From 202f695f671bb1b6c25ebec219da348e9935692e Mon Sep 17 00:00:00 2001
From: Fomafix <fomafix@googlemail.com>
Date: Thu, 13 Oct 2016 07:34:26 +0200
Subject: [PATCH] Update weblinks in comments from HTTP to HTTPS

Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.

Also update some defect links.

Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
---
 includes/AjaxResponse.php                     |  2 +-
 includes/DefaultSettings.php                  | 32 +++++++++----------
 includes/FormOptions.php                      |  2 +-
 includes/GlobalFunctions.php                  | 14 ++++----
 includes/Html.php                             | 28 ++++++++--------
 includes/MediaWikiServices.php                |  2 +-
 includes/OutputPage.php                       |  6 ++--
 includes/Sanitizer.php                        | 30 ++++++++---------
 includes/WebRequest.php                       |  6 ++--
 includes/WebRequestUpload.php                 |  2 +-
 includes/api/ApiMain.php                      |  6 ++--
 includes/api/ApiRsd.php                       |  2 +-
 includes/cache/localisation/LCStoreCDB.php    |  2 +-
 includes/db/DatabaseMssql.php                 |  2 +-
 includes/export/XmlDumpWriter.php             |  2 +-
 .../lockmanager/MySqlLockManager.php          |  2 +-
 includes/htmlform/fields/HTMLFloatField.php   |  2 +-
 includes/htmlform/fields/HTMLHiddenField.php  |  2 +-
 includes/htmlform/fields/HTMLIntField.php     |  2 +-
 includes/installer/MssqlInstaller.php         |  2 +-
 includes/installer/PhpBugTests.php            |  2 +-
 includes/jobqueue/JobQueueDB.php              |  4 +--
 includes/jobqueue/JobRunner.php               |  2 +-
 includes/libs/MultiHttpClient.php             |  2 +-
 includes/libs/Timing.php                      |  4 +--
 includes/libs/filebackend/FileBackend.php     |  2 +-
 .../libs/filebackend/SwiftFileBackend.php     |  4 +--
 includes/libs/jsminplus.php                   |  8 ++---
 includes/libs/mime/MimeAnalyzer.php           |  2 +-
 includes/libs/rdbms/database/Database.php     |  2 +-
 .../libs/rdbms/database/DatabaseMysqlBase.php | 12 +++----
 .../libs/rdbms/database/DatabasePostgres.php  |  2 +-
 .../libs/rdbms/database/DatabaseSqlite.php    |  2 +-
 includes/libs/rdbms/database/IDatabase.php    | 16 +++++-----
 .../database/position/MySQLMasterPos.php      |  4 +--
 includes/libs/rdbms/lbfactory/LBFactory.php   |  2 +-
 .../libs/rdbms/loadbalancer/LoadBalancer.php  |  2 +-
 .../rdbms/loadmonitor/LoadMonitorMySQL.php    |  2 +-
 includes/libs/time/ConvertibleTimestamp.php   |  2 +-
 includes/mail/UserMailer.php                  |  2 +-
 includes/media/DjVuImage.php                  |  2 +-
 includes/media/MediaHandler.php               |  2 +-
 includes/media/PNGMetadataExtractor.php       |  4 +--
 includes/media/SVGMetadataExtractor.php       |  4 +--
 includes/media/XCF.php                        |  2 +-
 includes/page/WikiPage.php                    |  2 +-
 includes/pager/TablePager.php                 |  2 +-
 includes/parser/Parser.php                    |  2 +-
 includes/resourceloader/ResourceLoader.php    | 10 +++---
 includes/specials/SpecialUploadStash.php      |  2 +-
 includes/tidy/RaggettInternalPHP.php          |  2 +-
 includes/user/User.php                        |  2 +-
 includes/utils/UIDGenerator.php               |  6 ++--
 maintenance/archives/patch-img_media_type.sql |  4 +--
 maintenance/dev/includes/router.php           |  2 +-
 maintenance/findHooks.php                     |  2 +-
 maintenance/jsduck/external.js                |  2 +-
 maintenance/language/digit2html.php           |  2 +-
 maintenance/mssql/tables.sql                  |  4 +--
 maintenance/mwdoc-filter.php                  |  4 +--
 maintenance/rebuildLocalisationCache.php      |  2 +-
 .../sqlite/archives/searchindex-fts3.sql      |  4 +--
 maintenance/tables.sql                        |  4 +--
 resources/src/jquery/jquery.accessKeyLabel.js |  2 +-
 resources/src/jquery/jquery.byteLimit.js      |  4 +--
 resources/src/mediawiki.legacy/oldshared.css  |  2 +-
 resources/src/mediawiki.skinning/content.css  |  2 +-
 resources/src/mediawiki/mediawiki.js          |  2 +-
 resources/src/polyfill-nodeTypes.js           |  2 +-
 tests/parser/parserTests.txt                  | 16 +++++-----
 tests/phpunit/includes/HtmlTest.php           |  2 +-
 tests/phpunit/includes/HttpTest.php           |  2 +-
 tests/phpunit/includes/SampleTest.php         | 10 +++---
 tests/phpunit/includes/SanitizerTest.php      |  6 ++--
 .../installer/DatabaseUpdaterTest.php         | 14 ++++----
 .../specials/QueryAllSpecialPagesTest.php     |  4 +--
 .../includes/upload/UploadBaseTest.php        |  2 +-
 .../suites/ParserTestTopLevelSuite.php        |  2 +-
 78 files changed, 185 insertions(+), 185 deletions(-)

diff --git a/includes/AjaxResponse.php b/includes/AjaxResponse.php
index 4fe46dd1af..0686578c17 100644
--- a/includes/AjaxResponse.php
+++ b/includes/AjaxResponse.php
@@ -161,7 +161,7 @@ class AjaxResponse {
 			// For back-compat, it is supported that mResponseCode be a string like " 200 OK"
 			// (with leading space and the status message after). Cast response code to an integer
 			// to take advantage of PHP's conversion rules which will turn "  200 OK" into 200.
-			// http://php.net/string#language.types.string.conversion
+			// https://secure.php.net/manual/en/language.types.string.php#language.types.string.conversion
 			$n = intval( trim( $this->mResponseCode ) );
 			HttpStatus::header( $n );
 		}
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 2ae33b2584..7cdd7c317d 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -311,7 +311,7 @@ $wgAppleTouchIcon = false;
  * Value for the referrer policy meta tag.
  * One of 'never', 'default', 'origin', 'always'. Setting it to false just
  * prevents the meta tag from being output.
- * See http://www.w3.org/TR/referrer-policy/ for details.
+ * See https://www.w3.org/TR/referrer-policy/ for details.
  *
  * @since 1.25
  */
@@ -658,7 +658,7 @@ $wgLockManagers = [];
 
 /**
  * Show Exif data, on by default if available.
- * Requires PHP's Exif extension: http://www.php.net/manual/en/ref.exif.php
+ * Requires PHP's Exif extension: https://secure.php.net/manual/en/ref.exif.php
  *
  * @note FOR WINDOWS USERS:
  * To enable Exif functions, add the following line to the "Windows
@@ -1511,7 +1511,7 @@ $wgDjvuTxt = null;
  * For now we recommend you use djvudump instead. The djvuxml output is
  * probably more stable, so we'll switch back to it as soon as they fix
  * the efficiency problem.
- * http://sourceforge.net/tracker/index.php?func=detail&aid=1704049&group_id=32953&atid=406583
+ * https://sourceforge.net/tracker/index.php?func=detail&aid=1704049&group_id=32953&atid=406583
  *
  * @par Example:
  * @code
@@ -1973,7 +1973,7 @@ $wgDBerrorLog = false;
  * Defaults to the wiki timezone ($wgLocaltimezone).
  *
  * A list of usable timezones can found at:
- * http://php.net/manual/en/timezones.php
+ * https://secure.php.net/manual/en/timezones.php
  *
  * @par Examples:
  * @code
@@ -3110,7 +3110,7 @@ $wgForceUIMsgAsContentMsg = [];
  * timezone-nameinlowercase like timezone-utc.
  *
  * A list of usable timezones can found at:
- * http://php.net/manual/en/timezones.php
+ * https://secure.php.net/manual/en/timezones.php
  *
  * @par Examples:
  * @code
@@ -3178,7 +3178,7 @@ $wgHtml5 = true;
  *
  * If your wiki uses RDFa, set it to the correct value for RDFa+HTML5.
  * Correct current values are 'HTML+RDFa 1.0' or 'XHTML+RDFa 1.0'.
- * See also http://www.w3.org/TR/rdfa-in-html/#document-conformance
+ * See also https://www.w3.org/TR/rdfa-in-html/#document-conformance
  * @since 1.16
  */
 $wgHtml5Version = null;
@@ -4216,7 +4216,7 @@ $wgAllowImageTag = false;
 /**
  * Configuration for HTML postprocessing tool. Set this to a configuration
  * array to enable an external tool. Dave Raggett's "HTML Tidy" is typically
- * used. See http://www.w3.org/People/Raggett/tidy/
+ * used. See https://www.w3.org/People/Raggett/tidy/
  *
  * If this is null and $wgUseTidy is true, the deprecated configuration
  * parameters will be used instead.
@@ -6372,9 +6372,9 @@ $wgDisableInternalSearch = false;
  * To forward to Google you'd have something like:
  * @code
  * $wgSearchForwardUrl =
- *     'http://www.google.com/search?q=$1' .
- *     '&domains=http://example.com' .
- *     '&sitesearch=http://example.com' .
+ *     'https://www.google.com/search?q=$1' .
+ *     '&domains=https://example.com' .
+ *     '&sitesearch=https://example.com' .
  *     '&ie=utf-8&oe=utf-8';
  * @endcode
  */
@@ -6707,9 +6707,9 @@ $wgFeedDiffCutoff = 32768;
  * Should be a format as key (either 'rss' or 'atom') and an URL to the feed
  * as value.
  * @par Example:
- * Configure the 'atom' feed to http://example.com/somefeed.xml
+ * Configure the 'atom' feed to https://example.com/somefeed.xml
  * @code
- * $wgSiteFeed['atom'] = "http://example.com/somefeed.xml";
+ * $wgSiteFeed['atom'] = "https://example.com/somefeed.xml";
  * @endcode
  */
 $wgOverrideSiteFeed = [];
@@ -7118,7 +7118,7 @@ $wgAutoloadAttemptLowercase = true;
  *         'Foo Barstein',
  *     ],
  *     'version' => '1.9.0',
- *     'url' => 'http://example.org/example-extension/',
+ *     'url' => 'https://example.org/example-extension/',
  *     'descriptionmsg' => 'exampleextension-desc',
  *     'license-name' => 'GPL-2.0+',
  * ];
@@ -7145,7 +7145,7 @@ $wgAutoloadAttemptLowercase = true;
  * - author: A string or an array of strings. Authors can be linked using
  *    the regular wikitext link syntax. To have an internationalized version of
  *    "and others" show, add an element "...". This element can also be linked,
- *    for instance "[http://example ...]".
+ *    for instance "[https://example ...]".
  *
  * - descriptionmsg: A message key or an an array with message key and parameters:
  *    `'descriptionmsg' => 'exampleextension-desc',`
@@ -7363,7 +7363,7 @@ $wgCategoryPagingLimit = 200;
  *     all languages in a mediocre way. However, it is better than "uppercase".
  *
  * To use the uca-default collation, you must have PHP's intl extension
- * installed. See http://php.net/manual/en/intl.setup.php . The details of the
+ * installed. See https://secure.php.net/manual/en/intl.setup.php . The details of the
  * resulting collation will depend on the version of ICU installed on the
  * server.
  *
@@ -8032,7 +8032,7 @@ $wgShellCgroup = false;
 $wgPhpCli = '/usr/bin/php';
 
 /**
- * Locale for LC_CTYPE, to work around http://bugs.php.net/bug.php?id=45132
+ * Locale for LC_CTYPE, to work around https://bugs.php.net/bug.php?id=45132
  * For Unix-like operating systems, set this to to a locale that has a UTF-8
  * character set. Only the character set is relevant.
  */
diff --git a/includes/FormOptions.php b/includes/FormOptions.php
index 5e5e8d4011..6706db7e53 100644
--- a/includes/FormOptions.php
+++ b/includes/FormOptions.php
@@ -370,7 +370,7 @@ class FormOptions implements ArrayAccess {
 
 	/** @name ArrayAccess functions
 	 * These functions implement the ArrayAccess PHP interface.
-	 * @see http://php.net/manual/en/class.arrayaccess.php
+	 * @see https://secure.php.net/manual/en/class.arrayaccess.php
 	 */
 	/* @{ */
 	/**
diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 2b6088edeb..ec097029eb 100644
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -40,7 +40,7 @@ use Wikimedia\ScopedCallback;
  */
 
