Each of these scripts had a class name that was not referenced outside
of the script file itself, and are safe to rename as a result.
Change-Id: Id605aca11db51ee433baeaa998a0e33184c930ca
This workaround was needed when ICU in production was broken
but after T189295 this is not needed anymore and we switched off
this collation from all Persian Wikis already
Bug: T139110
Change-Id: Ifad89555b6ac96a3eb36ca24b55e1f8ee57a1f05
Old bugs and such may have left the archive table with multiple rows
using the same ar_rev_id, or rows that also exist in the revision table.
These need to be cleaned up for MCR.
The maintenance script added here will delete rows that appear to be
duplicates of the same change, and will assign new IDs to rows that do
not appear to be duplicates.
Bug: T193180
Change-Id: I39b0825c9469e074ded3df33a4f06a1ef0edb494
Adds a maintenance script to populate the field, has that be
automatically run during update.php, and drops the no-longer-needed
default value on the column (where possible: mssql has some sort of
constraint thing going on that I have no idea how it works).
Bug: T59176
Change-Id: I971edf013a1a39466aca3b6e34c915cb24fd3aa7
The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.
This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).
This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.
This is behind feature flags that are off by default, so
merging this patch should not cause any change in default
behaviour.
This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)
This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).
For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:
https://www.mediawiki.org/wiki/Requests_for_comment/Content-Security-Policy
Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5
The Html5Depurate driver was intended to be used with an external Java
service, but it never gained traction due to deployment concerns.
The Html5Internal (Balancer) driver was originally intended for use with
the balanced templates proposal and could also handle tidying. But it was
tightly coupled to MediaWiki, so part of it was used as the basis of the
RemexHtml library. Remex most likely can also implement the balanced
templates proposal, so there isn't any reason to keep the Balancer code
around anymore,
Change-Id: I8542d69e9cdbf0e2fb7ebbb919933a64c1b8c293
The RevisionSlotsUpdate interface represents a change to a pages slots,
as applied by an edit.
This also introduces RevisionSlots::hasSameContent and pulls up
getTouchedSlots() and getInheritedSlots() from MutableRevisionStore
to RevisionStore, in preparation of using these classes in the
refactoring of WikiPage::doEditContent and friends.
Bug: T174038
Change-Id: Idb0ef885b343a76137b640fdfc1bf36104b00895
This will make jumping from file to file much easier in text
editors when file name lookups will autocomplete naturally when
looking for a class by name.
Change-Id: I4b2e55a2e72674b619d5a592866c8a019a2b0224
This ResourceLoader module provides a way to ship
messages to CSS variables.
We will need this going forward to deal with flash of
unstyled content in various JavaScript based UIs that
are subject to i18n such as table sorting and
collapsible elements.
To avoid overhead of hitting the database to fetch and
transform localisation messages we make use of the MessageBlobStore
making use of `messages` definition already inside
ResourceLoaderFileModule. Given this resource is only intended
for render blocking styles without JavaScript this should be okay
(although if requested in JavaScript will also ship associated
messages)
Bug: T42812
Change-Id: I2bf12cdc848478889acbe9a7a970e46f8aefa287
This script creates SPARQL UPDATE statements for changes in a given time
period. These statements can be applied to an existing database to
update it.
See tests for examples of how the statements look like.
Bug: T173774
Change-Id: I9867ad566c0619b55a48a011bd3c55321b1bfcff
Special:Block needs a date time selector for easier selection of expiry. To
accommodate this cleanly, a new Expiry Widget is created that handles this
logic.
Bug: T132220
Change-Id: I2853a2ca0ae6ccead3978f4bb50a77c2baa3a150
As there will likely be extensions bundled with the 1.31 release that
depend upon other extensions, we should have the installer prevent users
from enabling extensions that depend on other, not-enabled extensions.
We can build a dependency map from extension.json's "requires"
component. On the client-side, we'll first disable all checkboxes that
require other extensions, and evaluate each checkbox click, updating the
disabled checkboxes as possible.
This required some refactoring of how ExtensionRegistry reports issues
with dependency resolution so we could get a list of what was missing.
While we're at it, sort the extensions under headings by type.
This does not support skins that have dependencies yet (T186092).
Bug: T31134
Bug: T55985
Change-Id: I5f0e3b1b540b5ef6f9b8e3fc2bbaad1c65b4b680
* Make startAtomic() return a token that can be used with cancelAtomic()
cancel any nested atomic sections that have not yet been ended.
* Make doAtomicSection() clear dangling nested sections by default.
* Also give doAtomicSection() a $cancelable parameter, having the
same default as startAtomic().
Change-Id: I75fa234cb1dcfef17dc9a973a3b02d2607efa98e
Because it doesn't work. `phpcs:ignoreFile` is intended as a performance
shortcut, and gives up on the file as soon as that token is found.
Instead, use `phpcs:disable` which does support selectively disabling
some sniffs. And since disabling is local to the file, there's no need
to re-enable it at the bottom of the file.
<https://github.com/squizlabs/PHP_CodeSniffer/issues/1903> has some
relevant discussion and clarification from upstream on this.
And make the files that are now being re-enabled pass PHPCS.
Change-Id: Ia4d8c45045f61cf9f24eb1d8631ff98d99c82d69
Handle all errors in query() that might have caused rollback by
putting the Database handle into an error state that can only be
resolved by cancelAtomic() or rollback(). Other queries will be
rejected until then.
This results in more immediate exceptions in some cases where
atomic section mismatch errors would have been thrown, such as a
an error bubbling up from a child atomic section. Most cases were
a try/catch block assumes that only the statement was rolled back
now result in an error and rollback.
Callers using try/catch to handle key conflicts should instead use
SELECT FOR UPDATE to find conflicts beforehand, or use IGNORE, or
the upsert()/replace() methods. The try/catch pattern is unsafe and
no longer allowed, except for some common errors known to just
rollback the statement. Even then, such statements can come from
child atomic sections, so committing would be unsafe. Luckily, in
such cases, there will be a mismatch detected on endAtomic() or a
dangling section detected in close(), resulting in rollback.
