jenkins-bot [Mon, 21 Nov 2016 20:41:36 +0000 (20:41 +0000)]
Merge ".mailmap: Correct typos in introduction"
Bartosz Dziewoński [Fri, 18 Nov 2016 14:39:00 +0000 (15:39 +0100)]
SpecialActiveUsers: Allow excluding groups too
Also restore support for old 'hidebots' and 'hidesysops' options.
Bug: T116354
Change-Id: I68887509c3dbf74598a1af82623b9f0f5a1ab43d
Bartosz Dziewoński [Mon, 21 Nov 2016 14:48:24 +0000 (15:48 +0100)]
.mailmap: Correct typos in introduction
Change-Id: Ib37b486639ab43aeb158b7ff36cecdff8fd0e571
addshore [Sat, 19 Nov 2016 11:49:55 +0000 (11:49 +0000)]
Remove unused MediaWikiTestCaseTest::GLOBAL_KEY_NONEXISTING
Follow up to I6a1cf9a2e436978a6068cecdaf74aa58b31100ab
d544acdbbb71f07debba996cb5d8ff4c01d1430d
Change-Id: Ifaa8808aa4df72fbface99cc625bdaaba6e9b087
Reedy [Mon, 21 Nov 2016 02:43:50 +0000 (02:43 +0000)]
registration: FileExtensions should be an array, not an object
Change-Id: Iff44a4c241ab953906a7b0611f09e66856b1f7dc
Translation updater bot [Sun, 20 Nov 2016 20:57:44 +0000 (21:57 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I00eb99c8834b2e77cd753437444048939910d4cf
Translation updater bot [Sat, 19 Nov 2016 20:54:08 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Idc1396aa25ce815c796598f4d889a1c2a1972416
jenkins-bot [Sat, 19 Nov 2016 00:41:15 +0000 (00:41 +0000)]
Merge "mw.loader: Use for-loop instead of $.each()"
jenkins-bot [Sat, 19 Nov 2016 00:14:19 +0000 (00:14 +0000)]
Merge "resourceloader: Remove unused getPosition() code"
jenkins-bot [Fri, 18 Nov 2016 22:53:48 +0000 (22:53 +0000)]
Merge "content: Use Language::factory( 'en' ) instead of wfGetLangObj( 'en' )"
Fomafix [Mon, 14 Dec 2015 17:34:10 +0000 (17:34 +0000)]
content: Use Language::factory( 'en' ) instead of wfGetLangObj( 'en' )
'en' is a static value so wfGetLangObj always calls Language::factory.
Change-Id: I22df4f7321ffa3e62a552bd2f449bf27feb5c042
jenkins-bot [Fri, 18 Nov 2016 21:56:35 +0000 (21:56 +0000)]
Merge "Remove last remnants of pre-1.16 live preview"
Timo Tijhof [Fri, 18 Nov 2016 21:18:43 +0000 (13:18 -0800)]
mw.loader: Use for-loop instead of $.each()
Change-Id: Iec632e90062f611add7b16b2f6f8fe839361be62
jenkins-bot [Fri, 18 Nov 2016 21:14:47 +0000 (21:14 +0000)]
Merge "Add 'tests' testsuite"
jenkins-bot [Fri, 18 Nov 2016 21:09:35 +0000 (21:09 +0000)]
Merge "Allow stashing of unset globals in MWTestCase"
jenkins-bot [Fri, 18 Nov 2016 21:00:44 +0000 (21:00 +0000)]
Merge "Add $specialPageAliases for Bengali (bn)"
Translation updater bot [Fri, 18 Nov 2016 20:52:59 +0000 (21:52 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Ibcd3105fe50f948278e7b039c9140e896f01b700
addshore [Fri, 18 Nov 2016 19:25:47 +0000 (19:25 +0000)]
Add 'tests' testsuite
This also fixed the testLoggersAreRestoredOnTearDown
test which was broken, and factors it out into
3 seperate tests
Bug: T151081
Change-Id: I00d29b501fa84db22e3bcd3d5642c49b2e99d4a0
jenkins-bot [Fri, 18 Nov 2016 19:21:05 +0000 (19:21 +0000)]
Merge "Make insertRedirectEntry() use upsert() to reduce contention"
jenkins-bot [Fri, 18 Nov 2016 19:14:27 +0000 (19:14 +0000)]
Merge "Rename getSlaveDB() FileRepo method to getReplicaDB()"
Aaron Schulz [Thu, 10 Nov 2016 21:32:48 +0000 (13:32 -0800)]
Make insertRedirectEntry() use upsert() to reduce contention
Bug: T150453
Change-Id: I89705b954d5ddaf337e57fcfd02691edaa32ec83
Timo Tijhof [Mon, 7 Nov 2016 23:47:39 +0000 (23:47 +0000)]
resourceloader: Remove unused getPosition() code
Unused as of
bc374082fa (T109837).
