Kunal Mehta [Sat, 11 Nov 2017 00:05:13 +0000 (16:05 -0800)]
SECURITY: Create a .htaccess in /vendor after composer runs
The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.
If the htaccess file already exists, this hook won't do anything.
Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Brian Wolff [Sun, 24 Sep 2017 00:57:05 +0000 (00:57 +0000)]
SECURITY: Ensure Message::rawParams can't lead to XSS
If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.
To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.
This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.
This is similar to the parser strip marker issue.
Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
Gergő Tisza [Wed, 15 Nov 2017 01:58:49 +0000 (17:58 -0800)]
Fix tests for I7afaa955a4b393ef00b11e420709bd62b84fbc71
Change-Id: Id5a2a9768dc64db5259a5988d645e664163ba234
Brian Wolff [Mon, 13 Nov 2017 16:02:50 +0000 (16:02 +0000)]
SECURITY: Do not reveal if user exists during login failure
This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.
Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Brad Jorsch [Fri, 26 Feb 2016 22:46:07 +0000 (17:46 -0500)]
SECURITY: API: Avoid some silliness with browser-guessed filenames
If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.
We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.
Issue reported by: Abdullah Hussam
Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
Brad Jorsch [Fri, 19 May 2017 21:35:11 +0000 (23:35 +0200)]
SECURITY: Add throttling for BotPasswords authentication attempts
ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.
There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.
Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
Brian Wolff [Wed, 18 Oct 2017 05:28:43 +0000 (05:28 +0000)]
SECURITY: Escape internal error message
This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.
Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
jenkins-bot [Tue, 14 Nov 2017 22:52:13 +0000 (22:52 +0000)]
Merge "Special:Preferences: Use OOjs UI"
jenkins-bot [Tue, 14 Nov 2017 22:35:41 +0000 (22:35 +0000)]
Merge "DatabaseUpdater: Add modifyExtensionTable()"
Translation updater bot [Tue, 14 Nov 2017 20:54:20 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Iba3374ef6484fe0dbc23013dd7389377ddf4e8a5
addshore [Tue, 14 Nov 2017 12:13:43 +0000 (12:13 +0000)]
Test for Revision::getRecentChange
Bug: T180210
Change-Id: I67a425676236af77063ad759f4515742533436ca
addshore [Tue, 14 Nov 2017 12:03:39 +0000 (12:03 +0000)]
Tests for Revision::getRevisionText with ExternalStore usage
Bug: T180210
Change-Id: I20e47a44a064ede4f5e674f57ec4d8e39b379ad6
jenkins-bot [Tue, 14 Nov 2017 18:36:24 +0000 (18:36 +0000)]
Merge "Split interface from WatchedItemStore"
addshore [Mon, 20 Mar 2017 12:57:37 +0000 (12:57 +0000)]
Split interface from WatchedItemStore
Change-Id: Ifb029f5c79ee4865ee225d4f44d3354d95014cce
Brad Jorsch [Tue, 14 Nov 2017 17:53:02 +0000 (12:53 -0500)]
PostgreSQL: Use correct PK name so patch-site_stats-pk.sql isn't run when not needed
PostgreSQL names this primary key "site_stats_pkey" by default, not
"PRIMARY".
Bug: T180508
Change-Id: I626e46186376bc2a13157664c3ea6e097fa5e650
jenkins-bot [Tue, 14 Nov 2017 17:41:34 +0000 (17:41 +0000)]
Merge "Fix up logging grouping in ApiStashEdit"
jenkins-bot [Tue, 14 Nov 2017 16:45:02 +0000 (16:45 +0000)]
Merge "Do not limit filesize when running a maintenance script"
jenkins-bot [Tue, 14 Nov 2017 15:00:47 +0000 (15:00 +0000)]
Merge "Introduce ExternalStoreFactory"
jenkins-bot [Tue, 14 Nov 2017 13:34:36 +0000 (13:34 +0000)]
Merge "Family name of Thiemo changed"
jenkins-bot [Tue, 14 Nov 2017 13:30:05 +0000 (13:30 +0000)]
Merge "Initial tests for Revision::getRevisionText"
jenkins-bot [Tue, 14 Nov 2017 13:27:10 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCan"
jenkins-bot [Tue, 14 Nov 2017 13:27:06 +0000 (13:27 +0000)]
Merge "Tests for Revision::userCanBitfield"
jenkins-bot [Tue, 14 Nov 2017 13:27:03 +0000 (13:27 +0000)]
Merge "Test for Revision::newKnownCurrent"
addshore [Tue, 14 Nov 2017 11:17:34 +0000 (11:17 +0000)]
Introduce ExternalStoreFactory
Change-Id: If0d8f503e3cc9fd83f3b40e2ac8a5f9dc8b7e0ea
Thiemo Mättig [Tue, 14 Nov 2017 12:59:15 +0000 (13:59 +0100)]
Family name of Thiemo changed
Change-Id: I5477d02111e53790e858624c4b7c4f09dbc418fa
addshore [Tue, 14 Nov 2017 10:40:23 +0000 (10:40 +0000)]
Initial tests for Revision::getRevisionText
Bug: T180210
Change-Id: Idd5c1af7ecc336ba3f32b15fd8d5cb5bd19f649b
Tim Starling [Tue, 14 Nov 2017 09:33:46 +0000 (20:33 +1100)]
Do not limit filesize when running a maintenance script
Starting HHVM may require writing very large files, so it can't have the
same file size limit as image scaling etc. The memory limit was already
disabled for much the same reason.
