Remove Flash cross-domain policy mangling. Users who are somehow still
using Flash as a browser extension will be exposed to CSRF
vulnerabilities.
Deprecate the config since deprecation has some advantages in the new
config system over simple removal.
Bug: T279496
Change-Id: I2c0e85a430d7e6aaf8d5decd00cf1dade04cebe1
This covers all occurrences of /onfig->.*get( '/ in includes/.
Undoubtedly there are still plenty more to go.
Change-Id: I33196c4153437778496f40436bcde399638ac361
This reverts commit 2bcb3fe567.
Reason for revert: this is a good change,
just needed more work to not break CI
Change-Id: I23768bee242e3cf81b1493a740cf070e7ad1e224
This does not move the actual limit report data into
ParserOptions yet, that should be done separately
given that it will require serialization changes.
Let's get this change settled first before messing
with serialization.
This unifies canonical and non-canonical ParserOptions,
so ParserCache can now be used with both. It is hard
to say how this will affect the ParserCache capacity,
so we should monitor it after releasing this.
Change-Id: I154c0a77a5b0287b5572614d56339fb57ac56c33
This name is consist with the rest of the setter and getter methods
in ParserOutput. Renamed the methods in OutputPage, ImageHistoryList,
ImageHistoryPseudoPager, and ContribsPager as well for consistency;
it also makes chasing down lingering references in codesearch easier.
Soft-deprecated the old name for 1.38. Hard-deprecation will follow,
but there are a number of users in production that should be chased
down first.
Code search:
https://codesearch.https://codesearch.wmcloud.org/deployed/?q=(allow%7Cprevent)Clickjacking&i=nope&files=&excludeFiles=&repos=
Bug: T287216
Change-Id: I9822c60c180d204bd30cb4447a1120155d456da4
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
The addModuleScripts() methods were deprecated in 1.31 and 1.32,
these are now removed.
The getModuleScripts() are now deprecated as well, always returning
an empty array. To be removed in 1.34.
Depends on commits for bundled/wmf-deployed extensions that
remove the last few remaining callers to the deprecated functions
in: 3D, Collection, Flow, GlobalUserPage, and Wikibase.
Bug: T188689
Depends-On: If9f0bc6aef85117587fa1929f34f8861c8d80314
Depends-On: Ia8d41b97fbf6822f5f8f7ac889408acce1ac9a3a
Depends-On: I503b919739ea474ff33726815b0da55e2f7e2724
Depends-On: I236ef637fd03b810a46eb361e25067a037e9d183
Depends-On: I62e17779753b977a452cc0c9694947941e999cc3
Change-Id: I5a19b8f164ccf666485d2971202194b747f882df
There's probably not much benefit in search engines indexing the API
auto-generated help or various random "format=jsonfm" outputs.
On Wikimedia wikis we already have a robots.txt entry denying indexing
of everything under /w/, which includes api.php.
Bug: T207818
Change-Id: I196d401eeb5fcf49844265df41ad3cce83ffdcdf
* Convert OutputHandler.php from global functions to a class.
- wfOutputHandler → OutputHandler::handle
(no alias, no usage outside core)
- wfGzipHandler → OutputHandler::handleGzip
(private, no usage outside class)
- wfRequestExtension → OutputHandler::findUriExtension
(private, no usage outside class)
- wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy
(private, no usage outside class)
- wfDoContentLength → OutputHandler::emitContentLength
(private, no usage outside class)
- wfHtmlValidationHandler → OutputHandler::validateAllHtml
(private, no usage outside class)
* Add the class to autoload.php for exposure outside WebStart.
Specifically, for use in ApiFormatPhpTest. This also removes the
need to manually load the class because this code runs after
Setup.php loads AutoLoader.php.
Bug: T189966
Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
* Use $_SERVER['REQUEST_TIME_FLOAT'] unconditionally in WebRequest.php
and libs/Timing.php. WebStart.php was doing this already without issue.
The key existst since PHP 5.4, for both Web and CLI (we require 5.5).
* In wfDebug() and wfReportTime(), use $_SERVER['REQUEST_TIME_FLOAT'] instead.
* In ApiFormatBase and MWDebug, use WebRequest::getElapsedTime() instead.
* In Maintenance.php, remove setting of $wgRequestTime.
* In rebuildFileCache.php, update mocking to $_SERVER['REQUEST_TIME_FLOAT']
so that we avoid re-introducing bug T24852.
Change-Id: I1b647da2862f815029caa533b592ec8a05b33806
The return value for ApiFormatBase::getFilename() was formerly
documented as "must be encoded for inclusion in a Content-Disposition
header's filename parameter." While this is ok for the common use case
where the module is returning a constant string or can assume whatever
it gets back from getExtensionsForType() is ok, it's not in general a
good idea to make all callers handle that.
Further, it's not possible to represent characters outside of the
ISO-8859-1 character set in a 'filename' parameter. You have to use
'filename*' to do that (see RFC 5987 and RFC 6266).
So, this patch changes the definition of getFilename() to remove the
encoding requirement, and adds code to properly convert and escape the
value for the 'filename' and (if necessary) 'filename*' parameters.
Note this may give unexpected results (double encoding) if any module
actually is returning an encoded filename. I don't see any such cases in
core or in extensions in Gerrit.
Change-Id: I0c2749a847b639f228efff4e1917a61612a1f7d1
It is the job of git and svn to provide this information/metadata.
The form was different, some with short, some with long month name
some with leading zero at the day, some without.
The year is also present in the Copyright clause
Change-Id: If006907b82b9e45f13cfa2e45d41107a95570e1a
If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.