Remove caching from DatabaseMyslBase::getServerVariableSettings
in case some SET query changes the values.
Bug: T189999
Change-Id: I532bc5201681a915d0c8aa7a3b1c143b040b142e
Revisions deleted before MediaWiki 1.5 do not have a value in this
field. This is going to be a problem for migration to the MCR schema, so
provide a maintenance script to clean this up.
Then, for good measure, change the schema to make the field
non-nullable.
Bug: T182678
Change-Id: Ie2e11f12a30f379db32c3e074658012c6f93adb0
* Convert OutputHandler.php from global functions to a class.
- wfOutputHandler → OutputHandler::handle
(no alias, no usage outside core)
- wfGzipHandler → OutputHandler::handleGzip
(private, no usage outside class)
- wfRequestExtension → OutputHandler::findUriExtension
(private, no usage outside class)
- wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy
(private, no usage outside class)
- wfDoContentLength → OutputHandler::emitContentLength
(private, no usage outside class)
- wfHtmlValidationHandler → OutputHandler::validateAllHtml
(private, no usage outside class)
* Add the class to autoload.php for exposure outside WebStart.
Specifically, for use in ApiFormatPhpTest. This also removes the
need to manually load the class because this code runs after
Setup.php loads AutoLoader.php.
Bug: T189966
Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
If the $var argument is provided, then it will make the resulting
count exclude rows where the value for that column is NULL.
Also add buildSelectSubquery() method and Subquery
wrapper class for use with select() for calculated tables.
Change-Id: I549d629af99afdf370602de095f7fba6d1546c37
This creates a new log formatter called WikitextLogFormatter, which
is a simple class that allows log entries to contain properly
formatted wikitext. This makes it easier for extensions so they don't
have to create their own subclass of LogFormatter.
Change-Id: I2b7fddf5c6ef017a0925b4bf75cfd47cb55aa5de
Storing the user name or IP in every row in large tables like revision
and logging takes up space and makes operations on these tables slower.
This patch begins the process of moving those into one "actor" table
which other tables can reference with a single integer field.
A subsequent patch will remove the old columns.
Bug: T167246
Depends-On: I9293fd6e0f958d87e52965de925046f1bb8f8a50
Change-Id: I8d825eb02c69cc66d90bd41325133fd3f99f0226
This is to be used within the FileImporter extension to allow
adding custom loggers to this import process.
Change-Id: Ib094d4829764ccc8e5bd2619fb827d701ae06d43
This is to be used within the FileImporter extension to allow
adding custom loggers to this import process.
Change-Id: I4a6c573fc0a69b06d696cd2afca9226fb492a9bc
Each expired row has to be fetched from the user_groups table, deleted
from that table and added to the user_former_groups table. Per Jaimes
request, let's not do this for all rows at once but for smaller chunks
and wait for replication to catch up after each chunk has been
processed. In addition the function to purge the expired rows now sets a
lock so that there won't be multiple concurrent runs.
Also, cleaning this table up isn't urgent and thus should be done in a
job and not a deferred update, so let's move it there.
Bug: T176754
Change-Id: I671d4b9d09677a2f474477ba7fea33a44d6318aa
It was never super popular anyway, APC was always the best option.
The project has no plans to move to PHP7, so it's quickly reaching
its end of life. Oh, and Fedora dropped it from their repos 2 years
ago.
Change-Id: Ia3257e86a6323d8943f04a5c05c72c0bd4c4b0a9
This will be used for deep category search implementation,
also Wikibase one in repo/maintenance will be changed
to use the same codebase.
Bug: T185127
Change-Id: Ie8dd4a5aff55d90f02426f1430ed5214c7327bbc
Deprecate the unnamespaced version and move it to includes/compat.
Bug: T147167
Depends-On: I39c805bfb98b32f32f3d0dc1eee9e823afe1c21a
Change-Id: I3780c7adf51683f3f7adb35a88f9a25a0a2e2530
This will allow classes that need MWHttpRequest to inject HttpRequestFactory
and thus make it overridable and testable.
Also made MWHttpRequest abstract class since it doesn't implement
execute anyway. Maybe a good idea to move execute to an abstract
method?
Change-Id: I5c0e035542ff5f791a21a95ed13bed4cea6906d0
This makes things centralized to reduce maintenance cost and also
enables me to use this methods in Wikibase to handle RC injection
Bug: T185034
Change-Id: Ic8c602e316144ccb5b05c69a0cc607cd53e38912
This PHP extension was deprecated in PHP 5.5 and removed in PHP 7.0.
The newer MySQL driver 'mysqli' is the default driver since MediaWiki
1.22 and 'mysql' was deprecated in MediaWiki 1.30.
Bug: T120333
Change-Id: Icff7a63ab47ae1483de87ba6486945974699362b
This really should have been done a very long time ago.
This adds a maintenance script to migrate rows with ar_text_id null to
modern storage, either the text table or ExternalStore.
Bug: T36925
Change-Id: I5608c6b6d3ecad516b785e13d668427c1b762e41
There's no reason for this to have to live in Maintenance land. It's
generally useful and lets us avoid some random require/include calls
Change-Id: I60419c7f9fc52313905053bbeb3aa81666c9160c
This deprecates the Preferences class and replaces it with
a PreferencesFactory service. Basically, all code from Preferences
is moved into DefaultPreferencesFactory. All Prefereces methods
are now either shims calling DefaultPreferencesFactory or just
throw exceptions.
Bug: T178449
Change-Id: Id0b2db0c2de0890f6e1609a9a0dca207c4600f99
In some languages it's conventional not to insert a thousands
separator in numbers that are four digits long (1000-9999).
Rather than copy-paste the custom code to do this between 13 files,
introduce another option and have the base Language class handle it.
This also fixes an issue in several languages where this logic
previously would not work for negative or fractional numbers.
To implement this, a new option is added to MessagesXx.php files,
`$minimumGroupingDigits = 2;`, with the meaning as defined in
<http://unicode.org/reports/tr35/tr35-numbers.html>. It is a little
roundabout, but it could allow us to migrate the number formatting
(currently all custom code) to some generic library easily.