 // hash_equals function only exists in PHP >= 5.6.0
-// http://php.net/hash_equals
+// https://secure.php.net/hash_equals
 if ( !function_exists( 'hash_equals' ) ) {
 	/**
 	 * Check whether a user-provided string is equal to a fixed-length secret string
@@ -2134,7 +2134,7 @@ function wfMkdirParents( $dir, $mode = null, $caller = null ) {
  */
 function wfRecursiveRemoveDir( $dir ) {
 	wfDebug( __FUNCTION__ . "( $dir )\n" );
-	// taken from http://de3.php.net/manual/en/function.rmdir.php#98622
+	// taken from https://secure.php.net/manual/en/function.rmdir.php#98622
 	if ( is_dir( $dir ) ) {
 		$objects = scandir( $dir );
 		foreach ( $objects as $object ) {
@@ -2227,8 +2227,8 @@ function wfEscapeShellArg( /*...*/ ) {
 			// Escaping for an MSVC-style command line parser and CMD.EXE
 			// @codingStandardsIgnoreStart For long URLs
 			// Refs:
-			//  * http://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
-			//  * http://technet.microsoft.com/en-us/library/cc723564.aspx
+			//  * https://web.archive.org/web/20020708081031/http://mailman.lyra.org/pipermail/scite-interest/2002-March/000436.html
+			//  * https://technet.microsoft.com/en-us/library/cc723564.aspx
 			//  * T15518
 			//  * CR r63214
 			// Double the backslashes before any double quotes. Escape the double quotes.
@@ -2328,7 +2328,7 @@ function wfShellExec( $cmd, &$retval = null, $environ = [],
 		if ( wfIsWindows() ) {
 			/* Surrounding a set in quotes (method used by wfEscapeShellArg) makes the quotes themselves
 			 * appear in the environment variable, so we must use carat escaping as documented in
-			 * http://technet.microsoft.com/en-us/library/cc723564.aspx
+			 * https://technet.microsoft.com/en-us/library/cc723564.aspx
 			 * Note however that the quote isn't listed there, but is needed, and the parentheses
 			 * are listed there but doesn't appear to need it.
 			 */
@@ -2546,7 +2546,7 @@ function wfShellExecWithStderr( $cmd, &$retval = null, $environ = [], $limits =
 }
 
 /**
- * Workaround for http://bugs.php.net/bug.php?id=45132
+ * Workaround for https://bugs.php.net/bug.php?id=45132
  * escapeshellarg() destroys non-ASCII characters if LANG is not a UTF-8 locale
  */
 function wfInitShellLocale() {
@@ -2798,7 +2798,7 @@ function wfUseMW( $req_ver ) {
 /**
  * Return the final portion of a pathname.
  * Reimplemented because PHP5's "basename()" is buggy with multibyte text.
- * http://bugs.php.net/bug.php?id=33898
+ * https://bugs.php.net/bug.php?id=33898
  *
  * PHP's basename() only considers '\' a pathchar on Windows and Netware.
  * We'll consider it so always, as we don't want '\s' in our Unix paths either.
diff --git a/includes/Html.php b/includes/Html.php
index 48b30c7802..0b6b6556ac 100644
--- a/includes/Html.php
+++ b/includes/Html.php
@@ -3,7 +3,7 @@
  * Collection of methods to generate HTML content
  *
  * Copyright © 2009 Aryeh Gregor
- * http://www.mediawiki.org/
+ * https://www.mediawiki.org/
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -156,10 +156,10 @@ class Html {
 	 * @param string $contents The raw HTML contents of the element: *not*
 	 *   escaped!
 	 * @param array $attrs Associative array of attributes, e.g., [
-	 *   'href' => 'http://www.mediawiki.org/' ]. See expandAttributes() for
+	 *   'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
 	 *   further documentation.
 	 * @param string[] $modifiers classes to add to the button
-	 * @see http://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
+	 * @see https://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
 	 * @return string Raw HTML
 	 */
 	public static function linkButton( $contents, array $attrs, array $modifiers = [] ) {
@@ -176,10 +176,10 @@ class Html {
 	 * @param string $contents The raw HTML contents of the element: *not*
 	 *   escaped!
 	 * @param array $attrs Associative array of attributes, e.g., [
-	 *   'href' => 'http://www.mediawiki.org/' ]. See expandAttributes() for
+	 *   'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
 	 *   further documentation.
 	 * @param string[] $modifiers classes to add to the button
-	 * @see http://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
+	 * @see https://tools.wmflabs.org/styleguide/desktop/index.html for guidance on available modifiers
 	 * @return string Raw HTML
 	 */
 	public static function submitButton( $contents, array $attrs, array $modifiers = [] ) {
@@ -200,7 +200,7 @@ class Html {
 	 *
 	 * @param string $element The element's name, e.g., 'a'
 	 * @param array $attribs Associative array of attributes, e.g., [
-	 *   'href' => 'http://www.mediawiki.org/' ]. See expandAttributes() for
+	 *   'href' => 'https://www.mediawiki.org/' ]. See expandAttributes() for
 	 *   further documentation.
 	 * @param string $contents The raw HTML contents of the element: *not*
 	 *   escaped!
@@ -321,7 +321,7 @@ class Html {
 	 *
 	 * @param string $element Name of the element, e.g., 'a'
 	 * @param array $attribs Associative array of attributes, e.g., [
-	 *   'href' => 'http://www.mediawiki.org/' ].  See expandAttributes() for
+	 *   'href' => 'https://www.mediawiki.org/' ].  See expandAttributes() for
 	 *   further documentation.
 	 * @return array An array of attributes functionally identical to $attribs
 	 */
@@ -431,8 +431,8 @@ class Html {
 	/**
 	 * Given an associative array of element attributes, generate a string
 	 * to stick after the element name in HTML output.  Like [ 'href' =>
-	 * 'http://www.mediawiki.org/' ] becomes something like
-	 * ' href="http://www.mediawiki.org"'.  Again, this is like
+	 * 'https://www.mediawiki.org/' ] becomes something like
+	 * ' href="https://www.mediawiki.org"'.  Again, this is like
 	 * Xml::expandAttributes(), but it implements some HTML-specific logic.
 	 *
 	 * Attributes that can contain space-separated lists ('class', 'accesskey' and 'rel') array
@@ -458,7 +458,7 @@ class Html {
 	 * @endcode
 	 *
 	 * @param array $attribs Associative array of attributes, e.g., [
-	 *   'href' => 'http://www.mediawiki.org/' ].  Values will be HTML-escaped.
+	 *   'href' => 'https://www.mediawiki.org/' ].  Values will be HTML-escaped.
 	 *   A value of false means to omit the attribute.  For boolean attributes,
 	 *   you can omit the key, e.g., [ 'checked' ] instead of
 	 *   [ 'checked' => 'checked' ] or such.
@@ -501,8 +501,8 @@ class Html {
 				continue;
 			}
 
-			// http://www.w3.org/TR/html401/index/attributes.html ("space-separated")
-			// http://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
+			// https://www.w3.org/TR/html401/index/attributes.html ("space-separated")
+			// https://www.w3.org/TR/html5/index.html#attributes-1 ("space-separated")
 			$spaceSeparatedListAttributes = [
 				'class', // html4, html5
 				'accesskey', // as of html5, multiple space-separated values allowed
@@ -956,7 +956,7 @@ class Html {
 	 * @return bool
 	 */
 	public static function isXmlMimeType( $mimetype ) {
-		# http://www.whatwg.org/html/infrastructure.html#xml-mime-type
+		# https://html.spec.whatwg.org/multipage/infrastructure.html#xml-mime-type
 		# * text/xml
 		# * application/xml
 		# * Any MIME type with a subtype ending in +xml (this implicitly includes application/xhtml+xml)
@@ -1005,7 +1005,7 @@ class Html {
 	 *
 	 * @note srcset width and height values are not supported.
 	 *
-	 * @see http://www.whatwg.org/html/embedded-content-1.html#attr-img-srcset
+	 * @see https://html.spec.whatwg.org/#attr-img-srcset
 	 *
 	 * @par Example:
 	 * @code
diff --git a/includes/MediaWikiServices.php b/includes/MediaWikiServices.php
index 7f94ced2c9..4e80ba1c08 100644
--- a/includes/MediaWikiServices.php
+++ b/includes/MediaWikiServices.php
@@ -296,7 +296,7 @@ class MediaWikiServices extends ServiceContainer {
 		self::resetGlobalInstance();
 
 		// Child, reseed because there is no bug in PHP:
-		// http://bugs.php.net/bug.php?id=42465
+		// https://bugs.php.net/bug.php?id=42465
 		mt_srand( getmypid() );
 	}
 
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index a69c0e6692..4d8f836836 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2773,8 +2773,8 @@ class OutputPage extends ContextSource {
 			// The spec recommends defining XHTML5's charset using the XML declaration
 			// instead of meta.
 			// Our XML declaration is output by Html::htmlHeader.
-			// http://www.whatwg.org/html/semantics.html#attr-meta-http-equiv-content-type
-			// http://www.whatwg.org/html/semantics.html#charset
+			// https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv-content-type
+			// https://html.spec.whatwg.org/multipage/semantics.html#charset
 			$pieces[] = Html::element( 'meta', [ 'charset' => 'UTF-8' ] );
 		}
 
@@ -3656,7 +3656,7 @@ class OutputPage extends ContextSource {
 	public static function transformCssMedia( $media ) {
 		global $wgRequest;
 
-		// http://www.w3.org/TR/css3-mediaqueries/#syntax
+		// https://www.w3.org/TR/css3-mediaqueries/#syntax
 		$screenMediaQueryRegex = '/^(?:only\s+)?screen\b/i';
 
 		// Switch in on-screen display for media testing
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 4069658376..44e4e3eb91 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -41,7 +41,7 @@ class Sanitizer {
 
 	/**
 	 * Acceptable tag name charset from HTML5 parsing spec
-	 * http://www.w3.org/TR/html5/syntax.html#tag-open-state
+	 * https://www.w3.org/TR/html5/syntax.html#tag-open-state
 	 */
 	const ELEMENT_BITS_REGEX = '!^(/?)([A-Za-z][^\t\n\v />\0]*+)([^>]*?)(/?>)([^<]*)$!';
 
@@ -58,7 +58,7 @@ class Sanitizer {
 
 	/**
 	 * List of all named character entities defined in HTML 4.01
-	 * http://www.w3.org/TR/html4/sgml/entities.html
+	 * https://www.w3.org/TR/html4/sgml/entities.html
 	 * As well as &apos; which is only defined starting in XHTML1.
 	 */
 	private static $htmlEntities = [
@@ -333,7 +333,7 @@ class Sanitizer {
 	/**
 	 * Regular expression to match HTML/XML attribute pairs within a tag.
 	 * Allows some... latitude. Based on,
-	 * http://www.w3.org/TR/html5/syntax.html#before-attribute-value-state
+	 * https://www.w3.org/TR/html5/syntax.html#before-attribute-value-state
 	 * Used in Sanitizer::fixTagAttributes and Sanitizer::decodeTagAttributes
 	 * @return string
 	 */
@@ -1149,11 +1149,11 @@ class Sanitizer {
 	 * ambiguous if it's part of something that looks like a percent escape
 	 * (which don't work reliably in fragments cross-browser).
 	 *
-	 * @see http://www.w3.org/TR/html401/types.html#type-name Valid characters
+	 * @see https://www.w3.org/TR/html401/types.html#type-name Valid characters
 	 *   in the id and name attributes
-	 * @see http://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with
+	 * @see https://www.w3.org/TR/html401/struct/links.html#h-12.2.3 Anchors with
 	 *   the id attribute
-	 * @see http://www.whatwg.org/html/elements.html#the-id-attribute
+	 * @see https://www.w3.org/TR/html5/dom.html#the-id-attribute
 	 *   HTML5 definition of id attribute
 	 *
 	 * @param string $id Id to escape
@@ -1239,7 +1239,7 @@ class Sanitizer {
 	 *
 	 * @todo For extra validity, input should be validated UTF-8.
 	 *
-	 * @see http://www.w3.org/TR/CSS21/syndata.html Valid characters/format
+	 * @see https://www.w3.org/TR/CSS21/syndata.html Valid characters/format
 	 *
 	 * @param string $class
 	 * @return string
@@ -1352,7 +1352,7 @@ class Sanitizer {
 		} elseif ( !isset( $set[2] ) ) {
 			# In XHTML, attributes must have a value so return an empty string.
 			# See "Empty attribute syntax",
-			# http://www.w3.org/TR/html5/syntax.html#syntax-attribute-name
+			# https://www.w3.org/TR/html5/syntax.html#syntax-attribute-name
 			return "";
 		} else {
 			throw new MWException( "Tag conditions not met. This should never happen and is a bug." );
@@ -1622,7 +1622,7 @@ class Sanitizer {
 
