Why:
* Maintenance scripts in core have bolierplate code that is
added before and after the class to allow directly running
the maintenance script.
* Running the maintenance script directly has been deprecated
since 1.40, so this boilerplate code is only to support a now
deprecated method of running maintenance scripts.
* This code cannot also be marked as covered, due to PHPUnit
not recognising code coverage for files.
* Therefore, it is best to ignore this boilerplate code in code
coverage reports as it cannot be marked as covered and also
is for deprecated code.
What:
* Wrap the boilerplate code (requiring Maintenance.php and then
later defining the maintenance script class and running if the
maintenance script was called directly) with @codeCoverageIgnore
comments.
* Some files use a different boilerplate code, however, these
should also be marked as ignored for coverage for the same
reason that coverage is not properly reported for files.
Bug: T371167
Change-Id: I32f5c6362dfb354149a48ce9c28da9a7fc494f7c
Deprecated since Iaf7bd2986b7f4185923969899d61878e5ee5905b
and no longer it seems used in Wikimedia codebase or gadgets in
Wikidata or Wikimedia Commons, there was one userscript
in English Wikipedia (not a gadget and was in User: namespace),
which I notified them they can just use Vue module.
Change-Id: I0a45d97866519765be5c3bdff9c0a20b003f78ae
Add a new hook that can be used to prevent authentication just
before AuthManager takes the main action (writing the session
for login, creating the local user account for account creation).
The driving use case is a wiki which supports both a local and
a central (wiki-farm-level) login or signup flow - various
security options (such as 2FA) are needed during local login
but unnecessary during central login (which will have those
security features centrally), so we need to skip much of the
security when the user is taking the central route, and a bug
in how that's done could result in circumvention of security
features during local login. The hook makes it easy to inspect
and potentially interrupt login near the end, when we know for
sure what route it took. (Specifically, we know which primary
provider was used. The hook doesn't expose other details,
such as the list of preauth or secondary provders that were
invoked, because they were not needed for the immediate use
case, but they are easy to add in the future.)
The hook is called after the secondary providers for login
and before them for account creation, since secondaries can
interrupt login but cannot interrupt account creation.
A shortcoming is that since the hook is called after a primary
provider succeeded, it cannot prevent the primary provider from
doing work, ie. it cannot prevent creation of the remote account
during account creation (although it will prevent the creation
of the local account). This is not great but acceptable, since
creating a new account isn't very security-sensitive.
This also means the hook would not be useful during account
linking, as AuthManager does not do anything there, all the work
happens in the primary provider. This is even less great but
few authentication extensions implement account linking.
The hook is not called for authentication happening via
CreatedAccountAuthenticationRequest, which is a weird internal
hack hook handlers should not have to know about.
Also rename a confusingly named variable.
Change-Id: I835b2fe2f43e6e81f23348165cbb9c93832e6583
Allow disabling authentication providers. This allows for
extensions to replace core providers with their own.
This is using the $wgAuthManagerAutoConfig keys instead of
AuthenticationProvider::getUniqueId() as the keys to filter.
This makes it more useful for site administrators, and also
it's probably the better known of the two identifiers so
more intuitive.
No effort is made to prevent the hook from filtering
differently in different steps of the same authentication
process.
Bug: T369180
Change-Id: If5435b54a4fc08f685c04fc10eb44c6d72cd78fa
The refactorings in I45951a49e57a8031887ee6e4546335141d231c18 replaced
calls to ParserOutput::getText() with direct invocations of the pipeline,
including in OutputPage::getParserOutputText(). However, the direct
invocation skipped the implicit initialization of the options array
previously done in ParserOutput::getText(). Ensure that the options
array gets appropriate default values; in particular 'isParsoidContent'
is expected to always be set.
Bug: T293512
Bug: T373405
Change-Id: Ib8d540b4221f7c00f6047706c4e3bfd88a2cb8cc
Adds `word-break: break-word;` to headings styles.
Without this rule, headings don't break onto multiple lines,
which they did when using `overflow: hidden` previously.
Bug: T371654
Change-Id: I034d4ec7cdea2abb415e78d627cdb3340512746e
This environment variable is already checked in TestSetup.php for
PHPUnit runs by Quibble, when the job is running for a patch to
the mediawiki/vendor repository.
Right now, Quibble sets this var, but then has to separately pass
`--skip-external-dependencies` to update.php as well.
Remove the need for that by supporting the same environment variable
so that Quibble can set it once for that run, and naturally applies
by any commands where it makes sense.
Bug: T370380
Change-Id: Iad7c8d4be9e81af0a0de11019a98804b232efa8b
Make the description of Action::requiresWrite() better align with
Action::doneWrites(). These methods should be combined at some point.
Further discourage system state dependencies in ApiBase::isWriteMode().
Change-Id: I5ee18c8c15f6f360d01d63ee6e7299babb5bdea7
Why:
* The fixDefaultJsonContentPages.php maintenance script was added
in 2986d47c90 which was MW 1.27
* Per the version policy, wikis wishing to upgrade to MW 1.43
should upgrade via 1.35 or 1.39 before moving to 1.43.
* As such, this script will have been already run for any wiki
upgrading to 1.43 and therefore this script is unused.
* Removing the script is useful to reduce the amount of untested
code in the maintenance directory and reducing unnecessary
maintenance on now unused code.
What:
* Remove fixDefaultJsonContentPages.php
Bug: T373335
Change-Id: Ie20f55c6a8723573aa7e9acd67766af9dfb67269
Why:
* The populatePPSortKey.php maintenance script was added in
993ce4d411 which was in at
least MW 1.34.
* Per the version policy, wikis wishing to upgrade to MW 1.43
should upgrade via 1.35 or 1.39 before moving to 1.43.
* As such, this script will have been already run for any wiki
upgrading to 1.43 and therefore this script is unused.
* Removing the script is useful to reduce the amount of untested
code in the maintenance directory and reducing unnecessary
maintenance on now unused code.
What:
* Remove populatePPSortKey.php
Bug: T373334
Change-Id: Iaa86bb193bf8feae9f5e2fe33255182e864d2e4f
Why:
* The populateBacklinkNamespace.php maintenance script was
added to update.php in MW 1.24 in
b8c038f678
* Per the version policy, wikis wishing to upgrade to MW 1.43
should upgrade via 1.35 or 1.39 before moving to 1.43.
* As such, this script will have been already run for any wiki
upgrading to 1.43 and therefore this script is unused.
* Removing the script is useful to reduce the amount of untested
code in the maintenance directory and reducing unnecessary
maintenance on now unused code.
What:
* Remove populateBacklinkNamespace.php
Bug: T373333
Change-Id: Ia70fdd5c5ae087d7f5bdf4499185701bbb106c1f
Why:
* The addRFCandPMIDInterwiki.php maintenance script last had
it's update key modified in MW 1.23 in commit
bd38435848.
* Per the version policy, wikis wishing to upgrade to MW 1.43
should upgrade via 1.35 or 1.39 before moving to 1.43.
* As such, this script will have been already run for any wiki
upgrading to 1.43 and therefore this script is unused.
* Removing the script is useful to reduce the amount of untested
code in the maintenance directory and reducing unnecessary
maintenance on now unused code.
What:
* Remove addRFCandPMIDInterwiki.php
Bug: T373331
Change-Id: Ie6791c0cc2cfab5e09aa0b1c7ddcea1099cd1f79
