jenkins-bot [Mon, 3 Sep 2018 19:16:59 +0000 (19:16 +0000)]
Merge "Use PHP 7 '??' operator instead of '?:' (round 2)"
Bartosz Dziewoński [Mon, 3 Sep 2018 17:57:23 +0000 (19:57 +0200)]
Use PHP 7 '??' operator instead of '?:' (round 2)
A few issues have snuck in since I33b421c8cb11cdd4ce896488c9ff5313f03a38cf.
Change-Id: Ib75470a7a3c19e2d48f498b396eee6ed733690e4
petarpetkovic [Fri, 24 Aug 2018 22:37:07 +0000 (00:37 +0200)]
Remove jQuery.inArray usages
Replace jQuery.inArray with Array.prototype.indexOf.
Also enforce this via eslint rule.
Bug: T200877
Change-Id: Idbd06e6a1681300c4ab9142c7b57e4376f474041
jenkins-bot [Mon, 3 Sep 2018 06:33:29 +0000 (06:33 +0000)]
Merge "A major update to MessagesSah.php from HalanTul"
jhsoby [Thu, 23 Aug 2018 09:21:10 +0000 (11:21 +0200)]
Fix autonym for Armenian
The Armenian autonym should not have a capital
initial, as names of languages are not proper
nouns in that language.
Bug: T202611
Change-Id: I17cd8706f5fee2f39255c3407b758103e4cb5455
jenkins-bot [Sun, 2 Sep 2018 21:54:58 +0000 (21:54 +0000)]
Merge "Update documentation of getPageviewToken"
Amire80 [Fri, 20 Jul 2018 09:22:59 +0000 (11:22 +0200)]
A major update to MessagesSah.php from HalanTul
Change-Id: I598e131c1d6296615264254101860db77e790c4d
jenkins-bot [Sun, 2 Sep 2018 17:02:43 +0000 (17:02 +0000)]
Merge "RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section"
Zoranzoki21 [Fri, 31 Aug 2018 21:08:08 +0000 (21:08 +0000)]
Fix common typos in code
Bug: T201491
Change-Id: Id962b79f2590c51380cb977e727b7548abc11d33
T. Bayer [Sun, 2 Sep 2018 04:57:02 +0000 (21:57 -0700)]
Update documentation of getPageviewToken
Reflect the recent increase from 64 to 80 bits in generateRandomSessionId
Bug: T201124
Change-Id: I699067f6ae34632c690213930bc3bb7c52508112
Kunal Mehta [Tue, 28 Aug 2018 22:02:57 +0000 (15:02 -0700)]
Use PSR-4 autoloader for includes/auth/
Change-Id: I63dec06f231a57093086f129b3c1d0ebe1389bab
jenkins-bot [Sat, 1 Sep 2018 20:40:23 +0000 (20:40 +0000)]
Merge "Split AuthManagerAuthPluginUser into a separate file"
Translation updater bot [Sat, 1 Sep 2018 20:06:16 +0000 (22:06 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Idc19c609271bfddaf01ba676224307b58f1b186a
Timo Tijhof [Sat, 1 Sep 2018 19:50:15 +0000 (20:50 +0100)]
RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section
This was already used for external libraries. This commit
changes the order to be consistently 'New/Changed/Removed',
and adopts the pattern for configuration changes as well.
For improved scannability, the bullet points now start with
the name of the configuration setting(s), followed by a sentence,
with an optional ticket in brackets after the sentence(s).
* A number of bullet points under "Configuration changes" were
in fact, not configuration changes. These have been moved to
"New features" or "Other changes" for now.
* Add mention of the relevant configuration variable to some
of the release notes: $wgTidyDriver, `watchlistdays`,
$wgGroupPermissions, $wgGroupPermissions.
Also fix ReleaseNotesTest to count characters, not bytes,
this was causing it to count – as two, and € as three.
