3 years agoShorten git hashes for eval-stdin.php
Reedy [Wed, 15 Nov 2017 03:19:00 +0000 (03:19 +0000)]
Shorten git hashes for eval-stdin.php

Ping I5b838686ede9764083c52853cc05c52ea72739df

Change-Id: Ie80a068507444721f8ffdbdc1867555338489283

3 years agoSECURITY: update.php: Remove eval-stdin.php if necessary
Kunal Mehta [Sat, 11 Nov 2017 00:53:24 +0000 (16:53 -0800)]
SECURITY: update.php: Remove eval-stdin.php if necessary

If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.

Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df

3 years agoAdd missing ComposerVendorHtaccessCreator class to autoload.php
Reedy [Wed, 15 Nov 2017 01:55:22 +0000 (01:55 +0000)]
Add missing ComposerVendorHtaccessCreator class to autoload.php

Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38aaaa
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1

3 years agoSECURITY: Create a .htaccess in /vendor after composer runs
Kunal Mehta [Sat, 11 Nov 2017 00:05:13 +0000 (16:05 -0800)]
SECURITY: Create a .htaccess in /vendor after composer runs

The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.

If the htaccess file already exists, this hook won't do anything.

Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1

3 years agoSECURITY: Ensure Message::rawParams can't lead to XSS
Brian Wolff [Sun, 24 Sep 2017 00:57:05 +0000 (00:57 +0000)]
SECURITY: Ensure Message::rawParams can't lead to XSS

If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.

To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.

This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.

This is similar to the parser strip marker issue.

Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866

3 years agoFix tests for I7afaa955a4b393ef00b11e420709bd62b84fbc71
Gergő Tisza [Wed, 15 Nov 2017 01:58:49 +0000 (17:58 -0800)]
Fix tests for I7afaa955a4b393ef00b11e420709bd62b84fbc71

Change-Id: Id5a2a9768dc64db5259a5988d645e664163ba234

3 years agoSECURITY: Do not reveal if user exists during login failure
Brian Wolff [Mon, 13 Nov 2017 16:02:50 +0000 (16:02 +0000)]
SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71

3 years agoSECURITY: API: Avoid some silliness with browser-guessed filenames
Brad Jorsch [Fri, 26 Feb 2016 22:46:07 +0000 (17:46 -0500)]
SECURITY: API: Avoid some silliness with browser-guessed filenames

If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their

We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.

Issue reported by: Abdullah Hussam

Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93

3 years agoSECURITY: Add throttling for BotPasswords authentication attempts
Brad Jorsch [Fri, 19 May 2017 21:35:11 +0000 (23:35 +0200)]
SECURITY: Add throttling for BotPasswords authentication attempts

ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.

There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.

Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4

3 years agoSECURITY: Escape internal error message
Brian Wolff [Wed, 18 Oct 2017 05:28:43 +0000 (05:28 +0000)]
SECURITY: Escape internal error message

This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.

Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6

3 years agoMerge "Special:Preferences: Use OOjs UI"
jenkins-bot [Tue, 14 Nov 2017 22:52:13 +0000 (22:52 +0000)]
Merge "Special:Preferences: Use OOjs UI"

3 years agoMerge "DatabaseUpdater: Add modifyExtensionTable()"
jenkins-bot [Tue, 14 Nov 2017 22:35:41 +0000 (22:35 +0000)]
Merge "DatabaseUpdater: Add modifyExtensionTable()"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Tue, 14 Nov 2017 20:54:20 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Iba3374ef6484fe0dbc23013dd7389377ddf4e8a5

3 years agoTest for Revision::getRecentChange
addshore [Tue, 14 Nov 2017 12:13:43 +0000 (12:13 +0000)]
Test for Revision::getRecentChange

Bug: T180210
Change-Id: I67a425676236af77063ad759f4515742533436ca

3 years agoTests for Revision::getRevisionText with ExternalStore usage
addshore [Tue, 14 Nov 2017 12:03:39 +0000 (12:03 +0000)]
Tests for Revision::getRevisionText with ExternalStore usage

