This reverts commit ecf826a2ee.
Reason for revert: need to edit the patch and then it will be GTG in order to finish hard deprecating of User ::getCanonicalName, ::isUsableName, ::isCreatableName
Change-Id: I2f57f56728fcbeada96dc2228f07dc8bcaa5d4f6
The message keys by 'options-messages' are evaluated with
Message::plain(), but some situation needs Message::parse() to support
templates and HTML formatting in this values.
Bug: T58633
Change-Id: I8f52f21ae2641ddcad1aa85ce6bf14de1a09ab4b
Refactor CollapsibleFieldsetLayout to work when not wrapped in
mw-htmlform-ooui-wrapper.
Bug: T278935
Change-Id: I89c17671de1c1c8b5897a75ad292c576a1e1bbb1
Some forms (namely Special:EditGrowthConfig) need to make sure
title exists if possible, but also need to support interwiki
titles.
Bug: T279886
Change-Id: I1bed0aa90dab8c872e915148923a5d78c9dee2f3
Note that this changes the effective type of the protected mCancelTarget
field. This fields has no declared type, and does not seem to be used in
any subclass. The type of mTitle is not changed at this time, but
nothing seems to rely on that either.
Bug: T278459
Change-Id: I4bf0d46c74b53ffc9cb3e6e497c789ef6b3bab6a
Implements HTMLTagMultiselectField, a form field that instantiates
TagMultiselectWidget, the PHP representation of the OOUI's js-based
widget of the same name with the implemented parameters:
* allowArbitrary
* allowedValues
Bug: T278317
Change-Id: I3a6a30506d493be4185f917c577b3837fffd8ae1
Normalise IP addresses in HTMLUsersMultiselectField, to avoid adding multiple equivalent IP addresses
Bug: T275394
Change-Id: I3cbc26cb7c98ddc94bc3effc6bd2ab7108e970f8
Fixes a bug introduced in c12af6e168
where invalid usernames are normalized out.
Nonexistent usernames will still fail the validation step, including
IP addresses if the field has been set up not to accept them.
Bug: T274568
Change-Id: I229afdfff2144fd4db8d49825262010f58f1fe54
Users can pass multidimensional arrays in query parameters to PHP
(e.g. ?foo[a][b]=bar). While filterDataForSubmit() ensured that anyone
using HTMLMultiSelectField in their form did not see them, internal
code here did not handle them correctly when validating the values and
generating the inputs, resulting in warnings deep in other code.
Use is_scalar instead of is_string in case default values somewhere
are integers or other non-string types.
Bug: T274955
Change-Id: I072a722ed025d687bfe755261a9896457f68f2ef
In no-js, there is no on the fly normalization of usernames in
HTMLUsersMultiselectField so both "User A" and "User_A" are
valid representations of "User A" (the canonical representation).
It's also possible to add the same user multiple times with no-js
and this will be considered valid and count toward the max limit.
These are not problems with js enabled since there will be an api
call for every new entry and that call both filters for selected users
and only returns canonical names.
This patchset reproduces that functionality in the PHP layer so that
no-js functions like the infused widget.
Bug: T274568
Change-Id: Ie78c8f37fa8a38b67eeaa6de098e41df2dac3e3e
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
This patch touches all uncontroversial (I hope) places where a chain
of isset(), array_key_exist() and the ternary ?: operator can be
replaced with the much shorter ?? feature from PHP 7.
?? does the same. It checks if the element before the ?? is set and
not null. When this check fails, the element after the ?? is used.
Change-Id: Id612e2782ae928164b26b6f0de676c6c7d8302f3
If the disabled parameter is set, the create/delete buttons
should be disabled by default. If a delete button is passed
along, then it overwrites the default delete button and therefore
needs to manage its own disabled/enabled state
Bug: T273431
Change-Id: Ia424466d26b6f65f01b912c2d556d329eb93f29a
* Make 'accept' an array like it is in OOUI
* Treat $this->mMultiple like the boolean it is
* Don't bother setting 'placeholder' on native inputs
Change-Id: I4c1341181757791c2e1ac2a14c4b3e7c8461ca54
This issue type was globally suppressed in
I849ac4f120fd15b483e8939d4db45c98dc351259 to make reviewer easier.
This adds inline suppressions or @suppress directives on function
docs for false positives, mostly restoring those removed in
I849ac4f120fd15b483e8939d4db45c98dc351259
Bug: T231311
Change-Id: I1b1d814bd907e9d49fcc39f777982936574fc7c6
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
single string is raw html,
not a message key as documented on HTMLForm::trySubmit
Also remove is_string, any truthy value would be implicit string casted
in HtmlForm::getErrorsOrWarnings
Reorder the if in HtmlForm to look similar to OOUI
Change-Id: I5b78b0df2cca695f8f5c6b08aa4d6c015d1fa1fe
Deconstructing non-sparse, numerically indexed arrays directly in
foreach (a.k.a. using the list() syntax in foreach) is possible since
PHP 5.5.
The possibility to use string array keys as well as non-sequential
numeric keys in array deconstruction was added in PHP 7.1.
Change-Id: I56a48552a45f61cedc291b306cad8548fc70d485
For example, documenting the method getUser() with "get the User
object" does not add any information that's not already there.
But I have to read the text first to understand that it doesn't
document anything that's not already obvious from the code.
Some of this is from a time when we had a PHPCS sniff that was
complaining when a line like `@param User $user` doesn't end
with some descriptive text. Some users started adding text like
`@param User $user The User` back then. Let's please remove
this.
Change-Id: I0ea8d051bc732466c73940de9259f87ffb86ce7a
The code that enables collapsible elements in 'mediawiki.page.ready'
may not run on special pages.
Bug: T260642
Change-Id: I4c5250f5b2575ec6699b99bf979c02e5ac16722d
Not working on Special:AbuseFilter for example
Skins can disable this module so special pages must
add it explicitly.
Bug: T260642
Change-Id: I51deedf9c60279b0917ab085fd7498edf55e93da
Exceptions classes are nearly always value objects, and should in most
cases by newable.
Bug: T247862
Change-Id: I4faa8ec6ea8bc44086cfc8075b32d10eea61e9df
