5 years agoSpecial:Version: Use addModuleStyles to load mediawiki.special.version
Glaisher [Sat, 6 Feb 2016 12:33:43 +0000 (17:33 +0500)]
Special:Version: Use addModuleStyles to load mediawiki.special.version

Currently, there is a brief delay before the stylesheet is loaded so
use addModuleStyles as this is a stylesheet only module.

Change-Id: I6adfeae88dddeab427928ef800152a4e1353cbe5

5 years agoMerge "Add $wgRateLimits types ip-all and subnet-all"
jenkins-bot [Fri, 5 Feb 2016 20:52:05 +0000 (20:52 +0000)]
Merge "Add $wgRateLimits types ip-all and subnet-all"

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Fri, 5 Feb 2016 20:28:39 +0000 (21:28 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I833de3a05f11dedaead4ace0757e37abc5d34351

5 years agoMerge "Add Special:UserLogin/signup to search suggestions"
jenkins-bot [Fri, 5 Feb 2016 16:46:30 +0000 (16:46 +0000)]
Merge "Add Special:UserLogin/signup to search suggestions"

5 years agoAdd Special:UserLogin/signup to search suggestions
Alex Monk [Fri, 5 Feb 2016 15:15:23 +0000 (15:15 +0000)]
Add Special:UserLogin/signup to search suggestions

Change-Id: I8aa1c7526f5c8d4c80b2cc649b39a30c1da3946a

5 years agoMerge "mediawiki.api.parse: Use formatversion=2 for API requests"
jenkins-bot [Fri, 5 Feb 2016 11:44:16 +0000 (11:44 +0000)]
Merge "mediawiki.api.parse: Use formatversion=2 for API requests"

5 years agoMerge "mediawiki.userSuggest: Use formatversion=2 for API request"
jenkins-bot [Fri, 5 Feb 2016 11:28:18 +0000 (11:28 +0000)]
Merge "mediawiki.userSuggest: Use formatversion=2 for API request"

5 years agoMerge "mw.loader: Guard localStorage access with try/catch in mw.store.clear()"
jenkins-bot [Fri, 5 Feb 2016 00:04:30 +0000 (00:04 +0000)]
Merge "mw.loader: Guard localStorage access with try/catch in mw.store.clear()"

5 years agomw.loader: Guard localStorage access with try/catch in mw.store.clear()
Bryan Davis [Thu, 4 Feb 2016 16:19:25 +0000 (09:19 -0700)]
mw.loader: Guard localStorage access with try/catch in mw.store.clear()

We use try/catch appropriately in other places but it was missing
in mw.store.clear().

If the user agent has localStorage disabled an exception will be thrown
for any operation that touches the object.

Change-Id: Idcd0e4c8ba9b0843b2ddcad0ae1781e4915e04fe

5 years agoMerge "mediawiki.jqueryMsg.test: Call async() before each async test step"
jenkins-bot [Thu, 4 Feb 2016 23:06:11 +0000 (23:06 +0000)]
Merge "mediawiki.jqueryMsg.test: Call async() before each async test step"

5 years agoMerge "Add logic for "tags" in ApiBase"
jenkins-bot [Thu, 4 Feb 2016 22:01:33 +0000 (22:01 +0000)]
Merge "Add logic for "tags" in ApiBase"

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Thu, 4 Feb 2016 20:57:23 +0000 (21:57 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Ic35ee8090408696e1b609bae1289aa0036462333

5 years agoMerge "ForeignAPIRepo: Remove incorrect 'thumbnail' from $imageInfoProps"
jenkins-bot [Thu, 4 Feb 2016 20:50:07 +0000 (20:50 +0000)]
Merge "ForeignAPIRepo: Remove incorrect 'thumbnail' from $imageInfoProps"

5 years agoAdd logic for "tags" in ApiBase
victorbarbu [Wed, 20 Jan 2016 09:51:01 +0000 (11:51 +0200)]
Add logic for "tags" in ApiBase

Bug: T97720
Change-Id: I275c516b4744e243333ec0818d2be1e5508e54a3

5 years agomediawiki.jqueryMsg.test: Call async() before each async test step
Thiemo Mättig [Thu, 4 Feb 2016 17:52:58 +0000 (18:52 +0100)]
mediawiki.jqueryMsg.test: Call async() before each async test step

Previously, this code ran into the problem that the timeout for dozens of
API requests was hit and the test failed.
The timeout now starts within each individual step.

