This mostly mirrors the existing handling for deprecated modules. In
lists, internal modules are ordered after deprecated ones, with
deprecated internal modules at the very end.
action=paraminfo gains an array of internalvalues analogous to
deprecatedvalues. Help messages for internal modules are prefixed with
the text “Internal”. The help page and API sandbox styles color internal
values in red, just like deprecated values (and matching the existing
style for the “this module is internal or unstable” warning in the help
page), but do not add a strikethrough.
Bug: T185508
Change-Id: I5dfc3bacbc070d74f467eb1a4042cab159aa28ec
HHVM sniffs the content type and so probably correctly guesses
application/x-www-form-urlencoded and fills in $_POST, while PHP 7 does
not sniff and so doesn't fill in $_POST.
Since there are clients that have been expecting the HHVM behavior, give
a warning both to let them know and so we can have some idea of how many
such clients there are.
This also adds any warnings and errors as an HTML comment at the top of
the auto-generated help page, to hopefully make it easier for people
getting that unexpectedly to find out why.
Bug: T230735
Change-Id: I017b7afe808844d74d376f6436894a5a2f525a9f
These are both fairly small modules used in related low-traffic
scenarios. The cost of registering both globally on all page views
as a top-level entry point does not seem worth the marginal gain
of loading only one of these two in the contexts where they are
needed.
Change-Id: I42458ebec3f8d6e14e52e44d62fb914fcbeda5db
There's probably not much benefit in search engines indexing the API
auto-generated help or various random "format=jsonfm" outputs.
On Wikimedia wikis we already have a robots.txt entry denying indexing
of everything under /w/, which includes api.php.
Bug: T207818
Change-Id: I196d401eeb5fcf49844265df41ad3cce83ffdcdf
The module 'mediawiki.toc' is not needed anymore because it is
superseded by the style module 'mediawiki.toc.styles'.
In the skin the module 'mediawiki.toc' may be used by self-build TOCs
from the content.
Change-Id: I53cd6f222c77a1902b89913fe45c92c105dec022
Changes in the behavior:
* The toggle button generate no FOUC on loading.
* On keyboard navigation the toggle key is the space key and not the
return key.
* Animation on hide and show is missing. Maybe a new animation with CSS
can added.
* The state of the button is not saved in a cookie.
* Self-build TOCs can not get hidden.
Browser support:
* The new implementation does not need JavaScript and therefor it works
on browser with disabled JavaScript and on Grade C browser.
* The new implementation requires the CSS pseudo-class selector
:checked. Therefor IE8 and lower are not supported.
Risks:
* The new implementation needs additional HTML elements. These elements
also get cached and crawled. The elements have no content so they get
hopefully ignored by crawler.
* The new CSS code imitates some styles (link, focus). This must kept
up to date.
* Multiple TOCs on one page would generate the same id attribute.
This can avoided by appending a counter or better and easier a random
string to the id attribute.
Bug: T195053
Change-Id: I82db33d656b3795d7134a91d20ed9d93a3471086
Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
With MCR coming up, ApiEditPage is going to need to be able to take
"text" and "contentmodel" parameters for each slot-role, and enumerating
such parameters for every possible slot would probably get rather
confusing as to what is required when, or at least long-winded in
repeating the exact same thing for every possible role.
So let's abstract it: we'll have an "editroles" parameter to specify which
slots are being edited, and ApiEditPage will just declare that
"text-{role}" and "contentmodel-{role}" parameters should exist for each
value of "editroles" in the submission.
Note this patch doesn't introduce anything that uses templated
parameters, just the functionality itself. For testing purposes you
might cherry pick I2d658e9a.
Bug: T174032
Change-Id: Ia19a1617b73067bfb1f0f16ccc57d471778b7361
It is the job of git and svn to provide this information/metadata.
The form was different, some with short, some with long month name
some with leading zero at the day, some without.
The year is also present in the Copyright clause
Change-Id: If006907b82b9e45f13cfa2e45d41107a95570e1a
Adds two new ApiBase::getAllowedParams() keys:
PARAM_MAX_BYTES and PARAM_MAX_CHARS, to set a length
limit for a (string-like) parameter.
This makes it easy to document and enforce database
field length limits (where relying on the database
would either result in unfriendly error messages or
silent truncation, depending on DB settings) and
also exposes them in structured form so API clients
can verify the length without doing roundtrips.
Change-Id: I2e784972d7e11cad79fdef887bbcde297dbd9ce0
If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.
We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.
Issue reported by: Abdullah Hussam
Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
Adds two new parameter settings, ApiBase::PARAM_ISMULTI_LIMIT1
and PARAM_ISMULTI_LIMIT2 for configuring the maximum number of values
that can be contained in a multivalue field (for unprivileged and
apihighlimits users, respectively). When present, these replace the
default 50/500.
Change-Id: Ic1b1bcc7ff556b7762c8d2375d910cc4fcb43087
Undo traces of a practice we carried over from past projects and
existing examples that is neither universal nor actively encouraged in
the MediaWiki codebase.
