Also replace uses. Some callers had a user that could be null;
RevisionRecord::userCanBitfield requires a user, so add $wgUser
fallbacks at the callers with soft deprecations for using them,
and will hard deprecate in a subsequent task.
Bug: T245958
Change-Id: I137e21e3883b149fdd98d1b59d4e498d15b39dd9
Follows-up d4045035b0.
This class was added to the MediaWiki\Special namespace, contrary to the
plan in T166010 which reserves that namespace for core special pages.
Instead, use MediaWiki\SpecialPage, following the directory in which it
is located.
Also, fix two bugs which prevented the introduction of a namespaced
class alias.
Bug: T166010
Change-Id: I6e31340aaae32a89beb7e45b79d76a7fea9808d2
In VisualEditor, when the user is saving their edit, we want to ensure
that they understand how their edit will be attributed. Therefore, if
the user gets logged out or logs in in another tab, we want to display
a message about it before saving.
We've been detecting this situation by manually managing tokens and
handling the 'badtoken' error, but our code would be much simpler and
it would be possible to share it with other extensions if we could
instead rely on automatic retrying in mw.Api#postWithToken and use
'assertuser' and 'assert' parameters. 'assert=anon' is the only
feature we're missing.
Bug: T245327
Change-Id: I485f99e1f5f493262b0c9af22370da01adf1e09c
Notably:
* In ApiManageTags, I used a switch instead of a dynamic function name,
so that the call graph will be correct.
* In ApiImageRotate, checkTitleUserPermissions() has always returned
void, this was an error introduced in 4e6810e4a2
Change-Id: Iea22616b8e7e2e0cc804619a54f8690898b2cb82
Accidentally broken by I991809acf.
Also added a test that should hopefully prevent this from accidentally
being broken again.
Bug: T245149
Change-Id: Ia7985397db50efe8af81f643f2a0a89d0ece179e
Follow-up I1462edc170127, which enabled the
UserDef::PARAM_RETURN_OBJECT flag for the 'user' parameter,
so that it returns UserIdentityValue objects instead of string
values, but the internal use of that value was still expecting
a string
Bug: T245159
Change-Id: I2f8d8c406ab81b6d5dc19a1fff389646af61001e
PHP 7.0 makes many error conditions throw instances of the new Error class
which does not extend the known Exception.
The Throwable interface provides a concise and type-safe way of handling
either, e.g. for logging purposes, but HHVM did not support it, requiring
tedious fallback checks.
This commit replaces occurrences of Exception in code paths equally
covered by Throwable, like Exception|Throwable parameter and return types
(also nullable), instanceof guards, duplicated `catch` blocks, as well as
related comments and documentation blocks, with the exception of $previous
parameter descriptions consistent with the manual at
https://www.php.net/manual/en/exception.construct.php
Proper type declarations have been added or reinstated where possible.
Change-Id: I5d3920d3cc66936a350314e2f19c4f6faeffd7c0
Added:
- ContentHandlerFactory
Tests:
- PHPUnit
Changed
- Calls of changed and deprecated
- DI for some service/api
Deprecated:
- ContentHandler::* then similar to ContentHandlerFactory
- ContentHandler::getForTitle
- ContentHandler::$handlers
Bug: T235165
Change-Id: I59246938c7ad7b3e70e46c9e698708ef9bc672c6
Apparently MariaDB will sometimes decide it makes more sense to scan and
filesort 80 million rows instead of using an index that allows it to
check only the LIMIT.
A STRAIGHT_JOIN (along with fixed table order) seems to avoid this.
Bug: T244254
Change-Id: I1bf1203459922e2a16fa7339ff424a67005e4a2a
ApiStructureTest has a lot of logic for validating Action API settings
arrays during CI. Some of that logic should be part of ParamValidator
instead.
Bug: T242887
Change-Id: I3c3d23e38456de19179ae3e5855397316b6e4c40
Depends-On: I04de72d731b94468d8a12b35df67f359382b3742
This brings significant modularization to the Action API's parameter
validation, and allows the Action API and MW REST API to share
validation code.