Bug: T125484
Change-Id: Ia7874ccafadf93986278a241d9d308be0bc99493

5 years agoMerge "Page is an interface not a class"
jenkins-bot [Thu, 4 Feb 2016 19:24:54 +0000 (19:24 +0000)]
Merge "Page is an interface not a class"

5 years agoMerge "Pass function to Database::selectField in SpecialActiveusers.php"
jenkins-bot [Thu, 4 Feb 2016 19:24:50 +0000 (19:24 +0000)]
Merge "Pass function to Database::selectField in SpecialActiveusers.php"

5 years agoMerge "qunit: Increase individual test timeout to 60 seconds"
jenkins-bot [Thu, 4 Feb 2016 18:15:55 +0000 (18:15 +0000)]
Merge "qunit: Increase individual test timeout to 60 seconds"

5 years agoqunit: Increase individual test timeout to 60 seconds
Jan Zerebecki [Thu, 4 Feb 2016 10:35:02 +0000 (11:35 +0100)]
qunit: Increase individual test timeout to 60 seconds

Bug: T125484
Change-Id: If4147d678fdef168d79bc2b4d0c606b8c82dc6af

5 years agoForeignAPIRepo: Remove incorrect 'thumbnail' from $imageInfoProps
Bartosz Dziewoński [Thu, 4 Feb 2016 17:14:05 +0000 (18:14 +0100)]
ForeignAPIRepo: Remove incorrect 'thumbnail' from $imageInfoProps

'thumbnail' doesn't seem to have ever been a valid 'iiprop' value.
It's currently causing harmless warnings on every InstantCommons request.
Added in 8d1fa96578e8570a08a0cb5f7e2945f09819fbfb for unknown reasons.

Change-Id: I6286ce3ac07207c0dcfc1171084cb358b3fcecda

5 years agoMerge "Avoid unstubbing $wgUser before the end of Setup.php in User::getBlockedStatus()"
jenkins-bot [Thu, 4 Feb 2016 16:42:07 +0000 (16:42 +0000)]
Merge "Avoid unstubbing $wgUser before the end of Setup.php in User::getBlockedStatus()"

5 years agoMerge "When serializing Message, don't try to unstub StubUserLang"
jenkins-bot [Thu, 4 Feb 2016 16:29:28 +0000 (16:29 +0000)]
Merge "When serializing Message, don't try to unstub StubUserLang"

5 years agoMerge "Disable automatic cache headers associated with starting a session"
jenkins-bot [Thu, 4 Feb 2016 16:29:20 +0000 (16:29 +0000)]
Merge "Disable automatic cache headers associated with starting a session"

5 years agoBitmapHandler: Implement validateParam()
Bartosz Dziewoński [Thu, 4 Feb 2016 16:01:44 +0000 (17:01 +0100)]
BitmapHandler: Implement validateParam()

Follow-up to 695a93dd3353678ae4a9038528a33a1ac03eba38.

Bug: T125804
Change-Id: Ifde40bb5d7c60dd19727f5e47041a6e676f7e3c8

5 years agoMerge "[debug] Remove BC code from AvroFormatter"
jenkins-bot [Thu, 4 Feb 2016 13:17:31 +0000 (13:17 +0000)]
Merge "[debug] Remove BC code from AvroFormatter"

5 years agoMerge "Split ImagePage.php into separate classes"
jenkins-bot [Thu, 4 Feb 2016 11:48:37 +0000 (11:48 +0000)]
Merge "Split ImagePage.php into separate classes"

5 years agoSplit ImagePage.php into separate classes
Thomas Arrow [Wed, 3 Feb 2016 12:26:01 +0000 (12:26 +0000)]
Split ImagePage.php into separate classes

Change-Id: Id2ca94c50b75d24da4d02fe82747a7ce7edccd9f

5 years agoMerge "Add User::isSafeToLoad() and ParserOptions::newFromAnon()"
jenkins-bot [Thu, 4 Feb 2016 06:08:07 +0000 (06:08 +0000)]
Merge "Add User::isSafeToLoad() and ParserOptions::newFromAnon()"

5 years agoMerge "Include completion search into SearchEngine"
jenkins-bot [Thu, 4 Feb 2016 02:09:46 +0000 (02:09 +0000)]
Merge "Include completion search into SearchEngine"

5 years agoMerge "Change bug ID to Phabricator task ID"
jenkins-bot [Thu, 4 Feb 2016 01:28:01 +0000 (01:28 +0000)]
Merge "Change bug ID to Phabricator task ID"

5 years agoChange bug ID to Phabricator task ID
wctaiwan [Thu, 4 Feb 2016 01:13:10 +0000 (20:13 -0500)]
Change bug ID to Phabricator task ID

Change-Id: I8e1fc6ed9434a331eb7c66273305576eebed3125

5 years agoMerge "Revert "Preprocessor: Don't allow unclosed extension tags (matching until...
Bartosz Dziewoński [Thu, 4 Feb 2016 01:10:58 +0000 (01:10 +0000)]
Merge "Revert "Preprocessor: Don't allow unclosed extension tags (matching until end of input)""

5 years agoRevert "Preprocessor: Don't allow unclosed extension tags (matching until end of...
Legoktm [Thu, 4 Feb 2016 00:38:35 +0000 (00:38 +0000)]
Revert "Preprocessor: Don't allow unclosed extension tags (matching until end of input)"

This reverts commit f51d0d9a819f8f1c181350ced2f015ce97985fcc.

