Tim Starling [Tue, 4 Sep 2018 01:59:03 +0000 (11:59 +1000)]
Introduce NameTableStoreFactory
With a separate service for each of the NameTableStore tables, it
wasn't possible to instantiate a NameTableStore for a foreign wiki,
leading to the inelegant situation of having RevisionStoreFactory
construct a new NameTableStoreFactory every time a RevisionStore for a
foreign wiki was requested. These NameTableStore objects were not
tracked in any structured way, so there was no way to reset them for
tests.
So, introduce NameTableStoreFactory, which tracks object instances for
both local and remote table access.
This also avoids having schema details in ServiceWiring.php.
Depends-On: I5c78cfb8bf90eca935a3264592366f63517c4fad
Bug: T202641
Change-Id: Ic0f2d1d94bad9dcc047ff19a1f92db89b7e014ce
jenkins-bot [Tue, 4 Sep 2018 04:49:41 +0000 (04:49 +0000)]
Merge "Don't save and restore the interwiki table"
Tim Starling [Tue, 4 Sep 2018 00:51:18 +0000 (10:51 +1000)]
Don't save and restore the interwiki table
In fact it always has zero rows. Well, at least it does until
ApiQuerySiteinfoTest::testInterwikiMap() inserts two rows without using
@group Database, and then it has two rows from then on. It's meant to
have zero rows.
This saves time and memory.
Revert of
f17feae3a991de9f54e0f57d91fe95bf84211fcb
Change-Id: Ibdb12ff941d2cb47143bdff176072ef9078fa0f7
jenkins-bot [Tue, 4 Sep 2018 02:20:12 +0000 (02:20 +0000)]
Merge "Don't throw an exception when waiting for replication times out"
MGChecker [Tue, 4 Sep 2018 01:39:41 +0000 (03:39 +0200)]
registration: Use null coalescing operator
Change-Id: Iba5df6fe8c647baaaff91df311efec22cca7e88f
jenkins-bot [Tue, 4 Sep 2018 00:27:07 +0000 (00:27 +0000)]
Merge "Reset services before every test"
jenkins-bot [Tue, 4 Sep 2018 00:23:29 +0000 (00:23 +0000)]
Merge "Avoid constructing Title objects in data providers"
jenkins-bot [Tue, 4 Sep 2018 00:23:24 +0000 (00:23 +0000)]
Merge "Reduce memory usage on ServiceContainer destruction"
Fomafix [Sat, 1 Sep 2018 14:07:57 +0000 (16:07 +0200)]
resourceloader: Avoid duplicate existence check
The check above with the mw.loader.register( name ) ensures that
hasOwn.call( registry, name )
is always true.
Change-Id: I10e2a23bd5c11fbf53fd4fc59ba2e5d94f157254
Kunal Mehta [Mon, 3 Sep 2018 22:17:19 +0000 (15:17 -0700)]
Document expected escaping level for Xml::submitButton()
Change-Id: I36db99c7f6efc79e52e7fad6cf8b8bad7a6ded37
jenkins-bot [Mon, 3 Sep 2018 22:07:08 +0000 (22:07 +0000)]
Merge "registration: Add ability to check if a specific extension version is loaded"
jenkins-bot [Mon, 3 Sep 2018 22:07:03 +0000 (22:07 +0000)]
Merge "SpecialPreferences: Escape HTML in tab titles in legacy form"
jenkins-bot [Mon, 3 Sep 2018 21:58:31 +0000 (21:58 +0000)]
Merge "EditWatchlistNormalHTMLForm: Fix double-escaping of section legends"
MGChecker [Tue, 28 Aug 2018 02:39:16 +0000 (04:39 +0200)]
registration: Add ability to check if a specific extension version is loaded
As it's quite common that extensions and skins interact with each other, it's
useful to have a simple way to check if an extension version satisfies a
given constraint, as extensions change over time.
Bug: T202955
Change-Id: I19f9713caf89d647072a2bd7d598e739be383f4a
Bartosz Dziewoński [Mon, 3 Sep 2018 20:08:11 +0000 (22:08 +0200)]
EditWatchlistNormalHTMLForm: Fix double-escaping of section legends
Parent getLegend() returns a plain string, and this method should
do the same.
