When this was originally written, the plan was to read both the old and
new fields during the transition period, while stopping writes to them
midway through. It turns out that the WHERE conditions to do read-both
correctly are generally not handled well by the database and working
around that would require a lot of complicated code (see what's being
removed from ApiQueryUserContribs here, for example).
We can simplify things greatly by instead having it write both fields
during the transition period, reading from the old for the first part
and the new for the second part, as is being done for MCR.
Bug: T204669
Change-Id: I4764c1c7883dc1003cb12729455c8107319f70b1
Depends-On: I845f6ae462f2539ebd35cbb5f2ca8b5714e2c1fb
Depends-On: I88b31b977543fdbdf69f8c1158e77e448df94e11
Add wfDeprecated for User::checkPassword(), User::setPassword(),
User::setInternalPassword() and User::checkTemporaryPassword().
With AuthManager mediating between the caller and a set of
authentication providers in a potentially multi-step process,
a password check or change now cannot always be expressed
with a single-step succed-or-fail process. Callers should use
AuthManager::beginAuthentication() with a PasswordAuthenticationRequest
for password checks, and AuthManager::changeAuthenticationData()
for a password change.
Bug: T91699
Change-Id: Ib0ae8f1ff10ae6c2655d529db8b3a32e0cb489b0
None of the current translations use of "&", "{" or "[", which
presumably means they don't require tranformation. I'd also
very much prefer such dynamic constructs not be added into
this system which would make it rather unpredictable given these
reserved usernames shouldn't change from time to time.
The only match for the below command is qqq.json,
> $ git grep -E '"(double-redirect-fixer|usermessage-editor|\
> proxyblocker|sorbs|spambot.username|autochange-username)"\
> ' | grep -E '[{&[]'
This code was originally introduced with r37928 (5ad5cb4f0a),
which used wfMsgForContent() and made no explicit mention of
transformation, it just happened to be the default. Later, when
that function was deprecated, it got batch-replaced by
->inContentLanguage()->text().
Bug: T189966
Change-Id: Ia4ddf215e83f15de552f8311b9e737559c72b49a
This hook is created specifically for I379e17c.
The purpose of this hook is to override UserGetRights hook and ensure
that the removed rights will not be reinserted by the other callbacks.
Change-Id: Id31b1f25f2eda012bd811f4b96aac525bc3251c4
Added spaces around .
Removed empty return statement which are not required
Removed return after phpunit markTestIncomplete,
which is throwing to exit the test, no need for a return
Change-Id: I2c80b965ee52ba09949e70ea9e7adfc58a1d89ce
Take the user_id variable out of the exception message.
To compensate and still allow one to correlate patterns relating
to a specific user (e.g. a bot), add a warning message that
still contains the variable via context. This way that warning
will also be normalised/grouped, but with the extra context.
This is separate because exceptions do not currently support
context placeholders.
Bug: T202149
Change-Id: Ic0c25f66f23fdc65821da12f949c6224bc03f9b3
To limit the likelihood of incidents like T189665, the ability to
edit sitewide CSS/JSON/JS is split out from editinterface, into
separate 'editsitecss', 'editsitejson' and 'editsitejs' rights.
editsitecss, editsitejs, and the right to edit another (potentially
more privileged) user's personal CSS/JS is removed from sysops, and
a new user group, interface-admin, is created specifically for that
task (along with a new grant group 'editsiteconfig').
interface-admin is granted to the first user of a new wiki, along with
sysop and bureaucrat.
Bug: T120886
Bug: T190015
Depends-On: Ia9b2ea1450aff6121dc0f3777bf029292c8aaad9
Change-Id: Ifefd872640642441e26f8b2f144ffe4b88d2eb12
This normalizes handling of transformations on the boundaries between
preferences and generic form controls and removes the special case
where email-blacklist is passed around as an array internally, leaking
into the API.
As a result of this normalization, meta=userinfo no longer returns an
array of users, using the internal representation like action=options.
Bug: T198935
Change-Id: Iff63da0d215585cfcf083e7f7ec8ed45d5b77301
This change replaces deprecated language codes in the user options by
the new language codes when loading the user setting from database.
The database entry for the user gets updated with the new language code
when the user saves the preferences.
Bug: T131042
Change-Id: I1dd6fb1f240ce3319b132d0f29f0622fba33e655
This introduces PageUpdater to replace WikiPage::doEditContent,
and DerivedPageDataUpdater, to replace WikiPage::doEditUpdates
and WikiPage::prepareContentForEdit.
See docs/pageupdater.txt for a description of their
functionality.
MCR migration notes:
* The interface of PageUpdater is expected to
remain mostly stable after this patch. Code that has been using
WikiPage::doEditContent can be confidently migrated to using the
new mechanism for revision creation.
