Antoine Musso [Tue, 30 Aug 2016 12:36:47 +0000 (14:36 +0200)]
Revert "EditPage: Use context instead of globals (3/4)"
This reverts commit
27fd11095213eaf2b3b5d2e21a93b6ee03c3b004.
Change-Id: I23480a49d69fbede292a1d41f1c5e783b6366852
Antoine Musso [Tue, 30 Aug 2016 12:36:48 +0000 (14:36 +0200)]
Revert "EditPage: Use context instead of globals (4/4)"
This reverts commit
589cadedf31787e75c9f83b3c4f05c79397dd4cc.
Change-Id: I4022ab93ca9bb3e41f1f563c4e919d8f3e4cb18f
Kunal Mehta [Wed, 24 Aug 2016 01:55:56 +0000 (18:55 -0700)]
EditPage: Use context instead of globals (4/4)
Change-Id: Ie84bceb0ac0940a7d14b9790eb8ab81321b20629
Kunal Mehta [Wed, 24 Aug 2016 01:39:38 +0000 (18:39 -0700)]
EditPage: Use context instead of globals (3/4)
Change-Id: Id4f905c8db35d5c64375f55e2040d40b04f18dee
Kunal Mehta [Wed, 24 Aug 2016 01:23:20 +0000 (18:23 -0700)]
EditPage: Use context instead of globals (2/4)
Change-Id: I3b727fa5cb42ca2a7abf1a54fe4f2b4996f5150c
Kunal Mehta [Wed, 24 Aug 2016 00:56:38 +0000 (17:56 -0700)]
EditPage: Use context instead of globals (1/4)
Change-Id: Ie4e9c492679a75d753b69fb09f510564b9e7f0a8
Kunal Mehta [Wed, 24 Aug 2016 00:48:55 +0000 (17:48 -0700)]
EditPage: Fix some doc blocks
Change-Id: I0399df658b3b9c000b72dacbdc4ea18678a32db4
Kunal Mehta [Wed, 24 Aug 2016 00:48:43 +0000 (17:48 -0700)]
EditPage: Add getContext() function
EditPage already has access to a IContextSource object via
$this->mArticle->getContext(), but no code ever uses it. Add a
$this->getContext() helper function and $this->context member variable
so developers are aware that RequestContext is available and should be
used instead of globals. This is the first step to de-globalifying
EditPage.
Change-Id: I17130bdaf214e9bbe0577a0ee5564ca4760c99e1
jenkins-bot [Wed, 24 Aug 2016 00:17:38 +0000 (00:17 +0000)]
Merge "EditPage: Allow the 'save' button's label to be 'publish' for public wikis"
jenkins-bot [Wed, 24 Aug 2016 00:14:38 +0000 (00:14 +0000)]
Merge "EditPage: Show a different label for the button on create vs. modify"
Krinkle [Tue, 23 Aug 2016 22:16:27 +0000 (22:16 +0000)]
Merge "HTMLMultiSelectField: Add 'dropdown' option for 'mw-chosen' behavior and document"
jenkins-bot [Tue, 23 Aug 2016 21:33:56 +0000 (21:33 +0000)]
Merge "Upgrade justinrainbow/json-schema to ~3.0"
Florian Schmidt [Mon, 15 Aug 2016 17:36:00 +0000 (19:36 +0200)]
Upgrade justinrainbow/json-schema to ~3.0
The release between 1.6.1 and 3.0.0 has a huge amount of code
maintenance changes, as well as internal optimization and some
"visible" changes (as well as the one mentioned in the linked
task).
However, it's a version jump over 2 major versions, which is,
by it's definition a major change ;). Nonetheless, the (for us)
important api has changed marginally: Instead of using the
JsonSchema\Uri\UriRetriever class to retrieve the schema, we now use
the $ref keyword to reference the json schema file (which also is
an internal optimization). In this way, we let the json-schema library
decide, how to resolve a ref (and the schema) instead of relying
on the UriRetriever api to be public and stable.
The versions also include various bug fixes (which, as far as I know,
doesn't apply to us).
