jenkins-bot [Fri, 29 Jan 2016 19:59:56 +0000 (19:59 +0000)]
Merge "Make WatchedItem members private"
addshore [Fri, 29 Jan 2016 19:39:23 +0000 (20:39 +0100)]
Make WatchedItem members private
These are only used in this class
Change-Id: I492e7f5b0611f8928b352af983f18f5184bc54bf
addshore [Fri, 29 Jan 2016 19:10:26 +0000 (20:10 +0100)]
Remove WatchedItem::IMMEDIATE and DEFERRED
It looks like this used to actually be used
since Ie60e20162fd833e64d81763a6aa1dc3faf2162f3
but since the global wgActivityUpdatesUseJobQueue
seems to have been removed from the code.
Thus this stuff is doing nothing and
things are always DEFERRED.
Change-Id: I08cb6051f52e0f0402542d8326f03f115bb00943
jenkins-bot [Fri, 29 Jan 2016 19:30:10 +0000 (19:30 +0000)]
Merge "Hide category changes if feature is disabled"
jenkins-bot [Fri, 29 Jan 2016 19:16:03 +0000 (19:16 +0000)]
Merge "KafkaHandler: allow customizing timeouts"
jenkins-bot [Fri, 29 Jan 2016 19:05:16 +0000 (19:05 +0000)]
Merge "Move MaxUserDBWriteDuration logic to LBFactory"
addshore [Fri, 29 Jan 2016 11:42:04 +0000 (12:42 +0100)]
Hide category changes if feature is disabled
Recently when RCWatchCategoryMembership was set
to false for many wikis suddenly all of the
category changes appeared in watchlists and in
recent changes.
This patch will avoid this and would instead
continue following the users settings
Change-Id: Id5468e8ef0ff430f03bacae708267a6ee6c84e48
jenkins-bot [Fri, 29 Jan 2016 07:57:18 +0000 (07:57 +0000)]
Merge "Fix a spelling mistake in a comment"
Arlo Breault [Thu, 28 Jan 2016 23:23:38 +0000 (15:23 -0800)]
Fix a spelling mistake in a comment
Change-Id: Idf3f9b7778cec846578b0c5242ef8530dc8f32b3
jenkins-bot [Fri, 29 Jan 2016 04:13:46 +0000 (04:13 +0000)]
Merge "Log user-agents that are using HTTP when HTTPS is preferred"
Bryan Davis [Thu, 28 Jan 2016 00:53:54 +0000 (17:53 -0700)]
Log user-agents that are using HTTP when HTTPS is preferred
Log a feature usage message and add a warning to the response when an
API request is made over unencrypted HTTP and the wiki or user has asked
that HTTPS be used by default.
Bug: T105794
Change-Id: I339bfa96614c6318db303bb22a8f86bd0336ddbe
Max Semenik [Fri, 29 Jan 2016 00:23:22 +0000 (16:23 -0800)]
KafkaHandler: allow customizing timeouts
Bug: T125084
Change-Id: I8f01fa61d916aeaa831a84e12b6fae08d04ca046
Aaron Schulz [Sun, 27 Dec 2015 23:41:14 +0000 (15:41 -0800)]
Move MaxUserDBWriteDuration logic to LBFactory
Change-Id: If7231af24f10ae29b7137f147abb60a351c9127f
jenkins-bot [Fri, 29 Jan 2016 00:55:37 +0000 (00:55 +0000)]
Merge "Title::newFromText: Cast integers to strings"
This, that and the other [Thu, 28 Jan 2016 23:52:37 +0000 (10:52 +1100)]
Title::newFromText: Cast integers to strings
This is the cause of the T76305 debug log entries relating to SpecialExport
and Echo.
