Aaron Schulz [Tue, 21 Nov 2017 02:09:52 +0000 (18:09 -0800)]
Reduce lag waiting time in CategoryMembershipUpdateJob critical section
Bug: T180793
Change-Id: Icfe8dd16f4194c5d4f88d7547f732acae8b1cfe2
jenkins-bot [Sat, 18 Nov 2017 21:44:15 +0000 (21:44 +0000)]
Merge "@since tags & private class properties for TitleValue"
jenkins-bot [Sat, 18 Nov 2017 21:42:34 +0000 (21:42 +0000)]
Merge "Add __toString method to LinkTarget interface"
Translation updater bot [Sat, 18 Nov 2017 20:53:19 +0000 (21:53 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: If8cc0f3abd7cde509909de175a32c9492f9388a6
addshore [Sat, 18 Nov 2017 17:34:41 +0000 (17:34 +0000)]
@since tags & private class properties for TitleValue
Change-Id: I3d8315ade6aa70bda43d90b0b32b730d8c9cbd2e
addshore [Sat, 18 Nov 2017 17:34:10 +0000 (17:34 +0000)]
Add __toString method to LinkTarget interface
Change-Id: I4f12e3175a308f88e240db01cd4e91e78b283057
daniel [Thu, 16 Nov 2017 19:44:44 +0000 (20:44 +0100)]
Introduce the UserIdentity interface.
This provides a narrow view on a user identity, providing access to
ID and name.
This has been extracted from I140f43a6fb443b for re-use with Actors,
on Anomie's request.
Change-Id: Ief00db5ce382537c5bf992159eae6baf096ae4be
addshore [Sat, 18 Nov 2017 18:22:24 +0000 (18:22 +0000)]
[MCR] tests for Revision::getQueryInfo
Bug: T180210
Change-Id: I5bdb5eed853e22bacd6b4c2546343e9d0f2d8c89
addshore [Sat, 18 Nov 2017 18:08:45 +0000 (18:08 +0000)]
[MCR] tests for Revision::getArchiveQueryInfo
Bug: T180210
Change-Id: Icb016be8d69dfdfa83f44bbc4fb259b5beb30678
addshore [Sat, 18 Nov 2017 17:49:22 +0000 (17:49 +0000)]
[MCR] Readd various field & cond method tests for Revision
This is a partial revert of:
Idcfd15568489d9f03a7ba4460e96610d33bc4089
which removed these tests.
Bug: T180210
Change-Id: Ib0617ee0a7bd4391ed25415b44a8ed077a985eaa
jenkins-bot [Sat, 18 Nov 2017 13:00:39 +0000 (13:00 +0000)]
Merge "Remove box-shadow from preference panels for ooui-apex"
jenkins-bot [Sat, 18 Nov 2017 03:54:22 +0000 (03:54 +0000)]
Merge "Fix RemexCompatMunger infinite recursion"
jenkins-bot [Sat, 18 Nov 2017 02:08:27 +0000 (02:08 +0000)]
Merge "SwiftFileBackend::resolveContainerPath() check the proper length"
Aaron Schulz [Fri, 17 Nov 2017 23:27:49 +0000 (15:27 -0800)]
SwiftFileBackend::resolveContainerPath() check the proper length
The length sanity check should use this instead of urlencode()
see it is rawurlencode() that is actually used.
