It gets wrapped into a Widget in ::getOOUI
Found by phan strict checks (used by tagfilter and cloner)
Change-Id: Ie1fd15fc2a66fcb39fa2e2f63761d9683029e395
php internal functions like floor/round/ceil documented to return
float, most cases the result is used as int, added casts
Found by phan strict checks
Change-Id: I92daeb0f7be8a0566fd9258f66ed3aced9a7b792
This reverts commit a745a87216.
Reason for revert: logspam on use cases out side the scope of HTMLForm
Bug: T302512
Change-Id: Idcf1c7db89b4456308d57915ffd0dcc41ee577ad
The functions returning null or the class property is set explict null
Found by phan strict checks
Change-Id: I4a271093fb6526564d8083a08249c64cb21f2453
After its logic is refactored, we have more faith to use isDisabled() in these cases, which matches the original semantics of isHidden().
Change-Id: I1aece7c691307ac8bb3770e6dc4b8e2877e4d65c
This is a follow-up of change Ic414e7bb7933c8c5c58a277ac1c5c3aaf8c36119.
I noticed that HTMLForm would add a hidden field of edit token for forms
that require to be posted...
And I also noticed that there is a crazy use case (9ca8394943/includes/specials/SpecialTags.php (320))
that would break with the loose check (I'm also going to fix it by I5050311c37030a64daaa25d05e2223485ed86108).
So that change should be undone, but keep the POST check here to avoid
arbitrary token in a GET form.
Add more comments since there are some preconditions in another file and
avoid future regression.
(And I hope this is the last time I fix this test...)
Change-Id: Ib02cd6b4a45e3820c4378fe5b0c7fc61fe1251e7
Forced-on options (selected as default but disabled) should always in
the loaded data, like what HTMLCheckMatrix do.
Change-Id: I342928eca01ae8a9f34ee7156a515524c3a0d9dd
This can help check fields default to true or have 'invert' enabled to
load correct data, because the 'false' values of checkboxes can never
be included in the request of normal use cases. Also better to other
use cases in HTMLCheckMatrix and HTMLMultiSelectField.
This partially reverted I5589ba7383587afdd9307c79e88849dacee02706.
I get trapped by the test case... The default value does need an invert
to check for hide-if and disable-if, like what
HTMLCheckField::getInputOOUI() do for display.
Depends-On: Icfa062eada75c50cd2c8bc5db2930602d80e9ae7
Change-Id: Ic414e7bb7933c8c5c58a277ac1c5c3aaf8c36119
* Re-use the methods that generate the dropdown for the input in fancy
recent changes / watchlist filters interface.
* Use ComboBoxInputWidget for the OOUI version, and `<datalist>` for
the plain HTML version, to add a dropdown menu while still using a
text field, in case the dropdown is missing items (it's cached) or
for easy copy-paste.
Bug: T27909
Change-Id: Iad60fb8d9a14e2c67fe9ba365e2ec0768bf5c2da
Old codes relied on some assumptions, so:
* When a "key in form descriptor" is provided, the 'name' param can't be set otherwise the js wouldn't be able to find it.
* When a "name for submission" (with 'wp' prefix or same as the 'name' param) is provided, it works on the client-side but something might be broken on the server-side.
Since the documented usage is to use "key in form descriptor" and most use case is fine, the use of "name for submission" is explicitly disallowed here.
Use cases simply with the 'wp' prefix would still keep working on both sides though.
Depends-On: I27fd8fa9643d611b37e3f47e77b698245814d539
Change-Id: I9a42417a6161f42181badd8cdbec81ba85dc62f6
It was supposed to become required in 1.19, according to a code
comment (typo'ed in ead9055a).
There seem to be very few uses without the parameter out there (based
on a brief look at https://codesearch.wmcloud.org/), and most of them
are in tests, so they should be easy to find and correct.
Change-Id: I161cc342d1af813c281a6d9e30fdd85bc7b07578
Don't catch and discard exceptions from the RequestTimeout library,
except when the exception is properly handled and the code seems to be
trying to wrap things up.