Bug: T180210
Change-Id: I20e47a44a064ede4f5e674f57ec4d8e39b379ad6

3 years agoMerge "Split interface from WatchedItemStore"
jenkins-bot [Tue, 14 Nov 2017 18:36:24 +0000 (18:36 +0000)]
Merge "Split interface from WatchedItemStore"

3 years agoSplit interface from WatchedItemStore
addshore [Mon, 20 Mar 2017 12:57:37 +0000 (12:57 +0000)]
Split interface from WatchedItemStore

Change-Id: Ifb029f5c79ee4865ee225d4f44d3354d95014cce

3 years agoPostgreSQL: Use correct PK name so patch-site_stats-pk.sql isn't run when not needed
Brad Jorsch [Tue, 14 Nov 2017 17:53:02 +0000 (12:53 -0500)]
PostgreSQL: Use correct PK name so patch-site_stats-pk.sql isn't run when not needed

PostgreSQL names this primary key "site_stats_pkey" by default, not

Bug: T180508
Change-Id: I626e46186376bc2a13157664c3ea6e097fa5e650

3 years agoMerge "Fix up logging grouping in ApiStashEdit"
jenkins-bot [Tue, 14 Nov 2017 17:41:34 +0000 (17:41 +0000)]
Merge "Fix up logging grouping in ApiStashEdit"

3 years agoMerge "Do not limit filesize when running a maintenance script"
jenkins-bot [Tue, 14 Nov 2017 16:45:02 +0000 (16:45 +0000)]
Merge "Do not limit filesize when running a maintenance script"

3 years agoMerge "Introduce ExternalStoreFactory"
jenkins-bot [Tue, 14 Nov 2017 15:00:47 +0000 (15:00 +0000)]
Merge "Introduce ExternalStoreFactory"

3 years agoMerge "Family name of Thiemo changed"
jenkins-bot [Tue, 14 Nov 2017 13:34:36 +0000 (13:34 +0000)]
Merge "Family name of Thiemo changed"

3 years agoMerge "Initial tests for Revision::getRevisionText"
jenkins-bot [Tue, 14 Nov 2017 13:30:05 +0000 (13:30 +0000)]
Merge "Initial tests for Revision::getRevisionText"

3 years agoMerge "Tests for Revision::userCan"
jenkins-bot [Tue, 14 Nov 2017 13:27:10 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCan"

3 years agoMerge "Tests for Revision::userCanBitfield"
jenkins-bot [Tue, 14 Nov 2017 13:27:06 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCanBitfield"

3 years agoMerge "Test for Revision::newKnownCurrent"
jenkins-bot [Tue, 14 Nov 2017 13:27:03 +0000 (13:27 +0000)]
Merge "Test for Revision::newKnownCurrent"

3 years agoIntroduce ExternalStoreFactory
addshore [Tue, 14 Nov 2017 11:17:34 +0000 (11:17 +0000)]
Introduce ExternalStoreFactory

Change-Id: If0d8f503e3cc9fd83f3b40e2ac8a5f9dc8b7e0ea

3 years agoFamily name of Thiemo changed
Thiemo Mättig [Tue, 14 Nov 2017 12:59:15 +0000 (13:59 +0100)]
Family name of Thiemo changed

Change-Id: I5477d02111e53790e858624c4b7c4f09dbc418fa

3 years agoInitial tests for Revision::getRevisionText
addshore [Tue, 14 Nov 2017 10:40:23 +0000 (10:40 +0000)]
Initial tests for Revision::getRevisionText

Bug: T180210
Change-Id: Idd5c1af7ecc336ba3f32b15fd8d5cb5bd19f649b

3 years agoDo not limit filesize when running a maintenance script
Tim Starling [Tue, 14 Nov 2017 09:33:46 +0000 (20:33 +1100)]
Do not limit filesize when running a maintenance script

Starting HHVM may require writing very large files, so it can't have the
same file size limit as image scaling etc. The memory limit was already
disabled for much the same reason.

This is the only caller of wfShellWikiCmd() in core which proceeds to
call wfShellExec().