Bug: T177846
Change-Id: Iedd8de5648cf2de1c94044918626de2f96365d48
Clean up use of @codingStandardsIgnore
- @codingStandardsIgnoreFile -> phpcs:ignoreFile
- @codingStandardsIgnoreLine -> phpcs:ignore
- @codingStandardsIgnoreStart -> phpcs:disable
- @codingStandardsIgnoreEnd -> phpcs:enable
For phpcs:disable always the necessary sniffs are provided.
Some start/end pairs are changed to line ignore
Change-Id: I92ef235849bcc349c69e53504e664a155dd162c8
* Adding new class AbkhazUppercaseCollation, mapped to 'uppercase-ab'.
* Extended CustomUppercaseCollation with support for sorting digraphs
and for alphabets larger than 64 letters (up to 4096).
Bug: T183430
Change-Id: I16d44568e44d7ef5b39c38b1a6257b9fe10a34d4
This allows Revision::getRevisionText to get
a different BlobStore instance when $wiki is passed in
restoring the behaviour for $wiki before the MCR Revision
overhaul patch was merged.
Ia4c20a91e98df0b9b14b138eb4825c55e5200384
Bug: T183634
Bug: T183631
bug: T183583
Change-Id: Ib0949454e9a003c2965adc1aab38e31fcf121afe
This adds support for a PSR-4 (<http://www.php-fig.org/psr/psr-4/>)
autoloader, so instead of needing to manually list each class, just the
namespace prefix is needed.
Extensions can set a "AutoloadNamespaces" property in extension.json to
register PSR-4 compatible namespaces to be autoloaded.
The implementation is based off of the example implementation
(<http://www.php-fig.org/psr/psr-4/examples/>) with some modifications
for performance, notably cutting down on function calls, and only trying
to look up classes that are namespaced.
The generateLocalAutoload.php script will ignore any directory that is
registered as a PSR-4 namespace.
Bug: T99865
Bug: T173799
Change-Id: Id095dde37cbb40aa424fb628bd3c94e684ca2f65
This commit adds a custom collation order for
Northern Sami ('se'). Northern Sami exists in ICU,
but the version of ICU that Wikimedia uses is a
few years old, and does *not* include Northern
Sami. It could be years before Wikimedia's production
servers use the one that includes Northern Sami (see
bug), so this is a temporary workaround to amend this
issue.
Bug: T181503
Change-Id: Ib8a48b8db99bef8ec4b05144aace5dbdcacfeded
Importing revisions in MediaWiki has long been weird: if the username on
the imported revision exists locally it's automatically attributed to
the local user, while if the name does not exist locally we wind up with
revision table rows with rev_user = 0 and rev_user_text being a valid
name that someone might later create. "Global" blocks too create rows
with ipb_by = 0 an ipb_by_text being a valid name.
The upcoming actor table change, as things currently stand, would
regularize that a bit by automatically attributing those imported
revisions to the newly-created user. But that's not necessarily what we
actually want to happen. And it would certainly confuse CentralAuth's
attempt to detect its own global blocks.
Thus, this patch introduces "interwiki" usernames that aren't valid for
local use, of the format "iw>Example".[1] Linker will interpret these
names and generate an appropriate interwiki link in history pages and
the like, as if from wikitext like `[[iw:User:Example]]`.
Imports for non-existant local users (and optionally for existing local
users too) will credit the edit to such an interwiki name. There is also
a new hook, 'ImportHandleUnknownUser', to allow extension such as
CentralAuth to create local users as their edits are imported.
Block will no longer accept usable-but-nonexistent names for 'byText' or
->setBlocker(). CentralAuth's global blocks will be submitted with an
interwiki username (see Ieae5d24f9).
Wikis that have imported edits or CentralAuth global blocks should run
the new maintenance/cleanupUsersWithNoId.php maintenance script. This
isn't done by update.php because (1) it needs an interwiki prefix to use
and (2) the updater can't know whether to pass the `--assign` flag.
[1]: '>' was used instead of the more usual ':' because WMF wikis have
many existing usernames containing colons.
Bug: T9240
Bug: T20209
Bug: T111605
Change-Id: I5401941c06102e8faa813910519d55482dff36cb
Depends-On: Ieae5d24f9098c1977447c50a8d4e2cab58a24d9f
Introduces a FirejailCommand class, which can be used to add additional
restrictions to a command, for increased security. For now, firejail
containment needs to be enabled on a per-command basis.
The following restrictions are implemented:
* NO_ROOT - disallows any root access, including via setuid binaries
* SECCOMP - block dangerous syscalls with seccomp
* PRIVATE_DEV - create a private /dev
* NO_NETWORK - deny all network access
* NO_EXECVE - block the execve syscall
A convenient Shell::RESTRICT_DEFAULT is equivalent to NO_ROOT | SECCOMP
| PRIVATE_DEV, with the expectation that more restrictions may be added
to it in the future.
In addition, specific paths can be whitelisted with
Command::whitelistPaths(). Any file/directory that isn't whitelisted in
that top level directory (e.g. /srv) won't exist inside the firejail.
$wgShellRestrictionMethod can be set to false for no restriction system,
'firejail' to explicitly use it, or 'autodetect' to autodetect whatever
system is available. In the future the default should be changed to
autodetection once firejail is tested more.
Bug: T173370
Change-Id: Id74df0dbba40e1e7c07c4368aacffb6eb06a17c5
This is a first pass at Latin/Cyrillic translitertion for Crimean
Tatar (crh).
Includes transliteration tables, prefix/suffix mappings, regex
mappings, and exceptions lists for words and abbreviations.
Regularize CRH language name in messages/* files.
Fix "varient" typos in qqq.json.
Add unit tests for CRH transliteration.
Bug: T23582
Change-Id: I424703f99adf837f6217872b882d1ea26bfdd068
This provides a narrow view on a user identity, providing access to
ID and name.
This has been extracted from I140f43a6fb443b for re-use with Actors,
on Anomie's request.