Change-Id: I1d8f7109bbe49700f1824fdce0439e958e84f6fa
jenkins-bot [Fri, 18 Nov 2016 18:41:16 +0000 (18:41 +0000)]
Merge "Add 'autocomplete' option to HTMLTextField"
jenkins-bot [Fri, 18 Nov 2016 18:28:56 +0000 (18:28 +0000)]
Merge "Add hooks to Special:TrackingCategories"
Aaron Schulz [Fri, 18 Nov 2016 15:42:39 +0000 (07:42 -0800)]
Rename getSlaveDB() FileRepo method to getReplicaDB()
The old name is left as an alias.
Change-Id: I60ab2cd5ce05df4247d5e25b017d2debee56554e
addshore [Fri, 18 Nov 2016 13:55:21 +0000 (13:55 +0000)]
Allow stashing of unset globals in MWTestCase
Change-Id: I6a1cf9a2e436978a6068cecdaf74aa58b31100ab
jenkins-bot [Fri, 18 Nov 2016 09:35:30 +0000 (09:35 +0000)]
Merge "mw.loader: For using() errors, reject Promise instead of throwing"
Reedy [Thu, 17 Nov 2016 22:36:09 +0000 (22:36 +0000)]
registration: Set "FileExtensions" to $GLOBALS
Change-Id: Ie52004d25ebc06c81cd7d8d7de60479ff365ccea
Reedy [Mon, 31 Oct 2016 17:12:56 +0000 (17:12 +0000)]
registration: Support setting $wgPasswordPolicy in extension.json
Bug: T149597
Change-Id: I56c0b8932fcd42ec9b748529daa32a998fb19bf8
jenkins-bot [Thu, 17 Nov 2016 21:15:28 +0000 (21:15 +0000)]
Merge "eslint: Re-enable valid-jsdoc and make a pass"
Timo Tijhof [Thu, 17 Nov 2016 20:59:09 +0000 (12:59 -0800)]
mw.loader: For using() errors, reject Promise instead of throwing
The "Unknown module" and "Circular dependency" errors both come from the
resolve() function. Add a try/catch around that and reject the promise
if caught.
Bug: T131612
Change-Id: I900909cd00df6a51f3bf1f3df91bdb610c11c446
Ed Sanders [Wed, 16 Nov 2016 13:02:22 +0000 (13:02 +0000)]
eslint: Re-enable valid-jsdoc and make a pass
Change-Id: I5c3c942d5a9c51628619227c4bbaefd1d92a842d
Translation updater bot [Thu, 17 Nov 2016 21:03:19 +0000 (22:03 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I043af13a04eda33e421557da4766fc1d898ea508
Gergő Tisza [Thu, 17 Nov 2016 18:39:23 +0000 (18:39 +0000)]
Add 'autocomplete' option to HTMLTextField
Adds support for the 'autocomplete' HTML attribute to HTMLTextField
(mainly for turning it off, but other values are supported as well).
Renames 'autocomplete' to 'autocomplete-data' (with temporary B/C)
in HTMLAutoCompleteSelectField to make space.