Note there are several changes in this patch that may affect other code;
see the entries in RELEASE-NOTES-1.35 for details.
Bug: T142080
Bug: T232672
Bug: T21195
Bug: T34675
Bug: T154774
Change-Id: I1462edc1701278760fa695308007006868b249fc
Depends-On: I10011be060fe6d27c7527312ad41218786b3f40d
Add getAvailableLogos static method and wgLogos config variable
Longterm we'll phase out wgLogo and wgLogoHD for this more extendable
config.
wgLogoHD is marked as deprecated. wgLogo continues to function as before
when wgLogos doesn't exist to cause minimum disruption.
From now on all logos should be accessed via getAvailableLogos. Patches
in Minerva and Vector follow. See I00899c16c0325f36b671baf17e88c2b5187b3526,
I569e0d800e147eabc7852567acd140108613f074 and
I013bd0904fe8c55efa49d14e84cf06ec1412896f.
Bug: T232140
Change-Id: I66a971631c623cc94b58eb0e5e5bad804789bf1c
Done:
* Replace LanguageConverter::newConverter by LanguageConverterFactory::getLanguageConverter
* Remove LanguageConverter::newConverter from all subclasses
* Add LanguageConverterFactory integration tests which covers all languages by their code.
* Caching of LanguageConverters in factory
* Make all tests running (hope that's would be enough)
* Uncomment the deprecated functions.
* Rename FakeConverter to TrivialLanguageConverter
* Create ILanguageConverter to have shared ancestor
* Make the LanguageConverter class abstract.
* Create table with mapping between lang code and converter instead of using name convention
* ILanguageConverter @internal
* Clean up code
Change-Id: I0e4d77de0f44e18c19956a1ffd69d30e63cf51bf
Bug: T226833, T243332
This log message was added at the request of Wikimedia's Security team
in 2016, but as far as I can tell was never enabled on Wikimedia sites.
Rather than adding more logic to avoid logspam when browsers include an
Origin header for same-orign requests, let's just get rid of it
entirely.
Bug: T243908
Change-Id: I799b17a5f4891f9e739d6b62551a5736b8a6664e
Released just now.
Many old suppressions can now be removed. Enabling the issue for
undeclared variables is left to do later, given that there are
roughly 200 warning.
Change-Id: I99462a1e9232d6e75022912e2df82bc2038476ef
Apparently the section edit links may depend on state that is
available through context in the Skin object, but not necessarily
through the global context, such as the current user and page title.
Allow ParserOutput::getText() to take a 'skin' option for this purpose.
Bug: T234868
Change-Id: Iaa83e5f801c7776bf8218d8ce7484e2485b227d4
ApiBase falls back to this message when the module itself doesn't define
an extended-description message. ApiDisabled and ApiQueryDisabled should
do so as well.
Bug: T242534
Change-Id: I8f3ed17559363d9c66c5baf0ef7b0675714dc877
The @see points to a totally different class – which is fine. But no
tool knows it is supposed to inherit the @return type from there.
Change-Id: I40cd0f329980553b7b5f03e8539ee80ca5f032b3
The setting of $pageParams in that code path was assuming the page was
specified by title, breaking when it was passed a pageid.
Bug: T241362
Change-Id: Ia5b34ee392c94e5ae7693e95b58806c1dac2b24e
@phan-assert-false-condition $x will make Phan infer that the argument
to parameter $x is falsey if the function returned successfully.
Change-Id: I928474e922980b2759fcc4252b1df21164297e0a
Until I70473280, integer literals were always quoted as strings, because
the databases we support all have no problem with casting
string-literals for comparisons and such.
But it turned out that gave MySQL/MariaDB's planner problems in some
queries, so we changed it to not quote actual PHP integers.
But then we run into the fact that PHP associative arrays don't preserve
the types of keys, it converts integer-like strings into actual
integers. And when those are passed to the DB unquoted for comparison
with a string-typed column, MySQL/MariaDB screws up the comparison while
PostgreSQL simply throws an error. Sigh.
