Maybe WebResponse would be a better place for this, but this'll work for
now.
* Add getVaryHeader() to get the serialized version of $mVaryHeader.
* Remove 'Cookie' from the initializer, and add it explicitly later
** This allows reuse by code that doesn't want 'Cookie' in there
Change-Id: Ifa8f74a21f832154b05e54ced95b9f9eb6052fcd
* No need to cast to array twice
* Should cast to array before doing count()
* Avoid variable name conflict in the for loop with the one outside
the loop for clarity.
No functional changes.
Change-Id: I93e7829e23372ea25e2f5123f7a990b6718663f3
method in mw.page.watch. Update method to toggle watch, unwatch
list item id attribute.
Patchset 2- Expose method with less code duplication, restore
comments, cleanup whitespace.
Patchset 3-5 Whitespace cleanup
Patchset 6 - Trigger a watch event on the updated li
Patchset 7 - Only trigger watch event if not updating
state, announce opposite of icon action, to properly
indicate action taken.
Patchset 8 - Cleanup spacing and comments issues,
change event namespace.
Patchset 9 - actually add the change
Change-Id: I591f9f847db391c5d1477dc2ed41de54ec266261
addVaryHeader() converts $options to an array, so null values (no XVO
options) are converted to empty arrays. This led to headers like:
X-Vary-Options: Foo;string-contains=bar,Baz;,Quux;string-contains=xyz
This fix changes the "Baz;," part to "Baz,"
Change-Id: I2fa0b374f5d4cfa6b894cbd9de8c14354f04ad86
Fix for r10265: OutputPage::uncacheableBecauseRequestvars() as written
in that revision is backwards, apparently declaring all requests to be
uncacheable except those with useskin or uselang. Luckily getText() has
always converted its default parameter to a string, so the triple-equals
comparisons always fail, and uncacheableBecauseRequestvars() always
returns false.
In any case, it was never necessary to suppress the client-side cache
for useskin/uselang views, so the accidental behaviour was appropriate.
Change-Id: I520940867509b986a47d63ead9b549e8aa82fa1f
loader.
Site, user, and user.groups modules are pre-registered in JS client-side
loader. This prevents loading them again if they're given as explicit
dependencies of some other module.
Enabled modules are registered as "loading", disabled ones as "missing".
Empty modules register themselves as "ready".
Also adapt the client-side mw.loader.state to ensure that dependencies
are tracked if called with state "ready".
Note the FIXME in OutputPage.php; methinks this is an already existing
issue not fixed by this change.
Changeset 2: fix bug number in commit message (32537, not 32357!)
Changeset 3: change 'ready' registration as discussed; adapt line
lengths; clean up client-side code.
Changeset 4: "missing" status for disabled modules.
Change-Id: I595b3af1900d4bec0c35940ef51a19c8a7440faa
...that returns head tags as associative array for the benefit of skin
makers who don't want to output every <meta> tag in the universe.
Patchset 2: make sure that array keys are unique
Change-Id: I6fa3c954d603e0e401cbdb68975d536cf07e11ab
* (bug 35317) CSRF in Special:Upload
Revert r56793, which removed the CSRF check for Special:Upload for normal file
uploads. Cross-site posting of file uploads without user interaction has been
possible since at least as early as Chrome 8 (late 2010) and Firefox 6 (mid
2011).
Commonist has used api.php since version 0.4.0 (April 2010), and the API
already requires an edit token, so Commonist 0.4.0+ is not affected by this
change.
* (bug 34907) Fix for CSRF vulnerability due to mw.user.tokens. Patch by Roan
Kattouw and Tim Starling.
* Filter out private modules early in ResourceLoader::makeResponse() and just
pretend they weren't specified. This means these modules cannot be loaded
through load.php . This filtering must not happen in makeModuleResponse(),
because that would break inlining.
* Force inlining of private modules in OutputPage::makeResourceLoaderLink(),
disregarding $wgResourceLoaderInlinePrivateModules
* Remove $wgResourceLoaderInlinePrivateModules
* Remove special treatment of private modules ($private) in
ResourceLoader::makeResponse() and sendResponseHeaders(), because we're not
allowing private modules to be loaded through here any more
* Remove identity checks in ResourceLoaderUserOptionsModule and
ResourceLoaderUserCSSPrefsModule, they didn't make a lot of sense before but
they're certainly useless now.
* Factored out error comment construction in ResourceLoader.php and stripped
comment terminations from exception messages. I didn't find an XSS
vulnerability but it looked scary.
Patchset2:
Removes whitespace error that prevented automatic merge by Gerrit:
includes/resourceloader/ResourceLoaderUserOptionsModule.php
Change-Id: I2dec8b8caf9db3c64919763865cc10cccdd6a1a3
* Introduces $wgPreloadJavaScriptMwUtil
* Instead of loading mediawiki.util as base module from the bottom, now loading it from queue position "top" if $wgPreloadJavaScriptMwUtil is true. And if false it'll remain in the bottom in practice as implied by other modules loading it as a dependency (i.e. mediawiki.page.ready depends on it)
* Fixes bug 33746
* Removed 'pcache_miss_invalid' from stats.php and clear_stats.php, no longer used
* Added missing 'job-insert' and 'job-pop' to clear_stats.php
* Added missing call to wfIncrStats( 'pcache_miss_absent' ) when there's no key in ParserCacge::get()
* Removed useless 'pcache_not_possible' stat from OutputPage::addWikiTextTitle() since that function is mostly used for interface messages
* Action/Context stuff is pretty deeply nested everywhere.
* Should be okay now, at last.
* Reverts reverting r109243
* Same as r109223, except adding this:
+ if ( !$context->canUseWikiPage() ) {
+ return 'view';
+ }
* Add the mediawiki.debug module from OutputPage::addDefaultModules() along with other modules
* Get the request information when building the JS output instead of in Setup.php
* Fixes bug 4438
* Depends on r108342. See also r108343 which did a similar thing for mw.config wgAction
Previously attempted in r91871, which was reverted in r94131.
Added in OutputPage instead of Skin::getPageClasses, as this is not directly page nor skin related. It also ensures independency from skins, this CSS class should be always available so that it can be relied on by the front-end.
