# Building & testing
npm-debug.log
node_modules/
+/resources/lib/.foreign
/tests/phpunit/phpunit.phar
/tests/selenium/log
.eslintcache
== MediaWiki 1.11 ==
+== MediaWiki 1.11.2 ==
+
+March 2, 2008
+
+This is a security release of the Fall 2007 snapshot release of MediaWiki.
+Possible cross-site information leaks using the callback parameter for
+JSON-formatted results in the API are prevented by dropping user credentials.
+
+MediaWiki release versions prior to 1.11 are not vulnerable, as they do not
+include the callback feature which allows client-side JavaScript on other sites
+to reach API data.
+
+Changes in this release:
+
+* User credentials are dropped for API JSON requests using a callback
+* Edit tokens are not reported for API JSON requests using a callback
+
+== MediaWiki 1.11.1 ==
+
+January 23, 2008
+
+This is a security and bugfix release of the Fall 2007 snapshot release of
+ MediaWiki. A potential XSS injection vector affecting api.php only for
+ Microsoft Internet Explorer users has been closed.
+
+Changes in this release:
+* (bug [[bugzilla:11450|11450]]) Fix creation of objectcache table on upgrade
+* (bug [[bugzilla:11462|11462]]) Fix typo in LanguageGetSpecialPageAliases hook
+name
+* Fix regression in LinkBatch.php breaking PHP 5.0
+* Security fix for API on MSIE
+
+To work around the vulnerability without upgrading, you may disable the API if
+you don't need it:
+:[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;
+
+Not vulnerable versions:
+* 1.12 or later
+* 1.11 >= 1.11.1
+* 1.10 >= 1.10.3
+* 1.9 >= 1.9.5
+* 1.8 any version (if $wgEnableAPI has been left off)
+
+Vulnerable versions:
+* 1.11 <= 1.11.0rc1
+* 1.10 <= 1.10.2
+* 1.9 <= 1.9.4
+* 1.8 any version (if $wgEnableAPI has been switched on)
+
+MediaWiki 1.7 and below are not affected as they do not include the API
+functionality, however the BotQuery extension is similarly vulnerable unless
+updated to the latest SVN version.
+
+== MediaWiki 1.11.0 ==
+
+September 10, 2007
+
+This is the Fall 2007 snapshot release of MediaWiki.
+
+MediaWiki is now using a "continuous integration" development model with
+quarterly snapshot releases. The latest development code is always kept "ready
+to run", and in fact runs our own sites on Wikipedia.
+
+Release branches will continue to receive security updates for about a year
+from first release, but nonessential bugfixes and feature developments will be
+made on the development trunk and appear in the next quarterly release.
+
+Those wishing to use the latest code instead of a branch release can obtain it
+from source control: [[Download from SVN]]
+
This is the Summer 2007 branch release of MediaWiki.
MediaWiki is now using a "continuous integration" development model with
Those wishing to use the latest code instead of a branch release can obtain
it from source control: https://www.mediawiki.org/wiki/Download_from_SVN
+== Changes since 1.11.0rc1 ==
+
+A possible HTML/XSS injection vector in the API pretty-printing mode has been
+found and fixed.
+
+The vulnerability may be worked around in an unfixed version by simply
+disabling the API interface if it is not in use, by adding this to
+[[Manual:LocalSettings.php|LocalSettings.php]]:<br />
+<code>[[Manual:$wgEnableAPI|$wgEnableAPI]] = false;</code> <br />
+(This is the default setting in 1.8.x.)
+
+Not vulnerable versions:
+* 1.11 >= 1.11.0
+* 1.10 >= 1.10.2
+* 1.9 >= 1.9.4
+* 1.8 >= 1.8.5
+
+Vulnerable versions:
+* 1.11 <= 1.11.0rc1
+* 1.10 <= 1.10.1
+* 1.9 <= 1.9.3
+* 1.8 <= 1.8.4 (if [[Manual:$wgEnableAPI|$wgEnableAPI]] has been switched on)
+
+MediaWiki 1.7 and below are not affected as they do not include the faulty
+function, however the [[Extension:BotQuery|BotQuery extension]] is similarly
+vulnerable unless updated to the latest SVN version.
+
== Configuration changes since 1.10 ==
* $wgThumbUpright - Adjust width of upright images when parameter 'upright' is
usergroups
* $wgEnotifImpersonal, $wgEnotifUseJobQ - Bulk mail options for large sites
* $wgShowHostnames - Expose server host names through the API and HTML comments
-* $wgSaveDeletedFiles has been removed, the feature is now enabled unconditionally
+* $wgSaveDeletedFiles has been removed, the feature is now enabled
+unconditionally
== New features since 1.10 ==
'Maintenance' => __DIR__ . '/maintenance/Maintenance.php',
'MakeTestEdits' => __DIR__ . '/maintenance/makeTestEdits.php',
'MalformedTitleException' => __DIR__ . '/includes/title/MalformedTitleException.php',
- 'ManageForeignResources' => __DIR__ . '/maintenance/resources/manageForeignResources.php',
+ 'ManageForeignResources' => __DIR__ . '/maintenance/manageForeignResources.php',
'ManageJobs' => __DIR__ . '/maintenance/manageJobs.php',
'ManualLogEntry' => __DIR__ . '/includes/logging/LogEntry.php',
'MapCacheLRU' => __DIR__ . '/includes/libs/MapCacheLRU.php',
private $registryFile;
private $libDir;
private $tmpParentDir;
+ private $cacheDir;
private $infoPrinter;
private $errorPrinter;
private $verbosePrinter;
private $action;
+ private $registry;
/**
* @param string $registryFile Path to YAML file
// Use a temporary directory under the destination directory instead
// of wfTempDir() because PHP's rename() does not work across file
- // systems, as the user's /tmp and $IP may be on different filesystems.