Change-Id: Ic0539d5a61d9862e670d10686adc1e41f65d908e
jenkins-bot [Thu, 17 Nov 2016 14:27:07 +0000 (14:27 +0000)]
Merge "resourceloader: Remove top/bottom queue distinction"
jenkins-bot [Thu, 17 Nov 2016 08:46:19 +0000 (08:46 +0000)]
Merge "Add GENDER support for "you are blocked" messages in ChangeTags"
jenkins-bot [Thu, 17 Nov 2016 06:43:37 +0000 (06:43 +0000)]
Merge "Use different varname for upgraded hash from original hash"
jenkins-bot [Thu, 17 Nov 2016 01:46:03 +0000 (01:46 +0000)]
Merge "resourceloader: Add tests to verify empty string works"
Timo Tijhof [Thu, 17 Nov 2016 01:15:04 +0000 (17:15 -0800)]
resourceloader: Add tests to verify empty string works
It's not explicitly supported anywhere, but I don't see a point in explicitly
disallowing it. Add unit tests to verify that this works.
Bug: T28804
Change-Id: I876ac43885bb27da54ef6e59b6416868ff636b84
jenkins-bot [Thu, 17 Nov 2016 01:12:06 +0000 (01:12 +0000)]
Merge "Fix UserTest case that was missing a cache purge"
Aaron Schulz [Thu, 17 Nov 2016 00:38:09 +0000 (16:38 -0800)]
Fix UserTest case that was missing a cache purge
The process cache is based on blind-TTL, so purge it to
test the persistent cache properly.
Change-Id: I8ee78a1e73bf5164e74b1e8a23559c2e91bba6dd
jenkins-bot [Thu, 17 Nov 2016 00:31:48 +0000 (00:31 +0000)]
Merge "Skin: Reduce database queries for footer links on every page"
jenkins-bot [Wed, 16 Nov 2016 21:25:56 +0000 (21:25 +0000)]
Merge "Password list only has 10,000 passwords, not 50k"
Translation updater bot [Wed, 16 Nov 2016 21:10:52 +0000 (22:10 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I50135dc784bb7e110e08f5216db755a4c052ae05
Reedy [Wed, 16 Nov 2016 21:09:11 +0000 (21:09 +0000)]
Password list only has 10,000 passwords, not 50k
Follows up I26a9e8f2318a1eed33d7638b125695e8de3a9796
Change-Id: I15a02289d35c4c22091fc6c64d91f1ba7f89e495
Timo Tijhof [Sat, 8 Oct 2016 01:15:15 +0000 (03:15 +0200)]
Skin: Reduce database queries for footer links on every page
When viewing Special:Blankpage there are still 6 database queries
on every page view. 3 of these are from the Skin:
> $tpl->set( 'disclaimer', $this->disclaimerLink() );
> $tpl->set( 'privacy', $this->privacyLink() );
> $tpl->set( 'about', $this->aboutLink() );
In Wikimedia production, Xenon flame graphs (reversed) for index.php
attribute 22% of LinkCache::fetchPageRow calls to Skin::footerLink().
Add them to Skin::preloadExistence() instead.
Change-Id: I61c285be08a2130fb39b75ca717ea83f297c4489
niharika29 [Tue, 8 Nov 2016 14:44:13 +0000 (14:44 +0000)]
Add var to User class to store block type for eventlogging purposes
Bug: T146230
Change-Id: I70b54243a3018191a4e0cc311e90f66d240e1813
Timo Tijhof [Mon, 7 Nov 2016 23:47:15 +0000 (23:47 +0000)]
resourceloader: Remove top/bottom queue distinction
* The styles queue has always been top-only
(except for a few months in 2015).
* The top queue loads asynchronous since mid-2015. (T107399)
And LocalStorage eval, previously the last remaining non-async part
of module loading, is also async as of October 2016. (T142129)
* This change merges the bottom 'mw.loader.load()' queue with the top queue.
It also moves any other snippets potentially in the bottom queue still:
- embed: I couldn't find any private modules with position=bottom
(doesn't make sense due to their blocking nature). If any do exist,
(third-party extensions?), they'll now be embedded in the <head>.