Change-Id: I5632e30c14c8ab27c8324c3e31311ca8bff7c162
Ed Sanders [Fri, 17 Nov 2017 22:02:58 +0000 (22:02 +0000)]
Follow-Up Iae63b6994: Add missing editfont dependency
Change-Id: I606a81576baf312891f3bb12f575892b00bca823
Ed Sanders [Fri, 17 Nov 2017 21:23:16 +0000 (21:23 +0000)]
Remove box-shadow from preference panels for ooui-apex
Change-Id: I7d42c75053b29cb634b18bae9e06e6b28ae1e967
Translation updater bot [Fri, 17 Nov 2017 21:03:49 +0000 (22:03 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Iabf53d3c29d23ea48d35c2a45d88b2b3d937d5c6
addshore [Wed, 15 Nov 2017 10:37:29 +0000 (10:37 +0000)]
Revision::userCanBitfield test fallback to $wgUser
Bug: T180210
Change-Id: Ibda256d6fdd8762e0e90748d71034979e2de106f
Ed Sanders [Fri, 17 Nov 2017 17:15:44 +0000 (17:15 +0000)]
Work around Firefox 57 attribute parsing regression
Bug: T180138
Change-Id: I554d5adf88c448db64e6f135e19ee76a4ec28493
jenkins-bot [Fri, 17 Nov 2017 15:53:52 +0000 (15:53 +0000)]
Merge "Expose string->bool conversion as function"
Tim Starling [Fri, 17 Nov 2017 11:15:59 +0000 (22:15 +1100)]
Fix RemexCompatMunger infinite recursion
When TreeBuilder requests reparenting of all child nodes of a given
element, we do this by removing the existing child nodes, and then
inserting the proposed new parent under the old parent. However, when a
p-wrap diversion is in place, the insertion of the new parent is
diverted into the p-wrap, and the p-wrap then becomes a child of the new
parent, causing a reference loop, and ultimately infinite recursion in
Serializer.
Instead, divert the entire reparent request to the p-wrap, so that the
new parent is a child of the p-wrap. This makes sense since the new
parent is always a formatting element. The only caller of
reparentChildren(), apart from proxies, is AAA step 17, which reparents
children under the formatting element cloned from the AFE list.
Left in some debug code for next time.
Bug: T178632
Change-Id: Id77d21d99748e94c064ef24c43ee0033de627b8e
jenkins-bot [Thu, 16 Nov 2017 23:05:43 +0000 (23:05 +0000)]
Merge "Preferences: Improve visual appearance by “unboxing” sections"
jenkins-bot [Thu, 16 Nov 2017 23:03:20 +0000 (23:03 +0000)]
Merge "Cleanup, removed space"
Volker E [Wed, 15 Nov 2017 00:47:52 +0000 (16:47 -0800)]
Preferences: Improve visual appearance by “unboxing” sections
Instead let's work with whitespace, which also saves virtual space and
makes the appearance not as jarring.
Bug: T180538
Depends-on: I39088107e6ab07399f9826dd925df9e1b8dda006
Change-Id: I24d21eb3c0d188004dacbce8a9bc1ac3ad7e2a8f
Translation updater bot [Thu, 16 Nov 2017 21:34:02 +0000 (22:34 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I20f8422f709fe37f212b65f2e995db30776009eb
jenkins-bot [Thu, 16 Nov 2017 20:34:31 +0000 (20:34 +0000)]
Merge "Use Remex in Sanitizer::stripAllTags()"
jenkins-bot [Thu, 16 Nov 2017 17:31:44 +0000 (17:31 +0000)]
Merge "OOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping"
jenkins-bot [Thu, 16 Nov 2017 17:22:39 +0000 (17:22 +0000)]
Merge "HTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable again"
jenkins-bot [Thu, 16 Nov 2017 17:05:14 +0000 (17:05 +0000)]
Merge "HTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets"
Bartosz Dziewoński [Thu, 16 Nov 2017 16:14:29 +0000 (17:14 +0100)]
HTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets
This is really a workaround for an issue in a completely different place:
JS RadioSelectInputWidget internally uses `<input type="hidden">`
rather than real radio buttons, which does not work correctly with the
code in mediawiki.special.preferences.confirmClose.js. Ideally we would
change RadioSelectInputWidget to not do such weird things.
However, I think this is actually a good thing to do in general.
From the user's perspective, PHP RadioSelectInputWidget and JS
RadioSelectInputWidget look and behave the same, so there's no reason
to infuse and rebuild them.
This behavior was implemented in
f50cee1375201a5d3fd76c0c262cfc7e66bd5d42
in which unfortunately I did not document the reason for it. For other
fields it makes obvious sense (the JS widgets have improvements like
autocompletion, or at least look "pretty"), but I have no idea why
I did it for this one.
