These implemented a since-abandoned draft IETF spec, and the code was
broken due to (1) case-(in)sensitivity issues with the Accept-Language
header and (2) the BCP47 language code compatibility workaround we use.
Change-Id: Ia53d07cd8ce8ab1497294ea244c13c7499f632c7
This is a follow-up to Ica5d1ad5b1e677542962fc36d582a793f941155e and
updates a bit of documentation missed in the original patch.
Change-Id: Iaf2b07be4b6946782780a846f026c071edaaf567
The Preprocessor_DOM implementation doesn't interact well with PHP memory
profiling, and has some limitations not present in the Preprocessor_Hash
implementation (see T216664). There is no reason to keep around two
versions of the preprocessor: it just complicates on-going wikitext
feature development.
Hard deprecate use of Preprocessor_DOM, so we can remove the redundant
code in a future release.
Bug: T204945
Depends-On: Id38c9360e4d02b570996dbf7a660f964f02f1a2c
Change-Id: Ica5d1ad5b1e677542962fc36d582a793f941155e
Add some of the basic REST API class hierarchies:
* EntryPoint
* Router
* Request
* Response
* Handler
The actual entry point file rest.php has been moved to a separate
commit, so this is just an unused library and service.
Bug: T221177
Change-Id: Ifca6bcb8a304e8e8b7f52b79c607bdcebf805cd1
Allows uploaded files to include some HTML tag strings that were
previously forbidden in the first 1k or so of the file:
* <a href
* <img
* <pre
* <table
* <title
They are now allowed as long as the IE MIME type detection heuristic
would not change their types. This should reduce the number of false
positive checks in JPEGs with EXIF data with links.
Also deprecates $wgAllowTitlesInSVG and allows it by default.
This should still protect against malformed PNG attacks on old IE
versions, though false positive checks are conceivable on PNG files
containing comments very close to the beginning of the file.
Adds $wgVerifyMimeTypeIE config var to allow disabling the IE checks
entirely, if desired, but leaves it in place by default. These are
more conservative than the checks that were removed.
Added test cases for the old IE5/6 bug and the particular sort of
JPEG metadata that struck false positives previously.
Bug: T27707
Change-Id: I66642a74fce1a1894cad67d62b0da61020db469a
This is to counter spam where people use Special:ChangeEmail to
spam people with the confirmation email and using the username
to promote their thing
Bug: T209794
Change-Id: I8b2bd0f60c66f44c91dc78e3512a73e4237df2f3
This for example will allow to display descriptions by setting:
$wgSpecialSearchFormOptions['showDescriptions'] = true;
Bug: T55652
Change-Id: Ifdbca4c508314cb950f2835ee65caea18e0af5b1
For tracing and logging purposes, we want to be able to see/generate the
list of all of the requests that happen in the environment for a given
external incoming request. To that end, allow Mediawiki to accept the
request ID provided by the incoming request as its own.
Since this may be problematic for set-ups that don't have an entity in
front of MW that sanitises the headers on the way in, introduce a new
global variable, `$wgAllowExternalReqID`, that can disable this
behaviour. By default, the feature is disabled.
Bug: T201409
Change-Id: I605471fb8b5bbc290baeecc7d80d9d715cb240c9
All methods got moved to HttpRequestFactory or MWHttpRequest or dropped.
I made the return value of the new HttpRequestFactory::request/get/post
methods null on error instead of false, so that when we drop PHP 7
support, we can use a "?string" return value. This could theoretically
change behavior of code that was switched from the old Http methods, but
probably won't. I kept the old behavior for the deprecated methods.
I changed the default value of $wgHTTPProxy from false to ''. This way
it should be usable directly without a trivial wrapper method. For the
benefit of anyone who might have set it to false in LocalSettings.php, I
also recommend casting to string just in case.
Http::$httpEngine is deprecated. Eventually it will be removed along
with the curl and PHP engines, leaving only the Guzlle engine.
I also added deprecation of MWHttpRequest::factory, which occurred in
1.31, to the release notes for 1.34. Now hopefully we can hard-deprecate
it in another couple of versions.
Bug: T214390
Change-Id: I2a316a758d793857f248bd251b90f5e9a6440e3a
Probably good to start testing this in CI sometime soon.
This also updates a bunch of tests that were forcing an older stage to
force SCHEMA_COMPAT_NEW instead, or to test both ways (until a future
patch removes the _OLD version).
Bug: T188327
Change-Id: Icb9b55cb9d754f2d30d6883005658b9670834756
Doing the replacement for code logic for where it's used is breaking
compatibility, the first change set did this but as adviced, let's wait
for a while until the class is removed.