- scripts: Any legacy 'only=scripts' requests will now initiate
from the <head>.
Bug: T109837
Change-Id: I6c21e3e47c23df33a04c42ce94bd4c1964599c7f
jenkins-bot [Wed, 16 Nov 2016 19:24:19 +0000 (19:24 +0000)]
Merge "LegacyLogger: Fix @return documentation for formatAsWfDebugLog()"
James D. Forrester [Wed, 16 Nov 2016 18:58:27 +0000 (10:58 -0800)]
Follow-up
1cc3a57: Move changes from RELEASE-NOTES-1.28 to 1.29
1.28.0 has already branched and this won't be back-ported.
Change-Id: I1ac1bbc992c665accd3df512eeb6a40ee790ec41
Timo Tijhof [Wed, 16 Nov 2016 18:56:04 +0000 (10:56 -0800)]
LegacyLogger: Fix @return documentation for formatAsWfDebugLog()
Follows-up
81e8d7af4.
Change-Id: I04a1bb53e5d35434166596edda4cdb1fe189964b
jenkins-bot [Wed, 16 Nov 2016 18:44:20 +0000 (18:44 +0000)]
Merge "Send a cookie with autoblocks to prevent vandalism."
jenkins-bot [Wed, 16 Nov 2016 18:40:49 +0000 (18:40 +0000)]
Merge "Add --msleep option to purgeParserCache.php"
Tyler Anthony Romeo [Thu, 7 Feb 2013 21:56:54 +0000 (16:56 -0500)]
Send a cookie with autoblocks to prevent vandalism.
Send a cookie with blocks that have autoblock turned on so that
the user will be identified to MediaWiki and any IP they try
to edit anonymously from will be blocked, even without logging
in to the originally blocked account. Additionally, the block
info is stored in local storage as well as an even stronger
deterrence.
Note: this is meant to deter normal vandals, i.e., not attackers
who know what cookies and local storage are and will be actively
removing the cookie.
This feature is disabled by default, and can be enabled with the
new $wgCookieSetOnAutoblock configuration variable (by setting
it to true);
The cookie will expire at the same time as the block or after
$wgCookieExpiration (whichever is sooner).
Bug: T5233
Bug: T147610
Change-Id: Ic3383af56c555c1592d272490ff4da683b9d7b1b
Aaron Schulz [Thu, 27 Oct 2016 06:38:30 +0000 (23:38 -0700)]
MessageCache invalidation improvements
* Increase time range for getValidationHash() using "latest" values.
The lower value ran the risk of regenerating from slaves and ending
up with *older* data than what was there.
* Avoid cache set() calls in replace() unless the lock was acquired.
Use delete() instead in that case, which invalidates the cache.
* Remember if the cache is volatile in process memory instead of doing
check key lookups for each "big" message to determine this. Use the
message hash in the big message keys so purges to the former chain
down to the latter. An "EXCESSIVE" key/revision map is now used in
the main cache for big messages. This means that editing an existing
big message will result in a different hash value. This is needed so
purges propage correctly.
* Add logging when replace() fails to acquire the lock.
* Factored message cache update code duplication into a new method.
* Use makeKey() in more places, replacing deprecated wfMemcKey().
Change-Id: Idc337a787171949c4f70186b13d7b65304c9b57f
jenkins-bot [Wed, 16 Nov 2016 11:26:44 +0000 (11:26 +0000)]
Merge "mw.ForeignStructuredUpload.BookletLayout: Remove incorrect comment"
Bartosz Dziewoński [Wed, 16 Nov 2016 10:42:25 +0000 (11:42 +0100)]
mw.ForeignStructuredUpload.BookletLayout: Remove incorrect comment
This was added in
c0fb8a883633f110a8083a164672e8334714d450;
the issue was fixed in
f2fbab67a16dec81cd1cd4751b5bb820f064b523.