Change-Id: Ie89dac6408f8a8dafbf59efe73a11f4d282c0c6b
jenkins-bot [Sat, 1 Sep 2018 19:56:33 +0000 (19:56 +0000)]
Merge "Drop the transcache table from the schema"
jenkins-bot [Sat, 1 Sep 2018 18:32:52 +0000 (18:32 +0000)]
Merge "Add taint annotation and warnings to Language::convert() et al"
Brian Wolff [Sat, 1 Sep 2018 08:25:37 +0000 (08:25 +0000)]
Add taint annotation and warnings to Language::convert() et al
If you feed this method unescaped data, it can cause later calls
to be an XSS, which is something I think deserves a warning.
Bug: T202571
Change-Id: I34cb3da9232a22defffb80466263c2f2233822ef
jenkins-bot [Sat, 1 Sep 2018 11:08:26 +0000 (11:08 +0000)]
Merge "Add a hook to allow changing the query of Special:AncientPages in extensions"
Aaron Schulz [Tue, 28 Aug 2018 17:44:03 +0000 (10:44 -0700)]
Drop the transcache table from the schema
Bug: T189702
Change-Id: I3286a99165953392126fcff07d565738863de6a1
jenkins-bot [Sat, 1 Sep 2018 00:38:48 +0000 (00:38 +0000)]
Merge "mediawiki.user: Fix missing array initialization in generateRandomSessionId"
Timo Tijhof [Fri, 31 Aug 2018 19:44:17 +0000 (20:44 +0100)]
mediawiki.user: Fix missing array initialization in generateRandomSessionId
Array was not properly initialized and thus browsers
that do not support Crypto API where displaying an error
on console.
The tests failed to catch this because assigning window.crypto
to `undefined` does not work (it is a read-only property). This
"fallback" test was actually testing the regular Crypto-based path
a second time.
Bug: T203275
Co-Authored-By: Timo Tijhof <krinklemail@gmail.com>
Change-Id: I8feecddf0878a739e560085f7897ebc3d8100c02
jenkins-bot [Fri, 31 Aug 2018 21:39:32 +0000 (21:39 +0000)]
Merge "Expand special page aliases for Serbian"
jenkins-bot [Fri, 31 Aug 2018 21:00:13 +0000 (21:00 +0000)]
Merge "resources: Use official SRI metadata for qunitjs"
jenkins-bot [Fri, 31 Aug 2018 20:42:43 +0000 (20:42 +0000)]
Merge "Fix wfDebug() test so that it works with overridden SPI"
L10n-bot [Fri, 31 Aug 2018 19:55:15 +0000 (19:55 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Fri, 31 Aug 2018 19:55:05 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ic81e27c4502c3ec52beef3936dd5d9b509c98c1a
Brian Wolff [Fri, 31 Aug 2018 19:32:46 +0000 (19:32 +0000)]
Add taint annotation to HtmlForm::getHTML()
This is to help AbuseFilter pass phan-taint-check.
Change-Id: I73a6a626337037f6b0cee04b0afb5a59907d3be6
Timo Tijhof [Fri, 31 Aug 2018 19:32:16 +0000 (20:32 +0100)]
resources: Use official SRI metadata for qunitjs
When originally added last week, only /jquery/ had SRI metadata
published. The /qunit/ page template on the jQuery CDN wasn't
displaying the SRI metadata, so we generated our own for the time
being. This is now fixed upstream, which makes the hashes easier
to verify.
Change-Id: I922af4a46887f22b6791d5799c87f71ddae40b91
jenkins-bot [Fri, 31 Aug 2018 19:14:13 +0000 (19:14 +0000)]
Merge "Change @return-taint to use onlysafefor_html instad of escapes_html"
jenkins-bot [Fri, 31 Aug 2018 18:53:44 +0000 (18:53 +0000)]
Merge "Use annotations for taint in Parser & ParserOutput."
jenkins-bot [Fri, 31 Aug 2018 17:39:51 +0000 (17:39 +0000)]
Merge "Title: Fix isRawHtmlMessage() for messages with underscores"
Kunal Mehta [Tue, 28 Aug 2018 19:47:49 +0000 (12:47 -0700)]
Title: Fix isRawHtmlMessage() for messages with underscores
Title::getRootText() uses the text form (spaces) of the title, while
$wgRawHtmlMessages was specifying them in dbkey form (underscores).
