Adrian Heine [Tue, 7 Jun 2016 13:15:36 +0000 (15:15 +0200)]
Map dummy language codes in sites
The script that populates the sites table assumes that the
subdomain is the content language code. This is not true for
all wikis. This patch introduces a mapping to fix this issue
on the fly, based on $wgDummyLanguageCodes.
This is driven by the need to avoid "bad" language codes when
creating wikidata items from the client, when "linking" two
pages on different wikis. When we do this, we use the language
code from the sites table for the labels of the new item.
We would like to forbid "dummy" languages in labels and
descriptions, for consistency.
Change-Id: I6452761e14d9902bb069e32d0f499bc39e680453
jenkins-bot [Tue, 17 May 2016 09:33:16 +0000 (09:33 +0000)]
Merge "Let BagOStuff::merge() callbacks override the TTL"
jenkins-bot [Tue, 17 May 2016 09:24:15 +0000 (09:24 +0000)]
Merge "Increase LocalFile lock() timeout and improve error message"
jenkins-bot [Tue, 17 May 2016 08:59:17 +0000 (08:59 +0000)]
Merge "mediawiki.util: Use RegExp.test() instead of String.search()"
Bartosz Dziewoński [Tue, 17 May 2016 02:51:25 +0000 (04:51 +0200)]
Don't override all Moment locales to English
Calling moment.locale() not only defines a locale, it also sets the
current one. The call at the top of moment-locale-overrides.js would
always set it to English.
Follow-up to
c81ab8ae5f89056d23a4b0d36066120b9701d07e.
Bug: T135462
Change-Id: Ie1b70bc410ff0c436bed5bcbfffb8d4433a1923f
jenkins-bot [Tue, 17 May 2016 01:28:01 +0000 (01:28 +0000)]
Merge "Fix Special:Userlogout for $wgAutoloadAttemptLowercase = false"
Gergő Tisza [Tue, 17 May 2016 00:25:47 +0000 (00:25 +0000)]
Fix AuthManager login page breakage
Change-Id: I9b32dd58a4139ebf7483354c63dab7816ef7822e
jdlrobson [Tue, 17 May 2016 00:06:28 +0000 (17:06 -0700)]
Fix Special:Userlogout for $wgAutoloadAttemptLowercase = false
Correct the case of the class name.
Bug: T135460
Change-Id: I50006c2a8396add4ecfc38b4f5a095bbeaca463e
jenkins-bot [Mon, 16 May 2016 20:34:42 +0000 (20:34 +0000)]
Merge "Convert CdnCacheUpdate to event per URL"
Translation updater bot [Mon, 16 May 2016 20:15:59 +0000 (22:15 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I3d5ebd735a385c8b9a6683d996ff54906bece98c
Stanislav Malyshev [Mon, 16 May 2016 19:50:44 +0000 (12:50 -0700)]
Convert CdnCacheUpdate to event per URL
Bug: T134535
Change-Id: I73e22606e86b4db1bc9bf2cb12b9605507ffe2c2
jenkins-bot [Mon, 16 May 2016 20:08:17 +0000 (20:08 +0000)]
Merge "Add Status::getStatusValue()"
jenkins-bot [Mon, 16 May 2016 19:32:46 +0000 (19:32 +0000)]
Merge "mediawiki.jqueryMsg: Implement `<nowiki>` support"
Bartosz Dziewoński [Thu, 5 May 2016 15:20:05 +0000 (11:20 -0400)]
Refactor upload dialog to make it configurable
This aims to solve all the problems and fulfill all the use cases.
It allows the dialog to be configured for Wikimedia Commons without
hardcoding anything, and it should be flexible enough for third-party
use. The default configuration should be sane for any wiki.
The file upload dialog can be configured using $wgUploadDialog.
See DefaultSettings.php for documentation. Example configuration for
Wikimedia Commons: Id56370e2334c8fe34e88180356232b48c244b7c4.
Configuration is loaded using ResourceLoaderUploadDialogModule for
local uploads or using ApiQuerySiteinfo (action=query&meta=siteinfo)
for uploads to a foreign wiki. Custom localisation messages may be
loaded using action=query&meta=allmessages.