* This patch keeps the code inside PageUpdater largely aligned
with the old code in WikiPage, to make review easier to to avoid
mistakes. It is intended to be refactored further, moving
application logic into stateless services.
* DerivedPageDataUpdate is intended as a stepping stone for further
refactoring. Its behavior is designed to be compatible with
callback code that currently relies on
WikiPage::prepareContentForEdit. Much of the code that currently
lives in DerivedPageDataUpdate should be factored out into
services, all behavior relevant to calling code should be exposed
via narrow interfaces.
Bug: T174038
Bug: T196653
Change-Id: If610c68f4912e89af616cdcac1d35a1be3946afa
Find: /isset\(\s*([^()]+?)\s*\)\s*\?\s*\1\s*:\s*/
Replace with: '\1 ?? '
(Everywhere except includes/PHPVersionCheck.php)
(Then, manually fix some line length and indentation issues)
Then manually reviewed the replacements for cases where confusing
operator precedence would result in incorrect results
(fixing those in I478db046a1cc162c6767003ce45c9b56270f3372).
Change-Id: I33b421c8cb11cdd4ce896488c9ff5313f03a38cf
A cookie will be set when ip users try to edit and their IP has been
blocked or if they try to create an account and the block prevents
account creation
This feature is disabled by default and can be enabled by
setting the new $wgCookieSetOnIpBlock config variable to true.
Note: this is meant to discourage vandals that try to avoid blocks by
switching their ip address while editing anonymously.
Bug: T152462
Change-Id: I0b78a5e174bcd882edea39e868a08f9a347f5aba
The block reasons for "system" blocks shouldn't expand wikitext
templates immediately. That should be left for the code parsing the
block reason for display.
This should only affect how these blocks are reported to API clients, as
when the block is displayed in the web UI it's passed through the parser
anyway. The main drawback, as far as the default messages go, is that
MediaWiki:sorbsreason won't have {{SITENAME}} expanded in
the API response anymore.
Bug: T191939
Change-Id: Ib2024721ea0e26358b9b50efdac16316d6d0f0b6
I noticed it while fixing some AbuseFilter errors. matchEditToken simply
calls getEditTokenObject, which accepts string|array as $salt.
Change-Id: I36497eb8797ee60759c5109b699643635bba9174
It isn't used anymore anywhere, according to a code search on github.
Depends-On: I56291c6a5b6c2bb359c6633748a68f4964d71923
Change-Id: I4b3f7b7bdf9bd0dbc8225bbcfb2da23016ae6bb3
According to a github search they're not used anywhere anymore and
already deprecated since 1.27:
::getEditTokenTimestamp
::getPasswordFactory
::passwordChangeInputAttribs
Change-Id: I904e46e7343baee28dc960f8fd5437ae9d17fc4b
Also recognise MediaWiki: JSON pages (with the existing protection of
the editinterface right).
Bug: T76554
Change-Id: Idba166d82ee6dd507d7345c9bdbefc8ca78ed7b4
If a block is deleted and ->clearInstanceCache() is called to try to
make an existing User object reflect that fact, some methods are still
reflecting the old block.
To fix this, User::getBlockedStatus() needs to clear all the relevant
instance variables if the user is found not to be blocked.
Change-Id: I6ad8d5555a4c8519336aded3067e5034831dadf3
This fixes a database time out issue where User::idFromName()
is repeatedly called from Special:Import due to the user not existing.
The response is cached as null, but isset() will return false on a null key.
Bug: T189786
Change-Id: I78705089a25dfec84d3c75bedaf623b1e5ee82c4
These lines were removed in 27c61fb1 but left in when I rebased
61b0c193 due to the conflict. The load() call handles all these
fields, so there is no need to set mName and the load state flag.
Change-Id: Id751241abf8d5592309744e96493122c6bc65f2b
The User::newFromName() case already does this, there seems to be no
reason not to do it for User::newFromId() too.
Bug: T188014
Change-Id: Ic7fdef0cc1f5750cb5e6b2a7f48f1549862b41cb
When the new User is created, it's leaving it to be lazy-loaded from a
replica. That seems to be causing attempts to add groups immediately
after creation to fail because the load-from-replica doesn't find the
just-created master row.
Bug: T188014
Change-Id: I841c434086bfaaca1cf1ce23673f32dc5a77915d
Storing the user name or IP in every row in large tables like revision
and logging takes up space and makes operations on these tables slower.
This patch begins the process of moving those into one "actor" table
which other tables can reference with a single integer field.
A subsequent patch will remove the old columns.
Bug: T167246
Depends-On: I9293fd6e0f958d87e52965de925046f1bb8f8a50
Change-Id: I8d825eb02c69cc66d90bd41325133fd3f99f0226