Bug: T180643
Change-Id: I53e50f8cda39466b2396b374e642c154487888bb
Bartosz Dziewoński [Thu, 16 Nov 2017 10:24:47 +0000 (11:24 +0100)]
OOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping
The code in formatSection() assumed it was only called for the
toplevel section (the whole form), while it's actually called
for every subsection too. I think it was written before we added
support for subsections in OOUIHTMLForm.
Move code for toplevel section wrapping to wrapForm().
As a bonus, this also fixes display of custom headers and error
or warning messages for forms with subsections.
Bug: T180535
Change-Id: I6a88184d302a951be78387490404137acde3fa1a
WMDE-Fisch [Thu, 16 Nov 2017 12:27:11 +0000 (13:27 +0100)]
Fixed hover circle for timeless skin
Bug: T180663
Change-Id: I5112636bcfae6f41e86ccc29524ccf5c9e2a6004
Bartosz Dziewoński [Thu, 16 Nov 2017 10:51:19 +0000 (11:51 +0100)]
HTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable again
Regression from
5a113417e5af9d0d0dbed63429649a9780784d45.
Bug: T180677
Change-Id: Id1b0ebe9d9a56a76d73deb2b4d17213ae5e45a04
jenkins-bot [Thu, 16 Nov 2017 10:04:35 +0000 (10:04 +0000)]
Merge "Hide empty OOUI FieldsetLayout headers"
Huji Lee [Sun, 12 Nov 2017 01:44:00 +0000 (20:44 -0500)]
UserGroupsChanged hook should specify the performer of the change
Otherwise, there will be a unit-testing error when Echo is enabled
Bug: T180292
Change-Id: Ibc185c82ad2a03e06e5727a633e6ab6bccce3345
jenkins-bot [Thu, 16 Nov 2017 01:33:21 +0000 (01:33 +0000)]
Merge "Move Sanitizer.php to includes/parser/"
jenkins-bot [Thu, 16 Nov 2017 01:32:46 +0000 (01:32 +0000)]
Merge "SanitizerTest: Add tests for stripAllTags"
Roan Kattouw [Tue, 14 Nov 2017 22:22:31 +0000 (14:22 -0800)]
Use Remex in Sanitizer::stripAllTags()
Using a real HTML tokenizer fixes bugs when < or > appear in attribute
values. The old implementation used delimiterReplace(), which didn't
handle this case:
> print Sanitizer::stripAllTags( '<p data-foo="a<b>c">Hello</p>' );
c">Hello
We also can't use PHP's built-in strip_tags() because it doesn't handle
<?php and <? correctly:
> print strip_tags('1<span class="<?php">2</span>3');
1
> print strip_tags('1<span class="<?">2</span>3');
1
Bug: T179978
Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e
Roan Kattouw [Wed, 15 Nov 2017 20:44:48 +0000 (12:44 -0800)]
Move Sanitizer.php to includes/parser/
Change-Id: Id08d91c747ec77d715459b89b03eee247ccd4e1b
Roan Kattouw [Tue, 14 Nov 2017 22:16:14 +0000 (14:16 -0800)]
SanitizerTest: Add tests for stripAllTags
Bug: T179978
Change-Id: I9776cfd51b1b3ec772d4216168fbe466f48f5892
Translation updater bot [Wed, 15 Nov 2017 20:54:46 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I746f9a0b5a9ffcfbe198b4d222e476b169bad2dc
jenkins-bot [Wed, 15 Nov 2017 19:27:05 +0000 (19:27 +0000)]
Merge "Preferences: Remove unwise caching of Preferences::getPreferences()"
jenkins-bot [Wed, 15 Nov 2017 19:15:49 +0000 (19:15 +0000)]
Merge "Revert "RCFilters: Remove excluded params from URL""
Catrope [Wed, 15 Nov 2017 18:34:55 +0000 (18:34 +0000)]
Revert "RCFilters: Remove excluded params from URL"
Breaks limit and days selection by also removing these
params from the AJAX request URL
This reverts commit
b8a10e6dcf00da3519ccb9e43d1c2ce0db422557.