I tested this change with various combinations of valid and invalid
extension.json schemas (version 2 as well as version 3). Given that
there were no major changes to the schema interpretation itself, and
the good test coverage of the library, there shouldn't be a high risk
because of this change.
The full list of changes can be found at:
https://github.com/justinrainbow/json-schema/compare/1.6.1...3.0.0
as well as the changelogs of the single versions:
https://github.com/justinrainbow/json-schema/releases
Bug: T141281
Depends-On: I5687286da9f7fa2bb2b84699fa43ab3c2547fe03
Change-Id: Ie37e2ebc48684783abf8d99d2f775ee6a5988da7
Chad Horohoe [Tue, 23 Aug 2016 19:16:01 +0000 (12:16 -0700)]
CloneDatabase: Simplify callback structure
Change-Id: I4d5184fd7417e61e9a111bd414f8c62539229ef9
Bartosz Dziewoński [Wed, 27 Jul 2016 14:43:01 +0000 (16:43 +0200)]
Implement NumericUppercaseCollation
This collation orders text with numbers "naturally", so that
'Foo 1' < 'Foo 2' < 'Foo 12'.
Note that this only works in terms of sequences of digits, and the
behavior for decimal fractions or pretty-formatted numbers may be
unexpected.
This is only expected to work mostly correctly for English-language
text. Consider it a proof of concept. You probably want to use
an UCA collation with '-u-kn' suffix rather than this.
Bug: T8948
Change-Id: Ie268f2d92c5c75d0aaecf54ede2bdda1af3b309d
jenkins-bot [Tue, 23 Aug 2016 18:33:34 +0000 (18:33 +0000)]
Merge "content: Refactor normalization of line endings code"
Kunal Mehta [Tue, 16 Aug 2016 21:58:15 +0000 (14:58 -0700)]
content: Refactor normalization of line endings code
The code that normalizes line endings ("\r\n" and "\r" to "\n") and
trims trailing whitespace is buried in Parser::preSaveTransform(), and
was duplicated to TextContent in
96b6afb31dfcff, as non-wikitext content
models should still be normalizing line endings.
This splits the duplicated code into
TextContent::normalizeLineEndings(), and utilize it in the Parser.
Additionally, expand the documentation of
TextContent::preSaveTransform() to document that subclasses should make
sure they normalize line endings during the PST stage.
And remove a useless rtrim() call from WikitextContent that did nothing.
Change-Id: I9094c671d4bbd23d75436f8f1d682d6dd6e6d2fc
jenkins-bot [Tue, 23 Aug 2016 18:09:35 +0000 (18:09 +0000)]
Merge "Avoid INSERT..SELECT in doArticleDeleteReal()"
Aaron Schulz [Tue, 23 Aug 2016 05:23:58 +0000 (22:23 -0700)]
Remove commit() calls from JobQueueDB
These are not safe for the common case where the local DB
handle is used for the queue (and other table writes).
Change-Id: Ic24a05c18bf31e49bf7e9a3c058deb5d35271511
Aaron Schulz [Fri, 19 Aug 2016 09:06:11 +0000 (02:06 -0700)]
Avoid INSERT..SELECT in doArticleDeleteReal()
That construct has poor locking characteristics in terms of
auto-inc columns as well as not allowing such inserts concurrently
for statement-based replication. Also, the INSERT..SELECT did not
have an ORDER BY, which could lead to ar_id drift with statement
based replication.