Breaks templates with non-closed </noinclude> tags, which
were previously acceptable.

Bug: T125754
Change-Id: I8bafb15eefac4e1d3e727c1c84782636d8b82c2b

5 years agoInclude completion search into SearchEngine
Stanislav Malyshev [Tue, 26 Jan 2016 21:18:27 +0000 (13:18 -0800)]
Include completion search into SearchEngine

By default it still uses PrefixSearch and supports PrefixSearchBackend
but it can be deprecated and phased out and SearchEngine extensions used

New APIs:
- SearchEngine
public function defaultPrefixSearch( $search );
public function completionSearch( $search );
public function completionSearchWithVariants( $search );

Search engines should override:
protected function completionSearchBackend( $search );

Bug: T121430
Change-Id: Ie78649591dff94d21b72fad8e4e5eab010a461df

5 years agoAvoid unstubbing $wgUser before the end of Setup.php in User::getBlockedStatus()
Brad Jorsch [Wed, 3 Feb 2016 17:33:25 +0000 (12:33 -0500)]
Avoid unstubbing $wgUser before the end of Setup.php in User::getBlockedStatus()

Autocreation needs to check if the current IP is blocked from account

There are two ways we could go here: treat $wgUser as logged-out, or
assume it will eventually be the user name specified by the session.
This patch chooses the former, by the logic that at this early point in
the setup process we don't have a logged-in user determined yet so no
username can really be considered to match the logged-in user.

Bug: T124367
Change-Id: I631bec85291b57f07c378cf6554a8f06cf3fb00c

5 years agoAdd User::isSafeToLoad() and ParserOptions::newFromAnon()
Brad Jorsch [Wed, 3 Feb 2016 20:41:00 +0000 (15:41 -0500)]
Add User::isSafeToLoad() and ParserOptions::newFromAnon()

Useful for avoiding "User::loadFromSession called before the end of

Bug: T124367
Change-Id: I0b018a623fc833ca95d249ee21667a8f5690d50e

5 years agoDisable automatic cache headers associated with starting a session
Bryan Davis [Mon, 1 Feb 2016 04:39:10 +0000 (21:39 -0700)]
Disable automatic cache headers associated with starting a session

Follow up to 7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.

session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic

Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35

5 years agoClean up after Ie161e0f
Brad Jorsch [Sat, 30 Jan 2016 01:09:57 +0000 (20:09 -0500)]
Clean up after Ie161e0f

Ie161e0f was done in a hurry, and so didn't do things in the best ways.
This introduces a new "CachedBagOStuff" that transparently handles all
the logic that had been copy-pasted all over in Ie161e0f.

The differences between CachedBagOStuff and MultiWriteBagOStuff are:
* CachedBagOStuff supports only one "backend".
* There's a flag for writes to only go to the in-memory cache.
* The in-memory cache is always updated.
* Locks go to the backend cache (with MultiWriteBagOStuff, it would wind
  up going to the HashBagOStuff used for the in-memory cache).

Change-Id: Iea494729bd2e8c6c5ab8facf4c241232e31e8215

5 years agoRevert "Remove SessionManager, temporarily"
Brad Jorsch [Mon, 1 Feb 2016 20:44:03 +0000 (15:44 -0500)]
Revert "Remove SessionManager, temporarily"

This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b.

Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271

5 years agoMerge "Localisation updates from https://translatewiki.net."
Translation updater bot [Wed, 3 Feb 2016 21:44:43 +0000 (21:44 +0000)]
Merge "Localisation updates from https://translatewiki.net."

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Wed, 3 Feb 2016 21:40:15 +0000 (22:40 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Ia72df7f41e81cc99e25bcc9804c6b0bd43bfa61b

5 years agoMerge "resources: Load OOjs UI from its four parts"
jenkins-bot [Wed, 3 Feb 2016 21:38:34 +0000 (21:38 +0000)]
Merge "resources: Load OOjs UI from its four parts"

5 years agomediawiki.widgets: Remove backwards-compatibility dependency on 'mediawiki.widgets...
Bartosz Dziewoński [Wed, 3 Feb 2016 18:40:31 +0000 (19:40 +0100)]
mediawiki.widgets: Remove backwards-compatibility dependency on 'mediawiki.widgets.CategorySelector'

Follow-up to 40a8367fe9cd5fc2a26f1adf8f9e208551a4d7b9.