 			# RDFa
 			# These attributes are specified in section 9 of
-			# http://www.w3.org/TR/2008/REC-rdfa-syntax-20081014
+			# https://www.w3.org/TR/2008/REC-rdfa-syntax-20081014
 			'about',
 			'property',
 			'resource',
@@ -1630,7 +1630,7 @@ class Sanitizer {
 			'typeof',
 
 			# Microdata. These are specified by
-			# http://www.whatwg.org/html/microdata.html#the-microdata-model
+			# https://html.spec.whatwg.org/multipage/microdata.html#the-microdata-model
 			'itemid',
 			'itemprop',
 			'itemref',
@@ -1654,7 +1654,7 @@ class Sanitizer {
 		];
 
 		# Numbers refer to sections in HTML 4.01 standard describing the element.
-		# See: http://www.w3.org/TR/html4/
+		# See: https://www.w3.org/TR/html4/
 		$whitelist = [
 			# 7.5.4
 			'div'        => $block,
@@ -1701,7 +1701,7 @@ class Sanitizer {
 			# 9.3.2
 			'br'         => array_merge( $common, [ 'clear' ] ),
 
-			# http://www.whatwg.org/html/text-level-semantics.html#the-wbr-element
+			# https://www.w3.org/TR/html5/text-level-semantics.html#the-wbr-element
 			'wbr'        => $common,
 
 			# 9.3.4
@@ -1776,7 +1776,7 @@ class Sanitizer {
 			'hr'         => array_merge( $common, [ 'width' ] ),
 
 			# HTML Ruby annotation text module, simple ruby only.
-			# http://www.whatwg.org/html/text-level-semantics.html#the-ruby-element
+			# https://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element
 			'ruby'       => $common,
 			# rbc
 			'rb'         => $common,
@@ -1786,14 +1786,14 @@ class Sanitizer {
 
 			# MathML root element, where used for extensions
 			# 'title' may not be 100% valid here; it's XHTML
-			# http://www.w3.org/TR/REC-MathML/
+			# https://www.w3.org/TR/REC-MathML/
 			'math'       => [ 'class', 'style', 'id', 'title' ],
 
 			# HTML 5 section 4.6
 			'bdi' => $common,
 
 			# HTML5 elements, defined by:
-			# http://www.whatwg.org/html/
+			# https://html.spec.whatwg.org/multipage/semantics.html#the-data-element
 			'data' => array_merge( $common, [ 'value' ] ),
 			'time' => array_merge( $common, [ 'datetime' ] ),
 			'mark' => $common,
diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index 0065135ae0..3ef3bc1e0b 100644
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -113,7 +113,7 @@ class WebRequest {
 	 */
 	public static function getPathInfo( $want = 'all' ) {
 		global $wgUsePathInfo;
-		// PATH_INFO is mangled due to http://bugs.php.net/bug.php?id=31892
+		// PATH_INFO is mangled due to https://bugs.php.net/bug.php?id=31892
 		// And also by Apache 2.x, double slashes are converted to single slashes.
 		// So we will use REQUEST_URI if possible.
 		$matches = [];
@@ -175,7 +175,7 @@ class WebRequest {
 		} elseif ( $wgUsePathInfo ) {
 			if ( isset( $_SERVER['ORIG_PATH_INFO'] ) && $_SERVER['ORIG_PATH_INFO'] != '' ) {
 				// Mangled PATH_INFO
-				// http://bugs.php.net/bug.php?id=31892
+				// https://bugs.php.net/bug.php?id=31892
 				// Also reported when ini_get('cgi.fix_pathinfo')==false
 				$matches['title'] = substr( $_SERVER['ORIG_PATH_INFO'], 1 );
 
@@ -379,7 +379,7 @@ class WebRequest {
 	 */
 	private function getGPCVal( $arr, $name, $default ) {
 		# PHP is so nice to not touch input data, except sometimes:
-		# http://us2.php.net/variables.external#language.variables.external.dot-in-names
+		# https://secure.php.net/variables.external#language.variables.external.dot-in-names
 		# Work around PHP *feature* to avoid *bugs* elsewhere.
 		$name = strtr( $name, '.', '_' );
 		if ( isset( $arr[$name] ) ) {
diff --git a/includes/WebRequestUpload.php b/includes/WebRequestUpload.php
index c741907d3e..916a10c9f0 100644
--- a/includes/WebRequestUpload.php
+++ b/includes/WebRequestUpload.php
@@ -102,7 +102,7 @@ class WebRequestUpload {
 
 	/**
 	 * Return the upload error. See link for explanation
-	 * http://www.php.net/manual/en/features.file-upload.errors.php
+	 * https://secure.php.net/manual/en/features.file-upload.errors.php
 	 *
 	 * @return int One of the UPLOAD_ constants, 0 if non-existent
 	 */
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index c8f4460e9f..80d9ceb350 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -636,8 +636,8 @@ class ApiMain extends ApiBase {
 	 * If the parameter and the header do match, the header is checked against $wgCrossSiteAJAXdomains
 	 * and $wgCrossSiteAJAXdomainExceptions, and if the origin qualifies, the appropriate CORS
 	 * headers are set.
-	 * http://www.w3.org/TR/cors/#resource-requests
-	 * http://www.w3.org/TR/cors/#resource-preflight-requests
+	 * https://www.w3.org/TR/cors/#resource-requests
+	 * https://www.w3.org/TR/cors/#resource-preflight-requests
 	 *
 	 * @return bool False if the caller should abort (403 case), true otherwise (all other cases)
 	 */
@@ -719,7 +719,7 @@ class ApiMain extends ApiBase {
 
 			$response->header( "Access-Control-Allow-Origin: $allowOrigin" );
 			$response->header( "Access-Control-Allow-Credentials: $allowCredentials" );
-			// http://www.w3.org/TR/resource-timing/#timing-allow-origin
+			// https://www.w3.org/TR/resource-timing/#timing-allow-origin
 			if ( $allowTiming !== false ) {
 				$response->header( "Timing-Allow-Origin: $allowTiming" );
 			}
diff --git a/includes/api/ApiRsd.php b/includes/api/ApiRsd.php
index 712217b0a1..4fac37da35 100644
--- a/includes/api/ApiRsd.php
+++ b/includes/api/ApiRsd.php
@@ -75,7 +75,7 @@ class ApiRsd extends ApiBase {
 	 * compatible APIs, by hooking 'ApiRsdServiceApis' and adding more
 	 * elements to the array.
 	 *
-	 * See http://cyber.law.harvard.edu/blogs/gems/tech/rsd.html for
+	 * See https://cyber.harvard.edu/blogs/gems/tech/rsd.html for
 	 * the base RSD spec, and check WordPress and StatusNet sites for
 	 * in-production examples listing several blogging and micrblogging
 	 * APIs.
diff --git a/includes/cache/localisation/LCStoreCDB.php b/includes/cache/localisation/LCStoreCDB.php
index 2c3f58fed7..78a4863fe7 100644
--- a/includes/cache/localisation/LCStoreCDB.php
+++ b/includes/cache/localisation/LCStoreCDB.php
@@ -31,7 +31,7 @@ use Cdb\Writer;
  * space. The performance advantage is greater when the DBA extension is
  * available than it is with the PHP port.
  *
- * See Cdb.php and http://cr.yp.to/cdb.html
+ * See Cdb.php and https://cr.yp.to/cdb.html
  */
 class LCStoreCDB implements LCStore {
 
diff --git a/includes/db/DatabaseMssql.php b/includes/db/DatabaseMssql.php
index 6d072168a1..7208b7e52f 100644
--- a/includes/db/DatabaseMssql.php
+++ b/includes/db/DatabaseMssql.php
@@ -1134,7 +1134,7 @@ class DatabaseMssql extends DatabaseBase {
 	/**
 	 * MS SQL requires specifying the escape character used in a LIKE query
 	 * or using Square brackets to surround characters that are to be escaped
-	 * http://msdn.microsoft.com/en-us/library/ms179859.aspx
+	 * https://msdn.microsoft.com/en-us/library/ms179859.aspx
 	 * Here we take the Specify-Escape-Character approach since it's less
 	 * invasive, renders a query that is closer to other DB's and better at
 	 * handling square bracket escaping
diff --git a/includes/export/XmlDumpWriter.php b/includes/export/XmlDumpWriter.php
index 42168d7603..ab268032a6 100644
--- a/includes/export/XmlDumpWriter.php
+++ b/includes/export/XmlDumpWriter.php
@@ -51,7 +51,7 @@ class XmlDumpWriter {
 			 * you copy in the new xsd file.
 			 *
 			 * After it is reviewed, merged and deployed (sync-docroot), the index.html needs purging.
-			 * echo "http://www.mediawiki.org/xml/index.html" | mwscript purgeList.php --wiki=aawiki
+			 * echo "https://www.mediawiki.org/xml/index.html" | mwscript purgeList.php --wiki=aawiki
 			 */
 			'xsi:schemaLocation' => "http://www.mediawiki.org/xml/export-$ver/ " .
 				"http://www.mediawiki.org/xml/export-$ver.xsd",
diff --git a/includes/filebackend/lockmanager/MySqlLockManager.php b/includes/filebackend/lockmanager/MySqlLockManager.php
index fc23f7655b..5936e7d1d2 100644
--- a/includes/filebackend/lockmanager/MySqlLockManager.php
+++ b/includes/filebackend/lockmanager/MySqlLockManager.php
@@ -34,7 +34,7 @@ class MySqlLockManager extends DBLockManager {
 
 	/**
 	 * Get a connection to a lock DB and acquire locks on $paths.
-	 * This does not use GET_LOCK() per http://bugs.mysql.com/bug.php?id=1118.
+	 * This does not use GET_LOCK() per https://bugs.mysql.com/bug.php?id=1118.
 	 *
 	 * @see DBLockManager::getLocksOnServer()
 	 * @param string $lockSrv
diff --git a/includes/htmlform/fields/HTMLFloatField.php b/includes/htmlform/fields/HTMLFloatField.php
index 2ef497895f..1eb332605b 100644
--- a/includes/htmlform/fields/HTMLFloatField.php
+++ b/includes/htmlform/fields/HTMLFloatField.php
@@ -17,7 +17,7 @@ class HTMLFloatField extends HTMLTextField {
 
 		$value = trim( $value );
 
-		# http://www.w3.org/TR/html5/infrastructure.html#floating-point-numbers
+		# https://www.w3.org/TR/html5/infrastructure.html#floating-point-numbers
 		# with the addition that a leading '+' sign is ok.
 		if ( !preg_match( '/^((\+|\-)?\d+(\.\d+)?(E(\+|\-)?\d+)?)?$/i', $value ) ) {
 			return $this->msg( 'htmlform-float-invalid' )->parseAsBlock();
diff --git a/includes/htmlform/fields/HTMLHiddenField.php b/includes/htmlform/fields/HTMLHiddenField.php
index c0fce2ba5d..02562c4a7e 100644
--- a/includes/htmlform/fields/HTMLHiddenField.php
+++ b/includes/htmlform/fields/HTMLHiddenField.php
@@ -11,7 +11,7 @@ class HTMLHiddenField extends HTMLFormField {
 		}
 
 		# Per HTML5 spec, hidden fields cannot be 'required'
-		# http://www.w3.org/TR/html5/forms.html#hidden-state-%28type=hidden%29
+		# https://www.w3.org/TR/html5/forms.html#hidden-state-%28type=hidden%29
 		unset( $this->mParams['required'] );
 	}
 
diff --git a/includes/htmlform/fields/HTMLIntField.php b/includes/htmlform/fields/HTMLIntField.php
index b0148d987e..f9ee2b2c91 100644
--- a/includes/htmlform/fields/HTMLIntField.php
+++ b/includes/htmlform/fields/HTMLIntField.php
@@ -11,7 +11,7 @@ class HTMLIntField extends HTMLFloatField {
 			return $p;
 		}
 
