Adds a few pieces of information to improve tracking of autocomplete
usage.
* When using Special:Search 'go' feature forward wprov parameter to redirect
* Include a data attribute indicating autocomplete location to
differentiate usage of the header and Special:Search content autocompletes
* Report exact query string that was used for impression-results
* Add handling to allow searchSuggest subscribers to append tracking
information to generated article links
* Add a new hook, SpecialSearchGoResult, that can either change the url
redirected to in the 'go' feature or cancel it entirely.
Bug: T125915
Change-Id: Iec7171fcf301f1659d852afa87ce271f468177c1
This is a pre-requisite to fix a Flow move regression, T127785.
This allows running an atomic entirely within the move with the correct
ordering.
Bug: T127785
Change-Id: Ie772f737f917854e4cfefe52ec3bea4669c9efe0
* check 4 new paths
* strip 'NormalizeMessageKey' hook from docs/hooks.txt,
last call was removed in 1ea4f23b05
Change-Id: Id36ab478b94f74be451cae848d5ef2a318d23040
Pass the cookie options by value to WebResponseSetCookie handlers so
that they may alter them.
Bug: T49647
Change-Id: I69ae55baa7806f14726b0b08215c0df471794b39
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
Always treat this as on and simplify the code.
This will also make it easier to move updateWatchlistTimestamp() into
the EnotifNotifyJob class to avoid query timeouts.
Change-Id: I8ceaa42cdcfe3ad00a26368be6a73052be329045
User keeps most of its token-related methods because anon edit tokens
are special. Login and createaccount tokens are completely moved.
Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
ImportLogInterwikiLink. Hook to change the interwiki link used in log entries and edit summaries for transwiki imports.
Change-Id: I03e054de16d8820c0f3d2c165288e229960d6bb1
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
Also fix USE INDEX so that it won't break if another table is joined.
See related change at I2a7003f9.
Bug: T53124
Change-Id: I9ac910bc4c24196b1f19e2fc7f1e5b88a0dac41b
Extensions that have composer dependencies can set
"load_composer_autoloader": true
to load "$dir/vendor/autoload.php" if it exists.
While it is recommended to use composer-merge-plugin to manage
composer dependencies for extensions, using a local autoloader
can be easier for development and is used by ExtensionDistributor.
Bug: T119766
Change-Id: Ib031bef17c8a7d708a5c7878e74967d19217bbc8
The EventBus extension needs to forward the created (null) revision ID as
part of the page move event. Looking this value up when the hook fires is
problematic, because without a connection to the master DB the query might
very well return nothing (if it races in before the entry is replicated to
the slave).
This changeset passes the newly created Revision on to the hook so that it
doesn't need to be queried separately.
Bug: T116786
Change-Id: I1b48e2904fc8d99f2cde604f274f79a2b47d7fc2
The next revision in the page history isn't necessarily the previous
revision (due to selective undeletions, history merges, etc). This
passes the next revision to HistoryRevisionTools so extensions can check
if needed. Also, it passes the user to this hook and DiffRevisionTools
to avoid use of wgUser or having to retrieve context.
Change-Id: Ibc68f19040eebe3614e07f753f26bbfd376ae28d
* All updates for an event are atomic for the main DB.
* This follows-up 9e51328790 by reverting the auto-commit
behavoir which was a side-effect of that change.
* Added TitleMoveCompleting hook with is a pre-commit version
of the same hook. Various extension could benefit from the
atomicity of running in the main transaction.
Change-Id: Ife5990bbedca1de78bcf83f2d6fdeeae8086ffad
These scripts interact with keys that used to be set by ParserCache.php.
However this hasn't been the case for a long time now. They use wfIncrStats(),
which is configured by $wgStatsdServer.
Change-Id: Id6a62aec57801085ed684af9362a96eca0914e92
The type list was missing "number" for doubles, but since we allow *all*
types of variables, don't even bother checking types.
Bug: T120507
Change-Id: I10626f5764f49d4f96a3cc35a27c890905a71bfe
Check if all hooks in hooks.txt have a &, if the code also have & and
the other way round.
Fix all hooks in hooks.txt to have a clean run of the script.
Change-Id: I1b45253e20dc310e825cdc17e0e2e9c8fb315bab
Using the new system introduced in
1c57794e37 (see T47843).
This change allows Title::getUserPermissionsErrors() to include
MessageSpecifiers instead of string message keys in its return value.
This doesn't seem to have any bad effects, and should work seamlessly as
long as callers aren't trying to do anything stupid and just pass the
value to PermissionsError or OutputPage::showPermissionsErrorPage()
or wfMessage() or some such.
If the callers *are* trying something stupid, nothing worse than
duplicated or otherwise less-than-perfect error messages (in code
which tries to handle some message keys specially) should happen.
(I fixed wfMergeErrorArrays(), but who knows what else lurks in all
this code.) Any problems should only affect new-style errors using
MessageSpecifier, though.
Since MessageSpecifiers tend to be stringable, we probably won't get
fatals, but might get incorrect checks. Should we try to log this
happening somehow?
Goes with I42a0c5b0ea7e61088dd609b764dd7d1396c60cd5 in TitleBlacklist.
Bug: T115258
Change-Id: I1334ba21a2862973a9d8ff5be2c9bec06a82698b
BaseTemplateAfterPortlet: Add colon to match the other arguments
FileUpload: Adjust spacing to match the other arguments
Change-Id: Iae0285b1a39cf851aaaa735cb22e95c839813997
Instead of expecting everything to be a ResourceLoaderFileModule, use
the "anyOf" property to validate against multiple schemas. The following
schemas are now allowed:
* The ResourceLoaderFileModule schema, now with the "targets" property
* A schema for ResourceLoaderImageModule
* A generic schema that requires the "class" property is set, but not to
"ResourceLoaderFileModule" or "ResourceLoaderImageModule".
The last schema will allow for any custom ResourceLoaderModule class to
be set in extension.json with arbitrary parameters.
One downside of this is that the error messages shown when a file does
not validate get a little more confusing, as it shows the error messages
for each schema it does not match.
Bug: T105236
Change-Id: I5e4bfa69c733187c7b27294c159cac05b3b92e81
We should be telling extensions whether a deletion is a suppression or not, so
they can behave appropriately.
Change-Id: I2cb6ffd61dd12766fe0266514c9360ff0c90b788
UserMailerTransformContent allows extensions to change the body of
an email sent via UserMailer::send(). This is applied before
low-level transformations such as multipart or content encoding.
UserMailerTransformMessage is similar but it is run after those
transformations.
UserMailerSplitTo allows extensions to request that a certain
user should always be emailed separately (so when UserMailer::send()
is called with an array of target addresses, that user will be split
out into a separate call). This is intended for content
transformations which need to be different per user, such as
encryption.
A side effect is that while before a call to UserMailer::send() was
either fully succeeded or fully failed, now the message might be
delivered to some targets but not others. send() will return a failed
Status object in those cases.
Bug: T12453
Change-Id: I4c3a018110173c3b5d52a753fdcbec397b590ced
Very useful to do things that need to know the actual search
term (eg. to show further things related to that).
The old hook supported that as well, as documented on
https://www.mediawiki.org/wiki/Manual:Hooks/SpecialSearchResultsAppend
That hook has been re-introduced with e7551f16
Change-Id: I7ac6ad95b29f9da0802eb3340e27b8683bf9f76d