Change-Id: I28faea785cf13d1e741ae6f746a76bd7aeeaf3eb

5 years agoresources: Load OOjs UI from its four parts
Bartosz Dziewoński [Mon, 1 Feb 2016 22:28:13 +0000 (23:28 +0100)]
resources: Load OOjs UI from its four parts

See the task for more details. This is a backwards-compatible change.
If your script only needs a subset of OOjs UI functionality, you can
use one of the new smaller modules instead of the old big one.

New modules:
    The core JavaScript library.
    Additional widgets and layouts module.
    Toolbar and tools module.
    Windows and dialogs module.

Changed modules:
    Now correctly only loads the styles needed by OOjs UI PHP.
    Now just loads core+widgets+toolbars+windows as dependencies.

Using the new modules in I58799e22f9c0a2f78c1b4a02c4b7af576157883a.

Bug: T113677
Change-Id: I0a3bf8fb25fb82325705a473cebd883e20b3ab8d

5 years agoAdd Special:ApiSandbox
Brad Jorsch [Thu, 7 May 2015 17:11:09 +0000 (13:11 -0400)]
Add Special:ApiSandbox

Like Extension:ApiSandbox, but rewritten to use OOJS-UI and to add many
long-requested features.

Bug: T89386
Bug: T92893
Bug: T98457
Bug: T98083
Bug: T89229
Bug: T66008
Bug: T50607
Bug: T47811
Bug: T38875
Bug: T36962
Bug: T34740
Change-Id: Ic42a6c5ef54b811cd63cfef2132942b27a626fe5
Depends-On: I85c0eedcd31a0e419d8055eca0d9cb1ba872ae62
Depends-On: Ic85ff4abbbcd2076ebf5cdfaa0e95e98878e2308

5 years agoMerge "Use LinkTarget in TitleValue only methods"
jenkins-bot [Wed, 3 Feb 2016 13:36:59 +0000 (13:36 +0000)]
Merge "Use LinkTarget in TitleValue only methods"

5 years agoMerge "Add LinkTarget interface"
jenkins-bot [Wed, 3 Feb 2016 13:23:08 +0000 (13:23 +0000)]
Merge "Add LinkTarget interface"

5 years agoSet title on context in ApiDocumentationTest
Brad Jorsch [Tue, 2 Feb 2016 14:27:05 +0000 (09:27 -0500)]
Set title on context in ApiDocumentationTest

For some reason the unit testing infrastructure doesn't set one, and
that makes RequestContext warn.

Bug: T125491
Change-Id: I3e0ec0f567dd06231bca0d3d923e9d4e05ef5514

5 years agoMerge "Pass WikiPage objects to ParserCache"
jenkins-bot [Wed, 3 Feb 2016 12:01:09 +0000 (12:01 +0000)]
Merge "Pass WikiPage objects to ParserCache"

5 years agoCentralise url handling for urls to static resources
Timo Tijhof [Fri, 22 Jan 2016 22:58:03 +0000 (22:58 +0000)]
Centralise url handling for urls to static resources

Keep in CSSMin as-is for back-compat and to ensure library remains
independent of MediaWiki.

Moved down a few lines as there is no need to compute the md5 hash when we're
returning a data URI. Previously md5_file was called twice during module builds
(once for the fallback url, and another time when producing the embedded data uri).

Applied to logo in SkinModule as example. To be applied elsewhere as needed.
Without it, fallback is current behaviour (no cache invalidation).

Bug: T99096
Change-Id: I7f38bfc1bea5c241bc4f8ec4f4b640fd65f2c04f

5 years agoUpdate OOjs UI to v0.15.2
James D. Forrester [Tue, 2 Feb 2016 22:10:54 +0000 (14:10 -0800)]
Update OOjs UI to v0.15.2

Release notes:

Change-Id: I8124a726660443ce514c48182871d46e6b086a10

5 years agoMerge "Unroll Article::__call again"
jenkins-bot [Tue, 2 Feb 2016 20:29:19 +0000 (20:29 +0000)]
Merge "Unroll Article::__call again"

5 years agoMerge "Add Blob to accepted types for uploads"
jenkins-bot [Tue, 2 Feb 2016 20:25:34 +0000 (20:25 +0000)]
Merge "Add Blob to accepted types for uploads"