Form section legends are escaped by the wrapFieldSetSection() method.
Change-Id: I2059b9182fba7362f3d6226252bdc3e032a06c57
Translation updater bot [Mon, 3 Sep 2018 19:57:47 +0000 (21:57 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I344962ad1d1a66b6f552172811863e6a413a7b1b
Bartosz Dziewoński [Mon, 3 Sep 2018 19:21:42 +0000 (21:21 +0200)]
SpecialPreferences: Escape HTML in tab titles in legacy form
They shouldn't intentionally contain HTML (except by abuse of
PreferencesGetLegend hook), and other than trivial formatting,
it wouldn't display correctly because they are styled as links.
It is already being escaped in OOUI form.
Change-Id: I303afe92fcb0208d1a2b040321866c0c95f27aa9
jenkins-bot [Mon, 3 Sep 2018 19:16:59 +0000 (19:16 +0000)]
Merge "Use PHP 7 '??' operator instead of '?:' (round 2)"
Bartosz Dziewoński [Mon, 3 Sep 2018 17:57:23 +0000 (19:57 +0200)]
Use PHP 7 '??' operator instead of '?:' (round 2)
A few issues have snuck in since I33b421c8cb11cdd4ce896488c9ff5313f03a38cf.
Change-Id: Ib75470a7a3c19e2d48f498b396eee6ed733690e4
Tim Starling [Thu, 30 Aug 2018 11:35:25 +0000 (21:35 +1000)]
Reset services before every test
Trying to avoid resetting services introduces a lot of complexity and
several bugs. We were doing a reset for 70% of @group Database tests
anyway.
Instead:
* Reset services at the start of MediaWikiTestCase::run().
* Capture the actual original service container instead of making a
special shared service container.
* The test-isolated local service container can now only be initialised
non-statically. Revert the recent conversion of overrideMwServices()
to static.
* Store a reference to the local service container in the test case
object. In MediaWikiTestCase, always use the original or local service
container directly, to avoid confusion about which one is active at
the time.
* Remove a lot of unnecessary teardown
* Always call ServiceContainer::destroy() before forceGlobalInstance()
since the memory is not otherwise freed.
Change-Id: I4a17c1c7ec92c14e3bc471f0216473ebe19477b9
daniel [Fri, 31 Aug 2018 04:56:42 +0000 (14:56 +1000)]
Avoid constructing Title objects in data providers
Bug: T202641
Change-Id: I34efa0b9329e740bcb292b2529ec8f7f925dc346
Tim Starling [Fri, 31 Aug 2018 03:05:32 +0000 (13:05 +1000)]
Reduce memory usage on ServiceContainer destruction
The closures in ServiceContainer::$serviceInstantiators are circular
references which prevent destruction of the object. So, delete these
when destroy() is called. Also delete the service instances for good
measure.
Change-Id: Ic8487cb533a09a8fcc69eba4f5d1bbb71558ae08
petarpetkovic [Fri, 24 Aug 2018 22:37:07 +0000 (00:37 +0200)]
Remove jQuery.inArray usages
Replace jQuery.inArray with Array.prototype.indexOf.
Also enforce this via eslint rule.
Bug: T200877
Change-Id: Idbd06e6a1681300c4ab9142c7b57e4376f474041
jenkins-bot [Mon, 3 Sep 2018 06:33:29 +0000 (06:33 +0000)]
Merge "A major update to MessagesSah.php from HalanTul"
jhsoby [Thu, 23 Aug 2018 09:21:10 +0000 (11:21 +0200)]
Fix autonym for Armenian
The Armenian autonym should not have a capital
initial, as names of languages are not proper
nouns in that language.
Bug: T202611
Change-Id: I17cd8706f5fee2f39255c3407b758103e4cb5455
Tim Starling [Thu, 16 Aug 2018 07:01:55 +0000 (17:01 +1000)]
Don't throw an exception when waiting for replication times out
For maintenance scripts it is usually harmful to throw an exception.