Change-Id: Ief00db5ce382537c5bf992159eae6baf096ae4be
Using a real HTML tokenizer fixes bugs when < or > appear in attribute
values. The old implementation used delimiterReplace(), which didn't
handle this case:
> print Sanitizer::stripAllTags( '<p data-foo="a<b>c">Hello</p>' );
c">Hello
We also can't use PHP's built-in strip_tags() because it doesn't handle
<?php and <? correctly:
> print strip_tags('1<span class="<?php">2</span>3');
1
> print strip_tags('1<span class="<?">2</span>3');
1
Bug: T179978
Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e
* Convert to use Maintenance
* Clean up
* I want to use the class name UserOptions for something else
so rename it.
Change-Id: Ic441087702376b1ca0e70554c71cdf7ecad908af
Refactor Installer::locateExecutableInDefaultPaths() into a separate
utility class, ExecutableFinder. This class is already used in plenty of
places outside of the installer, so it's ripe for being extracted.
This class is located in utils/ due to the dependency upon
Shell::command(). Once that no longer has a dependence upon MediaWiki,
this class can be moved to libs/ too.
Change-Id: I175465acc0d64f990445ce05fabcee8b88a0b259
Extensions with custom content models (e.g. ProofreadPage) will extend
EditPage to provide a customized editing experience. However when
another extension like TwoColConflict wants to change just how edit
conflicts look, this causes problems since only one class can take the
place of EditPage.
So instead, split most of the frontend code for edit conflicts into
TextConflictHelper, and call it from edit page. Extensions can override
with the instance created by calling
EditPage::setEditConflictHelperFactory().
And to make that split possible also move EditPage::addNewLineAtEnd()
and ::buildTextboxAttribs() into a separate TextboxBuilder class that
both EditPage and TextConflictHelper can use.
Bug: T176393
Change-Id: Ie415edd84329c02d5762477f8a171fced85b01a2
Blobs in the text table created by MediaWiki <1.5 running on PHP 4 had class
names coerced to lowercase. In order to succcessfully resolve these class
names, the autoloader creates a copy of the autoload class array with
lowercased keys, which is pretty inefficient. So instead, make sure the
auto-generated autoload map contains lowercase variants for these specific
classes.
Bug: T166759
Change-Id: I6d751ef516e936e04c056d70a1ecd17960a39ceb
This allows scheduling of updates that need to start their own
transaction round. Specifically for cases where the ability to
commit early is not enough (which is already possible via LBFactory
getEmptyTransactionTicket and commitAndWaitForReplication).
Change-Id: I0910587b61c8ddf825f91e92c2f93582cc7ebd80
This adds a maintenance script that removes all expired user group
entries from the user_groups table and adds them to the
user_former_groups table.
Bug: T176754
Change-Id: Ie0f4afd3dbecd3af42e89bb99cf03dbe03768d07
Throw DBQueryTimeoutError if a database query error is detected
to be a timeout.
Only DatabaseMysqlBase has been updated here.
This is a subclass of DBQueryError, so existing catch'es will work.
Bug: T175775
Change-Id: I4749dc33ad530d9b22504f02106b1ca49e8eb167
This function has gotten so unwieldy that a helper was
introduced. Instead, here's this class that makes
shelling out easier and more readable.
Example usage:
$result = Shell::command( 'shell command' )
->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] )
->limits( [ 'time' => 300 ] )
->execute();
$exitCode = $result->getExitCode();
$output = $result->getStdout();
This is a minimal change, so lots of stuff remains
unrefactored - I'd rather limit the scope of this commit.
A future improvement could be an ability to get stderr
separately from stdout.
Caveat: execution errors (proc_open is disabled/returned error) now
throw errors instead of returning a status code. wfShellExec() still
emulates this behavior though.
Competing commit: I7dccb2b67a4173a8a89b035e444fbda9102e4d0f
<legoktm> MaxSem: so you should continue working on your patch and I'll
probably refactor on top of it later after its merged :P
Change-Id: I8ac9858b80d7908cf7e7981d7e19d0fc9c2265c0
This works by using the new table introduced with T156318.
The only thing that differs from normal Special:Contribs is we are
showing the IP address next to each entry. This is it how it is
displayed if you request to see newbie contributions:
https://en.wikipedia.org/wiki/Special:Contributions?contribs=newbie
For the time being, Special:DeletedContributions does not support
IP ranges. Various other irrelevant links such as Uploads and Logs
are also hidden.
Refer to P4725 for a way to automate creation of edits by random
IPs in your dev environment.
IP::isValidBlock() has been deprecated with this dependent change:
https://gerrit.wikimedia.org/r/#/c/373165/
Bug: T163562
Change-Id: Ice1bdae3d16cf365da14c6df0e8d91d2b914e064
Allowing slashes in config key names allows us to trivially support the
proposed hierarchical structure with a single EtcdConfig object, by
fetching values with the relevant prefixes on startup.
Bug: T156924
Change-Id: Ica0914e61baba9c0462481925be15d79b66dc342
It's often forgotten because MySQL and Sqlite don't use it, the only
users are PostgreSQL and Oracle. And when used, if inserts to multiple
tables are being done it's easy to get the ordering wrong.
This patch reimplements DatabasePostgres::insertId() in terms of PG's
lastval() function, and adds triggers to the Oracle schema to make it
work the same as the other databases.
Bug: T164900
Change-Id: Ib308190c52673a9266c8495a589ae644f9fbefce
It hasn't been updated properly since 2006 so many fields aren't being
copied to the archive table. Tim suggests it'd be best to just delete it
and, if someone needs the ability to delete or revdel revisions from the
command line, properly abstract out the deletion code instead of
duplicating it.
Change-Id: I400b8ac30b31802e7dd9f6e4d0ec10918eba0183
It adds the ability to replace the current section ID escaping
schema (.C0.DE) with a HTML5-compliant escaping schema that is
displayed as Unicode in many modern browsers.
See the linked bug for discussion of various options that were
considered before the implementation. A few remarks:
* Because Sanitizer::escapeId() is used in a bunch of places without
escaping, I'm deprecating it without altering its behavior.
* The bug described in comments for Parser::guessLegacySectionNameFromWikiText()
is still there in some Edge versions that display mojibake.
