This introduces RestAuthorizeTrait to ensure proper error reporting
after calls to Authorizer methods to avoid misleading error reports,
see T350117 and T350202.
This reverts commit e047668d9f.
This restores change 701ff30193.
Change-Id: I617cb7ba24a1614c39e2b1072888f0ee7b3127e3
This patch deprecates the $tablesUsed property, and introduces a new
utility, ChangedTablesTracker, that automatically keeps track of all
tables changed in a test. Every table used is now guaranteed to be reset
after the test.
Note that tables changed in addDBDataOnce are only cleared at the end of
the test class, or the data would be lost.
Fix a test in SpecialBlockTest which would fail with this patch.
$tablesUsed is now a no-op and can be removed from all tests that
declare it.
Bug: T342301
Change-Id: Ie2f1809dac243ef06ba0c34f039ce4e62cbf99cf
This has been constantly mentioned as buggy and broken and there is no
official version of latin or Arabic (see the ticket for more details).
This can be turned back as an extension if needed by third party users.
Bug: T350684
Bug: T268143
Depends-On: I6180dca2c49b3119751766268acc56087aaf8414
Change-Id: Ifbf3c8954d885daf891f8d9efc11743d898302f0
Add Special:EditRecovery to dispaly a basic list of all pages
with locally-saved edit recovery data. This change just sets up
the initial work for this, and the actual design and improved
UX will come in subsequent changes.
Bug: T347673
Change-Id: I8edbfd21258fcb2e4fc9f3e4ded9876d6635d752
Why:
Temporary accounts (introduced as part of IP Masking)
are supposed to expire 1 year after their registration.
Automatic account expiration can be done via a maintenance
script, which would be periodically executed via cron / systemd.
Make it possible for extensions to provide their own logic
for generating a list of temporary accounts to invalidate.
This is used in CentralAuth to base registration timestamp
on the global registration timestamp.
The default behavior is "temporary accounts do not expire",
given the feature requires a maintenance script to run
periodically, which will not be the case on third party
instances.
What:
* Add `expireAfterDays` to $wgAutoCreateTempUser, controlling
how many days temporary accounts have.
* Add UserSelectQueryBuilder::whereRegisteredTimestamp(),
filtering accounts based on user_registration.
* Add ExpireTemporaryAccounts maintenance script, which is
@stable to extend.
Bug: T344695
Change-Id: If17bf84ee6620c8eb784b7d835682ad5e7afdfcc
Previously the edit rights check would fail if you didn't have edit
rights in general. This made it difficult to write custom permission
extensions that want to give users edit rights to a few specific pages
while not giving rights in general.
This check goes back to 2005 when the edit rights system was first
introduced a2a28a34c1. Presumably per-page permissions didn't exist
yet.
Bug: T342515
Change-Id: Ibcf0e18c44912abdd02a676a551da3cc7ed22ee0
* Move to DatabaseBlockStore the DatabaseBlock methods newFromID,
getQueryInfo, getRangeCond, newFromRow, isExemptedFromAutoblocks,
doAutoblock, updateTimestamp, getAutoblockExpiry, newFromTarget,
newListFromTarget.
* Split DatabaseBlock::getBlocksForIPList. Now
BlockManager::getBlocksForIPList() is responsible for XFF header
validation and trusted proxy handling. DatabaseBlockStore::
newListFromIPs() just does the queries and constructs the Block
objects.
* In DatabaseBlockStore::newFromRow() and doAutoblock(), use the
DatabaseBlock constructor instead of calling many setter methods. Add
constructor options decodedExpiry, decodedTimestamp, id,
parentBlockId and restrictions to support this.
* Move isExemptedFromAutoblocks() to its own service. Remove the cache
since in my testing with production eval.php, the WAN cache fetch is
10 times slower than just using the message cache, contradicting the
comment written in 2008.
* Fix AuthManagerTest which was previously passing an unrecognised
"restrictions" option to DatabaseBlock. Now that the option actually
works, we have to use the right type.
Bug: T255433
Change-Id: I5049e60be1681f67fcca133e569e315792dc42dd
All of the fields it's cleaning up have been deleted. The script cleans
up denormalized username fields which were deleted in the actor
migration.
It skips tables for which the name fields don't exist, which is all of
them.
Change-Id: I407a75c85cbd5ff6ab0d6d48d2bf07793e7c0c3e
Refactor EditPage's logic for getting a redirect URL into a trait
that can be shared between classes that exteend ApiBase.
Bug: T349223
Change-Id: I7cafa0bfc17a75d44e1d83b9561b4b2778b5f132
They were supposed to be dropped before 1.41 release.
Depends-On: Icd972535725e65e6eaed25607f1fd1c69d6b3a5c
Change-Id: Ieeaf39ec07407a55daa51c350cd57b66283a27bb
This takes us one step closer to deprecating Status,
so we can isolate StatusValue from presentation logic.
FormatterFactory is introduced as a mechanism for
getting instance of formatters that need access to the user interface
language and other request dependent information.
Usage is demonstrated in thumb.php, SpecialCreateAccount, and
SearchHandler. The examples indicates that there is no work do
be done around ErrorPageError and LocalizedHttpException.
