If anyone wants such a thing, they can make their own extension.
I asked stewards, and they said they don't use this.
See also T32636 / 9de2bfd1fe
Bug: T150930
Change-Id: I3ab5962dba668e5d628e55ad0c0feae471d82b5e
MediaWikiTestCase::restoreLogger has been rename to plural form.
Cause:
Trying to @cover or @use not existing method
"MediaWikiTestCase::restoreLogger".
Change-Id: I4625f18992f62046e65c60ceca67d9aec170ccdc
This also fixed the testLoggersAreRestoredOnTearDown
test which was broken, and factors it out into
3 seperate tests
Bug: T151081
Change-Id: I00d29b501fa84db22e3bcd3d5642c49b2e99d4a0
Adds support for the 'autocomplete' HTML attribute to HTMLTextField
(mainly for turning it off, but other values are supported as well).
Renames 'autocomplete' to 'autocomplete-data' (with temporary B/C)
in HTMLAutoCompleteSelectField to make space.
Change-Id: Ic0539d5a61d9862e670d10686adc1e41f65d908e
It's not explicitly supported anywhere, but I don't see a point in explicitly
disallowing it. Add unit tests to verify that this works.
Bug: T28804
Change-Id: I876ac43885bb27da54ef6e59b6416868ff636b84
* The styles queue has always been top-only
(except for a few months in 2015).
* The top queue loads asynchronous since mid-2015. (T107399)
And LocalStorage eval, previously the last remaining non-async part
of module loading, is also async as of October 2016. (T142129)
* This change merges the bottom 'mw.loader.load()' queue with the top queue.
It also moves any other snippets potentially in the bottom queue still:
- embed: I couldn't find any private modules with position=bottom
(doesn't make sense due to their blocking nature). If any do exist,
(third-party extensions?), they'll now be embedded in the <head>.
- scripts: Any legacy 'only=scripts' requests will now initiate
from the <head>.
Bug: T109837
Change-Id: I6c21e3e47c23df33a04c42ce94bd4c1964599c7f
Send a cookie with blocks that have autoblock turned on so that
the user will be identified to MediaWiki and any IP they try
to edit anonymously from will be blocked, even without logging
in to the originally blocked account. Additionally, the block
info is stored in local storage as well as an even stronger
deterrence.
Note: this is meant to deter normal vandals, i.e., not attackers
who know what cookies and local storage are and will be actively
removing the cookie.
This feature is disabled by default, and can be enabled with the
new $wgCookieSetOnAutoblock configuration variable (by setting
it to true);
The cookie will expire at the same time as the block or after
$wgCookieExpiration (whichever is sooner).
Bug: T5233
Bug: T147610
Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
The `type` log event attribute is used in Wikimedia production logging
to categorize log events by source (e.g. 'mediawiki', 'restbase', etc).
Adding a `type` key to the logging context overwrites the default value
of 'mediawiki'. Rename the key to `throttle` in the context and the
message template.
Change-Id: Ic274159774e43a8749f83c850fff7897956cf377
This is a direct follow up to my comments in Ia6ec10d.
Relevant for T146416 are the two messages I added. They explain why these
assertions are duplicated.
assertEquals behaves bogus when used with strings, especially when used
with formatters and parsers, which is the case here. For example,
assertEquals( '9a', 9 ) succeeds. assertEquals is useful when comparing
objects.
Bug: T146416
Change-Id: Ie8df41b3ce6678f3add55bab6701b56b66447a2e
Assert that they don't begin with 'api.php?'.
Change-Id: Idf5e8e08863a379a37a427a11936e5f9ce567396
Depends-On: I8a82eecefbb0ba327d8e8bc24ec535bcf40e6429
Depends-On: I476aad09655a2822381a2c61690b4b0ad423151e
Message::__toString() used the same formatting mode that the last
explicit transformation used:
$msg = new Message( 'foo' );
echo $msg; // escaped
echo $msg->plain();
echo $msg; // not escaped
This is not particularly useful and makes code review hard, so let's
get rid of it.
The same behavior with $msg->toString() is left intact (and logged)
for now.