Renamed messages:
upload-form-label-own-work-message-local -> upload-form-label-own-work-message-generic-local
upload-form-label-not-own-work-message-local -> upload-form-label-not-own-work-message-generic-local
upload-form-label-not-own-work-local-local -> upload-form-label-not-own-work-local-generic-local
upload-form-label-own-work-message-default -> upload-form-label-own-work-message-generic-foreign
upload-form-label-not-own-work-message-default -> upload-form-label-not-own-work-message-generic-foreign
upload-form-label-not-own-work-local-default -> upload-form-label-not-own-work-local-generic-foreign
Deleted messages, moved to WikimediaMessages in Id2977e19330aeaf854157d4355cd17e5dc72f16a:
upload-form-label-own-work-message-shared
upload-form-label-not-own-work-message-shared
upload-form-label-not-own-work-local-shared
Bug: T118097
Bug: T120998
Bug: T121632
Bug: T121633
Bug: T127895
Change-Id: I3017b8f09c27625deb7a92d6f667895b71cc0637
jenkins-bot [Mon, 16 May 2016 19:12:57 +0000 (19:12 +0000)]
Merge "mediawiki.jqueryMsg: Allow logging errors through mw.track"
jenkins-bot [Mon, 16 May 2016 19:12:15 +0000 (19:12 +0000)]
Merge "Add "mVersion" sanity check to User::loadFromCache()"
jenkins-bot [Mon, 16 May 2016 19:12:07 +0000 (19:12 +0000)]
Merge "AuthManager release notes"
jenkins-bot [Mon, 16 May 2016 19:01:44 +0000 (19:01 +0000)]
Merge "API changes for AuthManager"
jenkins-bot [Mon, 16 May 2016 19:01:34 +0000 (19:01 +0000)]
Merge "Use AuthManager on special pages"
jenkins-bot [Mon, 16 May 2016 17:29:52 +0000 (17:29 +0000)]
Merge "Avoid unstubbing $wgLang in Title::getLocalURL"
Brad Jorsch [Mon, 16 May 2016 16:46:58 +0000 (12:46 -0400)]
Avoid unstubbing $wgLang in Title::getLocalURL
If $query doesn't match the regex, there's no point in unstubbing $wgLang if
that's what happens to be the page language. This also avoids it blowing up if
$wgLang isn't usable due to MW_NO_SESSION.
Bug: T135389
Change-Id: I9a6779c4cc887205215a815db3a765c35f060c42
jenkins-bot [Mon, 16 May 2016 16:33:27 +0000 (16:33 +0000)]
Merge "Add AuthManager"
jenkins-bot [Mon, 16 May 2016 15:21:13 +0000 (15:21 +0000)]
Merge "shared.css: Don't center text in .mw_metadata (file metadata table)"
Brad Jorsch [Thu, 7 Apr 2016 16:20:59 +0000 (12:20 -0400)]
AuthManager release notes
Change-Id: I0f28e6493e6e5ff8ce4eeee1d8cc976ad2eb6d0b
Brad Jorsch [Mon, 11 Jan 2016 18:20:22 +0000 (13:20 -0500)]
API changes for AuthManager
Changes here are:
* action=login is deprecated for use other than bot passwords
* list=users will indicate if a missing user name is creatable.
* Added action=query&meta=authmanagerinfo
* Added action=clientlogin is to be used to log into the main account
* action=createaccount is changed in a non-BC manner
* Added action=linkaccount
* Added action=unlinkaccount
* Added action=changeauthenticationdata
* Added action=removeauthenticationdata
* Added action=resetpassword
Bug: T110276
Bug: T110747
Bug: T110751
Bug: T32788
Bug: T67857
Bug: T28597
Bug: T76103
Change-Id: I244fa9b1e0623247d6d9fa30990411c6df94a496
Gergő Tisza [Tue, 22 Sep 2015 22:50:04 +0000 (22:50 +0000)]
Use AuthManager on special pages
Rewrite authentication-related special pages to use AuthManager.
All the changes mentioned below only take effect when
$wgDisableAuthManager is false.