For jobs the exception was already caught and handled appropriately,
so this can continue as before. For DeferredUpdates it was extremely
harmful to throw an exception. So in the web case, reduce the timeout to
1s and continue as normal if the 1s timeout is reached. This allows the
DeferredUpdate to be throttled without being killed.
In the updater, increase the replication wait timeout to 5 minutes.
ALTER TABLE could indeed cause replication lag, but exiting the update
script with an exception will probably ruin your day. Update actions are
not necessarily efficiently restartable.
Do not call JobQueue::waitForBackups() when jobs are popped. Maybe it
makes sense to call a queue-specific replication wait function for
bulk inserts, like copyJobQueue.php, but doing it when jobs are popped
just makes no sense. Surely the worst that could happen is that the
queue would become locally empty? Removing this waitForBackups() call
avoids waiting for replication twice when JobQueueDB is used.
Bug: T201482
Change-Id: Ia820196caccf9c95007aea12175faf809800f084
jenkins-bot [Sun, 2 Sep 2018 21:54:58 +0000 (21:54 +0000)]
Merge "Update documentation of getPageviewToken"
Amire80 [Fri, 20 Jul 2018 09:22:59 +0000 (11:22 +0200)]
A major update to MessagesSah.php from HalanTul
Change-Id: I598e131c1d6296615264254101860db77e790c4d
jenkins-bot [Sun, 2 Sep 2018 17:02:43 +0000 (17:02 +0000)]
Merge "RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section"
Zoranzoki21 [Fri, 31 Aug 2018 21:08:08 +0000 (21:08 +0000)]
Fix common typos in code
Bug: T201491
Change-Id: Id962b79f2590c51380cb977e727b7548abc11d33
T. Bayer [Sun, 2 Sep 2018 04:57:02 +0000 (21:57 -0700)]
Update documentation of getPageviewToken
Reflect the recent increase from 64 to 80 bits in generateRandomSessionId
Bug: T201124
Change-Id: I699067f6ae34632c690213930bc3bb7c52508112
Kunal Mehta [Tue, 28 Aug 2018 22:02:57 +0000 (15:02 -0700)]
Use PSR-4 autoloader for includes/auth/
Change-Id: I63dec06f231a57093086f129b3c1d0ebe1389bab
jenkins-bot [Sat, 1 Sep 2018 20:40:23 +0000 (20:40 +0000)]
Merge "Split AuthManagerAuthPluginUser into a separate file"
Translation updater bot [Sat, 1 Sep 2018 20:06:16 +0000 (22:06 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Idc19c609271bfddaf01ba676224307b58f1b186a
Timo Tijhof [Sat, 1 Sep 2018 19:50:15 +0000 (20:50 +0100)]
RELEASE-NOTES: Use New/Changed/Removed pattern for Configuration section
This was already used for external libraries. This commit
changes the order to be consistently 'New/Changed/Removed',
and adopts the pattern for configuration changes as well.
For improved scannability, the bullet points now start with
the name of the configuration setting(s), followed by a sentence,
with an optional ticket in brackets after the sentence(s).
* A number of bullet points under "Configuration changes" were
in fact, not configuration changes. These have been moved to
"New features" or "Other changes" for now.
* Add mention of the relevant configuration variable to some
of the release notes: $wgTidyDriver, `watchlistdays`,
$wgGroupPermissions, $wgGroupPermissions.
Also fix ReleaseNotesTest to count characters, not bytes,
this was causing it to count – as two, and € as three.
Change-Id: Ie89dac6408f8a8dafbf59efe73a11f4d282c0c6b
jenkins-bot [Sat, 1 Sep 2018 19:56:33 +0000 (19:56 +0000)]
Merge "Drop the transcache table from the schema"
jenkins-bot [Sat, 1 Sep 2018 18:32:52 +0000 (18:32 +0000)]
Merge "Add taint annotation and warnings to Language::convert() et al"
Brian Wolff [Sat, 1 Sep 2018 08:25:37 +0000 (08:25 +0000)]
Add taint annotation and warnings to Language::convert() et al
If you feed this method unescaped data, it can cause later calls
to be an XSS, which is something I think deserves a warning.