Bug: T139301
Change-Id: I5c9c89b72a45a44aa4264a5e57b003c1a86cdf6e
Co-Authored-By: Brad Jorsch <bjorsch@wikimedia.org>
The module's summary will be used as the description of the value.
Since these are often very long lists, this also changes ApiSandbox to
collapse <dl> lists in parameter descriptions by default.
Bug: T123930
Change-Id: I205b68a52a94cae4c1cdf7ec9fd3e8a04d565919
This has a number of implications:
* A deprecation warning is automatically generated if the value is used.
* action=paraminfo can list it in a machine-readable manner.
* It is automatically flagged in the help when message-per-value mode is
used.
* In values lists in the help, it's specially marked (currently
strike-through).
* ApiSandbox will mark it in the widgets (currently strike-through).
Deprecation of submodules is not automatically detected here, that's
left for a later patch.
Bug: T123931
Change-Id: Idad6377063e457f9352a99df5c7cc15b1563579e
Links generated by the API are now aware of the user's preferred
language and will show documents in that language if available.
To test, log in to mediawiki.org and set your language preference to 'es',
then on an MediaWiki installation with this patch view the generated
expanded API help at `api.php?action=help&recursivesubmodules=1&modules=main`.
Each link to documentation on mediawiki.org should take you to its
translated /es subpage, if one exists.
Bug: T104518
Change-Id: I339a1f3ae1bce9d759cf251899d57c32b1def91e
Log events are sometimes attributed to a special page; it should be
allowed to use rcnamespace or lenamespace to filter for these.
It's also possible for special pages to be the targets of redirects, so
list=allredirects and prop=redirects should find them.
Maybe someday we'll record links to and transclusions of special pages
too (see T19597), so we may as well make it possible to query for those
as well via list=alllinks, list=alltransclusions, list=backlinks,
list=embeddedin, prop=linkshere, prop=transcludedin, prop=links, and
prop=templates.
NS_MEDIA has similar considerations: although we currently "normalize"
page links to the corresponding File and I don't think anything logs the
Media title rather than the File, transclusions and redirects do show
up in those tables.
Bug: T154319
Change-Id: I00348f83855c6c703b6bd6015f6d3bedc5bfd1c5
Adds support for specifying an asterisk '*' instead of a pipe seperated list
of all the allowed options for a multi-option param.
Adds a line to the api help for these parameters.
Adds a "allspecifier" key to ApiParamInfo parameter responses
Enables the default ('*') for parameters of type 'namespace'.
Bug: T124009
Change-Id: I3905bb2516dc1ff982f1beeac3deed6b69446a77
This follows up I28e8e0cb with the other things identified during review
of that patch.
Added dir="ltr" to:
* Module names in the linktrail
* Non-internationalized extension names
* SPDX license tags
* Help URLs
* Parameter names
* Module names in the list of values for a submodule-type parameter
* Value names when using message-per-value documentation
* Example URLs
Added dir="auto" to:
* List of values for enumerated-type parameters
* Default value for parameters
Change-Id: Ie3c08ec604e1796629912fa16e6db4ae3fdce72e
wikimedia/html-formatter is already present in mediawiki/vendor
as of 3954ca36ce3cbedc76c1763ad2694320c1327ce6.
Bug: T125001
Change-Id: Ie98096e5e3d325cde583bc66b21b8b41f2bba8b2
This will be used by AuthManager's API modules to document the fact that
AuthenticationRequest fields are accepted by the module, and to inform
the user reading the documentation how to determine what those are at
any particular time.
Change-Id: Ic7351de0f9bd239db17d584196e52a77112ed978
Loading CSS with OutputPage::addModules() causes a FOUC because the
styles are loaded through JavaScript, using addModuleStyles() fixes
this. But it doesn't load module dependencies, so load the
mediawiki.hlist styles explicitly in ApiHelp.
Bug: T117901
Change-Id: I1dfd194d686c05573eefc85d5dfd7ee2731bf286
These callers don't need to do purges, but can still perfectly
take advantage of this instance over a plain BagOStuff. Namely:
* Replication and snapshot lag awareness
* Preemptive regeneration
* Easy process cache support
The idea is for there to only be one caching class/factory
to use, instead of having rules for picking which one to use.
Change-Id: I8e362df451c0c28731fc853c044c4c4b8e097f01
New types 'text' and 'password' for where a <textarea> or
<input type="password"> would be preferred over <input type="text">.
Some timestamp parameters get actually tagged as 'timestamp'.
'submodule' types change the 'submodules' output property from a boolean
to an object indicating the mapping from values to module paths. And
they get an indication of the submodule parameter prefix (e.g.
generator's "g"), if applicable. "generator" actually gets reported as a
submodule type, using this new mechanism.
action=paraminfo will now indicate ApiBase::PARAM_RANGE_ENFORCE status,
and return better-formatted defaults for timestamps and booleans.
Change-Id: Ic862d6f8fe13f7eb6b4298683514d33af5823e47
Two things here:
* Identify the parameter types when they're not simple strings (or
already identified).
* Add a section to the 'main' module documentation that describes
booleans and timestamp formats.
Bug: T93982
Bug: T47652
Change-Id: I67da4f4c026616eed5669256b208b03350e756c0