LoginForm is rewritten to use HTMLForm and split into UserLogin
and CreateAccount; ChangePassword and PasswordReset are rewritten;
ChangeEmail and Preferences are updated. Four new special pages
are added to handle the new capabilities of AuthManager (linked
accounts, secondary authentication providers): LinkAccounts,
UnlinkAccounts, ChangeCredentials, RemoveCredentials.
The old form-based hooks (ChangePasswordForm, UserCreateForm,
UserLoginForm) are deprecated. A new, more generic hook is
available to alter the forms (AuthChangeFormFields);
form changes that involve new fields should be done via
$wgAuthManagerConfig.
UserLoginComplete is limited to web-based login; for more
generic functionality UserLoggedIn can be used instead.
Hooks that assume password-based login (PrefsPasswordAudit,
AbortChangePassword) are removed; the first functionality
is replaced by ChangeAuthenticationDataAudit, the second is
handled by AuthManager. LoginPasswordResetMessage is removed,
the functionality can be recreated via authentication providers.
There are several smaller backwards incompatible changes:
* Adding fields to the login/signup forms by manipulating the
template via the extraInput/extrafields parameters is not
supported anymore. Depending on the authn configuration the
login/signup process might be multistep and it would be
complicated to ensure that extensions can access the data
at the right moment. Instead, you can create an
AuthenticationProvider which can define its own fields and
process them when the authentication is over.
(There is B/C support for a transitional period that works with
the default login form, but might break with configurations that
require multiple steps or redirects.)
* Removed cookie redirect check. This was added in 2003 in
9ead07fe9
for the benefit of bots, but with MediaWiki having an API these days
there is little reason to keep it. Same for the wpSkipCookieCheck
flag (added in 2008 in
29c73e8265).
* Instead of embedding a password field on sensitive special pages
such as ChangeEmail, such pages rely on AuthManager for elevated
security (which typically involves requiring the user to log in again
unless their last login was more than a few minutes ago).
Accordingly, wgRequirePasswordforEmailChange is removed.
* Special:ChangePassword requires login now.
* Special:ResetPassword now sends a separate email to each user when called
with a shared email address.
* the Reason field had a message with 'prefsectiontip' class
which was sorta broken but used in extensions for formatting.
HTMLForm does not support that, so this commit turns it into a help message
which will break formatting. See https://gerrit.wikimedia.org/r/#/c/231884
Bug: T110277
Change-Id: I8b52ec8ddf494f23941807638f149f15b5e46b0c
Depends-On: If4e0dfb6ee6674f0dace80a01850e2d0cbbdb47a
Brad Jorsch [Sun, 22 Nov 2015 20:17:00 +0000 (20:17 +0000)]
Add AuthManager
This implements the AuthManager class and its needed interfaces and
subclasses, and integrates them into the backend portion of MediaWiki.
Integration with frontend portions of MediaWiki (e.g. ApiLogin,
Special:Login) is left for a followup.
Bug: T91699
Bug: T71589
Bug: T111299
Co-Authored-By: Gergő Tisza <gtisza@wikimedia.org>
Change-Id: If89d24838e326fe25fe867d02181eebcfbb0e196
jenkins-bot [Mon, 16 May 2016 14:39:43 +0000 (14:39 +0000)]
Merge "Add SessionProvider::getRememberUserDuration(), fix some durations"
jenkins-bot [Mon, 16 May 2016 12:04:45 +0000 (12:04 +0000)]
Merge "Remove unnecessary annotation"
Gergő Tisza [Mon, 16 May 2016 11:46:07 +0000 (11:46 +0000)]
Remove unnecessary annotation
Since I8a6588209647252a4509078aaa7bf0cb1d9d299a those variables
are not unused anymore.
Change-Id: Id99581083c9194411051050ed70d4bf4d0664e47
Gergő Tisza [Mon, 16 May 2016 09:57:53 +0000 (09:57 +0000)]
Add Status::getStatusValue()
Change-Id: Id8c87373b560a462dcbffe74c9e7c4780c3147f3
jenkins-bot [Mon, 16 May 2016 07:10:54 +0000 (07:10 +0000)]
Merge "Call $job->teardown() even if Job throws an exception."