Bug: T146416
Change-Id: Ia9b2a1dcf09d52348b2c6d8299fd849b809f6e74
Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.
Also update some defect links.
Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
In order for an extension to add data to ApiQueryWatchlist, we need to
provide a way to allow it to manipulate the database query made by
WatchedItemQueryService. We also need some hooks in ApiQueryWatchlist to
handle the marshalling of data to and from WatchedItemQueryService.
To better handle hooking, this also moves some of the continuation logic
from ApiQueryWatchlist to WatchedItemQueryService.
Bug: T147939
Change-Id: Ie45376980f92da964a579887b28175c00fd8f57e
The check for file existence before checking its MIME type was
building the path incorrectly, causing this piece of code to always
think the file does not exist. (The code to actually embed the file
was correct.)
This was not caught by the tests before of a bug in the test code,
which cancelled out this one.
Bug: T100958
Change-Id: I4469079f41d48052d0a02f98bb1ed02407abd54c
This fixes the outstanding mis-spaced cast operators to bring them
into line with the coding standards on mediawiki.org (and with the
more common usage within this codebase).
Bug: T149545
Change-Id: Ib7bcf95bbee83d20c05f6d621ce7b4e1fb58a347
Inkscape mangles namespace definitions created by Adobe Illustrator
(apparently it can't parse custom entities or something, maybe just
in 'xmlns' attributes). These files are still valid SVG, and not
a security issue (although Illustrator probably won't like them),
so it's okay to allow them.
Added tests with some example files.
* buggynamespace-original.svg
File generated by Illustrator (edited by hand to reduce filesize).
Based on <https://commons.wikimedia.org/w/?curid=16495597>.
* buggynamespace-okay.svg
The original file, opened and saved in Inkscape (no other changes).
* buggynamespace-okay2.svg
The original file, opened and saved in Inkscape twice.
* buggynamespace-bad.svg
The original file, edited by hand to remove custom entities.
This is not valid XML and should be rejected (although it's valid
when parsed as HTML, and some image viewers might display it).
* buggynamespace-evilhtml.svg
An SVG file using an entity declared namespace for a namespace
we want to ban. Based on buggynamespace-original.svg.
Bug: T144827
Change-Id: I0eb9766cab86a58d729f10033c64f57d2076d917
For extension registry, add array_replace_recursive merge strategy,
as some extensions/configuration may prefer that to array_merge_recursive.
In some cases, configuration is merged from multiple extensions,
such as JsonConfig's $wgJsonConfigs configuration: ZeroBanner defines
"JsonZeroConfig": {
"namespace": 480,
"nsName": "Zero",
"isLocal": false,
"cacheKey": "1"
}
and mobile.php overrides it with
$wgJsonConfigs['JsonZeroConfig']['isLocal'] = false;
$wgJsonConfigs['JsonZeroConfig']['remote'] = [
'url' => 'https://zero.wikimedia.org/w/api.php',
'username' => $wmgZeroPortalApiUserName,
'password' => $wmgZeroPortalApiPassword,
];
Having identical value 'isLocal' would be converted into an array
if array_merge_recursive is used, but the replace strategy fixes it.
Change-Id: Ica6ddd0ae76f23e60de9b6235c6e2a3f2754a95d
Because the process cache can be lagged by virtue of blind TTL,
the HOLDOFF_TTL might not be enough to account for it, so avoid
using it when already inside a callback.
Also split of the tests from the MediaWiki test class, so this
does not require DB access anymore.
Change-Id: I743a1233a5efc7f036fad140a9ff8a30b32f8f27
This is one of the top three DB queries showing up in xenon
reverse flamegraph profiling.
It works via a per-wiki check key that is bumped whenever
someone changes a .js or .css page on that wiki.
Change-Id: I73f419558864ba3403b4601a098f6aaf84a3e7c1
Dependency-inject the MediaWiki-specific parts into a CryptHKDF
instance, which MWCryptHKDF wraps around.
Change-Id: Idff18635cfd8a3d93ea2ca8d56cdbd11eb4d3b2b