Bug: T76305
Bug: T116034
Change-Id: I64d629d31be79c4b4702a4298bce68fd544df6e8
jenkins-bot [Thu, 28 Jan 2016 23:22:23 +0000 (23:22 +0000)]
Merge "mw.loader: Minor documentation and test improvements"
jenkins-bot [Thu, 28 Jan 2016 23:16:37 +0000 (23:16 +0000)]
Merge "Remove require_once for language classes"
jenkins-bot [Thu, 28 Jan 2016 23:13:06 +0000 (23:13 +0000)]
Merge "Add ParserOutputStashForEdit hook for extension cache warming"
Tim Starling [Thu, 28 Jan 2016 22:12:05 +0000 (09:12 +1100)]
Remove require_once for language classes
Remove require_once for LanguageConverter and base classes. These
are in the autoloader now, so an explicit require is no longer
necessary.
Change-Id: Ie34ffc58fd9ec89fb57cf077dd5ac1746c35c48e
Timo Tijhof [Thu, 28 Jan 2016 22:23:36 +0000 (23:23 +0100)]
mw.loader: Minor documentation and test improvements
Update outdated mw.loader.implement documentation
* Not all arguments are required.
* Even 'script' is no longer required. Defaults to 'null' in the registry.
And supported by execute().
* Add a test for implement() with a name only and no resources.
Bug: T112455
Change-Id: I5ebd8542ae1a4b2f14ffaff560b98b4c1c2adb23
Brad Jorsch [Thu, 28 Jan 2016 21:19:37 +0000 (16:19 -0500)]
SessionManager: Save user name to metadata even if the user doesn't exist locally
Bug: T125133
Change-Id: I12ff84db614f0d5839457aa92be58c62b3a4e8fd
jenkins-bot [Thu, 28 Jan 2016 20:15:15 +0000 (20:15 +0000)]
Merge "User: Fix loading of user_token"
jenkins-bot [Thu, 28 Jan 2016 20:03:21 +0000 (20:03 +0000)]
Merge "SessionManager: Don't generate user tokens when checking the tokens"
Translation updater bot [Thu, 28 Jan 2016 19:54:24 +0000 (20:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Ifd89bebff1d57bcdc57b39ae6a05ea9f5acb115c
Brad Jorsch [Thu, 28 Jan 2016 18:46:22 +0000 (13:46 -0500)]
User: Fix loading of user_token
Similar to T124414, we should always load user_token from the row even
if user_email is unset.
Also, I notice that maintenance/tables.sql defines the column as
"binary(32)", which is going to append ASCII NUL bytes to the default
empty-string. And before that it was "char(32)", which will append
spaces. So trim both of those off when reading the field so the
following check for === '' actually works.
The latter doesn't seem to affect *most* WMF wikis, since they have the
column defined as "varbinary(32)" for some reason. But there are a few
with "binary(32)", I have no idea why.
Change-Id: I50a813bb530639275628d9560c79a773676aa36d
Brad Jorsch [Thu, 28 Jan 2016 18:27:01 +0000 (13:27 -0500)]
SessionManager: Don't generate user tokens when checking the tokens
Looking at the pre-SessionManager token checking, it's apparently valid
to log in despite user_token being empty. The stored token just gets
compared against the empty string that got returned previously.
This also cleans up some checks that assumed $user->getToken() didn't
automatically create the token if one wasn't already set.
Bug: T125114
Change-Id: Ia3d2382e96e2a0146f33fb7193a2e00ea72e51a0
jenkins-bot [Thu, 28 Jan 2016 08:11:08 +0000 (08:11 +0000)]
Merge "Add support for image interlacing of Bitmap type images"
jenkins-bot [Thu, 28 Jan 2016 07:11:27 +0000 (07:11 +0000)]
Merge "Move CSRF token handling into MediaWiki\Session\Session"
jenkins-bot [Thu, 28 Jan 2016 06:00:32 +0000 (06:00 +0000)]
Merge "TagLogFormatter: For log entries changing both revid and logid tags, prefer revid"
Aaron Schulz [Wed, 20 Jan 2016 17:23:46 +0000 (09:23 -0800)]
Migrate callers to waitForReplication()
Change-Id: I7b2b13b9315891561d2d8cc04a12ecad2dc73d70
jenkins-bot [Thu, 28 Jan 2016 01:29:59 +0000 (01:29 +0000)]
Merge "Cleanup setFileDependencies() docs"
jenkins-bot [Thu, 28 Jan 2016 00:47:39 +0000 (00:47 +0000)]
Merge "Add missing argument for wfDebugLog"
Matthias Mullie [Wed, 27 Jan 2016 12:48:03 +0000 (13:48 +0100)]
Add missing argument for wfDebugLog
Change-Id: Id452ee8e9917b8e2dca9f14e37fbedd296853fd4
addshore [Wed, 27 Jan 2016 16:11:52 +0000 (17:11 +0100)]
Count the number of EditPage edit conflicts
edit.failures.* is already used for:
- session_loss
- bad_token
- incomplete_form
hence the choice of metric name.