- $this->tmpParentDir = "{$this->libDir}/.tmp";
+ // systems, and the user's /tmp and $IP may be on different filesystems.
+ $this->tmpParentDir = "{$this->libDir}/.foreign/tmp";
+
+ $cacheHome = getenv( 'XDG_CACHE_HOME' ) ? realpath( getenv( 'XDG_CACHE_HOME' ) ) : false;
+ $this->cacheDir = $cacheHome ? "$cacheHome/mw-foreign" : "{$this->libDir}/.foreign/cache";
}
/**
* @throws Exception
*/
public function run( $action, $module ) {
- if ( !in_array( $action, [ 'update', 'verify', 'make-sri' ] ) ) {
- throw new Exception( 'Invalid action parameter.' );
+ $actions = [ 'update', 'verify', 'make-sri' ];
+ if ( !in_array( $action, $actions ) ) {
+ $this->error( "Invalid action.\n\nMust be one of " . implode( ', ', $actions ) . '.' );
+ return false;
}
$this->action = $action;
- $registry = $this->parseBasicYaml( file_get_contents( $this->registryFile ) );
+ $this->registry = $this->parseBasicYaml( file_get_contents( $this->registryFile ) );
if ( $module === 'all' ) {
- $modules = $registry;
- } elseif ( isset( $registry[ $module ] ) ) {
- $modules = [ $module => $registry[ $module ] ];
+ $modules = $this->registry;
+ } elseif ( isset( $this->registry[ $module ] ) ) {
+ $modules = [ $module => $this->registry[ $module ] ];
} else {
- throw new Exception( 'Unknown module name.' );
+ $this->error( "Unknown module name.\n\nMust be one of:\n" .
+ wordwrap( implode( ', ', array_keys( $this->registry ) ), 80 ) .
+ '.'
+ );
+ return false;
}
foreach ( $modules as $moduleName => $info ) {
}
}
- $this->cleanUp();
$this->output( "\nDone!\n" );
+ $this->cleanUp();
if ( $this->hasErrors ) {
// The verify mode should check all modules/files and fail after, not during.
return false;
return true;
}
+ private function cacheKey( $src, $integrity ) {
+ $key = basename( $src ) . '_' . substr( $integrity, -12 );
+ $key = preg_replace( '/[.\/+?=_-]+/', '_', $key );
+ return rtrim( $key, '_' );
+ }
+
+ /** @return string|false */
+ private function cacheGet( $key ) {
+ return Wikimedia\quietCall( 'file_get_contents', "{$this->cacheDir}/$key.data" );
+ }
+
+ private function cacheSet( $key, $data ) {
+ wfMkdirParents( $this->cacheDir );
+ file_put_contents( "{$this->cacheDir}/$key.data", $data, LOCK_EX );
+ }
+
private function fetch( $src, $integrity ) {
+ $key = $this->cacheKey( $src, $integrity );
+ $data = $this->cacheGet( $key );
+ if ( $data ) {
+ return $data;
+ }
+
$req = MWHttpRequest::factory( $src, [ 'method' => 'GET', 'followRedirects' => false ] );
if ( !$req->execute()->isOK() ) {
throw new Exception( "Failed to download resource at {$src}" );
$actualIntegrity = $algo . '-' . base64_encode( hash( $algo, $data, true ) );
if ( $integrity === $actualIntegrity ) {
$this->verbose( "... passed integrity check for {$src}\n" );
+ $this->cacheSet( $key, $data );
} else {
if ( $this->action === 'make-sri' ) {
$this->output( "Integrity for {$src}\n\tintegrity: ${actualIntegrity}\n" );
private function cleanUp() {
wfRecursiveRemoveDir( $this->tmpParentDir );
+
+ // Prune the cache of files we don't recognise.
