This breaks out the toggle checkbox code into a separate class in
includes/ListToggle.php
Bug: T92230
Change-Id: I8d1aefb83008053e63d59abf8b8915b93e15fcc2
Using IContextSource avoids the use of $wgLang and wfMessage which make
use of global $wgTtle.
Add IContextSource as parameter to ChangeTags::formatSummaryRow to avoid
globals. Define an IContextSource instance in all functions which
reference ChangeTags::formatSummaryRow and pass it in ChangeTags::formatSummaryRow
function call.
Also make the default value of IContextSource $context as null in
parameter, to avoid breaking changes for old callers in extensions.
Document default null value of IContextSource and add a @note to prefer
IContextSource over null value.
Remove trailing whitespace, and make code order according to parameter
order.
Bug: T105648
Change-Id: Ib54a6a96b73f6cd8fcdf8e520db2448a1e811cfa
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
The "return to" guess of the patrol action for non-JS users now also
checks uploads, and in that case let users return to Special:NewFiles.
Change-Id: Ib8e472c16b7034524ef3b79a5eb426f7edda6ec2
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
The next revision in the page history isn't necessarily the previous
revision (due to selective undeletions, history merges, etc). This
passes the next revision to HistoryRevisionTools so extensions can check
if needed. Also, it passes the user to this hook and DiffRevisionTools
to avoid use of wgUser or having to retrieve context.
Change-Id: Ibc68f19040eebe3614e07f753f26bbfd376ae28d
* This gets lag information that is useful when
the calling code is about to run queries that
will have their results cached.
* This is now used in place of trxTimestamp() for
WANObjectCache set() and getWithSetCallback().
* The WAN cache will use a low TTL if the lag is
too high to avoid caching stale data for weeks.
* Bumped MAX_COMMIT_DELAY as nothing enforces it.
Bug: T113204
Change-Id: I2a95b4088cff42d6e980351555f81a4b13519e24
* Make FormAction::getFormFields not abstract. In most cases this will just
be an empty array. This is in prep for RollbackAction as well.
* Remove redundant show() in WatchAction. This used to do custom stuff,
but after 77cdf1919 it does exactly the same as the parent FormAction::show.
* Don't add 'redirectparams' hidden field if there were no custom query parameters
(e.g. plain index.php?title=..&action=..)
Change-Id: Ia7f9bb0367c49a23179e9fefa9f529fa8aef8f52
The GET variant was already rarely used because our frontend enchances these links
with a click handler that uses AJAX to make a POST request to the API.
The index.php url, nor its token, were used for the majority of users.
Simplify this by stripping the 'token' query from these urls and requiring a POST
request for index.php?action=watch and unwatch.
* FormAction: Actually set a proper '<form action>' instead of letting HTMLForm
default to a confusing title path (e.g. /wiki/Pagename). Article path should
not be used for POST requests.
* WatchAction: Group all FormAction-related methods together.
* WatchAction: Make token consistent with other actions now that it is POST-only
(no "stronger" salt containing the page title).
* Remove ununsed mediawiki.page.startup dependency from mediawiki.page.watch.ajax.
* WatchAction: If accessed over GET directly (e.g. for users without javascript)
display a confirmation form that submits the token. Similar to PurgeAction.
Change-Id: I504f457e68a133bcfc418cff13b838080fec1008
* The random I/O due to secondary lookups causes timeouts on
larges pages that keep showing up in the logs.
Change-Id: I9bddcd3ba9ad5ff2f26ccec4553906ecc4a8129b
MWTimestamp::getTimezoneString() returns the timezone name as a message,
that supports wiki localization. The code is moved from Parser::pstPass2.
The default file revert message is currently always in UTC.
This patch sets the default timestamp to be in the wiki timezone (similar
to ~~~~). The timezone is passed as a new parameter to the message, with
the date / time parameters being merged and handled by
$wgContentLang->timeanddate
Bug: T36948
Change-Id: I48772f5f3b1635d33b6185776cedfc4ee1882494
* Potentially long running POST requests often use multiple transactions,
talk to multiple services, or defer updates. Try to make sure they have
a chance to complete all of the work. WMF already sets ignore_user_abort()
across the board in config, but this applies it to key spots for all
installs, in addition to bumping the time limit.
* Eventually this can lower the need for high overall time limits.
Bug: T102890
Change-Id: I893ddd773064dcd63b5b24c84c6391974f4b5aee
We just saved the page, so we know the revision id. Pass it on to
InfoAction::invalidateCache() so it doesn't have to be looked up again.
Follows-up 0452855044.
Change-Id: I990c0da09fae94f403f3550069036d3f208090a6
No behavioural change, but makes the code easier to understand.
It was somewhat all scattered.
* Remove outdated comment about 24 hours.
- ForcedRawSMaxage defaults to 5 minutes.
- SquidMaxage defaults to 5 hours (wmf-config: 31 days).
Change-Id: I7f3b67780ba9e8c024dcbd68772495b91abb2d01
Followup to 09a21c4af8
Now with `|| $user->isAllowed( 'unwatchedpages' )` we can enter
line 337 without having any count to show.
Change-Id: I6826e1c59899d2c8cbbc6d079874d0d583f8783a
Proposed threshold to be considered an "active" watcher:
two times $wgRCMaxAge, configurable with the new
configuration setting $wgWatchersMaxAge.
The information is not displayed when the number given would
be 1 or 0, so that the number (or absence thereof) doesn't
"disclose" that the page is (potentially) unpatrolled or
completely unwatched and hence easier to vandalise.
Configurable with $wgUnwatchedPageSecret too.
Also, we don't display this row at all when the user doesn't
have the right to see the count of total watchers.
Bug: T51506
Change-Id: I10d294a339b131eee94839ed7088ab20d746d881
The info page of a page with {{DEFAULTSORT:0}} shows the page title
as default sort value.
Using empty() will consider the string '0' to be false, so use isset() instead.
Bug: T103745
Change-Id: I56ea5a38dcd33e822e0fc5b8685777fe1d212b22
This avoids muliple cache calls to explicitly defined tags by
calling the showTagEditUI of ChangeTags only once in logs and
histories.
Change-Id: I2e36dbd96d3fcca06de0bf418bc6dc294d8d18d3
* Convert existing use of WebResponse::header() for HTTP status headers
to use this new statusHeader() method.
* Extend unit test forFauxResponse.
I'm not calling HttpStatus::header directly in code. We keep the abstraction
layer of WebResponse so that responses can continue to be mocked/fauxed without
affecting the outer HTTP response.
Change-Id: I8a536e16659fa88b54cffa1457efb889efa5fcd6