We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.
Issue reported by: Abdullah Hussam
Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
Added Hyperlink to non-HTML formatted output from the HTML
representation of the output
Bug: T123905
Change-Id: Id55c524a29f679b8e06d4e3d05bd50e8685fb830
Links generated by the API are now aware of the user's preferred
language and will show documents in that language if available.
To test, log in to mediawiki.org and set your language preference to 'es',
then on an MediaWiki installation with this patch view the generated
expanded API help at `api.php?action=help&recursivesubmodules=1&modules=main`.
Each link to documentation on mediawiki.org should take you to its
translated /es subpage, if one exists.
Bug: T104518
Change-Id: I339a1f3ae1bce9d759cf251899d57c32b1def91e
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I49e2a10350a328a8572fcedd44012751a29e1068
To accomplish this, the responsibility for setting the HTTP status code
in the response is moved to ApiFormatBase.
This also adds a line to the pretty-printed response and to ApiSandbox's
output to indicate the status that would be used.
Bug: T150344
Change-Id: Iaf0698ee1b93565d9b02b5a9aa8f93ceb135658b
All deprecated ApiResult methods are removed. These have been deprecated
since 1.24 or 1.25, and the only users remaining in Gerrit are wrapped
in backwards-compatibility checks and so should not be being called.
ApiBase, ApiFormatBase, ApiMain, and ApiQuery methods for generating the
pre-Ib14c00df help text are removed. Nothing has called these for a long
time, and only Flow implemented them in any way. Deprecated methods for
providing the text for such help, such as getDescription(), haven't been
removed yet, though, since some extensions still call some of them.
Change-Id: I3ca7c98174b4a3f6f67f2b023e0f4446637e7a84
It was kept around in the ApiResult rewrite because Wikibase was
(mis)using it as an "XML mode" flag.
Bug: T96596
Change-Id: Ic8259649c8cb0cce0444c907607c36d96fb2eb7e
Follows-up d25cb99. addModules() is async and causes a flash
of unstyled content. E.g. the h1.firstHeading renders and then
disappears on pages like:
<https://en.wikipedia.org/w/api.php?action=purge>
Change-Id: I74c6386d2c5f318987dac103a76c0bc2af6e2653
Setting format=rawfm suggest to set format=raw ("To see the non-HTML
representation of the RAW format, set format=raw.") which does not
exists.
Add a new message for this case which does not contains the hint.
Change-Id: I40fe0b6e52dc0c70b07b368a3eace430e0c8f68c
Try falling back to use the printer without any of its parameters in
case one of them is what's failing.
Change-Id: I2611550109de4219bf1cc43333d038753e9eb87c
ApiResult was a mess: some methods could only be used with an array
reference instead of manipulating the stored data, methods that had both
array-ref and internal-data versions had names that didn't at all
correspond, some methods that worked on an array reference were
annoyingly non-static, and then the whole mess with setIndexedTagName.
ApiFormatXml is also entirely annoying to deal with, as it liked to
throw exceptions if certain metadata wasn't provided that no other
formatter required. Its legacy also means we have this silly convention
of using empty-string rather than boolean true, annoying restrictions on
keys (leading to things that should be hashes being arrays of key-value
object instead), '*' used as a key all over the place, and so on.
So, changes here:
* ApiResult is no longer an ApiBase or a ContextSource.
* Wherever sensible, ApiResult provides a static method working on an
arrayref and a non-static method working on internal data.
* Metadata is now always added to ApiResult's internal data structure.
Formatters are responsible for stripping it if necessary. "raw mode"
is deprecated.
* New metadata to replace the '*' key, solve the array() => '[]' vs '{}'
question, and so on.
* New class for formatting warnings and errors using i18n messages, and
support for multiple errors and a more machine-readable format for
warnings. For the moment, though, the actual output will not be changing
yet (see T47843 for future plans).
* New formatversion parameter for format=json and format=php, to select
between BC mode and the modern output.
* In BC mode, booleans will be converted to empty-string presence style;
modules currently returning booleans will need to use
ApiResult::META_BC_BOOLS to preserve their current output.
Actual changes to the API modules' output (e.g. actually returning
booleans for the new formatversion) beyond the use of
ApiResult::setContentValue() are left for a future change.
Bug: T76728
Bug: T57371
Bug: T33629
Change-Id: I7b37295e8862b188d1f3b0cd07f66ac34629678f
- Changed spaces to tabs for indentation
- space after 'function'/'if'
- Added/Removed space after parenthesis/brackets/end of line
- Removed space after cast
Change-Id: I0e8e6a19b84b5e1308b632a0266cb78f688494ee
This restores the pre- d25cb992 behaviour. Apparently UploadWizard's
flickr module relies on this (Which seems rather wrong, but
regardless I still think api handling of $wgApiFrameOptions should
extend to the "fm" modes.)
Note: If $wgBreakFrames is true, then frames will still be broken.
Although this is a change from prior behaviour, it makes sense
to me that $wgBreakFrames would not allow the human readable output
of the API be frammed.
Bug: 72340
Change-Id: Ia61a4698f7044acfcd7339207590d9333f4100cb
* Set a more sensible value for the "title" of the page (Special:ApiHelp
rather than API)
* Avoid calling various skin-related hooks that aren't going to be used.
* Don't override the user in the DerivativeContext, MessageCache doesn't
pay attention to it anyway for ->parse().
Bug: 72131
Bug: 72174
Change-Id: Idc42ab6526d640dc68fa93f6b4c5524b3d9e2e44