Bug: T202571
Change-Id: I34cb3da9232a22defffb80466263c2f2233822ef
jenkins-bot [Sat, 1 Sep 2018 11:08:26 +0000 (11:08 +0000)]
Merge "Add a hook to allow changing the query of Special:AncientPages in extensions"
Aaron Schulz [Tue, 28 Aug 2018 17:44:03 +0000 (10:44 -0700)]
Drop the transcache table from the schema
Bug: T189702
Change-Id: I3286a99165953392126fcff07d565738863de6a1
jenkins-bot [Sat, 1 Sep 2018 00:38:48 +0000 (00:38 +0000)]
Merge "mediawiki.user: Fix missing array initialization in generateRandomSessionId"
Timo Tijhof [Fri, 31 Aug 2018 19:44:17 +0000 (20:44 +0100)]
mediawiki.user: Fix missing array initialization in generateRandomSessionId
Array was not properly initialized and thus browsers
that do not support Crypto API where displaying an error
on console.
The tests failed to catch this because assigning window.crypto
to `undefined` does not work (it is a read-only property). This
"fallback" test was actually testing the regular Crypto-based path
a second time.
Bug: T203275
Co-Authored-By: Timo Tijhof <krinklemail@gmail.com>
Change-Id: I8feecddf0878a739e560085f7897ebc3d8100c02
jenkins-bot [Fri, 31 Aug 2018 21:39:32 +0000 (21:39 +0000)]
Merge "Expand special page aliases for Serbian"
jenkins-bot [Fri, 31 Aug 2018 21:00:13 +0000 (21:00 +0000)]
Merge "resources: Use official SRI metadata for qunitjs"
jenkins-bot [Fri, 31 Aug 2018 20:42:43 +0000 (20:42 +0000)]
Merge "Fix wfDebug() test so that it works with overridden SPI"
L10n-bot [Fri, 31 Aug 2018 19:55:15 +0000 (19:55 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Fri, 31 Aug 2018 19:55:05 +0000 (21:55 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ic81e27c4502c3ec52beef3936dd5d9b509c98c1a
Brian Wolff [Fri, 31 Aug 2018 19:32:46 +0000 (19:32 +0000)]
Add taint annotation to HtmlForm::getHTML()
This is to help AbuseFilter pass phan-taint-check.
Change-Id: I73a6a626337037f6b0cee04b0afb5a59907d3be6
Timo Tijhof [Fri, 31 Aug 2018 19:32:16 +0000 (20:32 +0100)]
resources: Use official SRI metadata for qunitjs
When originally added last week, only /jquery/ had SRI metadata
published. The /qunit/ page template on the jQuery CDN wasn't
displaying the SRI metadata, so we generated our own for the time
being. This is now fixed upstream, which makes the hashes easier
to verify.
Change-Id: I922af4a46887f22b6791d5799c87f71ddae40b91
jenkins-bot [Fri, 31 Aug 2018 19:14:13 +0000 (19:14 +0000)]
Merge "Change @return-taint to use onlysafefor_html instad of escapes_html"
jenkins-bot [Fri, 31 Aug 2018 18:53:44 +0000 (18:53 +0000)]
Merge "Use annotations for taint in Parser & ParserOutput."
jenkins-bot [Fri, 31 Aug 2018 17:39:51 +0000 (17:39 +0000)]
Merge "Title: Fix isRawHtmlMessage() for messages with underscores"
Kunal Mehta [Tue, 28 Aug 2018 19:47:49 +0000 (12:47 -0700)]
Title: Fix isRawHtmlMessage() for messages with underscores
Title::getRootText() uses the text form (spaces) of the title, while
$wgRawHtmlMessages was specifying them in dbkey form (underscores).
And add tests while we're at it. Which spotted that the existing
code didn't work. Whoops. Fixed.