So ensure the user names passed to the database are actually strings.
Bug: T240808
Change-Id: If2bca6ab9faa5b50516e47f06b0b26b3648e4cbf
Given an API response indicating an error, it returns a jQuery object
containing a human-readable error message that you can display
somewhere on the page.
Handling the "real" API responses from the server is easy, since they
already contain the error message and we basically just extract it.
The important part of this patch is handling the issues that happen
on the client, or server-side issues where the error-handling API
code never runs, so we have to figure out what happened and make up
our own error message.
I have not yet seen any mw.Api consumer that handles all the error
cases correctly (I thought VisualEditor did, but in the process of
writing this patch I learned that we missed a few cases there as
well), and most don't even try. This might not be perfect but it
should be the closest thing so far.
The new code is inspired by error handling in VisualEditor (see
I69d9432162f195dcfe9470485b549a1b007617ff) and in mw.Upload.BookletLayout.
New messages:
* 'api-clientside-error-noconnect'
- Adapted from 'apierror-offline' and 'visualeditor-error-noconnect'
* 'api-clientside-error-http'
- Adapted from 'visualeditor-loadwarning' and 'visualeditor-error-http'
* 'api-clientside-error-timeout'
- Copied from 'apierror-timeout'
* 'api-clientside-error-aborted'
- Entirely new
* 'api-clientside-error-invalidresponse'
- Copied from 'visualeditor-error-invalidresponse'
Update some existing code to use it, as an example:
* mediawiki.page.watch.ajax
- Removed messages: 'watcherrortext'
* mediawiki.special.unwatchedPages
- Removed messages: 'watcherrortext'
* mediawiki.action.edit.preview
- (errors were hardcoded in English)
* mediawiki.feedback
- Removed messages: 'feedback-error2', 'feedback-error3'
(error1 and error4 remain, they handle errors not caused by the API)
* mediawiki.Upload.BookletLayout
- Removed messages: 'apierror-timeout', 'apierror-offline', 'apierror-unknownerror'
* mediawiki.page.ready
- Removed messages: 'logout-failed'
* 'mediawiki.page.patrol.ajax
- (the messages are already used by the patrol API)
Example usages in extensions:
* VisualEditor: I69d9432162f195dcfe9470485b549a1b007617ff
* DiscussionTools: Ice92fafb1f546510dab28e3f8aa7d2280668965a
Bug: T240519
Change-Id: Ie18666b41f4aff1ab4bcf93f9df6e3000ac7b500
The OpenSearch and prefixsearch APIs are always on for external use.
This internal parameter and feature flag was used as emergency switch
when the feature was still new, as a way to selectively ignore queries
from our own frontend code if we decided to turn the feature off.
At the time, there was also the $wgEnableMWSuggest configuration variable.
The idea being that if the JS is undeployed, it may still be cached in the
HTML and in some browsers. The $wgEnableOpenSearchSuggest variable allowed
the MW servers to identify those requests and return empty array without
any further DB load. Thus returning an empty array, which the frontend
at the time (mwsuggest.js) treated the same way visually as if the suggestion
feature didn't exist.
Since then:
* $wgEnableMWSuggest was removed in MediaWiki 1.20. The search suggestions
in Vector and other skins are now always on.
* The "Disable search suggestions" user preference was removed
in MediaWiki 1.23 (T54812).
Proposing to remove this additional complexity.
Change-Id: Iec572012de171d02871b8dc3207d2b34d17bf9ef
The 'editconflict' message is used by the normal edit form, and it
expects a parameter (page name), which was never passed.
'edit-conflict' should have been used instead.
This doesn't change the error code, which is mapped in ApiMessageTrait
and it already has a case for 'edit-conflict'/'editconflict'.
Change-Id: Ic95af27a67b95310b27ec344503d0a5cd88d79a2
Passing around strings that are expected to be safe html and are
known to be based on user input is a fairly unsafe operation. Make
it harder to do the wrong thing by requiring HtmlArmor to be returned
from the ResultSet snippets. This does not address the snippets on
individual result objects as the api surface is larger and requires
more bc handling.