Bug: T145819
Change-Id: I1ab35edbbdb63c2d6f5f578cba2547be79a965ef

3 years agoDatabaseUpdater: Add modifyExtensionTable()
Roan Kattouw [Tue, 14 Nov 2017 02:31:23 +0000 (18:31 -0800)]
DatabaseUpdater: Add modifyExtensionTable()

We already had modifyExtensionField(), but to do a table modification
you still had to do
$updater->addExtensionUpdate( [ 'modifyTable', ... ] );

Change-Id: I20368bf3c007a01718513a435de24907dc0aaf81

3 years agoProvide message/warning/error box abstraction
jdlrobson [Thu, 28 Sep 2017 18:42:32 +0000 (13:42 -0500)]
Provide message/warning/error box abstraction

This will help us consolidate the various uses into one single
method which will help us drive standardisation of these defacto

Hopefully, by being a method of the Html class, which has a very
low barrier for use will drive down the inconsistent display of
warning/error boxes across MediaWiki's products

Various usages of warningbox and errorbox have been ported over.
I've retained some more complicated usages which make use of the
parser (wrapWikiMsg) and any where id and class are medled with
- we'll probably want to consider whether we want to encourage
those going forward as they encourage adjusting the styling.

Bug: T166915
Change-Id: I2757e1f4ff2599e93a7257fc644cab69063896d2

3 years agoMerge "RCFilters: fix call to changesListModel.update()"
jenkins-bot [Mon, 13 Nov 2017 21:49:58 +0000 (21:49 +0000)]
Merge "RCFilters: fix call to changesListModel.update()"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Mon, 13 Nov 2017 21:04:57 +0000 (22:04 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I964eda712b69d542ca230f44ba125f0f29a328a2

3 years agoSpecial:Preferences: Use OOjs UI
Bartosz Dziewoński [Sat, 16 Sep 2017 13:21:50 +0000 (15:21 +0200)]
Special:Preferences: Use OOjs UI

* Change the form to OOUI mode. Tweak some formatting to look better
  with this mode. Change various random links to be OOUI buttons.
* Rewrite custom tabs to use OO.ui.IndexLayout instead.
* Update styles and JS enhancements for OOUI widgets.
* Rename ResourceLoader modules so that old skin-specific styles
  (from $wgResourceModuleSkinStyles) no longer apply. They tend
  to make no sense with the OOUI styling.

Bug: T117781
Change-Id: Ie9396f0146f5020e52710c41e55ec86151ae0095

3 years agoMerge "Change disabled saved filter tooltip"
jenkins-bot [Mon, 13 Nov 2017 13:42:11 +0000 (13:42 +0000)]
Merge "Change disabled saved filter tooltip"

3 years agoMerge "Use mw-parser-output for content styles, instead of mw-body-content"
jenkins-bot [Mon, 13 Nov 2017 12:49:01 +0000 (12:49 +0000)]
Merge "Use mw-parser-output for content styles, instead of mw-body-content"

3 years agoMerge "Change the rfcurl from protocol relative to HTTPS"
jenkins-bot [Mon, 13 Nov 2017 07:30:58 +0000 (07:30 +0000)]
Merge "Change the rfcurl from protocol relative to HTTPS"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sun, 12 Nov 2017 20:58:56 +0000 (21:58 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Ic11c64813ee04e8520771bfa156f8e51404273e6

3 years agoDocument language changes for Mirandese
MarcoAurelio [Sun, 12 Nov 2017 11:34:24 +0000 (11:34 +0000)]
Document language changes for Mirandese

Bug: T180052
Change-Id: I60d809145678a2cd523776ba8e981da21f6e3ef9

3 years agoMerge "Move watcheditem classes to watcheditem directory"
jenkins-bot [Sun, 12 Nov 2017 05:57:27 +0000 (05:57 +0000)]
Merge "Move watcheditem classes to watcheditem directory"