Change-Id: I3cc0593080f0d51b380c9cdbabc646459e6798e1
This is a clean up after collecting the necessary data related to
blocks and how often users see the block notices
See: https://phabricator.wikimedia.org/T189724
Bug: T214214
Depends-On: I047587c064e63e8bd4b933351edfec298f7c7956
Depends-On: I532a0cd95009109ba25caa8dd31badd5c1900da7
Change-Id: Icfa74ad6337c0a4f12ae24b43d36c0e3cb302a3b
This will allow to create 2 separate populations in
order to verify the effect of the hint.
It's fine if it's not exactly balanced in practice,
what matters is getting a significant amount of
traffic for both scenarios (origin trial is enabled +
an image is given high prio/origin trial is enabled +
no image is given special treatment).
Bug: T216499
Change-Id: I373960b2bed8437c2e97e6d729d43aff6901046c
Different PHP versions treat unicode differently, and specifically some
wiki resources become unreachable if mb_strtoupper's behavior has changed.
This patch allows to introduce an override table that allows to smooth
the transition period.
It also provides maintenance scripts to generate such an override table.
Bug: T219279
Change-Id: I0503ff4207fded4648c58c7b50e67c55422a4849
MWNamespace::clearCaches() has been removed entirely, along with the
$rebuild parameter to MWNamespace::getCanonicalNamespaces(). The rest of
MWNamespace is deprecated.
Diff best viewed with -C1 so git notices that NamespaceInfo is a copy of
MWNamespace.
Depends-On: Icb7a4a2a5d19fb1f2453b4b57a5271196b0e316d
Depends-On: Ib3c914fc99394e4876ac9fe27317a1eafa2ff69e
Change-Id: I1a03d4e146f5414ae73c7d1a5807c873323e8abc
Probably good to start testing this in CI sometime soon.
The unit tests being changed here are:
* Hacky importing of a revision in MessageCacheTest, changed to use an
interwiki username.
* WikiPageDbTestBase will get null rather than 0 for ar_user.
* DumpTestCase was using a custom IP $wgUser when creating its test
revisions, which was winding up referring to an actor_id that had been
deleted from the database. Fixed by having it use a registered user
instead.
Also this has MediaWikiTestCase reset the $wgUser User object when the
actor table is truncated, as various tests were otherwise failing because
it was caching a later-deleted actor ID for User:127.0.0.1.
Bug: T188327
Change-Id: Ic483d0fda931810ac639b9de1cc5e5a4ef8161cc
Depends-On: I1bd0288cc132627d75b4001219522ec5e952eda7
This patch removes the temporary rollback confirmation toggle that was
implemented to allow certain wikis to disable the rollback confirmation
feature while still showing the option in the user preferences.
For reference:
https://gerrit.wikimedia.org/r/c/mediawiki/core/+/494249
Bug: T217437
Change-Id: I001d7927f6f44a4cc517a80b71f5b83aca33824c
This was an experimental configuration setting and was supposed
to be removed in 1.33. Also, remove option from db.
Bug: T196185
Change-Id: I357348505589ff963d668acadce3b58fe2a1b0bb
This change implements a temporary feature toggle for the rollback
confirmation change. The main purpose is to allow users of certain wikis
(de-wiki, pl-wiki, for example) to turn off this upcoming feature before
it is released to production.
Bug: T217039
Change-Id: I6ed59afde5b75756053da3ae46858304dda9317d
Ensuring the new value is at least as high as 1 second higher
than the current value is sufficient.
The main code paths using this are checkAndSetTouched (for user group
changes) and saveSettings(), both of which use makeUpdateConditions() which
ensures we bail out if something else already wrote to it in the mean time.
As such, there is no longer a need to make sure our time is higher than
something another server may have written, given that is no longer something
we support.
This variable was introduced in 2005 (MW 1.4) with r9403 (1d12276bcb),
and factored out as newTouchedTimestamp() in 2007 (MW 1.8)
with r16772 (c1094ba987).
Change-Id: I940fb0dd125286a4a348c11e2c8d197f9288a75d
This seems to have been intended as optimization for SiteStore,
but was never used as far as I can tell. Instead, SiteStore is
already cached via LocalServerCache (APC).
Keep the FileBasedSiteLookup class for one release cycle in case
third parties not indexed by MediaWiki Codesearch are using it.
== History
* 2013: Report of high memcached usage by Wikibase via SiteStore.
* 2014: Lazy-load the data in Wikibase (d3f2e99cb6).
* 2014: Implement the file-based cache (via T47532 and 90f6efc360).
* 2015: Use local-server cache (APC), per T58602.
The file-based code was never used. The related task marked
invalid (T47532).
Change-Id: I8e2d9edcf3880149f824cc3de37793ca57435b49