Bug: T120462
Change-Id: I7636cedaf3d589faec3153882f7d1e8ac7054a89
Matt Fitzpatrick [Mon, 18 Jan 2016 01:19:26 +0000 (17:19 -0800)]
Whitelist additional WAI-ARIA attributes, and all role values
Adds the attributes aria-describedby, aria-flowto, aria-label,
aria-labelledby, and aria-owns to the attribute whitelist for all
elements.
Adds Sanitizer::escapeIdReferenceList() to escape attributes
containing space delimited HTML id lists, in the same manner as
Sanitizer::escapeId().
Removes the role="presentation" restriction. Allows all values for
the role attribute.
Bug: T26659
Change-Id: I3a29d727c61f46ac115ca2e50fcb14deeea34418
Brad Jorsch [Wed, 27 Jan 2016 22:14:21 +0000 (17:14 -0500)]
RequestContext::exportSession() should only export persisted session IDs
If a non-persisted session ID is exported, then when the session is
reloaded by RequestContext::importScopedSession() the session_start()
will wind up persisting it.
Bug: T124971
Change-Id: If03d130acca6bb98029cfa3cc520cd46f42ff15e
Brad Jorsch [Wed, 27 Jan 2016 22:13:35 +0000 (17:13 -0500)]
SessionManager: Save 'persisted' flag in session metadata
This allows SessionManager::getSessionById()->isPersisted() to be
reliably set. Otherwise it depends on whether the SessionBackend is
still loaded or not.
Change-Id: I17733559ac5d8fff13881664333f61d36f610b6d
Aaron Schulz [Wed, 27 Jan 2016 20:37:44 +0000 (12:37 -0800)]
Cleanup setFileDependencies() docs
Change-Id: If7973bbfd2aaede1b2f5cc0df3f416bc9b8c77c6
Brad Jorsch [Tue, 22 Sep 2015 14:33:24 +0000 (10:33 -0400)]
Move CSRF token handling into MediaWiki\Session\Session
User keeps most of its token-related methods because anon edit tokens
are special. Login and createaccount tokens are completely moved.
Change-Id: I524218fab7e2d78fd24482ad364428e98dc48bdf
Translation updater bot [Wed, 27 Jan 2016 20:22:23 +0000 (21:22 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I890aa4632041c66074ace5ee65b4c259a4855f4f
Aaron Schulz [Sun, 13 Dec 2015 12:01:03 +0000 (04:01 -0800)]
Convert page creation to using startAtomic()/endAtomic()
A few semantic changes result from this:
* If multiple pages are created in a request, the updates happen
in the same order relative to each other, but all in one second
step instead of after each page edit.
* If an extension set some extra Status info or errors via the
PageContentInsertComplete hook, they will not be seen by the
caller (unless it was a CLI script possibly). Few callers use
$status at all, and I did not see any that mutated it. Since
the page is already committed when this hooks run (as has always
been) they cannot veto edits and callers do not care or know what
to do with random hook-set status errors; there was never much use
in changing the Status anyway.