Change-Id: I05eea553c588e0f99f862e07ad15386507ed0728
jenkins-bot [Fri, 31 Aug 2018 16:41:15 +0000 (16:41 +0000)]
Merge "resourceloader: Use 'this' to access the mw.loader.store internally"
jenkins-bot [Fri, 31 Aug 2018 15:56:41 +0000 (15:56 +0000)]
Merge "resourceloader: Remove redundant '!!' from startup.js"
Brian Wolff [Fri, 31 Aug 2018 15:55:44 +0000 (15:55 +0000)]
Use annotations for taint in Parser & ParserOutput.
This replaces the builtin taints that are removed in
Ic1e1983a51c. Additionally, parse will no longer warn about
double escaping - there's many situations where such warnings
are wrong (e.g. Using Html::rawElement()). However this also
means that Parser::parse( wfMessage( 'foo' )->parse() ); will
no longer give a double escaping warning, which is unfortunate.
Bug: T202380
Change-Id: Ia52d37411beb62b112c6ff102438063c3d750769
Agabi10 [Thu, 30 Aug 2018 13:35:44 +0000 (13:35 +0000)]
Add a hook to allow changing the query of Special:AncientPages in extensions
Bug: T76287
Change-Id: I6aa4d8e6140d405476a6f480156f24f2c05019cb
jenkins-bot [Fri, 31 Aug 2018 12:44:54 +0000 (12:44 +0000)]
Merge "Minor cleanup in backup test cases"
jenkins-bot [Fri, 31 Aug 2018 11:38:15 +0000 (11:38 +0000)]
Merge "Make HTML generation in RenderedRevision optional"
jenkins-bot [Fri, 31 Aug 2018 11:38:10 +0000 (11:38 +0000)]
Merge "Add test for {{subst:REVISIONUSER}}"
jenkins-bot [Fri, 31 Aug 2018 11:25:15 +0000 (11:25 +0000)]
Merge "[MCR] Introduce RevisionRenderer"
daniel [Fri, 31 Aug 2018 10:49:19 +0000 (12:49 +0200)]
Add test for {{subst:REVISIONUSER}}
This tests that revision meta-data is available for Pre-Save Transform.
Change-Id: I62f73ea24784b539cdf8229aeb1f8efa62631248
daniel [Mon, 13 Aug 2018 20:33:31 +0000 (22:33 +0200)]
Make HTML generation in RenderedRevision optional
This allows optimization for situations in which a caller
needs the meta-data of a ParserOutput, and the respective
ContentHandler can provide that meta-data without generating
HTML output.
Bug: T194048
Change-Id: I786d294d18a6a2e3cea61577313e21b578c44f1e
Brian Wolff [Fri, 31 Aug 2018 09:47:24 +0000 (09:47 +0000)]
Change @return-taint to use onlysafefor_html instad of escapes_html
This prevents some double escaped warnings. Requires
I2f4e33656b9f94 to be effective. Follow up
faf2e14517b05f8.
Change-Id: I255c96592f3baff2df34e07c81510c8874908e28
Bug: T202797
Tim Starling [Fri, 31 Aug 2018 00:45:34 +0000 (10:45 +1000)]
Fix wfDebug() test so that it works with overridden SPI
Fix testDebugFunctionTest() so that it works when LocalSettings.php
sets $wgMWLoggerDefaultSpi
Change-Id: I5e573b0ce1ce037c3505d3b44d9710395c9af8d6
Kunal Mehta [Fri, 31 Aug 2018 04:46:10 +0000 (21:46 -0700)]
Set @param-taint for Parser::internalParse()
This is not strictly accurate, because Parser::internalParse() actually
returns half-parsed HTML, which is not safe for output. But it is safe for
output from a parser tag.
Maybe phan-taint-check plugin needs to learn about half-parsed HTML as an
extra taint type, and make that an acceptable thing for parser tags to return,
but not other things.
But this fixes the failures for the Listings extension, so I think it's
worthwhile in the meantime.
