jenkins-bot [Tue, 24 May 2016 21:10:08 +0000 (21:10 +0000)]
Merge "Simplify code for updating tooltips with accesskey tips"
Translation updater bot [Tue, 24 May 2016 20:21:58 +0000 (22:21 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I3941ec39a42414aa051ab58922267e143c5b30f1
Matthew Flaschen [Thu, 19 May 2016 21:10:35 +0000 (17:10 -0400)]
RevDel: Fix ChangeTags for archived items
Bug: T128980
Change-Id: Ibc9ec57da16e1b71c9efa0d2c062f8d7965f59bc
jenkins-bot [Tue, 24 May 2016 18:31:55 +0000 (18:31 +0000)]
Merge "Revert "Convert Special:NewFiles to use OOUI.""
Bartosz Dziewoński [Tue, 24 May 2016 18:05:25 +0000 (18:05 +0000)]
Revert "Convert Special:NewFiles to use OOUI."
Removing the 'hidden' fields from the HTMLForm definition
means that they are no longer preserved when the form is
resubmitted. I think that's a problematic regression.
This reverts commit
179e2f892d7811fa5613e1d6e0d5626e52c93b31.
Change-Id: Ib84dca5119b7a5270b349c5d1164541a5f082d96
jenkins-bot [Tue, 24 May 2016 16:41:45 +0000 (16:41 +0000)]
Merge "Convert Special:NewFiles to use OOUI."
jenkins-bot [Tue, 24 May 2016 16:41:40 +0000 (16:41 +0000)]
Merge "Convert Special:WithoutInterwiki to OOUI"
jenkins-bot [Tue, 24 May 2016 15:27:07 +0000 (15:27 +0000)]
Merge "Document what User::newSystemUser()'s "stealing" does"
jenkins-bot [Tue, 24 May 2016 15:27:02 +0000 (15:27 +0000)]
Merge "Improve some documentation of AuthManager's additions"
Brad Jorsch [Tue, 24 May 2016 15:05:47 +0000 (11:05 -0400)]
Document what User::newSystemUser()'s "stealing" does
Also improves a few other comments in the method.
Change-Id: I87e293c0ef487ef15bee8fbe1085d530c99a7b07
jenkins-bot [Tue, 24 May 2016 11:13:44 +0000 (11:13 +0000)]
Merge "Disable CAS check when saving TestUser data."
daniel [Thu, 19 May 2016 12:51:04 +0000 (14:51 +0200)]
Disable CAS check when saving TestUser data.
During testing, we are not worried about data loss, so we can safely
bypass the CAS check when setting up a test fixture.
This change was added to address sporadic test failures like the following:
18:03:38 1) ApiEchoMarkReadTest::testMarkReadWithList
18:03:38 MWException: CAS update failed on user_touched for user ID '2' (read from slave); the version of the user to be saved is older than the current version.
18:03:38
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/includes/user/User.php:3931
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/TestUser.php:83
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/includes/api/ApiTestCase.php:30
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/extensions/Echo/tests/phpunit/api/ApiEchoMarkReadTest.php:11
18:03:38 /mnt/jenkins-workspace/workspace/mediawiki-extensions-hhvm/src/tests/phpunit/MediaWikiTestCase.php:370
Bug: T131178
Change-Id: I99b43e0db85bc2c1cd335c82971df4e95520d34b
Aaron Schulz [Tue, 24 May 2016 07:06:36 +0000 (00:06 -0700)]
Add the LockManager error to LocalFileLockError exceptions
Change-Id: Ibfa7312993806554f7939b4f5692e30714f71304
jenkins-bot [Tue, 24 May 2016 03:29:32 +0000 (03:29 +0000)]
Merge "Add LinkRenderer (rewrite of Linker::link())"
jenkins-bot [Tue, 24 May 2016 03:29:28 +0000 (03:29 +0000)]
Merge "Avoid invidual LinkCache lookups in Linker::makeBrokenImageLinkObj()"
jenkins-bot [Tue, 24 May 2016 03:19:35 +0000 (03:19 +0000)]
Merge "Cleanup Special:PrefixIndex::showPrefixChunk()"
jenkins-bot [Tue, 24 May 2016 03:07:15 +0000 (03:07 +0000)]
Merge "TraditionalImageGallery: Preload Titles being linked into LinkCache"
jenkins-bot [Tue, 24 May 2016 03:07:01 +0000 (03:07 +0000)]
Merge "Remove 'noclasses' from Linker::linkKnown() defaults"
Bartosz Dziewoński [Thu, 19 May 2016 17:22:06 +0000 (19:22 +0200)]
Simplify code for updating tooltips with accesskey tips
After
79e095fd, we can assume that if this code runs, then the fast
querySelectorAll() is available, and therefore jQuery will use it
rather than its polyfill.