Bug: T152540
Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
As a part of creating the kafka-based JobQueue implementation,
we need to transition to the new queue smoothly and be able to
first debug the event production side, then try executing a no-op
job in parallel with each of the real jobs (to be able to check
deduplication and all the jpb management code) and only then
try switching jobs one-by-one to the new backend queue.
In order to achieve that at first we need to temporary produce
both to the old job pipeline and to the new one - thus creating
a queue 'splitter' - it delegates all the methods to the main
queue while the produce requests also go to the EventBus.
This class it temporary, so it's marked deprecated right away.
It will not be needed once the queue transition is over.
Bug: T163380
Change-Id: I483b8f00f1c593ff3af6ba6826868b553339525f
This makes it easier to figure out what values are available and
includes documentation about each field.
This will also allow us to add deprecation warnings for deprecated
properties via __get() in the future.
Change-Id: I4ecc900372546013253256749563aaa203ff8963
The category membership counts stored in the category table have a habit of
drifting away from the actual number of pages in the category. This script
identifies incorrectly-counted categories by performing a SELECT on the
replica DB, then querying master for up-to-date counts and updating the
category rows with those counts.
It's possible that a LinksUpdate job will be in progress while this script
is run. LinksUpdate does categorylinks INSERTs and category UPDATEs in
separate transactions, and our count might occur in between, leading to
category values that are slightly off. But since we are only updating
categories with already incorrect counts, we are not making the situation
any worse than it already was.
The script runs reasonably quickly on all but the very largest wikis.
Bug: T18765
Change-Id: I555f068fbf3aee20a7775d5532781f421f706346
The addition of a pp_sortkey field in T60032 necessitates an update
to old entries in the page_props table that don't have a pp_sortkey.
The script uses the pp_value as the sort key if it's numeric.
The script extends LoggedUpdateMaintenance so it only runs once.
Added the script to MysqlUpdater so that it automatically runs.
Bug: T66949
Change-Id: Id482dc73ec1963010324e51fe9273a72dd31a7f7
Follows-up I2874175647e (7fdc3d09a3).
* Avoid "MediaWiki" in class names. If unavoidable, always camelcase.
* Use a more descriptive name, matching the implementing the class ("Buffering").
* Use "I" prefix for consistency with other MediaWiki-provided interfaces.
(Avoid "Interface" suffix, which is foreign to MediaWiki and is only used
in the StatsdClient namespace, which this interface is not in).
Bug: T166354
Change-Id: I06de59122625f9c23e7c1a1bfa69a7ddabbf379e
Guarded by the $wgUsePigLatinVariant variable, off by default.
Pig Latin is a language game where words in English are altered
according to the following rules:
* Words starting with a vowel have a '-way' suffix appended.
* Words starting with a consonant have the initial consonants (or 'qu'
group) moved to the end and an '-ay' suffix appended.
https://en.wikipedia.org/wiki/Pig_Latin
* Added 'en-x-piglatin' as a language name.
* Added 'en' to LanguageConverter::$languagesWithVariants.
* Added LanguageEn class and its corresponding EnConverter which
provides one-way translation from English to Pig Latin.
* Some minor internal changes in code that assumed that English
doesn't have a language class or converter.
Bug: T45547
Depends-On: I1d9691c784032669979f8109c9a5f65cbf4122c9
Change-Id: I7fa2d85d6364958c5138366e8b4504a2697a8731
includes/resourceloader/ResourceLoaderOOUIModule.php
* New trait centralizing some logic for dealing with OOjs UI themes,
previously duplicated in OutputPage, ResourcesOOUI.php and
ResourceLoaderOOUIImageModule.
* Follow-up change I74362f0fc215b26f1f104ce7bdbbac1e106736ad uses this
as a base to allow skins/extensions to define new OOjs UI themes.
resources/Resources.php
resources/ResourcesOOUI.php
includes/resourceloader/ResourceLoader.php
* OOjs UI resource module definitions are moved back to their rightly
place in Resources.php. They are again (almost) normal and static.
* Theme-specific logic is now handled by the module code, definitions
only specify 'themeScripts'/'themeStyles'/'themeImages'.
* ResourcesOOUI.php is deleted and no longer loaded by ResourceLoader.
includes/resourceloader/ResourceLoaderOOUIFileModule.php
includes/resourceloader/ResourceLoaderOOUIImageModule.php
* Glue code previously existing in ResourcesOOUI.php now lives here.
* Use the ResourceLoaderOOUIModule trait to avoid code duplication.
Change-Id: I39cc2a735d9625c87bf4ede6f5fb0ec441d47dcc
The following changes are added:
- Created MediawikiStatsdDataFactory interface
- Added hasData() method to see if there are any data to send
- Added getData() method to fetch data
- Made service infrastructure use MediawikiStatsdDataFactory interface
- Made wfLogProfilingData() use MediawikiStatsdDataFactory interface
- Added capability to enable/disable buffering collector
Bug: T166354
Change-Id: I2874175647e987996a9a399829b3319674471aaa
This was renamed to be namespaced, but there are still some uses
that justify having an alias, similar to how we did with most
other classes in rdbms that were renamed in 1.29.
Bug: T164896
Change-Id: I36426144491b976322c3c96c08a821300d3b4a46
New abstract class RangeChronologicalPager to provide shared date range
filtering capability (with unit tests)
I18n msgs to use as common labels for date range inputs
Expose some ReverseChronologicalParser::getDateCond logic so we can
convert year/month date filters to datestamp date filters
Bug: T120733
Change-Id: I65fdc00368f406f5fa2492600e95e07ce442c165
This is based on a numeric uppercase collation. Bashkir characters
will be remapped to the private use area for the purpose of sorting.
Bug: T162823
Change-Id: I65f1af0b57ff6ded7d464e39efd401f178a3519e
Revert a58948d64 and instead remove wfShellWikiCmd and escape
shell arguments directly.
This should be fine since mwdoc-filter.php does not depend on per-wiki
state.