Change-Id: I9396869e474bc082fa6161b60afa3a5247df773b
Dpatrick [Tue, 23 Aug 2016 16:38:53 +0000 (16:38 +0000)]
Merge "Tell users that js/css subpages are public"
jenkins-bot [Tue, 23 Aug 2016 16:25:23 +0000 (16:25 +0000)]
Merge "Reduce problems caused by $wgRunJobsAsync"
Aaron Schulz [Tue, 23 Aug 2016 15:57:28 +0000 (08:57 -0700)]
Fix broken lockmanager-fail-releaselock status messages
Change-Id: Icb0cfa6e38bc81c35430023afe50dd94ef3b2013
jenkins-bot [Tue, 23 Aug 2016 15:52:26 +0000 (15:52 +0000)]
Merge "Expose form field objects in HTMLForm"
jenkins-bot [Tue, 23 Aug 2016 15:25:13 +0000 (15:25 +0000)]
Merge "Make login/signup footer available to AuthChangeFormFields hook"
jenkins-bot [Tue, 23 Aug 2016 15:12:24 +0000 (15:12 +0000)]
Merge "Improve default behavior for HTMLForm::canDisplayErrors"
jenkins-bot [Tue, 23 Aug 2016 14:18:39 +0000 (14:18 +0000)]
Merge "mw.widgets.CategoryCapsuleItemWidget: Debug logging for "queue[title] is undefined""
Bartosz Dziewoński [Tue, 23 Aug 2016 13:50:13 +0000 (15:50 +0200)]
mw.widgets.CategoryCapsuleItemWidget: Debug logging for "queue[title] is undefined"
Bug: T139130
Change-Id: Icd852a0b0d5cc42863965e303c410d1be50ff364
jenkins-bot [Tue, 23 Aug 2016 13:28:12 +0000 (13:28 +0000)]
Merge "SpecialMyLanguage: Use page language instead of wiki language for redirect target check"
Florian [Fri, 18 Dec 2015 02:26:23 +0000 (03:26 +0100)]
SpecialMyLanguage: Use page language instead of wiki language for redirect target check
With the change, named in Follow up, it's possible for site owners to
allow to change the language of a page using a special page.
Theoretically, any page can have another or a different page language,
depending on, if the language was changed using the special page or not.
For Special:MyLanguage it isn't enough anymore to check, if the current
user language is the same as the default content language. It has to
check, if the page language (which can potentionally differ from the
default content language) is the same as the user language.
The problem:
If content language is the same as the user language, Special:MyLanguage
currently redirects to the "base page" of a page ("Testpage" instead of
"Testpage/de"), no matter, if the page language of the base part is
another one as the default content language. This can result in the
problem, that Special:MyLanguage redirects to a page, that has a
different language as the user language, even if a subpage with the user
language code exists. This is fixed with this change.
Follow up: I0f82b146fbe948f917c1
Bug: T121834
Change-Id: Ic9fc9049813c153111829d37a2c248dc0768e0fb
jenkins-bot [Tue, 23 Aug 2016 12:54:48 +0000 (12:54 +0000)]
Merge "Introduce {{#time: xit}} for days in the month in Iranian calendar"
jenkins-bot [Tue, 23 Aug 2016 12:49:43 +0000 (12:49 +0000)]
Merge "User namespace localisation update for Slovak"
Fomafix [Tue, 23 Aug 2016 07:12:35 +0000 (07:12 +0000)]
OutputPage.php: Reuse existing variable $user
Follows-up to
81c291f2
Change-Id: Id32daf74549c8af886a46119b30ff29ab2a6ac94
jenkins-bot [Tue, 23 Aug 2016 07:00:55 +0000 (07:00 +0000)]
Merge "objectcache: Add missing @covers to unit tests"
Timo Tijhof [Tue, 23 Aug 2016 06:20:42 +0000 (23:20 -0700)]
objectcache: Add missing @covers to unit tests
* HashBagOStuff: 100%
* CachedBagOStuff: 64%
* MultiWriteBagOStuff: 33%
Change-Id: I50bb8f5eda7eabadb5fd4b841af42b3bbcaf9611
Aaron Schulz [Tue, 23 Aug 2016 06:04:36 +0000 (23:04 -0700)]
Reduce problems caused by $wgRunJobsAsync
* Use getCanonicalURL() to avoid links with the wrong host (e.g.
when it is virtual) and to avoid getting redirects.
* Also disable this setting when post-send execution is already
available, by default.
* Bump the socket timeout slightly.
Bug: T107290
Bug: T68485
Change-Id: I56c43193fa6583cc0c8209ff59cf20c986a799a3
Aaron Schulz [Tue, 23 Aug 2016 01:41:05 +0000 (18:41 -0700)]
Code cleanups to SqlBagOStuff
* Refactor local DB usage check into usesMainDB() method.
