While creating users, we have several interesting corner cases:
- When creating a new User, we actually rely on the 'unique'
constraint on actor_name. This is important if something calls
'User::createNew' with a name that is already occupied by an
existing anon actor with no user. This is quite a weird corner case,
but there's a test for that. We could probably assimilate this
nicly in actor store by checking whether the user id in the database
for the actor we found is the same as user id in the passed in user identity.
- Even more interesting use-case is 'subsuming' existing actors with
reserved user names. When we call User::newSystemUser, and there is
already an actor with the same reserved name, we 'subsume' that actor
and take over it's actor_id for our new system user. This can now be
done with an upsert. This state of having reserved actor with no user
is not easy to cause, but imports or updating from old MW versions
seem to be able to produce this state. Archeology revealed that
'subsuming' existing actor was added for installer.
Change-Id: I16b2f088217db0283215fc2ef5fb04a3742e1626
This issue type was globally suppressed in
I849ac4f120fd15b483e8939d4db45c98dc351259 to make reviewer easier.
This adds inline suppressions or @suppress directives on function
docs for false positives, mostly restoring those removed in
I849ac4f120fd15b483e8939d4db45c98dc351259
Bug: T231311
Change-Id: I1b1d814bd907e9d49fcc39f777982936574fc7c6
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
For partial blocks the special page adds a link to the page, this should
be preloaded to avoid one query per link for the blue/red color
Change-Id: I9cc23923a48b51d9389479370aeec642476700ae
This patch fixes the documentation of newFromText and makeTitleSafe to
no longer state incorrectly that any Title they return is guaranteed to
be valid. That has never been true.
It also makes canExist() checks a lot stricter, to match the assumptions
of current callers, namely that the title can exist as a wiki page.
Finally, it replaces several existing calls to isValid() with calls to
canExist().
Bug: T229705
Change-Id: I2a483136ec6acca49afb5eb32cb94616672b8fb2
Currently, there are 3 block messages: sitewide, partial with restrictions, and
non-editing partial blocks. This will add namespace restrictions to the
partial editing blocks message type.
Bug: T204985
Change-Id: Ic17d5459e67c267fdee1fb2513d67428148ac85d
Block information needs to be more detailed if a block is not
sitewide. With this change, page restrictions will be visible
as part of the block information in Special:Contributions,
Special:Block, and Special:Log and via API
Bug: T197108
Change-Id: I5d2ef606f709bdd60bf52e2a048890b0f6360fca
htmlspecialchars[1] encodes only double quotes not single quotes.
Therefor the HTML attribute must enclosed with double quotes for
correct output encoding.
[1] https://secure.php.net/manual/en/function.htmlspecialchars.php
Change-Id: I3fec5299585187ed70d62b9248007af34b0db85b
For this add an user parameter to Language::translateBlockExpiry.
This allows the function to display the absolute block expiry in the
user's time zone. Use this when formatting block log entries.
This also avoids the use of $wgUser
Bug: T131241
Change-Id: If0a1d3c88bb4242a016eb9b2df115413de786149
Old and very old log params may omit a duration or flags. Always adds
these parameters to the output.
Also simplify the infinity check (see also
I5eb68c1fb6029da8289276ecf7c81330575029ef) and check the return of
strtotime.
Bug: T92902
Follow-Up: I6846ce09322eb404c506b5a51780a44ce9279fe2
Change-Id: I9109a27f416b002e5c562a1454d8c373dcf98fb4
This allows for extensions to format their log entry parameters, and
keeps the code for formatting API log entry parameters in the same place
as for other formatting.
This also takes the opportunity to rearrange the output format slightly
to avoid conflicts like what's happening in T73020.
Bug: T35235
Bug: T73020
Bug: T91466
Change-Id: I6846ce09322eb404c506b5a51780a44ce9279fe2
Very old blocks form 2004 have not any log_params and therefor enforce a
duration of infinite to be shown on Special:Log.
Follow-Up: Ibc7fcaa5a952ff90d42a6477da4baa429f3de64b
Change-Id: I4bdfab1ff865501a780ed0c7c50e2b1bab467a4b
The new block log params does not known the message number 4 (which is
index 3), therefore LogFormatter::getMessageParameters adds empty index
to keep the sequence in strong order.
But the loop was starting at index 4, not 3, which skips the needed
empty index 3 for the order.
Due to the missing $4 the legacy log params returning index 3 and 4,
therefore move them one up to match the new numbers.
Also fixed undefined index warnings for api's list=logevents
Follow-Up: Ibc7fcaa5a952ff90d42a6477da4baa429f3de64b
Change-Id: Ie23be129ee2bd1d2bf753c3b5cba293d64b8e0e8
This allows use of gender on Special:Log.
Old messages are kept for use in IRC.
A test was added to ensure an unchanged IRC message.
Bug: T57402
Change-Id: Ibc7fcaa5a952ff90d42a6477da4baa429f3de64b