3 years agoMerge "Remove htmlspecialchars for Html::hidden"
jenkins-bot [Sat, 11 Nov 2017 23:22:42 +0000 (23:22 +0000)]
Merge "Remove htmlspecialchars for Html::hidden"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sat, 11 Nov 2017 20:55:12 +0000 (21:55 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Ie6054daa2b17649b21f5d1b167d3ce517bc604cc

3 years agoGendered NS_USER namespaces for Mirandese (mwl)
MarcoAurelio [Fri, 10 Nov 2017 17:26:39 +0000 (17:26 +0000)]
Gendered NS_USER namespaces for Mirandese (mwl)

* Adds gendered NS_USER namespaces for when the user has chosen to
  reveal his or her gender via Special:Preferences.
* Changes the NS_USER namespace to use the gender-neutral
  "Outelizador(a)" in an identical fashion as the Portuguese projects
  do with "Usuário(a)".
* General fixes.

See community consensus in the linked Phabricator Task.

Bug: T180052
Change-Id: I9bac9e6a8cb5b6feee6490cf251342389237bd5c

3 years agoRELEASE-NOTES-1.30: Add upgraded, added libraries based on git history
James D. Forrester [Wed, 8 Nov 2017 17:19:56 +0000 (09:19 -0800)]
RELEASE-NOTES-1.30: Add upgraded, added libraries based on git history

Change-Id: I4d433f8f75cfe04638adbd60d94346f629cc2f18

3 years agoSuggest running composer (install|update) with --no-dev
Reedy [Sat, 11 Nov 2017 01:37:10 +0000 (01:37 +0000)]
Suggest running composer (install|update) with --no-dev

Change-Id: I1a931b6ac2767aedfc4c71a0ddac460bd3322484

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Fri, 10 Nov 2017 20:55:30 +0000 (21:55 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I244eb49276f46f4b722d381188b527d93295e9d3

3 years agoMerge "Convert @var Array => array"
jenkins-bot [Fri, 10 Nov 2017 20:18:34 +0000 (20:18 +0000)]
Merge "Convert @var Array => array"

3 years agoRCFilters: fix call to changesListModel.update()
Stephane Bisson [Fri, 10 Nov 2017 19:22:58 +0000 (14:22 -0500)]
RCFilters: fix call to changesListModel.update()

Followup to Ie2bc4fe4bd19103b513e4753e59f4adb295fbafa

3rd argument is
  {string} noResultsDetails Type of no result error
... not a boolean (isTimeout) like it used to.

Change-Id: I7766ed082eb2f4e43a89e3b5c0fb2e61bf5f1169

3 years agoSpecify an explicit text colour on some components that change the background colour
Daniel Friesen [Tue, 13 May 2014 01:19:53 +0000 (18:19 -0700)]
Specify an explicit text colour on some components that change the background colour

These components separate themselves from the default colouring of the content
area by specifying a dedicated – typically light grey – background colour.

However they leave text colour unspecified and as a result if the skin should be
white on black instead of black on white this results in these components becoming
white on white or white on light grey and becoming unreadable.

Fix this by explicitly specifying a text colour to use where the background colour is set.

Bug: T66732
Change-Id: I12584de40a18929b610d46dceaea73f06fdc6541

3 years agoTests for Revision::userCan
addshore [Fri, 10 Nov 2017 15:55:39 +0000 (15:55 +0000)]
Tests for Revision::userCan

Bug: T180210
Change-Id: I22f214dab6cba856982c566462562a137181d9cc

3 years agoUpdated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36
Reedy [Fri, 10 Nov 2017 14:06:48 +0000 (14:06 +0000)]
Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36

Change-Id: Ib800b243541557b3aaab03c10a796dd564f6f3ef

3 years agoTests for Revision::userCanBitfield
addshore [Fri, 10 Nov 2017 15:50:16 +0000 (15:50 +0000)]
Tests for Revision::userCanBitfield

Bug: T180210
Change-Id: Idf7e9d0f05b967b2fc083e6a70e9411b53390ed7

3 years agoUse mw-parser-output for content styles, instead of mw-body-content
Ed Sanders [Fri, 10 Nov 2017 15:49:16 +0000 (15:49 +0000)]
Use mw-parser-output for content styles, instead of mw-body-content