* Avoid using the db member of DBError instances.
Change-Id: I7350f5a471c551492094bfaf545ebc222eb6f7dd
jenkins-bot [Tue, 23 Aug 2016 05:09:43 +0000 (05:09 +0000)]
Merge "Pingback: Tweak docs a tiny bit to point to mw.org better"
jenkins-bot [Tue, 23 Aug 2016 04:57:41 +0000 (04:57 +0000)]
Merge "Move EnqueueableDataUpdate to a separate file"
jenkins-bot [Tue, 23 Aug 2016 04:48:17 +0000 (04:48 +0000)]
Merge "Release notes for all the previous security patches"
jenkins-bot [Tue, 23 Aug 2016 04:39:59 +0000 (04:39 +0000)]
Merge "Remove redundant isLoggedIn() call"
Chad Horohoe [Mon, 22 Aug 2016 19:39:05 +0000 (12:39 -0700)]
Release notes for all the previous security patches
Change-Id: Ie93338b7d41a90f3ffdfa1b41891994935c965c7
jenkins-bot [Tue, 23 Aug 2016 04:34:38 +0000 (04:34 +0000)]
Merge "SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights()"
jenkins-bot [Tue, 23 Aug 2016 04:29:20 +0000 (04:29 +0000)]
Merge "Remove commit() hack from User::addToDatabase()"
jenkins-bot [Tue, 23 Aug 2016 04:23:26 +0000 (04:23 +0000)]
Merge "Various database class cleanups"
Aaron Schulz [Tue, 23 Aug 2016 04:20:49 +0000 (21:20 -0700)]
Move EnqueueableDataUpdate to a separate file
Change-Id: Iabc291cd1f3c5390ca8bcc5da64a0ff01a082575
Timo Tijhof [Tue, 23 Aug 2016 04:08:23 +0000 (21:08 -0700)]
Remove redundant isLoggedIn() call
Follows-up
3e7a50d5,
81c291f26.
Change-Id: I76f71f92ed8f2f57b871fa359c469f83357d8025
Brad Jorsch [Thu, 7 Jul 2016 21:24:50 +0000 (17:24 -0400)]
SECURITY: Move 'UserGetRights' call before application of Session::getAllowedUserRights()
This prevents hook functions from accidentally adding rights that should
be denied based on the session grants.
If some extension really needs to be able to override session grants,
add a new hook where the old call was, with documentation explicitly
warning about the security implications.
Bug: T139670
Change-Id: I6392cf4d7cc9d3ea96554b25bb5f8abb66e9031b
jenkins-bot [Tue, 23 Aug 2016 03:53:06 +0000 (03:53 +0000)]
Merge "SECURITY: XSS in unclosed internal links"
jenkins-bot [Tue, 23 Aug 2016 03:51:49 +0000 (03:51 +0000)]
Merge "SECURITY: Escape '<' and ']]>' in inline <style> blocks"
jenkins-bot [Tue, 23 Aug 2016 03:46:00 +0000 (03:46 +0000)]
Merge "Run LinksDeletionUpdate after commit() in namespaceDupes.php"
jenkins-bot [Tue, 23 Aug 2016 03:39:48 +0000 (03:39 +0000)]
Merge "resourceloader: Move batch fetch logic out of mw.loader.work()"
Brian Wolff [Wed, 8 Jun 2016 02:35:15 +0000 (22:35 -0400)]
SECURITY: XSS in unclosed internal links
rawurldecode was being run on unclosed internal links
which could allow an attacker to insert arbitrary
html into the page.
See also related: r13302
Bug: T137264
Change-Id: I4e112a9e918df9fe78b62c311939239b483a21f5
Brian Wolff [Wed, 20 Apr 2016 17:41:20 +0000 (13:41 -0400)]
SECURITY: Escape '<' and ']]>' in inline <style> blocks
This is to prevent people from closing the <style> tag, and
then doing arbitrary js-y things. In particular, this is needed
for when previewing user css pages.