This is the only caller of wfShellWikiCmd() in core which proceeds to
call wfShellExec().
Bug: T145819
Change-Id: I1ab35edbbdb63c2d6f5f578cba2547be79a965ef
Roan Kattouw [Tue, 14 Nov 2017 02:31:23 +0000 (18:31 -0800)]
DatabaseUpdater: Add modifyExtensionTable()
We already had modifyExtensionField(), but to do a table modification
you still had to do
$updater->addExtensionUpdate( [ 'modifyTable', ... ] );
Change-Id: I20368bf3c007a01718513a435de24907dc0aaf81
jdlrobson [Thu, 28 Sep 2017 18:42:32 +0000 (13:42 -0500)]
Provide message/warning/error box abstraction
This will help us consolidate the various uses into one single
method which will help us drive standardisation of these defacto
widgets.
Hopefully, by being a method of the Html class, which has a very
low barrier for use will drive down the inconsistent display of
warning/error boxes across MediaWiki's products
Various usages of warningbox and errorbox have been ported over.
I've retained some more complicated usages which make use of the
parser (wrapWikiMsg) and any where id and class are medled with
- we'll probably want to consider whether we want to encourage
those going forward as they encourage adjusting the styling.
Bug: T166915
Change-Id: I2757e1f4ff2599e93a7257fc644cab69063896d2
jenkins-bot [Mon, 13 Nov 2017 21:49:58 +0000 (21:49 +0000)]
Merge "RCFilters: fix call to changesListModel.update()"
Translation updater bot [Mon, 13 Nov 2017 21:04:57 +0000 (22:04 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I964eda712b69d542ca230f44ba125f0f29a328a2
Bartosz Dziewoński [Sat, 16 Sep 2017 13:21:50 +0000 (15:21 +0200)]
Special:Preferences: Use OOjs UI
* Change the form to OOUI mode. Tweak some formatting to look better
with this mode. Change various random links to be OOUI buttons.
* Rewrite custom tabs to use OO.ui.IndexLayout instead.
* Update styles and JS enhancements for OOUI widgets.
* Rename ResourceLoader modules so that old skin-specific styles
(from $wgResourceModuleSkinStyles) no longer apply. They tend
to make no sense with the OOUI styling.
Bug: T117781
Change-Id: Ie9396f0146f5020e52710c41e55ec86151ae0095
jenkins-bot [Mon, 13 Nov 2017 13:42:11 +0000 (13:42 +0000)]
Merge "Change disabled saved filter tooltip"
jenkins-bot [Mon, 13 Nov 2017 12:49:01 +0000 (12:49 +0000)]
Merge "Use mw-parser-output for content styles, instead of mw-body-content"
jenkins-bot [Mon, 13 Nov 2017 07:30:58 +0000 (07:30 +0000)]
Merge "Change the rfcurl from protocol relative to HTTPS"
Translation updater bot [Sun, 12 Nov 2017 20:58:56 +0000 (21:58 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Ic11c64813ee04e8520771bfa156f8e51404273e6
MarcoAurelio [Sun, 12 Nov 2017 11:34:24 +0000 (11:34 +0000)]
Document language changes for Mirandese
Bug: T180052
Change-Id: I60d809145678a2cd523776ba8e981da21f6e3ef9
jenkins-bot [Sun, 12 Nov 2017 05:57:27 +0000 (05:57 +0000)]
Merge "Move watcheditem classes to watcheditem directory"
jenkins-bot [Sat, 11 Nov 2017 23:22:42 +0000 (23:22 +0000)]
Merge "Remove htmlspecialchars for Html::hidden"
Translation updater bot [Sat, 11 Nov 2017 20:55:12 +0000 (21:55 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Ie6054daa2b17649b21f5d1b167d3ce517bc604cc
MarcoAurelio [Fri, 10 Nov 2017 17:26:39 +0000 (17:26 +0000)]
Gendered NS_USER namespaces for Mirandese (mwl)
* Adds gendered NS_USER namespaces for when the user has chosen to
reveal his or her gender via Special:Preferences.
