* Update extensions/AbuseFilter from branch 'REL1_43'
to 6ebcd929c7f7a2f8be715dfe39c59b53570829f0
- SECURITY: Use correct bitwise operator on CentralDBNotAvailableException
Why:
* When FilterLookup::getFilter throws a
CentralDBNotAvailableException, the code which calls it
sometimes catches the exception and then assumes the filter
has the maximum privacy level.
* This logic is broken as the wrong PHP bitwise operator is used
("&" instead of "|").
What:
* Update all uses of "&" to "|" in the affected places.
Bug: T389235
Change-Id: Idb08add69a55fb387ec51fb220cafc46542afd1a
CVE-2025-3469
Only use HtmlSnippet when the labels are not coming from a message, to
avoid XSS-via-i18n vulnerabilities.
Bug: T358689
Change-Id: If91500bc76b3ed8cdc58da4f9de326df6d201398
CVE-2025-32699
Ensure that Unicode NFC normalization can be applied to our HTML
output safely. Even though the W3C officially recommends against
normalizing HTML
https://www.w3.org/International/questions/qa-html-css-normalization#converting
this is still easily done inadvertently, especially when using the
MediaWiki action API which normalizes parameters and results by
default.
See also I671648603c4635a35585c860b4857f5ea085e47f in Parsoid, and
T266140 / I2e78e660ba1867744e34eda7d00ea527ec016b71 for another similar
issue.
The following changes are made:
* The various HTML serializers (Remex/Tidy-derived, as well as the
Html::* helpers) are tweaked to entity-escape U+0338 wherever it
appears.
* Similarly, Message::escaped() is tweaked to entity-escape U+0338.
* Finally, a post-processing pass is added to the OutputTransform
pipeline to catch any remaining U+0338 and entity-escape them.
This catches U+0338 added during any of the previous OutputTransform
stages (like TOC insertion, section edit links, etc).
*When backporting* this code will likely need to be moved to
ParserOutput::getText(), as the OutputTransform pipeline wasn't added
until MW 1.42.
Bug: T387130
Change-Id: I66564e14e730f5393f4fa5780b80f24de6075af5
Same as was done in 5f2584b648
Bug: T391586
Follows-Up: I966cddb337c9373ed3a369496548a8d8c538ae84
Change-Id: I757eb043f8043d6620fb69bd072d9bb9e97ad163
(cherry picked from commit 7a84c34398639d3422f81ab9711539c34d435621)
Almost every call to isCascadeProtected() (which uses short-circuit
mode) is followed by a call to getCascadeProtectionSources() (which
doesn't), so this attempted optimization (skipping a loop that does
some very cheap operations) actually results in worse performance
in the common case (because the result of the database query can't
be cached in short-circuit mode, and we must query it again), and
it makes the code really annoying to read or modify.
Relevant code: https://codesearch.wmcloud.org/search/?q=getCascadeProtectionSources\(|isCascadeProtected\(&excludeFiles=RestrictionStore.php|HISTORY|tests%2F
Change-Id: Ib9eb6cab28492776d40a10cbfb28e9c1cec8c1d2
(cherry picked from commit f9180c4a36fb8874fc0211f05a1eebaceb67aa0c)
If something inside the callback above throws an exception (e.g.
`parseCachedTable()` when the database is down), and it is caught,
`$this->mTablesLoaded` and `$this->mTables` will be left in an
inconsistent state for the rest of the request, causing confusing
errors elsewhere.
Bug: T388807
Change-Id: I79704d6d5c03d5e028c0c762a37fd55b953a4a6a
(cherry picked from commit 6d4f287059521fd4e7fe094ccb00aca54906b31f)
* Update skins/Vector from branch 'REL1_43'
to a4a127342e106a27d89253921cc771a978523a68
- Localisation updates from https://translatewiki.net.
Change-Id: I9189d564e985d3115d39dc29d2894421c0c491d4
* Update skins/MinervaNeue from branch 'REL1_43'
to 9dfbada4fe1994e279828289a424ecbfdc8b754c
- Localisation updates from https://translatewiki.net.
Change-Id: I54de52119783721703597574d7f2f6289c2db456
* Update extensions/VisualEditor from branch 'REL1_43'
to b890dad267289a9ecec8c02c3e6fedc957948e9f
- Localisation updates from https://translatewiki.net.
Change-Id: Ic7a4e06cc699ce46a339ffdbdb56f67e6be8a24c
* Update extensions/TemplateData from branch 'REL1_43'
to 514b72c1cd263c641d0fcf6eb6e564eec8b5f593
- Localisation updates from https://translatewiki.net.
Change-Id: I6379ffa6a64588002bb3c09704be965b326b5488
* Update extensions/TitleBlacklist from branch 'REL1_43'
to 8e8ebe02588343ea0d0c44095c2765632194f241
- Localisation updates from https://translatewiki.net.
Change-Id: Icb7281fa197293315391243f8784a1500b2e3999
* Update extensions/WikiEditor from branch 'REL1_43'
to 67f6158919d1d2e0de0a716c7cf4f7fbd240445a
- Localisation updates from https://translatewiki.net.
