Add release notes for 0eb4eaefd3 and f7f71359

[lhc/web/wiklou.git] / includes / resourceloader / ResourceLoaderStartUpModule.php

diff --git a/includes/resourceloader/ResourceLoaderStartUpModule.php b/includes/resourceloader/ResourceLoaderStartUpModule.php
index 2e3c6fc..0416c85 100644 (file)
--- a/includes/resourceloader/ResourceLoaderStartUpModule.php
+++ b/includes/resourceloader/ResourceLoaderStartUpModule.php
@@ -29,9 +29,13 @@
  * the ability to vary based extra query parameters, in addition to those
  * from ResourceLoaderContext:
  *
- * - target: Only register modules in the client allowed within this target.
+ * - target: Only register modules in the client intended for this target.
  *   Default: "desktop".
  *   See also: OutputPage::setTarget(), ResourceLoaderModule::getTargets().
+ *
+ * - safemode: Only register modules that have ORIGIN_CORE as their origin.
+ *   This effectively disables ORIGIN_USER modules. (T185303)
+ *   See also: OutputPage::disallowUserJs()
  */
 class ResourceLoaderStartUpModule extends ResourceLoaderModule {
 
@@ -171,10 +175,10 @@ class ResourceLoaderStartUpModule extends ResourceLoaderModule {
         * Optimize the dependency tree in $this->modules.
         *
         * The optimization basically works like this:
-        *      Given we have module A with the dependencies B and C
-        *              and module B with the dependency C.
-        *      Now we don't have to tell the client to explicitly fetch module
-        *              C as that's already included in module B.
+        *      Given we have module A with the dependencies B and C
+        *              and module B with the dependency C.
+        *      Now we don't have to tell the client to explicitly fetch module
+        *              C as that's already included in module B.
         *
         * This way we can reasonably reduce the amount of module registration
         * data send to the client.
@@ -208,6 +212,7 @@ class ResourceLoaderStartUpModule extends ResourceLoaderModule {
                // Future developers: Use WebRequest::getRawVal() instead getVal().
                // The getVal() method performs slow Language+UTF logic. (f303bb9360)
                $target = $context->getRequest()->getRawVal( 'target', 'desktop' );
+               $safemode = $context->getRequest()->getRawVal( 'safemode' ) === '1';
                // Bypass target filter if this request is Special:JavaScriptTest.
                // To prevent misuse in production, this is only allowed if testing is enabled server-side.
                $byPassTargetFilter = $this->getConfig()->get( 'EnableJavaScriptTest' ) && $target === 'test';
@@ -220,7 +225,10 @@ class ResourceLoaderStartUpModule extends ResourceLoaderModule {
                foreach ( $resourceLoader->getModuleNames() as $name ) {
                        $module = $resourceLoader->getModule( $name );
                        $moduleTargets = $module->getTargets();
-                       if ( !$byPassTargetFilter && !in_array( $target, $moduleTargets ) ) {
+                       if (
+                               ( !$byPassTargetFilter && !in_array( $target, $moduleTargets ) )
+                               || ( $safemode && $module->getOrigin() > ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL )
+                       ) {
                                continue;
                        }