Siebrand Mazeland [Sat, 11 Jan 2014 09:11:38 +0000 (10:11 +0100)]
Remove deprecated ParserOptions::getSkin()
Has been deprecated since 1.18. One remaining use in a Gerrit extension
replaced.
Change-Id: I7eba24593368047ca48a5e1cb60378319c1e51b2
jenkins-bot [Wed, 22 Jan 2014 23:37:44 +0000 (23:37 +0000)]
Merge "Remove deprecated MediaWiki::articleFromTitle() and WikiPage::createUpdates()"
jenkins-bot [Wed, 22 Jan 2014 22:06:12 +0000 (22:06 +0000)]
Merge "Provide correct type as input for LoadMonitor::postConnectionBackoff()"
jenkins-bot [Wed, 22 Jan 2014 22:05:20 +0000 (22:05 +0000)]
Merge "Update/add documentation in the LoadBalancer class"
jenkins-bot [Wed, 22 Jan 2014 21:27:48 +0000 (21:27 +0000)]
Merge "Expand documentation around $wgAPI*Modules"
Siebrand Mazeland [Sat, 11 Jan 2014 20:16:51 +0000 (21:16 +0100)]
Remove deprecated MediaWiki::articleFromTitle() and WikiPage::createUpdates()
No uses found in core or Gerrit extensions.
* MediaWiki::articleFromTitle() (deprecated in 1.18)
* WikiPage::createUpdates() (deprecated in 1.18)
Change-Id: I689249b579ee89f883b97fdb4ac79fb3502c45dc
Siebrand Mazeland [Sat, 11 Jan 2014 19:49:38 +0000 (20:49 +0100)]
Remove FakeMemCachedClient
Was deprecated in 1.18. Not used in core or Gerrit extensions.
Change-Id: I06bc9c6f01f21386c772fa7fad57b55a7c7b2fe4
Reedy [Wed, 22 Jan 2014 07:14:13 +0000 (07:14 +0000)]
Short circuit in notifyRCFeeds
Save instantiating classes unnecesserily
Add getEngine return type hint. Also make public
Change-Id: Ie2610516f99fe7b01742e7e95e13c4b1b90c77d7
jenkins-bot [Wed, 22 Jan 2014 00:39:15 +0000 (00:39 +0000)]
Merge "Clean up whitespace in various javascript files"
Fomafix [Tue, 21 Jan 2014 20:49:07 +0000 (20:49 +0000)]
Clean up whitespace in various javascript files
Change-Id: I62fe370493b269618a0277ea06ed6ad22b97616a
jenkins-bot [Tue, 21 Jan 2014 22:49:38 +0000 (22:49 +0000)]
Merge "Move initial setting of $extNode out of the conditional"
Reedy [Thu, 16 Jan 2014 02:04:32 +0000 (02:04 +0000)]
Move initial setting of $extNode out of the conditional
Change-Id: I3d13bfde15085d8c17ef41c6729bec2e9f8f84a2
Kevin Israel [Mon, 16 Dec 2013 16:02:51 +0000 (11:02 -0500)]
Check for very old PCRE versions in installer and updater
RE_IPV6_ADD uses (?(-n)) ("relative reference condition"), and CSSMin uses
\K ("reset start of match"), which only work in PCRE 7.2 and later -- newer
versions than the PCRE 6.6 included with Red Hat Enterprise Linux 5 and its
derivatives (e.g. CentOS 5).
Because the WMF developers, in general, do not seem to support maintaining
compatibility with such old software versions, I have opted to add a check
to the MediaWiki installer for these versions of PCRE. Affected users are
directed to a MediaWiki.org page advising the use of a different PHP package
that uses the bundled PCRE version instead of the older system version.
For now, the minimum PCRE version is set to 7.2, the oldest version not
known to break MediaWiki core. Once PHP 5.3 support is dropped, we may be
able to require PCRE 8.12 (bundled with PHP 5.4.0) or later.
The existing check for mere existence of the PCRE functions is removed;
since PHP 5.3, it is impossible to compile PHP without PCRE support.