Brian Wolff [Mon, 16 May 2016 05:26:55 +0000 (01:26 -0400)]
Call $job->teardown() even if Job throws an exception.
teardown() callbacks are primarily used to reset session after
job is done. It seems important to do this, even if exception is
thrown by job.
Change-Id: I0bd449414527321b0ed9063cea268dea5b0766c4
Translation updater bot [Sun, 15 May 2016 19:52:25 +0000 (21:52 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ie62e31d1dfe9cd21d61c3533d9d28929de41f482
Translation updater bot [Sat, 14 May 2016 20:22:57 +0000 (22:22 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I79cf84152b3696200e8439b31fa851552b687a3a
Gergő Tisza [Fri, 13 May 2016 00:03:20 +0000 (00:03 +0000)]
Add SessionProvider::getRememberUserDuration(), fix some durations
- handle $wgExtendedLoginCookieExpiration = 0, $wgCookieExpiration >0
correctly (as nonsensical as it is)
- honor $wgExtendedLoginCookies for forceHTTPS
- consistently ignore shouldRememberUser in ImmutableSessionProviderWithCookie
Change-Id: I1e8fc632b52694aa6eb34ca1e9eae6d0b57df920
jenkins-bot [Sat, 14 May 2016 11:29:13 +0000 (11:29 +0000)]
Merge "Fix GUI for Special:Tags if a user has deletechangetags permission only"
MGChecker [Fri, 13 May 2016 22:10:24 +0000 (00:10 +0200)]
Fix GUI for Special:Tags if a user has deletechangetags permission only
In the really rare case a user has got the deletechangetags, but not the
managechangetags permission, the links to delete tags aren't displayed (because
the script only built the table column in this case). By API, deletechangetags
already works properly without managechangetags.
Change-Id: I675813ba62e6188d650c5486408dbe56e9290ca6
Aaron Schulz [Sat, 14 May 2016 11:03:39 +0000 (04:03 -0700)]
Add "mVersion" sanity check to User::loadFromCache()
This makes it easier to transition to a newer, versioned key format
while still using Het Deploy as normal.
Change-Id: I732af860ba4ea70cc7d1cc5bf46fc09fc35d7502
jenkins-bot [Sat, 14 May 2016 08:24:00 +0000 (08:24 +0000)]
Merge "@since for User::newSystemUser"
Gergő Tisza [Sat, 14 May 2016 08:06:55 +0000 (08:06 +0000)]
@since for User::newSystemUser
Change-Id: Id67a8fcf2f1616e48268ca9105094a8a66b79d73
jenkins-bot [Sat, 14 May 2016 00:37:31 +0000 (00:37 +0000)]
Merge "Make "presumed-fresh" edit stash case cover when users make intervening edits"
Roan Kattouw [Fri, 13 May 2016 23:01:26 +0000 (16:01 -0700)]
Follow-up
6ce974f: also update the hook call in ApiMain
The fact that ApiMain invokes an OutputPage hook is terrible though.
Change-Id: I76bb9c36ccca365f77c9b7e2a481048da04bd909
jenkins-bot [Fri, 13 May 2016 21:52:23 +0000 (21:52 +0000)]
Merge "Remove support for $wgWellFormedXml=false"
jenkins-bot [Fri, 13 May 2016 21:49:26 +0000 (21:49 +0000)]
Merge "Require strip marker names to not have & ' " < or > in them"
jenkins-bot [Fri, 13 May 2016 21:36:57 +0000 (21:36 +0000)]
Merge "OOUIHTMLForm: Don't output an empty hidden LabelWidget if not needed"
jenkins-bot [Fri, 13 May 2016 21:35:37 +0000 (21:35 +0000)]
Merge "Batch links updates performed by refreshLinks jobs"
Aaron Schulz [Fri, 13 May 2016 20:49:56 +0000 (13:49 -0700)]
Make "presumed-fresh" edit stash case cover when users make intervening edits
This still handles users editing inclusions themselves, but is
more relaxed in terms of edits by other users to the inclusions.