Change-Id: I1f4573b9768b025f17c6d20884fb75dc4fd91790
* Update extensions/Thanks from branch 'REL1_43'
to 40a5ba7f417f895a14f5289ed87f01b28a390ecb
- Localisation updates from https://translatewiki.net.
Change-Id: I0529ef09b62f23172f7d5ad4d1a6436e65f74af6
* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_43'
to c9db27e9a2ebda84c34093152b271bf5144ec26a
- Localisation updates from https://translatewiki.net.
Change-Id: I31f97c6fb5ef88ac605e341e29d028a7cd07c00b
* Update extensions/DiscussionTools from branch 'REL1_43'
to c834d0c8b36148162bf07ac0119a19e826411aaf
- Localisation updates from https://translatewiki.net.
Change-Id: I93d89edf1ac33b61a78644df6f91707ee6d16fd7
* Update extensions/LoginNotify from branch 'REL1_43'
to 4d98bf8ce172857c9eb274b321bc6e4bd266f93b
- Localisation updates from https://translatewiki.net.
Change-Id: I62f7463dd2dcb118cb4bd9311e2cc608af804c6c
* Update extensions/Gadgets from branch 'REL1_43'
to 94c0d38d5a5810b4cce22963a44aceb5e8dc1fd1
- Localisation updates from https://translatewiki.net.
Change-Id: I60fc02246401ef8095232e77fe082d902e0b3ac1
* Update extensions/ConfirmEdit from branch 'REL1_43'
to 4787b2e4be1886ab077a01f9e7d81aa0b28ca7af
- Localisation updates from https://translatewiki.net.
Change-Id: I9ba6b18fc17e045f3fa266df39774d55426b4bb0
* Update extensions/OATHAuth from branch 'REL1_43'
to 53f358b6ede92fce271c18d121de35ab53f9b8f2
- Localisation updates from https://translatewiki.net.
Change-Id: I2e1a81e1fea07d4f2e536564f4219b1acd77cb87
* Update extensions/Nuke from branch 'REL1_43'
to 45f54278c22d5f6d7af8ed47f2e0517ee725d070
- Localisation updates from https://translatewiki.net.
Change-Id: I47030b518a7df5d9007f681763b1bec54e652db6
* Update extensions/Math from branch 'REL1_43'
to 2360e60228dcac111f2063feb5104ab84878a898
- Localisation updates from https://translatewiki.net.
Change-Id: Ie4b516b2f3d27ca5672255c78de132c2bf623b91
* Update extensions/Echo from branch 'REL1_43'
to 951879a4181162f93b2d409a5374bce785eaf8f2
- Localisation updates from https://translatewiki.net.
Change-Id: Id53684b396220015d3867a09d14355f8fceb9d88
* Update extensions/CiteThisPage from branch 'REL1_43'
to 8daea44797f0be0fd876ffa66e0a433c9df86ac1
- Localisation updates from https://translatewiki.net.
Change-Id: I61d498ec32608a140784ce5a5b68021751730565
* Update extensions/Cite from branch 'REL1_43'
to 3966086815ff3cbb19f0bf47de37af1d1d4985f2
- Localisation updates from https://translatewiki.net.
Change-Id: I3dc69387a3d5267b9bac2f83be1faf2c18c87f03
* Update extensions/AbuseFilter from branch 'REL1_43'
to af756eb77c53b5e9440e3f96373dc87ae1dbbf11
- Localisation updates from https://translatewiki.net.
Change-Id: Ic8baddfab22267d0f37533c38dec9d9dd8aabe55
A crude solution for the acquireTarget() race condition. Use SQL
GET_LOCK() to lock the target from the acquireTarget() call until the
transaction is committed.
Add FOR UPDATE to the acquireTarget() SELECT, otherwise it just sees the
snapshot version of the row and inserts a new row anyway.
Add a test which reliably failed prior to the change.
Reword the ipb-block-not-found message. This is normal for simultaneous
blocks of the same target. Don't contact us. In the API, remap it to
"alreadyblocked".
Bug: T389028
Change-Id: I1fa35bf08d456a93930194786f77df389217ba61
(cherry picked from commit 2b65587e4d92e7f27661e8821b14f74ade939cfa)
Added in 2022 with I7d97c9e2d4 (c6a0d433ec) for Ie430acd075
(e82f11c246) which was (after a revert and re-apply) eventually
removed after the warmup completed (I852060c8a4, 3df4952385).
Bug: T322672
Bug: T387478
Change-Id: I1921b4f985fb27b2227aef4a0eba6751c1c0b8d5
(cherry picked from commit 2a5cf3fde93263156557bc1efd21c5a74ce67725)
These .htaccess files are intended to prohibit all web access. But if
the user sets "Satisfy Any" on a parent directory, in conjunction with
any permissive require directive like "Require all granted", access will
be allowed despite "Require all denied" in .htaccess.
So, override Satisfy so that the "Require all denied" will reliably take
effect.
Note that "Satisfy All" is the default. This only affects non-default
installations.