And add tests while we're at it. Which spotted that the existing
code didn't work. Whoops. Fixed.
Change-Id: I05eea553c588e0f99f862e07ad15386507ed0728
jenkins-bot [Fri, 31 Aug 2018 16:41:15 +0000 (16:41 +0000)]
Merge "resourceloader: Use 'this' to access the mw.loader.store internally"
jenkins-bot [Fri, 31 Aug 2018 15:56:41 +0000 (15:56 +0000)]
Merge "resourceloader: Remove redundant '!!' from startup.js"
Brian Wolff [Fri, 31 Aug 2018 15:55:44 +0000 (15:55 +0000)]
Use annotations for taint in Parser & ParserOutput.
This replaces the builtin taints that are removed in
Ic1e1983a51c. Additionally, parse will no longer warn about
double escaping - there's many situations where such warnings
are wrong (e.g. Using Html::rawElement()). However this also
means that Parser::parse( wfMessage( 'foo' )->parse() ); will
no longer give a double escaping warning, which is unfortunate.
Bug: T202380
Change-Id: Ia52d37411beb62b112c6ff102438063c3d750769
Agabi10 [Thu, 30 Aug 2018 13:35:44 +0000 (13:35 +0000)]
Add a hook to allow changing the query of Special:AncientPages in extensions
Bug: T76287
Change-Id: I6aa4d8e6140d405476a6f480156f24f2c05019cb
jenkins-bot [Fri, 31 Aug 2018 12:44:54 +0000 (12:44 +0000)]
Merge "Minor cleanup in backup test cases"
jenkins-bot [Fri, 31 Aug 2018 11:38:15 +0000 (11:38 +0000)]
Merge "Make HTML generation in RenderedRevision optional"
jenkins-bot [Fri, 31 Aug 2018 11:38:10 +0000 (11:38 +0000)]
Merge "Add test for {{subst:REVISIONUSER}}"
jenkins-bot [Fri, 31 Aug 2018 11:25:15 +0000 (11:25 +0000)]
Merge "[MCR] Introduce RevisionRenderer"
daniel [Fri, 31 Aug 2018 10:49:19 +0000 (12:49 +0200)]
Add test for {{subst:REVISIONUSER}}
This tests that revision meta-data is available for Pre-Save Transform.
Change-Id: I62f73ea24784b539cdf8229aeb1f8efa62631248
daniel [Mon, 13 Aug 2018 20:33:31 +0000 (22:33 +0200)]
Make HTML generation in RenderedRevision optional
This allows optimization for situations in which a caller
needs the meta-data of a ParserOutput, and the respective
ContentHandler can provide that meta-data without generating
HTML output.
Bug: T194048
Change-Id: I786d294d18a6a2e3cea61577313e21b578c44f1e
Brian Wolff [Fri, 31 Aug 2018 09:47:24 +0000 (09:47 +0000)]
Change @return-taint to use onlysafefor_html instad of escapes_html
This prevents some double escaped warnings. Requires
I2f4e33656b9f94 to be effective. Follow up
faf2e14517b05f8.
Change-Id: I255c96592f3baff2df34e07c81510c8874908e28
Bug: T202797
Tim Starling [Fri, 31 Aug 2018 00:45:34 +0000 (10:45 +1000)]
Fix wfDebug() test so that it works with overridden SPI
Fix testDebugFunctionTest() so that it works when LocalSettings.php
sets $wgMWLoggerDefaultSpi
Change-Id: I5e573b0ce1ce037c3505d3b44d9710395c9af8d6
Kunal Mehta [Fri, 31 Aug 2018 04:46:10 +0000 (21:46 -0700)]
Set @param-taint for Parser::internalParse()
This is not strictly accurate, because Parser::internalParse() actually
returns half-parsed HTML, which is not safe for output. But it is safe for
output from a parser tag.