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Tue, 2 Feb 2016 20:14:54 +0000 (21:14 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Idc128c366bbcbd34e7fb4e75af8400fa11bcd53e

5 years agoPass function to Database::selectField in SpecialActiveusers.php
umherirrender [Tue, 2 Feb 2016 20:12:57 +0000 (21:12 +0100)]
Pass function to Database::selectField in SpecialActiveusers.php

Change-Id: Ie58b484cb8add682c7a0c138af2c3268faf7b383

5 years agoAdd Blob to accepted types for uploads
Mark Holmquist [Tue, 2 Feb 2016 17:00:28 +0000 (11:00 -0600)]
Add Blob to accepted types for uploads

From https://developer.mozilla.org/en-US/docs/Web/API/File :

A File object is specific kind of a Blob, and can be used in any
context that a Blob can. In particular, FileReader, URL.createObjectURL(),
createImageBitmap(), and XMLHttpRequest.send() accept both Blobs and Files.

Change-Id: I171f884fc4ada6180e5c605a44b27044fc03f26e

5 years agoPass WikiPage objects to ParserCache
umherirrender [Tue, 2 Feb 2016 19:38:36 +0000 (20:38 +0100)]
Pass WikiPage objects to ParserCache

ParserCache::get is documented for WikiPage, so do it from Article class
This avoids magic calls due Article::__call

Change-Id: I92b91bd112383d1c0132530c3325b39596d95768

5 years agoAdd $wgAuthenticationTokenVersion
Brad Jorsch [Mon, 1 Feb 2016 20:07:09 +0000 (15:07 -0500)]
Add $wgAuthenticationTokenVersion

This allows for quickly invalidating everyone's session all at once by
changing a single value.

As a side effect, setting this also stops the user_token field from
the database from being served to the user as a cookie.

This mitigates but doesn't completely solve T49490, as it allows for
invalidating all existing sessions and token-cookies but does not help
if the user_token field in the database was leaked.

Bug: T49490
Change-Id: I9d316a6bbb36278d138f39a89125ebb8cc71b28f

5 years agoPage is an interface not a class
addshore [Tue, 2 Feb 2016 18:13:39 +0000 (19:13 +0100)]
Page is an interface not a class

Change-Id: I299067320a2f8e541eba668464eb18c42bfb56e5

5 years agoMerge "XMPValidate: fix undefined variable for logger"
jenkins-bot [Tue, 2 Feb 2016 17:06:20 +0000 (17:06 +0000)]
Merge "XMPValidate: fix undefined variable for logger"

5 years agoUnroll Article::__call again
addshore [Tue, 2 Feb 2016 16:48:20 +0000 (17:48 +0100)]
Unroll Article::__call again

Adds all public functions from WikiPage to Article

Adds all public functions from WikiFilePage that
are not in Article to ImagePage

WikiCategoryPage has no methods that need moving

Removed __call from Article

If extensions extend WikiPage and rely on the __call
method in Article they may break with this change.
They cal easily call $article->getPage()->method..

Change-Id: I8cd8d69d0d59c67f4879212535206688387bead4

5 years agoMerge "QA: Upgrade to mediawiki_selenium 1.6.5"
jenkins-bot [Tue, 2 Feb 2016 09:48:45 +0000 (09:48 +0000)]
Merge "QA: Upgrade to mediawiki_selenium 1.6.5"

5 years agofix hardcoded limit on titles in Special:Export
This, that and the other [Mon, 1 Feb 2016 14:16:08 +0000 (01:16 +1100)]
fix hardcoded limit on titles in Special:Export

In Special:Export if you enter a category in the "Add pages from
category" textbox, there was a hardcoded limit of 5000 page titles in
the function getPagesFromCategory().

The same is true for a similar function fetching pages by namespace
instead of category, function getPagesFromNamespace().

I have a couple of wikis where we wish to export a nummber of pages
exceeding 5000, so this is inconvenient. In this commit, I have
introduced one new global configuration variable: $wgExportPagelistLimit.

This new configuration variable has had its default set in
includes/DefaultSettings.php to the values the two affected functions
were hardcoded to prior to this patch; 5000 in both instances.

This way, I can adjust the number of pages returned in the
Special:Export page by adjusting the above new variable in

Change-Id: I6ca9e26eb6bc4a7a2bafd73b9460f445940c8ecb

5 years agoRevert "Unroll Article::__call"
Tyler Cipriani [Tue, 2 Feb 2016 00:58:27 +0000 (16:58 -0800)]
Revert "Unroll Article::__call"

This reverts commit 6051fcd38374db7e2d984ec535da264cb48d291f.