-		# http://www.w3.org/TR/html5/infrastructure.html#signed-integers
+		# https://www.w3.org/TR/html5/infrastructure.html#signed-integers
 		# with the addition that a leading '+' sign is ok. Note that leading zeros
 		# are fine, and will be left in the input, which is useful for things like
 		# phone numbers when you know that they are integers (the HTML5 type=tel
diff --git a/includes/installer/MssqlInstaller.php b/includes/installer/MssqlInstaller.php
index c5ec72b03f..5e8ed3fb8c 100644
--- a/includes/installer/MssqlInstaller.php
+++ b/includes/installer/MssqlInstaller.php
@@ -282,7 +282,7 @@ class MssqlInstaller extends DatabaseInstaller {
 		// Check to ensure we can grant everything needed as well
 		// We can't actually tell if we have WITH GRANT OPTION for a given permission, so we assume we do
 		// and just check for the permission
-		// http://technet.microsoft.com/en-us/library/ms178569.aspx
+		// https://technet.microsoft.com/en-us/library/ms178569.aspx
 		// The following array sets up which permissions imply whatever permissions we specify
 		$implied = [
 			// schema           database  server
diff --git a/includes/installer/PhpBugTests.php b/includes/installer/PhpBugTests.php
index 01327be167..d412216aaa 100644
--- a/includes/installer/PhpBugTests.php
+++ b/includes/installer/PhpBugTests.php
@@ -24,7 +24,7 @@
 /**
  * Test for PHP+libxml2 bug which breaks XML input subtly with certain versions.
  * Known fixed with PHP 5.2.9 + libxml2-2.7.3
- * @see http://bugs.php.net/bug.php?id=45996
+ * @see https://bugs.php.net/bug.php?id=45996
  * @ingroup PHPBugTests
  */
 class PhpXmlBugTester {
diff --git a/includes/jobqueue/JobQueueDB.php b/includes/jobqueue/JobQueueDB.php
index 856cdfd61e..5ec11274d4 100644
--- a/includes/jobqueue/JobQueueDB.php
+++ b/includes/jobqueue/JobQueueDB.php
@@ -323,7 +323,7 @@ class JobQueueDB extends JobQueue {
 		$invertedDirection = false; // whether one job_random direction was already scanned
 		// This uses a replication safe method for acquiring jobs. One could use UPDATE+LIMIT
 		// instead, but that either uses ORDER BY (in which case it deadlocks in MySQL) or is
-		// not replication safe. Due to http://bugs.mysql.com/bug.php?id=6980, subqueries cannot
+		// not replication safe. Due to https://bugs.mysql.com/bug.php?id=6980, subqueries cannot
 		// be used here with MySQL.
 		do {
 			if ( $tinyQueue ) { // queue has <= MAX_OFFSET rows
@@ -397,7 +397,7 @@ class JobQueueDB extends JobQueue {
 		$row = false; // the row acquired
 		do {
 			if ( $dbw->getType() === 'mysql' ) {
-				// Per http://bugs.mysql.com/bug.php?id=6980, we can't use subqueries on the
+				// Per https://bugs.mysql.com/bug.php?id=6980, we can't use subqueries on the
 				// same table being changed in an UPDATE query in MySQL (gives Error: 1093).
 				// Oracle and Postgre have no such limitation. However, MySQL offers an
 				// alternative here by supporting ORDER BY + LIMIT for UPDATE queries.
diff --git a/includes/jobqueue/JobRunner.php b/includes/jobqueue/JobRunner.php
index 84ded8d94e..79bfab33d0 100644
--- a/includes/jobqueue/JobRunner.php
+++ b/includes/jobqueue/JobRunner.php
@@ -335,7 +335,7 @@ class JobRunner implements LoggerAwareInterface {
 	 */
 	private function getMaxRssKb() {
 		$info = wfGetRusage() ?: [];
-		// see http://linux.die.net/man/2/getrusage
+		// see https://linux.die.net/man/2/getrusage
 		return isset( $info['ru_maxrss'] ) ? (int)$info['ru_maxrss'] : null;
 	}
 
diff --git a/includes/libs/MultiHttpClient.php b/includes/libs/MultiHttpClient.php
index a870204963..f0b44a5082 100644
--- a/includes/libs/MultiHttpClient.php
+++ b/includes/libs/MultiHttpClient.php
@@ -215,7 +215,7 @@ class MultiHttpClient {
 				// Wait (if possible) for available work...
 				if ( $active > 0 && $mrc == CURLM_OK ) {
 					if ( curl_multi_select( $chm, 10 ) == -1 ) {
-						// PHP bug 63411; http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
+						// PHP bug 63411; https://curl.haxx.se/libcurl/c/curl_multi_fdset.html
 						usleep( 5000 ); // 5ms
 					}
 				}
diff --git a/includes/libs/Timing.php b/includes/libs/Timing.php
index 62baaf1e93..57c253d50e 100644
--- a/includes/libs/Timing.php
+++ b/includes/libs/Timing.php
@@ -36,9 +36,9 @@ use Psr\Log\NullLogger;
  *   getEntryByName().
  *
  * The in-line documentation incorporates content from the User Timing Specification
- * http://www.w3.org/TR/user-timing/
+ * https://www.w3.org/TR/user-timing/
  * Copyright © 2013 World Wide Web Consortium, (MIT, ERCIM, Keio, Beihang).
- * http://www.w3.org/Consortium/Legal/2015/doc-license
+ * https://www.w3.org/Consortium/Legal/2015/doc-license
  *
  * @since 1.27
  */
diff --git a/includes/libs/filebackend/FileBackend.php b/includes/libs/filebackend/FileBackend.php
index f33f52265b..97f148c6fa 100644
--- a/includes/libs/filebackend/FileBackend.php
+++ b/includes/libs/filebackend/FileBackend.php
@@ -927,7 +927,7 @@ abstract class FileBackend implements LoggerAwareInterface {
 	 * @return ScopedCallback|null
 	 */
 	final protected function getScopedPHPBehaviorForOps() {
-		if ( PHP_SAPI != 'cli' ) { // http://bugs.php.net/bug.php?id=47540
+		if ( PHP_SAPI != 'cli' ) { // https://bugs.php.net/bug.php?id=47540
 			$old = ignore_user_abort( true ); // avoid half-finished operations
 			return new ScopedCallback( function () use ( $old ) {
 				ignore_user_abort( $old );
diff --git a/includes/libs/filebackend/SwiftFileBackend.php b/includes/libs/filebackend/SwiftFileBackend.php
index 4bc0ce69dc..12eda7349e 100644
--- a/includes/libs/filebackend/SwiftFileBackend.php
+++ b/includes/libs/filebackend/SwiftFileBackend.php
@@ -1209,7 +1209,7 @@ class SwiftFileBackend extends FileBackendStore {
 					$this->rgwS3SecretKey,
 					true // raw
 				) );
-				// See http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html.
+				// See https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html.
 				// Note: adding a newline for empty CanonicalizedAmzHeaders does not work.
 				// Note: S3 API is the rgw default; remove the /swift/ URL bit.
 				return str_replace( '/swift/v1', '', $this->storageUrl( $auth ) . $spath ) .
@@ -1305,7 +1305,7 @@ class SwiftFileBackend extends FileBackendStore {
 	/**
 	 * Set read/write permissions for a Swift container.
 	 *
-	 * @see http://swift.openstack.org/misc.html#acls
+	 * @see http://docs.openstack.org/developer/swift/misc.html#acls
 	 *
 	 * In general, we don't allow listings to end-users. It's not useful, isn't well-defined
 	 * (lists are truncated to 10000 item with no way to page), and is just a performance risk.
diff --git a/includes/libs/jsminplus.php b/includes/libs/jsminplus.php
index 99cf399bd9..40f22c5efb 100644
--- a/includes/libs/jsminplus.php
+++ b/includes/libs/jsminplus.php
@@ -6,9 +6,9 @@
  * Minifies a javascript file using a javascript parser
  *
  * This implements a PHP port of Brendan Eich's Narcissus open source javascript engine (in javascript)
- * References: http://en.wikipedia.org/wiki/Narcissus_(JavaScript_engine)
- * Narcissus sourcecode: http://mxr.mozilla.org/mozilla/source/js/narcissus/
- * JSMinPlus weblog: http://crisp.tweakblogs.net/blog/cat/716
+ * References: https://en.wikipedia.org/wiki/Narcissus_(JavaScript_engine)
+ * Narcissus sourcecode: https://mxr.mozilla.org/mozilla/source/js/narcissus/
+ * JSMinPlus weblog: https://crisp.tweakblogs.net/blog/cat/716
  *
  * Tino Zijdel <crisp@tweakers.net>
  *
@@ -936,7 +936,7 @@ class JSParser
 				{
 					// <script language="JavaScript"> (without version hints) may need
 					// automatic semicolon insertion without a newline after do-while.
-					// See http://bugzilla.mozilla.org/show_bug.cgi?id=238945.
+					// See https://bugzilla.mozilla.org/show_bug.cgi?id=238945.
 					$this->t->match(OP_SEMICOLON);
 					return $n;
 				}
diff --git a/includes/libs/mime/MimeAnalyzer.php b/includes/libs/mime/MimeAnalyzer.php
index 5f4d7c9ef4..e42d1a95c1 100644
--- a/includes/libs/mime/MimeAnalyzer.php
+++ b/includes/libs/mime/MimeAnalyzer.php
@@ -861,7 +861,7 @@ EOT;
 			'text-web',
 			'text' ];
 
-		// http://lists.oasis-open.org/archives/office/200505/msg00006.html
+		// https://lists.oasis-open.org/archives/office/200505/msg00006.html
 		$types = '(?:' . implode( '|', $opendocTypes ) . ')';
 		$opendocRegex = "/^mimetype(application\/vnd\.oasis\.opendocument\.$types)/";
 
diff --git a/includes/libs/rdbms/database/Database.php b/includes/libs/rdbms/database/Database.php
index a5a170ba06..0826355b04 100644
--- a/includes/libs/rdbms/database/Database.php
+++ b/includes/libs/rdbms/database/Database.php
@@ -881,7 +881,7 @@ abstract class Database implements IDatabase, IMaintainableDatabase, LoggerAware
 
 		if ( false === $ret ) {
 			# Deadlocks cause the entire transaction to abort, not just the statement.
-			# http://dev.mysql.com/doc/refman/5.7/en/innodb-error-handling.html
+			# https://dev.mysql.com/doc/refman/5.7/en/innodb-error-handling.html
 			# https://www.postgresql.org/docs/9.1/static/explicit-locking.html
 			if ( $this->wasDeadlock() ) {
 				if ( $this->explicitTrxActive() || $priorWritesPending ) {
diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index 9662a5b9bb..3e24ce6116 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -274,7 +274,7 @@ abstract class DatabaseMysqlBase extends Database {
 		// Unfortunately, mysql_fetch_object does not reset the last errno.
 		// Only check for CR_SERVER_LOST and CR_UNKNOWN_ERROR, as
 		// these are the only errors mysql_fetch_object can cause.
-		// See http://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
+		// See https://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
 		if ( $errno == 2000 || $errno == 2013 ) {
 			throw new DBUnexpectedError(
 				$this,
@@ -310,7 +310,7 @@ abstract class DatabaseMysqlBase extends Database {
 		// Unfortunately, mysql_fetch_array does not reset the last errno.
 		// Only check for CR_SERVER_LOST and CR_UNKNOWN_ERROR, as
 		// these are the only errors mysql_fetch_array can cause.
-		// See http://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
+		// See https://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
 		if ( $errno == 2000 || $errno == 2013 ) {
 			throw new DBUnexpectedError(
 				$this,
@@ -345,7 +345,7 @@ abstract class DatabaseMysqlBase extends Database {
 		// Unfortunately, mysql_num_rows does not reset the last errno.
 		// We are not checking for any errors here, since
 		// these are no errors mysql_num_rows can cause.
-		// See http://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
+		// See https://dev.mysql.com/doc/refman/5.0/en/mysql-fetch-row.html.
 		// See https://phabricator.wikimedia.org/T44430
 		return $n;
 	}
@@ -572,7 +572,7 @@ abstract class DatabaseMysqlBase extends Database {
 	function indexInfo( $table, $index, $fname = __METHOD__ ) {
 		# SHOW INDEX works in MySQL 3.23.58, but SHOW INDEXES does not.
 		# SHOW INDEX should work for 3.x and up:
-		# http://dev.mysql.com/doc/mysql/en/SHOW_INDEX.html
+		# https://dev.mysql.com/doc/mysql/en/SHOW_INDEX.html
 		$table = $this->tableName( $table );
 		$index = $this->indexName( $index );
 
@@ -1013,7 +1013,7 @@ abstract class DatabaseMysqlBase extends Database {
 
 	/**
 	 * FROM MYSQL DOCS:
-	 * http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_release-lock
+	 * https://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_release-lock
 	 * @param string $lockName
 	 * @param string $method
 	 * @return bool
@@ -1034,7 +1034,7 @@ abstract class DatabaseMysqlBase extends Database {
 	}
 
 	private function makeLockName( $lockName ) {
-		// http://dev.mysql.com/doc/refman/5.7/en/miscellaneous-functions.html#function_get-lock
+		// https://dev.mysql.com/doc/refman/5.7/en/miscellaneous-functions.html#function_get-lock
 		// Newer version enforce a 64 char length limit.
 		return ( strlen( $lockName ) > 64 ) ? sha1( $lockName ) : $lockName;
 	}
diff --git a/includes/libs/rdbms/database/DatabasePostgres.php b/includes/libs/rdbms/database/DatabasePostgres.php
index f82d76d4d8..e66fa0d9ba 100644
--- a/includes/libs/rdbms/database/DatabasePostgres.php
+++ b/includes/libs/rdbms/database/DatabasePostgres.php
@@ -868,7 +868,7 @@ __INDEXATTR__;
 
