Adds an experimental configuration to allow extensions to define
OutputPipelineStages to include in the DefaultOutputPipeline.
There are a lot of open questions about this api, like ordering of
execution, but adding it @experimental will help surface the
requirements.
Bug: T370541
Needed-By: I6dc92af0611c680b6e55605a7c9ff8a3fc1dfa26
Change-Id: I64baea40a1687c7a06fbcda9efe9f9a159b0ae8d
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
This permission isn't currently available in other grant, making it
impossible to use action=setpagelanguage via BotPasswords or OAuth.
This commit adds 'pagelang' to the 'editpage' grant. Note that this
doesn't automatically give any consumer with the 'editpage' grant the
'pagelang' right -- they must actually have such rights on the user
account as well (for most wikis this is sysop, translationadmin).
Bug: T368578
Bug: T365558
Change-Id: I7048c49dc0428016cd798622552c446bbb10d99f
Why:
- We are unlikely to see good faith editing patterns with temp accounts
that would require a full year
What:
- Set the default expiry for temp accounts to 90 days
Bug: T359653
Change-Id: Iae9dd0f73aceecfc9935b2b6019b035b1057eeb3
One more step in gradually replacing uses of ParsoidOutputAccess. This
one was pretty easy, as ParsoidOutputAccess was pretty much directly
calling ParserOutputAccess when provided with a ExistingPageRecord
and RevisionRecord.
Bug: T367074
Change-Id: I96161a64952e1809c0aec773d5a3dd4c71105657
Why:
- We want to distinguish temp account creation being enabled from a
configuration state where MediaWiki knows about temp accounts
existing (and can identify and manage them accordingly) while temp
account creation is disabled
What:
- Introduce a 'known' configuration flag to TempUserConfig
- If 'enabled' is set to true, then 'known' is automatically overridden
to true
- If an administrator wishes to disable temp account creation after
temporary accounts have been created, the administrator should set
'enabled=false' and 'known=true'
Co-authored-by: Tchanders <thalia.e.chan@googlemail.com>
Co-authored-by: Kosta Harlan <kharlan@wikimedia.org>
Bug: T356524
Change-Id: I4ce534a847461230f7fa276a565bdc1d6c9857e1
Special:RestSandbox presents a Swagger-UI interface for exploring REST APIs. The available APIs can be configured using RestSandboxSpecs.
For now, the default is to support no APIs, so the feature is disabled in production. In the future, it would make sense to expose the wiki's own REST API per default. The corresponding entry in $wgRestSandboxSpecs in LocalSettings.php would look like this:
'mw' => [
'url' => $wgScriptPath . '/rest.php/',
'name' => 'MediaWiki REST API',
]
Note that the spec URL may still change.
To also explore the endpoints exposed through RESTbase, we might add:
'wmf-restbase' => [
'url' => $wgServer . '/api/rest_v1/',
'name' => 'Wikimedia RESTbase API',
]
Similarly, we could expose a spec for endpoints on api.wikimedia.org, which could then be explored using the new special page.
NOTE: This adds a dependency on the swagger-ui npm library. See T325558 for the security review.
Bug: T362006
Change-Id: I1dd5ed82680a28f9c15136b446a2de0398525061
The criteria for doing so have now been met:
* PHP 8.1+ is now the documented minimum, and the 1.42 branch already
enforces this in PHPVersionCheck. (T359868)
* OpenSSL support is also now required. (e4127e5864)
As stated in AbstractPbkdf2Password::canUseOpenSSL(), the version check
is no longer needed because PHP 8.1 requires OpenSSL >= 1.0.2. While the
the master branch may still work on PHP 7.4 for now, it is unlikely that
a site using it would still have a version of OpenSSL older than 1.0.1f.
(For example, WMF stopped using Ubuntu 14.04 "Trusty", which has exactly
that minimum version of OpenSSL, once Canonical started charging for
security updates in 2019.)
The reasons for the version check were:
* Old versions of OpenSSL appeared to perform at least as well as PHP
for reasonably long passwords (up to 128 bytes for SHA-512 hashes);
however, they had the same DoS issue that our own implementation for
PHP 5.3 had (see T64685). hash_pbkdf2() never had that problem.
* If PHP were to incorporate the major optimization of hashing the HMAC
key blocks only once, then the old OpenSSL versions would actually be
slower. So far, this has not happened.
Change-Id: I47eb1aabf3d0ae4792624f9ba1c392880d52d0b7
- Add a disabled by default feature flag 'EnableProtectionIndicators'
- When the config flag is enabled, show a lock indicator at the top
of the page.
- The lock icon should be overridable by the content of the page
- The indicator has a predictable ID which could be potentially used
to style the icon using the onwiki Common.css file.
- The lock icon by default links to https://www.mediawiki.org/wiki/Help:Protection. However
this link can be customized per wiki per protection level using a
empty message (for example: `protection-sysop-helppage`)
Bug: T12347
Change-Id: I3e36d98edfe54a9c138b1fe8e5057e107ded281b
The `supportsContentModel` method is really querying Parsoid for the
set of content models it supports, so it makes sense to put it in the
Parsoid-specific SiteConfig service.
This is part of the work to deprecate and remove ParsoidOutputAccess.
Change-Id: I81eb2df8cef93ede95361a4e03185b3d58e5b84b
This adds MediaWiki\Watchlist namespace to the classes of watchlist
directory and adds deprecation notice since 1.43 to the just created
unnamespaced aliases of the classes.