Change-Id: I8bddeda294b8f52fd71754b63b5afb6d30ff2b7d

3 years agoTest for Revision::newKnownCurrent
addshore [Fri, 10 Nov 2017 14:37:44 +0000 (14:37 +0000)]
Test for Revision::newKnownCurrent

Bug: T180210
Change-Id: I2cc83cbc91583b4631f4798dd14612c49024eeb4

3 years agoTests for Revision::decompressRevisionText
addshore [Fri, 10 Nov 2017 13:14:13 +0000 (13:14 +0000)]
Tests for Revision::decompressRevisionText

Bug: T180210
Change-Id: I21f6bb02757bcf59ce483e7d61685d372f134048

3 years agoRun RevisionIntegrationTest for both ContentHandlerUseDB settings
addshore [Tue, 24 Oct 2017 13:41:21 +0000 (14:41 +0100)]
Run RevisionIntegrationTest for both ContentHandlerUseDB settings

core used to have a test case that ran various Revision tests
with and without ContentHandlerUseDB set, however it did not
run due to the class / file having a bad name.

This patch reintroduces the running on Revision tests for both
ContentHandlerUseDB settings.

The global has to be set in setup / before the page used for
testing is created, else this page will be created with the
wrong values in the DB for use in the tests.

Change-Id: Ied1023e22eeac413fa86ea6946aa31619fd66319

3 years agoMake Revision::testIsUnpatrolled more reliable
addshore [Fri, 10 Nov 2017 13:46:44 +0000 (13:46 +0000)]
Make Revision::testIsUnpatrolled more reliable

Bug: T180210
Change-Id: Ib88c39527fafefdaafdb05c944716b5a1449cf1b

3 years agoConvert @var Array => array
Aaron Schulz [Fri, 10 Nov 2017 06:40:40 +0000 (22:40 -0800)]
Convert @var Array => array

Change-Id: Ie5c2d7b8e73cce74af982a5c54b0d487a7f6981d

3 years agoMerge "Rewrite userOptions.php"
jenkins-bot [Fri, 10 Nov 2017 06:24:33 +0000 (06:24 +0000)]
Merge "Rewrite userOptions.php"

3 years agoMerge "Setup: Include StartProfiler before others"
jenkins-bot [Fri, 10 Nov 2017 04:23:41 +0000 (04:23 +0000)]
Merge "Setup: Include StartProfiler before others"

3 years agoMerge "Merge ProfilerFunctions into GlobalFunctions"
jenkins-bot [Fri, 10 Nov 2017 04:23:38 +0000 (04:23 +0000)]
Merge "Merge ProfilerFunctions into GlobalFunctions"

3 years agoMerge "Sync up with Parsoid parserTests.txt"
jenkins-bot [Fri, 10 Nov 2017 01:07:59 +0000 (01:07 +0000)]
Merge "Sync up with Parsoid parserTests.txt"

3 years agoSetup: Include StartProfiler before others
Timo Tijhof [Fri, 10 Nov 2017 00:35:19 +0000 (16:35 -0800)]
Setup: Include StartProfiler before others

Bug: T180183
Change-Id: Ibcf78d094cf4dcf09bc919a5f8168f45ae225ebc

3 years agoMerge ProfilerFunctions into GlobalFunctions
Timo Tijhof [Fri, 10 Nov 2017 00:31:55 +0000 (16:31 -0800)]
Merge ProfilerFunctions into GlobalFunctions

Even if people use these (deprecated) functions in the earliest hooks or in
LocalSettings.php, it will keep working because GlobalFunctions is loaded
between DefaultSettings.php and LocalSettings.php.

The only places affected would be files in core: AutoLoader.php, Defines.php,
and DefaultSettings.php, which don't use these functions.