Bug: T125468
Change-Id: I9456c8e1b95ca3b2b2fa5d306f45a46210c4b1fc

5 years agoQA: Upgrade to mediawiki_selenium 1.6.5
Dan Duvall [Mon, 1 Feb 2016 23:30:44 +0000 (15:30 -0800)]
QA: Upgrade to mediawiki_selenium 1.6.5

Bug: T114241
Change-Id: I2996611d51b5d08c67f7a60d05003db97dffc0b7

5 years agoMerge "New hook for filters on Special:Contributions form"
jenkins-bot [Mon, 1 Feb 2016 22:47:40 +0000 (22:47 +0000)]
Merge "New hook for filters on Special:Contributions form"

5 years agoMerge "Add phpdoc for some ApiQueryInfo properties"
jenkins-bot [Mon, 1 Feb 2016 22:40:29 +0000 (22:40 +0000)]
Merge "Add phpdoc for some ApiQueryInfo properties"

5 years agoRemove SessionManager, temporarily
Brad Jorsch [Mon, 1 Feb 2016 17:28:29 +0000 (12:28 -0500)]
Remove SessionManager, temporarily

The plan here is to take it out of 1.27.0-wmf.12 and put it back in

Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.

This reverts the following commits:
6acd424e0dbc322e8b9a141bd2625453c1b9b6f1 SessionManager: Notify AuthPlugin before calling hooks
4d1ad32d8acbd443346253d2f6a95024c833295c Close a loophole in CookieSessionProvider
fcdd643a46d87b677f6cdcc3ba9440e1472d8df7 SessionManager: Don't save non-persisted sessions to backend storage
058aec4c76129b7ee8541692a8a48f8046e15bb6 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
b5c0c03bb708f8dad6e404969df8addc123984db SessionManager: Save user name to metadata even if the user doesn't exist locally
13f2f09a193215aa7a061d10a1955e172d06fa0a SECURITY: Fix User::setToken() call on User::newSystemUser
305bc75b27903237a9683ec1f329bcbec0ecd266 SessionManager: Don't generate user tokens when checking the tokens
7c4bd85d2152fd9fa975ea0fb5ffb1a0b804f99b RequestContext::exportSession() should only export persisted session IDs
296ccfd4a9a6ad3ae412db7e2408c923aaa61f64 SessionManager: Save 'persisted' flag in session metadata
94ba53f67731b0553a6178841d9506e384f74496 Move CSRF token handling into MediaWiki\Session\Session
46a565d6b00174e631d2022b47677e1a78e73897 Avoid false "added in both Session and $_SESSION" when value is null
c00d0b5d94c946b8883dd7062bf7160a199aa5c2 Log backtrace for "User::loadFromSession called before the end of Setup.php"
4eeff5b559e2ae7b8fa1f45572968ba28573a421 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
7491b52f700e220814a8190781fd794b4dd88a20 Call session_cache_limiter() before starting a session
2c34aeea72471f9a598e67bdbf34bc5f9fb3f0c5 SessionManager: Abstract forceHTTPS cookie setting
9aa53627a53aabec0273cecf45a86e77927ef406 Ignore auth cookies with value 'deleted'
43f904b51a746d7f71ea2ab9951c5c98d269765b SessionManager: Kill getPersistedSessionId()
50c52563528ba3d765c3762211f98d6f3c0e39fd SessionManager: Add SessionBackend::setProviderMetadata()
f640d403154bc0a2b4f6d399582797a9e3bc6fcb SessionManager: Notify AuthPlugin when auto-creating accounts
70b05d1ac1e859bac2185b246e9b93ec9051e4d8 Add checks of $wgEnableBotPasswords in more places
bfed32eb78b6c720b16bc7ed60153fd2fe257a9e Do not raise a PHP warning when session write fails
722a7331ad8d98228511f8da38adc7a3c64dd617 Only check LoggedOut timestamp on the user loaded from session
4f5057b84b36eccd16627a6b29831dfdb4483b02 SessionManager: Change behavior of getSessionById()
66e82e614e157e39b03d813e71ddf23f53cf640b Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
f9fd9516d922d36291037baca7205a2b0ac9f15f Add "bot passwords"
d7716f1df0b692902571bf415a0984071e3e9a60 Add missing argument for wfDebugLog
a73c5b7395a07d490f7052fd3b2491ebd656b190 Add SessionManager

Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50

5 years agoMerge "Remove use of explodeMarkup"
jenkins-bot [Mon, 1 Feb 2016 21:31:27 +0000 (21:31 +0000)]
Merge "Remove use of explodeMarkup"

5 years agoMerge "Revert "Remove unused functions from unroll of Article::__call""
jenkins-bot [Mon, 1 Feb 2016 20:26:38 +0000 (20:26 +0000)]
Merge "Revert "Remove unused functions from unroll of Article::__call""

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Mon, 1 Feb 2016 20:20:52 +0000 (21:20 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I5d76f70102160fdeb8fe596f0f31b04efdcb56d7

5 years agoRevert "Remove unused functions from unroll of Article::__call"
Alex Monk [Mon, 1 Feb 2016 20:05:38 +0000 (20:05 +0000)]
Revert "Remove unused functions from unroll of Article::__call"

This reverts commit 0204a28443606a2b3026d403c625f3a089841430.

