Preferences options using HTMLForm's "multiselect" type are stored in
the user preferences table as one key with a boolean value for each
option in the multiselect. The validation code added in change I98df55f2
does not take this into account, and therefore considers all of these
option keys invalid.
This changeset fixes that, and adds a unit test to verify correct
behavior.
Change-Id: I137c74a6045c7b39e2119a8edde2705738879bc9
Change I98df55f2 broke action=options&reset=1, causing it to return an
error "No changes were requested" rather than resetting the options as
it should. Unfortunately, that change also broke the unit test that
would have caught this regression.
This changeset fixes the bug and the unit tests.
Change-Id: I7fe63640d54efab4572538e9d08f5b75c61243a4
Previously, there was no validation whatsoever and the module would
happily write any preference you asked it to. This, combined with the
fact that the code using the 'editfont' preference didn't perform any
validation or escaping, led to a CSS injection vulnerability.
Using Preferences::getPreferences breaks some existing test cases
because a MockUser doesn't have groups for preferences.
Change-Id: I98df55f2b16ac1b6fce578798b6f58b5dad96775
The edit conflict tests can take quiet a while to execute, definitely
more than the default 2 seconds we allocated to test. Marking the class
with '@group medium', in the comment, instructs PHPUnit to apply a
timeout of 10 seconds.
Change-Id: Icdd78ea43c91eeca7d4a00bfe6bb368bb3b8f891
query=revisions can be used with rvprop=content to retrieve the
content of revisions. The contentmodel should always be included
with the content (just like the contenformat is), so the client
is able to interpret the structure contained in the content blob.
Change-Id: I67cf48f905ff83a86992e1a54f7ad0feaf2b2c94
Changeset Iec98e472 changed the behavior of action=parse&page=... when
passed a page that does not exist: previously, it would return a
"missingtitle" error instead of assuming an empty page. As some people
had been depending on this old behavior, restore the error checking.
Change-Id: I4c76ce458ceb01e233c6074cd9251879013ec143
Before the ContentHandler merge, using action=edit&appendtext=... on a
non-existent page would treat the page as if it existed but had no
content. After the merge, it throws an error incorrectly claiming that
appending is not supported for wikitext.
The fix is to create a new, empty content object when appending and
there is no existing content.
Change-Id: I61f2cf3911a7d9d8553fc3f745e545cb1bcfd270
List of query generators is now not built using reflection, instead it
is defined in code. Per Domas, make this a hard coded list instead of
loading all the child classes.
Added $wgAPIGeneratorModules for people to register their API generator
modules.
Change-Id: I12da92da33527e414c9b125a50b82c9bdbb3ed99
This introduces the ContentHandler facility into MediaWiki,
see docs/contenthandler.txt.
For convenient review, a squashed version is available at
https://gerrit.wikimedia.org/r/27191
The ContentHandler facility is a major building block of the Wikidata project.
It has been discussed repeatedly on wikitech-l.
Change-Id: I3804e2d5f6f59e6a39db80744bdf61bfe8c14f98
This commit depends on the introduction of
MediaWikiTestCase::setMwGlobals in change Iccf6ea81f4.
Various tests already set their globals, but forgot to restore
them afterwards, or forgot to call the parent setUp, tearDown...
Either way they won't have to anymore with setMwGlobals.
Consistent use of function characteristics:
* protected function setUp
* protected function tearDown
* public static function (provide..)
(Matching the function signature with PHPUnit/Framework/TestCase.php)
Replaces:
* public function (setUp|tearDown)\(
* protected function $1(
* \tfunction (setUp|tearDown)\(
* \tprotected function $1(
* \tfunction (data|provide)\(
* \tpublic static function $1\(
Also renamed a few "data#", "provider#" and "provides#" functions
to "provide#" for consistency. This also removes confusion where
the /media tests had a few private methods called dataFile(),
which were sometimes expected to be data providers.
Fixes:
TimestampTest often failed due to a previous test setting a
different language (it tests "1 hour ago" so need to make sure
it is set to English).
MWNamespaceTest became a lot cleaner now that it executes with
a known context. Though the now-redundant code that was removed
didn't work anyway because wgContentNamespaces isn't keyed by
namespace id, it had them was values...