This completes the fix for T60255 started in
ed85c136.
Change-Id: I6b905ffb8ccf791d0edebfc15f2a4f1d1a57fbe1
jenkins-bot [Mon, 23 May 2016 22:26:18 +0000 (22:26 +0000)]
Merge "Lowered incrTableUpdate() batch size to $wgUpdateRowsPerQuery"
jenkins-bot [Mon, 23 May 2016 21:27:51 +0000 (21:27 +0000)]
Merge "Remove unused import in MediaWikiServices"
jenkins-bot [Mon, 23 May 2016 21:06:26 +0000 (21:06 +0000)]
Merge "Batch updateNotificationTimestamp() UPDATE queries (without wl_id)"
jenkins-bot [Mon, 23 May 2016 21:02:50 +0000 (21:02 +0000)]
Merge "RollbackAction: Implement AJAX interface and require POST"
Translation updater bot [Mon, 23 May 2016 20:00:48 +0000 (22:00 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I00c9bd3bf3a03e38b1cc2573212bfae257d3dc4c
umherirrender [Mon, 23 May 2016 18:49:21 +0000 (20:49 +0200)]
Batch updateNotificationTimestamp() UPDATE queries (without wl_id)
The new primary key is not usable in production (T130067), so batch the
query using the old where condition.
Some code ideas from I3dbe1de4cf39499728a2077a71157d4bcc203e44
Bug: T134613
Change-Id: Ic12926a5166f7578a1136c7944d883c2fe1f3b3a
Timo Tijhof [Tue, 29 Sep 2015 02:53:20 +0000 (19:53 -0700)]
RollbackAction: Implement AJAX interface and require POST
Similar to WatchAction (converted in commit
77cdf1919).
* Make FormAction::getFormFields not abstract.
In most cases this will just be an empty array.
* Convert RollbackAction from FormlessAction to FormAction and implement the
required error handling scenarios (mostly moved out of from the old method, or
duplicated from the WikiPage method where necessary).
* In most cases the in-between form is never used since a JavaScript handler
takes over the link and uses the API over AJAX instead. In the no-js fallback
(as well as for any existing tokenless rollback links) copy the GET parameters
into the form for re-submission as POST (plus token, added by HTMLForm).
* Remove the distinction between WebUI and API tokens. This stronger token salt made it
unnecessarily complex and was only there because it used GET until now. This streamlining of
tokens matches what we already do for 'watch', 'edit', 'patrol' and other actions.
* Fix form submission bugs when 'from' query parameter is missing.
- Ensure the required 'from' query parameter is present before showing a form.
No need for the user to submit a form we know will fail.
- Plain GET request to action=rollback (with no parameters) is now a 400 Bad Request
instead of a form that would fail when submitted.
- Submitting the form without 'form' field now correctly says why it failed.
Previously it emitted a session error, which was a lie.
Bug: T88044
Change-Id: Ia457802fec2e90573c8e7d552bc1f3cee258f10b
Kunal Mehta [Thu, 21 Apr 2016 20:13:21 +0000 (13:13 -0700)]
Add LinkRenderer (rewrite of Linker::link())
This is a rewrite of Linker::link() to a non-static, LinkTarget-based
interface. Users of plain Linker::link() with no options can use the
LinkRenderer instance provided by MediaWikiServices. Others that
have specific options should create and configure their own instance,
which can be used to create as many links as necessary.
The main entrypoints for making links are:
* ->makeLink( $target, $text, $attribs, $query );
* ->makeKnownLink( $target, $text, $attribs, $query );
* ->makeBrokenLink( $target, $text, $attribs, $query );
The order of the parameters are the same as Linker::link(), except
$options are now part of the LinkRenderer instance, and
known/broken status requires calling the function explicitly.
