Thiemo Kreuz (WMDE) [Tue, 26 Jun 2018 09:55:21 +0000 (09:55 +0000)]
Linker: more consistent whitespace parsing in formatLinksInComment
Try to paste and preview this in the wikitext as well as the summary
line: [[:a]] [[ :a]]
The wikitext will show "a a", but the summary line will show "a :a".
This is only a display issue, all 4 links correctly link to the
article [[A]].
Change-Id: I08253a6d0b55b9aa3eace519bbdc1a456400bf84
jenkins-bot [Thu, 6 Sep 2018 16:15:15 +0000 (16:15 +0000)]
Merge "Allow skins to place notification container for mw.notify"
Moriel Schottlender [Tue, 30 Aug 2016 23:02:18 +0000 (16:02 -0700)]
Allow skins to place notification container for mw.notify
Give skins the ability to place the mw.notification notifications
in a div of their choosing rather than force the container to be
in the content area.
This is particularly useful for skins that deal with multiple
overlays that are created and displayed outside the content div,
which then in turn hides the notification area. A good example of
this behavior is in MobileFrontend's overlays that are created as
siblings to the content div, and so all mw.notify() notifications
are then hidden behind them.
Bug: T143837
Bug: T202466
Change-Id: I5a78949efef88083bdafc4207a6872c76b463970
Timo Tijhof [Fri, 24 Aug 2018 20:13:57 +0000 (21:13 +0100)]
exception: Do not log PHP errors with severity DEBUG or INFO
All PHP errors should be considered by monitoring queries
and error-rate alerts.
Levels DEBUG and INFO are for manual entries that can help in
debugging to see what path a program went down or what the
circumstances were in that code.
There is no reason to spread PHP error-types out on the full range
of PSR-3's DEBUG to ERROR spectrum. Instead, keep it within either
WARNING or ERROR, not below it.
Change-Id: I3f35a519b50aef5b93b9ab7a89a7c3e11d70681f
jdlrobson [Fri, 10 Aug 2018 18:02:22 +0000 (11:02 -0700)]
Hygiene: Discourage use of $.each
Even though Array.prototype.forEach only works on arrays, and
$.each is more generic, I think it makes sense to begin discouraging
the usage of $.each now. This can be overriden by ignore lines or
by Array.prototype.forEach compatible lines. This doesn't seem too
much of an ask of engineers and helps future migrations
Bug: T200877
Change-Id: I339cff311a830699c8e32f07cec338a39870c53f
Fomafix [Tue, 4 Sep 2018 07:51:49 +0000 (09:51 +0200)]
Replace $.proxy by Function.prototype.bind
Also prevent further usage by an eslint rule.
jQuery.proxy is deprecated:
* https://github.com/jquery/jquery/issues/2958
Bug: T200877
Change-Id: I3a4977f9b90c2104db320d2d939a1cbaa1819de0
Translation updater bot [Wed, 5 Sep 2018 20:02:00 +0000 (22:02 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ib115cf8605089085e6b52836daca2e0ae4755642
jenkins-bot [Wed, 5 Sep 2018 19:34:05 +0000 (19:34 +0000)]
Merge "Don't wait for thumbnails that take long to render"
Gilles Dubuc [Mon, 3 Sep 2018 09:09:08 +0000 (11:09 +0200)]
Don't wait for thumbnails that take long to render
The prerendering job is an optimization, should
thumbnails fail to prerender, they will be reattempted
when a user views them again.
