Bill Pirkle [Fri, 3 May 2019 01:57:40 +0000 (20:57 -0500)]
Force user id and actor id to 0 when loading from remote wikis
Stop-gap solution for the problem described in T222212.
Force the User ID and Actor ID to zero for users loaded
from the database of another wiki, to prevent subtle data
corruption and confusing failure modes.
Bug: T222381
Change-Id: Ic585f972d61da136744d080df13d8eb1ecd04cf5
jenkins-bot [Thu, 2 May 2019 23:25:10 +0000 (23:25 +0000)]
Merge "docs/kss/package.json: Update Gerrit /r/p/ link to /r/"
jenkins-bot [Thu, 2 May 2019 19:34:21 +0000 (19:34 +0000)]
Merge "Make generatePhpCharToUpperMappings.php a proper maintenance script"
jenkins-bot [Thu, 2 May 2019 19:08:50 +0000 (19:08 +0000)]
Merge "SearchInputWidget: Replace pushPending hack"
Brad Jorsch [Thu, 2 May 2019 17:54:42 +0000 (10:54 -0700)]
SECURITY: LogPager: Don't STRAIGHT_JOIN when using log_search
We'll hope MariaDB doesn't trigger T221458 in that situation.
Bug: T222324
Signed-off-by: Scott Bassett <sbassett@deploy1001.eqiad.wmnet>
Signed-off-by: James D. Forrester <jforrester@wikimedia.org>
Change-Id: I06364e9d0bce45bd97b2ec837d1f479feff76699
Ed Sanders [Wed, 10 Apr 2019 13:46:32 +0000 (14:46 +0100)]
Make generatePhpCharToUpperMappings.php a proper maintenance script
This allows us to use Title for converting to upper case which
will respect any compatibility fixes added later.
Bug: T219279
Change-Id: I746487df12e4628f1e37b33b7cc3cce597853596
Ed Sanders [Thu, 2 May 2019 16:15:20 +0000 (17:15 +0100)]
SearchInputWidget: Replace pushPending hack
Use the showPendingRequest config option instead of setting
a prototype method to false.
Bug: T222329
Change-Id: I0e3176141c63ed9a849326c2f9a5a26ffc2b273f
jenkins-bot [Thu, 2 May 2019 15:53:58 +0000 (15:53 +0000)]
Merge "Mock IDatabase::class instead of Database::class"
Umherirrender [Wed, 1 May 2019 15:31:13 +0000 (17:31 +0200)]
Mock IDatabase::class instead of Database::class
Change-Id: I960bfdd5c9738c201a1be3ccaae05efc3d176ea8
Aryeh Gregor [Wed, 10 Apr 2019 15:03:54 +0000 (18:03 +0300)]
Don't pass Config to service constructors
We don't want to depend on the entire site configuration when we only
need a few specific settings.
This change additionally means that these services no longer see a live
version of the settings, but rather a copy. This means in tests you
really do have to call overrideMwServices() if you want services to pick
up your config changes.
ResourceLoader and SearchEngineConfig will need more work to port,
because they expose their member Config in a getter, and the getter is
actually used.
Parser and NamespaceInfo are also relatively complicated, so I split
them into separate patches.