Additionally, instead of passing in raw $html for the link text, the
$text parameter will automatically be escaped unless it is specially
marked as safe HTML using the MediaWiki\Linker\HtmlArmor class.
The LinkBegin and LinkEnd hooks are now deprecated, but still function
for backwards-compatability. Clients should migrate to the nearly-
equivalent LinkRendererBegin and LinkRendererEnd hooks.
The main differences between the hooks are:
* Passing HtmlPageLinkRenderer object instead of deprecated DummyLinker
* Using LinkTarget instead of Title
* Begin hook can no longer change known/broken status of link. Use the
TitleIsAlwaysKnown hook for that.
* $options are no longer passed, they can be read (but shouldn't be
modified!) from the LinkRenderer object.
Bug: T469
Change-Id: I057cc86ae6404a080aa3c8e0e956ecbb10a897d5
Aaron Schulz [Sat, 21 May 2016 10:40:03 +0000 (03:40 -0700)]
Do not count 0-load servers in getMaxLag()
JobRunner::run() and API endpoints use this to bail out if
lag is too high. A dedicated "vslow" host with no normal
load should not trigger this logic, for example.
Bug: T135809
Change-Id: If6879aa1a4379857779a4eacf2a8b7400c0b434f
jenkins-bot [Mon, 23 May 2016 18:02:33 +0000 (18:02 +0000)]
Merge "Add some missing MW version documentation"
jenkins-bot [Mon, 23 May 2016 17:53:38 +0000 (17:53 +0000)]
Merge "Log autocreation attempts in SessionManager"
Gergő Tisza [Mon, 23 May 2016 13:20:41 +0000 (13:20 +0000)]
Add some missing MW version documentation
* deprecate $wgAuth
* add @since for Status::getStatusValue
Change-Id: Ia11ef1e4788297ffea0a2beb4da731c7e771958c
Paladox [Sun, 22 May 2016 18:01:43 +0000 (19:01 +0100)]
Bump mediawiki version in PHPVersionCheck.php to 1.28
We bumped to version 1.28 in mediawiki recently but seems we forgot to do
it in PHPVersionCheck.php.
Change-Id: I2a455669b68225fd9d6772c8482559c220d433b5
jenkins-bot [Mon, 23 May 2016 16:07:06 +0000 (16:07 +0000)]
Merge "add LanguageTest::testEquals for Id7ed6a21c"
jenkins-bot [Mon, 23 May 2016 16:03:50 +0000 (16:03 +0000)]
Merge "Language: Introduce new method equals( Language $lang )"
jenkins-bot [Mon, 23 May 2016 15:23:26 +0000 (15:23 +0000)]
Merge "build: Enforce stylelints on function calls"
daniel [Mon, 23 May 2016 14:45:06 +0000 (16:45 +0200)]
add LanguageTest::testEquals for Id7ed6a21c
Change-Id: I99ea4c51bfc5245eab0bcca73870c56a6fab2c43
jenkins-bot [Mon, 23 May 2016 07:15:00 +0000 (07:15 +0000)]
Merge "Remove unused messages in the installer"
jenkins-bot [Sun, 22 May 2016 21:17:10 +0000 (21:17 +0000)]
Merge "Add pages with ignored restricted {{DISPLAYTITLE}}s to a tracking category"
Translation updater bot [Sun, 22 May 2016 19:58:03 +0000 (21:58 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Icdeee9242c04b5417eb60a2c268e88d9c0a40896
Florian [Sat, 21 May 2016 23:25:41 +0000 (01:25 +0200)]
Fix autoload.php sort order
By running maintenance/generateLocalAutoload.php.
Change-Id: I54324c9c3da201a8ccf3be8bd6a2e9c026936253
Bartosz Dziewoński [Mon, 16 May 2016 18:12:12 +0000 (20:12 +0200)]
CoreParserFunctions: Return 0 from {{PAGESIZE:}} when length is unknown
Revision::getSize() might return null when the revision.rev_len field
is null. That should never happen normally (the field should get
backfilled as part of the update process), but we've also had a bug
where rev_len was not being recorded for empty pages (see T135414 for
details). It's saner to return a number here rather than empty string,
and 0 should actually be correct for all pages affected by that issue.