Bug: T203135
Change-Id: I2907bf10a2d22af9beffc530856f458a6adbfe45
jenkins-bot [Wed, 5 Sep 2018 16:22:57 +0000 (16:22 +0000)]
Merge "Selenium: Daily Jenkins job targeting beta cluster should run only tests that pass"
jenkins-bot [Wed, 5 Sep 2018 15:53:57 +0000 (15:53 +0000)]
Merge "ApiComparePages: Clean up handling of slot deletion"
jenkins-bot [Wed, 5 Sep 2018 12:40:40 +0000 (12:40 +0000)]
Merge "[MCR] Move getSecondaryDataUpdates to the page level"
jenkins-bot [Wed, 5 Sep 2018 12:18:34 +0000 (12:18 +0000)]
Merge "DifferenceEngine: use a fake title when there's no real title"
jenkins-bot [Wed, 5 Sep 2018 05:15:34 +0000 (05:15 +0000)]
Merge "SpecialPageExecutor: Use `finally` now that we're in a PHP 5.5+ world"
jenkins-bot [Wed, 5 Sep 2018 05:12:07 +0000 (05:12 +0000)]
Merge "mediawiki.api: Use loadMessages in loadMessagesIfMissing"
Fomafix [Tue, 4 Sep 2018 09:56:59 +0000 (11:56 +0200)]
mediawiki.api: Use loadMessages in loadMessagesIfMissing
This removes duplicate code.
Change-Id: I6f4bbb816ec8e20aff164a9128ecdd31eabb1d1f
jenkins-bot [Wed, 5 Sep 2018 04:32:49 +0000 (04:32 +0000)]
Merge "Make phpunit.php less hackish, and install the listener unconditionally"
jenkins-bot [Wed, 5 Sep 2018 00:33:42 +0000 (00:33 +0000)]
Merge "TemplateParser: Pass FLAG_MUSTACHELOOKUP to enable parent context access"
jenkins-bot [Wed, 5 Sep 2018 00:02:35 +0000 (00:02 +0000)]
Merge "Add missing dependency on module 'mediawiki.util'"
jenkins-bot [Tue, 4 Sep 2018 20:11:48 +0000 (20:11 +0000)]
Merge "Join decomposition on change_tag and change_tag_def when filtering"
Fomafix [Tue, 4 Sep 2018 20:00:35 +0000 (22:00 +0200)]
Add missing dependency on module 'mediawiki.util'
mediawiki.action.edit.stash.js from module 'mediawiki.action.edit' uses
mw.util.getParamValue from module 'mediawiki.util'.
Change-Id: If56029f892ce79ff2ea01dd16814d5b7e826daa0
Translation updater bot [Tue, 4 Sep 2018 19:55:19 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I76a715667cf1c3a87f0cbf85646e82700a0f923e
Gergő Tisza [Tue, 28 Aug 2018 15:34:25 +0000 (17:34 +0200)]
[MCR] Move getSecondaryDataUpdates to the page level
Replaces Content::getSecondaryDataUpdates with
WikiPage::getSecondaryDataUpdates so that aggregation of
data updates from multiple page slots can be handled without
the caller having to care about it.
Also adds a WikiPage::updateParserCache method for convenience.
This is a temporary measure until DerivedPageDataUpdater
(or its replacement) can be exposed directly, at which point
the WikiPage methods will be deprecated.
Also fixes a parameter handling bug in DerivedPageDataUpdater.