Tested with 100% code coverage. \o/
Depends-On: If6534b18f6657ec1aba7327463f2661037f995b3
Change-Id: I1a3f358e8659b49de4502dc8216ecb6f35f4e02a
jenkins-bot [Thu, 2 May 2019 00:22:16 +0000 (00:22 +0000)]
Merge "build: Upgrade grunt-banana-checker from 0.6.0 to 0.7.0 and make pass"
jenkins-bot [Thu, 2 May 2019 00:22:10 +0000 (00:22 +0000)]
Merge "build: Upgrade grunt from 1.0.3 to 1.0.4"
jenkins-bot [Wed, 1 May 2019 20:04:06 +0000 (20:04 +0000)]
Merge "Hide uploads link on IP contributions page"
jenkins-bot [Wed, 1 May 2019 20:03:59 +0000 (20:03 +0000)]
Merge "Remove `-moz` vendor prefixes"
jenkins-bot [Wed, 1 May 2019 19:56:25 +0000 (19:56 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Wed, 1 May 2019 19:55:49 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I31fb1c0676b6f32bbdde280afb98d3ce6c85854a
jenkins-bot [Wed, 1 May 2019 19:51:36 +0000 (19:51 +0000)]
Merge "Fix class name handling in DeprecationHelper"
Volker E [Wed, 1 May 2019 19:28:36 +0000 (12:28 -0700)]
Remove `-moz` vendor prefixes
These are applying only on Firefox < 33, which is mostly limited
to Firefox 3(.6?) on Windows XP and are currently used by 0.1% of our
users, which translates to little or no impact on users of affected
scripts.
Let's remove those for better code maintainability.
Bug: T222222
Change-Id: I9bcebb31036cc93759ff9167b8774d58cf768f8e
jenkins-bot [Wed, 1 May 2019 19:16:37 +0000 (19:16 +0000)]
Merge "shell: annotate return types"
jenkins-bot [Wed, 1 May 2019 18:26:59 +0000 (18:26 +0000)]
Merge "Introduce a BlockManager service"
jenkins-bot [Wed, 1 May 2019 18:25:10 +0000 (18:25 +0000)]
Merge "Update an old comment that predated IPv6"
jenkins-bot [Wed, 1 May 2019 17:31:45 +0000 (17:31 +0000)]
Merge "Fix WikiPage::commitRollback error message"
Thalia [Wed, 1 May 2019 17:28:55 +0000 (18:28 +0100)]
Update an old comment that predated IPv6
Change-Id: Ia9968eab3793f275cd7ca6a35cfd5b0bcc9604c5
Matěj Suchánek [Fri, 12 Apr 2019 09:20:33 +0000 (11:20 +0200)]
Hide uploads link on IP contributions page
If IPs cannot upload files, hide link to list of files
which they uploaded.
Also simplify the code: User::getID() should always return int,
so $id !== null was always true. And add references to some tasks.
Bug: T220674
Change-Id: Ia9e1516393d6e85858cceb02bb09405148adaf51
jenkins-bot [Wed, 1 May 2019 05:42:06 +0000 (05:42 +0000)]
Merge "Default $wgActorTableSchemaMigrationStage to SCHEMA_COMPAT_NEW"
jenkins-bot [Wed, 1 May 2019 04:38:54 +0000 (04:38 +0000)]
Merge "ContribsPager: Fix slow queries"
Gergő Tisza [Wed, 1 May 2019 04:34:41 +0000 (21:34 -0700)]
Fix WikiPage::commitRollback error message
The user got accidentally mixed up in Ifd23bc1cd6.
Bug: T222179
Change-Id: I4d45f68caf160f001420cf46ffcd2b46cc2ddac1
Brad Jorsch [Tue, 23 Apr 2019 16:13:08 +0000 (12:13 -0400)]
ContribsPager: Fix slow queries
When ContribsPager is using an auxiliary table like ip_changes or
revision_actor_temp for the main action of the query, we already had
code in place to let it use the auxiliary table's denormalized timestamp
field for the ordering. What we didn't have was code to let it also use
the auxiliary table's denormalized timestamp field for *continuation*.
With the schema defined in tables.sql, the simplest thing to do would be
to be to add a redundant JOIN condition between rev_timestamp and the
denormalized timestamp field which would be enough to allow
MySQL/MariaDB to propagate the continuation conditional on rev_timestamp
to the denormalized timestamp field.
Unfortunately many Wikimedia wikis have rev_timestamp defined
differently from table.sql (P8433), and that difference is enough to
break that propagation. So we need to take a more difficult route,
restructuring the code tell IndexPager to explicitly use the
denormalized fields for ordering and continuation.
On the plus side, since we're doing that anyway we can get rid of the
code mentioned in the first paragraph.