+ $knownKeys = [];
+ foreach ( $this->registry as $info ) {
+ if ( $info['type'] === 'file' || $info['type'] === 'tar' ) {
+ $knownKeys[] = $this->cacheKey( $info['src'], $info['integrity'] );
+ } elseif ( $info['type'] === 'multi-file' ) {
+ foreach ( $info['files'] as $file ) {
+ $knownKeys[] = $this->cacheKey( $file['src'], $file['integrity'] );
+ }
+ }
+ }
+ foreach ( glob( "{$this->cacheDir}/*" ) as $cacheFile ) {
+ if ( !in_array( basename( $cacheFile, '.data' ), $knownKeys ) ) {
+ unlink( $cacheFile );
+ }
+ }
}
/**
* @param string $path Absolute path of JSON file
* @param array $info
* @param int $version manifest_version for info
- * @return array "credits" information to store
*/
public function extractInfo( $path, array $info, $version );
--- /dev/null
+<?php
+/**
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * http://www.gnu.org/copyleft/gpl.html
+ *
+ * @file
+ * @ingroup Maintenance
+ */
+
+require_once __DIR__ . '/Maintenance.php';
+
+/**
+ * Manage foreign resources registered with ResourceLoader.
+ *
+ * @ingroup Maintenance
+ * @since 1.32
+ */
+class ManageForeignResources extends Maintenance {
+ public function __construct() {
+ parent::__construct();
+ $this->addDescription( <<<TEXT
+Manage foreign resources registered with ResourceLoader.
+
+This helps developers with downloading, verifying, and updating local copies of upstream
+libraries registered as ResourceLoader modules. See resources/lib/foreign-resources.yaml.
+
+Use the "update" action to download urls specified in foreign-resources.yaml, and unpack
+them to the resources directory. This will also verify them against the integrity hashes.
+
+Use the "verify" action to verify the files currently in the resources directory match
+what "update" would replace them with. This is effectively a dry-run and will not change
+any module resources on disk.
+
+Use the "make-sri" action to compute an integrity hash for upstreams that do not publish
+one themselves. Add or update the urls foreign-resources.yaml as needed, but omit (or
+leave empty) the "integrity" key. Then, run the "make-sri" action for the module and
+copy the integrity into the file. Then, you can use "verify" or "update" normally.
+TEXT
+ );
+ $this->addArg( 'action', 'One of "update", "verify" or "make-sri"', true );
+ $this->addArg( 'module', 'Name of a single module (Default: all)', false );
+ $this->addOption( 'verbose', 'Be verbose', false, false, 'v' );
+ }
+
+ /**
+ * @return bool
+ * @throws Exception
+ */
+ public function execute() {
+ global $IP;
+ $frm = new ForeignResourceManager(
+ "{$IP}/resources/lib/foreign-resources.yaml",
+ "{$IP}/resources/lib",
+ function ( $text ) {
+ $this->output( $text );
+ },
+ function ( $text ) {
+ $this->error( $text );
+ },
+ function ( $text ) {
+ if ( $this->hasOption( 'verbose' ) ) {
+ $this->output( $text );
+ }
+ }
+ );
+
+ $action = $this->getArg( 0 );
+ $module = $this->getArg( 1, 'all' );
+ return $frm->run( $action, $module );
+ }
+}
+
+$maintClass = ManageForeignResources::class;
+require_once RUN_MAINTENANCE_IF_MAIN;
+++ /dev/null
-### Format of this file
-#
-# The top-level keys are directory names (under resources/lib/).
-# They should match module names (as registered in Resources.php), but there are exceptions.
-# Each top-level key holds a resource descriptor that must have one of
-# the following `type` values:
-#
-# - `tar`: For tarball archive (may be gzip-compressed).
-# - `file: For a plain file.
-# - `multi-file`: For multiple plain files.
-#
-### Type tar
-#
-# The `src` and `integrity` keys are required.
-#
-# * `src`: Full URL to the remote resource.
-# * `integrity`: Cryptographic hash (integrity metadata format per <https://www.w3.org/TR/SRI/>).
-# * `dest`: An object mapping paths to files or directory from the remote resource to a destination
-# in the module directory. The value of key in dest may be omitted, which will extract the key
-# directly to the module directory.
-#
-### Type file
-#
-# The `src` and `integrity` keys are required.
-#
-# * `src`: Full URL to the remote resource.
-# * `integrity`: Cryptographic hash (integrity metadata format per <https://www.w3.org/TR/SRI/>).
-# * `dest`: The name of the file in the module directory. Default: Basename of URL.
-#
-### Type multi-file
-#
-# The `files` key is required.
-#
-# * `files`: An object mapping destination paths to an object containing `src` and `integrity`
-# keys.