Bug: T134620
Change-Id: I6c0d189957481dfb6da0e73581b1d5b69fd3a352
Arlo Breault [Fri, 13 May 2016 20:35:10 +0000 (13:35 -0700)]
Sync up with Parsoid parserTests.
This now aligns with Parsoid commit
b692ba97df11a20978c155e2316578aac2ac973d
Change-Id: I659eb045b106d8c48177f546448ddb80e0fdb2a9
Translation updater bot [Fri, 13 May 2016 19:58:36 +0000 (21:58 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I3bb9af58b7d0a958bf1fc46e75e185f390b3fc65
jenkins-bot [Fri, 13 May 2016 19:48:31 +0000 (19:48 +0000)]
Merge "Add LinkCache::getSelectFields() and use it in a few places"
jenkins-bot [Fri, 13 May 2016 19:48:17 +0000 (19:48 +0000)]
Merge "Warn when a restricted displaytitle is ignored"
jenkins-bot [Fri, 13 May 2016 19:46:05 +0000 (19:46 +0000)]
Merge "LinkHolderArray: Title::makeTitle() does not return null"
jenkins-bot [Fri, 13 May 2016 19:41:58 +0000 (19:41 +0000)]
Merge "LinkHolderArray: Use LinkBatch for generating WHERE in query"
Florian [Sun, 8 May 2016 14:55:34 +0000 (16:55 +0200)]
OOUIHTMLForm: Don't output an empty hidden LabelWidget if not needed
The hidden element is only needed if either a header is set or the form
has errors. If both does not apply, the element isn't needed and should
be omitted instead of hidden with `display:none`.
It's also not needed to add a LabelWidget for the header, if the form has
errors, only, but no header (which would result in an empty space between
the header and the fieldset legend).
Follow up: Ifbf38878d41906184f97169b22002f788711a311
Change-Id: I4ffefdc50d435590d25a7dfc202228920dd801ae
Aaron Schulz [Wed, 4 May 2016 22:05:03 +0000 (15:05 -0700)]
Batch links updates performed by refreshLinks jobs
This should avoid erratic lag spikes that happen as many links are
added and removed via new pages (sometimes bot generated) and edits
that blank pages as well as their reversions.
In the common cases of a modest number of link changes, the entire
update will still happen in one transaction. In any case, link updates
now use a lock to avoid clobbering each other on the same page.
Bug: T109943
Change-Id: Icd453fcc3d28342065893260ad327eae11870245
jenkins-bot [Fri, 13 May 2016 15:54:30 +0000 (15:54 +0000)]
Merge "mediawiki.jqueryMsg: Fix 'asciiAlphabetLiteral' definition"
Bartosz Dziewoński [Thu, 12 May 2016 19:42:19 +0000 (21:42 +0200)]
mediawiki.jqueryMsg: Allow logging errors through mw.track
Example usage in UploadWizard: Idf0e71735c005d25674cf9994494808f82ede686.
Bug: T134050
Change-Id: I715bd841e317da47b6a6eb7a8548be2ef3a6584b
Kunal Mehta [Fri, 13 May 2016 07:00:39 +0000 (00:00 -0700)]
Add LinkCache::getSelectFields() and use it in a few places
Change-Id: Ic65b20cc2aa41f9b481e280918fe95c57da53221
Kunal Mehta [Fri, 13 May 2016 06:27:38 +0000 (23:27 -0700)]
LinkHolderArray: Title::makeTitle() does not return null
Change-Id: I587a34459d4bcc1bae33631561fa6d4a91dfa4a5
Kunal Mehta [Fri, 13 May 2016 06:27:24 +0000 (23:27 -0700)]
LinkHolderArray: Use LinkBatch for generating WHERE in query
The entire query could be replaced with LinkBatch, but that will require
further refactoring.
Change-Id: I87cf2a391486e36e73a13baac65d243fc9196b5c
Timo Tijhof [Thu, 12 May 2016 23:42:51 +0000 (00:42 +0100)]
mediawiki.util: Use RegExp.test() instead of String.search()
More idiomatic and consistent with similar code in our code base.
Also shorter code and marginally faster by not needing to return any
index. RegExp#test returns boolean.
