The functions returning null or the class property is set explict null
Found by phan strict checks
Change-Id: I4a271093fb6526564d8083a08249c64cb21f2453
This allows nonexistent translated pages to fall back to the
corresponding page in a suitable language.
Bug: T299544
Change-Id: I278c54c682955c74bb6115a09e4a974c2b6e8ae6
Rather than pass around wikitext, just use Message::parse().
We already call this method this way in VisualEditor.
Bug: T301890
Change-Id: I4d515744f337bec6da8ca2ef43efa99f0c8cb974
Mostly, use strict comparisons, and use Html:: methods instead of
building strings manually when convenient. Also add typehints to private
methods and replace a couple of deprecated things.
Also ensure that $this->section is always a string (like the
documentation claims) by setting a default in importFormData.
Change-Id: Id7c8817e55b5deb85788b1d3491f9be4d2a95874
The "error" class nowadays is only supposed to be used by Parser and
related code. It renders as red text with no special formatting.
Instead use Html::warningBox(), which renders a yellow box around the
text. (Not Html::errorBox(), because these are not really errors.)
Change-Id: I7a7046bf9b9765cbb82ec3caa1530de7f05e0da4
Fixes the exception "Cannot unpack array with string keys" from OOUI.
Passing associative arrays to various functions in OOUI was never
supported and now fails after OOUI v0.43.0.
Bug: T299191
Change-Id: Id2513bc610b71be16d65f2b7c0f7a73d852496cc
Both traditional action=edit&undo= and the newer
action=mcrundo/action=mcrrestore endpoints suffer from a flaw that
allows for leaking entire private wikis by enumerating through revision
IDs when at least one page was publicly accessible via $wgWhitelistRead.
This is CVE-2021-44858.
05f06286f4 removed the restriction that user-supplied undo IDs belong
ot the same page, and was then copied into mcrundo. This check has been
restored by using RevisionLookup::getRevisionByTitle(), which returns
null if the revid is on a different page. This will break the workflow
outlined in T58184, but that could be restored in the future with better
access control checks.
action=mcrundo/action=restore suffer from an additional flaw that allows
for bypassing most editing restrictions. It makes no check on whether
user has the 'edit' permission or can even edit that page (page
protection, etc.). This is CVE-2021-44857.
This has been fixed by requiring the 'edit' permission to even invoke
the action (via Action::getRestriction()), as well as checking the
user's permissions to edit the specific page before saving.
The EditFilterMergedContent hook is also run against the revision before
it's saved so SpamBlacklist, AbuseFilter, etc. have a chance to review
the new page contents before saving.
Kudos to Dylsss for the identification and report.
Bug: T297322
Co-authored-by: Taavi Väänänen <hi@taavi.wtf>
Change-Id: I496093adfcf5a0e30774d452b650b751518370ce
This is a convenience feature that makes it possibly to
semi-automatically copy-paste the contents from another page when
creating a new one. The more I dig into the code, it's history and
potential use-cases the more I feel like this was never meant to be
used on non-wikitext pages.
* This feature makes it possible to trick users into making edits to
e.g. one of their personal .js subpages. I find this scary.
* "preload" and "preloadparams" are meant to work like a template
transclusion where "preload" is the name of the template. I don't
think this makes sense on non-wikitext pages.
* The feature can be used together with section=new. This doesn't
work anyway on non-wikitext pages. The only effect this patch will
have is when a non-existing page is created.
* The feature is meant to seed e.g. a new section on a talk page with
something the user can work with before it is submitted.
* But what's the point of semi-automatically seeding e.g. a .css or
.js subpage with the contents from another page? One situation I can
think of is when a new user gets the recommendation to copy-paste
another users skin modifications. It might be convenient to let
the user click a link that utilizes the preload feature instead of
manually copy-pasting code. But this comes with so many problems (e.g.
the user doesn't have a chance to understand what's going on) I don't
think it's worth it.
Bug: T297725
Change-Id: Iee2d9196854427501bf36659eace81a80a66dd26
The concept of a redirect chain didn't really work for a value of
max redirect > 1. In the ideal world, we just want to have a source
which points to target (source -> target) discarding the concept of
a redirect chain completely.
Having something like: source -> target -> target1 -> target2 doesn't
really work well with the current database design.
NOTE: Support for $wgMaxRedirect will be removed soon hence
deprecation without interfaces for replacement.