-
-CLDRPluralRuleParser:
- type: file
- src: https://raw.githubusercontent.com/santhoshtr/CLDRPluralRuleParser/0dda851/src/CLDRPluralRuleParser.js
- integrity: sha384-M4taeYYG2+9Ob1/La16iO+zlRRmBV5lBR3xUKkQT6kfkJ0aLbCi6yc0RYI1BDzdh
-
-easy-deflate:
- type: multi-file
- files:
- deflate.js:
- src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/deflate.js
- integrity: sha384-sHnZLDSWMUhA2w9ygkzCK8YFvoh/fQKY6lXMbvmrYzjuNURiLB0DZFCDNMpGyZ77
- easydeflate.js:
- src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/easydeflate.js
- integrity: sha384-EwPfP2RMkDPa1HkzQsXgzTsy1KEjcIzQPA1HDS/JPHjvEMvVUsCxWwm1oXql/jk2
- inflate.js:
- src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/inflate.js
- integrity: sha384-hMg44Hw424mUYvmzKl0JT4J8UU/1YYhTiGRtR0YX/MXNLK9qWTK0d62FBCDGxmxw
- README.md:
- src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/README.md
- integrity: sha384-6kwcfCLivvqXBZy2ATyya+mTVWLk3eaQyBdC6tbpBtkygnBrM2SNkq3jz/l7IkvP
-
-html5shiv:
- type: file
- src: https://raw.githubusercontent.com/aFarkas/html5shiv/3.7.3/src/html5shiv.js
- integrity: sha384-RPXhaTf22QktT8KTwZ6bUz/C+7CnccaIw5W/y/t0FW5WSDGj3wc3YtRIJC0w47in
-
-jquery:
- type: file
- src: https://code.jquery.com/jquery-3.3.1.js
- # Integrity from link modals https://code.jquery.com/jquery/
- integrity: sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=
- dest: jquery.js
-
-jquery.client:
- type: tar
- src: https://registry.npmjs.org/jquery-client/-/jquery-client-2.0.2.tgz
- integrity: sha256-8c8nBbBykHEMc4I7ksdKJvvw/P7WkaC2X46RTPdz/pw=
- dest:
- package/AUTHORS.txt:
- package/jquery.client.js:
- package/LICENSE-MIT:
- package/README.md:
-
-jquery.cookie:
- type: multi-file
- files:
- jquery.cookie.js:
- src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/jquery.cookie.js
- integrity: sha384-Xxq63E9KDgzUJ6WPNPqVeOtRIwZyx6y9DzEwY2u6LYKSnWrjSoGtWSKmTindYBf2
- MIT-LICENSE.txt:
- src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/MIT-LICENSE.txt
- integrity: sha384-zYsGf3KJ7S0AhOICjcoh0kkn7aGZlzYUXXX5xz8dwR9KjLMM+/JPR2g/jVOGGeId
- CHANGELOG.md:
- src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/CHANGELOG.md
- integrity: sha384-SQOHhLc7PHxHDQpGE/zv9XfXKL0A7OBu8kuyVDnHVp+zSoWyRw4xUJ+LSm5ql4kS
-
-jquery.form:
- type: file
- src: https://raw.githubusercontent.com/jquery-form/form/ff80d9ddf4/jquery.form.js
- integrity: sha384-h4G2CrcSbixzMvrrK259cNBYaL/vS1D4+KdUN9NJDzQnTU1bQ6Avluget+Id13M7
- dest: jquery.form.js
-
-jquery.fullscreen:
- type: file
- src: https://raw.githubusercontent.com/theopolisme/jquery-fullscreen/v2.1.0/jquery.fullscreen.js
- integrity: sha384-G4KPs2d99tgcsyUnJ3eeZ1r2hEKDwZfc4+/xowL/LIemq2VVwEE8HpVAWt4WYNLR
- dest: jquery.fullscreen.js
-
-jquery.hoverIntent:
- type: file
- src: https://raw.githubusercontent.com/briancherne/jquery-hoverIntent/823603fdac/jquery.hoverIntent.js
- integrity: sha384-lca0haN0hqFGGh2aYUhtAgX9dhVHfQnTADH4svDeM6gcXnL7aFGeAi1NYwipDMyS
- dest: jquery.hoverIntent.js
-
-jquery.jStorage:
- type: file
- src: https://raw.githubusercontent.com/andris9/jStorage/v0.4.12/jstorage.js
- integrity: sha384-geMeN8k803kPp6cqRL4VNfuSM1L8DcbKRk0St/KHJzxgpX9S0y9FA6HxA/JgucrJ
- dest: jstorage.js
-
-jquery.throttle-debounce:
- type: file
- src: https://raw.githubusercontent.com/cowboy/jquery-throttle-debounce/v1.1/jquery.ba-throttle-debounce.js
- integrity: sha384-ULOy4DbAghrCqRcrTJLXOY9e4gDpWh0BeEf6xMSL0VtNudXWggcb6AmrVrl4KDAP
- dest: jquery.ba-throttle-debounce.js
-
-moment:
- type: tar
- src: https://codeload.github.com/moment/moment/tar.gz/2.24.0
- integrity: sha384-2/I9rfqkN8AAgh5wOXXphuo827uV7lMmOodrCfIvqC6W6JKKiDGOwd+lE3e8R0yz
- dest:
- moment-2.24.0/moment.js:
- moment-2.24.0/CHANGELOG.md:
- moment-2.24.0/README.md:
- moment-2.24.0/LICENSE:
- moment-2.24.0/locale/*.js: locale