Bug: T20998
Change-Id: Ie12f0be24f00aaf8b90b25c4921a97df3b789369
Glaisher [Fri, 13 May 2016 17:44:34 +0000 (22:44 +0500)]
LogEventsList::showLogExtract: allow providing custom URL parameters for "view full log" link
Optional 'extraUrlParams' parameter has been added. This is useful for example when you want to
link to subtypes: Special:Log/foo?subtype=bar.
Also change Special:Log link to linkKnown() instead of link() while at it.
Change-Id: I87a6403eb0639c4d93e49d6946b85650f478107b
Glaisher [Sun, 22 May 2016 17:15:34 +0000 (22:15 +0500)]
Add pages with ignored restricted {{DISPLAYTITLE}}s to a tracking category
Added to "Pages with ignored display titles" category
(message key: "restricted-displaytitle-ignored")
Follow up to I6ae6d5d0e567ba9c86e46c32240ee51a2ca5d8d1
Bug: T135949
Change-Id: I9e0f8b1e3d39a62c13191bea6734fb136e976e0c
Paladox [Sun, 22 May 2016 11:16:08 +0000 (12:16 +0100)]
Remove unused messages in the installer
Removes messages:
config-db-charset
https://github.com/wikimedia/mediawiki/search?utf8=%E2%9C%93&q=config-db-charset&type=Code
config-charset-mysql5-binary
https://github.com/wikimedia/mediawiki/search?utf8=%E2%9C%93&q=config-charset-mysql5-binary&type=Code
config-charset-mysql5
https://github.com/wikimedia/mediawiki/search?utf8=%E2%9C%93&q=config-charset-mysql5&type=Code
config-charset-mysql4
https://github.com/wikimedia/mediawiki/search?utf8=%E2%9C%93&q=config-charset-mysql4&type=Code
config-charset-help
https://github.com/wikimedia/mediawiki/search?utf8=%E2%9C%93&q=config-charset-help&type=Code
Shows them as all being unused.
Plus we doint use mysql 4 any more nor support it.
Change-Id: I369e4f6d3fd934398d978d3fa8c0da6a62bd8a0f
addshore [Thu, 19 May 2016 10:44:20 +0000 (11:44 +0100)]
Add @since tags to each LinkTarget method.
All current methods were introduced in 1.27
Change-Id: I777a251bae75e5b040f0ef9f608e91022d3e70d7
Translation updater bot [Sat, 21 May 2016 19:59:59 +0000 (21:59 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I81eef8d9acdd8a2f0e0adeca28bfad36882e0fe9
Sethakill [Wed, 18 May 2016 20:27:08 +0000 (22:27 +0200)]
Convert Special:NewFiles to use OOUI.
Other changes:
* moved form from pager
* added FormOptions
Bug: T135680
Change-Id: I1d9c0a761fd3d71fe58c2621c9766c2c6dd39dcb
Amire80 [Sat, 21 May 2016 10:10:29 +0000 (13:10 +0300)]
Add missing samp tags and closing kbd tag
In:
* apihelp-clientlogin-example-login2
* api-help-authmanager-general-usage
Also fix a typo in api-help-authmanager-general-usage.
Change-Id: I2a9f6c46c992fda9a21068dd789043d5ef626311
jenkins-bot [Fri, 20 May 2016 23:08:21 +0000 (23:08 +0000)]
Merge "Revert "Enable AuthManager by default""
Chad [Fri, 20 May 2016 22:56:20 +0000 (22:56 +0000)]
Revert "Enable AuthManager by default"
Breaking some extensions at the moment in unit testing,
needs more cleanup first
This reverts commit
485e0548e9cd784a91538730ba6ae8ec1708d71e.
Change-Id: Icdde13df71204ff99b8ef60bd9ebf356c40615b9
Translation updater bot [Fri, 20 May 2016 19:56:30 +0000 (21:56 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: Ia6f9b128f9747919c7263200b639ef8207079f3f
Gergő Tisza [Fri, 20 May 2016 14:27:56 +0000 (14:27 +0000)]
registration: Ignore short variables in convertExtensionToRegistration
substr returns false when the string is shorter than the initial
position, which makes array_key_exists freak out.