Change-Id: I76231d6fc53c4982eb4cd174d2e6a75eb2740497
Now we can do this given we are using php7, this would also fix some
errors in php 7.4
Bug: T239761
Change-Id: I78254afd16ec88e3bf2ffa4890b92275bd794596
Scalar casts are still allowed (for now), because there's a huge amount
of false positives. Ditto for invalid array offsets.
Thoughts about the rest: luckily, many false positives with array offsets
have gone. Moreover, since *Internal issues are suppressed in the base
config, we can remove inline suppressions.
Unfortunately, there are a couple of new issues about array additions
with only false positives, because apparently they don't take
branches into account.
Change-Id: I5a3913c6e762f77bfdae55051a395fae95d1f841
There is no security issue using RIGOR_FULL here, because the
information is not used to take an action. It is used for information to
the caller and the caller may not allow the action.
But even the caller allows the action, the action api code would check
permission with RIGOR_SECURE before doing the action.
Also use the constant to make clear which string is from api and which
one is from the PermissionManager
Bug: T239451
Change-Id: If182f0e967187704ba3fdd14592a0badff097571
In several places, we're including rc_timestamp or other fields in a
query selecting on rc_this_oldid because there was historically no index
on the column.
The needed index was created by I0ccfd26d and deployed by T202167, so
let's remove the hacks.
Bug: T139012
Bug: T239772
Change-Id: Ic99760075bde6603c9f2ab3ee262f5a2878205c7
Repeating the variable name doesn't do anything. Documentation
generators don't need it. It's more stuff to read that doesn't add new
information. And it can become outdated.
Note there are two types of @var docs. When used inline (and not on a
class property) the variable name is needed.
Change-Id: If5a520405efacd8cefd90b878c999b842b91ac61
This updates some code that has been constructing TitleValue directly
to use TitleValue::tryNew or TitleParser::makeTitleValueSafe.
Bug: T200055
Change-Id: If781fe62213413c8fb847fd9e90f079e2f9ffc9d
Pass 'rcslot' as a param for the recent changes API to
only get changes (incl. reverts) for the specified slot
Bug: T230862
Change-Id: Iae53b1b22515116c61318ebe5ad3550c45554484
Using @see is not enough description
Enable the php sniffs for now, but skip /tests/ to fix it later.
That avoids new issues in future patch sets
Change-Id: I49cb341a2880bfaeefb6bbfbb1717051ea3a4b16
Currently apihelp doesn't mention that if you query information
about revisions, e.g a user that made a certain revision,
the response will be "userhidden". This commit includes that information
in modules API:Revisions, API:AllRevisions, API:DeletedRevisions,
API:RecentChanges, API:UserContribs, API:Watchlist, API:ImageInfo
and API:Compare.
Bug: T186573
Change-Id: I579f0d8c8183d5b158b9d3c9d6ae58e99984e58c
When converting a Title object into a string for user or user talk
namespace the gender information are needed.
This patch set improves performance on wikis with gender distinction
like dewiki or ruwiki by combining the fetch of the information into one
query and avoids a query per unique user name.
It also avoids false results for request with apihighlimit, because the
apihighlimit with 5000 is higher than the query max limit of the
GenderCache with 1000
Bug: T200238
Change-Id: Ibe0561b210dbeb654117dad777e839640f51b4e4
The method was soft-deprecated in 1.34. It's not used in any WMF
installed extensions or the tarball, so it can be hard deprecated.
Bug: T220191
Change-Id: I2f48d62a8dd3592918a6197168d31a1e08bd2a3e
This reverts commit 5f06efb318, which
reverted 9335363789, which makes
the deprecated property AbstractBlock::mReason private.
After 9335363789, AbstractBlock::mReason is obsolete, since the block
reason is now stored as a CommentStoreComment, AbstractBlock::reason.
