* Switch out raw Exceptions, mostly for InvalidArgumentExceptions.
* Fake exceptions triggered to give Monolog a backtrace are for
some reason "traditionally" RuntimeExceptions, instead, so we
continue to use that pattern in remaining locations.
* Just entirely give up on PostgresResultWrapper's resource vs. object mess.
* Drop now-unneeded false positive hits.
Change-Id: Id183ab60994cd9c6dc80401d4ce4de0ddf2b3da0
Add a user preference to allow the user to enable or disable
EditRecovery.
Set the default as disabled.
Bug: T350653
Change-Id: Ibbb59eb84f1dd0b40f9576e048f2ac76044f9014
Why:
Sometimes, it is necessary to have different behavior
for newly registered and existing users. For example,
this happens in the Echo or GrowthExperiments extensions.
As of now, this behavior is implemented by inserting
user_properties rows in onLocalUserCreated.
Over time, this results in a singificant amount of rows
inserted, which contributes to the user_properties table bloat,
which is already overly large (cf. T54777). This patch makes it
possible to remove such rows by supporting conditional defaults
for user properties.
What:
Add support for conditional defaults of user properties. This can be
configured via `ConditionalUserOptions` config option.
Bug: T321527
Change-Id: I1549c3137e66801c85e03e46427e27da333d68e2
There are a couple of user options related classes already,
and the T321527 work on dynamic defaults is going to add
even more. Let's move them into a separate namespace
to make core a bit more organized.
Old name is kept as an alias for compatibility purposes.
Bug: T321527
Bug: T352284
Change-Id: I9822eb1553870b876d0b8a927e4e86c27d83bd52
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
This should make the output slightly more human-readable (mainly by
having actual booleans instead of empty strings).
Change-Id: Ia77064156b5e50ea9953dfdbca2cf6302c480421
* Add an API-only user preference for diff type
* Retain query parameter stickiness but fix it so that the diff-type
from user preferences does not leak into the query string. So the
no-JS control continues to work. If a no-JS user has the inline
preference set, respect it on the initial load, but add an explicit
diff-type=table to the query string of the table link so that the
preference can be overridden.
* Get the diff type from the initial state of the no-JS button. Infuse
the widget to access the active property using the OOUI public API.
* For a logged-in user, when the JS toggle is clicked, fetch the new
diff body and update the user preference.
* For an anonymous user, when the JS toggle is clicked, update the
prev/next links to include the correct diff-type query parameter.
Bug: T336713
Change-Id: Ie409d79ac8222dfa6ec8fd170b76be088be80b3a
Use method in the class of respective fields to generate preferences keys, don't bother to handle every type of field.
Not only for the follow-up changes in the relation chain, but can also make use of any possible customized fields easier.
Bug: T224701
Change-Id: I5ea2f350c373673f5dba7720bbdcb76960d7c121
The $list parameter to the various *list() methods is not escaped by
these methods, so any taintedness in the argument is preserved by the
method and kept in the return value. taint-check has troubles figuring
this out on its own due to T274780, so annotate the parameters.
Note: once this is merged, taint-check could start failing on some
repos. Any errors would have a decent chance of being true positives.
Bug: T253879
Change-Id: I6cf56aca9760370cbeae19879e6b170b1cbd273f
The items in the list $watchTypes are checked with User::isAllowed,
no need to do that before adding to the list.
Except the watchcreations, where more userrights are checked.
Move delete action to the end of the list
Change-Id: Ic0db2708f845bed7d83d720c1ce4a00ee40b63b3
* Illegal string offset and invalid argument supplied to foreach, due to incorrect type information
* Array internal pointer reset is unnecessary
* $hookData unused since MW 1.35 due to incomplete revert
* array_push() with single element
* Unnecessary sprintf()
* for loop can be replaced with str_repeat()
* preg_replace() can be replaced with rtrim()
* array_values() call is redundant
* Unnecessary cast to string
* Unnecessary ternary. Often the result relies on short-circuit evaluation, but I find it more readable nonetheless.
Change-Id: I4c45bdb59b51b243fa96286bec8b58deb097d707
* ForkController, OrderedStreamingForkController: indeed pcntl_fork()
can't return false.
* RL\Image: Specify type instead of using suppression, since the issue
name changes.
* VueComponentParser: Accept complaint about nullable nodeValue.
* Disable PHP 8.0 polyfill stubs when running on PHP 8.0+ to avoid
duplicate interface errors.
* Add Socket stub and use it in LegacyHandler instead of multiple
existing suppressions.
* MemcachedPeclBagOStuff: accept complaint recommending !$result over
$result === false when the type is boolean.
* MemcachedPeclBagOStuff: fix probable bug, ignoring errors from
Memcached::getMulti(). Phan noticed that $res=false was unreachable,
but it should probably be reachable.