* Changes the NS_USER namespace to use the gender-neutral
"Outelizador(a)" in an identical fashion as the Portuguese projects
do with "Usuário(a)".
* General fixes.
See community consensus in the linked Phabricator Task.
Bug: T180052
Change-Id: I9bac9e6a8cb5b6feee6490cf251342389237bd5c
James D. Forrester [Wed, 8 Nov 2017 17:19:56 +0000 (09:19 -0800)]
RELEASE-NOTES-1.30: Add upgraded, added libraries based on git history
Change-Id: I4d433f8f75cfe04638adbd60d94346f629cc2f18
Reedy [Sat, 11 Nov 2017 01:37:10 +0000 (01:37 +0000)]
Suggest running composer (install|update) with --no-dev
Change-Id: I1a931b6ac2767aedfc4c71a0ddac460bd3322484
Translation updater bot [Fri, 10 Nov 2017 20:55:30 +0000 (21:55 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I244eb49276f46f4b722d381188b527d93295e9d3
jenkins-bot [Fri, 10 Nov 2017 20:18:34 +0000 (20:18 +0000)]
Merge "Convert @var Array => array"
Stephane Bisson [Fri, 10 Nov 2017 19:22:58 +0000 (14:22 -0500)]
RCFilters: fix call to changesListModel.update()
Followup to Ie2bc4fe4bd19103b513e4753e59f4adb295fbafa
3rd argument is
{string} noResultsDetails Type of no result error
... not a boolean (isTimeout) like it used to.
Change-Id: I7766ed082eb2f4e43a89e3b5c0fb2e61bf5f1169
Daniel Friesen [Tue, 13 May 2014 01:19:53 +0000 (18:19 -0700)]
Specify an explicit text colour on some components that change the background colour
These components separate themselves from the default colouring of the content
area by specifying a dedicated – typically light grey – background colour.
However they leave text colour unspecified and as a result if the skin should be
white on black instead of black on white this results in these components becoming
white on white or white on light grey and becoming unreadable.
Fix this by explicitly specifying a text colour to use where the background colour is set.
Bug: T66732
Change-Id: I12584de40a18929b610d46dceaea73f06fdc6541
addshore [Fri, 10 Nov 2017 15:55:39 +0000 (15:55 +0000)]
Tests for Revision::userCan
Bug: T180210
Change-Id: I22f214dab6cba856982c566462562a137181d9cc
Reedy [Fri, 10 Nov 2017 14:06:48 +0000 (14:06 +0000)]
Updated dev dependancy phpunit/phpunit from v4.8.35 to v4.8.36
Change-Id: Ib800b243541557b3aaab03c10a796dd564f6f3ef
addshore [Fri, 10 Nov 2017 15:50:16 +0000 (15:50 +0000)]
Tests for Revision::userCanBitfield
Bug: T180210
Change-Id: Idf7e9d0f05b967b2fc083e6a70e9411b53390ed7
Ed Sanders [Fri, 10 Nov 2017 15:49:16 +0000 (15:49 +0000)]
Use mw-parser-output for content styles, instead of mw-body-content
Change-Id: I8bddeda294b8f52fd71754b63b5afb6d30ff2b7d
addshore [Fri, 10 Nov 2017 14:37:44 +0000 (14:37 +0000)]
Test for Revision::newKnownCurrent
Bug: T180210
Change-Id: I2cc83cbc91583b4631f4798dd14612c49024eeb4
addshore [Fri, 10 Nov 2017 13:14:13 +0000 (13:14 +0000)]
Tests for Revision::decompressRevisionText
Bug: T180210
Change-Id: I21f6bb02757bcf59ce483e7d61685d372f134048
addshore [Tue, 24 Oct 2017 13:41:21 +0000 (14:41 +0100)]
Run RevisionIntegrationTest for both ContentHandlerUseDB settings
core used to have a test case that ran various Revision tests
with and without ContentHandlerUseDB set, however it did not
run due to the class / file having a bad name.