FileBackendTest:
* Fixed: "PHP Fatal: Using $this when not in object context"
HttpTest
* Added comment about:
"PHP Fatal: Call to protected MWHttpRequest::__construct()"
(too much unrelated code to fix in this commit)
ExternalStoreTest
* Add an assertTrue as well, without it the test is useless
because regardless of whether wgExternalStores is true or false
it only uses it if it is an array.
Change-Id: I9d2b148e57bada64afeb7d5a99bec0e58f8e1561
During incident response, it was not possible to tell what API modules
were being requested and by whom, since the action parameter is often
posted. This change logs the API parameters whether they are posted or
sent in the query string.
I did try to get the API parameters from the module, but that turns out
to be difficult. Modules create submodules (generators, page sets) as
local variables, which are created in a procedural style and destroyed
before logging is done, so there is no easy way to query them for
parameter lists after execution completes.
In ApiOptionsTest, use a real ApiMain object like all the other API test
cases, rather than a mock object. Otherwise the test fails.
Change-Id: Idc786007fe61811d1874f29b5ce4762dd97b1847
ApiTestCase resets global session data in setup, invalidating any existing cookies.
ApiQueryInfo caches all tokens, these need to be cleared out so tokens are re-generated
to match the fresh session.
Until now, individual tests have been doing that, but there's no not to do this per
default.
Change-Id: Icefa362190c2e7d87d09bda30079255741824f55
Cleaned up EditPage, removing and fixing comments etc.
The most prominent changes are:
* improved handing for parse errors
* improved handling for image redirects
* better readability because one huge try/catch block was removed
Change-Id: Ie33720922eb05dda89a22ca1f5f0cba4b1d31129
We can now do this since we finally switched to PHP 5.3 for MW 1.20 and get rid of the silly dirname(__FILE__) stuff :)
Change-Id: Id9b2c9cd2e678197aa81c78adced5d1d31ff57b1
Make sure the global session data in $wgRequest is used for doApiRequest
per default, and return it's content among with the request's results.
Previously, an empty session was used per default, and the local context's
session data would get out of sync with $wgRequest.
This change allows for the following assumptions to hold in test cases:
* within the same function, changes to the session made by one api call
will be visible to subsequent api calls.
* the session data returned by doApiRequest is the actual status of the
session as manipulated by the api call. This session data can be passed
to subsequent api calls.
Note that the session data is still reset for every call to a test
function.
Change-Id: Ia20cf0ccfcdca736dd5da3444b14fbdd1c5def46
* Use the API module's own context to check edit tokens.
* Use the global session if none is provided to doApiRequest.
* Fix ApiFlockTest to not pass an empty session, so the tokens from
the global request can be used.
Change-Id: I2bff2390f43beb984b1b451bcf4e41271b2f054f
I have created an API module for changing the preferences.
It allows resetting preferences (reset argument) and bulk changes
of preferences (change argument) in a format:
name1=value1|name2=value2
The change argument has a limitation imposed by the current API
implementation as it cannot accept | in values. There is
available a pair of arguments optionname and optionvalue, the
latter accepts values with |.
I have created optionstoken parameter in meta=userinfo to provide
a token. There is already preferencestoken there, but I would
like to have a consistent naming.
Change-Id: I0d6c654a7354ba77e65e338423952a6a78c1150f
Add tests for:
- action=block and action=unblock gettoken
- attempting to block or unblock a user with no token passed.
Patchset2: use a provider to have tests run against both 'block' and
'unblock' actions.
Change-Id: I686348ff4e2fe419c556acea2fa59dd203dc9440
That test has probably always been broken and use an invalid token. The
bug tracking brokenness is http://bugzilla.wikimedia.org/35646
Since the broken test is merged in master, that block the integration of
Jenkins and Gerrit by having any submitted patchset to be reported as
failling :-(
Root cause is https://gerrit.wikimedia.org/r/3434 which made the
Block/Unblock API to actually verify the token previously always
considered valid (bug 34212).
Change-Id: Iecf6b083163c214c734360b2f6d9b4bed8af07dc
That will let us tests all the API tests by using PHPUnit group
filtering such as:
php phpunit.php --group API
Also cleaned some whitespaces
Patchset-4: skipped files that had only whitespace changes
Change-Id: I51e03d910521b061f505e3a9b11a08c7b95f1538
ApiUploadTest gives inconsistent results which trigger false alamrs to all
the ops team. We are disabling those tests for now.
See https://bugzilla.wikimedia.org/26169