Change-Id: I61d9af66f34d97765ed1b32e305e017779cb93ca
Hashar [Wed, 16 Nov 2016 10:35:20 +0000 (10:35 +0000)]
Revert "objectcache: detect default getWithSetCallback() set options"
Causes HHVM 3.12.7 to segfault and or:
Fatal error: Stack overflow in includes/libs/objectcache/BagOStuff.php on line 754
This reverts commit
b47ce21cec3a4340dd37c773210a514350f10297.
Bug: T150833
Change-Id: Ia52fdf65f5e386c0eaa1046328680fb5c8a9081a
jenkins-bot [Wed, 16 Nov 2016 08:37:07 +0000 (08:37 +0000)]
Merge "Reduce default cookie expiration time to 30 days"
Gergő Tisza [Tue, 15 Nov 2016 02:51:31 +0000 (02:51 +0000)]
Reduce default cookie expiration time to 30 days
Cookie expiration time was increased to 180 day in
7d7ebfc to make
logins last longer. Since
16cea35 made login cookie length separately
configurable, this setting does not make much sense anymore and should
be restored to a more privacy-friendly default.
Change-Id: Ia2d200a20c4954fa7cd50197f44471e98061a425
jenkins-bot [Wed, 16 Nov 2016 05:12:26 +0000 (05:12 +0000)]
Merge "objectcache: Remove broken cas() method from WinCacheBagOStuff"
Aaron Schulz [Fri, 11 Nov 2016 20:14:51 +0000 (12:14 -0800)]
objectcache: Remove broken cas() method from WinCacheBagOStuff
Bug: T120896
Change-Id: I9406a50df8e900b4fc5861c2174ba7a63a0dd765
Aaron Schulz [Sat, 22 Oct 2016 04:12:12 +0000 (21:12 -0700)]
objectcache: detect default getWithSetCallback() set options
This works by setting a callback to return the cache set
options. The callback will watch DB reads and create a
merged result from said usage.
This handles callers that are missing getCacheSetOptions().
Change-Id: Ia264f011e45e8cf105480955dad7e2c4c2357b73
jenkins-bot [Wed, 16 Nov 2016 02:46:31 +0000 (02:46 +0000)]
Merge "Make NumericUppercaseCollation use localized digit transforms"
jenkins-bot [Wed, 16 Nov 2016 02:16:20 +0000 (02:16 +0000)]
Merge "Add first letter data for bn collation (Standard and Traditional)"
jenkins-bot [Wed, 16 Nov 2016 01:25:28 +0000 (01:25 +0000)]
Merge "build: Bump eslint-config-wikimedia to v0.3.0 (already passes)"
Tim Starling [Tue, 15 Nov 2016 05:11:15 +0000 (16:11 +1100)]
Rewrite runBatchedQuery.php
This maintenance script was previously introduced as a way to do large
UPDATE queries in a replication safe way. However, in modern versions of
MySQL, UPDATE...LIMIT is considered a non-replication-safe query, and
will emit a warning.
So instead, ask the user to provide slightly more structured data about
the update query being done, and partition the table based on an index.
In the UPDATE queries, specify index ranges instead of using LIMIT.
Also add a "db" option, which allows the script to update databases
which are not valid wiki names, for example, centralauth.
Change-Id: I462bdcb03e107af9db4738895952d5110f0ec4fc
jenkins-bot [Wed, 16 Nov 2016 00:21:23 +0000 (00:21 +0000)]
Merge "build: Replace jscs+jshint with eslint"
jenkins-bot [Wed, 16 Nov 2016 00:18:12 +0000 (00:18 +0000)]
Merge "Throttler: improve log message compatibility with Monolog logger"
Brian Wolff [Thu, 27 Oct 2016 08:09:11 +0000 (08:09 +0000)]
Add first letter data for bn collation (Standard and Traditional)
This is based solely on looking at the bn.txt collation data
file. It has not been tested by native speakers.
