* Some functions accept only string, cast ints and floats to string
* After preg_matches or explode() casts numbers to int to do maths
* Cast unix timestamps to int to do maths
* Cast return values from timestamp format function to int
* Cast bitwise operator to bool when needed as bool
* php internal functions like floor/round/ceil documented to return
float, most cases the result is used as int, added casts
Found by phan strict checks
Change-Id: Icb2de32107f43817acc45fe296fb77acf65c1786
It turns out this gets rid of a bunch of suppressed
"SecurityCheck-DoubleEscaped" that appear to have been accurate
warnings.
There seems to have been some confusion about how ::truncateForVisual()
is supposed to be used; in particular it is to be passed *unescaped*
output, because it is not (generally speaking) safe to truncate
HTML-escaped strings. The goal of ::truncateForVisual() is to have
a specific number of codepoints in the output for display purposes,
the encoding of those codepoints is not an issue (htmlspecialchars
can be applied to the *return value*.) If you need a specific number
of *bytes* you should be using ::truncateForDatabase(). If you want
a certain number of *HTML bytes* then the ::truncateHtml() method
is probably what you want.
Slightly refactor some code in RevDelLogItem to avoid a false positive.
Bug: T301205
Bug: T290624
Change-Id: I893362e049aedfa699043fcf27caf4815196f748
Don't catch and discard exceptions from the RequestTimeout library,
except when the exception is properly handled and the code seems to be
trying to wrap things up.
In most cases the exception is rethrown. Ideally it should instead be
done by narrowing the catch, and this was feasible in a few cases. But
sometimes the exception being caught is an instance of the base class
(notably DateTime::__construct()). Often Exception is the root of the
hierarchy of exceptions being thrown and so is the obvious catch-all.
Notes on specific callers:
* In the case of ResourceLoader::respond(), exceptions were caught for API
correctness, but processing continued. I added an outer try block for
timeout handling so that termination would be more prompt.
* In LCStoreCDB the Exception being caught was Cdb\Exception not
\Exception. I added an alias to avoid confusion.
* In ImageGallery I added a special exception class.
* In Message::__toString() the rationale for catching disappears
in PHP 7.4.0+, so I added a PHP version check.
* In PoolCounterRedis, let the shutdown function do its thing, but
rethrow the exception for logging.
Change-Id: I4c3770b9efc76a1ce42ed9f59329c36de04d657c
When the called function has a doc of int, it should be cast to be
explicit here.
Also cast for arithmetic operations to be explicit about the number
Change-Id: I905b78dfb66e66443e0e3203488bab5b548db543
Since LinksUpdate was already run after a page move, it was just a
matter of propagating a move flag down to it, and resolving the
differences between the move case and the edit case.
This should be faster since it avoids writing to the links tables twice
on a page move.
Change-Id: Ifaa4051a736b01cda82fbd890325e0751ce041f8
PreparedUpdate represents an in-progress edit. It can be used to access
information about the edit from hooks that do to have access to the
PageUpdater. Ideally, the PreparedUpdate or PageUpdater would be passed
to the hook as a parameter. Handlers of legacy hooks may use
WikiPage::prepareUpdate() to access it.
Bug: T242249
Needed-By: I23324a31e06e7e6f28077085c0ade05db63e9a35
Change-Id: Id5ba40a21cc4547205adf2f3a1f725c3a69c24d8
Avoid triggering a parse in DerivedPageDataUpdater::getPreparedEdit().
Defer the internal getOutput() call till when something actually tries
to access the timestamp property.
Bug: T277788
Change-Id: I899d9966214b36ebcd660aaf7c2da399e35be92e
The following User methods, deprecated in 1.35, have been removed:
- ::isIP,
- ::isIPRange,
- ::isValidUserName,
- ::isUsableName,
- ::isCreatableName,
- ::getCanonicalName,
- ::addAutopromoteOnceGroups,
- ::getDefaultOptions,
- ::getDefaultOption,
- ::getOptions,
- ::getBoolOption,
- ::getIntOption,
- ::setOption
- ::listOptionKinds
- ::getOptionKinds,
- ::resetOptions,
- ::getEffectiveGroups,
- ::getAutomaticGroups,
- ::getFormerGroups
User::GETOPTIONS_EXCLUDE_DEFAULTS has been removed, since it is used only in the description of User::getOptions.