Change-Id: If4c0e8cbe1ea918283df22d72f792a3806569216

3 years agoUse the main stash for LBFactory "memStash" parameter
Aaron Schulz [Thu, 17 Aug 2017 03:13:35 +0000 (20:13 -0700)]
Use the main stash for LBFactory "memStash" parameter

This store is used for ChronologyProtector positions.
It should be cross-DC since the sticky DC cookie may not work
for rapid cross-wiki farm activity, causing some request go to
the non-primary DC.

NOTE: this change should be deployed on all farm wikis at once

Change-Id: Ife126592aacace696e43912b9461164a9ea98bc1

3 years agoSync up with Parsoid parserTests.txt
Arlo Breault [Fri, 10 Nov 2017 00:29:48 +0000 (19:29 -0500)]
Sync up with Parsoid parserTests.txt

This now aligns with Parsoid commit 1d6c39d8f6f5972e72974f8d64e7a0a5c2288bf2

Change-Id: I38d9d47c9cd74257b9bedc892baad90146885ef4

3 years agoMerge "Add action/user tracking to html cache purge jobs"
jenkins-bot [Thu, 9 Nov 2017 22:33:48 +0000 (22:33 +0000)]
Merge "Add action/user tracking to html cache purge jobs"

3 years agoPopulateRecentChangesSource: remove unused variable
Max Semenik [Wed, 8 Nov 2017 03:23:29 +0000 (19:23 -0800)]
PopulateRecentChangesSource: remove unused variable

Change-Id: I0c1fb623ad508d604c0e7760c2133920ec9a81f8

3 years agoMerge "widgets.DateInputWidget: Enhance desktop UX cursor handling"
jenkins-bot [Thu, 9 Nov 2017 21:40:07 +0000 (21:40 +0000)]
Merge "widgets.DateInputWidget: Enhance desktop UX cursor handling"

3 years agoMerge "widgets.DateInputWidget Align design with WikimediaUI"
jenkins-bot [Thu, 9 Nov 2017 21:40:02 +0000 (21:40 +0000)]
Merge "widgets.DateInputWidget Align design with WikimediaUI"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Thu, 9 Nov 2017 21:38:25 +0000 (22:38 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Ic3b7173db986c1984b910f00fd95c6fcb761a296

3 years agowidgets.DateInputWidget: Enhance desktop UX cursor handling
Volker E [Wed, 23 Aug 2017 22:27:26 +0000 (15:27 -0700)]
widgets.DateInputWidget: Enhance desktop UX cursor handling

Enhance desktop experience with better cursor handling.

Bug: T169034
Depends-on: I4e0ca6c472e2d6ddbe64eb783acf8c38c5beacc4
Change-Id: Ie4c847caf727051ed5bbcf9937863b007e62d3c7

3 years agoFix up logging grouping in ApiStashEdit
Chad Horohoe [Wed, 8 Nov 2017 18:31:02 +0000 (10:31 -0800)]
Fix up logging grouping in ApiStashEdit

Change-Id: Ie3d7b465faa26966c5745ca1bb09843a26193b9e

3 years agoMerge "Escape single quotes in attributes"
jenkins-bot [Thu, 9 Nov 2017 18:28:09 +0000 (18:28 +0000)]
Merge "Escape single quotes in attributes"

3 years agoMove watcheditem classes to watcheditem directory
addshore [Mon, 20 Mar 2017 12:41:16 +0000 (12:41 +0000)]
Move watcheditem classes to watcheditem directory

Change-Id: If915c875380b4ecd74fad64df7833de87ea6d6f7

3 years agoRemove htmlspecialchars for Html::hidden
Fomafix [Thu, 9 Nov 2017 16:08:57 +0000 (17:08 +0100)]
Remove htmlspecialchars for Html::hidden

Html::hidden already makes an HTML escaping of the values.

This is a followup to ff2f868a9.

Change-Id: I6f63494038ffbdde0df34ad5566dfa03707dde46

3 years agoAdd tests for various simple Revision get and is methods
addshore [Thu, 9 Nov 2017 11:45:51 +0000 (11:45 +0000)]
Add tests for various simple Revision get and is methods

These tests dont cover all code paths for these methods
in some cases but it does ensure that tests actually call
them / test basical functionality.