Bug: T194043
Change-Id: Idbe7d582b49fcb7c90aea813773b7610ad44b1a8
Roan Kattouw [Fri, 31 Aug 2018 03:18:44 +0000 (20:18 -0700)]
TemplateParser: Pass FLAG_MUSTACHELOOKUP to enable parent context access
This allows variables defined in an outer context to be used in inner
contexts. For example:
<h2>{{foo}}</h2>
<ul>
{{#things}}
<!-- bar is a property of each thing, foo is an outer variable -->
<li>{{foo}} is a {{bar}}</li>
{{/things}}
</ul>
Bug: T203209
Change-Id: Ib0ae0fb0b4be6b161f548c79db6fb6f4b831f7c1
jenkins-bot [Tue, 4 Sep 2018 19:37:37 +0000 (19:37 +0000)]
Merge "HTMLCheckMatrix: Treat row/column labels as HTML in OOUI mode"
jenkins-bot [Tue, 4 Sep 2018 19:26:16 +0000 (19:26 +0000)]
Merge "libs: Bump wikimedia/timestamp from 2.0.0 to 2.1.0"
James D. Forrester [Tue, 4 Sep 2018 18:57:12 +0000 (11:57 -0700)]
libs: Bump wikimedia/timestamp from 2.0.0 to 2.1.0
Depends-On: I209cdce85d0fb224af8521bc5d6b1f367719e30a
Change-Id: I209cdce85d0fb224af8521bc5d6b1f367719e30b
jenkins-bot [Tue, 4 Sep 2018 18:59:53 +0000 (18:59 +0000)]
Merge "resourceloader: Avoid clear/set timer overhead in mw.loader.store.add"
Amir Sarabadani [Tue, 4 Sep 2018 18:58:41 +0000 (20:58 +0200)]
Join decomposition on change_tag and change_tag_def when filtering
Since the service uses cache and MySQL also caches, this is faster
Bug: T194162
Change-Id: I57bbbf4f566d8140f9f80c16ecc454f857d363b2
jenkins-bot [Tue, 4 Sep 2018 18:55:56 +0000 (18:55 +0000)]
Merge "resourceloader: Remove module stringification from execute path"
jenkins-bot [Tue, 4 Sep 2018 18:09:29 +0000 (18:09 +0000)]
Merge "resourceloader: Reduce memory cost of mw.config.set()"
Timo Tijhof [Sat, 1 Sep 2018 03:54:47 +0000 (04:54 +0100)]
resourceloader: Avoid clear/set timer overhead in mw.loader.store.add
Follows-up
d269e1d91f76 (2018),
4174b662f623b (2015).
Bug: T202598
Change-Id: I45b9f17357e6fb372456a1a4841ad948a5526437
Timo Tijhof [Fri, 31 Aug 2018 03:02:18 +0000 (04:02 +0100)]
resourceloader: Remove module stringification from execute path
After execute() is finished and markModuleReady() is called,
the execute path reaches handlePending() which calls
mw.loader.store.set(). This prepares the contents of the module
we just finished executing, for localStorage.
While the writing to localStorage was already debounced via #update,
the stringification of all functions and stylesheets was still
happening within the execute path, and other checks as well.
This commit replaces the mw.loader.store.set() call with a new
method mw.loader.store.add(). The serialisation is now performed
as part of flushWrites(), which is the debounced update that
happens in an idle callback.
While mw.loader.store is itself private within mw.loader, this
commit also marks the set() and update() methods as @private
within mw.loader.store as they are not (and should not) called
from outside this class.
Bug: T202703
Bug: T127328
Change-Id: I23ef28e096acf3bab57b88922ba21366fed06155
jenkins-bot [Tue, 4 Sep 2018 16:25:49 +0000 (16:25 +0000)]
Merge "Update jQuery from v3.2.1 to v3.3.1"
jenkins-bot [Tue, 4 Sep 2018 13:17:07 +0000 (13:17 +0000)]
Merge "resourceloader: Remove unused string[] module logic in register()"
jenkins-bot [Tue, 4 Sep 2018 12:54:21 +0000 (12:54 +0000)]
Merge "resourceloader: Remove obsolete aliases from closure"
jenkins-bot [Tue, 4 Sep 2018 12:41:47 +0000 (12:41 +0000)]
Merge "resourceloader: Use 'enableModuleContentVersion' for startup module"
Željko Filipin [Tue, 4 Sep 2018 09:27:01 +0000 (11:27 +0200)]
Selenium: Daily Jenkins job targeting beta cluster should run only tests that pass
Selenium tests run fine when targeting MediaWiki installation in
MediaWiki-Vagrant and in Jenkins, but fail when targeting beta cluster.
Until tests are refactored to run without failure for beta cluster, let's disable
failing tests.
Bug: T185011
Change-Id: I12da893e7d624d4ebe478bccf0706aa07c965796
Tim Starling [Mon, 3 Sep 2018 07:02:44 +0000 (17:02 +1000)]
Make phpunit.php less hackish, and install the listener unconditionally
* Instead of rewriting $argv, add a Command subclass called
MediaWikiPHPUnitCommand which overrides the configuration using the
stub functions in Command which were provided for that purpose.