Bug: 58213
Change-Id: Icf3732b6f84eeb25990178ae8fe3bd0fe4cc833f
Translation updater bot [Tue, 21 Jan 2014 19:45:39 +0000 (19:45 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I2bf221ca2d246108335c61947a464d23961a6551
jenkins-bot [Tue, 21 Jan 2014 17:02:18 +0000 (17:02 +0000)]
Merge "Removed RdfMetaData"
Translation updater bot [Mon, 20 Jan 2014 20:17:10 +0000 (20:17 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I36b88d4b387ed2313b2160a6ba9fc6be056ded96
jenkins-bot [Mon, 20 Jan 2014 15:22:03 +0000 (15:22 +0000)]
Merge "Allow extensions to set a custom error message in the BlockIp hook"
Kunal Mehta [Sat, 18 Jan 2014 21:31:47 +0000 (13:31 -0800)]
Allow extensions to set a custom error message in the BlockIp hook
Change-Id: I2e3773e22c78370e6ca1de49e7b0976b68d8d76b
umherirrender [Sun, 19 Jan 2014 20:41:33 +0000 (21:41 +0100)]
Remove outdated comment from Preferences.php
There is a cleanupPreferences.php script
Change-Id: I29c55b3ba5d296a06e3c26e98b28779cb3959282
umherirrender [Sun, 19 Jan 2014 20:19:21 +0000 (21:19 +0100)]
Expand documentation around $wgAPI*Modules
Change-Id: I095fa03596c05d292faf1e6c1dce808deeee1a66
Translation updater bot [Sun, 19 Jan 2014 20:07:30 +0000 (20:07 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I1bc4622fa5c9c489fddd386c95fb9dbe05df7ce5
umherirrender [Sun, 19 Jan 2014 10:13:44 +0000 (11:13 +0100)]
Remove outdated fixme/todo in CoreParserFunctions.php
Title::getLength is not used and documentation of parameter is there
Change-Id: I50679ff19695a3afedd556e242f27e4172a9774a
raymond [Sat, 18 Jan 2014 22:03:47 +0000 (23:03 +0100)]
Make 2 messages optional for translation
Spotted by Joseph
https://translatewiki.net/wiki/Thread:Support/Optional_messages_(10)
Change-Id: Iaf9e42ed21edffd2d36f4ba09a5316f369b4812c
jenkins-bot [Sat, 18 Jan 2014 21:44:26 +0000 (21:44 +0000)]
Merge "Add $wgHideUserContribLimit config setting"
Translation updater bot [Sat, 18 Jan 2014 21:11:17 +0000 (21:11 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I8b17b1f8ea175c4f1cf75bece53b79eba39bb509
umherirrender [Tue, 17 Dec 2013 18:56:33 +0000 (19:56 +0100)]
Add $wgHideUserContribLimit config setting
Replace const in Special:Block by a config setting in
DefaultSettings.php
Setting to false will disable the limit (instead of setting to a
very high number).
The value is unchanged, but now it is possible to change it in
LocalSettings.php
Also add the value to the message to give better feedback to the
performer of the action.
Change-Id: I3fd39c1c9dfa65a24a3451800dc623b40162aeb5
jenkins-bot [Sat, 18 Jan 2014 02:58:00 +0000 (02:58 +0000)]
Merge "Improved vague/incomplete $1 thumb.php error messages"
Aaron Schulz [Wed, 8 Jan 2014 09:38:42 +0000 (01:38 -0800)]
Improved vague/incomplete $1 thumb.php error messages
Change-Id: I64d05e25f82242e92abbcbf20252fc17d5790d8b
Sorawee Porncharoenwase [Sat, 18 Jan 2014 01:09:09 +0000 (08:09 +0700)]
Also show a warning on page deletion if a page is transcluded
[[gerrit:65162]] warns on page deletion if a page which is about to delete
has at least one link to it. This patch improves the previous patch to
warn if at least one page transcludes the deleting page.