This does not escape '>' since its used as the child selector
in css, and generally speaking, '>' is safe inside the contents
of elements.
Bug: T133147
Change-Id: If024398d7bd4b578ad7f8c74367787f5b19eb9d7
Timo Tijhof [Tue, 9 Aug 2016 01:16:41 +0000 (18:16 -0700)]
resourceloader: Move batch fetch logic out of mw.loader.work()
Changes:
* Move batch fetch logic out of work() into a new private method
called batchRequest().
* Avoid confusion between request as 'network fetch' and request as
'need a module'. Renamed 'request()' to 'enqueue()' to avoid
confusion with doRequest.
Changed most other instances of 'request' to 'require', 'need', or
more specific request details such as 'url' and 'query string'.
* Keep comment about important of clearing the queue in work()
and move it to be about 'queue' instead of 'batch'.
Variable 'batch' is now local to work() and no longer shared
through scope. I don't know why this wasn't local before.
* Remove bad early return in work() when batch is empty. This was before
the clearing of the queue. This could cause cached modules to remain in
the queue for the next time work() is called.
This commit is in preparation for T142129, which will make the cache-eval
logic asynchronous in mw.loader.work().
Change-Id: I91e50232637e01822b03d77d1add3a2275e18027
Chad Horohoe [Fri, 19 Aug 2016 20:53:52 +0000 (13:53 -0700)]
SECURITY: Require login to preview user CSS pages
Anon users have predictable edit tokens, hence someone could
force an anon to execute arbitrary CSS by means of a CSRF.
Bug: T133147
Change-Id: I442b2b46cadb967aaa1f35648eff183fc7eaa475
Aaron Schulz [Sat, 20 Aug 2016 06:51:46 +0000 (23:51 -0700)]
Various database class cleanups
* Refactor out some code duplication in query() into a
separate private method.
* Remove the total master/slave query profiling, which is not
necessary and redundant.
* Provide a default implementation for reconnect().
* Make reconnect() catch errors so it can match the docs that say
it returns true/false to indicate failure. Likewise for ping().
* Optimize ping() to no-op if there was obvious recent activity.
* Move the ping() round in JobRunner to approveMasterChanges.
This way, all commit rounds benefit from this logic.
* Add more doc comments for DatabaseBase fields.
Change-Id: Ic90ce2be4187244a0e8d44854c39d4b78be8e642
jenkins-bot [Tue, 23 Aug 2016 03:05:53 +0000 (03:05 +0000)]
Merge "SECURITY: Do not allow undeleting a revdel'd file if its top file"
jenkins-bot [Tue, 23 Aug 2016 02:28:32 +0000 (02:28 +0000)]
Merge "SECURITY: Make $wgBlockDisablesLogin also restrict logged in permissions"
Brian Wolff [Mon, 18 Apr 2016 16:45:56 +0000 (12:45 -0400)]
SECURITY: Do not allow undeleting a revdel'd file if its top file
This prevents admins being able to view suppressed files, by simply
deleting them, and then undeleting only the file revision that they
want to view.
This dates back to r43288. Unclear if it was intentional.
Bug: T132926
Change-Id: Ib767de853a37099305db20529378fa756ee1bdfe
Brian Wolff [Wed, 29 Jun 2016 14:45:25 +0000 (10:45 -0400)]
SECURITY: Make $wgBlockDisablesLogin also restrict logged in permissions
Does both Title and user related methods, so it catches things that only
call $wgUser->isAllowed( 'read' ), as well as giving a nicer error message
for things that use $title->userCan().
Otherwise, the user can still do stuff and read pages if they have an
ongoing session.
Issue reported by Multichill
Bug: T129738
Change-Id: Ic929a385fa81c27cbc6ac3a0862f51190d3ae993
jenkins-bot [Tue, 23 Aug 2016 01:34:04 +0000 (01:34 +0000)]
Merge "SECURITY: Make blocks log users out if $wgBlockDisablesLogin"
jenkins-bot [Tue, 23 Aug 2016 01:34:00 +0000 (01:34 +0000)]
Merge "SECURITY: Check read permission when loading page content in ApiParse."