Bug: T120718
Change-Id: Ieba35056be31b2f648c57f59d19d3cbbe58f1b05
Geoffrey Mon [Sat, 9 Jan 2016 03:14:12 +0000 (22:14 -0500)]
Expose visitingwatchers to API through action=query&prop=info
Bug: T105392
Change-Id: I87059dd77dd0e280b02e9d9b638ba2725ff71762
Florian [Wed, 20 Jan 2016 18:17:07 +0000 (19:17 +0100)]
Fix autoload.php order
Someone maybe added it by hand :) It will add some noise to
other changes, where autoload.php is genereted with
maintenance/generateLocalAutoload.php
Change-Id: If064fcc1fe87165df72eaf368117e62a51b24e95
matejsuchanek [Wed, 27 Jan 2016 12:10:23 +0000 (13:10 +0100)]
Add help link to the top of history pages
It links to https://meta.wikimedia.org/wiki/Special:MyLanguage/Help:Page_history
but the target can be changed locally by creating
"MediaWiki:History-helppage".
Bug: T124885
Change-Id: Iffd396ea9dfb5216fa65ed9780f3c788fde4a3e5
addshore [Wed, 27 Jan 2016 16:22:32 +0000 (17:22 +0100)]
assertEquals does not return anything
Also this method is not documented as returning
anything
Change-Id: Ibcfda0bec5f84b308866a662400ed5e97dd1ac06
jenkins-bot [Wed, 27 Jan 2016 14:27:00 +0000 (14:27 +0000)]
Merge "mw.widgets.DateInputWidget: Make placeholder label configurable"
jenkins-bot [Wed, 27 Jan 2016 12:34:54 +0000 (12:34 +0000)]
Merge "Switch name to username in @author tags"
addshore [Wed, 27 Jan 2016 09:43:04 +0000 (10:43 +0100)]
Remove doc comment referencing removed method
This method was removed in:
cfaf26e5017228208f8049b979cb443eb01677cf
so lets remove the reference to it so people don't
go looking for what is not there.
Change-Id: I229f033a3b4553e6eacc460faaf156ba2539d6d5
addshore [Wed, 27 Jan 2016 09:59:31 +0000 (10:59 +0100)]
Switch name to username in @author tags
From now on I will simply use addshore
everywhere to keep things uniform...
Change-Id: Iaf441b2d7a67a12c20529f0e9c7b47819f4abfae
Timo Tijhof [Thu, 21 Jan 2016 17:25:14 +0000 (17:25 +0000)]
resourceloader: Simplify and clean up RLQ wrap
startup.js:
* Don't assign to "window.RLQ" and read from "RLQ". Use the same
identifier in both places instead of relying on global scope.
* Create the global window.RLQ only once. The temporary [] fallback
doesn't need to be exposed globally, so use a local variable for
the loop that processes the pre-existing queue built up while
the startup module was loading.
OutputPage:
* Simplify the RLQ wrap to be more idiomatic and less repetitive.
Matches the pattern used in Google and Facebook open-source projects.
Change-Id: I9176377bc05432e51add841696a356428feec8ce
Aaron Schulz [Wed, 27 Jan 2016 01:23:53 +0000 (17:23 -0800)]
Add ParserOutputStashForEdit hook for extension cache warming
This can pre-cache slow queries by extensions that happen on
edit submission.
Bug: T116557
Change-Id: I803f69013f68e80a53dd3c466bddff3ebe2b659b
jenkins-bot [Wed, 27 Jan 2016 01:13:44 +0000 (01:13 +0000)]
Merge "Set threshold for is a tablet in LESS variable"
jenkins-bot [Wed, 27 Jan 2016 00:45:24 +0000 (00:45 +0000)]
Merge "images/.htaccess breaks TransformVia404 functionality"
jenkins-bot [Wed, 27 Jan 2016 00:35:17 +0000 (00:35 +0000)]
Merge "mediawiki.page.patrol.ajax: Use formatversion=2 for API requests"
scnd [Tue, 27 May 2014 10:21:10 +0000 (14:21 +0400)]
images/.htaccess breaks TransformVia404 functionality
Bug: 65220
Change-Id: Ibdb91f4c676b1c77558ac806c1ccc8313ef5929f
Translation updater bot [Tue, 26 Jan 2016 22:46:17 +0000 (23:46 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I3897ab528fec09104c0a260310a79b3766c106e6
jenkins-bot [Tue, 26 Jan 2016 22:33:52 +0000 (22:33 +0000)]
Merge "Make ForeignTitle properties private"
James D. Forrester [Tue, 26 Jan 2016 21:16:54 +0000 (13:16 -0800)]
Update OOjs UI to v0.15.1
Release notes:
https://git.wikimedia.org/blob/oojs%2Fui.git/v0.15.1/History.md
Change-Id: Ic5069503ebea193e117a9f7f3d520a6f04e0b1cd
jenkins-bot [Tue, 26 Jan 2016 20:36:46 +0000 (20:36 +0000)]
Merge "Skip IPTCTest::testIPTCParseForcedUTFButInvalid() on pre-PHP5.5.26"
jdlrobson [Mon, 21 Dec 2015 23:49:10 +0000 (15:49 -0800)]
Set threshold for is a tablet in LESS variable
We need to centrally define our definition of a tablet device so
we can consistently serve alternative mobile and tablet versions.