Some of these methods are touched in
hence adding some test coverage now.

Change-Id: I7eb67cb5876f89034238591c0a98f4ec6d890a40

3 years agoAdd tests for Revision::getTitle
addshore [Thu, 9 Nov 2017 10:36:22 +0000 (10:36 +0000)]
Add tests for Revision::getTitle

This method is touched in I4f24e7fbb683cb51f3fd8b250732bae9c7541ba2
hence adding some test coverage now.

Change-Id: Ie39a294546d84413bfb716efb27fd2c0321b349b

3 years agoAdd tests for Revision::getParentLengths
addshore [Thu, 9 Nov 2017 10:20:49 +0000 (10:20 +0000)]
Add tests for Revision::getParentLengths

This method name is quite missleading as it doesnt
get the parent lengths at all, it gets the lengths of
the rev ids that you ask for......

This method is touched in I4f24e7fbb683cb51f3fd8b250732bae9c7541ba2
hence adding some test coverage now.

Change-Id: Ic837bd60a34341860c4d2287a1b999f40d4f95f1

3 years agowidgets.DateInputWidget Align design with WikimediaUI
Volker E [Mon, 21 Aug 2017 02:58:04 +0000 (19:58 -0700)]
widgets.DateInputWidget Align design with WikimediaUI

Aligning DateInputWidget with WikimediaUI theme widgets by:
- using “Red50” color `#d33` from color palette,
- using standard dialog `box-shadow` value,
- ensure handle appearance is similar to standard TextInputWidget,
- align variable name,
- introduce similar variables from WikimediaUI theme, and also
- removing unnecessary properties.
Adding a `max-height` to address vendor specific UI elements for
`type=date` in Chrome.

Bug: T180094
Change-Id: I4e0ca6c472e2d6ddbe64eb783acf8c38c5beacc4

3 years agoRCFilters: some more highlight cleanup
Stephane Bisson [Thu, 9 Nov 2017 00:46:45 +0000 (19:46 -0500)]
RCFilters: some more highlight cleanup

Change-Id: I81eb3bf86f786c79a94e99d51602d904504f918f

3 years agoMerge "RCFilters: Don't reload the list if the change was highlights-only"
jenkins-bot [Thu, 9 Nov 2017 00:35:01 +0000 (00:35 +0000)]
Merge "RCFilters: Don't reload the list if the change was highlights-only"

3 years agoEscape single quotes in attributes
Max Semenik [Wed, 8 Nov 2017 01:45:56 +0000 (17:45 -0800)]
Escape single quotes in attributes

Replaces a long excuse in Html class not to call
Sanitizer::encodeAttribute() with a call to it.
In anything security related, excuses are a sign that you're doing
something wrong:)

Change-Id: Icf7f60d8cd6ea757d8f1999d638b82733001f68a

3 years agoChange disabled saved filter tooltip
petarpetkovic [Wed, 8 Nov 2017 23:10:04 +0000 (00:10 +0100)]
Change disabled saved filter tooltip

Bug: T179743
Change-Id: I2359bec7d89c6184dafbb5a1f90ea0f47cccd962

3 years agoRCFilters: Don't reload the list if the change was highlights-only
Moriel Schottlender [Thu, 12 Oct 2017 18:28:36 +0000 (11:28 -0700)]
RCFilters: Don't reload the list if the change was highlights-only

Bug: T164131
Change-Id: I9952467d0acef84a6445d970977c1265a3ebff95

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Wed, 8 Nov 2017 20:54:54 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I4f1007bfb2661ea9f18dc00e6795f102ed29c918

3 years agoMerge "Group messages in WANObjectCache by key"
jenkins-bot [Wed, 8 Nov 2017 20:28:23 +0000 (20:28 +0000)]
Merge "Group messages in WANObjectCache by key"

3 years agoGroup messages in WANObjectCache by key
Chad Horohoe [Wed, 8 Nov 2017 18:24:43 +0000 (10:24 -0800)]
Group messages in WANObjectCache by key