Bug: T221380
Change-Id: Iad6c0c2f1ac5e1c610de15fe6e85a637c287bcd8
Brad Jorsch [Thu, 4 Apr 2019 19:23:41 +0000 (15:23 -0400)]
Default $wgActorTableSchemaMigrationStage to SCHEMA_COMPAT_NEW
Probably good to start testing this in CI sometime soon.
This also updates a bunch of tests that were forcing an older stage to
force SCHEMA_COMPAT_NEW instead, or to test both ways (until a future
patch removes the _OLD version).
Bug: T188327
Change-Id: Icb9b55cb9d754f2d30d6883005658b9670834756
James D. Forrester [Tue, 30 Apr 2019 20:26:02 +0000 (13:26 -0700)]
build: Upgrade grunt-banana-checker from 0.6.0 to 0.7.0 and make pass
Change-Id: I4c604ab50caeffc5738c719c17f19e769082376f
James D. Forrester [Tue, 30 Apr 2019 20:25:38 +0000 (13:25 -0700)]
build: Upgrade grunt from 1.0.3 to 1.0.4
Change-Id: I9bfada10337dbab4cb5c77348f5f0df6cfab40a7
Translation updater bot [Tue, 30 Apr 2019 19:55:00 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I550dfb385ac3897d4d4cbcfc412f78a9579d1707
jenkins-bot [Tue, 30 Apr 2019 19:21:31 +0000 (19:21 +0000)]
Merge "Fix @return documentation for MediaWikiTestCase::editPage()"
jenkins-bot [Tue, 30 Apr 2019 19:04:37 +0000 (19:04 +0000)]
Merge "Block: Type hint Block constructor, follow-up on I37ab858494a173c6982bb"
jenkins-bot [Tue, 30 Apr 2019 17:52:54 +0000 (17:52 +0000)]
Merge "Add missing IDatabase type hints to all doAtomicSection() calls"
Derick Alangi [Mon, 29 Apr 2019 22:26:03 +0000 (23:26 +0100)]
Block: Type hint Block constructor, follow-up on I37ab858494a173c6982bb
Since 1.26, both options array and individual arguments were accepted but
was later removed in I37ab858494a173c6982bb (support for multiple args was
dropped) and **only** array of options is accepted from 1.33 since the use
of individual arguments all disappeared, see usage below;
Usage
=====
https://codesearch.wmflabs.org/search/?q=new%20Block%5C(&i=nope&files=&repos=
Bug: T220656
Change-Id: Id5266400def9fafbc89d5bdcdb63aed2a63da34d
Thiemo Kreuz [Tue, 30 Apr 2019 15:08:48 +0000 (17:08 +0200)]
Add missing IDatabase type hints to all doAtomicSection() calls
Change-Id: I11061c358013fc67ec7a8ded54aeddcb7ff4910b
Thiemo Kreuz [Tue, 30 Apr 2019 15:06:46 +0000 (17:06 +0200)]
Fix @return documentation for MediaWikiTestCase::editPage()
Change-Id: Iec6ec28256b014a2c745413786d0ba5e8d5839d7
jenkins-bot [Tue, 30 Apr 2019 14:03:50 +0000 (14:03 +0000)]
Merge "Replace pauses in rollback tests w/ dynamic waits"
jenkins-bot [Tue, 30 Apr 2019 12:38:45 +0000 (12:38 +0000)]
Merge "Use POST to submit wikitext to mw.api.parse"
Tim Eulitz [Mon, 15 Apr 2019 10:21:22 +0000 (12:21 +0200)]
Replace pauses in rollback tests w/ dynamic waits
Bug: T220479
Change-Id: I95cf06a4d6a677ca14b56f11f5c6bd98aa0abd05
jenkins-bot [Tue, 30 Apr 2019 01:32:27 +0000 (01:32 +0000)]
Merge "HTMLFormFieldWithButton: Don't pass empty string as 'id'"
Bartosz Dziewoński [Tue, 30 Apr 2019 00:10:16 +0000 (02:10 +0200)]
HTMLFormFieldWithButton: Don't pass empty string as 'id'
The button must have an ID to be able to be infused. If the given ID
is null, that's fine, OOUI will generate one. But passing an empty
string apparently disables that.