Maybe phan-taint-check plugin needs to learn about half-parsed HTML as an
extra taint type, and make that an acceptable thing for parser tags to return,
but not other things.
But this fixes the failures for the Listings extension, so I think it's
worthwhile in the meantime.
Change-Id: Idf87f5c3dcf81dd210de73a4ff15e3b1aabd9f89
daniel [Fri, 31 Aug 2018 04:30:22 +0000 (14:30 +1000)]
Minor cleanup in backup test cases
Change-Id: Iab2ad5a19b32cd32c2ea9c9dd0b589428056c86d
Timo Tijhof [Fri, 31 Aug 2018 02:21:25 +0000 (03:21 +0100)]
resourceloader: Use 'this' to access the mw.loader.store internally
Shorter and more intuitive. All of these functions are always
called as methods on the mw.loader.store objects, not detached.
Change-Id: If26851eac1530f023228897392c5067c6e8927af
Timo Tijhof [Fri, 31 Aug 2018 01:50:40 +0000 (02:50 +0100)]
resourceloader: Remove redundant '!!' from startup.js
The outer expression already casts the result to a boolean.
Unit tests in startup.test.js also strictly assert that the
returned values are boolean.
Change-Id: I5709fcd0184b99d289b9cdfeccf8afa960806d59
jenkins-bot [Fri, 31 Aug 2018 00:48:34 +0000 (00:48 +0000)]
Merge "Allow tests to run with a non-writable source tree"
jenkins-bot [Thu, 30 Aug 2018 21:36:47 +0000 (21:36 +0000)]
Merge "resourceloader: Remove selective build optimisation from getModuleContent()"
Timo Tijhof [Thu, 30 Aug 2018 01:42:24 +0000 (02:42 +0100)]
resourceloader: Remove selective build optimisation from getModuleContent()
This follows
5ddd7f91c7, which factored out response building
from ResourceLoader.php to ResourceLoaderModule::buildContent.
As optimisation, I made this method only return the array keys
needed for the current response; based $context->getOnly().
The reason for this refactoring was the creation of the
'enableModuleContentVersion' option to getVersionHash(), which
would use this method to create a module response, and hash it.
During the implementation of that option, I ran into a problem.
getVersionHash() is called by the startup module for each
registered module, to create the manifest. The context for the
StartupModule request itself has "only=scripts". But, we must
still compute the version hashes for whole modules, not just
their scripts.
I worked around that problem in
aac831f9fa by creating a mock
context in getVersionHash() that stubs out the 'only' parameter.
This worked, but made the assumption that the scripts and styles
of a module cannot differ based on the 'only' parameter.
This assumption was wrong, because the 'only' parameter is part
of ResourceLoaderContext and available to all getters to vary on.
Fortunately, the 'enableModuleContentVersion' option is off by
default and nobody currently using it was differing its output
by the 'only' parameter.
I intend to make use of the 'enableModuleContentVersion' option
in StartupModule to fix T201686. And StartupModule outputs a
manifest if the request specifies only=scripts, and outputs
a warning otherwise. As such, it cannot compute its version
if the 'only' parameter is stubbed out.
* Remove the 'only' parameter stubbing.
* Remove the selective building from the buildContent() method.
This was not very useful because we need to build the whole
module regardless when computing the version.
As benefit, this means the in-process cache is now shared between
the call from getVersionHash and the call from makeModuleResponse.