* Revert
c804a0b5b9be8be9, which added redundant debug output to tests,
and instead install the MediaWikiPHPUnitTestListener listener
unconditionally. Deprecate and make non-functional the --debug-tests
option. If you don't want tests to produce debug output, you can
always turn the channel off.
* Because I added our listener to the listener array instead of making
it override the printer, it's no longer necessary to derive from
PHPUnit\TextUI\ResultPrinter. Instead we derive from BaseTestListener.
So we don't need to call the (empty) parent methods.
* Remove the --with-phpunitclass feature since it doesn't work with this
scheme.
* Instead of passing CLI args to MediaWikiTestCase via a public static
variable, inject it non-statically by overriding the TestRunner and
TestResult.
* Remove --file, which has been non-functional since my 2016 refactor.
Change-Id: Ibcaf9ca81c8dc63cce6dc6f6fb1fffee19f8804e
Kunal Mehta [Tue, 4 Sep 2018 05:10:06 +0000 (22:10 -0700)]
SpecialPageExecutor: Use `finally` now that we're in a PHP 5.5+ world
Change-Id: I2f91998781be492557d90444b773951ae1e1580e
Tim Starling [Tue, 4 Sep 2018 01:59:03 +0000 (11:59 +1000)]
Introduce NameTableStoreFactory
With a separate service for each of the NameTableStore tables, it
wasn't possible to instantiate a NameTableStore for a foreign wiki,
leading to the inelegant situation of having RevisionStoreFactory
construct a new NameTableStoreFactory every time a RevisionStore for a
foreign wiki was requested. These NameTableStore objects were not
tracked in any structured way, so there was no way to reset them for
tests.
So, introduce NameTableStoreFactory, which tracks object instances for
both local and remote table access.
This also avoids having schema details in ServiceWiring.php.
Depends-On: I5c78cfb8bf90eca935a3264592366f63517c4fad
Bug: T202641
Change-Id: Ic0f2d1d94bad9dcc047ff19a1f92db89b7e014ce
jenkins-bot [Tue, 4 Sep 2018 04:49:41 +0000 (04:49 +0000)]
Merge "Don't save and restore the interwiki table"
Tim Starling [Tue, 4 Sep 2018 00:51:18 +0000 (10:51 +1000)]
Don't save and restore the interwiki table
In fact it always has zero rows. Well, at least it does until
ApiQuerySiteinfoTest::testInterwikiMap() inserts two rows without using
@group Database, and then it has two rows from then on. It's meant to
have zero rows.
This saves time and memory.
Revert of
f17feae3a991de9f54e0f57d91fe95bf84211fcb
Change-Id: Ibdb12ff941d2cb47143bdff176072ef9078fa0f7
Timo Tijhof [Tue, 4 Sep 2018 03:52:55 +0000 (04:52 +0100)]
Update jQuery from v3.2.1 to v3.3.1
Notable change:
- Ajax: In Safari, $.ajax() previously did not reject the
Deferred if the XHR timed out. It now does, just as
it previously did already in other browsers.
- Deferred: Fixed a memory leak with callback closures.
- All: Misc perf optimisations and removal of code that
provided compat for browsers no longer supported.
Full release notes at
- https://blog.jquery.com/2018/01/19/jquery-3-3-0-a-fragrant-bouquet
- https://blog.jquery.com/2018/01/20/jquery-3-3-1-fixed-dependencies
Change-Id: Ia141dd46dc5b97c0f9766b44fea7559b1148538a
jenkins-bot [Tue, 4 Sep 2018 02:20:12 +0000 (02:20 +0000)]
Merge "Don't throw an exception when waiting for replication times out"
MGChecker [Tue, 4 Sep 2018 01:39:41 +0000 (03:39 +0200)]
registration: Use null coalescing operator
Change-Id: Iba5df6fe8c647baaaff91df311efec22cca7e88f
Timo Tijhof [Tue, 4 Sep 2018 01:05:00 +0000 (02:05 +0100)]
resourceloader: Remove unused string[] module logic in register()
There are two signatures for this method that we test, document,
and use:
1. register( name, version, ... )
2. register( [ [name,version,...], [name,version,..], ... ] )
But the code was also allowing a third kind that is never used,
and also not documented anywhere or tested.