Bug: T222013
Change-Id: I96e1f838385c5539ed246d2ee7107cd037a5f338
zoranzoki21 [Mon, 29 Apr 2019 23:29:39 +0000 (01:29 +0200)]
docs/kss/package.json: Update Gerrit /r/p/ link to /r/
Bug: T218844
Change-Id: Ie503c5f7dc3bd89d983c1b368e25a4d185ae617e
jenkins-bot [Mon, 29 Apr 2019 21:02:39 +0000 (21:02 +0000)]
Merge "User: Remove/Kill usage of deprecated User::makeGroupLinkWiki()"
Derick Alangi [Mon, 29 Apr 2019 20:13:53 +0000 (21:13 +0100)]
User: Remove/Kill usage of deprecated User::makeGroupLinkWiki()
This method was deprecated in 1.29 and usage of this method can no
longer be found.
Usage
=====
https://codesearch.wmflabs.org/search/?q=makeGroupLinkWiki&i=nope&files=&repos=
Bug: T220656
Change-Id: Iff5ef6666e8ec3e7060ddef8f60362206f4306d0
jenkins-bot [Mon, 29 Apr 2019 20:11:05 +0000 (20:11 +0000)]
Merge "jobqueue: make JobQueueDB stricter about broken job_params fields"
jenkins-bot [Mon, 29 Apr 2019 20:02:56 +0000 (20:02 +0000)]
Merge "objectcache: replace debugLog() calls with faster debug() calls in MemcachedPeclBagOStuff"
jenkins-bot [Mon, 29 Apr 2019 20:01:21 +0000 (20:01 +0000)]
Merge "objectcache: micro-optimize determineKeyClassForStats() by using the limit option to explode()"
Translation updater bot [Mon, 29 Apr 2019 19:56:09 +0000 (21:56 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I29daa267c536e8dc57b524e4a9232c606364b9cb
jenkins-bot [Mon, 29 Apr 2019 19:35:18 +0000 (19:35 +0000)]
Merge "User: Remove deprecated methods ::getGroupPage() & ::makeGroupLinkHTML()"
Derick Alangi [Mon, 29 Apr 2019 10:58:21 +0000 (11:58 +0100)]
User: Remove deprecated methods ::getGroupPage() & ::makeGroupLinkHTML()
These methods were deprecated in 1.29 and usage can no longer be found so,
removing ahead of 1.34 cut.
Usage
=====
* User::getGroupPage() -
https://codesearch.wmflabs.org/search/?q=%5B%5E%3E%5D(User)%3A%3AgetGroupPage%5C(&i=nope&files=&repos=
* User::makeGroupLinkHTML() -
https://codesearch.wmflabs.org/search/?q=%5B%5E%3E%5D(User)%3A%3AmakeGroupLinkHTML%5C(&i=nope&files=&repos=
Bug: T220656
Change-Id: I4e48eb351883b044269d77a8baaf7b5030138c34
jenkins-bot [Mon, 29 Apr 2019 17:06:58 +0000 (17:06 +0000)]
Merge "mw.widgets.TitleWidget: Update icons, use OOUI where possible"
Thalia [Fri, 5 Apr 2019 19:13:17 +0000 (20:13 +0100)]
Introduce a BlockManager service
This introduces a minimal BlockManager service, for getting blocks
that apply to a User.
Move the part of User::getBlockedStatus that checks for the blocks
into BlockManager::getUserBlock, and move the related helper
methods from User to BlockManager.
Hard deprecate or remove these helper methods, and move to private
methods in the BlockManager:
* User::getBlockFromCookieValue
* User::isLocallyBlockedProxy
* User::inDnsBlacklist
Soft deprecate these helper methods, and move to public methods in
the BlockManager:
* User::isDnsBlacklisted
Add tests to cover the methods moved to BlockManager.