Bug: T180577
Change-Id: Ifc6fa8cde8ffce0ac79fc3a2db55291bc2a84e20
Brad Jorsch [Wed, 15 Nov 2017 16:44:53 +0000 (11:44 -0500)]
Clean up RELEASE-NOTES-1.31
A few recent changes introduced entries with bad spacing, and there's no
need for the ellipsis placeholder entries in a section once real entries
have been added.
Change-Id: Ia1f4aaa63c1fc859a5f6b0ec7726d98f81df2c05
Arlo Breault [Wed, 15 Nov 2017 14:42:11 +0000 (09:42 -0500)]
Sync up with Parsoid parserTests.txt
This now aligns with Parsoid commit
3048db625dca69d8a89cde4cbabee0105f2975f5
Change-Id: I2bf07d6582367f25d9f69712dc4350982b627851
jenkins-bot [Wed, 15 Nov 2017 14:21:33 +0000 (14:21 +0000)]
Merge "Remove $wgAuth usage from wrapOldPasswords.php"
jenkins-bot [Wed, 15 Nov 2017 11:13:22 +0000 (11:13 +0000)]
Merge "Preferences: Show preview of edit fonts in edit font selector"
Ed Sanders [Tue, 7 Nov 2017 15:33:03 +0000 (15:33 +0000)]
Preferences: Show preview of edit fonts in edit font selector
Change-Id: Iae63b69940485165b660f51deb864979aefb8cd0
Bartosz Dziewoński [Mon, 13 Nov 2017 16:42:04 +0000 (17:42 +0100)]
Preferences: Remove unwise caching of Preferences::getPreferences()
The result of this function depends on the $user and $context
parameters (e.g. it includes the username from the user, and
localisation messages the language from the context). However,
both of them would be ignored if the result was cached, even
if calling with a different $user or $context.
Rather than make this more complicated just remove the caching.
This is not a hot code path: this function is not called at all
on normal page views, it's called just once when viewing
preferences, and at most twice when saving them.
Change-Id: I92390120a16448383a25e9ba2dd35a434a2f21bf
Bartosz Dziewoński [Mon, 13 Nov 2017 18:42:33 +0000 (19:42 +0100)]
ApiOptionsTest: Do not use ->at()
Quoting PHPUnit docs:
The $index parameter for the at() matcher refers to the index,
starting at zero, in all method invocations for a given mock object.
Exercise caution when using this matcher as it can lead to brittle
tests which are too closely tied to specific implementation details.
Indeed these test cases would break horribly with unintuitive error
messages ("Mocked method does not exist") if anything in preferences
or API code called any additional methods on the mocked user. For
example, it relied on the caching in Preferences::getPreferences(),
which is being removed in I92390120a16448383a25e9ba2dd35a434a2f21bf.
I'm pretty sure all that matters here is that all the setOption()
calls with different arguments happen, so let's test just that.
Change-Id: I30a814151a006e5f147eebb918344049807b2b97
jenkins-bot [Wed, 15 Nov 2017 10:38:42 +0000 (10:38 +0000)]
Merge "MWExceptionRenderer: Wrap error message in a paragraph"
jenkins-bot [Wed, 15 Nov 2017 10:17:32 +0000 (10:17 +0000)]
Merge "Treat langtags in SVG switch case-insensitively"
jenkins-bot [Wed, 15 Nov 2017 07:12:06 +0000 (07:12 +0000)]
Merge "Updated phpunit/phpunit from v4.8.35 to v4.8.36 in correct RELEASE-NOTES"
Stanislav Malyshev [Tue, 31 Oct 2017 21:01:02 +0000 (14:01 -0700)]
Expose string->bool conversion as function
There is code in several places in extensions which converts
setting or parameter string (such as "true", "yes", "false", "no")
to boolean. Since we already have the code that does in global
functions in wfStringToBool(), it makes sense to expose this code
and reuse it.