Change-Id: Ica0a74be90383689ca8e4cfe6d0fb25c9a5942c5
This reverts commit 9335363789.
Reason for revert: It's full of code accessing AbstractBlock::mReason
out there, see [1]. Also, it was never hard deprecated. While that may
be acceptable under some circumstances, it's definitely not OK to remove
code when there are consumers around. I'd have fixed it right now without
reverting if it were a single repo, but there's just too many.
[1] - https://codesearch.wmflabs.org/search/?q=-%3EmReason&i=nope&files=&repos=
Change-Id: I8669f502b50cff89e28dada0f65fe2b130ae9b37
AbstractBlock::setReason now accepts a string, Message or
CommentStoreComment. The CommentStoreComment is accessed via
AbstractBlock::getReasonComment.
AbstractBlock::getReason returns the reason as a string, with
the language and format consistent with how block reasons were
built before this commit. This method is deprecated, since it
makes assumptions about the language and format needed. The
deprecated mReason property is no longer public.
Doing this (and T227005) will remove the implicit dependency of
BlockManager::getUserBlock on language, which causes a recursion
error if the block is checked before the user has loaded. It also
provides a mechanism for getting the block reason in a language
specified by the caller. (This does not apply to DatabaseBlock
reasons entered via the Special:Block form, which were not and
are still not translatable.)
This commit also updates authentication classes to return the
translated reason.
Bug: T227007
Change-Id: Iec36876e930dff96a256aebbdc39cbfb331c244e
Some of the errors are suppressed because they're phan false positives.
The idea behind this is that they'll be fixed in a future version of
phan, and we'll just have to remove the suppressions.
Note: I'm disabling UnusedPluginSuppression so that we can start suppressing
issues even if they're still disabled. The sniff should be re-enabled
as soon as we upgrade phan.
Bug: T231636
Change-Id: I0f7fa06a9e03fbb86c7a5eb6e50a850bb258a7f7
The gender information are only needed when outputting titles,
in other cases (when only pageids are selected) it results in a
undefined property
Bug: T235316
Follow-Up: I911dcb160a7b169091b9e8f66fb3908d0f2a1ba4
Change-Id: I5c9a501919914afd38343551c755126c98d457e6
This mostly mirrors the existing handling for deprecated modules. In
lists, internal modules are ordered after deprecated ones, with
deprecated internal modules at the very end.
action=paraminfo gains an array of internalvalues analogous to
deprecatedvalues. Help messages for internal modules are prefixed with
the text “Internal”. The help page and API sandbox styles color internal
values in red, just like deprecated values (and matching the existing
style for the “this module is internal or unstable” warning in the help
page), but do not add a strikethrough.
Bug: T185508
Change-Id: I5dfc3bacbc070d74f467eb1a4042cab159aa28ec
The cleanest way to add the block cookie is to check for the users block when
the Caching headers are being added to the request. This prevents side effects
when checking for blocks and also prevents extensions from having to be aware
of block cookies.
Bug: T196575
Change-Id: I4f8de725e4be616e41d842f09f6144518237bbd5
The query for revisions include fields from the page table,
so use it with Title::newFromRow and pass it to the revision store.
If missing the revision store is using Title::newFromId for each row
For prop=revisions the page must always selected
Change-Id: I31d85bcdcfcd29892e91bf4fe1d7ec27bd61e593
These were all checked with codesearch to ensure nothing is overriding
these methods.
For the most part, I've updated the signature to use nullable types; for
two Pager's, I've just made all parameters non-optional, because you're
already forced to pass them with a required parameter at the end.
Bug: T231636
Change-Id: Ie047891f55fcd322039194cfa9a8549e4f1f6f14
forcelinkupdate and forcerecursivelinkupdate are not limited to links
updates – content handlers can register arbitrary other secondary data
updates to perform.
(Both parameters also immediately update the parser cache for the
canonical parser options, but this does not seem worth mentioning.)
