LinkCache::getSelectFields() includes page_title and page_namespace
since If77c2f9879d7bae71eb59944efd8b3798d16aa46, so we don't need
to add those two specifically.
Change-Id: I8fa9d563af3f9da90fb96369dab0ee5bde860081
Use name constants instead of string literals in calls to Config::get
and ServiceOptions::get, when referring to core configuration variables.
This protects against typos and makes the decumentation and schema
declaration of the config settings discoverable.
This is the first batch, only touching files directly under /includes/
Change-Id: I7252e636c7c86d950d9257b33491af492c6dd5eb
Make phan stricter about null types by setting null_casts_as_any_type to
false (the default in mediawiki-phan-config)
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T242536
Bug: T301991
Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
This tiny stylesheet isn't worth keeping a separate bundle entrypoint
for. Document a basic budget for mediawiki.action.styles and move it
in there.
Given that category pages are cached in the CDN the same way as
article pages are, keep the old module around for a week as its cached
pages will still be loading that module, and those page did not load
the "mediawiki.action.styles" module yet.
Another way could have been to first add "mediawiki.action.styles"
to CategoryViewer.php, and have that load alongside the old module
for a week (without moving any styles). Then the week after, move
the styles over and delete the old module. The cached pages will
be referencing both and finding the new styles under the new module,
and the old module would simply be ignored as no longer existing.
Change-Id: If406ce2ae38eb165758add6099b2106794bf225c
Don't catch and discard exceptions from the RequestTimeout library,
except when the exception is properly handled and the code seems to be
trying to wrap things up.
In most cases the exception is rethrown. Ideally it should instead be
done by narrowing the catch, and this was feasible in a few cases. But
sometimes the exception being caught is an instance of the base class
(notably DateTime::__construct()). Often Exception is the root of the
hierarchy of exceptions being thrown and so is the obvious catch-all.
Notes on specific callers:
* In the case of ResourceLoader::respond(), exceptions were caught for API
correctness, but processing continued. I added an outer try block for
timeout handling so that termination would be more prompt.
* In LCStoreCDB the Exception being caught was Cdb\Exception not
\Exception. I added an alias to avoid confusion.
* In ImageGallery I added a special exception class.
* In Message::__toString() the rationale for catching disappears
in PHP 7.4.0+, so I added a PHP version check.
* In PoolCounterRedis, let the shutdown function do its thing, but
rethrow the exception for logging.
Change-Id: I4c3770b9efc76a1ce42ed9f59329c36de04d657c
getPageCount() method return `cat_pages`, a value that makes sense
on database table but is currently non-intuitve in object context
where there's a value that better deserves the name. This makes it
necessary for callers to repeat same logic to get the content pages
count and a comment to explain the behavior.
In this patch, getMemberCount() is added. It returns the total
member count as getPageCount(), by default, does now.
getPageCount() now takes a parameter and two public constants are
provided for that; Category::COUNT_CONTENT_PAGES return count of all
memebers to retain existing behavior, Category::COUNT_CONTENT_PAGES
will return only content pages.
In future there'd be no need for the parameter. Content pages will
be returned always. Total member count is already accessible with
getMemberCount().
Also improve return type doc of getId() and getName()
Bug: T299350
Change-Id: I63c711ebc697c1a131a50910c854f956d4021254
Use ObjectFactory specs for collation classes
Avoid the language construction in the factory class,
make it a detail of the implementation of each class
Follow-Up of Ifc96f851e6091ce834dbaf0e91695c648a42169c
Bug: T286079
Change-Id: Ib581f64aec8619986fb8dd49ceee0524d59a1b84
Each files' changes can be reviewed independently
There may be places in the files that I didn't catch -
this is not meant to be an exhaustive replacement
Even where it may make sense to use Html::element,
Html::rawElement is used in this patch to avoid changing
any behavior.
Change-Id: I26eaacc65106f10a5066c31d82f6594a59ff1281
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
isset() does two things: It checks if a variable (or array element)
is declared, *and* it checks if it is null. If a variable is null,
isset() fails as if the variable was not set. All these additional
null checks are dead code.
Change-Id: I71e8cc26dac839c9d081bf00b4164b7b5147e586
One use case of display title is to localise page names with Translate
extension or without. While the page title changes, the subheadings still
say something like "Pages in category Foo/de".
Also converted one raw HTML message to be a parsed message.
First version of this patch caused an issue when previewing
because page title in h1 is not the same as page display title.
This issue is fixed by promoting page display title as it's own member
in OutputPage. Also added getUnprefixedDisplayTitle that attempts to
strip away the namespace prefix to mimic Title::getText() but which
works with display title instead.
Bug: T43720
Bug: T46197
Change-Id: I6097a873297eb57759252fc56ad6d02c44e4c366
Directly use the UTF-8 encoding of the 'NO-BREAK SPACE' (U+00A0) instead of
the HTML/XML entities   or   or .
With the UTF-8 character the generated HTML is shorter and better to read.
Also change the special value for the label in HTMLForm from   to
U+00A0 but also support   for backward compability.
Bug: T154300
Change-Id: I882599ac1120789bb4e524c4394870680caca4f4
prev-page and next-page were being escaped when they were a
link, but not when they were plain text. They should be escaped
in both cases.
This issue was discovered with an experimental phan plugin I'm
working on.
Change-Id: I6caac76299b21a54cd7cb732ad93187e3d37c99e
Fixes regression from 1885a1ac46, which accidentally removed
page_namespace and page_title as select fields.
Bug: T146873
Change-Id: I19cff0cf5bc015da7311196749a9201a8e458b49
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
One use case of display title is to localise page names with Translate
extension or without. While the page title changes, the subheadings still
say something like "Pages in category Foo/de".
A display title is now used if provided. There is one questionable thing
what to do with namespaces and display title. In this case I think it is
better to have the namespace prefix displayed (or not) according to what
the site admin wants, because we cannot safely strip the namespace prefix
from display title.
By using the page title from OutputPage, we already get a name which is
safe for HTML with no further processing. The name is passed as a raw
parameter which breaks magic words (if any) trying to access the value.
It is easy to fix this by using FULLPAGENAME magic word instead.
Also converted one raw HTML message to be a parsed message.
Bug: T43720
Change-Id: Ide7d4a9ee5c76b6360b53aefd76a2e17a139173f