3. register( [ name, name, ... ] )
Change-Id: I3ed69117affd83d03c4c629d352f19bad50395c9
jenkins-bot [Tue, 4 Sep 2018 00:27:07 +0000 (00:27 +0000)]
Merge "Reset services before every test"
jenkins-bot [Tue, 4 Sep 2018 00:23:29 +0000 (00:23 +0000)]
Merge "Avoid constructing Title objects in data providers"
jenkins-bot [Tue, 4 Sep 2018 00:23:24 +0000 (00:23 +0000)]
Merge "Reduce memory usage on ServiceContainer destruction"
Fomafix [Sat, 1 Sep 2018 14:07:57 +0000 (16:07 +0200)]
resourceloader: Avoid duplicate existence check
The check above with the mw.loader.register( name ) ensures that
hasOwn.call( registry, name )
is always true.
Change-Id: I10e2a23bd5c11fbf53fd4fc59ba2e5d94f157254
Kunal Mehta [Mon, 3 Sep 2018 22:17:19 +0000 (15:17 -0700)]
Document expected escaping level for Xml::submitButton()
Change-Id: I36db99c7f6efc79e52e7fad6cf8b8bad7a6ded37
jenkins-bot [Mon, 3 Sep 2018 22:07:08 +0000 (22:07 +0000)]
Merge "registration: Add ability to check if a specific extension version is loaded"
jenkins-bot [Mon, 3 Sep 2018 22:07:03 +0000 (22:07 +0000)]
Merge "SpecialPreferences: Escape HTML in tab titles in legacy form"
jenkins-bot [Mon, 3 Sep 2018 21:58:31 +0000 (21:58 +0000)]
Merge "EditWatchlistNormalHTMLForm: Fix double-escaping of section legends"
MGChecker [Tue, 28 Aug 2018 02:39:16 +0000 (04:39 +0200)]
registration: Add ability to check if a specific extension version is loaded
As it's quite common that extensions and skins interact with each other, it's
useful to have a simple way to check if an extension version satisfies a
given constraint, as extensions change over time.
Bug: T202955
Change-Id: I19f9713caf89d647072a2bd7d598e739be383f4a
Bartosz Dziewoński [Mon, 3 Sep 2018 20:08:11 +0000 (22:08 +0200)]
EditWatchlistNormalHTMLForm: Fix double-escaping of section legends
Parent getLegend() returns a plain string, and this method should
do the same.
Form section legends are escaped by the wrapFieldSetSection() method.
Change-Id: I2059b9182fba7362f3d6226252bdc3e032a06c57
Translation updater bot [Mon, 3 Sep 2018 19:57:47 +0000 (21:57 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I344962ad1d1a66b6f552172811863e6a413a7b1b
Bartosz Dziewoński [Mon, 3 Sep 2018 18:35:31 +0000 (20:35 +0200)]
HTMLCheckMatrix: Treat row/column labels as HTML in OOUI mode
We were incorrectly escaping them. They are supposed to be already
correctly escaped HTML.
Also improve documentation and really allow 'tooltips' to be optional.
Bug: T203325
Change-Id: I1f92479bf1989e1529b18b8b206b61db1257eb87
Bartosz Dziewoński [Mon, 3 Sep 2018 19:21:42 +0000 (21:21 +0200)]
SpecialPreferences: Escape HTML in tab titles in legacy form
They shouldn't intentionally contain HTML (except by abuse of
PreferencesGetLegend hook), and other than trivial formatting,
it wouldn't display correctly because they are styled as links.
It is already being escaped in OOUI form.
Change-Id: I303afe92fcb0208d1a2b040321866c0c95f27aa9
jenkins-bot [Mon, 3 Sep 2018 19:16:59 +0000 (19:16 +0000)]
Merge "Use PHP 7 '??' operator instead of '?:' (round 2)"
Bartosz Dziewoński [Mon, 3 Sep 2018 17:57:23 +0000 (19:57 +0200)]
Use PHP 7 '??' operator instead of '?:' (round 2)
A few issues have snuck in since I33b421c8cb11cdd4ce896488c9ff5313f03a38cf.