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/RegExp/test
Change-Id: I80fe78fbf4f1a0f4788430f45c12e0227e54ccb2
jenkins-bot [Thu, 12 May 2016 23:14:44 +0000 (23:14 +0000)]
Merge "Remove now-unused LinkCache::$instance"
jenkins-bot [Thu, 12 May 2016 23:13:17 +0000 (23:13 +0000)]
Merge "Make User::isBot() also check the "bot" right for sanity"
Kunal Mehta [Thu, 12 May 2016 23:05:19 +0000 (16:05 -0700)]
Remove now-unused LinkCache::$instance
Follows-up
449084ec4.
Change-Id: Ia43344beba0f1e5f98210d0e4e51e53e138495d1
Aaron Schulz [Thu, 12 May 2016 20:02:41 +0000 (13:02 -0700)]
Make User::isBot() also check the "bot" right for sanity
Change-Id: I835cc23719c1975bb86f642d3ede36c882ce2e9b
jenkins-bot [Thu, 12 May 2016 22:59:01 +0000 (22:59 +0000)]
Merge "Add LinkCache to MediaWikiServices"
jenkins-bot [Thu, 12 May 2016 22:58:57 +0000 (22:58 +0000)]
Merge "Follow-up
cdc93a62bf: add serialize/unserialize tests for RedisBagOStuff"
Aaron Schulz [Thu, 12 May 2016 22:52:56 +0000 (15:52 -0700)]
Increase LocalFile lock() timeout and improve error message
Bug: T132921
Change-Id: Iaec861475b4b6ec91a824672fb81ed5a8eb2b6a9
Kunal Mehta [Thu, 12 May 2016 22:44:33 +0000 (15:44 -0700)]
Add LinkCache to MediaWikiServices
LinkCache::singleton() is now deprecated, and the destroySingleton() and
setSingleton() methods were removed. They were not used in extensions,
and the usage in core was updated to use MediaWikiServices.
Change-Id: I08bb4f7913b03f71331ff683d0197c948aad6790
Matthew Flaschen [Thu, 12 May 2016 22:01:03 +0000 (18:01 -0400)]
Follow-up
cdc93a62bf: add serialize/unserialize tests for RedisBagOStuff
Bug: T134923
Change-Id: I0a7bec40c3fbf301720a248fbe21d46f5e64154c
Ori Livneh [Thu, 12 May 2016 18:10:39 +0000 (11:10 -0700)]
Decouple Xhprof profiling from profiling data processing
The motivation for this patch came from trying to use xhprof to profile the
unit tests. I was able to profile specific test suites, but if I tried to
profile a complete PHPUnit run, I ended up with empty profiling data. My
initial suspicion was that this was due to some Xhprof buffer getting
exhausted. The actual reason ended up being much simpler: the XhprofTest suite
indirectly called xhprof_enable() / xhprof_disable(), which stopped xhprof and
cleared out the data, so that when I was calling xhprof_disable() at the end of
the run, there was no profiling data to return, because xhprof was not running.
For the most part the XhprofTest was already doing the right thing by trying to
avoid having side-effects or relying on xhprof. Wherever possible, test fixture
profiling data was used in lieu of actually running xhprof. But this was not
totally successful because the Xhprof class coupled the collection of data to
the processing of data. Xhprof::__construct() called xhprof_enable(), so there
was no real way around that.
I think that the right way to fix that is to decouple profiling from profiling
data analysis. Thus I renamed 'Xhprof' to 'XhprofData', and modified the class
so that it expects to be fed profiling data rather than going out and
collecting it on its own. As a result, it is now possible to profile a full
phpunit run with xhprof, and the work that went into writing fixtures for the
Xhprof unit tests pays off: the class and the tests no longer have a hard
dependency on the xhprof extension, and the tests do not have to be skipped
when it is not installed. And the tests are really testing the system under
test, rather than the xhprof extension.