Change-Id: Ia058c91f808eedae28946b9561c826fbf09b386e

5 years agoMerge "Fix typo in mw.widgets.CategorySelector.js"
jenkins-bot [Mon, 1 Feb 2016 17:16:28 +0000 (17:16 +0000)]
Merge "Fix typo in mw.widgets.CategorySelector.js"

5 years agoFix typo in mw.widgets.CategorySelector.js
Glaisher [Mon, 1 Feb 2016 16:41:40 +0000 (21:41 +0500)]
Fix typo in mw.widgets.CategorySelector.js

Change-Id: I65aef06fbabab8b3d4d8c6b72847fecb0637f352

5 years agoMerge "Use autoloader for PHP data files instead of include/require"
jenkins-bot [Mon, 1 Feb 2016 15:11:54 +0000 (15:11 +0000)]
Merge "Use autoloader for PHP data files instead of include/require"

5 years agoMerge "Remove unused functions from unroll of Article::__call"
jenkins-bot [Mon, 1 Feb 2016 14:09:36 +0000 (14:09 +0000)]
Merge "Remove unused functions from unroll of Article::__call"

5 years agoXMPValidate: fix undefined variable for logger
Southparkfan [Mon, 1 Feb 2016 13:01:58 +0000 (14:01 +0100)]
XMPValidate: fix undefined variable for logger

Change-Id: I8903e89bd93ef62236023fb07d78ade722eb102a

5 years agoSessionManager: Notify AuthPlugin before calling hooks
Brad Jorsch [Sun, 31 Jan 2016 20:48:23 +0000 (15:48 -0500)]
SessionManager: Notify AuthPlugin before calling hooks

This avoids a race in CentralAuth:
* The user doesn't exist locally, so CA wants to create it
* Auto-creation adds the user to the database
* A hook function tries to access the session; now the user does exist
  locally but isn't yet attached, so CA rejects the session.

Bug: T125283
Change-Id: I6024885e3cf9c85c527fc160577f66ff97451c98

5 years agoAdd myself to CREDITS
Florian [Mon, 1 Feb 2016 00:02:54 +0000 (01:02 +0100)]
Add myself to CREDITS

Change-Id: Ib16b6e91b0ce25bef6b747c90955cf840c63dabf

5 years agoMerge "ResourceLoaderImage: Use DomDocument::loadXml rather than DomDocument::load"
jenkins-bot [Sun, 31 Jan 2016 22:52:52 +0000 (22:52 +0000)]
Merge "ResourceLoaderImage: Use DomDocument::loadXml rather than DomDocument::load"

5 years agoResourceLoaderImage: Use DomDocument::loadXml rather than DomDocument::load
Bartosz Dziewoński [Sun, 31 Jan 2016 22:23:27 +0000 (23:23 +0100)]
ResourceLoaderImage: Use DomDocument::loadXml rather than DomDocument::load

Some users are reporting that DomDocument::load can't read the files
on their setups, while they can be read with file_get_contents. So use
that and pass the string to DomDocument::loadXml. The advantage of
DomDocument::load is supposed to be in handling large files, and the
icons here are supposed to be small.

Bug: T107198
Change-Id: I8e4dc4642f9d0c5f01ec5e4061e83bf09d0a4900

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sun, 31 Jan 2016 20:20:37 +0000 (21:20 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I3e45e4442bad5ddf8bf91b9cf4d2f8c66b143929

5 years agoMerge "Correct messages 'uploaded-href-attribute-svg' and 'uploaded-href-unsafe-targe...
jenkins-bot [Sun, 31 Jan 2016 18:43:52 +0000 (18:43 +0000)]
Merge "Correct messages 'uploaded-href-attribute-svg' and 'uploaded-href-unsafe-target-svg'"

5 years agoCorrect messages 'uploaded-href-attribute-svg' and 'uploaded-href-unsafe-target-svg'
Bartosz Dziewoński [Sun, 31 Jan 2016 18:10:09 +0000 (19:10 +0100)]
Correct messages 'uploaded-href-attribute-svg' and 'uploaded-href-unsafe-target-svg'

Whoops, 'uploaded-href-attribute-svg' was actually telling the user
almost the exact opposite of the truth. I'm also removing all the
translations for it, as they're all wrong.