-
-mustache:
- type: multi-file
- files:
- mustache.js:
- src: https://raw.githubusercontent.com/janl/mustache.js/v1.0.0/mustache.js
- integrity: sha384-k2UYqmzoiq/qgIzZvcYBxbXQW4YdPAsXDOTkHTGb9TCZ9sjCkyT4TlaUN0wQRkql
- LICENSE:
- src: https://raw.githubusercontent.com/janl/mustache.js/v1.0.0/LICENSE
- integrity: sha384-MYVwXwula9+YkyXexOJVZ0v0DaVvG22uX57mNq5Di+7u8OH9EG9q3yuXkp1Iehiq
-
-oojs:
- type: tar
- src: https://registry.npmjs.org/oojs/-/oojs-2.2.2.tgz
- integrity: sha256-ebgQW2EGrSkBCnDJBGqDpsBDjA3PMN/M8U5DyLHt9mw=
- dest:
- package/dist/oojs.jquery.js:
- package/AUTHORS.txt:
- package/LICENSE-MIT:
- package/README.md:
-
-oojs-router:
- type: tar
- src: https://registry.npmjs.org/oojs-router/-/oojs-router-0.2.0.tgz
- integrity: sha384-VngYqdQ3vTDMXbm4e4FUZCCGos7fB0Jkr9V+kBL5MElprK1h0yQZOzBNnMHtSJS/
- dest:
- package/dist/oojs-router.js:
- package/LICENSE:
- package/AUTHORS.txt:
- package/History.md:
-
-ooui:
- type: tar
- src: https://registry.npmjs.org/oojs-ui/-/oojs-ui-0.31.1.tgz
- integrity: sha384-M9KdU6u02zSKCVczcw6YJmSvFLhdeagNg9CPhizYVqrybL8bamrF5u6YfrFGEyiv
- dest:
- # Main stuff
- package/dist/oojs-ui-core.js{,.map.json}:
- package/dist/oojs-ui-core-{wikimediaui,apex}.css:
- package/dist/oojs-ui-widgets.js{,.map.json}:
- package/dist/oojs-ui-widgets-{wikimediaui,apex}.css:
- package/dist/oojs-ui-toolbars.js{,.map.json}:
- package/dist/oojs-ui-toolbars-{wikimediaui,apex}.css:
- package/dist/oojs-ui-windows.js{,.map.json}:
- package/dist/oojs-ui-windows-{wikimediaui,apex}.css:
- package/dist/oojs-ui-{wikimediaui,apex}.js{,.map.json}:
- package/dist/i18n:
- package/dist/images:
- # WikimediaUI theme
- package/dist/themes/wikimediaui/images/icons/*.{svg,png}: themes/wikimediaui/images/icons
- package/dist/themes/wikimediaui/images/indicators/*.{svg,png}: themes/wikimediaui/images/indicators
- package/dist/themes/wikimediaui/images/textures/*.{gif,svg}: themes/wikimediaui/images/textures
- package/src/themes/wikimediaui/*.json: themes/wikimediaui
- package/dist/wikimedia-ui-base.less:
- # Apex theme (icons, indicators, and textures)
- package/src/themes/apex/*.json: themes/apex
- # Misc stuff
- package/dist/AUTHORS.txt:
- package/dist/History.md:
- package/dist/LICENSE-MIT:
- package/dist/README.md:
-
-qunitjs:
- type: multi-file
- # Integrity from link modals at https://code.jquery.com/qunit/
- files:
- qunit.js:
- src: http://code.jquery.com/qunit/qunit-2.9.1.js
- integrity: sha256-eNccBdxd8zReziWcVjEsPeyJDi3LKMYnzMXyDv8bzsU=
- qunit.css:
- src: https://code.jquery.com/qunit/qunit-2.9.1.css
- integrity: sha256-SSS7o92V7wzcIFg3qnJL9mc4msePaT4klbxtuSGvVVo=
-
-sinonjs:
- type: file
- src: https://sinonjs.org/releases/sinon-1.17.7.js
- integrity: sha384-wR63Jwy75KqwBfzCmXd6gYws6uj3qV/XMAybzXrkEYGYG3AQ58ZWwr1fVpkHa5e8
- dest: sinon.js
+++ /dev/null
-<?php
-/**
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- * http://www.gnu.org/copyleft/gpl.html
- *
- * @file
- * @ingroup Maintenance
- */
-
-require_once __DIR__ . '/../Maintenance.php';
-
-/**
- * Manage foreign resources registered with ResourceLoader.
- *
- * @ingroup Maintenance
- * @since 1.32
- */
-class ManageForeignResources extends Maintenance {
- public function __construct() {
- parent::__construct();
- $this->addDescription( <<<TEXT
-Manage foreign resources registered with ResourceLoader.
-
-This helps developers to download, verify and update local copies of upstream
-libraries registered as ResourceLoader modules. See also foreign-resources.yaml.
-
-For sources that don't publish an integrity hash, omit "integrity" (or leave empty)
-and run the "make-sri" action to compute the missing hashes.
-
-This script runs in dry-run mode by default. Use --update to actually change,
-remove, or add files to resources/lib/.