Bug: T219441
Change-Id: I0af658d71288376735cebe541215383b56bb72e5
jenkins-bot [Mon, 29 Apr 2019 16:13:34 +0000 (16:13 +0000)]
Merge "Clarify documentation of minor and notminor API parameters"
Ed Sanders [Mon, 29 Apr 2019 16:09:43 +0000 (17:09 +0100)]
mw.widgets.TitleWidget: Update icons, use OOUI where possible
Bug: T222079
Change-Id: I7ff1ca9410236b7404556cb0b90cab3340ee7b0b
jenkins-bot [Mon, 29 Apr 2019 11:44:50 +0000 (11:44 +0000)]
Merge "Deprecate User::isBlocked()"
jenkins-bot [Mon, 29 Apr 2019 09:08:44 +0000 (09:08 +0000)]
Merge "editpage: Make TextConflictHelper::toEditContent private"
jenkins-bot [Mon, 29 Apr 2019 02:29:28 +0000 (02:29 +0000)]
Merge "Avoid usage of deprecated wfGetMainCache() function"
Derick Alangi [Sat, 23 Mar 2019 13:02:00 +0000 (14:02 +0100)]
SpecialUserrights: Improve ::userCanChangeRights() method logic
Bug: T37674
Change-Id: I22aa9ff72aec175b0f86ebcf48cd7716f3328b01
Lucas Werkmeister [Sun, 28 Apr 2019 20:15:15 +0000 (22:15 +0200)]
Clarify documentation of minor and notminor API parameters
Change-Id: I9f55dd179ea7efcc618120da4e18b7708903a5ff
Derick Alangi [Sun, 28 Apr 2019 19:41:17 +0000 (20:41 +0100)]
Avoid usage of deprecated wfGetMainCache() function
This function was deprecated in 1.32 and replaced with the use of
ObjectCache::getLocalClusterInstance().
Change-Id: Id50700a6a7110888b12c4ee1a2100134173760a0
Derick Alangi [Sat, 27 Apr 2019 07:00:19 +0000 (08:00 +0100)]
GlobalFunctions: Remove deprecated `wfMakeUrlIndexes()` function
This function was hard deprecated in 1.33 and per code search, usage
is no longer there, probably completely replaced?
Usage
=====
https://codesearch.wmflabs.org/search/?q=%5CbwfMakeUrlIndexes%5Cb&i=nope&files=&repos=
Bug: T42485
Change-Id: I01642a8207f582762428f5a7ac33830066268b2e
jenkins-bot [Sun, 28 Apr 2019 07:59:13 +0000 (07:59 +0000)]
Merge "jobqueue: Follow-up for
fc5d51f12936ed (added GenericParameterJob)"
jenkins-bot [Sat, 27 Apr 2019 23:07:12 +0000 (23:07 +0000)]
Merge "RELEASE-NOTES: Follow-up on I28092eeb8dec058c5dba2fb63"
jenkins-bot [Sat, 27 Apr 2019 10:20:48 +0000 (10:20 +0000)]
Merge "Rename $isIpUser to $isAnon, in line with convention elsewhere"
Derick Alangi [Sat, 27 Apr 2019 08:42:48 +0000 (09:42 +0100)]
RELEASE-NOTES: Follow-up on I28092eeb8dec058c5dba2fb63
Change-Id: Id170565f7ce71648ccdab415ded90d8eaf330400
jenkins-bot [Sat, 27 Apr 2019 07:21:46 +0000 (07:21 +0000)]
Merge "GlobalFunctions: Remove usage of `wfArrayFilter` & `wfArrayFilterByKey`"
Derick Alangi [Sat, 27 Apr 2019 06:40:47 +0000 (07:40 +0100)]
GlobalFunctions: Remove usage of `wfArrayFilter` & `wfArrayFilterByKey`
These functions were hard deprecated in 1.32 and usage no longer exist