In most cases the exception is rethrown. Ideally it should instead be
done by narrowing the catch, and this was feasible in a few cases. But
sometimes the exception being caught is an instance of the base class
(notably DateTime::__construct()). Often Exception is the root of the
hierarchy of exceptions being thrown and so is the obvious catch-all.
Notes on specific callers:
* In the case of ResourceLoader::respond(), exceptions were caught for API
correctness, but processing continued. I added an outer try block for
timeout handling so that termination would be more prompt.
* In LCStoreCDB the Exception being caught was Cdb\Exception not
\Exception. I added an alias to avoid confusion.
* In ImageGallery I added a special exception class.
* In Message::__toString() the rationale for catching disappears
in PHP 7.4.0+, so I added a PHP version check.
* In PoolCounterRedis, let the shutdown function do its thing, but
rethrow the exception for logging.
Change-Id: I4c3770b9efc76a1ce42ed9f59329c36de04d657c
Values loaded from the default wouldn't be inverted, there is no need to copy the conditions to here, we can just simply bypass them.
Fortunately, nothing can be affected in a normal use case, since all value of fields would be set to server.
Thanks to the newly added tests, which helped me to realize this problem.
Change-Id: I5589ba7383587afdd9307c79e88849dacee02706
Follow-up changes will use cond-state params in other functions, split this out to make sure it's validated.
Change-Id: Icf358794b11a8f986fbd02c8f1b15ea9d1ef4d15
I believe there is a mistake, since DefaultPreferencesFactory::cleanSignature() uses it as field data, which is the only filter applied in the core.
Change-Id: Ic7aa509a3e5fd3a3c717259d83d5bf0a26d3556a
Data of disabled fields wouldn't be sent to the server, which needs to load data from default.
Bug: T298614
Bug: T298819
Change-Id: I58f9df384df8ecc5ebae8cac68ec2251351bc984
There is only one use case of cond-state classes passed to the client-side, and it can be done more natively.
Change-Id: Ib6835bb334bd65c6176f0a5c3881b20265901af9
Rename HTMLForm::[get|set|add][Pre|Post|Header|Footer]Text() to
HTMLForm::[get|set|add][Pre|Post|Header|Footer]Html() and
deprecate the old methods. Their arguments are rendered as raw
HTML so the old name was misleading.
Some of these are marked as stable to override and theoretically
the renaming could cause problems if callers are updated to the
new name while the overriding class is still using the old name,
but the only case known to codesearch is OOUIHTMLForm which is
also updated here.
Bug: T290771
Change-Id: I2c269eb6ab2b320fa2eef4ee8a226e96ad05fbe2
Array addition in PHP does not renumber keys, so it can't be used to get
the union of two lists.
Bug: T297975
Change-Id: Ic9932b23e32c704b14fc9fe234c35a48b59767c5
The restrictions were introduced in r53480 (724411c7ca, 2009),
which makes it clear that this was just about HTML correctness,
and in HTML5 there are fewer requirements.
This code was last touched in commit fd6e9ef2d4 (2017), where it was
suggested in code review that it "can probably be removed":
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/362326/comment/6e71af52_900abad4/
Bug: T126962
Change-Id: I54c1f28ec9112cd4a161a79e76c2224f91f134b9
This name is consist with the rest of the setter and getter methods
in ParserOutput. Renamed the methods in OutputPage, ImageHistoryList,
ImageHistoryPseudoPager, and ContribsPager as well for consistency;
it also makes chasing down lingering references in codesearch easier.
Soft-deprecated the old name for 1.38. Hard-deprecation will follow,
but there are a number of users in production that should be chased
down first.
Code search:
https://codesearch.https://codesearch.wmcloud.org/deployed/?q=(allow%7Cprevent)Clickjacking&i=nope&files=&excludeFiles=&repos=
Bug: T287216
Change-Id: I9822c60c180d204bd30cb4447a1120155d456da4