-TEXT
- );
- $this->addArg( 'action', 'One of "update", "verify" or "make-sri"', true );
- $this->addArg( 'module', 'Name of a single module (Default: all)', false );
- $this->addOption( 'verbose', 'Be verbose', false, false, 'v' );
- }
-
- /**
- * @return bool
- * @throws Exception
- */
- public function execute() {
- global $IP;
- $frm = new ForeignResourceManager(
- __DIR__ . '/foreign-resources.yaml',
- "{$IP}/resources/lib",
- function ( $text ) {
- $this->output( $text );
- },
- function ( $text ) {
- $this->error( $text );
- },
- function ( $text ) {
- if ( $this->hasOption( 'verbose' ) ) {
- $this->output( $text );
- }
- }
- );
-
- $action = $this->getArg( 0 );
- $module = $this->getArg( 1, 'all' );
- return $frm->run( $action, $module );
- }
-}
-
-$maintClass = ManageForeignResources::class;
-require_once RUN_MAINTENANCE_IF_MAIN;
'group' => 'jquery.ui',
],
'jquery.ui.spinner' => [
+ 'deprecated' => 'Please use "jquery.spinner" instead.',
'scripts' => 'resources/lib/jquery.ui/jquery.ui.spinner.js',
'dependencies' => [
'jquery.ui.core',
--- /dev/null
+# ## Format of this file
+#
+# The top-level keys in this file correspond with directories under resources/lib/.
+# These in turn are registered as module bundles in Resources.php.
+#
+# ## How to install an foreign resource
+#
+# 1. Add or update the url(s) for the upstream module to this YAML file.
+#
+# Look at other modules for examples. To install a module from npm,
+# we use the tarball distribution from npmjs.org. This is the same as what
+# the npm CLI uses. For example, to install jquery-client@9.2.0, use:
+# <https://registry.npmjs.org/jquery-client/-/jquery-client-9.2.0.tgz>.
+#
+# 2. If the upstream maintainers publish an integrity hash, set that as well.
+# Otherwise, use manageForeignResources.php to compute the integrity hash.
+#
+# Run `php manageForeignResources.php make-sri "my module name"`
+#
+# This will download the specified file(s) and print their integrity hashes,
+# already formatted in YAML, ready for copying to this file.
+#
+# 3. Last but not least, decide where files go.
+#
+# If you specified a direct url to JavaScript or CSS file, this step is
+# optional. See the corresponding documentation section below for more
+# information and examples for "dest" keys. Once you've set any "dest" keys,
+# run `php manageForeignResources.php update "my module name"`.
+#
+# ## Package formats
+#
+# Each top-level key must use one of these types:
+#
+# - `file`: For a plain file.
+# - `multi-file`: For multiple plain files.
+# - `tar`: For a tarball archive (may be compressed).
+#
+# ### The "file" type
+#
+# * `src`: Full URL to the remote resource.
+# * `integrity`: Cryptographic hash (integrity metadata format per <https://www.w3.org/TR/SRI/>).
+# * `dest`: [optional] The file name to use in the module directory. Default: Basename of URL.
+#
+# For example, the following would produce resources/lib/mymodule/x.js:
+#
+# mymodule:
+# type: file
+# src: https://mymodule.example/1.2.3/x.js
+# integrity: sha384-Je+NE+saisQuoi
+#
+# ### The "multi-file" type
+#
+# * `files`: An object mapping destination paths to `src` and `integrity` keys.
+#
+# For example:
+#
+# mymodule:
+# type: multi-file
+# files:
+# x.js:
+# src: https://mymodule.example/1.2.3/x.js
+# integrity: sha384-Je+NE+saisQuoi
+# x.css:
+# src: https://mymodule.example/1.2.3/x.css
+# integrity: sha384-Je+NE+saisQuoi
+#
+# ### The "tar" type
+#
+# * `src`: Full URL to the remote resource.
+# * `integrity`: Cryptographic hash (integrity metadata format per <https://www.w3.org/TR/SRI/>).
+# * `dest`: [optional] The default is to extract all files from the package.
+# To only extract some of the files or directories, use "dest" to specify
+# files, directories, and/or glob patterns. You can use a site like https://unpkg.com/
+# to easily inspect an npm package, like <https://unpkg.com/jquery-client@2.0.2/>.
+#
+# For example:
+#
+# mymodule:
+# type: tar
+# src: https://registry.npmjs.org/jquery-client/-/jquery-client-9.2.0.tgz
+# integrity: sha384-Je+NE+saisQuoi
+# dest:
+# package/dist/x.js:
+# package/dist/i18n:
+# package/dist/style/*.css:
+#
+# The would extract the "x.js" file, the "i18n" directory (recursive),
+# and any "*.css" files from the "style" directory.