Change-Id: If8cb4956297f5d0b040e378f07fcbc43728d687c
jenkins-bot [Sat, 18 Jan 2014 00:48:01 +0000 (00:48 +0000)]
Merge "Add hooks in API action=createaccount for Captcha"
Aaron Schulz [Sat, 18 Jan 2014 00:20:53 +0000 (16:20 -0800)]
Removed RdfMetaData
* Unused by core or extensions
Change-Id: I3454d605a741bc97a51a1ad471a17eb3053d662f
jenkins-bot [Sat, 18 Jan 2014 00:15:35 +0000 (00:15 +0000)]
Merge "Expand load.php's "no modules requested" output to be friendlier"
MZMcBride [Fri, 17 Jan 2014 07:43:31 +0000 (02:43 -0500)]
Expand load.php's "no modules requested" output to be friendlier
Change-Id: I9300ec4d86a364034a70ce4204a0d9c1ac44b60f
Aaron Schulz [Fri, 17 Jan 2014 23:15:57 +0000 (15:15 -0800)]
Removed expiremental LSLockManager class
* This is pretty much obsoleted by RedisLockManager
Change-Id: I0feff44b5833072c8eb5a598169e1bb271d49de2
jenkins-bot [Fri, 17 Jan 2014 22:58:45 +0000 (22:58 +0000)]
Merge "Improve API query RevDel handling"
jenkins-bot [Fri, 17 Jan 2014 20:47:17 +0000 (20:47 +0000)]
Merge "Remove deprecated $wgBetterDirectionality"
Translation updater bot [Fri, 17 Jan 2014 20:43:42 +0000 (20:43 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Brion Vibber [Fri, 10 Jan 2014 23:16:40 +0000 (15:16 -0800)]
Add hooks in API action=createaccount for Captcha
New hooks:
* AddNewAccountApiForm
* AddNewAccountApiResult
These hooks are used in ConfirmEdit here: Id628def
Sample API client: https://github.com/brion/api-createaccount
Bug: 46072
Change-Id: If5b7dab80ac85dbfa0f7a54a445356783df5e914
Translation updater bot [Fri, 17 Jan 2014 20:40:24 +0000 (20:40 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: Ib0c5b0c2b4d450e2ed7ec2b2a4de418bdf6fa36d
jenkins-bot [Fri, 17 Jan 2014 20:40:06 +0000 (20:40 +0000)]
Merge "Remove methods in Block deprecated in 1.18"
jenkins-bot [Fri, 17 Jan 2014 19:42:37 +0000 (19:42 +0000)]
Merge "Remove methods in Article deprecated in 1.18"
jenkins-bot [Fri, 17 Jan 2014 19:33:24 +0000 (19:33 +0000)]
Merge "Allow SearchResults to specify that they matched file content"
Brad Jorsch [Wed, 18 Dec 2013 21:58:39 +0000 (16:58 -0500)]
Improve API query RevDel handling
* ApiQueryDeletedrevs, ApiQueryFilearchive, ApiQueryRecentChanges, and
ApiQueryWatchlist will now return entires where fields have been
revision-deleted. "Hidden" indicators will be provided as appropriate.
* ApiQueryImageInfo, ApiQueryLogEvents, ApiQueryRevisions,
ApiQueryContributions will now return field values in addition to the
"hidden" indicators when the requesting user has the necessary rights.
* Modules that return "hidden" indicators will now also return a
"suppressed" indicator.
* ApiQueryImageInfo will now return info for DELETED_FILE file revisions
if the requesting user has the 'deletedtext' right.
* ApiQueryLogEvents, when searching by user or title, will now return
entries where the user or action are revision-deleted if the
requesting user has the 'deletedhistory' right.
* ApiQueryContributions now uses the correct user rights rather than
'hideuser' to determine when to show contributions where the username
was revision-deleted.
* ApiQueryContributions will now indicate when the revision text is
hidden.
* Fix a bug in ApiQueryDeletedrevs found during testing where specifying
the "content" prop along with the "tags" prop or "drtag" parameter
would cause an SQL error.
* Fix various PHP warnings in ApiQueryFilearchive caused by the lack of
ArchivedFile::selectFields() fields.
* ApiQueryImageInfo::getInfo's $metadataOpts parameter has been renamed
$opts, and now may have an option to indicate the user to use for
RevDel visibility checks.
* ApiQueryWatchlist now properly uses the actual user's rights for
checking whether wlprop=patrol is allowed, rather than using the
wlowner's rights.
Bug: 27747
Bug: 27748
Bug: 28261
Bug: 34926
Bug: 48966
Change-Id: Idec2199976f460e1c73a26d0717e9fc4ab8042bb
Brad Jorsch [Fri, 17 Jan 2014 16:42:45 +0000 (11:42 -0500)]
Extend FileRepo::findFile private option to accept a User object
Callers may want to test visibility for a user other than $wgUser when
specifying the 'private' option. It seems a natural extension to allow
'private' to be a User object, with boolean true retaining its old
meaning of $wgUser.