Bug: T290639
Change-Id: I469de6f85e405e8ddbe7abaa5b99b77cb9cf415d
Those "$comment ?? ''" are a bit ugly, but the other way around is
changing the return values of some ::getDescription implementations,
which is dangerous, at least.
Change-Id: I07e6b58258c256d19b058c56280150b70a46b407
This reverts commit 2bcb3fe567.
Reason for revert: this is a good change,
just needed more work to not break CI
Change-Id: I23768bee242e3cf81b1493a740cf070e7ad1e224
This does not move the actual limit report data into
ParserOptions yet, that should be done separately
given that it will require serialization changes.
Let's get this change settled first before messing
with serialization.
This unifies canonical and non-canonical ParserOptions,
so ParserCache can now be used with both. It is hard
to say how this will affect the ParserCache capacity,
so we should monitor it after releasing this.
Change-Id: I154c0a77a5b0287b5572614d56339fb57ac56c33
The message wgEditMessage can contain code for the extension
ParserFunctions which is not supported by mediawiki.jqueryMsg.
This change updates only the title in the firstHeading instead of
creating the whole message including the title again. The title gets
identified by a new HTML element with id="firstHeadingTitle".
The title in the HTML title gets not updated anymore. For a preview of
the display title the title in the firstHeading should be enough.
The 6 messages
'creating',
'editconflict',
'editing',
'editingcomment',
'editingsection',
'pagetitle'
are not needed anymore in JavaScript and removed from the module.
The global JavaScript variable 'wgEditMessage' is not needed anymore in
the live preview module. Other user scripts uses this variable and
therefor this variable is kept for compatibility.
Bug: T105214
Change-Id: I8d8dc79c6bf1a94a55f1d0f6b5611ca478fd9e18
Some methods in the PageUpdater's class implements the fluent interface
design pattern. Use the fluent interface where need be.
Change-Id: If76a4b8c5070c20ed40038a4ee78e2d677de5180
ContentHandler::getContentText() is deprecated and should be
replaced with Content::getText() for TextContent instances.
Change-Id: I556d3d3f64fafd1d54c4a0c5021efaff2d9c3ce8
Since $wgSkipSkins is meant to only 'remove skin from preferences',
it should not affect parsing with them.
So these skins need to be allowed here.
To achive this, this patch adds getInstalledSkins() method to SkinFactory
to provide the complete. The method supersedes getSkinNames() which does
the same thing but with ambiguous name.
Description of getAllowedSkins() has been corrected as it was slightly incorrect.
Bug: T237856
Change-Id: I0889b823d27f1a2830cc0205f5a21ed4de744e08
To allow people to set a custom watchlist expiry and then preview the
page, we read from the POSTed 'wpWatchlistExpiry' value and set that
as the default.
It seems reasonable and what users expect to do the same for "show changes",
so check for $this->diff as well.
Bug: T291287
Change-Id: Ia3b27b61a5c65b1830045796a87f11a5659502e2
This ensures that a DerivedPageDataUpdater is initialized earlier during
the edit process, so it can be used by hooks to access the state of the
ongoing edit.
This patch also cleans up PageUpdater a bit to make the internal information
flow more consistent with the idea that PageUpdater is acting as a
builder for a new revision.
Change-Id: I99abb7bdffb2b5ff5979ba5b1e56d39dba4cd3dc
The non-strict conditions in if/while are true/false without the check.
In some situation the true/false is removed, because it is known to be a
bool (by is_bool check or type hint)
Change-Id: I5ca4c4771af25d2e785e82732df204a73653886e
Update ContentTransformer to access ContentHandler::preLoadTransform through the service.
Prepare object to hold a data that required for ContentHandler::preLoadTranform params.
This is a fully backwards compatible change.
We are doing hard deprecation via MWDebug::detectDeprecatedOverride.
However, with the ContentHandler calling Content and
Content calling ContentHandler, it doesn't matter whether
callers use Content or ContentHandler. This will allow us
to naturally convert all callers.
Bug: T287157
Change-Id: I89537e1e7d24c6e15252b2b51890a0bd81ea3e6b
This module provides styling for span.comment, produced by
Linker::commentBlock, which EditPage calls when generating the
HTML for the edit summary.
Add a notice for that to Linker::commentBlock, like was done
in ddbf011257, and update the
comment in the stylesheet.
Bug: T288907
Change-Id: I3d929eaae54754bd3e41a9add419f1098a7f8e3a