* DatabaseMysqli: accept complaint that $this->conn->errno is already
known to be an int. It was probably a hack for some previous version
of Phan.
* BcryptPassword, MWOldPassword, MWSaltedPassword: accept complaint that
the !is_string() checks are unnecessary, after code review of PHP.
* Pbkdf2PasswordUsingHashExtension: note that contrary to Phan's
suggestion, this check is necessary.
* DefaultPreferencesFactory: remove an existing hack for
array_diff_key(), no longer necessary on 7.4 and causes an error on
8.1. Use coalesce instead of cast for the remaining
array_intersect_key() hack since it better shows that we are casting
away null.
* FullSearchResultWidget: fix likely bug involving strict comparison
between a float and an int.
* SpecialWatchlist: accept complaint that $selectedHours is
unconditionally a float, being the return value of round(), and thus
the cast is unnecessary.
* Add stub for AllowDynamicProperties, resolving an error in User.php.
* Xml: accept complaint that $encMonth is already known to be an int.
Six errors remain. These need suppressions or otherwise conflict with
PHP 7.4 support.
Bug: T322278
Change-Id: Ie375bbc8ccf22330b9a169e8da98f2bbe26ec8b9
The GlobalPreferences extension are using types for the denylist and
classes for the allowlist, while every derivative class of HTMLFormField
defined in the core have a valid type registered.
So, we should use type instead of class here, which all the other fields
did.
Bug: T320238
Change-Id: I1cc59eaf6ed8ac1505eb79c6ecfc7f137c8e17a8
As described on the task, floor() returns the closest integer to the
left, and so it's not the right choice in this case for negative
offsets.
Put the logic in a static method of the UserTimeCorrection class so that
it can be reused elsewhere without making the previous mistake, and add
tests for it.
Also update a comment in UserTimeCorrection, as a follow-up to
I99a00dff7e3319ce45883191daee16bec1ed68ba.
Bug: T318455
Change-Id: I9acc8fa278d5a58a1d56c28c9e8b3f9093f8add9
This patch introduces HTMLTimezoneField, an HTMLForm field type that
allows the user to select a timezone, either from a geographic zone, by
manually entering an offset, or using the wiki/browser default. This
logic is extracted from DefaultPreferencesFactory so that it can be
reused elsewhere.
The widget itself is really just an HTMLSelectOrOtherField, it's just
the list of options and the JS logic that is special.
Bug: T309629
Change-Id: I99a00dff7e3319ce45883191daee16bec1ed68ba
Callbacks for validation-callback definitions are given the submitted
field value, which was documented as being string or array, but
actually can include int, null, etc.
This fixes the docblock, and also updates
DefaultPreferencesFactory::validateSignature() which was assuming
a string and not expecting null. (This didn't matter before PHP 8.1.)
Bug: T318307
Change-Id: Ia9096d610bf377334bbeab9021a8ade9be62edd5
This patch simplifies and fixes a few issues in code related to the
'timecorrection' user setting:
- Always re-apply UserTimeCorrection normalization to the preference
value, although it should be already normalized
- Avoid duplicating code from UserTimeCorrection, both for the
pipe-splitting and the offset computation/fallback
- Use better variable names
- Inject an ITextFormatter for generating the dropdown options, instead
of a ContextSource (ew) or a Language, removing calls to wfMessage as
well. Note that the ITextFormatter is not injected into the
preferences factory because the eventual goal is to move the code to a
new HTMLFormField class.
- In TimezoneFilter, remove a redundant check: the value comes from the
form, and the option for using the system time is always "System|XXX",
never just "System". This seems to have been introduced in
I2cadac00e46dff2bc7d81ac2f294ea2ae4e72f47; the previous code was only
comparing $data[0], and not $tz. Change the test accordingly and add a
test case.
- Add missing star to docblocks in UserTimeCorrection, as well as a
missing int cast.
- Fix typo and other style issues in UserTimeCorrectionTest
- Bonus: add missing docblock star in HTMLApiField
Bug: T309629
Change-Id: Iab35eb17259826429e4b6bc1ba7385ab57884e98
Vector-2022 skin requires that a link to the desktop improvements page
is shown next to the "Preview" link in the skin preferences options.
This allows the ability for other skins to add a link as well.
Bug: T307113
Change-Id: I4e944504f013344661d0c6f05896a4fc1fe8f4b4
* Move the reset preferences link from the bottom of the preferences
form to the "basic information" section.
* Change the link from "destructive" red to default styling, since the
action requires confirmation so there is no reason to make the user be
afraid of clicking it by accident.
* Add a checkbox to the /reset form, for triple confirmation.
* Add a cancel button to the /reset form, to take the user back to
safety.
* Allow checkboxes to be "required" by fixing a detail in
HTMLFormField::validate(). The UI is not pretty, but it works.
Bug: T226325
Change-Id: I116d5275ba1a5beaaa44b32b8eff5824e94b437a