Change-Id: I38c2dd3a1ae5d700d66ff590dda4be67e4dc5514
Fomafix [Thu, 19 May 2016 20:36:02 +0000 (20:36 +0000)]
EditPage: Use localized special page links for 'anoneditwarning'
This avoids a redirect from the generic special page to the localized special page.
Change-Id: Ica7995839b67a809dd9dcc12298209bee300e54b
daniel [Thu, 12 May 2016 18:44:04 +0000 (20:44 +0200)]
Use InterwikiLookup in Title.
This makes the use of the global InterwikiLookup singleton more explicit
in the Title class. It does not remove the strong binding between Title
and InterwikiLookup.
Change-Id: Iaeb7c418af17fe19f170487f5364040da6052699
umherirrender [Fri, 20 May 2016 18:11:58 +0000 (20:11 +0200)]
Fix various phpcs error from last security patches
Found by tests:
https://integration.wikimedia.org/ci/job/mediawiki-core-phpcs-trusty/1069/console
Breaking merges
Change-Id: If01b94705cd7b939ac380053730b1b602c838a8e
Brian Wolff [Mon, 25 Apr 2016 18:08:46 +0000 (14:08 -0400)]
Add rel="noreferrer noopener" when target attribute would open window
noreferrer is used as support for noopener is very limited.
This is to prevent the attack detailed at
https://mathiasbynens.github.io/rel-noopener/ where you can
navigate the parent window, even if the new window is a cross-origin.
Bug: T133507
Change-Id: I6e4ab938861e246ff44048077b94847e303f1859
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brad Jorsch [Sun, 17 Apr 2016 14:32:56 +0000 (10:32 -0400)]
SECURITY: Rate limit moves via the API
While rate limiting has been applied to moves via the web UI since rate
limiting was first added, it appears that it was overlooked when ApiMove
was created.
This follows the same model as is followed by the web UI: each
submission to ApiMove is one "hit" for the rate limiter, even though
that submission might result in multiple pages being moved (e.g. the
page, its talk page, and its subpages) depending on the options and user
rights.
Bug: T132874
Change-Id: I564d8bfcc7dd3ad6d92dbbc33519a589697c0d4e
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Max Semenik [Tue, 12 Apr 2016 20:52:34 +0000 (16:52 -0400)]
Use pool counter for generating large diffs to prevent DoS.
Bug: T130947
Change-Id: If560844664051c04e01b954377b4bdfdb744d13f
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Darian Anthony Patrick [Tue, 19 Apr 2016 17:53:39 +0000 (10:53 -0700)]
Enforce upper limit on invocations of wfShellExec()
Enforce an upper limit of 100,000 bytes on commands executed via
wfShellExec() to avoid HHVM crash resulting from process spawned with
argument exceeding MAX_ARG_STRLEN, as defined in binfmts.h
Bug: T129506
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
csteipp [Mon, 22 Feb 2016 20:50:40 +0000 (12:50 -0800)]
SECURITY: Throw exception on unknown hash algorithm
To prevent a bad password configuration from accidentally allowing
users to bypass authentication, throw an exception if either hash or
hash_pbkdf2 return false.
Also, ensure md5() returned a sane hash.
Bug: T127420
Change-Id: If3664941236e4065eb8db11b0a211fd6210de631
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brian Wolff [Mon, 9 May 2016 07:51:01 +0000 (03:51 -0400)]
Canonicalize usernames before rate limiting logins
Bug: T127114
Change-Id: I020cecf345c6bad4f461b70203f0bd29792de1f8
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brad Jorsch [Sun, 31 Jan 2016 20:43:00 +0000 (15:43 -0500)]
SECURITY: RawAction: Vary on the usual headers
This avoids edge cases where the user isn't logged in but we still need
varying for proper cache behavior.
Bug: T125283
Change-Id: I43cde3a48371e62a16bda1291b1b51986e60fe4c
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brad Jorsch [Mon, 18 Jan 2016 17:00:41 +0000 (12:00 -0500)]
SECURITY: Improve cross-domain-policy mangling
Take into account that the tag might have parameters.
Bug: T123653
Change-Id: Ie9799f5ea45badfb4e7b4be7e7fbc1c35cc86f26
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brad Jorsch [Mon, 4 Jan 2016 19:14:28 +0000 (11:14 -0800)]
SECURITY: Check for mbstring.func_overload at runtime
The installer already checks for this, let's also catch the case when
someone enables this after installation.