Change-Id: Id9c6ca84bab827675b71ca16bf688fd3f5c993a1
eval.php previously set $wgDebugLogFile to /dev/stdout. This had the
following problems:
* It doesn't work if the maintenance script is executed via sudo, since
/dev/stdout is typically owned by the original user, so MW can't open
it. Using php://stdout worked on HHVM but not PHP.
* Setting $wgDebugLogFile has no effect if the wiki uses MonologSpi.
* Setting $wgDebugLogFile has no effect on channels configured with
$wgDebugLogGroups.
* stderr is a more appropriate place to send logging output.
* Writing to configuration variables is discouraged.
So, add ConsoleSpi, which is a very simple logging service provider
which sends all messages to stderr. This should be suitable for
debugging with eval.php or shell.php in WMF production or beta.
Change-Id: Ib0d6ce45e0cbecd58263fc4e360c63d4149acb3a
Introduce a service to represent wfReadOnly() and friends.
It's necessary to have two service instances, one for wfReadOnly() and
one for wfConfiguredReadOnlyReason(), to avoid a circular dependency,
since LoadBalancer needs the configured reason during construction, but
wfReadOnly() needs to query the currently active load balancer.
Not having a cache of the configuration makes it possible to dynamically
change the configuration. Ideally things would not change the
configuration, and I removed such instances in core, but to support
extensions, I added a test ensuring that the configuration can be changed.
Change-Id: I9bbee946c10742526d3423208efd68cb3cc5a7ee
This patch introduces a new special page named AutoblockList.
Its design is reused from Special:BlockList.
Bug: T146414
Change-Id: I811d23c98be749d8df36700b07a295355691af77
Directly redirecting based on a url paramter might potentially
be used in a phishing attack to confuse users.
Bug: T109140
Bug: T122209
Change-Id: I6c604439320fa876719933cc7f3a3ff04fb1a6ad
Generate old RC, Related changes (it was already displayed and working
on 'Related changes' before this change), and Watchlist/etc. and data
for new UI from back-end.
This moves everything used for defining the old (unstructured) and new
(structured) filters into unified objects, ChangesListFilter and
ChangesListFilterGroup (and sub-classes).
This includes the query logic (see below) and logic for adding
CSS attribution classes.
This is a breaking change (for subclasses of ChangesListSpecialpage)
due to the signature (and name) change of buildMainQueryConds and
doMainQuery. An alternative that I don't think is a breaking change
would be to put the filter->DB logic in runMainQueryHook, but then it's
doing more than just running a hook.
This is because it used to only build $conds here, but it's clear from
filterOnUserExperienceLevel filters need more than this. I added all
the DB parameters from the hook, but this could be debated.
I have an checked and fixed the WMF-deployed extensions affected by
this.
Other than that, there should be full back-compat (including legacy
filters not using the new system).
* add hidepatrolled/hideunpatrolled to new UI.
* Move userExpLevel from RC to ChangesListSpecialPage. Although for
now the structured UI only displays on RC anyway, when it displays on
watchlist, it seems we'll want userExpLevel there.
Change this to make 'all' exclude unregistered users.
* Don't have front-end convert none-selected to 'all' on string_options.
* Needs the hideanons/hideliu special redirect to be done before this
is merged (T151873)
Bug: T152754
Bug: T152797
Change-Id: Iec2d82f6a830403d1c948a280efa58992e0cdee7
The TitleValue constructor, used by the link cache among other things,
throws an exception for DB keys which do not satisfy a simple sanity test
(starting or ending with _, or containing a space, tab, CR or LF
character). This has broken certain special pages on a number of WMF sites;
see T99736, T146778 and T155091.
The new cleanupInvalidDbKeys.php script allows these bogus entries to be
removed from the DB, making sure these exceptions won't be thrown in the
future. It cleans the title columns of the page, archive, redirect,
logging, category, protected_titles, recentchanges, watchlist, pagelinks,
templatelinks, and categorylinks tables.
The script doesn't support batching; most wikis should have fewer than 500
broken entries in each table. If need be, the script can be run several
times.
To make the LIKE queries work properly I had to fix the broken escaping
behaviour of Database::buildLike() -- previously it had a habit of double-
escaping things. Now an ESCAPE clause is added to change the escape
character from the problematic default backslash, and tests are added to
cover the changes.
Bug: T155091
Change-Id: I908e795e884e35be91852c0eaf056d6acfda31d8
$wgDummyLanguageCodes is a set and mapping of different language codes:
* Renamed language codes: ['als' => 'gsw', 'bat-smg' => 'sgs',
'be-xold' => 'be-tarask', 'fiu-vro' => 'vro',
'roa-rup' => 'rup', 'zh-classical' => 'lzh',
'zh-min-nan' => 'nan', 'zh-yue' => 'yue'].
The old language codes are deprecated because they are invalid but
should be supported for compatibility reasons for a while.
* Language codes of macro languages, which get mapped to the main
language: ['bh' => 'bho', 'no' => 'nb'].
* Language variants which get mapped to main language:
['simple' => 'en'].
* Internal language codes of the private-use-area which get mapped to
itself: ['qqq' => 'qqq', 'qqx' => 'qqx']
This is a very strange conglomeration which should get differentiated,
and were split up in the following ways:
* Renamed language codes are available from
LanguageCode::getDeprecatedCodeMapping().
* Language codes of macro languages and the variants that are mapped to
the main language are available as $wgExtraLanguageCodes and are set
in DefaultSettings.php.
* Internal language codes are set in $wgDummyLanguageCodes in Setup.php.
Change-Id: If73c74ee87d8235381449cab7dcd9f46b0f23590
Pull in the RemexHtml library, which is an HTML 5 library I recently
created.
RemexCompatMunger mutates the event stream, inserting <mw:p-wrap>
elements where necessary, and occasionally taking even more invasive
action such as reparenting and removing nodes maintained in Serializer's
tree.
RemexCompatFormatter produces a MediaWiki-style serialization which is
relatively compatible with existing parser tests. It also does final
empty element handling, including translating <mw:p-wrap> to <p>
Tests are imported from both Html5Depurate and Subbu's pwrap.js.