This patch reintroduces the running on Revision tests for both
ContentHandlerUseDB settings.
The global has to be set in setup / before the page used for
testing is created, else this page will be created with the
wrong values in the DB for use in the tests.
Change-Id: Ied1023e22eeac413fa86ea6946aa31619fd66319
addshore [Fri, 10 Nov 2017 13:46:44 +0000 (13:46 +0000)]
Make Revision::testIsUnpatrolled more reliable
Bug: T180210
Change-Id: Ib88c39527fafefdaafdb05c944716b5a1449cf1b
Aaron Schulz [Fri, 10 Nov 2017 06:40:40 +0000 (22:40 -0800)]
Convert @var Array => array
Change-Id: Ie5c2d7b8e73cce74af982a5c54b0d487a7f6981d
jenkins-bot [Fri, 10 Nov 2017 06:24:33 +0000 (06:24 +0000)]
Merge "Rewrite userOptions.php"
jenkins-bot [Fri, 10 Nov 2017 04:23:41 +0000 (04:23 +0000)]
Merge "Setup: Include StartProfiler before others"
jenkins-bot [Fri, 10 Nov 2017 04:23:38 +0000 (04:23 +0000)]
Merge "Merge ProfilerFunctions into GlobalFunctions"
jenkins-bot [Fri, 10 Nov 2017 01:07:59 +0000 (01:07 +0000)]
Merge "Sync up with Parsoid parserTests.txt"
Timo Tijhof [Fri, 10 Nov 2017 00:35:19 +0000 (16:35 -0800)]
Setup: Include StartProfiler before others
Bug: T180183
Change-Id: Ibcf78d094cf4dcf09bc919a5f8168f45ae225ebc
Timo Tijhof [Fri, 10 Nov 2017 00:31:55 +0000 (16:31 -0800)]
Merge ProfilerFunctions into GlobalFunctions
Even if people use these (deprecated) functions in the earliest hooks or in
LocalSettings.php, it will keep working because GlobalFunctions is loaded
between DefaultSettings.php and LocalSettings.php.
The only places affected would be files in core: AutoLoader.php, Defines.php,
and DefaultSettings.php, which don't use these functions.
Change-Id: If4c0e8cbe1ea918283df22d72f792a3806569216
Aaron Schulz [Thu, 17 Aug 2017 03:13:35 +0000 (20:13 -0700)]
Use the main stash for LBFactory "memStash" parameter
This store is used for ChronologyProtector positions.
It should be cross-DC since the sticky DC cookie may not work
for rapid cross-wiki farm activity, causing some request go to
the non-primary DC.
NOTE: this change should be deployed on all farm wikis at once
Change-Id: Ife126592aacace696e43912b9461164a9ea98bc1
Arlo Breault [Fri, 10 Nov 2017 00:29:48 +0000 (19:29 -0500)]
Sync up with Parsoid parserTests.txt
This now aligns with Parsoid commit
1d6c39d8f6f5972e72974f8d64e7a0a5c2288bf2
Change-Id: I38d9d47c9cd74257b9bedc892baad90146885ef4
jenkins-bot [Thu, 9 Nov 2017 22:33:48 +0000 (22:33 +0000)]
Merge "Add action/user tracking to html cache purge jobs"
Max Semenik [Wed, 8 Nov 2017 03:23:29 +0000 (19:23 -0800)]
PopulateRecentChangesSource: remove unused variable
Change-Id: I0c1fb623ad508d604c0e7760c2133920ec9a81f8
jenkins-bot [Thu, 9 Nov 2017 21:40:07 +0000 (21:40 +0000)]
Merge "widgets.DateInputWidget: Enhance desktop UX cursor handling"
jenkins-bot [Thu, 9 Nov 2017 21:40:02 +0000 (21:40 +0000)]
Merge "widgets.DateInputWidget Align design with WikimediaUI"
Translation updater bot [Thu, 9 Nov 2017 21:38:25 +0000 (22:38 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: Ic3b7173db986c1984b910f00fd95c6fcb761a296
Volker E [Wed, 23 Aug 2017 22:27:26 +0000 (15:27 -0700)]
widgets.DateInputWidget: Enhance desktop UX cursor handling
Enhance desktop experience with better cursor handling.