Bug: T122807
Change-Id: Ieddbc932f482d52da1688d472f494074c81124b2
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
csteipp [Thu, 7 Jan 2016 16:13:16 +0000 (08:13 -0800)]
SECURITY: Don't use m modifier when checking link prefix
SVG filter incorrectly used the m modifier when checking if an href
attribute started with 'https?://', incorrectly matching attributes
such as, "javascript:alert(' http://foo')".
Bug: T122653
Change-Id: I41291fff344241cad3171f3e8050de99b62a2296
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brian Wolff [Fri, 4 Dec 2015 02:39:16 +0000 (21:39 -0500)]
SECURITY: Include quote characters in strip markers so esc in attr
Strip markers get substituted for general html, which means the
substitution text general does not escape quote characters. If
someone can convince MW to put a strip marker in an attribute,
you can get around escaping requirements that way. This patch
adds the characters `"' to the strip marker text. At least one
of these characters should be escaped inside attributes (regardless
of what quote character you use for attributes), thus normal html
escaping will deactivate the strip markers, preventing the
vulnrability.
This will break any extension that escapes input with htmlspecialchars,
to add to html/half parsed html output, but assumes that strip markers
are unmangled. I don't think its very common to do this. The primary
example I found was some core usages of Xml::escapeTagsOnly(). (And
even in that case, it only affected the corner case of being called
via {{#tag:..}})
Based on MatmaRex's suggestion.
Change-Id: If887065e12026530f36e5f35dd7ab0831d313561
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brian Wolff [Tue, 27 Oct 2015 08:31:00 +0000 (02:31 -0600)]
SECURITY: Add data attribute to patrol links so it can't be spoofed by user
Javascript used to look just for the patrollinks class, which
could be set by the user in order to patrol an arbitrary page.
Bug: T103239
Change-Id: I13fcc3ce479c0a4a90a6217c2e5244f051eaf862
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Brad Jorsch [Fri, 8 May 2015 14:20:30 +0000 (10:20 -0400)]
API: Add "standard" header and hook for lacksSameOriginSecurity()
The header is intended for use with XMLHttpRequest when the request
might be part of an XSS. The hook is for extensions that might need to
add additional checks of some sort.
Bug: T98313
Change-Id: I0e5f2d3b29a79a12461dc33c90c812a56810f536
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Volker E [Wed, 18 May 2016 20:35:34 +0000 (13:35 -0700)]
Improve unstyled updatedmarker
This is the "changed since your last visit" marker that you'll
see on ?action=history for a page on your watchlist, marking
edits that were made since you last viewed the page.
updatedmarker is styled by some skins, but not all of them.
Updating CSS selector and involved colors to address some of the concerns
and improving consistency.
Bug: T134515
Change-Id: Ib21ee453f0fa71fc8f516db1fec71096d962d194
jenkins-bot [Fri, 20 May 2016 15:47:50 +0000 (15:47 +0000)]
Merge "Enable AuthManager by default"
Gergő Tisza [Thu, 11 Feb 2016 08:12:45 +0000 (00:12 -0800)]
Log autocreation attempts in SessionManager
Also fix a typo.