and seems to have been completely removed from all repos. See below;
Usage
=====
https://codesearch.wmflabs.org/search/?q=%5B%5E%3E%5D(wfArrayFilterByKey%5C(%7CwfArrayFilter%5C()&i=nope&files=&repos=
Bug: T42485
Change-Id: I28092eeb8dec058c5dba2fb63f3602249c137b31
Amir Aharoni [Sun, 17 Mar 2019 12:48:53 +0000 (14:48 +0200)]
Add N'Ko to Names.php
Bug: T221994
Change-Id: I8c8e05ebabec8d50fa089b4d88061667a29d8b83
Aaron Schulz [Sat, 27 Apr 2019 04:40:53 +0000 (21:40 -0700)]
objectcache: micro-optimize determineKeyClassForStats() by using the limit option to explode()
Change-Id: I7d95998487dd18078599b16201c9d0ec0debcb0b
Aaron Schulz [Sat, 27 Apr 2019 04:10:05 +0000 (21:10 -0700)]
objectcache: replace debugLog() calls with faster debug() calls in MemcachedPeclBagOStuff
Change-Id: Iefe29d43f2bc8efa8288b4625d20bd803f35bbfe
jenkins-bot [Sat, 27 Apr 2019 02:35:00 +0000 (02:35 +0000)]
Merge "API: Add STRAIGHT_JOIN to ApiQueryUserContribs to avoid planner oddness"
Zoranzoki21 [Sat, 20 Apr 2019 23:34:48 +0000 (01:34 +0200)]
Split parser related files to have one class in one file
Change-Id: I36b26609ccb3f135a22961b32a46cdc06603b3e4
Aaron Schulz [Fri, 26 Apr 2019 20:11:09 +0000 (13:11 -0700)]
jobqueue: make JobQueueDB stricter about broken job_params fields
Also rename throwDBException() to getDBException() and make the
callers throw the result to avoid phpstorm warnings. Remove $row
assignment that is always overridden as well.
Change-Id: I84bc4b11f10152eada6dd6f4788c4f79dcb4a2fb
Chiefwei [Sun, 17 Mar 2019 12:53:13 +0000 (20:53 +0800)]
Chinese Conversion Table Update 2019-1
Update the Chinese conversion table routinely to fix bugs reported from https://zh.wikipedia.org/wiki/Wikipedia:%E5%AD%97%E8%AF%8D%E8%BD%AC%E6%8D%A2/%E4%BF%AE%E5%A4%8D%E8%AF%B7%E6%B1%82 .
It is only data changes and only works for Chinese WikiProjects.
Change-Id: Id2d16722eaa837c37e8696c9dd9a2d2231af26e8
Max Semenik [Fri, 26 Apr 2019 20:54:41 +0000 (13:54 -0700)]
shell: annotate return types
Change-Id: I3ab0a6409088c86581d9d50a340e82b0ea354814
Brad Jorsch [Tue, 23 Apr 2019 18:02:34 +0000 (14:02 -0400)]
API: Add STRAIGHT_JOIN to ApiQueryUserContribs to avoid planner oddness
For some unknown reason, when the `actor` table has few enough rows (or
few enough compared to `revision_actor_temp`) MariaDB 10.1.37 decides it
makes more sense to fetch everything from `actor` + `revision_actor_temp`
and filesort rather than fetching the limited number of rows from
`revision_actor_temp`.
We can work around it by telling it to not reorder the query, but then
(unlike in I9da981c0) we also have to reorder it ourselves to put
`revision_actor_temp` first instead of `revision`.