Finally, I added a new Xhprof class, which really is just an extremely thin
wrapper around xhprof_enable() / xhprof_disable(). The only extra functionality
it provides is the ability to check whether xhprof is running, via
Xhprof::isEnabled(). Calling Xhprof::enable() when it is already enabled will
cause an exception to be thrown. This should help us avoid running into
situations where two components contend for control of the profiler without
realizing it. A unit test tests this behavior.
The only part of this change that is not covered by tests is the change to
ProfilerXhprof. I tested it manually and it works.
Change-Id: Ica96beded68f04083abaf48ef1ae8c726eb60fa6
jenkins-bot [Thu, 12 May 2016 21:53:41 +0000 (21:53 +0000)]
Merge "Revert "Split editcascadeprotected permission from protect permission""
Legoktm [Thu, 12 May 2016 21:43:06 +0000 (21:43 +0000)]
Revert "Split editcascadeprotected permission from protect permission"
This doesn't make sense because 'editcascadeprotected'
effectively gives you 'protect' rights.
Furthermore, no actual usecase was provided except for a testwiki.
This reverts commit
da3464badaf9c067a4c3d98448ca72a8324e1e19.
Change-Id: I655c1af8f418369c9551db86f24fb6b66c25afdd
Brian Wolff [Wed, 20 Apr 2016 17:22:51 +0000 (13:22 -0400)]
Remove support for $wgWellFormedXml=false
tl;dr: Having unnessary complexity in security critical code is bad.
* Extra options add extra complexity and maintenance burden
** Thus we should only have one html output mode. well formed = false
was already vetoed in T52040, so lets go with WellFormed=true.
* Options which are used by very few people tend to get tested less
* Escaping is an area of code where we should be very conservative
* Having escaping rules depend on making assumptions about which
characters various browsers consider "whitespace" is scary
* $wgWellFormedXml=false has had a negative security impact in the
past (Usually not directly its fault, but has made other bugs
more exploitable)
* Saving a couple bytes (even less bytes after gzip taken into
account) is really not worth it in this context (imho).
Change-Id: I5c922e0980d3f9eb39adb5bb5833e158afda42ed
MGChecker [Sat, 30 Apr 2016 17:01:04 +0000 (19:01 +0200)]
Split off permission to delete tags from managechangetags permission
Every permission included in managechangetags is really harmless and can be reverted
in short time, except of the permission to irriversibly delete tags. That's why
this should be excluded in an additional permission that other wikis can restrict
deletechangetags more than other tag management actions.
Bug: T133811
Change-Id: Ieb9199f2c6997316ae3468ff5a92b2d2456c012f
Bartosz Dziewoński [Wed, 11 May 2016 22:24:04 +0000 (00:24 +0200)]
mediawiki.jqueryMsg: Fix 'asciiAlphabetLiteral' definition
Lack of the '^' anchor in the regex caused some inputs to
be incorrectly parsed. For example, '<b >>>="dir">asd</b>'
was parsed like '<b dir="dir">asd</b>'.
Change-Id: Iec1a13e43d2ed34a52e625bbea129454d44ba348
jenkins-bot [Thu, 12 May 2016 20:51:57 +0000 (20:51 +0000)]
Merge "Allow the signature button wikitext to be overridden locally"
jenkins-bot [Thu, 12 May 2016 20:37:00 +0000 (20:37 +0000)]
Merge "Split editcascadeprotected permission from protect permission"
jenkins-bot [Thu, 12 May 2016 20:33:25 +0000 (20:33 +0000)]
Merge "Parser tests: Also register namespace 101 to accompany 100"
jenkins-bot [Thu, 12 May 2016 20:33:21 +0000 (20:33 +0000)]
Merge "LinkCache: Use LinkTarget instead of Title"