Bug: T201686
Change-Id: I8a17888f95f86ac795bc2de43086225b8a8f4b78
Translation updater bot [Thu, 30 Aug 2018 20:06:08 +0000 (22:06 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I5515e9768e1b1348f2983ed0fa8d6475f49110da
daniel [Tue, 7 Aug 2018 16:52:40 +0000 (18:52 +0200)]
[MCR] Introduce RevisionRenderer
RevisionRenderer is the MCR replacement for Content::getParserOutput,
as outlined in <https://www.mediawiki.org/wiki/User:Daniel_Kinzler_(WMDE)/MCR-PageUpdater>.
Note: This change also introduces quite a bit of code for
merging ParserOutput objects.
Bug: T194048
Change-Id: I871978bf79f67c9e7954fb3fc8528d6e365f2cc1
jenkins-bot [Thu, 30 Aug 2018 15:41:41 +0000 (15:41 +0000)]
Merge "Selenium: selenium-daily NPM script"
Kunal Mehta [Thu, 30 Aug 2018 05:08:32 +0000 (22:08 -0700)]
Linker: Add @return-taint for formatLinksInComment()
Works around a false positive in the phan-taint-check-plugin.
Bug: T202797
Change-Id: If7c9e729ca7624b3f791fe01d0b768791657277b
Kunal Mehta [Thu, 30 Aug 2018 05:06:39 +0000 (22:06 -0700)]
Document expected input and return value for Language::convert()
Bug: T202571
Change-Id: I1598f8a83d9cb2ab9d9e9ba96acd90f70edd59ad
jenkins-bot [Thu, 30 Aug 2018 02:54:03 +0000 (02:54 +0000)]
Merge "Fix some warnings from phan-taint-check"
jenkins-bot [Thu, 30 Aug 2018 02:43:59 +0000 (02:43 +0000)]
Merge "EditPage: Allow summary=0 in URL parameter"
jenkins-bot [Thu, 30 Aug 2018 01:01:13 +0000 (01:01 +0000)]
Merge "resourceloader: Refuse to preview content with </script>"
jenkins-bot [Thu, 30 Aug 2018 01:01:04 +0000 (01:01 +0000)]
Merge "Html: Reject </script> from inlineScript() and leave rest unescaped"
Tim Starling [Thu, 30 Aug 2018 00:48:50 +0000 (10:48 +1000)]
Allow tests to run with a non-writable source tree
It's insecure to allow apps to modify their own source, that's how file
write vulnerabilities escalate to code execution.
Change-Id: I0f79b2b7c7502405a62dcb176d8be4633ce4eda5
James D. Forrester [Wed, 29 Aug 2018 23:31:09 +0000 (16:31 -0700)]
resources: Deprecate jquery.localize, long-replaced by jquery.i18n
Bug: T202154
Change-Id: I2548880987145d41f6a0c6fa7466fb6405e1c5a1
Timo Tijhof [Mon, 20 Aug 2018 00:14:46 +0000 (01:14 +0100)]
resourceloader: Refuse to preview content with </script>
Bug: T200506
Change-Id: I4ab5fbb0f5413aad24360169ba635672ce8d9c8e
Timo Tijhof [Mon, 20 Aug 2018 00:42:15 +0000 (01:42 +0100)]
Html: Reject </script> from inlineScript() and leave rest unescaped
There are three problems with the CDATA approach:
1. It doesn't work.
HTML5 already interprets the contents of <script> tags as CDATA,
which means escaping of characters like & is not needed. In fact,
in HTML5 mode, a plain script tag with <script>0&1;</script>
would be a syntax error. Indicating it is not interpreted as
text, but as CDATA. Effectively, the only thing an HTML parser
looks for is </script>.
And that's exactly the problem. Producing an inline script
containing the characters "</string>" for legitimate reasons,
is currently broken.
No alternate wrapping or setting can make it work, either.
See also:
https://people.wikimedia.org/~krinkle/200506-html-inlinescript.html
which contains:
<script>/*<![CDATA[*/
if (true && true) {
console.log('This is a <script></script> tag (original)');
}
/*]]>*/</script>
In a browser, the script is terminated by the first "</script>",
leaving the code unfinished, throwing a SyntaxError, and outputting
the rest of the script as plain text on the page.