Change-Id: Idbed0f3055c0135b5c11068de1bf1ef668e13456
Brad Jorsch [Fri, 17 Jan 2014 16:42:01 +0000 (11:42 -0500)]
Fix LocalRepo::findFiles and 'time' option
It's looking in the wrong place for the 'time' option so it never
actually queries for the old revisions.
Change-Id: Ifcb626fb27f8b602ff37cf33d4c66c4fc2fd3d56
Chad Horohoe [Fri, 3 Jan 2014 19:00:22 +0000 (11:00 -0800)]
Allow SearchResults to specify that they matched file content
Change-Id: I214406250d10b971dcca025da508272d9805567b
jenkins-bot [Fri, 17 Jan 2014 12:46:01 +0000 (12:46 +0000)]
Merge "Remove deprecated Article::forUpdate()"
jenkins-bot [Fri, 17 Jan 2014 11:55:50 +0000 (11:55 +0000)]
Merge "assertValidHtml for checking html in test cases."
daniel [Tue, 3 Dec 2013 17:42:48 +0000 (18:42 +0100)]
assertValidHtml for checking html in test cases.
implemented using tidy.
Change-Id: Idb98af785ca07ecd7afeebadf7396ecdc03a91bc
Aaron Schulz [Fri, 17 Jan 2014 00:07:09 +0000 (16:07 -0800)]
Put ActiveUsers behind the miser mode flag
This is the second most problematic query showing up in dberror.log (timeouts).
Something like this needs denormalization for larger wikis.
Change-Id: If786dea8a6195d11c812d46a583d272c7aa70fe7
Aaron Schulz [Wed, 15 Jan 2014 03:58:03 +0000 (19:58 -0800)]
Workaround ip2long limitation
* This was resulting in bogus queries that did ipblock table scans
bug: 60035
Change-Id: Id8f8846e002abcc0010c8706c664db86257786bf
Translation updater bot [Thu, 16 Jan 2014 22:59:11 +0000 (22:59 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: Ibc3cffd4793d8201841e2ba0c92e6b3b7abe4412
jenkins-bot [Thu, 16 Jan 2014 21:06:52 +0000 (21:06 +0000)]
Merge "Avoid expensive backlink counts for info action in miser mode"
jenkins-bot [Thu, 16 Jan 2014 20:42:55 +0000 (20:42 +0000)]
Merge "Removed ZhClient; unused by core and extensions"
Aaron Schulz [Thu, 16 Jan 2014 20:39:33 +0000 (12:39 -0800)]
Avoid expensive backlink counts for info action in miser mode
Change-Id: I13b64db1b23afd995cd0a2f5872fcedadd86c8ea
Aaron Schulz [Thu, 16 Jan 2014 20:25:41 +0000 (12:25 -0800)]
Removed ZhClient; unused by core and extensions
Change-Id: Ieda34368b8e1c4a09dc244f47f7e09d943849b1e
Aaron Schulz [Thu, 16 Jan 2014 20:11:45 +0000 (12:11 -0800)]
Moved SpecialPageFactory to specialpage/
Change-Id: Iaef958ea7831ec61e76002362672d5340e596348
jenkins-bot [Thu, 16 Jan 2014 19:51:47 +0000 (19:51 +0000)]
Merge "Remove DBABagOStuff"
Chad Horohoe [Thu, 16 Jan 2014 19:32:33 +0000 (11:32 -0800)]
Remove DBABagOStuff
Isn't useful outside of testing as the comments state, but it's
barely even useful for that. People who are testing the cache
code can use CACHE_DB if CACHE_MEMCACHED is too hard.
Change-Id: Ief0aa148376957fdd844c8bb585a133b854a012c
jenkins-bot [Thu, 16 Jan 2014 19:43:11 +0000 (19:43 +0000)]
Merge "Ehcache more like mehcache"
Chad Horohoe [Thu, 16 Jan 2014 18:21:21 +0000 (10:21 -0800)]
Ehcache more like mehcache
mehcache isn't a caching system, it's a pun.
I'm removing Ehcache support because it's an experiment didn't pan out
and the code's just sitting here abandoned now.
Change-Id: Ief5728b4c61bb5ad8f5a5f0b55415b23ef6727eb
jenkins-bot [Thu, 16 Jan 2014 18:43:50 +0000 (18:43 +0000)]
Merge "Improve mediawiki.js documentation"
Timo Tijhof [Wed, 15 Jan 2014 21:07:45 +0000 (22:07 +0100)]
Improve mediawiki.js documentation
Incorporate some of the edits made to the old documentation on
mediawiki.org at https://www.mediawiki.org/wiki/ResourceLoader/Default_modules
mw:
* Add note about the globals being added.
mw.Message:
* Add inline example.