 	/**
 	 * Posted by cc[plus]php[at]c2se[dot]com on 25-Mar-2009 09:12
-	 * to http://www.php.net/manual/en/ref.pgsql.php
+	 * to https://secure.php.net/manual/en/ref.pgsql.php
 	 *
 	 * Parsing a postgres array can be a tricky problem, he's my
 	 * take on this, it handles multi-dimensional arrays plus
diff --git a/includes/libs/rdbms/database/DatabaseSqlite.php b/includes/libs/rdbms/database/DatabaseSqlite.php
index 3ccf3f002a..90b861db10 100644
--- a/includes/libs/rdbms/database/DatabaseSqlite.php
+++ b/includes/libs/rdbms/database/DatabaseSqlite.php
@@ -267,7 +267,7 @@ class DatabaseSqlite extends Database {
 	}
 
 	/**
-	 * Attaches external database to our connection, see http://sqlite.org/lang_attach.html
+	 * Attaches external database to our connection, see https://sqlite.org/lang_attach.html
 	 * for details.
 	 *
 	 * @param string $name Database name to be used in queries like
diff --git a/includes/libs/rdbms/database/IDatabase.php b/includes/libs/rdbms/database/IDatabase.php
index c32a7ff561..e3f5bc223e 100644
--- a/includes/libs/rdbms/database/IDatabase.php
+++ b/includes/libs/rdbms/database/IDatabase.php
@@ -393,7 +393,7 @@ interface IDatabase {
 
 	/**
 	 * Get the number of fields in a result object
-	 * @see http://www.php.net/mysql_num_fields
+	 * @see https://secure.php.net/mysql_num_fields
 	 *
 	 * @param mixed $res A SQL result
 	 * @return int
@@ -402,7 +402,7 @@ interface IDatabase {
 
 	/**
 	 * Get a field name in a result object
-	 * @see http://www.php.net/mysql_field_name
+	 * @see https://secure.php.net/mysql_field_name
 	 *
 	 * @param mixed $res A SQL result
 	 * @param int $n
@@ -426,7 +426,7 @@ interface IDatabase {
 
 	/**
 	 * Change the position of the cursor in a result object
-	 * @see http://www.php.net/mysql_data_seek
+	 * @see https://secure.php.net/mysql_data_seek
 	 *
 	 * @param mixed $res A SQL result
 	 * @param int $row
@@ -435,7 +435,7 @@ interface IDatabase {
 
 	/**
 	 * Get the last error number
-	 * @see http://www.php.net/mysql_errno
+	 * @see https://secure.php.net/mysql_errno
 	 *
 	 * @return int
 	 */
@@ -443,7 +443,7 @@ interface IDatabase {
 
 	/**
 	 * Get a description of the last error
-	 * @see http://www.php.net/mysql_error
+	 * @see https://secure.php.net/mysql_error
 	 *
 	 * @return string
 	 */
@@ -462,7 +462,7 @@ interface IDatabase {
 
 	/**
 	 * Get the number of rows affected by the last write query
-	 * @see http://www.php.net/mysql_affected_rows
+	 * @see https://secure.php.net/mysql_affected_rows
 	 *
 	 * @return int
 	 */
@@ -470,7 +470,7 @@ interface IDatabase {
 
 	/**
 	 * Returns a wikitext link to the DB's website, e.g.,
-	 *   return "[http://www.mysql.com/ MySQL]";
+	 *   return "[https://www.mysql.com/ MySQL]";
 	 * Should at least contain plain text, if for some reason
 	 * your database has no website.
 	 *
@@ -1095,7 +1095,7 @@ interface IDatabase {
 	 *
 	 * Any implementation of this function should *not* involve reusing
 	 * sequence numbers created for rolled-back transactions.
-	 * See http://bugs.mysql.com/bug.php?id=30767 for details.
+	 * See https://bugs.mysql.com/bug.php?id=30767 for details.
 	 * @param string $seqName
 	 * @return null|int
 	 */
diff --git a/includes/libs/rdbms/database/position/MySQLMasterPos.php b/includes/libs/rdbms/database/position/MySQLMasterPos.php
index 71fbe7e587..7b49ce9609 100644
--- a/includes/libs/rdbms/database/position/MySQLMasterPos.php
+++ b/includes/libs/rdbms/database/position/MySQLMasterPos.php
@@ -117,8 +117,8 @@ class MySQLMasterPos implements DBMasterPos {
 	}
 
 	/**
-	 * @see http://dev.mysql.com/doc/refman/5.7/en/show-master-status.html
-	 * @see http://dev.mysql.com/doc/refman/5.7/en/show-slave-status.html
+	 * @see https://dev.mysql.com/doc/refman/5.7/en/show-master-status.html
+	 * @see https://dev.mysql.com/doc/refman/5.7/en/show-slave-status.html
 	 * @return array|bool (binlog, (integer file number, integer position)) or false
 	 */
 	protected function getBinlogCoordinates() {
diff --git a/includes/libs/rdbms/lbfactory/LBFactory.php b/includes/libs/rdbms/lbfactory/LBFactory.php
index 929bd4d4f1..a4f4bff114 100644
--- a/includes/libs/rdbms/lbfactory/LBFactory.php
+++ b/includes/libs/rdbms/lbfactory/LBFactory.php
@@ -555,7 +555,7 @@ abstract class LBFactory implements ILBFactory {
 	 * @return ScopedCallback|null
 	 */
 	final protected function getScopedPHPBehaviorForCommit() {
-		if ( PHP_SAPI != 'cli' ) { // http://bugs.php.net/bug.php?id=47540
+		if ( PHP_SAPI != 'cli' ) { // https://bugs.php.net/bug.php?id=47540
 			$old = ignore_user_abort( true ); // avoid half-finished operations
 			return new ScopedCallback( function () use ( $old ) {
 				ignore_user_abort( $old );
diff --git a/includes/libs/rdbms/loadbalancer/LoadBalancer.php b/includes/libs/rdbms/loadbalancer/LoadBalancer.php
index 32df19dcd7..4d2b746070 100644
--- a/includes/libs/rdbms/loadbalancer/LoadBalancer.php
+++ b/includes/libs/rdbms/loadbalancer/LoadBalancer.php
@@ -1528,7 +1528,7 @@ class LoadBalancer implements ILoadBalancer {
 	 * @return ScopedCallback|null
 	 */
 	final protected function getScopedPHPBehaviorForCommit() {
-		if ( PHP_SAPI != 'cli' ) { // http://bugs.php.net/bug.php?id=47540
+		if ( PHP_SAPI != 'cli' ) { // https://bugs.php.net/bug.php?id=47540
 			$old = ignore_user_abort( true ); // avoid half-finished operations
 			return new ScopedCallback( function () use ( $old ) {
 				ignore_user_abort( $old );
diff --git a/includes/libs/rdbms/loadmonitor/LoadMonitorMySQL.php b/includes/libs/rdbms/loadmonitor/LoadMonitorMySQL.php
index babd6091b7..45b1d8397e 100644
--- a/includes/libs/rdbms/loadmonitor/LoadMonitorMySQL.php
+++ b/includes/libs/rdbms/loadmonitor/LoadMonitorMySQL.php
@@ -52,7 +52,7 @@ class LoadMonitorMySQL extends LoadMonitor {
 				$host = $this->parent->getServerName( $index );
 				$this->replLogger->error( __METHOD__ . ": could not get status for $host" );
 			} else {
-				// http://dev.mysql.com/doc/refman/5.7/en/server-status-variables.html
+				// https://dev.mysql.com/doc/refman/5.7/en/server-status-variables.html
 				if ( $s->Innodb_buffer_pool_pages_total > 0 ) {
 					$ratio = $s->Innodb_buffer_pool_pages_data / $s->Innodb_buffer_pool_pages_total;
 				} elseif ( $s->Qcache_total_blocks > 0 ) {
diff --git a/includes/libs/time/ConvertibleTimestamp.php b/includes/libs/time/ConvertibleTimestamp.php
index b02985a15b..c830b4eb64 100644
--- a/includes/libs/time/ConvertibleTimestamp.php
+++ b/includes/libs/time/ConvertibleTimestamp.php
@@ -90,7 +90,7 @@ class ConvertibleTimestamp {
 			# TS_MW
 		} elseif ( preg_match( '/^(-?\d{1,13})(\.\d+)?$/D', $ts, $m ) ) {
 			# TS_UNIX
-			$strtime = "@{$m[1]}"; // http://php.net/manual/en/datetime.formats.compound.php
+			$strtime = "@{$m[1]}"; // https://secure.php.net/manual/en/datetime.formats.compound.php
 		} elseif ( preg_match( '/^\d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{6}$/', $ts ) ) {
 			# TS_ORACLE // session altered to DD-MM-YYYY HH24:MI:SS.FF6
 			$strtime = preg_replace( '/(\d\d)\.(\d\d)\.(\d\d)(\.(\d+))?/', "$1:$2:$3",
diff --git a/includes/mail/UserMailer.php b/includes/mail/UserMailer.php
index 1059d7bce2..c8e9999a36 100644
--- a/includes/mail/UserMailer.php
+++ b/includes/mail/UserMailer.php
@@ -283,7 +283,7 @@ class UserMailer {
 			->getFullURL( '', false, PROTO_CANONICAL ) . '>';
 
 		// Line endings need to be different on Unix and Windows due to
-		// the bug described at http://trac.wordpress.org/ticket/2603
+		// the bug described at https://core.trac.wordpress.org/ticket/2603
 		$endl = PHP_EOL;
 
 		if ( is_array( $body ) ) {
diff --git a/includes/media/DjVuImage.php b/includes/media/DjVuImage.php
index ed361ebb0a..5e8f8c8f1d 100644
--- a/includes/media/DjVuImage.php
+++ b/includes/media/DjVuImage.php
@@ -254,7 +254,7 @@ class DjVuImage {
 
 		if ( isset( $wgDjvuDump ) ) {
 			# djvudump is faster as of version 3.5
-			# http://sourceforge.net/tracker/index.php?func=detail&aid=1704049&group_id=32953&atid=406583
+			# https://sourceforge.net/p/djvu/bugs/71/
 			$cmd = wfEscapeShellArg( $wgDjvuDump ) . ' ' . wfEscapeShellArg( $this->mFilename );
 			$dump = wfShellExec( $cmd );
 			$xml = $this->convertDumpToXML( $dump );
diff --git a/includes/media/MediaHandler.php b/includes/media/MediaHandler.php
index 4bc36ba6cb..2a735a2177 100644
--- a/includes/media/MediaHandler.php
+++ b/includes/media/MediaHandler.php
@@ -104,7 +104,7 @@ abstract class MediaHandler {
 	 *   Warning, FSFile::getPropsFromPath might pass an FSFile instead of File (!)
 	 * @param string $path The filename
 	 * @return array|bool Follow the format of PHP getimagesize() internal function.
-	 *   See http://www.php.net/getimagesize. MediaWiki will only ever use the
+	 *   See https://secure.php.net/getimagesize. MediaWiki will only ever use the
 	 *   first two array keys (the width and height), and the 'bits' associative
 	 *   key. All other array keys are ignored. Returning a 'bits' key is optional
 	 *   as not all formats have a notion of "bitdepth". Returns false on failure.
diff --git a/includes/media/PNGMetadataExtractor.php b/includes/media/PNGMetadataExtractor.php
index f4f29dd1fb..d0517d7a56 100644
--- a/includes/media/PNGMetadataExtractor.php
+++ b/includes/media/PNGMetadataExtractor.php
@@ -47,7 +47,7 @@ class PNGMetadataExtractor {
 		self::$pngSig = pack( "C8", 137, 80, 78, 71, 13, 10, 26, 10 );
 		self::$crcSize = 4;
 		/* based on list at http://owl.phy.queensu.ca/~phil/exiftool/TagNames/PNG.html#TextualData
-		 * and http://www.w3.org/TR/PNG/#11keywords
+		 * and https://www.w3.org/TR/PNG/#11keywords
 		 */
 		self::$textChunks = [
 			'xml:com.adobe.xmp' => 'xmp',
@@ -123,7 +123,7 @@ class PNGMetadataExtractor {
 				}
 				$bitDepth = ord( substr( $buf, 8, 1 ) );
 				// Detect the color type in British English as per the spec
-				// http://www.w3.org/TR/PNG/#11IHDR
+				// https://www.w3.org/TR/PNG/#11IHDR
 				switch ( ord( substr( $buf, 9, 1 ) ) ) {
 					case 0:
 						$colorType = 'greyscale';
diff --git a/includes/media/SVGMetadataExtractor.php b/includes/media/SVGMetadataExtractor.php
index 62b5c2c01c..6a974c7829 100644
--- a/includes/media/SVGMetadataExtractor.php
+++ b/includes/media/SVGMetadataExtractor.php
@@ -264,7 +264,7 @@ class SVGReader {
 			) {
 				$sysLang = $this->reader->getAttribute( 'systemLanguage' );
 				if ( !is_null( $sysLang ) && $sysLang !== '' ) {
-					// See http://www.w3.org/TR/SVG/struct.html#SystemLanguageAttribute
+					// See https://www.w3.org/TR/SVG/struct.html#SystemLanguageAttribute
 					$langList = explode( ',', $sysLang );
 					foreach ( $langList as $langItem ) {
 						$langItem = trim( $langItem );
@@ -369,7 +369,7 @@ class SVGReader {
 