2. CDATA is only for XML mode, whereas MediaWiki does not support
the XML/XHTML output mode (since MediaWiki 1.22). Instead, we only
output HTML (5). Code that does need to produce XML, should use the
class from Xml.php instead.
3. It gives a false sense of security.
We could just remove the CDATA code as-is and that in itself would be an
improvement per point 2 and 3, and would break nothing per point 1.
However, this commit attempts to address the underlying bug by rejecting
the characters "</script>" from input. If this is needed in a literal,
it is the responsibility of the caller to escape it in a way that is
appropiate for how it is used (string, comment, regex, etc.).
There are two ways this can be used currently in core:
* User input as exported through JSON (e.g. mw.config, or mw.messages).
This is already fine as both FormatJson::encode and json_encode handle
escape either < or / in the string by default already.
* Previews of edits to user scripts. This is currently already broken and
causes the script to end early and produce arbitrary HTML on the page.
This commit limits the impact by refusing to output such script in a
broken way. I will further address that use case in a follow-up.
Bug: T200506
Change-Id: I67ceb34eabf2f62fd3f3841b8f1459289fad28fb
jenkins-bot [Wed, 29 Aug 2018 21:49:35 +0000 (21:49 +0000)]
Merge "jobqueue: Use explicit retry when refreshLinks can't get a lock"
jenkins-bot [Wed, 29 Aug 2018 21:49:29 +0000 (21:49 +0000)]
Merge "Add code to read from ct_tag_id in ChangeTags"
jenkins-bot [Wed, 29 Aug 2018 20:42:15 +0000 (20:42 +0000)]
Merge "HTMLForm: Deprecate parameters 'notice', 'notice-messages', 'notice-message'"
jenkins-bot [Wed, 29 Aug 2018 20:37:32 +0000 (20:37 +0000)]
Merge "sitemaps: absolute URL for sitemaps"
Ian Marlier [Wed, 29 Aug 2018 18:02:23 +0000 (14:02 -0400)]
sitemaps: absolute URL for sitemaps
Google, at least, considers sitemap indexes that provide relative URLs
as being broken.
Bug: T202321
Change-Id: I5509be4b165eea9eca36e3f4975f87285ef87911
Bartosz Dziewoński [Fri, 17 Aug 2018 21:04:57 +0000 (23:04 +0200)]
HTMLForm: Deprecate parameters 'notice', 'notice-messages', 'notice-message'
Bug: T197179
Change-Id: I603436e0720fdc0f08f35f3c0630b79865a9c82a
Translation updater bot [Wed, 29 Aug 2018 19:56:11 +0000 (21:56 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I524cbcfe3d8d65c89ba38d60f7320304316ceede
Amir Sarabadani [Sat, 11 Aug 2018 18:34:27 +0000 (20:34 +0200)]
Add code to read from ct_tag_id in ChangeTags
Bug: T194162
Change-Id: I6c9e0c94cdd46fe46ccaf7feb78889f4ab5995f2
jenkins-bot [Wed, 29 Aug 2018 16:25:22 +0000 (16:25 +0000)]
Merge "Apply content wrapping in ParserOutput::getText()"
jenkins-bot [Wed, 29 Aug 2018 15:29:21 +0000 (15:29 +0000)]
Merge "Add tests for article viewing"
daniel [Tue, 28 Aug 2018 16:48:10 +0000 (18:48 +0200)]
Apply content wrapping in ParserOutput::getText()
Instead of applying wrapping the the parser and unwrapping in
ParserOutput::getText(), turn this around and apply wrapping in getText(),
and only if desired.
This avoids search&replace logic for unwrapping, and it also makes it a lot
easier to merge the output of multiple slots for MCR output.
This changes behavior in two hopefully irrelevant ways:
1) the limit report comments will be inside the wrapper div, instead of
following it.