Bug: T169034
Depends-on: I4e0ca6c472e2d6ddbe64eb783acf8c38c5beacc4
Change-Id: Ie4c847caf727051ed5bbcf9937863b007e62d3c7
Chad Horohoe [Wed, 8 Nov 2017 18:31:02 +0000 (10:31 -0800)]
Fix up logging grouping in ApiStashEdit
Change-Id: Ie3d7b465faa26966c5745ca1bb09843a26193b9e
jenkins-bot [Thu, 9 Nov 2017 18:28:09 +0000 (18:28 +0000)]
Merge "Escape single quotes in attributes"
addshore [Mon, 20 Mar 2017 12:41:16 +0000 (12:41 +0000)]
Move watcheditem classes to watcheditem directory
Change-Id: If915c875380b4ecd74fad64df7833de87ea6d6f7
Fomafix [Thu, 9 Nov 2017 16:08:57 +0000 (17:08 +0100)]
Remove htmlspecialchars for Html::hidden
Html::hidden already makes an HTML escaping of the values.
This is a followup to
ff2f868a9.
Change-Id: I6f63494038ffbdde0df34ad5566dfa03707dde46
addshore [Thu, 9 Nov 2017 11:45:51 +0000 (11:45 +0000)]
Add tests for various simple Revision get and is methods
These tests dont cover all code paths for these methods
in some cases but it does ensure that tests actually call
them / test basical functionality.
Some of these methods are touched in
I4f24e7fbb683cb51f3fd8b250732bae9c7541ba2
hence adding some test coverage now.
Change-Id: I7eb67cb5876f89034238591c0a98f4ec6d890a40
addshore [Thu, 9 Nov 2017 10:36:22 +0000 (10:36 +0000)]
Add tests for Revision::getTitle
This method is touched in I4f24e7fbb683cb51f3fd8b250732bae9c7541ba2
hence adding some test coverage now.
Change-Id: Ie39a294546d84413bfb716efb27fd2c0321b349b
addshore [Thu, 9 Nov 2017 10:20:49 +0000 (10:20 +0000)]
Add tests for Revision::getParentLengths
This method name is quite missleading as it doesnt
get the parent lengths at all, it gets the lengths of
the rev ids that you ask for......
This method is touched in I4f24e7fbb683cb51f3fd8b250732bae9c7541ba2
hence adding some test coverage now.
Change-Id: Ic837bd60a34341860c4d2287a1b999f40d4f95f1
Volker E [Mon, 21 Aug 2017 02:58:04 +0000 (19:58 -0700)]
widgets.DateInputWidget Align design with WikimediaUI
Aligning DateInputWidget with WikimediaUI theme widgets by:
- using “Red50” color `#d33` from color palette,
- using standard dialog `box-shadow` value,
- ensure handle appearance is similar to standard TextInputWidget,
- align variable name,
- introduce similar variables from WikimediaUI theme, and also
- removing unnecessary properties.
Adding a `max-height` to address vendor specific UI elements for
`type=date` in Chrome.
Bug: T180094
Change-Id: I4e0ca6c472e2d6ddbe64eb783acf8c38c5beacc4
Stephane Bisson [Thu, 9 Nov 2017 00:46:45 +0000 (19:46 -0500)]
RCFilters: some more highlight cleanup
Change-Id: I81eb3bf86f786c79a94e99d51602d904504f918f
jenkins-bot [Thu, 9 Nov 2017 00:35:01 +0000 (00:35 +0000)]
Merge "RCFilters: Don't reload the list if the change was highlights-only"
Max Semenik [Wed, 8 Nov 2017 01:45:56 +0000 (17:45 -0800)]
Escape single quotes in attributes
Replaces a long excuse in Html class not to call
Sanitizer::encodeAttribute() with a call to it.
In anything security related, excuses are a sign that you're doing
something wrong:)
Change-Id: Icf7f60d8cd6ea757d8f1999d638b82733001f68a
petarpetkovic [Wed, 8 Nov 2017 23:10:04 +0000 (00:10 +0100)]
Change disabled saved filter tooltip
Bug: T179743
Change-Id: I2359bec7d89c6184dafbb5a1f90ea0f47cccd962
Moriel Schottlender [Thu, 12 Oct 2017 18:28:36 +0000 (11:28 -0700)]
RCFilters: Don't reload the list if the change was highlights-only
Bug: T164131
Change-Id: I9952467d0acef84a6445d970977c1265a3ebff95
Translation updater bot [Wed, 8 Nov 2017 20:54:54 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.