 	/**
 	 * Return a rounded pixel equivalent for a labeled CSS/SVG length.
-	 * http://www.w3.org/TR/SVG11/coords.html#UnitIdentifiers
+	 * https://www.w3.org/TR/SVG11/coords.html#Units
 	 *
 	 * @param string $length CSS/SVG length.
 	 * @param float|int $viewportSize Optional scale for percentage units...
diff --git a/includes/media/XCF.php b/includes/media/XCF.php
index 108d6fbf1a..c41952408f 100644
--- a/includes/media/XCF.php
+++ b/includes/media/XCF.php
@@ -67,7 +67,7 @@ class XCFHandler extends BitmapHandler {
 		}
 
 		# Forge a return array containing metadata information just like getimagesize()
-		# See PHP documentation at: http://www.php.net/getimagesize
+		# See PHP documentation at: https://secure.php.net/getimagesize
 		return [
 			0 => $header['width'],
 			1 => $header['height'],
diff --git a/includes/page/WikiPage.php b/includes/page/WikiPage.php
index 3dc41fba58..7aba860718 100644
--- a/includes/page/WikiPage.php
+++ b/includes/page/WikiPage.php
@@ -624,7 +624,7 @@ class WikiPage implements Page, IDBAccessObject {
 			// SELECT. Thus we need S1 to also gets the revision row FOR UPDATE; otherwise, it
 			// may not find it since a page row UPDATE and revision row INSERT by S2 may have
 			// happened after the first S1 SELECT.
-			// http://dev.mysql.com/doc/refman/5.0/en/set-transaction.html#isolevel_repeatable-read
+			// https://dev.mysql.com/doc/refman/5.0/en/set-transaction.html#isolevel_repeatable-read
 			$flags = Revision::READ_LOCKING;
 			$revision = Revision::newFromPageId( $this->getId(), $latest, $flags );
 		} elseif ( $this->mDataLoadedFrom == self::READ_LATEST ) {
diff --git a/includes/pager/TablePager.php b/includes/pager/TablePager.php
index 0a89e4e15b..f2fca68d1d 100644
--- a/includes/pager/TablePager.php
+++ b/includes/pager/TablePager.php
@@ -315,7 +315,7 @@ abstract class TablePager extends IndexPager {
 		foreach ( $labels as $type => $label ) {
 			// We want every cell to have the same width. We could use table-layout: fixed; in CSS,
 			// but it only works if we specify the width of a cell or the table and we don't want to.
-			// There is no better way. <http://www.w3.org/TR/CSS2/tables.html#fixed-table-layout>
+			// There is no better way. <https://www.w3.org/TR/CSS2/tables.html#fixed-table-layout>
 			$s .= Html::rawElement( 'td',
 				[ 'style' => "width: $width;", 'class' => "TablePager_nav-$type" ],
 				$links[$type] ) . "\n";
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index f0898bad51..d427cf9a6f 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -4213,7 +4213,7 @@ class Parser {
 
 			# HTML names must be case-insensitively unique (bug 10721).
 			# This does not apply to Unicode characters per
-			# http://www.w3.org/TR/html5/infrastructure.html#case-sensitivity-and-string-comparison
+			# https://www.w3.org/TR/html5/infrastructure.html#case-sensitivity-and-string-comparison
 			# @todo FIXME: We may be changing them depending on the current locale.
 			$arrayKey = strtolower( $safeHeadline );
 			if ( $legacyHeadline === false ) {
diff --git a/includes/resourceloader/ResourceLoader.php b/includes/resourceloader/ResourceLoader.php
index 143f5cc678..5ab71b19df 100644
--- a/includes/resourceloader/ResourceLoader.php
+++ b/includes/resourceloader/ResourceLoader.php
@@ -670,7 +670,7 @@ class ResourceLoader implements LoggerAwareInterface {
 		// back for subsequent output, resulting in invalid GZIP. So we have to wrap
 		// the whole thing in our own output buffer to be sure the active buffer
 		// doesn't use ob_gzhandler.
-		// See http://bugs.php.net/bug.php?id=36514
+		// See https://bugs.php.net/bug.php?id=36514
 		ob_start();
 
 		// Find out which modules are missing and instantiate the others
@@ -716,7 +716,7 @@ class ResourceLoader implements LoggerAwareInterface {
 		}
 
 		// See RFC 2616 § 3.11 Entity Tags
-		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11
+		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11
 		$etag = 'W/"' . $versionHash . '"';
 
 		// Try the client-side cache first
@@ -824,7 +824,7 @@ class ResourceLoader implements LoggerAwareInterface {
 			header( 'Content-Type: text/javascript; charset=utf-8' );
 		}
 		// See RFC 2616 § 14.19 ETag
-		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19
+		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19
 		header( 'ETag: ' . $etag );
 		if ( $context->getDebug() ) {
 			// Do not cache debug responses
@@ -849,7 +849,7 @@ class ResourceLoader implements LoggerAwareInterface {
 	 */
 	protected function tryRespondNotModified( ResourceLoaderContext $context, $etag ) {
 		// See RFC 2616 § 14.26 If-None-Match
-		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
+		// https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26
 		$clientKeys = $context->getRequest()->getHeader( 'If-None-Match', WebRequest::GETHEADER_LIST );
 		// Never send 304s in debug mode
 		if ( $clientKeys !== false && !$context->getDebug() && in_array( $etag, $clientKeys ) ) {
@@ -859,7 +859,7 @@ class ResourceLoader implements LoggerAwareInterface {
 			// response (because the gzip header is always there). This is
 			// a problem because 304 responses have to be completely empty
 			// per the HTTP spec, and Firefox behaves buggily when they're not.
-			// See also http://bugs.php.net/bug.php?id=51579
+			// See also https://bugs.php.net/bug.php?id=51579
 			// To work around this, we tear down all output buffering before
 			// sending the 304.
 			wfResetOutputBuffers( /* $resetGzipEncoding = */ true );
diff --git a/includes/specials/SpecialUploadStash.php b/includes/specials/SpecialUploadStash.php
index 9573f33e7c..8478e947f9 100644
--- a/includes/specials/SpecialUploadStash.php
+++ b/includes/specials/SpecialUploadStash.php
@@ -60,7 +60,7 @@ class SpecialUploadStash extends UnlistedSpecialPage {
 	 * Execute page -- can output a file directly or show a listing of them.
 	 *
 	 * @param string $subPage Subpage, e.g. in
-	 *   http://example.com/wiki/Special:UploadStash/foo.jpg, the "foo.jpg" part
+	 *   https://example.com/wiki/Special:UploadStash/foo.jpg, the "foo.jpg" part
 	 * @return bool Success
 	 */
 	public function execute( $subPage ) {
diff --git a/includes/tidy/RaggettInternalPHP.php b/includes/tidy/RaggettInternalPHP.php
index 1ce14b60e1..e5642d9ed1 100644
--- a/includes/tidy/RaggettInternalPHP.php
+++ b/includes/tidy/RaggettInternalPHP.php
@@ -32,7 +32,7 @@ class RaggettInternalPHP extends RaggettBase {
 		$retval = $tidy->getStatus();
 		if ( $retval == 2 ) {
 			// 2 is magic number for fatal error
-			// http://www.php.net/manual/en/function.tidy-get-status.php
+			// https://secure.php.net/manual/en/tidy.getstatus.php
 			$cleansource = null;
 		} else {
 			$cleansource = tidy_get_output( $tidy );
diff --git a/includes/user/User.php b/includes/user/User.php
index 00fc9be4c3..4a34371e16 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1691,7 +1691,7 @@ class User implements IDBAccessObject {
 	public function inDnsBlacklist( $ip, $bases ) {
 
 		$found = false;
-		// @todo FIXME: IPv6 ???  (http://bugs.php.net/bug.php?id=33170)
+		// @todo FIXME: IPv6 ???  (https://bugs.php.net/bug.php?id=33170)
 		if ( IP::isIPv4( $ip ) ) {
 			// Reverse IP, bug 21255
 			$ipReversed = implode( '.', array_reverse( explode( '.', $ip ) ) );
diff --git a/includes/utils/UIDGenerator.php b/includes/utils/UIDGenerator.php
index 95b4463abd..b9f51b6bbf 100644
--- a/includes/utils/UIDGenerator.php
+++ b/includes/utils/UIDGenerator.php
@@ -56,13 +56,13 @@ class UIDGenerator {
 		if ( !preg_match( '/^[0-9a-f]{12}$/i', $nodeId ) ) {
 			MediaWiki\suppressWarnings();
 			if ( wfIsWindows() ) {
-				// http://technet.microsoft.com/en-us/library/bb490913.aspx
+				// https://technet.microsoft.com/en-us/library/bb490913.aspx
 				$csv = trim( wfShellExec( 'getmac /NH /FO CSV' ) );
 				$line = substr( $csv, 0, strcspn( $csv, "\n" ) );
 				$info = str_getcsv( $line );
 				$nodeId = isset( $info[0] ) ? str_replace( '-', '', $info[0] ) : '';
 			} elseif ( is_executable( '/sbin/ifconfig' ) ) { // Linux/BSD/Solaris/OS X
-				// See http://linux.die.net/man/8/ifconfig
+				// See https://linux.die.net/man/8/ifconfig
 				$m = [];
 				preg_match( '/\s([0-9a-f]{2}(:[0-9a-f]{2}){5})\s/',
 					wfShellExec( '/sbin/ifconfig -a' ), $m );
@@ -517,7 +517,7 @@ class UIDGenerator {
 	protected function timeWaitUntil( array $time ) {
 		do {
 			$ct = self::millitime();
-			if ( $ct >= $time ) { // http://php.net/manual/en/language.operators.comparison.php
+			if ( $ct >= $time ) { // https://secure.php.net/manual/en/language.operators.comparison.php
 				return $ct; // current timestamp is higher than $time
 			}
 		} while ( ( ( $time[0] - $ct[0] ) * 1000 + ( $time[1] - $ct[1] ) ) <= 10 );
diff --git a/maintenance/archives/patch-img_media_type.sql b/maintenance/archives/patch-img_media_type.sql
index 87b8c2f530..b0f9ece53e 100644
--- a/maintenance/archives/patch-img_media_type.sql
+++ b/maintenance/archives/patch-img_media_type.sql
@@ -6,12 +6,12 @@ ALTER TABLE /*$wgDBprefix*/image ADD (
   img_media_type ENUM("UNKNOWN", "BITMAP", "DRAWING", "AUDIO", "VIDEO", "MULTIMEDIA", "OFFICE", "TEXT", "EXECUTABLE", "ARCHIVE") default NULL,
 
   -- major part of a MIME media type as defined by IANA
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   img_major_mime ENUM("unknown", "application", "audio", "image", "text", "video", "message", "model", "multipart") NOT NULL default "unknown",
 
   -- minor part of a MIME media type as defined by IANA
   -- the minor parts are not required to adher to any standard
   -- but should be consistent throughout the database
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   img_minor_mime varbinary(32) NOT NULL default "unknown"
 );
diff --git a/maintenance/dev/includes/router.php b/maintenance/dev/includes/router.php
index cdef7e0637..77b0e61079 100644
--- a/maintenance/dev/includes/router.php
+++ b/maintenance/dev/includes/router.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Router for the php cli-server built-in webserver.
- * http://www.php.net/manual/en/features.commandline.webserver.php
+ * https://secure.php.net/manual/en/features.commandline.webserver.php
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/maintenance/findHooks.php b/maintenance/findHooks.php
index c91d8247e5..f6e65f9452 100644
--- a/maintenance/findHooks.php
+++ b/maintenance/findHooks.php
@@ -8,7 +8,7 @@
  * - hooks names in code are the first parameter of wfRunHooks.
  *
  * if --online option is passed, the script will compare the hooks in the code
- * with the ones at http://www.mediawiki.org/wiki/Manual:Hooks
+ * with the ones at https://www.mediawiki.org/wiki/Manual:Hooks
  *
  * Any instance of wfRunHooks that doesn't meet these parameters will be noted.
  *
diff --git a/maintenance/jsduck/external.js b/maintenance/jsduck/external.js
index 16131114dc..85b1f92116 100644
--- a/maintenance/jsduck/external.js
+++ b/maintenance/jsduck/external.js
@@ -38,6 +38,6 @@
  */
 