2) if HTML with a wrapper div is explicitly injected into a ParserOutput
object, it will not be possible to unwrap the text.
Bug: T174035
Change-Id: I1641b7995af9bd297f1acd610d583fbf874f34e0
jenkins-bot [Wed, 29 Aug 2018 13:07:00 +0000 (13:07 +0000)]
Merge "Use "break" instead of "continue""
Željko Filipin [Wed, 29 Aug 2018 12:58:04 +0000 (14:58 +0200)]
Selenium: selenium-daily NPM script
selenium-daily just calls selenium-test. It's needed for daily Jenkins job targeting
beta cluster. The script might seem redundant, but it provides flexibility. In case
a repository does not want to run all tests daily, that's easily fixed by updating
the the script.
Bug: T188742
Change-Id: Idf86f94cc31abda4bfcdc1ac4eba29206d9c91f9
jenkins-bot [Wed, 29 Aug 2018 10:34:52 +0000 (10:34 +0000)]
Merge "resourceloader: Remove unused static SkinModule::getLogo method"
jenkins-bot [Wed, 29 Aug 2018 10:06:07 +0000 (10:06 +0000)]
Merge "Install giorgiosironi/eris as require-dev"
jenkins-bot [Wed, 29 Aug 2018 01:22:22 +0000 (01:22 +0000)]
Merge "resourceloader: Audit use of JSON encoding and use json_encode directly"
jenkins-bot [Wed, 29 Aug 2018 01:16:33 +0000 (01:16 +0000)]
Merge "Remove support for StartProfiler.php"
Timo Tijhof [Thu, 16 Aug 2018 19:48:59 +0000 (20:48 +0100)]
resourceloader: Audit use of JSON encoding and use json_encode directly
* Remove use of MediaWiki's FormatJson class. Ref T32956.
* FormatJson::decode() was a direct alias of json_decode.
* FormatJson::encode() is a wrapper for json_encode that
sets `JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP`
by default, plus a boolean parameter to add JSON_PRETTY_PRINT.
Instead, use json_encode() directly. By default json_encode() escapes
slashes and non-ASCII unicode.
* Audit our uses of JSON encoding, document their needs, and set flags
as needed.
* Remove $mapToJson abstraction from ResourceLoaderStartUpModule.
* Always pretty-print the list of module names in the error message,
regardless of debug mode.
* Remove hacky indentation-adder from ResourceLoaderStartUpModule.
This was relying on there not being line breaks in the json output
outside debug mode, and adding a level of indentation to roughly
match the code in the JSON is substituted. This didn't match and
just generally doesn't seem worth it.
Change-Id: I3e09ddeb4d53c8980195c1855303c0ee25bd4c20
jenkins-bot [Tue, 28 Aug 2018 23:07:00 +0000 (23:07 +0000)]
Merge "resourceloader: Move logo preload from OutputPage to SkinModule"
Timo Tijhof [Mon, 20 Aug 2018 23:58:41 +0000 (00:58 +0100)]
resourceloader: Remove unused static SkinModule::getLogo method
This existed for internal use by OutputPage, which is no longer
the case as of I11b390f2e4f5e7db.
Also move the unit tests from OutputPageTest,
to ResourceLoaderSkinModuleTest.
Change-Id: I8b23f976f5f89b1005b387a827f75031f5c96141
Kunal Mehta [Tue, 28 Aug 2018 22:00:08 +0000 (15:00 -0700)]
Split AuthManagerAuthPluginUser into a separate file
Change-Id: I22d2bf9514caf717a5d949bed425de1376670d3e
jenkins-bot [Tue, 28 Aug 2018 21:55:00 +0000 (21:55 +0000)]
Merge "resourceloader: Remove checkCssHandles for modules without styles"
jenkins-bot [Tue, 28 Aug 2018 21:44:31 +0000 (21:44 +0000)]
Merge "Notifications: Note that the ID is unnecessary and deprecated"
Timo Tijhof [Tue, 28 Aug 2018 21:14:25 +0000 (22:14 +0100)]
jobqueue: Use explicit retry when refreshLinks can't get a lock
While RefreshLinksJob is de-duplicated by page-id, it is possible
for two jobs to run for the same page ID if the second one was queued
after the first one started running. In that case they the newer
one must not be skipped or ignored because it will have newer
information to record to the database, but it also has no way
to stop the old one, and we can't run them concurrently.