* Revise documentation of related methods.
mw.loader:
* Add code samples for #addSource and #using.
* Document loadScript property for #addSource using @param syntax.
* Document "null" return value for #getVersion.
mw.html:
* Add code sample #escape.
mw.loader.store:
* Mark #update as method instead of the incorrectly inferred
type "property" (the assignment is non-trivial, it can't
infer the return type of the closure).
Change-Id: Id42a108066fac333a9253f2fa8908746b8a1ba8f
Bartosz Dziewoński [Thu, 16 Jan 2014 17:52:57 +0000 (18:52 +0100)]
SpecialWatchlist: Fix a fatal due to undefined variable
Followup to Iffc9ada3.
Change-Id: I6e7a43f2a78b9a94804151221ff4f2369d14d5db
jenkins-bot [Thu, 16 Jan 2014 16:55:43 +0000 (16:55 +0000)]
Merge "JSDuck-ify /resources/mediawiki/mediawiki.Uri.js"
jenkins-bot [Thu, 16 Jan 2014 16:44:06 +0000 (16:44 +0000)]
Merge "Don't always count CASCADINGSOURCES as expensive"
Bartosz Dziewoński [Wed, 15 Jan 2014 19:54:49 +0000 (20:54 +0100)]
JSDuck-ify /resources/mediawiki/mediawiki.Uri.js
* Cleaned up the whole-class documentation block.
* Marked some methods which looked internal as @private.
* Added or fixed some @return types.
* Documented instance properties.
* Fixed format of doc comments to conform to JSDuck standards,
wrapped comments to 100 characters.
* Did some spelling and grammar fixes.
* Added entries to categories.json and config.json.
Also simplified and commented some code in #parse.
Change-Id: I0159282ef56e55f9d19f45d9e80e00c3c89eaa25
jenkins-bot [Thu, 16 Jan 2014 16:33:09 +0000 (16:33 +0000)]
Merge "JSDuck-ify /resources/mediawiki.language/*"
Timo Tijhof [Fri, 10 Jan 2014 22:14:18 +0000 (23:14 +0100)]
Add OOjs to jsduck index
Change-Id: I7ced3673a0a09ea0f37b59729318f02e52fe1340
Bartosz Dziewoński [Sun, 22 Dec 2013 00:38:19 +0000 (01:38 +0100)]
JSDuck-ify /resources/mediawiki.language/*
* Removed some pieces of "documentation" I couldn't make any sense of. :)
* Marked some methods which looked internal as @private.
* Empirically tested and added some @return value types.
* Fixed format of doc comments to conform to JSDuck standards.
* Added entries to categories.json and config.json.
Also fixed jqueryMsg tests which depended on implementation details
and overwriting singleton classes and thus started failing now.
I have no idea what these hacks were for since the tests pass after
just removing them.
Change-Id: Ie60f72a5f277d846c09226d5af3da16b07f038c3
Aaron Schulz [Thu, 16 Jan 2014 00:48:59 +0000 (16:48 -0800)]
Fixed use of X-Newest in Swift backend
Change-Id: I9c9572269cd5366272070ccba954c3bd417aa696
jenkins-bot [Wed, 15 Jan 2014 21:22:20 +0000 (21:22 +0000)]
Merge "Fixed wrong usage of $tmpFile in Swift backend"
Jackmcbarn [Wed, 15 Jan 2014 21:13:13 +0000 (16:13 -0500)]
Don't always count CASCADINGSOURCES as expensive
When a page's cascading protection sources have already been loaded, don't
count CASCADINGSOURCES as expensive.
Change-Id: Ia9d25790c534414f637f85d6a3fc4f2c1c0de790
Aaron Schulz [Wed, 15 Jan 2014 21:05:01 +0000 (13:05 -0800)]
Fixed wrong usage of $tmpFile in Swift backend
Change-Id: I21293be38c53b4dca3030c26a201f70d8ed243f3
Translation updater bot [Wed, 15 Jan 2014 20:29:36 +0000 (20:29 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I3084c11bd01d68c14011da5c1167e9b7a14e8e9e
jenkins-bot [Wed, 15 Jan 2014 16:28:11 +0000 (16:28 +0000)]
Merge "Make PROTECTIONLEVEL count as expensive"
Aaron Schulz [Tue, 14 Jan 2014 22:57:44 +0000 (22:57 +0000)]
Revert "SpecialContributions: Avoid using 'contributions' slave for getParentLengths"
Actually this won't work, as the LB will see an already open slave and just reuse the same connection.