Depends-On: I864f31d9afdffdde49bfd39f07a0fb7f4df5c5d9
Change-Id: I900155b7dd199b0ae2a3b9cdb6db5136fc4f35a8
For the ERI beta feature, we want the feature to be
enabled by default for the users who have the ORES
beta feature enabled at the time of the release.
Bug: T159007
Change-Id: Ibf0f9095c7a611a513711badf00f937ac8dc1b63
Based on cleanupRemovedModules.php. Update both to use safer batching,
based on known selection instead of recursing until the table is empty
(which may end up deleting new rows from live traffic).
Bug: T158105
Change-Id: I05f650a0cfa8ca647f143a40e1087338adbef6da
Install the backtrace collector very early, so that we can get the
backtrace even if headers were sent from LocalSettings.php.
Bug: T157392
Change-Id: I9bc732b34481c95afb5362e135a87bd4302498e2
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
This includes renaming fixBug20757.php to fixT22757.php for similar consistency.
Change-Id: If81a590d658fbd82c20c54ac47dfdc8856745ca3
Leave \Blob as an alias. Callers can now use the Rdbms\Blob class
for "extends"/"new" and the Rdbms\IBlob interface for type hints.
Change-Id: I983b76f181ac60c1eb92c350cd27ad77ec90a192
eval.php is meant to eval() commands in MediaWiki global scope. We had
at least a couple attempts to move it to a regular Maintenance script.
As noted on the revert commit b475e930 r54839, using a Maintenance
script drop us in the callee function scope instead of the global scope
which is a hard requirement.
http://psysh.org/ is a Read-Eval-Print-Loop with color highlight, modern
code and more.
Add maintenance/shell.php script as MediaWikiShell class.
Passing command from stdin is supported.
Execution is forked for graceful handling of PHP fatal errors.
Colors!!
Support the undocumented '-d' arguments from eval.php:
0 set $wgDebugLogFile to stdout. Eval.php used /dev/stdout, make it
php://stdout in the new script.
1 additionally set DBO_DEBUG on all the database load balancer servers
PHP globals have to be whitelisted which is not supported out of the box
by Psy. Upon request, the author of PsySh, Justin Hileman, kindly
provided a pass to inject globals (with the exceptions of super
globals). He agreed for code reuse:
https://github.com/bobthecow/psysh/issues/353
The code was added to maintenance/CodeCleanerGlobalsPass.inc
Note that this is not a perfect simulation of global scope (but pretty
close): variables declared in the shell which did not exist before
won't be global unless the 'global' keword is used.
Example usage:
$ php maintenance/shell.php
>>> $wgFullyInitialised
=> true
>>> $hashar = User::newFromName( 'hashar' )
=> User {#274
+mId: null,
+mName: "Hashar",
...
>>> ls --long --all $h
<descriptive output of all object properties/methods>
Bug: T117661
Signed-off-by: Justin Hileman <justin@justinhileman.info>
Signed-off-by: Gergő Tisza <tgr.huwiki@gmail.com>
Change-Id: I3d6d42e138d3cc4a0aaafdd7f5f97cb17d8b8cb3
* Inject global variables in MWLBFactory.php
* Remove incompatible ignoreErrors() override which is only called
from the base classes.
* Remove use of wf* methods.
Change-Id: Idf8202474182cc82fb6ef453e2722e7af17e32aa
All callers are in core and have been updated.
Other callers can now be switched from LoadBalancer type hints to
ILoadBalancer type hints. Once that migration is done, the classes
implementing it can be moved too.
Change-Id: I6b34099b5816dd8bf9646ed39f7a2d1960e2ed06
Previously:
* Engines had to be registered in $wgRCEngines.
* The RCFeedEngine classes took no constructor arguments and
were expected to send whatever text is previously formatted
without any information about it. This generic design was
flexible in allowing one to use any formatter with any engine
with minimal configuration and no need for additional classes.
* Each feed configured their destination by setting a 'uri'
option that encodes the name of the engine in PHP as the uri
scheme. Other uri components had to be used for any other
parameters to the engine (host, port, path). While fairly
limited, it was sufficient for the default engines in core.
Changes:
* Allow feed classes to be directly associated with a feed in $wgRCFeeds
via a new 'class' option - without the indirection of 'uri' and
$wgRCEngines. All options are passed to the given class constructor.
This matches the design used elsewhere in MediaWiki. (ObjectCache,
FileRepo, FileBackend, JobQueue, LBFactory, etc.)
This means we no longer enforce a 1:1 mapping of internet protocols
to a specific feed engine, and it allows settings to be passed
without being encoded as a URI neccecarily.
Main use case for this refactor is EventBus (see I7edc4d57fa),
Interestingly, this matches the (then incorrect) documentation
written for $wgRCFeeds in 2961884b43 (which mentions an 'engine'
property that would do the same thing).
* Move the default 'omit' filters and unrestricted 'formatter' handling
to a new FormattedRCFeed class, which remains the default.
* Deprecate RecentChange::getEngine() in favour of RCFeed::factory().
* Document wgRCEngines as "@since 1.22". Follows 2961884b43, ffc71cb6af.
Change-Id: I8be497c623c5d928762e3d3406a388f4d91add9a
New widget and html form field, which allows selecting multiple
users using convenient single-line input (CapsuleMultiselectWidget)
Bug: T131492
Change-Id: I7b6ffe7fb47e0a7083e2a956156ab0f142444398
This patch adds an ug_expiry column to the user_groups table, a timestamp
giving a date when the user group expires. A new UserGroupMembership class,
based on the Block class, manages entries in this table.
When the expiry date passes, the row in user_groups is ignored, and will
eventually be purged from the DB when UserGroupMembership::insert is next
called. Old, expired user group memberships are not kept; instead, the log
entries are available to find the history of these memberships, similar
to the way it has always worked for blocks and protections.
Anyone getting user group info through the User object will get correct
information. However, code that reads the user_groups table directly will
now need to skip over rows with ug_expiry < wfTimestampNow(). See
UsersPager for an example of how to do this.
NULL is used to represent infinite (no) expiry, rather than a string
'infinity' or similar (except in the API). This allows existing user group
assignments and log entries, which are all infinite in duration, to be
treated the same as new, infinite-length memberships, without special
casing everything.