Bug: T148885
Change-Id: Ide926bc5ee8752269ef6a1bfe972e19b7188d193
jenkins-bot [Tue, 15 Nov 2016 23:36:18 +0000 (23:36 +0000)]
Merge "Add ParserFetchTemplate hook"
James D. Forrester [Tue, 15 Nov 2016 23:15:18 +0000 (15:15 -0800)]
build: Bump eslint-config-wikimedia to v0.3.0 (already passes)
Change-Id: Iee727a4521acd8c221733c7bd763cbf2adb9bd49
Ed Sanders [Tue, 15 Nov 2016 21:02:04 +0000 (21:02 +0000)]
build: Replace jscs+jshint with eslint
Change-Id: Id0a23c03aabadfaf2ec705528ae4b3bd0908fa3e
jenkins-bot [Tue, 15 Nov 2016 22:47:23 +0000 (22:47 +0000)]
Merge "parserTests: Use a mock parser during article insertion"
Bryan Davis [Tue, 15 Nov 2016 22:18:08 +0000 (15:18 -0700)]
Throttler: improve log message compatibility with Monolog logger
The `type` log event attribute is used in Wikimedia production logging
to categorize log events by source (e.g. 'mediawiki', 'restbase', etc).
Adding a `type` key to the logging context overwrites the default value
of 'mediawiki'. Rename the key to `throttle` in the context and the
message template.
Change-Id: Ic274159774e43a8749f83c850fff7897956cf377
jenkins-bot [Tue, 15 Nov 2016 22:03:02 +0000 (22:03 +0000)]
Merge "Fix typo in #getDateFromExif"
jenkins-bot [Tue, 15 Nov 2016 21:31:17 +0000 (21:31 +0000)]
Merge "Make /*jshint -W024*/ global to allow 'static' as property"
Translation updater bot [Tue, 15 Nov 2016 21:14:19 +0000 (22:14 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I1a4e9666a3207aecab05e6c377515e548d63aebd
Ed Sanders [Tue, 15 Nov 2016 21:02:56 +0000 (21:02 +0000)]
Fix typo in #getDateFromExif
Actually use fileStr instead of fileReader.result directly.
Change-Id: I470799c65c06e191c8ca81aee2f286676be1c8f9
jenkins-bot [Tue, 15 Nov 2016 20:43:02 +0000 (20:43 +0000)]
Merge "Add parser test for "Piped link with empty link text""
Bartosz Dziewoński [Wed, 2 Nov 2016 20:00:40 +0000 (21:00 +0100)]
Make /*jshint -W024*/ global to allow 'static' as property
We use it all over the place in things that use OOjs, which uses the
'static' property internally. While we support some non-ES5 browsers,
this ES5 feature (being able to parse code that uses a reserved word
as an object property name) works in all of them too.
Change-Id: If641642242292fe38c95f690a9409edaf3683a9f
umherirrender [Sat, 25 Jun 2016 19:39:50 +0000 (21:39 +0200)]
Add parser test for "Piped link with empty link text"
Change-Id: Iea2bcf3d3ff618973d2300fef702fa0667db3c93
jenkins-bot [Tue, 15 Nov 2016 18:43:33 +0000 (18:43 +0000)]
Merge "ApiSandbox: Add text about limit's "max" value"
Bartosz Dziewoński [Tue, 15 Nov 2016 17:55:48 +0000 (18:55 +0100)]
mw.jqueryMsg: Match behavior when key does not exist to PHP
Follow-up to
e681e5d8c974914f957e24fd29de5caf160152fb. This only
affects the output of '{{int:}}' in jqueryMsg-parsed messages.
See
184658eb32f6c5561cd3789716bd98c1e9f0ba04.