Change-Id: Ib75470a7a3c19e2d48f498b396eee6ed733690e4
Tim Starling [Thu, 30 Aug 2018 11:35:25 +0000 (21:35 +1000)]
Reset services before every test
Trying to avoid resetting services introduces a lot of complexity and
several bugs. We were doing a reset for 70% of @group Database tests
anyway.
Instead:
* Reset services at the start of MediaWikiTestCase::run().
* Capture the actual original service container instead of making a
special shared service container.
* The test-isolated local service container can now only be initialised
non-statically. Revert the recent conversion of overrideMwServices()
to static.
* Store a reference to the local service container in the test case
object. In MediaWikiTestCase, always use the original or local service
container directly, to avoid confusion about which one is active at
the time.
* Remove a lot of unnecessary teardown
* Always call ServiceContainer::destroy() before forceGlobalInstance()
since the memory is not otherwise freed.
Change-Id: I4a17c1c7ec92c14e3bc471f0216473ebe19477b9
daniel [Fri, 31 Aug 2018 04:56:42 +0000 (14:56 +1000)]
Avoid constructing Title objects in data providers
Bug: T202641
Change-Id: I34efa0b9329e740bcb292b2529ec8f7f925dc346
Tim Starling [Fri, 31 Aug 2018 03:05:32 +0000 (13:05 +1000)]
Reduce memory usage on ServiceContainer destruction
The closures in ServiceContainer::$serviceInstantiators are circular
references which prevent destruction of the object. So, delete these
when destroy() is called. Also delete the service instances for good
measure.
Change-Id: Ic8487cb533a09a8fcc69eba4f5d1bbb71558ae08
petarpetkovic [Fri, 24 Aug 2018 22:37:07 +0000 (00:37 +0200)]
Remove jQuery.inArray usages
Replace jQuery.inArray with Array.prototype.indexOf.
Also enforce this via eslint rule.
Bug: T200877
Change-Id: Idbd06e6a1681300c4ab9142c7b57e4376f474041
jenkins-bot [Mon, 3 Sep 2018 06:33:29 +0000 (06:33 +0000)]
Merge "A major update to MessagesSah.php from HalanTul"
jhsoby [Thu, 23 Aug 2018 09:21:10 +0000 (11:21 +0200)]
Fix autonym for Armenian
The Armenian autonym should not have a capital
initial, as names of languages are not proper
nouns in that language.
Bug: T202611
Change-Id: I17cd8706f5fee2f39255c3407b758103e4cb5455
Tim Starling [Thu, 16 Aug 2018 07:01:55 +0000 (17:01 +1000)]
Don't throw an exception when waiting for replication times out
For maintenance scripts it is usually harmful to throw an exception.
For jobs the exception was already caught and handled appropriately,
so this can continue as before. For DeferredUpdates it was extremely
harmful to throw an exception. So in the web case, reduce the timeout to
1s and continue as normal if the 1s timeout is reached. This allows the
DeferredUpdate to be throttled without being killed.
In the updater, increase the replication wait timeout to 5 minutes.
ALTER TABLE could indeed cause replication lag, but exiting the update
script with an exception will probably ruin your day. Update actions are
not necessarily efficiently restartable.
Do not call JobQueue::waitForBackups() when jobs are popped. Maybe it
makes sense to call a queue-specific replication wait function for
bulk inserts, like copyJobQueue.php, but doing it when jobs are popped
just makes no sense. Surely the worst that could happen is that the
queue would become locally empty? Removing this waitForBackups() call
avoids waiting for replication twice when JobQueueDB is used.