Change-Id: Idf87f5c3dcf81dd210de73a4ff15e3b1aabd9f89
daniel [Fri, 31 Aug 2018 04:30:22 +0000 (14:30 +1000)]
Minor cleanup in backup test cases
Change-Id: Iab2ad5a19b32cd32c2ea9c9dd0b589428056c86d
Timo Tijhof [Fri, 31 Aug 2018 02:21:25 +0000 (03:21 +0100)]
resourceloader: Use 'this' to access the mw.loader.store internally
Shorter and more intuitive. All of these functions are always
called as methods on the mw.loader.store objects, not detached.
Change-Id: If26851eac1530f023228897392c5067c6e8927af
Timo Tijhof [Fri, 31 Aug 2018 01:50:40 +0000 (02:50 +0100)]
resourceloader: Remove redundant '!!' from startup.js
The outer expression already casts the result to a boolean.
Unit tests in startup.test.js also strictly assert that the
returned values are boolean.
Change-Id: I5709fcd0184b99d289b9cdfeccf8afa960806d59
jenkins-bot [Fri, 31 Aug 2018 00:48:34 +0000 (00:48 +0000)]
Merge "Allow tests to run with a non-writable source tree"
jenkins-bot [Thu, 30 Aug 2018 21:36:47 +0000 (21:36 +0000)]
Merge "resourceloader: Remove selective build optimisation from getModuleContent()"
Timo Tijhof [Thu, 30 Aug 2018 01:42:24 +0000 (02:42 +0100)]
resourceloader: Remove selective build optimisation from getModuleContent()
This follows
5ddd7f91c7, which factored out response building
from ResourceLoader.php to ResourceLoaderModule::buildContent.
As optimisation, I made this method only return the array keys
needed for the current response; based $context->getOnly().
The reason for this refactoring was the creation of the
'enableModuleContentVersion' option to getVersionHash(), which
would use this method to create a module response, and hash it.
During the implementation of that option, I ran into a problem.
getVersionHash() is called by the startup module for each
registered module, to create the manifest. The context for the
StartupModule request itself has "only=scripts". But, we must
still compute the version hashes for whole modules, not just
their scripts.
I worked around that problem in
aac831f9fa by creating a mock
context in getVersionHash() that stubs out the 'only' parameter.
This worked, but made the assumption that the scripts and styles
of a module cannot differ based on the 'only' parameter.
This assumption was wrong, because the 'only' parameter is part
of ResourceLoaderContext and available to all getters to vary on.
Fortunately, the 'enableModuleContentVersion' option is off by
default and nobody currently using it was differing its output
by the 'only' parameter.
I intend to make use of the 'enableModuleContentVersion' option
in StartupModule to fix T201686. And StartupModule outputs a
manifest if the request specifies only=scripts, and outputs
a warning otherwise. As such, it cannot compute its version
if the 'only' parameter is stubbed out.
* Remove the 'only' parameter stubbing.
* Remove the selective building from the buildContent() method.
This was not very useful because we need to build the whole
module regardless when computing the version.
As benefit, this means the in-process cache is now shared between
the call from getVersionHash and the call from makeModuleResponse.
Bug: T201686
Change-Id: I8a17888f95f86ac795bc2de43086225b8a8f4b78
Translation updater bot [Thu, 30 Aug 2018 20:06:08 +0000 (22:06 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I5515e9768e1b1348f2983ed0fa8d6475f49110da
daniel [Tue, 7 Aug 2018 16:52:40 +0000 (18:52 +0200)]
[MCR] Introduce RevisionRenderer
RevisionRenderer is the MCR replacement for Content::getParserOutput,
as outlined in <https://www.mediawiki.org/wiki/User:Daniel_Kinzler_(WMDE)/MCR-PageUpdater>.
Note: This change also introduces quite a bit of code for
merging ParserOutput objects.
Bug: T194048
Change-Id: I871978bf79f67c9e7954fb3fc8528d6e365f2cc1
jenkins-bot [Thu, 30 Aug 2018 15:41:41 +0000 (15:41 +0000)]
Merge "Selenium: selenium-daily NPM script"
Kunal Mehta [Thu, 30 Aug 2018 05:08:32 +0000 (22:08 -0700)]
Linker: Add @return-taint for formatLinksInComment()
Works around a false positive in the phan-taint-check-plugin.