Aaron Schulz [Fri, 19 Aug 2016 20:17:33 +0000 (13:17 -0700)]
Remove direct rollback() calls from some places
Rely on the mass-rollback logic in MWExceptionHandler instead.
This results in a better chance of atomicity.
Change-Id: I2eb5661d4acc105a1323d69c5463268c234bd745
Brian Wolff [Tue, 19 Apr 2016 14:25:43 +0000 (10:25 -0400)]
SECURITY: Make blocks log users out if $wgBlockDisablesLogin
Issue originally reported by Multichill
Bug: T129738
Change-Id: Iddc58e504297c60f6d3ca99f21034fe7c5cf9801
Daniel Kinzler [Mon, 13 Jun 2016 08:01:43 +0000 (04:01 -0400)]
SECURITY: Check read permission when loading page content in ApiParse.
Prevents leaking page contents for extensions that deny read rights
to certain pages via a userCan hook, but still allow the user to
have read rights in general.
Issue originally reported by Tobias
Bug: T115333
Change-Id: I19f5c2583393794cff802a70af7ccf43c2fed85c
Aaron Schulz [Tue, 23 Aug 2016 00:13:33 +0000 (17:13 -0700)]
Move invalidatePages() to new PurgeJobUtils class
This does not really belong in SqlDataUpdate.
Change-Id: I7166e50696483371f95db3a8b6bce44b0f866ccd
Aaron Schulz [Mon, 22 Aug 2016 23:15:24 +0000 (16:15 -0700)]
Run LinksDeletionUpdate after commit() in namespaceDupes.php
This DataUpdate (or any for that matter) is not meant to be run in
the same transaction as random other stuff.
Bug: T143631
Change-Id: Ic40865805c26acc88e613a592b922ffb121962d2
jenkins-bot [Mon, 22 Aug 2016 22:31:13 +0000 (22:31 +0000)]
Merge "Deprecated jQuery method .size() replaced with property .length"
Gergő Tisza [Mon, 22 Aug 2016 22:27:28 +0000 (22:27 +0000)]
Improve default behavior for HTMLForm::canDisplayErrors
Change-Id: I3cd94d9b6ce0343af35c1623dac357cccc44293c
Gergő Tisza [Mon, 22 Aug 2016 22:24:41 +0000 (22:24 +0000)]
Expose form field objects in HTMLForm
Change-Id: Id22c5b9da154d67948ff2b91702a256c25718312
jenkins-bot [Mon, 22 Aug 2016 21:50:21 +0000 (21:50 +0000)]
Merge "Add `.mw-ui-icon-small` to icon classes"
Victor Porton [Mon, 22 Aug 2016 20:20:13 +0000 (23:20 +0300)]
Deprecated jQuery method .size() replaced with property .length
Bug: T143596
Change-Id: I1b37715097ea3f801bb4b8fdfda2a1232fdb118c
jenkins-bot [Mon, 22 Aug 2016 20:01:50 +0000 (20:01 +0000)]
Merge "Special:UserLogin: Don't show login button when not required"
Bartosz Dziewoński [Mon, 22 Aug 2016 19:16:21 +0000 (21:16 +0200)]
ApiUpload: Fix fatal in dieStatusWithCode()
If $extraData was null, but $moreExtraData was given, the following
fatal would occur:
Fatal error: Unsupported operand types in
/var/www/html/w/includes/api/ApiUpload.php on line 408
Follow-up to
c9b5b3e988e3554c231860a2da587dff16b05e0c.
Change-Id: I613eed1f7429247fe46afa454d36f518f6a81ebe
jenkins-bot [Mon, 22 Aug 2016 19:03:41 +0000 (19:03 +0000)]
Merge "Avoid INSERT..SELECT in MovePage"
Florian [Wed, 27 Jul 2016 20:01:43 +0000 (22:01 +0200)]
Special:UserLogin: Don't show login button when not required
If no AuthenticationRequest requires a separate login button, it
shouldn'tbe visible. This is, for example, the case, when only
link providers are used, that require the user to redirect to a third
party site, as it usually just shows a single submit button.