Change-Id: I88d98b012ff4bf14fd64a05a9135a6e75cf2d4e7
Brian Wolff [Wed, 15 Nov 2017 06:56:38 +0000 (06:56 +0000)]
Follow-up I077d30c50 fix phpcs error
Change-Id: I28cb7060d6149d96ceb0dcad7e2bff2ed3434411
Brian Wolff [Wed, 15 Nov 2017 05:34:10 +0000 (05:34 +0000)]
Fix langauge converter parser test with self-close tags
This fixes an issue in
f21f3942 where if there was an html
element with an alt or title attribute containing an <
entity, an ascii EOT control character (0x04) may become
inserted into the text if language converter was enabled.
Due to a really old bug in language converter, self-closed tags
got turned into non-self closed tags. However due a different
bug which was fixed in
f21f3942 this code path was rarely taken
so nobody noticed until now.
Follow-up Idbc45cac12
Bug: T180552
Change-Id: I077d30c50fcb419837fef937d27caca307153d2d
Brian Wolff [Wed, 15 Nov 2017 04:37:15 +0000 (04:37 +0000)]
Follow-up
5e56f01f1. Rebase failure.
Bug: T180551
Change-Id: I07a8c2555f08c6c731cd7e1917be451ec40d4d0c
Brian Wolff [Wed, 15 Nov 2017 03:42:38 +0000 (03:42 +0000)]
Fix LanguageSrTest for language converter
Language converter seems to maintain state between parser
invocations. Use a more unique string for the test.
This is a follow-up to
98b6635895.
Bug: T180551
Change-Id: I0259b378549f7d9778c27c4bc3efd8d277893f8c
Reedy [Wed, 15 Nov 2017 03:45:30 +0000 (03:45 +0000)]
Ignore long git hashes for eval-stdin.php
This reverts commit
5b205725842edbae6ccde5a13baf20c2eb3ec4ae.
Change-Id: Ib47ffed1174628959b9ef537370ff88f8bcb22f1
Reedy [Wed, 15 Nov 2017 03:37:27 +0000 (03:37 +0000)]
Fix phpcs issues from LanguageConverter patches
Change-Id: I34e57c90ffd40fbd9f8afe3c57dd73fa7f655841
Brian Wolff [Thu, 11 Feb 2016 22:08:03 +0000 (17:08 -0500)]
SECURITY: Handle -{}- syntax in attributes safely
Previously, if one had an attribute with the contents
"-{}-foo-{}-", foo would get replaced by language converter as if
it wasn't in an attribute. This lead to an XSS attack.
This breaks doing manual conversions in url href's (or any
other attribute that goes through an escaping method
other than Sanitizer's). e.g. http://{sr-el:foo';sr-ec:bar}.com
won't work anymore. See also T87332
Bug: T119158
Change-Id: Idbc45cac12c309b0ccb4adeff6474fa527b48edb
Brian Wolff [Sun, 24 Jan 2016 10:29:10 +0000 (05:29 -0500)]
SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit
Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers
Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.
Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
Brad Jorsch [Tue, 14 Nov 2017 16:17:02 +0000 (11:17 -0500)]
SECURITY: Fix rebase error in
4d38a489
The fix for T125177 from
F4932228 was incorrectly rebased when it was
applied to master as
4d38a489, causing the bug to not actually be fixed.
Bug: T180488
Change-Id: Ie6b87ef2373369987c112c19903c99afb789c1ff
Reedy [Wed, 15 Nov 2017 03:19:00 +0000 (03:19 +0000)]
Shorten git hashes for eval-stdin.php
Ping I5b838686ede9764083c52853cc05c52ea72739df
Change-Id: Ie80a068507444721f8ffdbdc1867555338489283
Kunal Mehta [Sat, 11 Nov 2017 00:53:24 +0000 (16:53 -0800)]
SECURITY: update.php: Remove eval-stdin.php if necessary
If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.
Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
Reedy [Wed, 15 Nov 2017 01:55:22 +0000 (01:55 +0000)]
Add missing ComposerVendorHtaccessCreator class to autoload.php
Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38aaaa
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Kunal Mehta [Sat, 11 Nov 2017 00:05:13 +0000 (16:05 -0800)]
SECURITY: Create a .htaccess in /vendor after composer runs
The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.