Change-Id: Ia5862fb69e439b7ea2ed7af011e1ebf8f1b1f6d6
(cherry picked from commit a50d2e69f8ce9e5720b05615d04c35cc9008b6ae)
Why:
`ChangeTags::buildTagFilterSelector` is an opinionated chain of calls
that results in the markup for a select input with specific tag options
(explicitly and software defined tags that have hits). In order to
support customization to the `HTMLTagFilter` widget, add support for
parameters.
These parameters will support filtering for active-only tags or not
and choosing between all on-wiki tags or software-defined tags only.
What:
- Support an `activeOnly` parameter, which will either show all defined
tags or only tags that have hits (active)
+ For legibility, add `TAG_SET_ACTIVE_ONLY` and `TAG_SET_ALL` constants
to support this parameter
- Support a `useAllTags` parameter, which if true will use all tags
and if which false will only use software-defined tags
+ For legibility, add `USE_ALL_TAGS` and `USE_SOFTWARE_TAGS_ONLY`
constants to support this parameter
Bug: T378622
Change-Id: Ib6ba27944cdf22bdb05dbfd34b2e5f8727261da7
* Update skins/Vector from branch 'REL1_43'
to b3b626ca4c4c2ad1fd0826df66584e44b0abce9e
- Localisation updates from https://translatewiki.net.
Change-Id: Icf5e320c04f81628b08ed5840b6f652ffa7653ae
* Update skins/MinervaNeue from branch 'REL1_43'
to b2ba6a11714b4174e7480812f651f6c025800cde
- Localisation updates from https://translatewiki.net.
Change-Id: I367af2b7e95a4cfe3c494c134b3869d9c880f1aa
* Update extensions/VisualEditor from branch 'REL1_43'
to 5ed4cace4d4dabea008aadfbd38eb016dd829262
- Localisation updates from https://translatewiki.net.
Change-Id: I0a4d84e4dfffdc131236b24a4c026e0b0cc17138
* Update extensions/WikiEditor from branch 'REL1_43'
to 5849697112b4262b84641b3c75134fc51fce4d7d
- Localisation updates from https://translatewiki.net.
Change-Id: Ic554b3e9be177206c1b3e859e332f007683e232c
* Update extensions/Thanks from branch 'REL1_43'
to d9f54da5ea3c26147eb524c057dafddb5111bfc7
- Localisation updates from https://translatewiki.net.
Change-Id: Iabd3669bb4e655160fd8f77402f48566c9b77344
* Update extensions/TemplateData from branch 'REL1_43'
to b28df6b9e0481eef4b8267f0680b15eae35f01e3
- Localisation updates from https://translatewiki.net.
Change-Id: I258cdf282a7883bee6ccfb88e2e6971a35711a6f
* Update extensions/ReplaceText from branch 'REL1_43'
to f5d1655cb951c223b651b995026a1277a9f54687
- Localisation updates from https://translatewiki.net.
Change-Id: I862f888cb58f33f8804406ec73e8ae3c45b69c79
* Update extensions/OATHAuth from branch 'REL1_43'
to 29a92b55cf924904ce4db26480a04640b4d75bb8
- Localisation updates from https://translatewiki.net.
Change-Id: I488e0d21c7e161c4cfb5e86b1435c8319f4a57ee
* Update extensions/Math from branch 'REL1_43'
to 5cb946d0414a88e4dfb987c4b2c8f914fcdd4512
- Localisation updates from https://translatewiki.net.
Change-Id: I3f0137fd8acaee8008c71cd41df6f941546ba0c7
* Update extensions/LoginNotify from branch 'REL1_43'
to 704c0935c328a6d54ac9de35d267d20bafa95662
- Localisation updates from https://translatewiki.net.
Change-Id: Ib9b795ec6d16de89318e44bcf068f440166aeca7
* Update extensions/Gadgets from branch 'REL1_43'
to dbb306d688eff92960462d6665a813dfb1e473aa
- Localisation updates from https://translatewiki.net.
Change-Id: I9d8b307f104f8bfd1e7499860ad73389ceec53b2
* Update extensions/DiscussionTools from branch 'REL1_43'
to b393b26919e8b0569f20fb92e346bae4d3bce6fe
- Localisation updates from https://translatewiki.net.
Change-Id: I7659470856cf85aa8fd0440587adbf0fa144622e
* Update extensions/Echo from branch 'REL1_43'
to 1d763647b62657e2e6ef1f9de634e22c5addbed5
- Localisation updates from https://translatewiki.net.
Change-Id: I15a4e3b176374b0651167fc50d7b02f4a8ec4303
* Update extensions/ConfirmEdit from branch 'REL1_43'
to 6e607bd765d7c7aee9953740d43be5af34b62449
- Localisation updates from https://translatewiki.net.
Change-Id: I167c54df611c9b640a713c4f4901b64f084e29a3
* Update extensions/Cite from branch 'REL1_43'
to 059a478748aeb63ebe96c10b33bcedc46bd993d4
- Localisation updates from https://translatewiki.net.
Change-Id: I66b42034141c63e577f0fc466b8b5d57605b5c0f