+#
+
+CLDRPluralRuleParser:
+ type: file
+ src: https://raw.githubusercontent.com/santhoshtr/CLDRPluralRuleParser/0dda851/src/CLDRPluralRuleParser.js
+ integrity: sha384-M4taeYYG2+9Ob1/La16iO+zlRRmBV5lBR3xUKkQT6kfkJ0aLbCi6yc0RYI1BDzdh
+
+easy-deflate:
+ type: multi-file
+ files:
+ deflate.js:
+ src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/deflate.js
+ integrity: sha384-sHnZLDSWMUhA2w9ygkzCK8YFvoh/fQKY6lXMbvmrYzjuNURiLB0DZFCDNMpGyZ77
+ easydeflate.js:
+ src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/easydeflate.js
+ integrity: sha384-EwPfP2RMkDPa1HkzQsXgzTsy1KEjcIzQPA1HDS/JPHjvEMvVUsCxWwm1oXql/jk2
+ inflate.js:
+ src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/inflate.js
+ integrity: sha384-hMg44Hw424mUYvmzKl0JT4J8UU/1YYhTiGRtR0YX/MXNLK9qWTK0d62FBCDGxmxw
+ README.md:
+ src: https://raw.githubusercontent.com/edg2s/Easy-Deflate/7a6056e5302f6f385ff2efa60afda45b4ad81e51/README.md
+ integrity: sha384-6kwcfCLivvqXBZy2ATyya+mTVWLk3eaQyBdC6tbpBtkygnBrM2SNkq3jz/l7IkvP
+
+html5shiv:
+ type: file
+ src: https://raw.githubusercontent.com/aFarkas/html5shiv/3.7.3/src/html5shiv.js
+ integrity: sha384-RPXhaTf22QktT8KTwZ6bUz/C+7CnccaIw5W/y/t0FW5WSDGj3wc3YtRIJC0w47in
+
+jquery:
+ type: file
+ src: https://code.jquery.com/jquery-3.3.1.js
+ # Integrity from link modals https://code.jquery.com/jquery/
+ integrity: sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=
+ dest: jquery.js
+
+jquery.client:
+ type: tar
+ src: https://registry.npmjs.org/jquery-client/-/jquery-client-2.0.2.tgz
+ integrity: sha256-8c8nBbBykHEMc4I7ksdKJvvw/P7WkaC2X46RTPdz/pw=
+ dest:
+ package/AUTHORS.txt:
+ package/jquery.client.js:
+ package/LICENSE-MIT:
+ package/README.md:
+
+jquery.cookie:
+ type: multi-file
+ files:
+ jquery.cookie.js:
+ src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/jquery.cookie.js
+ integrity: sha384-Xxq63E9KDgzUJ6WPNPqVeOtRIwZyx6y9DzEwY2u6LYKSnWrjSoGtWSKmTindYBf2
+ MIT-LICENSE.txt:
+ src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/MIT-LICENSE.txt
+ integrity: sha384-zYsGf3KJ7S0AhOICjcoh0kkn7aGZlzYUXXX5xz8dwR9KjLMM+/JPR2g/jVOGGeId
+ CHANGELOG.md:
+ src: https://raw.githubusercontent.com/carhartl/jquery-cookie/v1.3.1/CHANGELOG.md
+ integrity: sha384-SQOHhLc7PHxHDQpGE/zv9XfXKL0A7OBu8kuyVDnHVp+zSoWyRw4xUJ+LSm5ql4kS
+
+jquery.form:
+ type: file
+ src: https://raw.githubusercontent.com/jquery-form/form/ff80d9ddf4/jquery.form.js
+ integrity: sha384-h4G2CrcSbixzMvrrK259cNBYaL/vS1D4+KdUN9NJDzQnTU1bQ6Avluget+Id13M7
+
+jquery.fullscreen:
+ type: file
+ src: https://raw.githubusercontent.com/theopolisme/jquery-fullscreen/v2.1.0/jquery.fullscreen.js
+ integrity: sha384-G4KPs2d99tgcsyUnJ3eeZ1r2hEKDwZfc4+/xowL/LIemq2VVwEE8HpVAWt4WYNLR
+
+jquery.hoverIntent:
+ type: file
+ src: https://raw.githubusercontent.com/briancherne/jquery-hoverIntent/823603fdac/jquery.hoverIntent.js
+ integrity: sha384-lca0haN0hqFGGh2aYUhtAgX9dhVHfQnTADH4svDeM6gcXnL7aFGeAi1NYwipDMyS
+
+jquery.jStorage:
+ type: file
+ src: https://raw.githubusercontent.com/andris9/jStorage/v0.4.12/jstorage.js
+ integrity: sha384-geMeN8k803kPp6cqRL4VNfuSM1L8DcbKRk0St/KHJzxgpX9S0y9FA6HxA/JgucrJ
+
+jquery.throttle-debounce:
+ type: file
+ src: https://raw.githubusercontent.com/cowboy/jquery-throttle-debounce/v1.1/jquery.ba-throttle-debounce.js
+ integrity: sha384-ULOy4DbAghrCqRcrTJLXOY9e4gDpWh0BeEf6xMSL0VtNudXWggcb6AmrVrl4KDAP
+
+moment:
+ type: tar
+ src: https://codeload.github.com/moment/moment/tar.gz/2.24.0
+ integrity: sha384-2/I9rfqkN8AAgh5wOXXphuo827uV7lMmOodrCfIvqC6W6JKKiDGOwd+lE3e8R0yz