Change-Id: I4f1007bfb2661ea9f18dc00e6795f102ed29c918
jenkins-bot [Wed, 8 Nov 2017 20:28:23 +0000 (20:28 +0000)]
Merge "Group messages in WANObjectCache by key"
Chad Horohoe [Wed, 8 Nov 2017 18:24:43 +0000 (10:24 -0800)]
Group messages in WANObjectCache by key
Change-Id: I31c570a095735c9157332660e9f1f542e679410f
Matthias Mullie [Wed, 8 Nov 2017 09:48:45 +0000 (10:48 +0100)]
Remove trailing newline and period from message
Change-Id: I3247edd22d12ea390cd969d8d89f84fa7b1dfdba
jenkins-bot [Wed, 8 Nov 2017 09:22:25 +0000 (09:22 +0000)]
Merge "Fix wrong variable in ShowSearchHit call."
Max Semenik [Wed, 8 Nov 2017 03:35:11 +0000 (19:35 -0800)]
Finish migration to Maintenance::getBatchSize()
Change-Id: I02d89f71d820e4d00a39e86a30397b614bbdb432
Moriel Schottlender [Thu, 2 Nov 2017 23:48:45 +0000 (16:48 -0700)]
RCFilters: Remove redundant replaceUpdatedUrl method
The method should call updateURL anyways. If it's initializing, the
comparison to the original URL will still be false and the system
will apply replaceState on the URL.
Change-Id: Ibfa104ed2aba94a5c17ed8ce3580a089d60e4d97
Stanislav Malyshev [Wed, 8 Nov 2017 00:33:38 +0000 (16:33 -0800)]
Fix wrong variable in ShowSearchHit call.
The code uses $size, which does not exist and never used otherwise.
The actual size HTML is stored in $desc.
Change-Id: Ida5e69c81acea6bdec75810cf7b192f9dc7cf327
jenkins-bot [Tue, 7 Nov 2017 23:46:41 +0000 (23:46 +0000)]
Merge "Timeout autoHide notifications based on visible time"
jenkins-bot [Tue, 7 Nov 2017 23:29:16 +0000 (23:29 +0000)]
Merge "Update OOjs UI to v0.24.2"
Erik Bernhardson [Thu, 21 Sep 2017 16:13:01 +0000 (09:13 -0700)]
Timeout autoHide notifications based on visible time
On supported browsers handle the auto hide timeout with a
count of cumulative time the page has been visible to the
user. Old functionality can still be accessed, if desired,
by setting the visibleTimeout notification option to false.
On browsers without support for this visibilitychange event
wall clock time (the old behaviour) is used.
Adds a library function functionally similar to setTimeout that
only considers time when the page is visible. This is useful
both for analytics purposes, and when you want to temporarily
put something on screen and be reasonably certain it doesn't
go away until a user has seen it.
Bug: T42322
Change-Id: I7d8ea85602cae9cfc72e0155bc3092049ecafd43
jenkins-bot [Tue, 7 Nov 2017 23:03:10 +0000 (23:03 +0000)]
Merge "mw.special.apisandbox: Use a real button for "Auto-fill the token""
James D. Forrester [Tue, 7 Nov 2017 22:55:44 +0000 (14:55 -0800)]
Update OOjs UI to v0.24.2
Release notes:
https://phabricator.wikimedia.org/diffusion/GOJU/browse/master/History.md;v0.24.2
Depends-On: I0e9d3f690349f9f01fb6424f9cb8468ebb21455a
Change-Id: I0e9d3f690349f9f01fb6424f9cb8468ebb21455b
Max Semenik [Sat, 4 Nov 2017 22:45:58 +0000 (15:45 -0700)]
Update for Phan 0.10.1
Change-Id: Id292944b80eb0c81956b203ce95bb0def3b4b0a3
Bartosz Dziewoński [Fri, 3 Mar 2017 20:03:39 +0000 (21:03 +0100)]
mw.special.apisandbox: Use a real button for "Auto-fill the token"
I've never liked this interface. It is not obvious what the little
triangle does. Let's just use words.
Change-Id: Ica477713adf67a6e1909629eae6b6ee8b35a48f6
jenkins-bot [Tue, 7 Nov 2017 21:36:11 +0000 (21:36 +0000)]
Merge "upload: Simplify UploadStashTest by using getNewTempFile()"
Max Semenik [Fri, 6 Oct 2017 01:53:57 +0000 (18:53 -0700)]
Rewrite userOptions.php
* Convert to use Maintenance
* Clean up
* I want to use the class name UserOptions for something else
so rename it.
Change-Id: Ic441087702376b1ca0e70554c71cdf7ecad908af
dépôts / lhc / web / wiklou.git / log