Bug: T202797
Change-Id: If7c9e729ca7624b3f791fe01d0b768791657277b
Kunal Mehta [Thu, 30 Aug 2018 05:06:39 +0000 (22:06 -0700)]
Document expected input and return value for Language::convert()
Bug: T202571
Change-Id: I1598f8a83d9cb2ab9d9e9ba96acd90f70edd59ad
jenkins-bot [Thu, 30 Aug 2018 02:54:03 +0000 (02:54 +0000)]
Merge "Fix some warnings from phan-taint-check"
jenkins-bot [Thu, 30 Aug 2018 02:43:59 +0000 (02:43 +0000)]
Merge "EditPage: Allow summary=0 in URL parameter"
jenkins-bot [Thu, 30 Aug 2018 01:01:13 +0000 (01:01 +0000)]
Merge "resourceloader: Refuse to preview content with </script>"
jenkins-bot [Thu, 30 Aug 2018 01:01:04 +0000 (01:01 +0000)]
Merge "Html: Reject </script> from inlineScript() and leave rest unescaped"
Tim Starling [Thu, 30 Aug 2018 00:48:50 +0000 (10:48 +1000)]
Allow tests to run with a non-writable source tree
It's insecure to allow apps to modify their own source, that's how file
write vulnerabilities escalate to code execution.
Change-Id: I0f79b2b7c7502405a62dcb176d8be4633ce4eda5
James D. Forrester [Wed, 29 Aug 2018 23:31:09 +0000 (16:31 -0700)]
resources: Deprecate jquery.localize, long-replaced by jquery.i18n
Bug: T202154
Change-Id: I2548880987145d41f6a0c6fa7466fb6405e1c5a1
Timo Tijhof [Mon, 20 Aug 2018 00:14:46 +0000 (01:14 +0100)]
resourceloader: Refuse to preview content with </script>
Bug: T200506
Change-Id: I4ab5fbb0f5413aad24360169ba635672ce8d9c8e
Timo Tijhof [Mon, 20 Aug 2018 00:42:15 +0000 (01:42 +0100)]
Html: Reject </script> from inlineScript() and leave rest unescaped
There are three problems with the CDATA approach:
1. It doesn't work.
HTML5 already interprets the contents of <script> tags as CDATA,
which means escaping of characters like & is not needed. In fact,
in HTML5 mode, a plain script tag with <script>0&1;</script>
would be a syntax error. Indicating it is not interpreted as
text, but as CDATA. Effectively, the only thing an HTML parser
looks for is </script>.
And that's exactly the problem. Producing an inline script
containing the characters "</string>" for legitimate reasons,
is currently broken.
No alternate wrapping or setting can make it work, either.
See also:
https://people.wikimedia.org/~krinkle/200506-html-inlinescript.html
which contains:
<script>/*<![CDATA[*/
if (true && true) {
console.log('This is a <script></script> tag (original)');
}
/*]]>*/</script>
In a browser, the script is terminated by the first "</script>",
leaving the code unfinished, throwing a SyntaxError, and outputting
the rest of the script as plain text on the page.
2. CDATA is only for XML mode, whereas MediaWiki does not support
the XML/XHTML output mode (since MediaWiki 1.22). Instead, we only
output HTML (5). Code that does need to produce XML, should use the
class from Xml.php instead.
3. It gives a false sense of security.
We could just remove the CDATA code as-is and that in itself would be an
improvement per point 2 and 3, and would break nothing per point 1.
However, this commit attempts to address the underlying bug by rejecting
the characters "</script>" from input. If this is needed in a literal,
it is the responsibility of the caller to escape it in a way that is
appropiate for how it is used (string, comment, regex, etc.).
There are two ways this can be used currently in core:
* User input as exported through JSON (e.g. mw.config, or mw.messages).
This is already fine as both FormatJson::encode and json_encode handle
escape either < or / in the string by default already.
* Previews of edits to user scripts. This is currently already broken and
causes the script to end early and produce arbitrary HTML on the page.