This reverts commit
fdf4b7cbd934f7f8d76de4564c4d4f83d60d8e4d.
Change-Id: I790f5b303fa264ecc36793b8650c79daae367e70
jenkins-bot [Wed, 15 Jan 2014 00:39:14 +0000 (00:39 +0000)]
Merge "Two fixups to SearchResult"
Gabriel Wicke [Tue, 7 Jan 2014 23:48:12 +0000 (15:48 -0800)]
Add Reference to relevant bug in new MSIE 6 CSS sanitization tests
Change-Id: Ie0bac33e9012d2d36242f31839a73cc848a40eba
Chad Horohoe [Wed, 15 Jan 2014 00:20:53 +0000 (16:20 -0800)]
Two fixups to SearchResult
- Make variables protected. Only class that uses these is LuceneResult
and it's fine
- Don't bother constructing a new file object if we've already got
one in memory (we likely do)
Change-Id: I7973aff1e96297a2fea70392b765c93a8c884d52
Bartosz Dziewoński [Sun, 24 Nov 2013 21:24:44 +0000 (22:24 +0100)]
Always load 'mediawiki.special.changeslist' on appropriate pages
It is also loaded by ChangesList (and subclasses), but the changes
list might not get a chance to ever execute that code if there are no
changes to show.
This fixes an issue where the legend would sometimes display unstyled
on Special:RecentChangesLinked.
Bug: 59959
Change-Id: Ia1741306303aa3d2641b47bf19efef540ec64779
Bartosz Dziewoński [Sun, 10 Nov 2013 18:56:34 +0000 (19:56 +0100)]
SpecialWatchlist: Split #execute into subfunctions like SpecialRecentChanges
Now we should think about how to make them actually use their
parent functions...
Change-Id: Iffc9ada30bf94c54d7bc8acc4cc2e66bbcf86eb8
jenkins-bot [Tue, 14 Jan 2014 22:38:13 +0000 (22:38 +0000)]
Merge "pageid parser function is expensive, make it so"
jenkins-bot [Tue, 14 Jan 2014 21:21:47 +0000 (21:21 +0000)]
Merge "Fix to avoid IE "compatibility view""
Translation updater bot [Tue, 14 Jan 2014 21:01:54 +0000 (21:01 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: I658d54f42b8e6c71a2e347f9c409221e84506923
Brad Jorsch [Tue, 14 Jan 2014 20:36:48 +0000 (15:36 -0500)]
pageid parser function is expensive, make it so
The pageid parser function (not to be confused with the pageid magic
word) hits the database for every title passed, which meets the criteria
for being considered an expensive parser function.
To mitigate this new expensiveness, check for special namespaces,
interwiki titles, and titles in LinkCache before hitting the DB.
Also, record potentially-valid titles in pagelinks so that the page can
be properly purged if the target is created/deleted.
Change-Id: I4fbfc265543f0a64c14dc8a44e1c89cd928a1adb
jenkins-bot [Tue, 14 Jan 2014 20:14:32 +0000 (20:14 +0000)]
Merge "SpecialContributions: Avoid using 'contributions' slave for getParentLengths"
Matthias Mullie [Tue, 14 Jan 2014 10:27:58 +0000 (11:27 +0100)]
Don't use complex datatypes as CAS tokens
For caches where CAS is not natively supported, we have a workaround, where the
CAS token is (based on) the stored value.
To confirm the data can be written to cache, the CAS token is compared against
"whatever is currently in cache", so we pull the cached data and rebuild the
value.
In the case of objects, we have now pulled & rebuilt (unserialized) 2 objects
that are actually the same object (for CAS purpose - it's the correct value to
overwrite), but in terms of ===, they're 2 different values.
This patch should make sure CAS tokens are always a serialized version of the
value we're saving (where no native CAS exists); these serialized versions can
reliably be compared.
Bug: 59941
Change-Id: I2760416c48f2ceb7a0e0c874dd70ec07b4dccdfc
Brad Jorsch [Tue, 14 Jan 2014 06:19:21 +0000 (22:19 -0800)]
SECURITY: Fix RevDel log entry information leaks
DELETED_ACTION is supposed to hide the target of the log entry. But a
few places weren't doing this properly.