Bug: T125184
Change-Id: I7e5ebcfdfd3aa37e131454855f4b7142e24906c4
jenkins-bot [Fri, 20 May 2016 12:22:15 +0000 (12:22 +0000)]
Merge "build: Bump grunt-stylelint to v0.3.0"
Aaron Schulz [Fri, 20 May 2016 03:59:55 +0000 (20:59 -0700)]
Lowered incrTableUpdate() batch size to $wgUpdateRowsPerQuery
Change-Id: I05787b6e9ace26e7a20c228fbc3502983dfed777
jenkins-bot [Fri, 20 May 2016 03:45:45 +0000 (03:45 +0000)]
Merge "jsduck: Sort list of globals in jsduck.json"
jenkins-bot [Fri, 20 May 2016 03:44:16 +0000 (03:44 +0000)]
Merge "mw.loader: Optimise hot code paths in addEmbeddedCSS()"
Timo Tijhof [Wed, 18 May 2016 20:01:29 +0000 (21:01 +0100)]
jsduck: Sort list of globals in jsduck.json
Change-Id: Ifb920c055740575edcda0b4f460cc8c5b377ba87
jenkins-bot [Fri, 20 May 2016 02:48:00 +0000 (02:48 +0000)]
Merge "Limit DELETE in purgeExpiredRestrictions() and use primary key"
Kunal Mehta [Fri, 20 May 2016 01:58:34 +0000 (18:58 -0700)]
Avoid invidual LinkCache lookups in Linker::makeBrokenImageLinkObj()
Change-Id: I29ab072519937b770e75a40382d2f77cbabe098b
Kunal Mehta [Fri, 20 May 2016 01:58:12 +0000 (18:58 -0700)]
Cleanup Special:PrefixIndex::showPrefixChunk()
* Title::makeTitle() cannot return null or false
* Use foreach loop instead of while and $res->fetchObject()
* Select extra fields for LinkCache, and add existence into it
* Let Linker handle generation of mw-redirect class
Change-Id: I23f09956b5a39badbfa05d1188466180935cf411
Kunal Mehta [Fri, 20 May 2016 01:53:18 +0000 (18:53 -0700)]
TraditionalImageGallery: Preload Titles being linked into LinkCache
Change-Id: Ie8b2508a52c1c1476f34f0b8e16184bed15310e1
Kunal Mehta [Thu, 19 May 2016 21:42:52 +0000 (14:42 -0700)]
Remove 'noclasses' from Linker::linkKnown() defaults
The intention for Linker::linkKnown() was to be used when the caller had
already preloaded the target's existence ('known') and called
Linker::getLinkColour() directly ('noclasses'). However, nearly all
usage of linkKnown() only did the first part, and not the latter.
So do what people actually ended up using the function for, and remove
'noclasses' from the default parameters. As long as the target the link
is being created for is already in LinkCache, this shouldn't cause any
extra database queries.
Change-Id: Ia5a4c2f18ec780627146617a1498bd04fcfbb3ee
Bartosz Dziewoński [Fri, 20 May 2016 01:12:15 +0000 (03:12 +0200)]
Undo translations of message changes from
6ffabb26
I reverted them all on translatewiki.net by hand, then imported here with
a quick script: https://phabricator.wikimedia.org/
F4032850.
(Changes were then reviewed and some weird ones undone by hand.)
All the important work was on translatewiki.net, this commit could as well
be done by the localisation bot, but we want it now to deploy it.
Bug: T135773
Change-Id: Iaa6797939fa52619d1bbd8d7e0dad8409687d3cd
aude [Thu, 19 May 2016 23:32:28 +0000 (19:32 -0400)]
Remove unused import in MediaWikiServices
Change-Id: I6760f33cd40eb150f42caa0f6b5fc79872299772
jenkins-bot [Thu, 19 May 2016 21:38:11 +0000 (21:38 +0000)]
Merge "Revert "Convert Special:WhatLinksHere from XML form to OOUI form""
TheDJ [Thu, 19 May 2016 21:24:28 +0000 (21:24 +0000)]
Revert "Convert Special:WhatLinksHere from XML form to OOUI form"
This cannot be the design that was intended here...
This reverts commit
6ffabb260b60497a732b9b46610ec9fd0f9f71f9.
Bug: T135773
Change-Id: Id6ab2ba04c443981cc406c4372c9a809c937c566
jenkins-bot [Thu, 19 May 2016 20:45:25 +0000 (20:45 +0000)]
Merge "PHPUnit: turn off verbose option"
Aaron Schulz [Tue, 17 May 2016 11:19:29 +0000 (04:19 -0700)]
Limit DELETE in purgeExpiredRestrictions() and use primary key
This should help reduce contention in some cases.
If too many rows are expired, subsequent updates will
clear them out.
Bug: T135470
Change-Id: Iada496d0db9b00e77037320d7c65124a8c8f68c0
Translation updater bot [Thu, 19 May 2016 20:03:02 +0000 (20:03 +0000)]
Merge "Localisation updates from https://translatewiki.net."
Translation updater bot [Thu, 19 May 2016 19:57:18 +0000 (21:57 +0200)]
Localisation updates from https://translatewiki.net.