Change-Id: I90390e014b897084692fb1a86a5a8bcefd93ff11
jenkins-bot [Tue, 15 Nov 2016 18:02:35 +0000 (18:02 +0000)]
Merge "ApiSandbox: Don't use OO.ui.NumberInputWidget for limit fields"
James D. Forrester [Tue, 15 Nov 2016 17:28:03 +0000 (09:28 -0800)]
Follow-up
e681e5d: Correct typo in test comment
Change-Id: I9212b38cb5335eea722c7be258460305dd011653
Translation updater bot [Tue, 15 Nov 2016 14:08:35 +0000 (15:08 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I88c0084340fa0a55f72cfce2b82e55a8fce1631c
MarcoAurelio [Mon, 14 Nov 2016 16:45:49 +0000 (17:45 +0100)]
Add $specialPageAliases for Bengali (bn)
Bug: T150586
Change-Id: Iac08fcaa9e501b3e88c348f15539619defe067c2
jenkins-bot [Tue, 15 Nov 2016 09:44:31 +0000 (09:44 +0000)]
Merge "Initialize gallery slideshow on wikipage.content hook"
jenkins-bot [Tue, 15 Nov 2016 09:34:53 +0000 (09:34 +0000)]
Merge "Fix message name for passwordreset-invalidemail"
jenkins-bot [Tue, 15 Nov 2016 05:25:34 +0000 (05:25 +0000)]
Merge "Fix multiple bugs in EncryptedPassword"
Tim Starling [Mon, 14 Nov 2016 10:04:30 +0000 (21:04 +1100)]
Fix multiple bugs in EncryptedPassword
* openssl_decrypt() expects the encrypted string you give it to be the
exact one that came out of openssl_encrypt(), it doesn't expect you to
pre-decode the base64 encoding. So don't do that.
* Use the same IV when re-encrypting the underlying hash for comparison.
* Check the return value of OpenSSL functions, and report meaningful
error messages, for sysadmin convenience and to avoid e.g. giving all
users the same hash if an invalid cipher method was chosen (which was
the previous behaviour).
* Fix EncryptedPassword::update(). Tested it with eval.php since there
doesn't seem to be any callers.
Change-Id: I3a39de152d0329f93d16aa4ed43faf08f665b8e2
Brian Wolff [Tue, 15 Nov 2016 03:44:49 +0000 (03:44 +0000)]
Use different varname for upgraded hash from original hash
I found this confusing when reading the code. This should have
identical logic but slightly clearer.
Change-Id: I4918c29bd5dca3642de7bb60219fc246299d952d
jenkins-bot [Tue, 15 Nov 2016 03:48:31 +0000 (03:48 +0000)]
Merge "Fix SpecialPasswordResetOnSubmit parameter handling"
Brian Wolff [Tue, 15 Nov 2016 03:40:42 +0000 (03:40 +0000)]
Fix message name for passwordreset-invalidemail
This adjust the qqq.json and en.json file. I didn't touch the
other language files for fear of messing with however translatewiki
export works.
Change-Id: Ia4b7a9230b0a1cd9aacdcb57ccde186d469c9571
jenkins-bot [Tue, 15 Nov 2016 03:05:00 +0000 (03:05 +0000)]
Merge "Followup to I5b47e5a"
Gergő Tisza [Tue, 15 Nov 2016 02:27:02 +0000 (02:27 +0000)]
Fix SpecialPasswordResetOnSubmit parameter handling
Special:PasswordReset will take either the username or the email
into account but never both. Reflect this in the way parameters
are passed to the hook.
This also makes sure hook handlers never receive an unsanitized
email address.
Change-Id: I8d3b3d81e0cd5f92e5cd0a866a16695638610592
Gergő Tisza [Tue, 15 Nov 2016 02:39:44 +0000 (02:39 +0000)]
Followup to I5b47e5a
We have logging now, just not in this class.
Change-Id: Idd3c2cbcc22d06428740f9310a8116ce6f1fa355
jenkins-bot [Tue, 15 Nov 2016 02:34:19 +0000 (02:34 +0000)]
Merge "Add better logging to password reset"
Tim Starling [Mon, 14 Nov 2016 23:54:44 +0000 (10:54 +1100)]
Accept salted password hashes with :A: prefixes
Partially reverting Icb809274f9f63.
The broken :A: prefixed passwords generated by MW before that change
were apparently written back to the database -- there are 2.5M in enwiki
alone. Accepting them should not depend on $wgPasswordSalt, which is a
deprecated global and should soon be removed.
Change-Id: I772de0fb17245d080eb15a7d5df6bf3125e1f71a