Instead of letting the lock exception mark the job as error,
making it implicitly retry, do this more explicitly, which avoids
logspam.
Bug: T170596
Co-Authored-By: Aaron Schulz <aschulz@wikimedia.org>
Change-Id: Id2852d73d00daf83f72cf5ff778c638083f5fc73
jenkins-bot [Tue, 28 Aug 2018 20:30:02 +0000 (20:30 +0000)]
Merge "maintenance: Implement 'file' type and use for jquery and qunitjs"
jenkins-bot [Tue, 28 Aug 2018 20:25:12 +0000 (20:25 +0000)]
Merge "maintenance: Add 'verify' action to manageForeignResources.php"
jenkins-bot [Tue, 28 Aug 2018 20:25:06 +0000 (20:25 +0000)]
Merge "registration: Short-circuit if dependency constraint is '*'"
Translation updater bot [Tue, 28 Aug 2018 19:58:30 +0000 (21:58 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I03f7833c356f02d665983839012db274c4548b4a
Kunal Mehta [Tue, 28 Aug 2018 19:29:04 +0000 (12:29 -0700)]
registration: Short-circuit if dependency constraint is '*'
Most extensions depend upon any version of other extensions/skins since
versioning is pretty inconsistent. Since '*' is so commonly used, explicitly
short-circuit that constraint since we only need to check whether the
dependency is loaded.
Bug: T198044
Change-Id: I5526c8068d3b9a6ee5ca71ea6bdbcd693f1ffb7a
Aaron Schulz [Tue, 28 Aug 2018 17:28:45 +0000 (10:28 -0700)]
Update $wgTranscludeCacheExpiry comment
Change-Id: Ic1f20c072174732f7fd8ecab9d366125d6f0c2d2
daniel [Thu, 16 Aug 2018 15:45:10 +0000 (17:45 +0200)]
Add tests for article viewing
Bug: T174035
Change-Id: I06dc78853169812b17e0bde733d9306ccd687564
Ed Sanders [Tue, 28 Aug 2018 14:50:14 +0000 (15:50 +0100)]
Notifications: Note that the ID is unnecessary and deprecated
Change-Id: I30a3a2bd0dce6391dc075807ffbfdf6fef49d88d
jenkins-bot [Tue, 28 Aug 2018 09:47:04 +0000 (09:47 +0000)]
Merge "Improve logging in MediaWikiTestCase"
jenkins-bot [Tue, 28 Aug 2018 09:39:15 +0000 (09:39 +0000)]
Merge "Set migration stages in RevisionStoreDbTestBase"
Pablo Grass [Mon, 27 Aug 2018 11:24:34 +0000 (13:24 +0200)]
Install giorgiosironi/eris as require-dev
Eris is a porting of QuickCheck and property-based testing tools to
the PHP and PHPUnit ecosystem.
It is used in WikibaseLexeme to generate inputs for tests cases.
These tests are skipped if the library is not present.
T188354 / Iba3da2820262ca8a879780ee7848cfc831df28b5 removed the
extension-specific phpunit run from composer scripts.
Due to the unavailability of eris in core composer, and the fact that
the composer merge plugin does not install require-dev of extensions,
all eris-based tests have been skipped since (2018-02-17).
Change-Id: I3909fb34025d9a9e07ccd6c85b30c34144714d04
jenkins-bot [Tue, 28 Aug 2018 07:22:19 +0000 (07:22 +0000)]
Merge "Replace underscores with spaces in DeletedContribs form"