 /**
- * Source: <http://api.qunitjs.com/>
+ * Source: <https://api.qunitjs.com/>
  * @class QUnit
  */
diff --git a/maintenance/language/digit2html.php b/maintenance/language/digit2html.php
index 5bdc8a7894..bb1f3d2407 100644
--- a/maintenance/language/digit2html.php
+++ b/maintenance/language/digit2html.php
@@ -31,7 +31,7 @@ require_once __DIR__ . '/../Maintenance.php';
 class Digit2Html extends Maintenance {
 
 	# A list of unicode numerals is available at:
-	# http://www.fileformat.info/info/unicode/category/Nd/list.htm
+	# https://www.fileformat.info/info/unicode/category/Nd/list.htm
 	private $mLangs = [
 		'Ar', 'As', 'Bh', 'Bo', 'Dz',
 		'Fa', 'Gu', 'Hi', 'Km', 'Kn',
diff --git a/maintenance/mssql/tables.sql b/maintenance/mssql/tables.sql
index beb972731c..256ee364d6 100644
--- a/maintenance/mssql/tables.sql
+++ b/maintenance/mssql/tables.sql
@@ -577,13 +577,13 @@ CREATE TABLE /*_*/image (
   img_media_type varchar(16) default null,
 
   -- major part of a MIME media type as defined by IANA
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   img_major_mime varchar(16) not null default 'unknown',
 
   -- minor part of a MIME media type as defined by IANA
   -- the minor parts are not required to adher to any standard
   -- but should be consistent throughout the database
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   img_minor_mime nvarchar(100) NOT NULL default 'unknown',
 
   -- Description field as entered by the uploader.
diff --git a/maintenance/mwdoc-filter.php b/maintenance/mwdoc-filter.php
index ed63c5c7f2..07aa2824aa 100644
--- a/maintenance/mwdoc-filter.php
+++ b/maintenance/mwdoc-filter.php
@@ -5,7 +5,7 @@
  * Should be set in Doxygen INPUT_FILTER as "php mwdoc-filter.php"
  *
  * Based on
- * <http://virtualtee.blogspot.co.uk/2012/03/tip-for-using-doxygen-for-php-code.html>
+ * <https://virtualtee.blogspot.co.uk/2012/03/tip-for-using-doxygen-for-php-code.html>
  *
  * Improved to resolve various bugs and better MediaWiki PHPDoc conventions:
  *
@@ -16,7 +16,7 @@
  * - Strip the text after @var from the output to avoid Doxygen warnings aboug bogus
  *   symbols being documented but not declared or defined.
  *
- * Copyright (C) 2012 Tamas Imrei <tamas.imrei@gmail.com> http://virtualtee.blogspot.com/
+ * Copyright (C) 2012 Tamas Imrei <tamas.imrei@gmail.com> https://virtualtee.blogspot.com/
  * Copyright (C) 2015 Timo Tijhof
  *
  * Permission is hereby granted, free of charge, to any person obtaining
diff --git a/maintenance/rebuildLocalisationCache.php b/maintenance/rebuildLocalisationCache.php
index b9c797d107..48602de0f4 100644
--- a/maintenance/rebuildLocalisationCache.php
+++ b/maintenance/rebuildLocalisationCache.php
@@ -112,7 +112,7 @@ class RebuildLocalisationCache extends Maintenance {
 
 			if ( $pid === 0 ) {
 				// Child, reseed because there is no bug in PHP:
-				// http://bugs.php.net/bug.php?id=42465
+				// https://bugs.php.net/bug.php?id=42465
 				mt_srand( getmypid() );
 
 				$this->doRebuild( $codes, $lc, $force );
diff --git a/maintenance/sqlite/archives/searchindex-fts3.sql b/maintenance/sqlite/archives/searchindex-fts3.sql
index 2a370940e7..38cdfcfc76 100644
--- a/maintenance/sqlite/archives/searchindex-fts3.sql
+++ b/maintenance/sqlite/archives/searchindex-fts3.sql
@@ -1,6 +1,6 @@
 -- Patch that introduces fulltext search capabilities to SQLite schema
 -- Requires that SQLite must be compiled with FTS3 module (comes with core amalgamation).
--- See http://sqlite.org/fts3.html for details of syntax.
+-- See https://sqlite.org/fts3.html for details of syntax.
 -- Will fail if FTS3 is not present,
 DROP TABLE IF EXISTS /*_*/searchindex;
 CREATE VIRTUAL TABLE /*_*/searchindex USING FTS3(
@@ -15,4 +15,4 @@ CREATE VIRTUAL TABLE /*_*/searchindex USING FTS3(
   si_text
 );
 
-INSERT INTO /*_*/updatelog (ul_key) VALUES ('fts3');
\ No newline at end of file
+INSERT INTO /*_*/updatelog (ul_key) VALUES ('fts3');
diff --git a/maintenance/tables.sql b/maintenance/tables.sql
index 03ce508275..cf60d89bf5 100644
--- a/maintenance/tables.sql
+++ b/maintenance/tables.sql
@@ -861,14 +861,14 @@ CREATE TABLE /*_*/image (
   img_media_type ENUM("UNKNOWN", "BITMAP", "DRAWING", "AUDIO", "VIDEO", "MULTIMEDIA", "OFFICE", "TEXT", "EXECUTABLE", "ARCHIVE") default NULL,
 
   -- major part of a MIME media type as defined by IANA
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   -- for "chemical" cf. http://dx.doi.org/10.1021/ci9803233 by the ACS
   img_major_mime ENUM("unknown", "application", "audio", "image", "text", "video", "message", "model", "multipart", "chemical") NOT NULL default "unknown",
 
   -- minor part of a MIME media type as defined by IANA
   -- the minor parts are not required to adher to any standard
   -- but should be consistent throughout the database
-  -- see http://www.iana.org/assignments/media-types/
+  -- see https://www.iana.org/assignments/media-types/
   img_minor_mime varbinary(100) NOT NULL default "unknown",
 
   -- Description field as entered by the uploader.
diff --git a/resources/src/jquery/jquery.accessKeyLabel.js b/resources/src/jquery/jquery.accessKeyLabel.js
index e52d6a7c86..a6106e4562 100644
--- a/resources/src/jquery/jquery.accessKeyLabel.js
+++ b/resources/src/jquery/jquery.accessKeyLabel.js
@@ -97,7 +97,7 @@ function getAccessKeyLabel( element ) {
 		return '';
 	}
 	// use accessKeyLabel if possible
-	// http://www.whatwg.org/specs/web-apps/current-work/multipage/editing.html#dom-accesskeylabel
+	// https://html.spec.whatwg.org/multipage/interaction.html#dom-accesskeylabel
 	if ( !useTestPrefix && element.accessKeyLabel ) {
 		return element.accessKeyLabel;
 	}
diff --git a/resources/src/jquery/jquery.byteLimit.js b/resources/src/jquery/jquery.byteLimit.js
index dd71a2bc4d..b1692bbc44 100644
--- a/resources/src/jquery/jquery.byteLimit.js
+++ b/resources/src/jquery/jquery.byteLimit.js
@@ -176,7 +176,7 @@
 				// maxLength is a strange property. Removing or setting the property to
 				// undefined directly doesn't work. Instead, it can only be unset internally
 				// by the browser when removing the associated attribute (Firefox/Chrome).
-				// http://code.google.com/p/chromium/issues/detail?id=136004
+				// https://bugs.chromium.org/p/chromium/issues/detail?id=136004
 				$el.removeAttr( 'maxlength' );
 
 			} else {
@@ -203,7 +203,7 @@
 			// changed while text is being entered and keyup/change will not be fired yet
 			// (such as holding down a single key, fires keydown, and after each keydown,
 			// we can trim the previous one).
-			// See http://www.w3.org/TR/DOM-Level-3-Events/#events-keyboard-event-order for
+			// See https://www.w3.org/TR/DOM-Level-3-Events/#events-keyboard-event-order for
 			// the order and characteristics of the key events.
 			$el.on( eventKeys, function () {
 				var res = $.trimByteLength(
diff --git a/resources/src/mediawiki.legacy/oldshared.css b/resources/src/mediawiki.legacy/oldshared.css
index 7ccf59e548..4daf77f262 100644
--- a/resources/src/mediawiki.legacy/oldshared.css
+++ b/resources/src/mediawiki.legacy/oldshared.css
@@ -5,7 +5,7 @@
  */
 
 /* For clarity, explicitly state some recommendations from
- * http://www.w3.org/TR/CSS21/sample.html to make sure the editsection links scale right
+ * https://www.w3.org/TR/CSS21/sample.html to make sure the editsection links scale right
  */
 
 h1 {
diff --git a/resources/src/mediawiki.skinning/content.css b/resources/src/mediawiki.skinning/content.css
index d9cdf5a67f..e5c1583331 100644
--- a/resources/src/mediawiki.skinning/content.css
+++ b/resources/src/mediawiki.skinning/content.css
@@ -89,7 +89,7 @@ table.toc td {
 	display: table-cell;
 	/*
 	Text decorations are not propagated to the contents of inline blocks and inline tables,
-	according to <http://www.w3.org/TR/css-text-decor-3/#line-decoration>, and 'display: table-cell'
+	according to <https://www.w3.org/TR/css-text-decor-3/#line-decoration>, and 'display: table-cell'
 	generates an inline table when used without any parent table-rows and tables.
 	*/
 	text-decoration: inherit;
diff --git a/resources/src/mediawiki/mediawiki.js b/resources/src/mediawiki/mediawiki.js
index f878e42580..ab3f103d94 100644
--- a/resources/src/mediawiki/mediawiki.js
+++ b/resources/src/mediawiki/mediawiki.js
@@ -2505,7 +2505,7 @@
 				 *  - this.Raw: The raw value is directly included.
 				 *  - this.Cdata: The raw value is directly included. An exception is
 				 *    thrown if it contains any illegal ETAGO delimiter.
-				 *    See <http://www.w3.org/TR/html401/appendix/notes.html#h-B.3.2>.
+				 *    See <https://www.w3.org/TR/html401/appendix/notes.html#h-B.3.2>.
 				 * @return {string} HTML
 				 */
 				element: function ( name, attrs, contents ) {
diff --git a/resources/src/polyfill-nodeTypes.js b/resources/src/polyfill-nodeTypes.js
index 556b51b4fd..5f52d1e309 100644
--- a/resources/src/polyfill-nodeTypes.js
+++ b/resources/src/polyfill-nodeTypes.js
@@ -1,6 +1,6 @@
 /**
  * Adds window.Node with node types according to:
- * http://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-1950641247
+ * https://www.w3.org/TR/DOM-Level-2-Core/core.html#ID-1950641247
  */
 
 window.Node = window.Node || {
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index ba7b0d462a..6166cc21c3 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -1,5 +1,5 @@
 # MediaWiki Parser test cases
-# Some taken from http://meta.wikimedia.org/wiki/Parser_testing
+# Some taken from https://meta.wikimedia.org/wiki/Parser_testing
 # All (C) their respective authors and released under the GPL
 #
 # The syntax should be fairly self-explanatory.
@@ -524,7 +524,7 @@ http://fr.wikipedia.org/wiki/🍺
 !! end
 
 # Note that the html+tidy output removes the spaces after the <li>,
-# which is a bug (http://sourceforge.net/p/tidy/bugs/945/, etc).
+# which is a bug (https://sourceforge.net/p/tidy/bugs/945/, etc).
 # This is an issue for all tests with lists.  We intentionally do
 # *not* add html+tidy clauses for these, as we don't want to
 # document/test the broken behavior.  (Parsoid matches the non-tidy
@@ -1230,7 +1230,7 @@ Text-level semantic html elements in wikitext
 !! end
 
 # test cases taken from
-# http://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element
+# https://www.w3.org/TR/html5/text-level-semantics.html#the-ruby-element
 !! test
 Ruby markup (W3C-style)
 !! wikitext
@@ -1293,7 +1293,7 @@ Non-word characters don't terminate tag names (bug 17663, 40670, 52022)
 </p>
 !! end
 