Bug: T221511
Change-Id: Ic63875b26a051a2da58374d5d76c95a6fa8ecc8e
Translation updater bot [Fri, 26 Apr 2019 19:57:37 +0000 (21:57 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I30314516bdc6ed318ca7f76c9217c548aad5e2ed
jenkins-bot [Fri, 26 Apr 2019 19:10:46 +0000 (19:10 +0000)]
Merge "Allow <figure-inline> attributes through Sanitizer"
jenkins-bot [Fri, 26 Apr 2019 19:10:10 +0000 (19:10 +0000)]
Merge "Synchronize allowed attributes for <audio> with Parsoid/TimedMediaHandler"
Thalia [Thu, 25 Apr 2019 12:02:12 +0000 (13:02 +0100)]
Rename $isIpUser to $isAnon, in line with convention elsewhere
Change-Id: I66721f4af5e844c3e18ba35558390563b8424863
Adam Wight [Tue, 23 Apr 2019 21:14:47 +0000 (14:14 -0700)]
Use POST to submit wikitext to mw.api.parse
It was impossible to parse wikitext longer than the maximum URL length of about
2000 characters, because our library only used GET requests. This patch
switches to using POST for inline content, while still using GET when parsing
existing pages.
Bug: T216837
Change-Id: I971b7fc197517a2761f2100fc2aeda087ff52a78
jenkins-bot [Fri, 26 Apr 2019 11:47:47 +0000 (11:47 +0000)]
Merge "Rename BlockRestriction -> BlockRestrictionStore and wire it up as a service"
jenkins-bot [Fri, 26 Apr 2019 02:25:08 +0000 (02:25 +0000)]
Merge "Add STRAIGHT_JOIN to ApiQueryLogEvents and LogPager to avoid planner oddness"
jenkins-bot [Thu, 25 Apr 2019 23:19:07 +0000 (23:19 +0000)]
Merge "Change the autonym of Javanese from "Basa Jawa" to "Jawa""
Ed Sanders [Wed, 24 Apr 2019 12:46:40 +0000 (13:46 +0100)]
mediawiki.storage: Add methods for storing plain objects as JSON
Change-Id: I3cc1d5adfbce794e8345b7f1090c10fb0d42d150
jenkins-bot [Thu, 25 Apr 2019 22:07:46 +0000 (22:07 +0000)]
Merge "rdbms: add "secret" parameter to ChronologyProtector to use HMAC client IDs"
jenkins-bot [Thu, 25 Apr 2019 20:21:53 +0000 (20:21 +0000)]
Merge "specials: Avoid the use of global variables in Special:Version"
David Barratt [Tue, 23 Apr 2019 17:51:54 +0000 (13:51 -0400)]
Deprecate User::isBlocked()
The method User::isBlocked() attempts to answer two questions:
(1) Does the user have a block?
(2) Is the user prevented from performing this action?
The method can answer #1, but it cannot answer #2. Since User::getBlock() can
also answer #1, this method is redundant. The method cannot answer #2 because
there is not enough context in order to answer that question.
If access is being checked against a Title object, all access checks can be
performed with PermissionManager:userCan() which will also check the user's
blocks.
If performing all access checks is not desirable, using
PermissionManager::isBlockedFrom() is also acceptable for only checking if the
user is blocked. This method does *not* determine if the action is allowed,
only that the user's block applies to that Title.
If access is being checked without an existing Title, User::getBlock() can be
used to get the user's block. Then Block::appliesToRight() can be used to
determine if the block applies explicitly to a right (or returns null if
it is unknown or false if explicitly allowed). If the user is creating a new
Title, but the text of the title is not yet known (as in the case of Wikibase),
access should be checked with Block::appliesToNamespace().
Bug: T209004
Change-Id: Ic0ad1b92e957797fee8dcd00bd1092fe69fa58f1
Timo Tijhof [Thu, 18 Apr 2019 15:29:41 +0000 (16:29 +0100)]
jobqueue: Follow-up for
fc5d51f12936ed (added GenericParameterJob)
* Remove duplicate $params check from Job::factory done in Job::__construct.
* In Job::factory(), restore use of a valid title as default for passing as
constructor arg to old job classes. Their constructor may expect it to
be valid.
Keep the invalid dummy in Job::__construct, and document why.