The whole thing is behind the temporary feature flag
$wgDisableUserGroupExpiry, in accordance with the WMF schema change policy.
The opportunity has been taken to refactor some static user-group-related
functions out of User into UserGroupMembership, and also to add a primary
key (ug_user, ug_group) to the user_groups table.
There are a few breaking changes:
- UserRightsProxy-like objects are now required to have a
getGroupMemberships() function.
- $user->mGroups (on a User object) is no longer present.
- Some protected functions in UsersPager are altered or removed.
- The UsersPagerDoBatchLookups hook (unused in any Wikimedia Git-hosted
extension) has a change of parameter.
Bug: T12493
Depends-On: Ia9616e1e35184fed9058d2d39afbe1038f56d7fa
Depends-On: I86eb1d5619347ce54a5f33a591417742ebe5d6f8
Change-Id: I93c955dc7a970f78e32aa503c01c67da30971d1a
* This fixes keys based on some sort of change log.
Updates are wrapped in a mutex and keep track of the
last known good position.
* Make WANObjectReapUpdate class that cleans up title
related keys using the recentchanges table. This triggers
as a deferred updates on RC view.
Change-Id: I7f14b9ca2533032147e62b1a3cc004a23da86579
Needed for selective updates of pages using a particular feature.
Intended to be run in production, so needs to scale.
Bug: T149723
Change-Id: If20fb1f91de8d4227def5b07d6d52b91161ed3fd
This can handle dropping queued and re-enqueueing abandoned jobs.
Also use the DB cache table to avoid re-enqueuing duplicate jobs
if this has to get used several times for a queue during a week.
Change-Id: Ib56cf57e56f03ce6f1c4b52e3e36f228413c1056
Has a pre-existing problem related to the link offset of secondary
inline results. Specifically the offset of secondary inline starts
at the provided offset, even though there may be primary results
displayed above it.
Bug: T150390
Change-Id: Id1d6b357f45a2cf615d9412cc95dd597c724e8b6
Currently, a user who wants to set a page's language must use the
Special:PageLanguage interface. However, this is not easy for bots and
scripts to use. The addition of action=setpagelanguage to the API makes
this process easier for such users.
Bug: T74958
Change-Id: I42e74ed3bcd0bfa9ec0c344ba67668210450c975
First step in refactoring the search results page. Pulls out widgets
to render our two styles of search result, Full and Simple.
Bug: T150390
Change-Id: If78cb0c29ae394f16e465c15a8e8246c1b56dcea
This has been in Wikibase since 2012, but is not at all
specific to Wikibase, and doesn't even require Wikibase
to be enabled.
Having this in core will make it available to more people
and without the hassle of having to clone Wikibase to
use the script.
Bug: T114577
Change-Id: Ib521a65e616bdc4b81206a084289cb4750f0d1f5
This will allow for checking passwords against the wiki's password
policy from the account creation and password change forms.
Bug: T111303
Change-Id: I0de281483bd83e47d80aa1ea37149d14f2ae5ebd
This makes the code for processing JSON files with
grammar transformations reusable by different languages
and applies the same logic to Russian and Hebrew.
It will be done to other languages in further patches.
This patch is not supposed to change any functionality,
and the tests are intact (except a comment in the test
for Hebrew - the class doesn't exist any longer).
PHP:
* Move the JSON grammar transformation data processing logic
from LanguageRu.php to convertGrammar() in Language.php.
By default all these data files are supposed to be
processed identically, so the code should be common.
If there is no JSON data file, nothing new happens.
* LanguageRu's own convertGrammar() method is removed.
* The LanguageHe class is removed, now that all its functionality
is handled by generic JSON data processing in the Language class.
LanguageHe.php file is removed from the repo and from autoloading.
JavaScript:
* Move the JSON grammar transformation data processing logic
from ru.js to mediawiki.language.js.
* JavaScript grammar code files he.js and ru.js are removed
from the repo and from Resources.php, because all the data
is in JSON, and the default logic in mediawiki.language.js
works for both languages.
Bug: T115217
Change-Id: I5e75467121c3d791bb84f9e6fdfcf07c1840f81a
This allows us to put other requirements more easily into extension
registration, such as skins and/or extensions.
Bug: T117277
Change-Id: I3ec1b28b6af380621585cd61b38e5ebb8be9f9c7
This is useful when IMaintainableDatabase methods are needed
for foreign wiki connections to things like external store.
Also:
* Set visibility for ExternalStoreDB methods.
* Cleaned up various type hints and comments.
Change-Id: Ie35b1ff21032cc4e78912dc499486da23aeba041
We already throw around some exceptions that are localized
(ErrorPageError and its subclasses, MalformedTitleException), but
there's no standard way to recognize them. Let's change that.
Then let's use them in the API to be able to have internationalized
errors when such exceptions are caught, instead of wrapping the
English-language version.
Change-Id: Iac7c90f92a889f8de9dae373547c07b884addaea
API warnings and error messages are currently hard-coded English
strings. This patch changes that.
With a few exceptions, this patch should be compatible with non-updated
extensions:
* The change to ApiBase::$messageMap will blow up anything trying to
mess with it.
* The changes to the 'ApiCheckCanExecute' hook will cause a wrong
(probably unparsed) error message to be emitted for extensions not
already using an ApiMessage. Unless they're currently broken like
Wikibase.
Bug: T37074
Bug: T47843
Depends-On: Ia2b66b57cd4eaddc30b3ffdd7b97d6ca3e02d898
Depends-On: I2e1bb975bb0045476c03ebe6cdec00259bae22ec
Depends-On: I53987bf87c48f6c00deec17a8e957d24fcc3eaa6
Depends-On: Ibf93a459eb62d30f7c70d20e91ec9faeb80d10ed
Depends-On: I3cf889811f44a15935e454dd42f081164d4a098c
Depends-On: Ieae527de86735ddcba34724730e8730fb277b99b
Depends-On: I535344c29d51521147c2a26c341dae38cec3e931
Change-Id: Iae0e2ce3bd42dd4776a9779664086119ac188412