Change-Id: I31c570a095735c9157332660e9f1f542e679410f

3 years agoRemove trailing newline and period from message
Matthias Mullie [Wed, 8 Nov 2017 09:48:45 +0000 (10:48 +0100)]
Remove trailing newline and period from message

Change-Id: I3247edd22d12ea390cd969d8d89f84fa7b1dfdba

3 years agoMerge "Fix wrong variable in ShowSearchHit call."
jenkins-bot [Wed, 8 Nov 2017 09:22:25 +0000 (09:22 +0000)]
Merge "Fix wrong variable in ShowSearchHit call."

3 years agoFinish migration to Maintenance::getBatchSize()
Max Semenik [Wed, 8 Nov 2017 03:35:11 +0000 (19:35 -0800)]
Finish migration to Maintenance::getBatchSize()

Change-Id: I02d89f71d820e4d00a39e86a30397b614bbdb432

3 years agoRCFilters: Remove redundant replaceUpdatedUrl method
Moriel Schottlender [Thu, 2 Nov 2017 23:48:45 +0000 (16:48 -0700)]
RCFilters: Remove redundant replaceUpdatedUrl method

The method should call updateURL anyways. If it's initializing, the
comparison to the original URL will still be false and the system
will apply replaceState on the URL.

Change-Id: Ibfa104ed2aba94a5c17ed8ce3580a089d60e4d97

3 years agoFix wrong variable in ShowSearchHit call.
Stanislav Malyshev [Wed, 8 Nov 2017 00:33:38 +0000 (16:33 -0800)]
Fix wrong variable in ShowSearchHit call.

The code uses $size, which does not exist and never used otherwise.
The actual size HTML is stored in $desc.

Change-Id: Ida5e69c81acea6bdec75810cf7b192f9dc7cf327

3 years agoMerge "Timeout autoHide notifications based on visible time"
jenkins-bot [Tue, 7 Nov 2017 23:46:41 +0000 (23:46 +0000)]
Merge "Timeout autoHide notifications based on visible time"

3 years agoMerge "Update OOjs UI to v0.24.2"
jenkins-bot [Tue, 7 Nov 2017 23:29:16 +0000 (23:29 +0000)]
Merge "Update OOjs UI to v0.24.2"

3 years agoTimeout autoHide notifications based on visible time
Erik Bernhardson [Thu, 21 Sep 2017 16:13:01 +0000 (09:13 -0700)]
Timeout autoHide notifications based on visible time

On supported browsers handle the auto hide timeout with a
count of cumulative time the page has been visible to the
user. Old functionality can still be accessed, if desired,
by setting the visibleTimeout notification option to false.
On browsers without support for this visibilitychange event
wall clock time (the old behaviour) is used.

Adds a library function functionally similar to setTimeout that
only considers time when the page is visible. This is useful
both for analytics purposes, and when you want to temporarily
put something on screen and be reasonably certain it doesn't
go away until a user has seen it.

Bug: T42322
Change-Id: I7d8ea85602cae9cfc72e0155bc3092049ecafd43

3 years agoMerge "mw.special.apisandbox: Use a real button for "Auto-fill the token""
jenkins-bot [Tue, 7 Nov 2017 23:03:10 +0000 (23:03 +0000)]
Merge "mw.special.apisandbox: Use a real button for "Auto-fill the token""

3 years agoUpdate OOjs UI to v0.24.2
James D. Forrester [Tue, 7 Nov 2017 22:55:44 +0000 (14:55 -0800)]
Update OOjs UI to v0.24.2

Release notes:

Depends-On: I0e9d3f690349f9f01fb6424f9cb8468ebb21455a
Change-Id: I0e9d3f690349f9f01fb6424f9cb8468ebb21455b

3 years agoUpdate for Phan 0.10.1
Max Semenik [Sat, 4 Nov 2017 22:45:58 +0000 (15:45 -0700)]
Update for Phan 0.10.1

Change-Id: Id292944b80eb0c81956b203ce95bb0def3b4b0a3