If the htaccess file already exists, this hook won't do anything.
Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Brian Wolff [Sun, 24 Sep 2017 00:57:05 +0000 (00:57 +0000)]
SECURITY: Ensure Message::rawParams can't lead to XSS
If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.
To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.
This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.
This is similar to the parser strip marker issue.
Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
Gergő Tisza [Wed, 15 Nov 2017 01:58:49 +0000 (17:58 -0800)]
Fix tests for I7afaa955a4b393ef00b11e420709bd62b84fbc71
Change-Id: Id5a2a9768dc64db5259a5988d645e664163ba234
Brian Wolff [Mon, 13 Nov 2017 16:02:50 +0000 (16:02 +0000)]
SECURITY: Do not reveal if user exists during login failure
This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.
Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Brad Jorsch [Fri, 26 Feb 2016 22:46:07 +0000 (17:46 -0500)]
SECURITY: API: Avoid some silliness with browser-guessed filenames
If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.
We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.
Issue reported by: Abdullah Hussam
Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
Brad Jorsch [Fri, 19 May 2017 21:35:11 +0000 (23:35 +0200)]
SECURITY: Add throttling for BotPasswords authentication attempts
ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.
There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.
Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
Brian Wolff [Wed, 18 Oct 2017 05:28:43 +0000 (05:28 +0000)]
SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
Volker E [Tue, 14 Nov 2017 23:00:46 +0000 (15:00 -0800)]
Hide empty OOUI FieldsetLayout headers
In cases where the label or the icon are unset the header shouldn't take
up space, nor should it be visible to screenreaders.
That's a workaround, it should not be in the markup. T180535 is the place
to address the unnecessary markup further.
Bug: T177668
Bug: T180535
Change-Id: I39088107e6ab07399f9826dd925df9e1b8dda006
Gergő Tisza [Tue, 14 Nov 2017 23:01:38 +0000 (15:01 -0800)]
Remove $wgAuth usage from wrapOldPasswords.php
AuthPlugin::allowSetLocalPassword() has been deprecated with no
real replacement. (Authentication providers largely describe things
from a client POV, so we can check whether the authentication system
is configured to use passwords but not whether it uses the
user_password field. We could check whether the auth providers include
LocalPasswordAuthenticationProvider but that's rather fragile.)
There does not seem to be much need, either; we can assume the site
admin has at least a basic knowledge of what they are using and would
not run wrapOldPasswords.php if the site wasn't using local passwords.
Bug: T180537
Change-Id: I34f2d8ad0d801b5460b768ad1d52b29b0a1b08db
jenkins-bot [Tue, 14 Nov 2017 22:52:13 +0000 (22:52 +0000)]
Merge "Special:Preferences: Use OOjs UI"
jenkins-bot [Tue, 14 Nov 2017 22:35:41 +0000 (22:35 +0000)]
Merge "DatabaseUpdater: Add modifyExtensionTable()"
Translation updater bot [Tue, 14 Nov 2017 20:54:20 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Iba3374ef6484fe0dbc23013dd7389377ddf4e8a5
addshore [Tue, 14 Nov 2017 12:13:43 +0000 (12:13 +0000)]
Test for Revision::getRecentChange
Bug: T180210
Change-Id: I67a425676236af77063ad759f4515742533436ca
addshore [Tue, 14 Nov 2017 12:03:39 +0000 (12:03 +0000)]
Tests for Revision::getRevisionText with ExternalStore usage
Bug: T180210
Change-Id: I20e47a44a064ede4f5e674f57ec4d8e39b379ad6
jenkins-bot [Tue, 14 Nov 2017 18:36:24 +0000 (18:36 +0000)]
Merge "Split interface from WatchedItemStore"
addshore [Mon, 20 Mar 2017 12:57:37 +0000 (12:57 +0000)]
Split interface from WatchedItemStore
Change-Id: Ifb029f5c79ee4865ee225d4f44d3354d95014cce
Brad Jorsch [Tue, 14 Nov 2017 17:53:02 +0000 (12:53 -0500)]
PostgreSQL: Use correct PK name so patch-site_stats-pk.sql isn't run when not needed
PostgreSQL names this primary key "site_stats_pkey" by default, not
"PRIMARY".
