SHA-1 is not secure enough to be used as a cryptographic hash function, and its
implementation in JavaScript is too long and too slow for it to be a good
general-purpose hash function. And we currently throw away most of the work:
SHA-1 produces 160-bit hash values, of which we keep 48.
Although the JavaScript implementation is not exported, SHA-1 is a well-known
hash function, and I'm willing to bet that sooner or later someone will move to
make it accessible to other modules, at which point usage will start to spread.
For ResourceLoader, the qualities we're looking for in a hash function are:
* Already implemented in PHP
* Easy to implement in JavaScript
* Fast
* Collision-resistant
The requirement that hashes be cheap to compute in JavaScript narrows the field
to 32-bit hash functions, because in JavaScript bitwise operators treat their
operands as 32 bits, and arithmetic uses double-precision floats, which have a
total precision of 53 bits. It's possible to work around these limitations, but
it's a lot of extra work.
The best match I found is the 32-bit variant of FNV-1, which is available in
PHP as of version 5.4 (as 'fnv1a32'). The fnv132 JavaScript function is
around ten times faster and eight times shorter than sha1.
Change-Id: I1e4fb08d17948538d96f241b2464d594fdc14578
OptionWidget takes steps to not interfere in the tab order. TitleOptionWidget
uses links as its labels, which has a side-effect of reintroducing a tab-
focusable element into the OptionWidget. Explicitly set tabindex="-1" on these
links, to maintain the OptionWidget behavior.
Bug: T129792
Change-Id: Ia6b1361e7183e253b7abc58037f007936dfa60ff
The new form doesn't check the CSRF token. We should use either just
HTMLForm (which checks the token automatically) or just FormOptions
(and check it ourselves), not a mix of the two.
This reverts commit 598068334e.
This reverts commit 475e78c377.
Bug: T138346
Change-Id: Icc100552f3fba2e5e17ae6a2f57c2bfed32fbe83
* Added onTransactionResolution() DB method.
* Use this method so that file unlocks fire on unlockAndRollback()
as well as on DB errors (via MWExceptionHandler::handleException).
This prevents locks from getting stuck for minutes when deadlocks
happen, since the LockManager::destruct() method is not reliable.
* Fix broken reference counting which always released locks on the
first unlock() call, even if there were 2+ lock() calls.
* Added some type hints to IDatabase methods.
* Fixed DatabaseBase::__destruct() logging to include all callbacks.
Bug: T132921
Change-Id: I684706957f4d794cb6fe61505b0d26b7893de706
It never worked to begin with since it did not prefix paths, and the
documentation for it says it should not be used by extensions, so
let's stop pretending it works.
Bug: T108271
Change-Id: I665d4439d14406038f2ac767ee5ec6eb5b67fca6
This code was referencing classes that no longer exist, so it was
removed. Profiling can still be accomplished the same way normal maint
scripts are profiled, by populating StartProfiler.php and passing
'--profiler ProfilerOutputText', or something similar, on the maint
script command line.
Change-Id: Ie037f6b224ec361c86b86369e2a4fff641908053
Found by applying etsy/phan to the mediawiki codebase, in preparation
for getting it running more regularly via CI. Has no effect on how the
code runs, simply does a better job of documenting the code.
Change-Id: I4c844a51df3ffe4fbb96cac25f3eff2f7a9faca2
This was throwing exceptions, probably for many months now, when
requesting and finding interwiki search results. Probably this went
unnoticed due to interwiki search only being enabled on itwiki, and
the requirement to pass a special parameter to turn it on.
Change-Id: I68ec35bb072b5ad62dd66789936bc2ae47d5256f
This code was rather hard to follow due to reusing the same variable
multiple times. Lets give them unique names.
Change-Id: I8f134b6314d593a3e40b19765c7b71496b8e524d
Applying static analysis to mediawiki core found a short list of classes
that were undefined. Fix those up.
Change-Id: Ib7f9dbd847ada287b35afb799782fc04a3b39ce4
This error class was moved into wikimedia/cldr-plural-rule-parser
project, but in the conversion process this exception was not
converted over.
Change-Id: I36a2466a89e2ed6f0b98b45fcb945b6fdf56fbcf
Doing the i18n change in advance to allow translators lots of time to
create the translations before the following commit uses them in
practice.
Change-Id: If86485354da4e48a02aaabd0b1642ccea6a0b462
* ...to mediawiki.action.view.filepage.
* Also move the mw-metadata-show-hide-extended class
from mediawiki.action.view.metadata to
mediawiki.action.view.filepage.
Bug: T89981
Change-Id: I62cdcb625d0a5c280b8ac1ac989c7b8fa6cce47e
