For scripts loaded from load.php using mw.loader.implement(), an
exception is handled fine and results in the module state progressing
from 'loading' to 'errror'.
However, for wikis modules loaded with only=scripts from the HTML directly,
there is no wrapper. As such, the state() call appended to the script is
never reached and the module indefinitely stays "loading".
VisualEditor (and others) already explicitly ignore the error state
of the wiki modules (with inline mw.loader.using and casting the Promise to resolved).
However in this case the Promise never completed to neither success nor failure.
As such, this was causing users with syntax errors in their user script to
encounter a stuck VisualEditor loading bar that never goes beyond 70%.
Change-Id: I091a020bdd3392b965e0e25d03b216037fadc48f
This allows us to continue to use MessageBlobStore::get() as a way
to pre-fetch messages in batches for multiple modules while also
allowing individual modules to retrieve their messages in a convenient
way.
This is in preparation for implementing ResourceLoaderModule::buildContents
and using it in ResourceLoaderModule::getVersionHash.
ResourceLoader::respond() already fetches message blobs in batches for the
actual response, but it also needs getVersionHash(), which would otherwise
fetch the same messages a second time.
Change-Id: I7e4c8b65765b54807123e85cfbb7eb2e5b2f39bd
Attempt to reduce error log spam. I'm not sure about the exact
cause of this error, nor have I really reproduced locally, so
I don't know if this will help, but getting it out of destructor
seems like a good idea.
I also do not know if calling xml_free_parser is really needed
(Would php automatically destroy parser during garbage collection?)
Bug: T89532
Change-Id: I5709b6cf26cf4a9032a79d2b5f48ed3b4238eaee
Both the problem and solution are nearly identical to the ones presented in
I31d4556bb. Use a constant string as a comment placeholder, and differentiate
it from possible user input using \x7f, which is not valid CSS anyway[1].
[1]: http://www.w3.org/TR/CSS21/grammar.html
Change-Id: I3d3c2578d5e9c1fe52c02e87901cb08d03847ea7
Use arrays instead of strings, to avoid using
string functions with Unicode.
Handle thousands according to how years like 1000, 2000, etc.
are named in the Hebrew Wikipedia.
Bug: T97444
Change-Id: I5334e86793d28dfcf8939a249b03a5ea85fa4e69
Some failing tests are commented out and will be properly fixed
in subsequent commits.
Bug: T97444
Change-Id: I19721b5dc3dc6bbe923d9bf401fcf5d765fb7a7c
Also clarifying definition of $modifiers parameter.
Also simplifying code for case where $attrs['class'] is not set.
Change-Id: I425211681ba75cb71c1ccc3b3c038c075ea9acb9
If you don't commit the slave connections then they keep their old snapshots.
This clears the snapshots so they don't get out of date views of the world.
Bug: T100838
Change-Id: I1f6f910d88324beb589b2ad9466d8786376eda55
Wasn't actually a vulnerability because HttpStatus::getMessage
can only return one of a fixed set of values which are all plain
text without any special characters. However the return value
there is meant to plain text and not html, so just like
Html::element and other interfaces, things should be consitently
escaped.
Also renamed variables for clarity.
Change-Id: I8b61d7e9ea4101e3a9ef5f9a59a97db45aeef68c
Generating one-time, unique strip markers hurts us in multiple ways:
* The strip marker regexes don't benefit from JIT compilation, so they are
slower to execute than they could be.
* Although the regexes don't benefit from JIT compilation, they are still
compiled, because HHVM bets on regexes getting reused. This extra work is
fairly costly (1-2% of CPU usage on the app servers) and doesn't pay off.
* The size of the PCRE JIT cache is finite, and the caching of one-off regexes
displaces from the cache regexes which are in fact reused.
Tim's preferred solution (per his review comment on
https://gerrit.wikimedia.org/r/167530/) is to use fixed strip markers.
So:
* Replace usage of $parser->mUniqPrefix with Parser::MARKER_PREFIX, which
complements the existing Parser::MARKER_SUFFIX.
* Deprecate Parser::mUniqPrefix and its accessor, Parser::uniqPrefix().
* Deprecate Parser::getRandomString(), since it is no longer useful.
* In Preprocessor_*:preprocessToObj() and Parser::fetchTemplateAndTitle,
replace any occurences of \x7f with '?', to prevent strip marker forgery.
\x7f is not valid input anyway.
* Deprecate the $prefix parameter for StripState::__construct, since a custom
prefix may no longer be specified.
Change-Id: I31d4556bbb07acb72c33fda335fa5a230379a03f
* Split off OOjs UI's module definitions to a separate file from
Resources.php.
* Extend ResourceLoaderImageModule to support per-skin images and
variants.
* Allow skins to specify their preferred OOjs UI theme using new
skin registry attribute 'SkinOOUIThemes'. The default remains the
'mediawiki' theme, 'apex' can also be chosen now.
* Implement custom ResourceLoaderOOUIImageModule which implements some
special sauce required to shoehorn OOjs UI image set definitions into
ResourceLoaderImageModule with skin-specific styles support.
Bug: T100895
Change-Id: I3fbacbce95126a4cc29221352f3ef846f41e7b1b