Change-Id: I7fe5fee24cadf934e578c36856cc5d45fb9d0981
Code is no longer used and all previous usage has been replaced
with the appropriate HTTP logic and cleanup has been taken care
of.
As a follow-up to this patch, I'll be finally removing the
`$wgVirtualRestConfig` setting from core and extensions.
Bug: T338921
Change-Id: I7e1fff996033ba26e1b3dd229dd299a64c610707
To avoid accepting raw SQL in conditions and avoid the need to call to
addQuotes() which might get forgotten and open a SQL injection vulnerability.
A migration path would be something like the following:
Before:
'rev_timestamp > ' . $db->addQuotes( $timestamp )
After:
$db->expr( 'rev_timestamp', '>', $timestamp )
See the ticket for more information and reasoning.
Bug: T210206
Change-Id: I72431410c21ab97e797c7df07bf0dedd19307e65
And have UserGroupManagerFactory cache instances, per the TODO.
I'm doing this because SpecialUserRightsTest was flaky when there are
two local instances of UserGroupManager floating around. Resolving the
todo is the simplest way to ensure there is only a single
UserGroupManager. There are no remaining usages of UserRightsProxy in
codesearch.
Change-Id: Icb3395dfc53a4441b667f001ac1227f36d1f2e8d
This also introduces the ephemeral field "$mTransformedText" to store
the result of transformation in ParserOutput.
This is a first step before the transformation uses HtmlHolder as input
and output.
Bug: T348253
Change-Id: I312f3748ebfb0373ee3542ba0abdeefe7db1d488
Add a cache to BlockManager, so that we can get rid of the block cache in
User.
The cache stores up to three blocks -- a request block, a user block and
an anonymous (IP) block. Using object identity to compare keys means
that we can avoid serializing the WebRequest and UserIdentity.
Bug: T345683
Change-Id: I7639766519861690a759629144c8680767539293
The hook is no longer called, so the deprecation warning of the
HookContainer (as mention in DeprecatedHooks) cannot work as expected.
Change-Id: Idb586e9c2d8ba87411acc137537db6d6c75485a7
In preparation for the underlying library changing, generalize the
tests for this code so that test changes are kept to a minimum in
the actual commit. Rather than test the upstream directly, move
our custom test cases from JsMinPlusTest to ResourceLoader/ModuleTest.
Fix benchmarkJSMinPlus.php to not emit warnings on PHP 8.2 due to
use of dynamic property creation:
> PHP Deprecated: Creation of dynamic property JSNode::$readOnly
> is deprecated in /mediawiki/includes/libs/jsminplus.php:1728
Bug: T75714
Change-Id: I0515be8229f51de48c1f0c92f09e2d827e1b1add
This reverts commit cbde6b69de to re-apply
the initial patch. This should only be merged once
I2acfd0b7a1e48aec107ded3bbe4963e2df24f4d3 is deployed.
Change-Id: If12ab65b1d773946fca6c8601ff51290136549c8
This reverts commit ec22840c4a.
This patch currently creates issues on beta, which still runs with the
latest vendor version of Parsoid. If, for some reason, Parsoid doesn't
get deployed with this patch, I2acfd0b7a1e48aec107ded3bbe4963e2df24f4d3
doesn't get included, and the REST page handler breaks.
Staggered deploy seems safer in this context, hence the proposal for a
temporary revert, and a merge after the next Parsoid vendor patch is
deployed.
Change-Id: I3f859fa807a04892a67323cd4e98be0d3fbb1676
The Helper classes are deprecated since 1afd52e3e4.
Depends-On: I2acfd0b7a1e48aec107ded3bbe4963e2df24f4d3
Change-Id: Ie9973c6d6474bb7b4720c0641ca7492dc946d923
The class name MySQLMasterPos is deprecated since d11c59538a included
in MediaWiki 1.37.
Bug: T282894
Change-Id: I1dd75261dc031da5aef3873b60cb2d86367b44be
To replace DatabaseLogEntry::getSelectQueryData()
Many migrations can't happen right now because of use of
ChangeTagsStore::modifyDisplayQuery() but I will fix that soon.
Bug: T344971
Change-Id: Iafb2bb5ea3a0da49da1dafb69b65dea3c15029ed
In 2008, the `redirect` table was added, and in 2011, it gained the
fields `rd_interwiki` and `rd_fragment`. We have never performed
proper maintenance for those changes, instead relying on code in
WikiPage to update it when the page was visited, or on an optional
run of refreshLinks.php.
I would like to remove the code in WikiPage, so we probably need to
perform this maintenance in the database updater. You know, for the
millions of people who have been dutifully upgrading their MediaWiki
installations since 2008, but never visited the pages there.
The script is a trimmed-down version of refreshLinks.php, without all
the weird stuff, and using a better index for the queries.
Bug: T346290
Change-Id: Iea251d2737b2fb472c4efb060ad2b97735b4ac53
The new method encapsulates the fact that we currently have to
instantiate action objects to determine which permission the action
requires. This encapsulation reduces coupling in PermissionManager
and allows us to easily change to a better way to create ActionInfo
later.
Eventually, ActionInfo should be constructed based on the action's
object spec. This requires us to include the relevant information in all
specs, in core and extensions.
Change-Id: I707a165c41403ebd4a3edfc66c1595e1bd3a4087