Bug: T353458
Change-Id: I4234f8fe62bb3bde6f5271c7ba31a2420b0f4b90
This adds MediaWiki\Content namespace to FallbackContent
and FallbackContentHandler and declares the unnamespaced version
as deprecated since version 1.43.
Bug: T353458
Change-Id: I3ee80aea379788b71539cc1c7a4ec216b753e042
This patch introduces a namespace declaration for the
MediaWiki\Content to JsonContentHandler and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Ia4ba6d3eddcb7b3f3d9f41a5ff80f724dbd01b22
This patch introduces a namespace declaration for the
MediaWiki\RCFeed to UDPRCFeedEngine and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I27437c2417984f21e29237b011add20cad9f4389
This patch introduces a namespace declaration for the
MediaWiki\Content to TextContentHandler and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I2c72dacf28ee72fb70b15acdd81d0eb717ea949a
This patch introduces a namespace declaration for the
Wikimedia\Watchlist to ActivityUpdateJob and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I34342bb01c8f6c9657f1b2f05de1de64a107665f
This patch introduces a namespace declaration for the
Wikimedia\RCFeed to RedisPubSubFeedEngine and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: If5b8a0b1f957e46f29907711079389fe543941d0
This patch introduces a namespace declaration for the
MediaWiki\Content to CssContentHandler and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I5504c21b4fabd6ce82c4dac37aacd1c74462c41b
This patch introduces a namespace declaration for the
MediaWiki\Content to JavaScriptContentHandler and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Ic30789d4e80a27004b6bc3b3ba891a7332a5e1ba
This patch introduces a namespace declaration for the
MediaWiki\RenameUser to RenameUserJob and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Ibf7d6d54e0047c6c298c02926d8a811d26f6361c
This patch introduces a namespace declaration for the
MediaWiki\Watchlist to WatchlistExpiryJob and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Ia0a85c9d7550edc972ea512606dfcf272c71a6cd
* Deprecate and stop using $wgBlockTargetMigrationStage. Remove
block_target migration code.
* Make the $schema parameters to DatabaseBlockStore methods default to
SCHEMA_BLOCK. Avoid passing these parameters where possible.
* Remove cleanupBlocks.php
* Deprecate DatabaseBlock static methods which try to present the old
schema for b/c.
Bug: T362133
Change-Id: I845bad8cc09a4528fef46a6f9d490ebdec881d99
Migrate from ipblocks to block/block_target and drop the ipblocks
table. Update tests.
In PostgresUpdater, change some schema update functions to skip field
updates if the table doesn't exist, by analogy with
DatabaseUpdater::modifyField.
Bug: T346293
Change-Id: Icf91b35f7f729cead7c800429653eb30731762a1
Modules group together endpoints by a shared prefix. The idea is that each module has its own version and can generated self-contained self-documentation. This allows clients to have clear expectations about the endpoints of each module, no matter what wiki they are accessing. So far, each wiki may be exposing a different set of endpoints, with no way to provide a spec that describes that set of endpoints in a way that would be consistent across wikis and stable over time.
Bug: T362480
Change-Id: Iebcde4645d472d27eee5a30adb6eee12cc7d046b
Legacy parser can now output headings using a more accessible markup,
which is also identical to the markup used by the Parsoid parser.
Changes to client-side JS and CSS necessary to support the new markup
have already been merged in earlier commits.
includes/skins/Skin.php
includes/ServiceWiring.php
* Define a new skin option, 'supportsMwHeading', which can be used
to toggle the new markup per-skin.
* Update the built-in fallback skin to enable it. This affects the
output in parser tests.
docs/config-schema.yaml
includes/config-schema.php
includes/config-vars.php
includes/MainConfigNames.php
includes/MainConfigSchema.php
* Add a new configuration setting, 'ParserEnableLegacyHeadingDOM',
which can be used to toggle the new markup per-site.
includes/OutputTransform/Stages/HandleSectionLinks.php
* Output new heading HTML for skins that enabled the option.
tests/*
* Duplicate parser tests that cover heading generation to cover both
new and old markup. Update other parser tests to use new markup.
* Add some unit and integration tests for the behavior of the skin
option and some parser tests for edge cases of the new markup.
Bug: T13555
Change-Id: I1180169a8e83af834c2984ba16089e6277f2a8dd
openssl provides the proper password hashing algorithm, so it is needed
in order to have safe and efficent password hashing.
Change-Id: I61498275c7f7cf19787f0aee50dc4884c57b82b2
According to the dictionary, "per" (or more conventionally "as per")
means "according to". Refer OED "per" sense II.3.a. For example:
"No value was passed, so return null, as per default".
In this sentence, we are not specifying the default, we are referring
to the default. This correct usage of "per default" was used nowhere
in MediaWiki core as far as I can see.
Instead we have "per default" being used to mean "by default", that is,
giving the value to use when no explicit value was specified.
In OED, the phrase "by default" is blessed with its own section just
for computing usage:
"P.1.e. Computing. As an option or setting adopted automatically by a
computer program whenever an alternative is not specified by the user
or programmer. Cf. sense I.7a."
There are highly similar pre-computing usages of the same phrase,
whereas the phrase "per default" is not mentioned.
As a matter of style, I think "per default" should not be used even
when it is strictly correct, since the common incorrect usage makes it
ambiguous and misleading.
Change-Id: Ibcccc65ead864d082677b472b34ff32ff41c60ae
Production is read new almost everywhere, mediawiki core should reflect
that as well.
Bug: T299947
Change-Id: I8f05c4d7026394205bfc54b68dc725392852ae2a