In this case, the login button is still visible because of other additional
fields, such as the remember me button. This change checks each primary
authentication provider, if it provides its provide his own submit
button or not, and if so, removes the login button completely.
Bug: T141471
Change-Id: Ib18a69582cb3f79d438ab009d8755f0d5e415bcb
jenkins-bot [Mon, 22 Aug 2016 18:44:15 +0000 (18:44 +0000)]
Merge "Use newer transaction methods in BatchRowWriter"
Brad Jorsch [Mon, 22 Aug 2016 18:22:12 +0000 (14:22 -0400)]
API: Don't require 'users' parameter to contain all valid usernames
Instead, go back to validating the individual values so one invalid name
doesn't cause the whole module to error out. The code for that was all
still there, just unused since Ic67fb540.
Bug: T142895
Change-Id: Ia5eae51d69185580ac2c772afc198a92813e407a
jenkins-bot [Mon, 22 Aug 2016 18:08:16 +0000 (18:08 +0000)]
Merge "HTMLForm: Refactor loading of modules required to infuse fields"
jenkins-bot [Mon, 22 Aug 2016 18:05:01 +0000 (18:05 +0000)]
Merge "Fix IDEA warning in VirtualRESTServiceClient"
Gergő Tisza [Tue, 2 Aug 2016 00:59:41 +0000 (17:59 -0700)]
Make login/signup footer available to AuthChangeFormFields hook
Bug: T136727
Change-Id: Ia8b0f11d0e941fe27d22161b5609fa0600c7078a
Bartosz Dziewoński [Mon, 8 Aug 2016 19:40:12 +0000 (21:40 +0200)]
HTMLMultiSelectField: Add 'dropdown' option for 'mw-chosen' behavior and document
Previously, you could pass 'cssclass' => 'mw-chosen' in the form
descriptor for a 'multiselect' field, and it'd be automatically
converted to a text field with a dropdown allowing values to be
selected. This is not very intuitive (unless you know what the Chosen
library is) and was not documented anywhere except for release notes.
The new recommended and documented way to achieve this is by passing
'dropdown' => true. Old way is supported for backwards compatibility.
Also, add the 'jquery.chosen' module to the page server-side.
Change-Id: I3a025e1c3c7571e930a35e020d73d558fdc433d0
jenkins-bot [Mon, 22 Aug 2016 17:46:17 +0000 (17:46 +0000)]
Merge "Unset weird ancient WMF-specific shared upload settings"
jenkins-bot [Mon, 22 Aug 2016 17:41:34 +0000 (17:41 +0000)]
Merge "SpecialExport: Add 'hide-if' to form definition"
jenkins-bot [Mon, 22 Aug 2016 17:37:34 +0000 (17:37 +0000)]
Merge "Split DBLockManager classes into their own files"
Bartosz Dziewoński [Sun, 31 Jul 2016 14:56:23 +0000 (16:56 +0200)]
HTMLForm: Refactor loading of modules required to infuse fields
Rather than have a master list in autoinfuse.js (duplicated in
hide-if.js), we put this information in each field class and put it
in the generated HTML as a separate 'data-' attribute. This also
allows new fields defined by extensions to be correctly autoinfused.