Bug: T201482
Change-Id: Ia820196caccf9c95007aea12175faf809800f084
jenkins-bot [Sun, 2 Sep 2018 21:54:58 +0000 (21:54 +0000)]
Merge "Update documentation of getPageviewToken"
Amire80 [Fri, 20 Jul 2018 09:22:59 +0000 (11:22 +0200)]
A major update to MessagesSah.php from HalanTul
Change-Id: I598e131c1d6296615264254101860db77e790c4d
jenkins-bot [Sun, 2 Sep 2018 17:02:43 +0000 (17:02 +0000)]
Merge "RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section"
Zoranzoki21 [Fri, 31 Aug 2018 21:08:08 +0000 (21:08 +0000)]
Fix common typos in code
Bug: T201491
Change-Id: Id962b79f2590c51380cb977e727b7548abc11d33
T. Bayer [Sun, 2 Sep 2018 04:57:02 +0000 (21:57 -0700)]
Update documentation of getPageviewToken
Reflect the recent increase from 64 to 80 bits in generateRandomSessionId
Bug: T201124
Change-Id: I699067f6ae34632c690213930bc3bb7c52508112
Kunal Mehta [Tue, 28 Aug 2018 22:02:57 +0000 (15:02 -0700)]
Use PSR-4 autoloader for includes/auth/
Change-Id: I63dec06f231a57093086f129b3c1d0ebe1389bab
jenkins-bot [Sat, 1 Sep 2018 20:40:23 +0000 (20:40 +0000)]
Merge "Split AuthManagerAuthPluginUser into a separate file"
Translation updater bot [Sat, 1 Sep 2018 20:06:16 +0000 (22:06 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Idc19c609271bfddaf01ba676224307b58f1b186a
Timo Tijhof [Sat, 1 Sep 2018 19:50:15 +0000 (20:50 +0100)]
RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section
This was already used for external libraries. This commit
changes the order to be consistently 'New/Changed/Removed',
and adopts the pattern for configuration changes as well.
For improved scannability, the bullet points now start with
the name of the configuration setting(s), followed by a sentence,
with an optional ticket in brackets after the sentence(s).
* A number of bullet points under "Configuration changes" were
in fact, not configuration changes. These have been moved to
"New features" or "Other changes" for now.
* Add mention of the relevant configuration variable to some
of the release notes: $wgTidyDriver, `watchlistdays`,
$wgGroupPermissions, $wgGroupPermissions.
Also fix ReleaseNotesTest to count characters, not bytes,
this was causing it to count – as two, and € as three.
Change-Id: Ie89dac6408f8a8dafbf59efe73a11f4d282c0c6b
jenkins-bot [Sat, 1 Sep 2018 19:56:33 +0000 (19:56 +0000)]
Merge "Drop the transcache table from the schema"
jenkins-bot [Sat, 1 Sep 2018 18:32:52 +0000 (18:32 +0000)]
Merge "Add taint annotation and warnings to Language::convert() et al"
Brian Wolff [Sat, 1 Sep 2018 08:25:37 +0000 (08:25 +0000)]
Add taint annotation and warnings to Language::convert() et al
If you feed this method unescaped data, it can cause later calls
to be an XSS, which is something I think deserves a warning.
Bug: T202571
Change-Id: I34cb3da9232a22defffb80466263c2f2233822ef
jenkins-bot [Sat, 1 Sep 2018 11:08:26 +0000 (11:08 +0000)]
Merge "Add a hook to allow changing the query of Special:AncientPages in extensions"
Aaron Schulz [Tue, 28 Aug 2018 17:44:03 +0000 (10:44 -0700)]
Drop the transcache table from the schema
Bug: T189702
Change-Id: I3286a99165953392126fcff07d565738863de6a1
jenkins-bot [Sat, 1 Sep 2018 00:38:48 +0000 (00:38 +0000)]
Merge "mediawiki.user: Fix missing array initialization in generateRandomSessionId"
Timo Tijhof [Fri, 31 Aug 2018 19:44:17 +0000 (20:44 +0100)]
mediawiki.user: Fix missing array initialization in generateRandomSessionId
Array was not properly initialized and thus browsers
that do not support Crypto API where displaying an error
on console.