+ dest:
+ moment-2.24.0/moment.js:
+ moment-2.24.0/CHANGELOG.md:
+ moment-2.24.0/README.md:
+ moment-2.24.0/LICENSE:
+ moment-2.24.0/locale/*.js: locale
+
+mustache:
+ type: multi-file
+ files:
+ mustache.js:
+ src: https://raw.githubusercontent.com/janl/mustache.js/v1.0.0/mustache.js
+ integrity: sha384-k2UYqmzoiq/qgIzZvcYBxbXQW4YdPAsXDOTkHTGb9TCZ9sjCkyT4TlaUN0wQRkql
+ LICENSE:
+ src: https://raw.githubusercontent.com/janl/mustache.js/v1.0.0/LICENSE
+ integrity: sha384-MYVwXwula9+YkyXexOJVZ0v0DaVvG22uX57mNq5Di+7u8OH9EG9q3yuXkp1Iehiq
+
+oojs:
+ type: tar
+ src: https://registry.npmjs.org/oojs/-/oojs-2.2.2.tgz
+ integrity: sha256-ebgQW2EGrSkBCnDJBGqDpsBDjA3PMN/M8U5DyLHt9mw=
+ dest:
+ package/dist/oojs.jquery.js:
+ package/AUTHORS.txt:
+ package/LICENSE-MIT:
+ package/README.md:
+
+oojs-router:
+ type: tar
+ src: https://registry.npmjs.org/oojs-router/-/oojs-router-0.2.0.tgz
+ integrity: sha384-VngYqdQ3vTDMXbm4e4FUZCCGos7fB0Jkr9V+kBL5MElprK1h0yQZOzBNnMHtSJS/
+ dest:
+ package/dist/oojs-router.js:
+ package/LICENSE:
+ package/AUTHORS.txt:
+ package/History.md:
+
+ooui:
+ type: tar
+ src: https://registry.npmjs.org/oojs-ui/-/oojs-ui-0.31.1.tgz
+ integrity: sha384-M9KdU6u02zSKCVczcw6YJmSvFLhdeagNg9CPhizYVqrybL8bamrF5u6YfrFGEyiv
+ dest:
+ # Main stuff
+ package/dist/oojs-ui-core.js{,.map.json}:
+ package/dist/oojs-ui-core-{wikimediaui,apex}.css:
+ package/dist/oojs-ui-widgets.js{,.map.json}:
+ package/dist/oojs-ui-widgets-{wikimediaui,apex}.css:
+ package/dist/oojs-ui-toolbars.js{,.map.json}:
+ package/dist/oojs-ui-toolbars-{wikimediaui,apex}.css:
+ package/dist/oojs-ui-windows.js{,.map.json}:
+ package/dist/oojs-ui-windows-{wikimediaui,apex}.css:
+ package/dist/oojs-ui-{wikimediaui,apex}.js{,.map.json}:
+ package/dist/i18n:
+ package/dist/images:
+ # WikimediaUI theme
+ package/dist/themes/wikimediaui/images/icons/*.{svg,png}: themes/wikimediaui/images/icons
+ package/dist/themes/wikimediaui/images/indicators/*.{svg,png}: themes/wikimediaui/images/indicators
+ package/dist/themes/wikimediaui/images/textures/*.{gif,svg}: themes/wikimediaui/images/textures
+ package/src/themes/wikimediaui/*.json: themes/wikimediaui
+ package/dist/wikimedia-ui-base.less:
+ # Apex theme (icons, indicators, and textures)
+ package/src/themes/apex/*.json: themes/apex
+ # Misc stuff
+ package/dist/AUTHORS.txt:
+ package/dist/History.md:
+ package/dist/LICENSE-MIT:
+ package/dist/README.md:
+
+qunitjs:
+ type: multi-file
+ # Integrity from link modals at https://code.jquery.com/qunit/
+ files:
+ qunit.js:
+ src: http://code.jquery.com/qunit/qunit-2.9.1.js
+ integrity: sha256-eNccBdxd8zReziWcVjEsPeyJDi3LKMYnzMXyDv8bzsU=
+ qunit.css:
+ src: https://code.jquery.com/qunit/qunit-2.9.1.css
+ integrity: sha256-SSS7o92V7wzcIFg3qnJL9mc4msePaT4klbxtuSGvVVo=
+
+sinonjs:
+ type: file
+ src: https://sinonjs.org/releases/sinon-1.17.7.js
+ integrity: sha384-wR63Jwy75KqwBfzCmXd6gYws6uj3qV/XMAybzXrkEYGYG3AQ58ZWwr1fVpkHa5e8
+ dest: sinon.js
-.feedback-spinner {
- display: inline-block;
- zoom: 1;
- *display: inline; /* IE7 and below */ /* stylelint-disable declaration-block-no-duplicate-properties */
- /* @embed */
- background: url( images/spinner.gif );
- width: 18px;
- height: 18px;
-}
-
.mw-feedbackDialog-welcome-message,
.mw-feedbackDialog-feedback-terms {
line-height: 1.4;
padded: true
} );
- this.$spinner = $( '<div>' )
- .addClass( 'feedback-spinner' );
-
// Feedback form
this.feedbackMessageLabel = new OO.ui.LabelWidget( {
classes: [ 'mw-feedbackDialog-welcome-message' ]