Change-Id: I5f3c8d1c22a08fee816121374620f207698c2715
Add an utility function
ApiQueryBase::executeGenderCacheFromResultWrapper
GenderCache stops working when there are more than 1000 cache missed
and returning the default value (T200238)
Fill the cache with all needed users avoids this behaviour
and it saves one query per user page.
Change-Id: I911dcb160a7b169091b9e8f66fb3908d0f2a1ba4
This makes searching for them easier and makes their
order less arbitrary, especially when they are localized.
Replace one sort function wrongly chosen by me.
Change-Id: I231f28656333c5bf846bedfedb6ba5040a09f74e
This module is deprecated and is scheduled to be removed in T221869
but in order to unblock MCR work we can still remove the method call.
Bug: T198343
Change-Id: I4aed8aa0dedc7284925ce9ba48db71e6ca2db5f0
For efficient bulk querying, this means that
ApiQueryBase::showHiddenUsersAddBlockInfo() needs to return everything
needed by DatabaseBlock::newFromRow().
Since we're rewriting it anyway, we may as well also move
ApiQueryBase::showHiddenUsersAddBlockInfo() out into a trait of its own.
Bug: T232021
Change-Id: I9c5b17a232ecbfbffefc7e40608cf5684ce8a644
Some methods on LocalFile will fatal if called on a non-existing file.
ApiQueryImageInfo did not take that into account.
This patch changes LocalFile to avoid fatal errors, and ApiQueryImageInfo
to not try and report information on non-existing files.
NOTE: the modified code has NO test coverage! This should be fixed
before this patch is applied, or the patch needs to be thoroughly tested
manually.
Bug: T221812
Change-Id: I9b74545a393d1b7a25c8262d4fe37a6492bbc11e
These were discovered by setting `null_casts_as_any_type` to true in
phan, and filtering by `PhanTypeMismatchReturnNullable`. Of course there
are others, some of which are false positives, but we cannot suppress
them now (or the UnusedSuppressionPlugin will complain).
Change-Id: Ia8443e575c22f47a6d8c63038f4e7ac36815fc27
This is for classes with a single undeclared property - aside from
BlockManager: I3f51fd3579514b83b567dfe20926df2f0930dc85 removed the
declaration of $permissionManager without actually removing all uses.
Change-Id: Ic2a95f77071312041be6e0633ea9b5325e98de42
Currently, users who are partially blocked are prevented from deleting
revisions. The system should check to see if the user can edit the page.
Bug: T228486
Change-Id: Id08dfab9b0ebe9721d3552564ee9f9d1e1a4805a
The property filter in ApiQueryStashImageInfo was only applied on calls
from the class itself. The call from UploadBase does not applied the
filter and than after successful upload of a stashed file the attributes
like user or mediatype are shown, but empty and not needed.
Change-Id: I89b2a935bacea81b4c8807d7ee77021377c8635c
Currently, partially blocked users cannot add, modify, or remove tags from
revisions that they are not blocked from. This change allows them to modify
the tags on those pages.
Bug: T221444
Change-Id: I737ed82f9c5139b45922cb4ea9111b4fdc7c1c61
Effectively removes the 'deletedhistory' requirement, as this API does
not expose more information than the public toolforge database replica.
Bug: T232389
Change-Id: I84dc138aa310b601423161d1140891d47f8c64d8
These callers just need to load some data from DB_MASTER.
Subsequent code needing that latest title data should also use the
required flags, rather than relying on flakey global cache state.
Change-Id: I53248ea4b5bf1cd953f956c41b8244831ec5ef04
With Iee04afc27283547dd68d6db93f44ac2e0ebf1258, passing both the $class
and $factory parameter is deprecated in favor of just passing an
ObjectFactory spec as the third parameter.
Change-Id: I7b04d82c9daba52f5dc5e6c528739336279c7550
Title::getPrefixedText was called before the GenderCache was set up,
which lazy loads the cache for each title,
resulting in one query per user title
Splitted the foreach to fill the cache at a better location
Added a test for ApiPageSet to test that the gender cache is filled
Bug: T200238
Change-Id: I7972dd1bf3731a92328caab20e70d7b9b82c1f7c
This will allow constructing API modules that need services.