As well as the two mentioned extensions in the see section, there
are also instances in Gather, Vector, Metrolook and various other
extensions that will benefit from this.
See I257b3b34536 and I97d9600c839.
Bug: T93675
Change-Id: Iefce83763da0cbd037a7ff889088b0da820220a0
jenkins-bot [Tue, 26 Jan 2016 19:19:55 +0000 (19:19 +0000)]
Merge "Document how LocalFile::upload() and UploadBase::performUpload() ignore user permissions"
jenkins-bot [Tue, 26 Jan 2016 19:14:08 +0000 (19:14 +0000)]
Merge "LinkBatch::addObj can also work with TitleValue objs"
addshore [Tue, 26 Jan 2016 19:04:28 +0000 (20:04 +0100)]
LinkBatch::addObj can also work with TitleValue objs
Change-Id: I035d38a5eb8299fcce9cc0efa3952e391b325722
addshore [Tue, 26 Jan 2016 18:36:52 +0000 (19:36 +0100)]
Make ForeignTitle properties private
Change-Id: If9ea22f412a378aa1090ba761c19f77c97da7df0
Brad Jorsch [Tue, 26 Jan 2016 18:21:57 +0000 (13:21 -0500)]
Avoid false "added in both Session and $_SESSION" when value is null
Needs to use array_key_exists(), not isset().
Bug: T124371
Change-Id: I794f0ec793fc91ec68393443f839cfc8a154613e
Kunal Mehta [Tue, 26 Jan 2016 18:12:17 +0000 (10:12 -0800)]
Skip IPTCTest::testIPTCParseForcedUTFButInvalid() on pre-PHP5.5.26
Bug: T124574
Change-Id: If546c84a9449579cdea5af5b2a6b4b1e7203109e
Bartosz Dziewoński [Tue, 26 Jan 2016 17:03:56 +0000 (18:03 +0100)]
Document how LocalFile::upload() and UploadBase::performUpload() ignore user permissions
Follow-up to
61c7852049de45664593437f8b8335809fdbccae.
Change-Id: I6e69b1fa12f336dc4dd12e845cb8bf42abd599b2
Fomafix [Tue, 26 Jan 2016 14:47:27 +0000 (14:47 +0000)]
mediawiki.page.patrol.ajax: Use formatversion=2 for API requests
With formatversion=2 the response uses UTF-8 instead of escape sequences
with hex for encoding of non-ASCII characters (e.g. "\u00e4" for "ä").
The other syntax changes of formatversion=2 have no effect here.
Change-Id: I0937cb0e9f757758cbaf0a2fd8dc0ef2c9a13c64
jenkins-bot [Tue, 26 Jan 2016 13:23:45 +0000 (13:23 +0000)]
Merge "TableSorter: Avoid FOUC and preserve styling in VisualEditor"
jenkins-bot [Tue, 26 Jan 2016 13:09:29 +0000 (13:09 +0000)]
Merge "TableSorter: Use SVGs with PNG fallbacks instead of GIFs"
Ed Sanders [Mon, 25 Jan 2016 17:14:29 +0000 (17:14 +0000)]
TableSorter: Avoid FOUC and preserve styling in VisualEditor
Always make space for the icon and display a placeholder
if JavaScript is loaded, even if we haven't set up table
sorting for a given table yet.
