This is more or less equivalent to the WMF shell script "sql", but it is
reasonably portable and written in a less hackish way.
Change-Id: I240d8d4e65ce46680cac257ee376a9b026c13f92
In change 4633f4d46a it was changed
to an interface implemented by both PreferencesFormLegacy and
PreferencesFormOOUI so that existing typehints for some functions
parameter would accept them both. Replace those typehints to use
HTMLForm instead. There was really no guarantee in the past that
they would only be given PreferencesForm or its subclasses, either.
Because the typehint change affects some hooks, note it as a
deprecation in MW 1.31 and a breaking change in MW 1.32.
Also add @since tags and correct some typos in code comments.
Follow-up to 4633f4d46a.
Change-Id: I61749f1d864cf68afe90cd9e15ba2d7a74252501
Each of these scripts had a class name that was not referenced outside
of the script file itself, and are safe to rename as a result.
Change-Id: Id605aca11db51ee433baeaa998a0e33184c930ca
This workaround was needed when ICU in production was broken
but after T189295 this is not needed anymore and we switched off
this collation from all Persian Wikis already
Bug: T139110
Change-Id: Ifad89555b6ac96a3eb36ca24b55e1f8ee57a1f05
Old bugs and such may have left the archive table with multiple rows
using the same ar_rev_id, or rows that also exist in the revision table.
These need to be cleaned up for MCR.
The maintenance script added here will delete rows that appear to be
duplicates of the same change, and will assign new IDs to rows that do
not appear to be duplicates.
Bug: T193180
Change-Id: I39b0825c9469e074ded3df33a4f06a1ef0edb494
Adds a maintenance script to populate the field, has that be
automatically run during update.php, and drops the no-longer-needed
default value on the column (where possible: mssql has some sort of
constraint thing going on that I have no idea how it works).
Bug: T59176
Change-Id: I971edf013a1a39466aca3b6e34c915cb24fd3aa7
The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.
This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).
This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.
This is behind feature flags that are off by default, so
merging this patch should not cause any change in default
behaviour.
This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)
This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).
For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:
https://www.mediawiki.org/wiki/Requests_for_comment/Content-Security-Policy
Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5
The Html5Depurate driver was intended to be used with an external Java
service, but it never gained traction due to deployment concerns.
The Html5Internal (Balancer) driver was originally intended for use with
the balanced templates proposal and could also handle tidying. But it was
tightly coupled to MediaWiki, so part of it was used as the basis of the
RemexHtml library. Remex most likely can also implement the balanced
templates proposal, so there isn't any reason to keep the Balancer code
around anymore,
Change-Id: I8542d69e9cdbf0e2fb7ebbb919933a64c1b8c293
The RevisionSlotsUpdate interface represents a change to a pages slots,
as applied by an edit.
This also introduces RevisionSlots::hasSameContent and pulls up
getTouchedSlots() and getInheritedSlots() from MutableRevisionStore
to RevisionStore, in preparation of using these classes in the
refactoring of WikiPage::doEditContent and friends.
Bug: T174038
Change-Id: Idb0ef885b343a76137b640fdfc1bf36104b00895
This will make jumping from file to file much easier in text
editors when file name lookups will autocomplete naturally when
looking for a class by name.
Change-Id: I4b2e55a2e72674b619d5a592866c8a019a2b0224
This ResourceLoader module provides a way to ship
messages to CSS variables.
We will need this going forward to deal with flash of
unstyled content in various JavaScript based UIs that
are subject to i18n such as table sorting and
collapsible elements.
To avoid overhead of hitting the database to fetch and
transform localisation messages we make use of the MessageBlobStore
making use of `messages` definition already inside
ResourceLoaderFileModule. Given this resource is only intended
for render blocking styles without JavaScript this should be okay
(although if requested in JavaScript will also ship associated
messages)
Bug: T42812
Change-Id: I2bf12cdc848478889acbe9a7a970e46f8aefa287
This script creates SPARQL UPDATE statements for changes in a given time
period. These statements can be applied to an existing database to
update it.
See tests for examples of how the statements look like.
Bug: T173774
Change-Id: I9867ad566c0619b55a48a011bd3c55321b1bfcff
Special:Block needs a date time selector for easier selection of expiry. To
accommodate this cleanly, a new Expiry Widget is created that handles this
logic.
Bug: T132220
Change-Id: I2853a2ca0ae6ccead3978f4bb50a77c2baa3a150
As there will likely be extensions bundled with the 1.31 release that
depend upon other extensions, we should have the installer prevent users
from enabling extensions that depend on other, not-enabled extensions.
We can build a dependency map from extension.json's "requires"
component. On the client-side, we'll first disable all checkboxes that
require other extensions, and evaluate each checkbox click, updating the
disabled checkboxes as possible.
This required some refactoring of how ExtensionRegistry reports issues
with dependency resolution so we could get a list of what was missing.
While we're at it, sort the extensions under headings by type.
This does not support skins that have dependencies yet (T186092).
Bug: T31134
Bug: T55985
Change-Id: I5f0e3b1b540b5ef6f9b8e3fc2bbaad1c65b4b680
* Make startAtomic() return a token that can be used with cancelAtomic()
cancel any nested atomic sections that have not yet been ended.
* Make doAtomicSection() clear dangling nested sections by default.
* Also give doAtomicSection() a $cancelable parameter, having the
same default as startAtomic().
Change-Id: I75fa234cb1dcfef17dc9a973a3b02d2607efa98e
Because it doesn't work. `phpcs:ignoreFile` is intended as a performance
shortcut, and gives up on the file as soon as that token is found.
Instead, use `phpcs:disable` which does support selectively disabling
some sniffs. And since disabling is local to the file, there's no need
to re-enable it at the bottom of the file.
<https://github.com/squizlabs/PHP_CodeSniffer/issues/1903> has some
relevant discussion and clarification from upstream on this.
And make the files that are now being re-enabled pass PHPCS.
Change-Id: Ia4d8c45045f61cf9f24eb1d8631ff98d99c82d69
Handle all errors in query() that might have caused rollback by
putting the Database handle into an error state that can only be
resolved by cancelAtomic() or rollback(). Other queries will be
rejected until then.
This results in more immediate exceptions in some cases where
atomic section mismatch errors would have been thrown, such as a
an error bubbling up from a child atomic section. Most cases were
a try/catch block assumes that only the statement was rolled back
now result in an error and rollback.
Callers using try/catch to handle key conflicts should instead use
SELECT FOR UPDATE to find conflicts beforehand, or use IGNORE, or
the upsert()/replace() methods. The try/catch pattern is unsafe and
no longer allowed, except for some common errors known to just
rollback the statement. Even then, such statements can come from
child atomic sections, so committing would be unsafe. Luckily, in
such cases, there will be a mismatch detected on endAtomic() or a
dangling section detected in close(), resulting in rollback.
Remove caching from DatabaseMyslBase::getServerVariableSettings
in case some SET query changes the values.
Bug: T189999
Change-Id: I532bc5201681a915d0c8aa7a3b1c143b040b142e
Revisions deleted before MediaWiki 1.5 do not have a value in this
field. This is going to be a problem for migration to the MCR schema, so
provide a maintenance script to clean this up.
Then, for good measure, change the schema to make the field
non-nullable.
Bug: T182678
Change-Id: Ie2e11f12a30f379db32c3e074658012c6f93adb0