The tests failed to catch this because assigning window.crypto
to `undefined` does not work (it is a read-only property). This
"fallback" test was actually testing the regular Crypto-based path
a second time.
Bug: T203275
Co-Authored-By: Timo Tijhof <krinklemail@gmail.com>
Change-Id: I8feecddf0878a739e560085f7897ebc3d8100c02
jenkins-bot [Fri, 31 Aug 2018 21:39:32 +0000 (21:39 +0000)]
Merge "Expand special page aliases for Serbian"
jenkins-bot [Fri, 31 Aug 2018 21:00:13 +0000 (21:00 +0000)]
Merge "resources: Use official SRI metadata for qunitjs"
jenkins-bot [Fri, 31 Aug 2018 20:42:43 +0000 (20:42 +0000)]
Merge "Fix wfDebug() test so that it works with overridden SPI"
L10n-bot [Fri, 31 Aug 2018 19:55:15 +0000 (19:55 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Fri, 31 Aug 2018 19:55:05 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ic81e27c4502c3ec52beef3936dd5d9b509c98c1a
Brian Wolff [Fri, 31 Aug 2018 19:32:46 +0000 (19:32 +0000)]
Add taint annotation to HtmlForm::getHTML()
This is to help AbuseFilter pass phan-taint-check.
Change-Id: I73a6a626337037f6b0cee04b0afb5a59907d3be6
Timo Tijhof [Fri, 31 Aug 2018 19:32:16 +0000 (20:32 +0100)]
resources: Use official SRI metadata for qunitjs
When originally added last week, only /jquery/ had SRI metadata
published. The /qunit/ page template on the jQuery CDN wasn't
displaying the SRI metadata, so we generated our own for the time
being. This is now fixed upstream, which makes the hashes easier
to verify.
Change-Id: I922af4a46887f22b6791d5799c87f71ddae40b91
jenkins-bot [Fri, 31 Aug 2018 19:14:13 +0000 (19:14 +0000)]
Merge "Change @return-taint to use onlysafefor_html instad of escapes_html"
jenkins-bot [Fri, 31 Aug 2018 18:53:44 +0000 (18:53 +0000)]
Merge "Use annotations for taint in Parser & ParserOutput."
jenkins-bot [Fri, 31 Aug 2018 17:39:51 +0000 (17:39 +0000)]
Merge "Title: Fix isRawHtmlMessage() for messages with underscores"
Kunal Mehta [Tue, 28 Aug 2018 19:47:49 +0000 (12:47 -0700)]
Title: Fix isRawHtmlMessage() for messages with underscores
Title::getRootText() uses the text form (spaces) of the title, while
$wgRawHtmlMessages was specifying them in dbkey form (underscores).
And add tests while we're at it. Which spotted that the existing
code didn't work. Whoops. Fixed.
Change-Id: I05eea553c588e0f99f862e07ad15386507ed0728
jenkins-bot [Fri, 31 Aug 2018 16:41:15 +0000 (16:41 +0000)]
Merge "resourceloader: Use 'this' to access the mw.loader.store internally"
jenkins-bot [Fri, 31 Aug 2018 15:56:41 +0000 (15:56 +0000)]
Merge "resourceloader: Remove redundant '!!' from startup.js"
Brian Wolff [Fri, 31 Aug 2018 15:55:44 +0000 (15:55 +0000)]
Use annotations for taint in Parser & ParserOutput.
This replaces the builtin taints that are removed in
Ic1e1983a51c. Additionally, parse will no longer warn about
double escaping - there's many situations where such warnings
are wrong (e.g. Using Html::rawElement()). However this also
means that Parser::parse( wfMessage( 'foo' )->parse() ); will
no longer give a double escaping warning, which is unfortunate.
Bug: T202380
Change-Id: Ia52d37411beb62b112c6ff102438063c3d750769
Agabi10 [Thu, 30 Aug 2018 13:35:44 +0000 (13:35 +0000)]
Add a hook to allow changing the query of Special:AncientPages in extensions
Bug: T76287
Change-Id: I6aa4d8e6140d405476a6f480156f24f2c05019cb