApiModuleManager,
but the public interface remains unchanged.
The $class parameter of addModule, (now called $spec)
also allows passing an array with the spec of the module.
Note that this spec requires the attribute 'class' to be present,
even when 'factory' is specified. This is the same as before,
where $class was always required.
In a perfect DI world ObjectFactory would be injected into
ApiMain::__construct and ApiMain would pass that to its instance
of ApiModuleManager, but that is currently not possible, so for now
it is injected in ApiModuleManager by having ApiMain::__construct
call the service locator.
Bug: T222388
Change-Id: Iee04afc27283547dd68d6db93f44ac2e0ebf1258
Ensure that errors encoding API results produce actionable log entries.
Part of the follow-up to T210550.
Change-Id: I6f311451e3b07b540f14352ce25af9d74a053d19
The only thing missing is tests for the rawfm paths, which I don't
understand well enough to test easily.
Change-Id: I08779391798b9d2d5eeb7e19ec4764059336069c
If the request URL was not normalized, for example having a double slash
in it, this could cause it to fail to match in the PathRouter. But the
canonicalizing redirect was using the normalized URL, causing a redirect
loop exception.
So:
* If the PathRouter fails to match with the original URL, try matching
against the normalized URL. This allows it to still work for
normalized URLs with a double slash in the title part of the path.
* Have WebRequest::getFullRequestURL() always return the URL without
removing dot segments or interpreting double slashes. Just append
the path to the server.
* Make MediaWikiTest.php use WebRequest instead of FauxRequest, allowing
it to reproduce the exception in question. Add relevant test.
* Add tests for the new PathRouter behaviour.
Bug: T100782
Change-Id: Ic0f3a0060904abc364f75dae920480b81175d52f
Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
There is no need to escape double quotes in content of XML.
Html::element() also does not escape double quotes in content.
ENT_NOQUOTES escapes '<', '>' and '&' but not "'" and '"'.
https://secure.php.net/manual/en/function.htmlspecialchars.php
Change-Id: I3b585c43e532cca1a8951d6c9e8b4825fc3b012d
* Convert OutputHandler.php from global functions to a class.
- wfOutputHandler → OutputHandler::handle
(no alias, no usage outside core)
- wfGzipHandler → OutputHandler::handleGzip
(private, no usage outside class)
- wfRequestExtension → OutputHandler::findUriExtension
(private, no usage outside class)
- wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy
(private, no usage outside class)
- wfDoContentLength → OutputHandler::emitContentLength
(private, no usage outside class)
- wfHtmlValidationHandler → OutputHandler::validateAllHtml
(private, no usage outside class)
* Add the class to autoload.php for exposure outside WebStart.
Specifically, for use in ApiFormatPhpTest. This also removes the
need to manually load the class because this code runs after
Setup.php loads AutoLoader.php.
Bug: T189966
Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
The return value for ApiFormatBase::getFilename() was formerly
documented as "must be encoded for inclusion in a Content-Disposition
header's filename parameter." While this is ok for the common use case
where the module is returning a constant string or can assume whatever
it gets back from getExtensionsForType() is ok, it's not in general a
good idea to make all callers handle that.
Further, it's not possible to represent characters outside of the
ISO-8859-1 character set in a 'filename' parameter. You have to use
'filename*' to do that (see RFC 5987 and RFC 6266).
So, this patch changes the definition of getFilename() to remove the
encoding requirement, and adds code to properly convert and escape the
value for the 'filename' and (if necessary) 'filename*' parameters.
Note this may give unexpected results (double encoding) if any module
actually is returning an encoded filename. I don't see any such cases in
core or in extensions in Gerrit.
Change-Id: I0c2749a847b639f228efff4e1917a61612a1f7d1
Ensuring proper behavior of the base class lets comprehensive tests of
subclasses be simpler.
This also adjusts ApiFormatTestBase to be a bit more usable, passing an
array of options through to encodeData() instead of just a class name.
And removes the unused 'SKIP' from testGeneralEncoding, but allows
expecting an exception (for use in I63ce42dd).
Change-Id: Ib2a1fa0b04860b09105376881ff8411f9534c453
Clean up use of @codingStandardsIgnore
- @codingStandardsIgnoreFile -> phpcs:ignoreFile
- @codingStandardsIgnoreLine -> phpcs:ignore
- @codingStandardsIgnoreStart -> phpcs:disable
- @codingStandardsIgnoreEnd -> phpcs:enable
For phpcs:disable always the necessary sniffs are provided.
Some start/end pairs are changed to line ignore
Change-Id: I92ef235849bcc349c69e53504e664a155dd162c8
API warnings and error messages are currently hard-coded English
strings. This patch changes that.
With a few exceptions, this patch should be compatible with non-updated
extensions:
* The change to ApiBase::$messageMap will blow up anything trying to
mess with it.
* The changes to the 'ApiCheckCanExecute' hook will cause a wrong
(probably unparsed) error message to be emitted for extensions not
already using an ApiMessage. Unless they're currently broken like
Wikibase.
Bug: T37074
Bug: T47843
Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898
Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec
Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6
Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed
Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c
Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b
Depends-On: I535344c29d51521147c2a26c341dae38cec3e931
Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
Take into account that the tag might have parameters.
Bug: T123653
Change-Id: Ie9799f5ea45badfb4e7b4be7e7fbc1c35cc86f26
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