Change-Id: I3da75706209cbc16b19cc3f02b355e58ca75fec9
Chad Horohoe [Mon, 22 Aug 2016 17:15:57 +0000 (10:15 -0700)]
Unset weird ancient WMF-specific shared upload settings
They won't work for anyone, not even WMF
Change-Id: I520f684fe833f0e1a9dc5b56d83366cb909fd480
Chad Horohoe [Mon, 22 Aug 2016 17:14:28 +0000 (10:14 -0700)]
Pingback: Tweak docs a tiny bit to point to mw.org better
Change-Id: Ia01380d6bb20cfb22b6cc3717ce530df87e0d42b
jenkins-bot [Mon, 22 Aug 2016 16:02:24 +0000 (16:02 +0000)]
Merge "Support 'hide-if' parameters in OOUI HTMLForm"
Bartosz Dziewoński [Sun, 31 Jul 2016 14:35:59 +0000 (16:35 +0200)]
SpecialExport: Add 'hide-if' to form definition
Change-Id: Ic03620849f863bc4e21347984f84c532c189c4ea
jenkins-bot [Mon, 22 Aug 2016 15:51:52 +0000 (15:51 +0000)]
Merge "mw.widgets.DateInputWidget: Fix label dimensions for Apex theme skins"
jenkins-bot [Mon, 22 Aug 2016 15:44:26 +0000 (15:44 +0000)]
Merge "jquery.makeCollapsible: Support for .mw-collapsible-toggle inside <li>"
Bartosz Dziewoński [Sat, 30 Jul 2016 23:19:26 +0000 (01:19 +0200)]
Support 'hide-if' parameters in OOUI HTMLForm
For plain HTML forms, we just put the required data in the 'data-hide-if'
attribute. For OOUI, it's not so easy - while we could just call
->setAttribute(...) on the FieldLayout, this would disappear when
infusing (since it's not part of the config), and we have no control over
when some piece of JavaScript decides to infuse the element. Even if we
managed to handle it first, infusing replaces the DOM nodes for elements
with new ones, which would "disable" our event handlers.
To solve this, I'm creating two new layouts HTMLFormFieldLayout and
HTMLFormActionFieldLayout (subclassing FieldLayout and ActionFieldLayout)
with a common trait (mixin) HTMLFormElement. This is all implemented both
in PHP and JS. Right now it only serves to carry the 'hide-if' data from
PHP to JS code, but I imagine it'll be extended in the future for other
HTMLForm features not yet present in the OOUI version (e.g. 'cloner'
fields).
The code in hide-if.js has been modified to work with jQuery objects or
with OOjs UI Widgets with minimal changes. I had to duplicate the map of
HTMLFormField classes to modules they require there (from autoinfuse.js),
which is ugly - I'm fixing this in a follow-up commit
I3da75706209cbc16b19cc3f02b355e58ca75fec9.
Bug: T141558
Change-Id: I3b06a6f75eed01d3e0bdc5dd33e1b40b7a2fc0a2
Victor Porton [Sat, 20 Aug 2016 20:13:27 +0000 (23:13 +0300)]
jquery.makeCollapsible: Support for .mw-collapsible-toggle inside <li>
Bug: T143484
Change-Id: Ib3480f543399c206e6ee7fc47ad7b22b9c2446b5
Volker E [Thu, 18 Aug 2016 22:44:33 +0000 (15:44 -0700)]
Add `.mw-ui-icon-small` to icon classes
Adding small icon class `.mw-ui-icon-small`. Also adapting documentation.
Change-Id: Ia140779d488dddf9014087e8d48852c8c53977e3
Aaron Schulz [Mon, 22 Aug 2016 03:03:17 +0000 (20:03 -0700)]
Use newer transaction methods in BatchRowWriter
Change-Id: I9f8c2576f511419e77e9b6f10c96a43e5d69704e
Kunal Mehta [Mon, 22 Aug 2016 02:17:01 +0000 (19:17 -0700)]
MWTimestamp: Allow providing a DateTime object directly
For cases where you already have a DateTime object on hand and want to
use MWTimestamp's formatting code. Since MWTimestamp stores DateTime
objects internally, just set it to the $timestamp member variable.
Change-Id: Ie60392e32743d4d082d2c9347ef68418d5eb86ad
Aaron Schulz [Sun, 21 Aug 2016 23:18:56 +0000 (16:18 -0700)]
Fix IDEA warning in VirtualRESTServiceClient
The value was overridden before usage.
Change-Id: If79890dd9a878358133882c41c5fd234ebed012c
Aaron Schulz [Sun, 21 Aug 2016 21:03:24 +0000 (14:03 -0700)]
Remove commit() hack from User::addToDatabase()
This is likely not needed anymore to avoid deadlocks anymore
as AuthManagar uses a lock in autoCreateUser() before hand.
Change-Id: I19ae6562011854495efcb0dd832b7ae99ebbb224