jenkins-bot [Thu, 12 May 2016 20:33:14 +0000 (20:33 +0000)]
Merge "TitleFormatter: Match Title behavior for non-existent namespaces"
Paladox [Mon, 14 Dec 2015 19:57:39 +0000 (19:57 +0000)]
Allow the signature button wikitext to be overridden locally
Related change in wikieditor: I43f5bbaee007bbd038f2e118b3ffb8690753afb8
Bug: T26191
Change-Id: I33de58e9729a51ae73a13853ffcfcbb2d2305111
Translation updater bot [Thu, 12 May 2016 19:52:56 +0000 (21:52 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I96105a757969f20b5ae7449773862dc92fa542cc
jenkins-bot [Thu, 12 May 2016 19:44:17 +0000 (19:44 +0000)]
Merge "Document WAN cache FLD_* constants"
jenkins-bot [Thu, 12 May 2016 19:30:12 +0000 (19:30 +0000)]
Merge "objectcache: Inject current time into WANObjectCache::wrap()"
jenkins-bot [Thu, 12 May 2016 19:24:32 +0000 (19:24 +0000)]
Merge "Add tests for Title::getPrefixedText()"
jenkins-bot [Thu, 12 May 2016 19:22:27 +0000 (19:22 +0000)]
Merge "registration: Handle $wgSessionProviders in ExtensionProcessor"
jenkins-bot [Thu, 12 May 2016 19:20:34 +0000 (19:20 +0000)]
Merge "Add wfDeprecated calls to WatchedItem"
jenkins-bot [Thu, 12 May 2016 19:10:31 +0000 (19:10 +0000)]
Merge "Re add @access protected on Title::__construct"
jenkins-bot [Thu, 12 May 2016 19:10:25 +0000 (19:10 +0000)]
Merge "wfTempDir try harder to get a tmp dir on Windows"
Gergő Tisza [Wed, 11 May 2016 21:41:42 +0000 (21:41 +0000)]
registration: Handle $wgSessionProviders in ExtensionProcessor
See https://www.mediawiki.org/wiki/Manual:$wgSessionProviders
Change-Id: Ic9daf9898a0c044d1e2611ca0276d7904a3372ce
Aaron Schulz [Thu, 12 May 2016 04:48:04 +0000 (21:48 -0700)]
objectcache: Inject current time into WANObjectCache::wrap()
Change-Id: Iaba8e09b904e12c0f6883cf6f10211e82a7d75db
Kunal Mehta [Thu, 12 May 2016 18:35:20 +0000 (11:35 -0700)]
Parser tests: Also register namespace 101 to accompany 100
It is expected that namespaces (except for NS_SPECIAL) will have a
paired subject and talk namespace. While not having the accompanying
talk namespace mostly works, it can cause unexpected issues when some
code paths (e.g. WikiPage::onArticleCreate()) expect it to exist.
Change-Id: I8f02fd886d0256679dfc10e1743204da4c6678b7
Kunal Mehta [Wed, 27 Apr 2016 21:52:50 +0000 (14:52 -0700)]
LinkCache: Use LinkTarget instead of Title
Change-Id: I9ed5a095fc50334a3c41fd52f6d05611dadbaf68
Kunal Mehta [Thu, 12 May 2016 18:25:51 +0000 (11:25 -0700)]
TitleFormatter: Match Title behavior for non-existent namespaces
In TitleFormatter::getPrefixedDBkey(), match the
Title::getPrefixedDBkey() behavior for non-existent namespaces by using
an empty string for the namespace and including a leading colon.
Change-Id: I195c36df69963c7409711dd97bece078f61faf77
Kunal Mehta [Thu, 12 May 2016 18:14:47 +0000 (11:14 -0700)]
Add tests for Title::getPrefixedText()
Change-Id: I2afd7ef8b6fd733dd2928a82e89b158fc6fab56d
jenkins-bot [Thu, 12 May 2016 11:47:08 +0000 (11:47 +0000)]
Merge "Make updateCollation wait for slaves every 500 (instead of 2000)"
Bartosz Dziewoński [Wed, 11 May 2016 22:21:34 +0000 (00:21 +0200)]
mediawiki.jqueryMsg: Implement `<nowiki>` support
Only `<nowiki>...</nowiki>` is supported (self-closing `<nowiki/>` is not).
Anything inside the tag is treated as plain text and returned as-is (but
escaped, if necessary, as usual).
Bug: T47173
Change-Id: I9b037907470595753ef19374c87a6513b631eef8
jenkins-bot [Thu, 12 May 2016 11:38:49 +0000 (11:38 +0000)]
Merge "collation: Refactor getFirstLetterData() cache handling"