Bug: T277511
Depends-On: Ida05c22f81b30d9b46678e8ede3d531c38855d83
Change-Id: I72bbc2336f8ddbc66ce67226cd2d5baaa2f807d8
Update method name in ContentHandler, soft-deprecate method on Content.
This will require making a semi-backwards-incompatible
change no matter what, we don't really have a great way
of hard-deprecating overriding methods.
Replace all callers of Content::prepareSave in core.
Add tests for ContentHandler::validateSave.
Bug: T287159
Change-Id: I7f23e6e97b1c7d27a6aaefdb88b19b2fc6e8b3a8
Sometimes we apply tag to a revision even if we
suppress the RecentChange, for example when leaving
redirects after page moves.
Bug: T291967
Change-Id: I7330d3b56cd2280dd23ec0ccb4e1c4807c534739
Also use another variable for the full user object to make clear which
parts needs it and which part is fine with an UserIdentity
Change-Id: I8422159a462cc54b54006a44e7b46079919691ad
When encountering missing or null text blobs, populateContentTables
would fail, leaving the data migration to slots incomplete. This
patch allows the script to continue, reporting the bad blobs without
failing.
This patch and I041d5c67bf241bb7cf2e31e0a4b0030e2cf9a13b, upon
which it depends upon, should be backported.
Bug: T212428
Change-Id: I582eac2befec152cb48d898644bc024a5ade2260
This allows using the already into PageEditStash injected UserFactory
instead of falling back to global state in DerivedPageDataUpdater.
Change-Id: I18f198d323c3ca001c6a0de91bc669180cd1d11c
This is a uniform mechanism to access a number of bespoke boolean
flags in ParserOutput. It allows extensibility in core (by adding new
field names to ParserOutputFlags) without exposing new getter/setter
methods to Parsoid. It replaces the ParserOutput::{get,set}Flag()
interface which (a) doesn't allow access to certain flags, and (b) is
typically called with a string rather than a constant, and (c) has a
very generic name. (Note that Parser::setOutputFlag() already called
these "output flags".)
In the future we might unify the representation so that we store
everything in $mFlags and don't have explicit properties in
ParserOutput, but those representation details should be invisible to
the clients of this API. (We might also use a proper enumeration
for ParserOutputFlags, when PHP supports this.)
There is some overlap with ParserOutput::{get,set}ExtensionData(), but
I've left those methods as-is because (a) they allow for non-boolean
data, unlike the *Flag() methods, and (b) it seems worthwhile to
distingush properties set by extensions from properties used by core.
Code search:
https://codesearch.wmcloud.org/search/?q=%5BOo%5Dut%28put%29%3F%28%5C%28%5C%29%29%3F-%3E%28g%7Cs%29etFlag%5C%28&i=nope&files=&excludeFiles=&repos=
Bug: T292868
Change-Id: I39bc58d207836df6f328c54be9e3330719cebbeb
After parent patch MovePage changed code is covered
by tests, plus tested locally quite a bit. Seems to work.
Change-Id: I0f8db203eb4aa767e5e1f3067f3a9e35835f38ea
This ensures that a DerivedPageDataUpdater is initialized earlier during
the edit process, so it can be used by hooks to access the state of the
ongoing edit.
This patch also cleans up PageUpdater a bit to make the internal information
flow more consistent with the idea that PageUpdater is acting as a
builder for a new revision.
Change-Id: I99abb7bdffb2b5ff5979ba5b1e56d39dba4cd3dc
WikiPage is not the right spot to compute all the revert
related stuff - we already figure out manual reverts when
building the EditResult, lets figure out rollbacks and undos
in there as well.
Change-Id: I9fdc5f24c1db1eb0452b90bf4af1ef5ffbce6cb8
This does a breaking change, but all (2) known usages
of the LinksUpdate::getTriggeringUser are satisfied
by UserIdentity.
Change-Id: I682ee65f7b3d30fe6c0fe76d5106857ddfa6da5d