-# There is a tidy bug here: http://sourceforge.net/p/tidy/bugs/946/
+# There is a tidy bug here: https://sourceforge.net/p/tidy/bugs/946/
 # If the non-word-character tag made it through the sanitizer, tidy
 # would munge it up.
 !! test
@@ -3840,7 +3840,7 @@ Definition Lists: Hacky use to indent tables (WS-insensitive)
 ## All Parsoid only definition list tests have this difference.
 ##
 ## See also: https://phabricator.wikimedia.org/T8569
-## and http://lists.wikimedia.org/pipermail/wikitext-l/2011-November/000483.html
+## and https://lists.wikimedia.org/pipermail/wikitext-l/2011-November/000483.html
 
 !! test
 Table / list interaction: indented table with lists in table contents
@@ -5194,7 +5194,7 @@ http://www.example.com/?title=AT%26T
 <p><a rel="mw:ExtLink" href="http://www.example.com/?title=AT%26T">http://www.example.com/?title=AT%26T</a></p>
 !! end
 
-# According to http://www.w3.org/TR/2011/WD-html5-20110525/Overview.html#parsing-urls a plain
+# According to https://www.w3.org/TR/2011/WD-html5-20110525/Overview.html#parsing-urls a plain
 # % is actually legal in HTML5. Any change in output would need testing though.
 !! test
 Bug 4781, 5267: %25 in URL
@@ -5781,7 +5781,7 @@ Plain ''italic'''s plain
 
 # This should not produce <table></table> as <table><tr><td></td></tr></table>
 # is the bare minimum required by the spec, see:
-# http://www.w3.org/TR/xhtml-modularization/dtd_module_defs.html#a_module_Basic_Tables
+# https://www.w3.org/TR/xhtml-modularization/dtd_module_defs.html#a_module_Basic_Tables
 # Parsoid team replies: empty table tags are legal in HTML5
 !! test
 A table with no data.
@@ -19098,7 +19098,7 @@ parsoid=wt2html,wt2wt,html2html
 <p><span typeof="mw:Entity">î</span><span typeof="mw:Entity">î</span></p>
 !! end
 
-# See: http://www.w3.org/TR/html5/syntax.html#character-references
+# See: https://www.w3.org/TR/html5/syntax.html#character-references
 # Note that U+000C (form feed) is not a valid XML character, so
 # it is banned even though allowed in HTML5.
 !! test
diff --git a/tests/phpunit/includes/HtmlTest.php b/tests/phpunit/includes/HtmlTest.php
index bc5096639b..c701ff9e57 100644
--- a/tests/phpunit/includes/HtmlTest.php
+++ b/tests/phpunit/includes/HtmlTest.php
@@ -447,7 +447,7 @@ class HtmlTest extends MediaWikiTestCase {
 
 	/**
 	 * List of input element types values introduced by HTML5
-	 * Full list at http://www.w3.org/TR/html-markup/input.html
+	 * Full list at https://www.w3.org/TR/html-markup/input.html
 	 */
 	public static function provideHtml5InputTypes() {
 		$types = [
diff --git a/tests/phpunit/includes/HttpTest.php b/tests/phpunit/includes/HttpTest.php
index ae0b4bee8b..c3804c65bb 100644
--- a/tests/phpunit/includes/HttpTest.php
+++ b/tests/phpunit/includes/HttpTest.php
@@ -188,7 +188,7 @@ class HttpTest extends MediaWikiTestCase {
 
 	/**
 	 * Constant values are from PHP 5.3.28 using cURL 7.24.0
-	 * @see http://php.net/manual/en/curl.constants.php
+	 * @see https://secure.php.net/manual/en/curl.constants.php
 	 *
 	 * All constant values are present so that developers don’t need to remember
 	 * to add them if added at a later date. The commented out constants were
diff --git a/tests/phpunit/includes/SampleTest.php b/tests/phpunit/includes/SampleTest.php
index 7c313845f9..02935a5369 100644
--- a/tests/phpunit/includes/SampleTest.php
+++ b/tests/phpunit/includes/SampleTest.php
@@ -32,7 +32,7 @@ class TestSample extends MediaWikiLangTestCase {
 	 * they run.  While MediaWiki isn't strictly an Agile Programming
 	 * project, you are encouraged to use the naming described under
 	 * "Agile Documentation" at
-	 * http://www.phpunit.de/manual/3.4/en/other-uses-for-tests.html
+	 * https://www.phpunit.de/manual/3.4/en/other-uses-for-tests.html
 	 */
 	public function testTitleObjectStringConversion() {
 		$title = Title::newFromText( "text" );
@@ -45,7 +45,7 @@ class TestSample extends MediaWikiLangTestCase {
 
 	/**
 	 * If you want to run a the same test with a variety of data, use a data provider.
-	 * see: http://www.phpunit.de/manual/3.4/en/writing-tests-for-phpunit.html
+	 * see: https://www.phpunit.de/manual/3.4/en/writing-tests-for-phpunit.html
 	 */
 	public static function provideTitles() {
 		return [
@@ -60,7 +60,7 @@ class TestSample extends MediaWikiLangTestCase {
 	// @codingStandardsIgnoreStart Generic.Files.LineLength
 	/**
 	 * @dataProvider provideTitles
-	 * See http://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.dataProvider
+	 * See https://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.dataProvider
 	 */
 	// @codingStandardsIgnoreEnd
 	public function testCreateBasicListOfTitles( $titleName, $ns, $text ) {
@@ -89,7 +89,7 @@ class TestSample extends MediaWikiLangTestCase {
 
 	/**
 	 * @depends testSetUpMainPageTitleForNextTest
-	 * See http://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.depends
+	 * See https://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.depends
 	 */
 	public function testCheckMainPageTitleIsConsideredLocal( $title ) {
 		$this->assertTrue( $title->isLocal() );
@@ -98,7 +98,7 @@ class TestSample extends MediaWikiLangTestCase {
 	// @codingStandardsIgnoreStart Generic.Files.LineLength
 	/**
 	 * @expectedException InvalidArgumentException
-	 * See http://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.expectedException
+	 * See https://phpunit.de/manual/3.7/en/appendixes.annotations.html#appendixes.annotations.expectedException
 	 */
 	// @codingStandardsIgnoreEnd
 	public function testTitleObjectFromObject() {
diff --git a/tests/phpunit/includes/SanitizerTest.php b/tests/phpunit/includes/SanitizerTest.php
index c915b70e1d..12db1a198f 100644
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -134,19 +134,19 @@ class SanitizerTest extends MediaWikiTestCase {
 				'Self-closing closing div'
 			],
 			// Make sure special nested HTML5 semantics are not broken
-			// http://www.whatwg.org/html/text-level-semantics.html#the-kbd-element
+			// https://html.spec.whatwg.org/multipage/semantics.html#the-kbd-element
 			[
 				'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
 				'<kbd><kbd>Shift</kbd>+<kbd>F3</kbd></kbd>',
 				'Nested <kbd>.'
 			],
-			// http://www.whatwg.org/html/text-level-semantics.html#the-sub-and-sup-elements
+			// https://html.spec.whatwg.org/multipage/semantics.html#the-sub-and-sup-elements
 			[
 				'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
 				'<var>x<sub><var>i</var></sub></var>, <var>y<sub><var>i</var></sub></var>',
 				'Nested <var>.'
 			],
-			// http://www.whatwg.org/html/text-level-semantics.html#the-dfn-element
+			// https://html.spec.whatwg.org/multipage/semantics.html#the-dfn-element
 			[
 				'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
 				'<dfn><abbr title="Garage Door Opener">GDO</abbr></dfn>',
diff --git a/tests/phpunit/includes/installer/DatabaseUpdaterTest.php b/tests/phpunit/includes/installer/DatabaseUpdaterTest.php
index 22d52f0744..2a75cf4020 100644
--- a/tests/phpunit/includes/installer/DatabaseUpdaterTest.php
+++ b/tests/phpunit/includes/installer/DatabaseUpdaterTest.php
@@ -103,7 +103,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Get the number of fields in a result object
-	 * @see http://www.php.net/mysql_num_fields
+	 * @see https://secure.php.net/mysql_num_fields
 	 *
 	 * @param mixed $res A SQL result
 	 * @return int
@@ -114,7 +114,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Get a field name in a result object
-	 * @see http://www.php.net/mysql_field_name
+	 * @see https://secure.php.net/mysql_field_name
 	 *
 	 * @param mixed $res A SQL result
 	 * @param int $n
@@ -142,7 +142,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Change the position of the cursor in a result object
-	 * @see http://www.php.net/mysql_data_seek
+	 * @see https://secure.php.net/mysql_data_seek
 	 *
 	 * @param mixed $res A SQL result
 	 * @param int $row
@@ -153,7 +153,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Get the last error number
-	 * @see http://www.php.net/mysql_errno
+	 * @see https://secure.php.net/mysql_errno
 	 *
 	 * @return int
 	 */
@@ -163,7 +163,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Get a description of the last error
-	 * @see http://www.php.net/mysql_error
+	 * @see https://secure.php.net/mysql_error
 	 *
 	 * @return string
 	 */
@@ -197,7 +197,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Get the number of rows affected by the last write query
-	 * @see http://www.php.net/mysql_affected_rows
+	 * @see https://secure.php.net/mysql_affected_rows
 	 *
 	 * @return int
 	 */
@@ -217,7 +217,7 @@ class FakeDatabase extends Database {
 
 	/**
 	 * Returns a wikitext link to the DB's website, e.g.,
-	 *   return "[http://www.mysql.com/ MySQL]";
+	 *   return "[https://www.mysql.com/ MySQL]";
 	 * Should at least contain plain text, if for some reason
 	 * your database has no website.
 	 *
diff --git a/tests/phpunit/includes/specials/QueryAllSpecialPagesTest.php b/tests/phpunit/includes/specials/QueryAllSpecialPagesTest.php
index 061e59823a..c1083afdbc 100644
--- a/tests/phpunit/includes/specials/QueryAllSpecialPagesTest.php
+++ b/tests/phpunit/includes/specials/QueryAllSpecialPagesTest.php
@@ -22,7 +22,7 @@ class QueryAllSpecialPagesTest extends MediaWikiTestCase {
 	 * Pages whose query use the same DB table more than once.
 	 * This is used to skip testing those pages when run against a MySQL backend
 	 * which does not support reopening a temporary table. See upstream bug:
-	 * http://bugs.mysql.com/bug.php?id=10327
+	 * https://bugs.mysql.com/bug.php?id=10327
 	 */
 	protected $reopensTempTable = [
 		'BrokenRedirects',
@@ -51,7 +51,7 @@ class QueryAllSpecialPagesTest extends MediaWikiTestCase {
 
 		foreach ( $this->queryPages as $page ) {
 			// With MySQL, skips special pages reopening a temporary table
-			// See http://bugs.mysql.com/bug.php?id=10327
+			// See https://bugs.mysql.com/bug.php?id=10327
 			if (
 				$wgDBtype === 'mysql'
 				&& in_array( $page->getName(), $this->reopensTempTable )
diff --git a/tests/phpunit/includes/upload/UploadBaseTest.php b/tests/phpunit/includes/upload/UploadBaseTest.php
index 3debe6e198..d81ddd3882 100644
--- a/tests/phpunit/includes/upload/UploadBaseTest.php
+++ b/tests/phpunit/includes/upload/UploadBaseTest.php
@@ -349,7 +349,7 @@ class UploadBaseTest extends MediaWikiTestCase {
 			],
 			[
 				// This currently doesn't seem to work in any browsers, but in case
-				// http://www.w3.org/TR/css3-images/ is implemented for SVG files
+				// https://www.w3.org/TR/css3-images/ is implemented for SVG files
 				'<svg xmlns="http://www.w3.org/2000/svg"> <rect width="100" height="100" style="background-image:image(\'sprites.svg#xywh=40,0,20,20\')"/> </svg>',
 				true,
 				true,
diff --git a/tests/phpunit/suites/ParserTestTopLevelSuite.php b/tests/phpunit/suites/ParserTestTopLevelSuite.php
index 4284a77ff7..187d07e010 100644
--- a/tests/phpunit/suites/ParserTestTopLevelSuite.php
+++ b/tests/phpunit/suites/ParserTestTopLevelSuite.php
@@ -107,7 +107,7 @@ class ParserTestTopLevelSuite extends PHPUnit_Framework_TestSuite {
 			$testsName = $extensionName . '__' . basename( $fileName, '.txt' );
 			$parserTestClassName = ucfirst( $testsName );
 
-			// Official spec for class names: http://php.net/manual/en/language.oop5.basic.php
+			// Official spec for class names: https://secure.php.net/manual/en/language.oop5.basic.php
 			// Prepend 'ParserTest_' to be paranoid about it not starting with a number
 			$parserTestClassName = 'ParserTest_' .
 				preg_replace( '/[^a-zA-Z0-9_\x7f-\xff]/', '_', $parserTestClassName );
-- 
2.20.1