Change-Id: I23caefae3374028db6475f66244c1ec3627f49ec
Niklas Laxström [Thu, 19 May 2016 12:48:26 +0000 (14:48 +0200)]
Use inNamespace in CategoryPage
Change-Id: I55dae5163d62c25536fb040764cab99cd4deb9b7
jenkins-bot [Thu, 19 May 2016 19:12:48 +0000 (19:12 +0000)]
Merge "exception: Create generic BadRequestError based on ErrorPageError"
Timo Tijhof [Tue, 17 May 2016 21:22:05 +0000 (22:22 +0100)]
exception: Create generic BadRequestError based on ErrorPageError
Ideally this would be an option in ErrorPageError (perhaps even the default),
but its constructor isn't very suitable for that.
After this lands, uses of ErrorPageError should be audited to see if it makes
sense to emit a 400 status code.
Change-Id: I4beb6a4f256446b98b66d5e4bcdbab8f247441a8
Brad Jorsch [Tue, 17 May 2016 13:35:10 +0000 (09:35 -0400)]
API: Handle shorthand "all groups" configuration in ApiQuerySiteInfo
In $wgAddGroups, $wgRemoveGroups, $wgGroupsAddToSelf, and
$wgGroupsRemoveFromSelf, boolean true in place of an array of groups to
allow adding/removing is shorthand for "all groups". Handle this
appropriately in action=query&meta=siteinfo&siprop=usergroups.
Bug: T135467
Change-Id: I6ae61ef14ac7932e3369155c56bad60a9d72060d
jenkins-bot [Thu, 19 May 2016 18:51:26 +0000 (18:51 +0000)]
Merge "Highlight new requirement"
James D. Forrester [Thu, 19 May 2016 18:05:36 +0000 (19:05 +0100)]
build: Bump grunt-stylelint to v0.3.0
Change-Id: I012d8b8cb2851270180f1a981c49a8a5043ae218
Timo Tijhof [Wed, 18 May 2016 18:25:14 +0000 (19:25 +0100)]
mw.loader: Optimise hot code paths in addEmbeddedCSS()
addEmbeddedCSS() is a big part of the hot code path that moves a module from
state "loaded" to "ready". Especially on repeat views (where most loads
are cache hits from local storage), this is the main thing that JS spends time
on before running scripts (which must wait for the styles to apply first).
* newStyleTag: Avoid use of jQuery.
Before
- jQuery()
- jQuery#init
- jQuery#before
- jQuery#domManip, jQuery#buildFragment, jQuery#inArray
- Node#insertBefore
- Node#appendChild
After
- Node#insertBefore
- Node#appendChild
* getMarker: Store raw Node instead of jQuery object. Makes it easy for other
code to avoid jQuery. And for those that don't, creating a jQuery object is cheap.
Also use querySelector directly since it's ensured by our feature test.
The only cases jQuery/Sizzle accounts with querySelector is IE8 (already excluded
by our feature test), and Opera 12 (in an edge case that doesn't apply to this
selector).
Before
- jQuery
- jQuery#init
- jQuery#find
- Sizzle
- querySelectorAll
- jQuery#pushStack
After
- querySelector
* addEmbeddedCSS: This was needlessly calling the fairly slow .data() method for
all style tags in all browsers. It should've been guarded by IE<=9 if-statement.
The consumer of this data property already had that check. The setter did not.
Before:
- getMarker
- ..
- newStyleTag
- ..
- jQuery#data
- jQuery#each, jQuery#data, internalData, ..
- fireCallbacks
- ..
After
- getMarker
- newStyleTag
- fireCallbacks
- ..
Change-Id: Ie5b5195d337b5d88f0c2ca69d15b13a4fb9d87e2
jenkins-bot [Thu, 19 May 2016 17:57:26 +0000 (17:57 +0000)]
Merge "API: Avoid duplicate IDs in API documentation"
jenkins-bot [Thu, 19 May 2016 17:46:18 +0000 (17:46 +0000)]
Merge "ResourcesOOUI: Remove deprecated oojs-ui.styles module"
jenkins-bot [Thu, 19 May 2016 17:45:24 +0000 (17:45 +0000)]
Merge "mediawiki.page.patrol: Use this.href instead of $(this).attr('href')"
jenkins-bot [Thu, 19 May 2016 17:45:20 +0000 (17:45 +0000)]
Merge "build: Enforce stylelints on fonts"
dépôts / lhc / web / wiklou.git / log