Bug: T180508
Change-Id: I626e46186376bc2a13157664c3ea6e097fa5e650
jenkins-bot [Tue, 14 Nov 2017 17:41:34 +0000 (17:41 +0000)]
Merge "Fix up logging grouping in ApiStashEdit"
jenkins-bot [Tue, 14 Nov 2017 16:45:02 +0000 (16:45 +0000)]
Merge "Do not limit filesize when running a maintenance script"
jenkins-bot [Tue, 14 Nov 2017 15:00:47 +0000 (15:00 +0000)]
Merge "Introduce ExternalStoreFactory"
jenkins-bot [Tue, 14 Nov 2017 13:34:36 +0000 (13:34 +0000)]
Merge "Family name of Thiemo changed"
jenkins-bot [Tue, 14 Nov 2017 13:30:05 +0000 (13:30 +0000)]
Merge "Initial tests for Revision::getRevisionText"
jenkins-bot [Tue, 14 Nov 2017 13:27:10 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCan"
jenkins-bot [Tue, 14 Nov 2017 13:27:06 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCanBitfield"
jenkins-bot [Tue, 14 Nov 2017 13:27:03 +0000 (13:27 +0000)]
Merge "Test for Revision::newKnownCurrent"
addshore [Tue, 14 Nov 2017 11:17:34 +0000 (11:17 +0000)]
Introduce ExternalStoreFactory
Change-Id: If0d8f503e3cc9fd83f3b40e2ac8a5f9dc8b7e0ea
Thiemo Mättig [Tue, 14 Nov 2017 12:59:15 +0000 (13:59 +0100)]
Family name of Thiemo changed
Change-Id: I5477d02111e53790e858624c4b7c4f09dbc418fa
addshore [Tue, 14 Nov 2017 10:40:23 +0000 (10:40 +0000)]
Initial tests for Revision::getRevisionText
Bug: T180210
Change-Id: Idd5c1af7ecc336ba3f32b15fd8d5cb5bd19f649b
Tim Starling [Tue, 14 Nov 2017 09:33:46 +0000 (20:33 +1100)]
Do not limit filesize when running a maintenance script
Starting HHVM may require writing very large files, so it can't have the
same file size limit as image scaling etc. The memory limit was already
disabled for much the same reason.
This is the only caller of wfShellWikiCmd() in core which proceeds to
call wfShellExec().
Bug: T145819
Change-Id: I1ab35edbbdb63c2d6f5f578cba2547be79a965ef
Roan Kattouw [Tue, 14 Nov 2017 02:31:23 +0000 (18:31 -0800)]
DatabaseUpdater: Add modifyExtensionTable()
We already had modifyExtensionField(), but to do a table modification
you still had to do
$updater->addExtensionUpdate( [ 'modifyTable', ... ] );
Change-Id: I20368bf3c007a01718513a435de24907dc0aaf81
jdlrobson [Thu, 28 Sep 2017 18:42:32 +0000 (13:42 -0500)]
Provide message/warning/error box abstraction
This will help us consolidate the various uses into one single
method which will help us drive standardisation of these defacto
widgets.
Hopefully, by being a method of the Html class, which has a very
low barrier for use will drive down the inconsistent display of
warning/error boxes across MediaWiki's products
Various usages of warningbox and errorbox have been ported over.
I've retained some more complicated usages which make use of the
parser (wrapWikiMsg) and any where id and class are medled with
- we'll probably want to consider whether we want to encourage
those going forward as they encourage adjusting the styling.
Bug: T166915
Change-Id: I2757e1f4ff2599e93a7257fc644cab69063896d2
jenkins-bot [Mon, 13 Nov 2017 21:49:58 +0000 (21:49 +0000)]
Merge "RCFilters: fix call to changesListModel.update()"
Translation updater bot [Mon, 13 Nov 2017 21:04:57 +0000 (22:04 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I964eda712b69d542ca230f44ba125f0f29a328a2