This fixes:
* API list=logevents no longer returns the pageid when the target is
hidden.
* Enhanced RecentChanges no longer includes the log target page in the
CSS class. This should also make the CSS class actually useful.
* Watchlist no longer shows log entries with DELETED_ACTION unless the
user has deletedhistory, and with SUPPRESSED_ACTION unless the user
has suppressrevision.
Bug: 58699
Change-Id: I57f13bfc970a33ffd5a399ffb450d9ed0b77902f
csteipp [Thu, 19 Dec 2013 20:52:18 +0000 (12:52 -0800)]
SECURITY: Return error on invalid XML for SVGs
Return an error from UploadBase::detectScriptInSvg when the svg has
XML that cannot be parsed. Usually the XML is invalid, or the parser has
run out of memory trying to parse the file.
This patch is rebased on top of bug 57550.
Bug: 58553
Change-Id: I32661a27d7417cc2c69b844c805b190d6486d17a
csteipp [Tue, 14 Jan 2014 06:12:28 +0000 (22:12 -0800)]
SECURITY: Disallow -o-link in styles
Opera will execute javascript from -o-link css attributes.
Bug: 58472
Change-Id: I3b640282ca1feeb175b095e9fdc4dc3ceff05e0f
csteipp [Fri, 6 Dec 2013 21:34:30 +0000 (13:34 -0800)]
SECURITY: Don't normalize U+FF3C to \
Bug: 58088
Change-Id: I10bf8dbce41bd617ddf16eb5fc20af1b1cb5f201
Aaron Schulz [Tue, 7 Jan 2014 19:32:40 +0000 (11:32 -0800)]
SECURITY: Added missing auth check in img_auth.php
For $wgImgAuthUrlPathMap in img_auth.php
Bug: 57016
Change-Id: I874878322a91bf14091500223d3520861a1556bb
Sean Pringle [Tue, 14 Jan 2014 03:36:29 +0000 (13:36 +1000)]
SpecialContributions: Avoid using 'contributions' slave for getParentLengths
Bug: 59987
Change-Id: I65d8eb14c7ea17fd732339e2e27a98a95e60cbd3
mglaser [Wed, 8 Jan 2014 22:39:52 +0000 (23:39 +0100)]
SECURITY: Disallow stylesheets in svg
Bug: 57550
Change-Id: I73d148519c077e628d82a89280faa088bac9bdf5
Translation updater bot [Mon, 13 Jan 2014 21:26:51 +0000 (21:26 +0000)]
Localisation updates from https://translatewiki.net.
Change-Id: Ib1d083cac1ff5d9a222b66966ef30a74b6d8170a
Jackmcbarn [Mon, 13 Jan 2014 20:01:17 +0000 (15:01 -0500)]
Make PROTECTIONLEVEL count as expensive
When protection levels for a page have not previously loaded, make calls
to PROTECTIONLEVEL for that page count as expensive. Also, add new
accessors for the protection information.
Change-Id: Ic088a9f482154d5353ccf580bbe5c359371a8cdd
Brad Jorsch [Mon, 13 Jan 2014 19:48:36 +0000 (14:48 -0500)]
Move MySQL-specific fakeMaster/fakeSlave stuff to DatabaseMysqlBase
Probably the fakeMaster/fakeSlave stuff was originally intended to be
generic, but the existing code in Database.php is making some very
MySQL-specific assumptions. So let's evict it from Database.php (except
for the minimal support functions) and put it in DatabaseMysqlBase where
it makes more sense.
This also takes care of fixing the breakage described in I5d2a1696 by
reverting Id6268193 and the problematic bit of I364e192e (again).
Change-Id: I3dc6ca216bf2c2f07d3090e86f2539292e1fa86b
Aaron Schulz [Fri, 10 Jan 2014 21:36:13 +0000 (13:36 -0800)]
Fixed temp URL breakage in Swift
* The API behavior is not well-documented in that it wants the HMAC
to use the unencoded object name. CloudFiles had this same issue.
bug: 59894
Change-Id: I3f0c80eed55991bb85d0c12f98927efa19af6760
jenkins-bot [Mon, 13 Jan 2014 18:55:09 +0000 (18:55 +0000)]
Merge "Ensure a space of 0.5em between dt and dd in legend"