The table will not be sortable in VE mode but for layout
preview we should show some disabled sort icons.
Bug: T95189
Change-Id: Ieb21cf79ae68e388e824923cb6e2d7d552a4afc6
jenkins-bot [Tue, 26 Jan 2016 12:18:11 +0000 (12:18 +0000)]
Merge "Make mediawiki.special.pageLanguage work again"
Glaisher [Sat, 23 Jan 2016 17:39:05 +0000 (22:39 +0500)]
Make mediawiki.special.pageLanguage work again
Broken with the switch to OOUI.
This also adds 'id' param to OOUI HTMLRadioField.
Follow-up to
b51076a84446d157bed511246450e70d26e0f945.
Change-Id: I69c5fa9830a8b8b7cd6bf3468b5600325d34c070
jenkins-bot [Tue, 26 Jan 2016 10:40:10 +0000 (10:40 +0000)]
Merge "TitleInputWidget: Allow config to disable validation"
jenkins-bot [Tue, 26 Jan 2016 10:34:31 +0000 (10:34 +0000)]
Merge "Fix declension in grammar rules for Latin language"
jenkins-bot [Tue, 26 Jan 2016 05:34:12 +0000 (05:34 +0000)]
Merge "MimeMagic: Set mime-type for .js to application/javascript"
jenkins-bot [Tue, 26 Jan 2016 03:46:19 +0000 (03:46 +0000)]
Merge "mediawiki.searchSuggest: Use formatversion=2 for API requests"
Fomafix [Mon, 25 Jan 2016 19:15:59 +0000 (19:15 +0000)]
mediawiki.searchSuggest: Use formatversion=2 for API requests
With formatversion=2 the response uses UTF-8 instead of escape sequences
with hex for encoding of non-ASCII characters (e.g. "\u00e4" for "ä").
The other syntax changes of formatversion=2 have no effect here.
Change-Id: Ib01497e8a2340d329482b5131a125b1f92e87116
Timo Tijhof [Tue, 26 Jan 2016 01:33:24 +0000 (01:33 +0000)]
MimeMagic: Set mime-type for .js to application/javascript
The previous "application/x-javascript" was non-standard. It was used as
unregistered mime type by various vendors after stakeholders agreed it
shouldn't be text/javascript anymore, but "application/javascript" was
still pending approval. That was settled in 2006 with RFC 4329.
http://www.iana.org/assignments/media-types/media-types.xhtml
https://tools.ietf.org/html/rfc4329
It also previously inconsistently returned "application/x-javascript" or
"text/javascript" depending on whether you call MimeMagic with or without
the flag that asks for "improved" mime magic (in the latter mode, it picks
the first one from the mime-info list as override).
This makes MimeMagic match the behaviour of HHVM-static server, NGINX,
and Apache 2.4; with regards to Content-Type for .js files.
Change-Id: Idfe0a80c60c548fe28283c62ee9803bff7bdb2d6
Alex Monk [Tue, 26 Jan 2016 00:45:03 +0000 (00:45 +0000)]
TitleInputWidget: Allow config to disable validation
Or to set it to something else, like 'non-empty'.
Bug: T55613
Change-Id: I5e97604f0fc24176d5e89899bf0505dc442a1a7e
Brad Jorsch [Mon, 25 Jan 2016 18:00:00 +0000 (13:00 -0500)]
Log backtrace for "User::loadFromSession called before the end of Setup.php"
Fixing the bug will be much easier if we know where it's being called
from.