* tests: Update test case for failure mode when using Job::factory
with a class that requires a title. It asserted getting an invalid
title. This now restores the behaviour prior to
fc5d51f12936ed,
which is that job classes that require a title, get a valid one.
* tests: Remove test case for testToString that used
an explicitly passed but invalid params value. I've converted
that to expect the exception we now throw instead.
* tests: Update getMockJob(), also used by testToString, which was
relying on undocumented behaviour that 'new Title' is public
and gets namespace=0 and title=''. Before
fc5d51f12936ed,
title params weren't in toString() and it asserted outputting
three spaces (delimiter, empty string from formatted title,
delimiter).
In
fc5d51f12936ed, this changed to asserting "Special:" which
seems unintentional as we didn't pass it the internally reserved
NS_SPECIAL/'' value, and yet was caught by the dbkey=='' check.
Given this test case doesn't deal with titles, omit it for now.
A job can either have a $title and title/namespace in params,
or neither. This test was asserting an in-memory scenario
where $title can be an object, but title/namespace absent from
params.
Bug: T221368
Depends-On: I89f6ad6967d6f82d87a62c15c0dded901c51b714
Change-Id: I2ec99a12ecc627359a2aae5153d5d7c54156ff46
Brad Jorsch [Thu, 25 Apr 2019 13:49:01 +0000 (09:49 -0400)]
ApiLogout: Follow up Icb674095
This implements getWebUITokenSalt(), as mentioned in T25227#
2008199 and
implemented in
F3328897. Somehow it didn't make it into Icb674095.
This also fixes some issues in the unit test:
* Properly link the user to the request's Session so User::doLogout()
won't log a warning. This also gives use to the otherwise-unneeded
implementation of setUp(), and lets us get rid of the broken call to
User::newFromId() that was passing an IP address rather than a user ID.
* Privatize some internal methods.
* Use setExpectedApiException() instead of manually catching and
hard-coding the English exception message.
* Also assert that the bad token error didn't result in a logout.
Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2
jenkins-bot [Thu, 25 Apr 2019 09:39:02 +0000 (09:39 +0000)]
Merge "[SECURITY] [API BREAKING CHANGE] Require logout token."
jenkins-bot [Wed, 24 Apr 2019 20:09:11 +0000 (20:09 +0000)]
Merge "Remove unused wgUploadWarningObj.keypress"
Translation updater bot [Wed, 24 Apr 2019 19:55:35 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I36801827ec21f0fcc6a42b0bacce8ff938e3af41
James D. Forrester [Wed, 24 Apr 2019 18:36:00 +0000 (13:36 -0500)]
Update OOUI to v0.31.5
Release notes:
https://phabricator.wikimedia.org/diffusion/GOJU/browse/master/History.md;v0.31.5
Bug: T218229
Bug: T221705
Depends-On: I89a829b50e318649ed80b4bd9ac2fea61d08a5d2
Change-Id: I89a829b50e318649ed80b4bd9ac2fea61d08a5d1
Derick Alangi [Tue, 29 Jan 2019 17:40:58 +0000 (18:40 +0100)]
specials: Avoid the use of global variables in Special:Version
We're moving away from globals to Config this patch attempts to
clean off some globals whose values can be nicely gotten via the
use of Config.
Bug: T72638
Change-Id: I25516873c215b74cdd425d023e877e5cdc3d6149
sbassett [Tue, 16 Apr 2019 22:09:43 +0000 (17:09 -0500)]
[SECURITY] [API BREAKING CHANGE] Require logout token.
Special:Userlogout now requires a token
Api action=logout requires a csrf token and the request to be POSTed
Patch author: bawolff
Bug: T25227
Change-Id: Icb674095956bb3f6c847c9553c53e404402ea774
jenkins-bot [Wed, 24 Apr 2019 15:33:54 +0000 (15:33 +0000)]
Merge "Reinstate small category refresh logic in LinksDeletionUpdate"
jenkins-bot [Wed, 24 Apr 2019 13:59:44 +0000 (13:59 +0000)]
Merge "Remove block notice tracking"