This overhauls some of the internals of the ApiModuleManager,
but the public interface remains unchanged.
The $class parameter of addModule, (now called $spec)
also allows passing an array with the spec of the module.
Note that this spec requires the attribute 'class' to be present,
even when 'factory' is specified. This is the same as before,
where $class was always required.
In a perfect DI world ObjectFactory would be injected into
ApiMain::__construct and ApiMain would pass that to its instance
of ApiModuleManager, but that is currently not possible, so for now
it is injected in ApiModuleManager by having ApiMain::__construct
call the service locator.
Bug: T222388
Change-Id: Iee04afc27283547dd68d6db93f44ac2e0ebf1258
This removes most of the pre-actor user and user_text columns, and the
$wgActorTableSchemaMigrationStage setting that used to determine
whether the columns were used.
rev_user and rev_user_text remain in the code, as on Wikimedia wikis the
revision table is too large to alter at this time. A future change will
combine that with the removal of rev_comment, rev_content_model, and
rev_content_format (and the addition of rev_comment_id and rev_actor).
ActorMigration's constructor continues to take a $stage parameter, and
continues to have the logic for handling it, for the benefit of
extensions that might need their own migration process. Code using
ActorMigration for accessing the core fields should be updated to use
the new actor fields directly. That will be done for in a followup.
Bug: T188327
Change-Id: Id35544b879af1cd708f3efd303fce8d9a1b9eb02
*LogPage::timestamp was introduced with r4919 back in 2004, and is unused
since then.
*ApiMain::mCommit was introduced in r33133, then removed in r33381 but that
line was forgotten.
*SpecialRecentChangesLinked::mResultEmpty was introduced in r36682, then
removed at some point with this leftover.
*SpecialStatistics::hook, introduced in r54511 and unused since then.
*MergeMessageFileList::hasError introduced in Id4b16083435ef7f4fce31861c72889e664d07236
and removed in I3d9cf1d614dacaa91fb2092019ccf1d14d61ccab with a leftover
Change-Id: Ie15c148a3217ee8da62874840f3ef7739893f69e
Wikimedia Commons needs the ability to quickly detect, given a SHA-1, if
a file has been previously uploaded but was deleted later. This is
currently not possible in an efficient manner because the fa_sha1
field of the public database replica is not indexed, and this API
requires the 'deletedhistory' user right.
Effectively removes the 'deletedhistory' requirement, as this API does
not expose more information than the public toolforge database replica.
Bug : T60993
Change-Id: I2e9e1d50b6db9fa17acaf14d0975b6e9145a411e
I doubt there was ever a good reason for mangling $_GET to add the
title, this was just b/c for the sake of b/c. It was formerly used in
core but that was so long ago that I doubt there was any usage in
extensions at the time. Now there is one usage of $_GET['title'] in an
unmaintained extension, but it was only added in 2017.
Also I added WebRequest::getQueryValuesOnly() which is an interface to
the unmodified $_GET. The motivation is allowing OAuth to work with the
REST API, since OAuth needs an unmangled view of $_GET for signature
generation. The Action API gets around the problem with a special hack
in interpolateTitle(), disabling it for the Action API only.
A review of callers of getQueryValues() suggests that many would
benefit from using getQueryValuesOnly() instead. But I only changed it for
callers in api.php and thumb.php since the effect of the change there is
certainly beneficial, whereas callers under index.php may possibly be using
the path parameters to construct self-links.
Rest\RequestFromGlobals uses $_GET directly, which means that this
change causes it to not return PathRouter matches as GET parameters
anymore.
Change-Id: Ic469577fae17c0b1ac69466df7bc9f03e61c74e3
This allows us to remove many suppressions for phan false positives.
Bug: T231636
Depends-On: I82a279e1f7b0fdefd3bb712e46c7d0665429d065
Change-Id: I5c251e9584a1ae9fb1577afcafb5001e0dcd41c7