This commit limits the impact by refusing to output such script in a
broken way. I will further address that use case in a follow-up.
Bug: T200506
Change-Id: I67ceb34eabf2f62fd3f3841b8f1459289fad28fb
jenkins-bot [Wed, 29 Aug 2018 21:49:35 +0000 (21:49 +0000)]
Merge "jobqueue: Use explicit retry when refreshLinks can't get a lock"
jenkins-bot [Wed, 29 Aug 2018 21:49:29 +0000 (21:49 +0000)]
Merge "Add code to read from ct_tag_id in ChangeTags"
jenkins-bot [Wed, 29 Aug 2018 20:42:15 +0000 (20:42 +0000)]
Merge "HTMLForm: Deprecate parameters 'notice', 'notice-messages', 'notice-message'"
jenkins-bot [Wed, 29 Aug 2018 20:37:32 +0000 (20:37 +0000)]
Merge "sitemaps: absolute URL for sitemaps"
Ian Marlier [Wed, 29 Aug 2018 18:02:23 +0000 (14:02 -0400)]
sitemaps: absolute URL for sitemaps
Google, at least, considers sitemap indexes that provide relative URLs
as being broken.
Bug: T202321
Change-Id: I5509be4b165eea9eca36e3f4975f87285ef87911
Bartosz Dziewoński [Fri, 17 Aug 2018 21:04:57 +0000 (23:04 +0200)]
HTMLForm: Deprecate parameters 'notice', 'notice-messages', 'notice-message'
Bug: T197179
Change-Id: I603436e0720fdc0f08f35f3c0630b79865a9c82a
Translation updater bot [Wed, 29 Aug 2018 19:56:11 +0000 (21:56 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I524cbcfe3d8d65c89ba38d60f7320304316ceede
Amir Sarabadani [Sat, 11 Aug 2018 18:34:27 +0000 (20:34 +0200)]
Add code to read from ct_tag_id in ChangeTags
Bug: T194162
Change-Id: I6c9e0c94cdd46fe46ccaf7feb78889f4ab5995f2
jenkins-bot [Wed, 29 Aug 2018 16:25:22 +0000 (16:25 +0000)]
Merge "Apply content wrapping in ParserOutput::getText()"
jenkins-bot [Wed, 29 Aug 2018 15:29:21 +0000 (15:29 +0000)]
Merge "Add tests for article viewing"
daniel [Tue, 28 Aug 2018 16:48:10 +0000 (18:48 +0200)]
Apply content wrapping in ParserOutput::getText()
Instead of applying wrapping the the parser and unwrapping in
ParserOutput::getText(), turn this around and apply wrapping in getText(),
and only if desired.
This avoids search&replace logic for unwrapping, and it also makes it a lot
easier to merge the output of multiple slots for MCR output.
This changes behavior in two hopefully irrelevant ways:
1) the limit report comments will be inside the wrapper div, instead of
following it.
2) if HTML with a wrapper div is explicitly injected into a ParserOutput
object, it will not be possible to unwrap the text.
Bug: T174035
Change-Id: I1641b7995af9bd297f1acd610d583fbf874f34e0
jenkins-bot [Wed, 29 Aug 2018 13:07:00 +0000 (13:07 +0000)]
Merge "Use "break" instead of "continue""
Željko Filipin [Wed, 29 Aug 2018 12:58:04 +0000 (14:58 +0200)]
Selenium: selenium-daily NPM script
selenium-daily just calls selenium-test. It's needed for daily Jenkins job targeting
beta cluster. The script might seem redundant, but it provides flexibility. In case
a repository does not want to run all tests daily, that's easily fixed by updating
the the script.
Bug: T188742
Change-Id: Idf86f94cc31abda4bfcdc1ac4eba29206d9c91f9
jenkins-bot [Wed, 29 Aug 2018 10:34:52 +0000 (10:34 +0000)]
Merge "resourceloader: Remove unused static SkinModule::getLogo method"
jenkins-bot [Wed, 29 Aug 2018 10:06:07 +0000 (10:06 +0000)]
Merge "Install giorgiosironi/eris as require-dev"