Bug: T124367
Change-Id: I69cd8bc2bb0677819763c59a221f098d564c92cd
Translation updater bot [Mon, 25 Jan 2016 21:10:17 +0000 (21:10 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Mon, 25 Jan 2016 21:04:47 +0000 (22:04 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I8d7ca4bb1bd5175b24fefc0dd7f1a785338270b3
jenkins-bot [Mon, 25 Jan 2016 21:00:13 +0000 (21:00 +0000)]
Merge "Make it possible to tag new file uploads without messy queries"
jenkins-bot [Mon, 25 Jan 2016 20:35:37 +0000 (20:35 +0000)]
jenkins-bot [Mon, 25 Jan 2016 20:30:44 +0000 (20:30 +0000)]
Merge "SpecialWatchlist: Display actual number of days for the "all" option"
jenkins-bot [Mon, 25 Jan 2016 20:30:40 +0000 (20:30 +0000)]
Merge "Sync up with Parsoid parserTests."
jenkins-bot [Mon, 25 Jan 2016 20:26:00 +0000 (20:26 +0000)]
Merge "Handle static access in TestingAccessWrapper"
jenkins-bot [Mon, 25 Jan 2016 20:20:10 +0000 (20:20 +0000)]
Merge "Avoid races on null revision insertion"
Arlo Breault [Mon, 25 Jan 2016 20:03:07 +0000 (12:03 -0800)]
Sync up with Parsoid parserTests.
This now aligns with Parsoid commit
b04ce02432166128a295c0f00ac1d64c6a469a81
Change-Id: I9f27dc299b87aa265039c0e25084489810c0f7c8
jenkins-bot [Mon, 25 Jan 2016 20:13:30 +0000 (20:13 +0000)]
Merge "LocalFile: Ensure same timestamp for log entry and image revision"
jenkins-bot [Mon, 25 Jan 2016 20:11:18 +0000 (20:11 +0000)]
Merge "Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'"
jenkins-bot [Mon, 25 Jan 2016 20:06:58 +0000 (20:06 +0000)]
Merge "SpecialWatchlist: Display 'wlnote' message even when showing "all" days"
Brad Jorsch [Mon, 25 Jan 2016 19:15:40 +0000 (14:15 -0500)]
Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
The pre-SessionManager code did this, and the change in combination with
the API not honoring forceHTTPS led to T124252.
Bug: T124252
Change-Id: Ic6a79fbb30491040facd7c200b1f47d6b99ce637
Bartosz Dziewoński [Thu, 21 Jan 2016 17:14:40 +0000 (18:14 +0100)]
Make it possible to tag new file uploads without messy queries
UploadBase::performUpload() now takes a $tags parameter and passes it
to LocalFile::upload() and LocalFile::recordUpload2(), which
eventually adds the requested tags to the log_id, rev_id and rc_id
that are created for the file upload.
Previously you'd have to query the database for the latest rev_id and
log_id for the page title under which the title is being uploaded, as
performUpload() is unable to return them to you because it's all
deferred in funny ways.
Bug: T121874
Change-Id: I99a8fd67c84219d2715d3d88cc21500614431179
Bryan Davis [Mon, 25 Jan 2016 17:04:29 +0000 (10:04 -0700)]
Call session_cache_limiter() before starting a session
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to
a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
Ed Sanders [Mon, 25 Jan 2016 17:37:08 +0000 (17:37 +0000)]
TableSorter: Use SVGs with PNG fallbacks instead of GIFs
Also removes the never-used sort_none.gif.
Change-Id: Ia16e19985f68b1d188b4391c1156d61c781059cf
Bryan Davis [Mon, 25 Jan 2016 16:02:59 +0000 (09:02 -0700)]
Fix typo in cookie key
Fix typo in cookie key name introduced in I1098d05
Bug: T124641
Change-Id: Ib140aa61ba56844191304c4308052148c728bc64
jenkins-bot [Mon, 25 Jan 2016 15:12:47 +0000 (15:12 +0000)]
Merge "Improve wording and tense in some "page language" strings"
Bartosz Dziewoński [Mon, 25 Jan 2016 12:37:18 +0000 (13:37 +0100)]
Release notes for
f51d0d9a819f8f1c181350ced2f015ce97985fcc
Change-Id: I23199a7e8c67e93e4313f80b2c2b2ba074d52b86