Change-Id: I56b62c0127cb87707256c8e45d49ce7764f49e31

5 years agoMerge "wfMsgReplaceArgs: Don't use count(), if the actual amount of entries isn't...
jenkins-bot [Sun, 31 Jan 2016 11:39:50 +0000 (11:39 +0000)]
Merge "wfMsgReplaceArgs: Don't use count(), if the actual amount of entries isn't needed"

5 years agoMerge "Give TestCase::checkHasDiff3 a better name"
jenkins-bot [Sun, 31 Jan 2016 11:39:46 +0000 (11:39 +0000)]
Merge "Give TestCase::checkHasDiff3 a better name"

5 years agoMerge "HTMLUserTextField: Enable suggestions for non-OOUI mode"
jenkins-bot [Sun, 31 Jan 2016 11:39:42 +0000 (11:39 +0000)]
Merge "HTMLUserTextField: Enable suggestions for non-OOUI mode"

5 years agoMerge "SpecialMovepage: Use hidden form fields to set hidden data, not the submit...
jenkins-bot [Sun, 31 Jan 2016 11:36:10 +0000 (11:36 +0000)]
Merge "SpecialMovepage: Use hidden form fields to set hidden data, not the submit button"

5 years agoAdd missing ResetUserEmail class to autoload.php
Florian [Sat, 30 Jan 2016 21:45:35 +0000 (22:45 +0100)]
Add missing ResetUserEmail class to autoload.php

The test in I3a426b92892f4c00cab33a13f6a717751120367c would prevent
the need of this commit :P

Follow up: I2b875326a0eb1e6d1f4bc758b8ac97b8f9324c4e

Change-Id: Id5efc5a5b43a1795c133f64025ea04f3e2d159cb

5 years agoClose a loophole in CookieSessionProvider
Brad Jorsch [Sat, 30 Jan 2016 15:54:24 +0000 (10:54 -0500)]
Close a loophole in CookieSessionProvider

There's a crazy-small chance that someone could have a logged-out
session (e.g. by logging out or visiting a page that creates a session
despite being logged out), then the session expires, then someone else
logs in and gets the same session ID (which is about a 1 in a
quindecillion chance), then the first person comes in and picks up the
second person's session.

To avoid that, if there's no UserID cookie set (or the cookie value is
0) then indicate that the SessionInfo is for a logged-out user.

No idea if this is actually what happened in T125283, but it's worth
fixing anyway.

Bug: T125283
Change-Id: I44096c69aa7bd285e4e2472959e8d892200c5f2c

5 years agoHTMLUserTextField: Enable suggestions for non-OOUI mode
Florian [Thu, 29 Oct 2015 18:00:59 +0000 (19:00 +0100)]
HTMLUserTextField: Enable suggestions for non-OOUI mode

Bug: T117067
Change-Id: I03eabf6ed5d5a36534a5eec76c05d0a353ebf6ff

5 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sat, 30 Jan 2016 21:33:26 +0000 (22:33 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I2610945396e52544782c86e00c34bf64abf2a129

5 years agowfMsgReplaceArgs: Don't use count(), if the actual amount of entries isn't needed
Florian [Wed, 13 Jan 2016 17:55:08 +0000 (18:55 +0100)]
wfMsgReplaceArgs: Don't use count(), if the actual amount of entries isn't needed

The only use of the return value of count() is, to check, if the array is empty or
not. This can be done in an easier way and a bit more performant, especially for
large arrays.

Change-Id: If119ead9230ba1783b8c853c18c379f174910e51

5 years agoRemove unused functions from unroll of Article::__call
umherirrender [Sat, 30 Jan 2016 12:44:01 +0000 (13:44 +0100)]
Remove unused functions from unroll of Article::__call

With I779aa1c017abc9a17047fd5335f2d082148daa6f all public functions from
WikiPage were copied as delegator into Article.

Now remove the unused functions and add a release notes

Change-Id: I9cc79acedecb003048e1add568e8bba96ddbb41a

5 years agoStyle and commenting tweaks to CategoryMembershipChangeJob
Aaron Schulz [Sat, 30 Jan 2016 18:19:36 +0000 (10:19 -0800)]
Style and commenting tweaks to CategoryMembershipChangeJob

Also renamed safeWaitForPos() => safeWaitForMasterPos()

Change-Id: Ic89e2a0b17cd6e6ef09cf703bbbcea1988a5bde9

5 years agoMerge "Do not auto-reconnect to DBs if named locks where lost"
jenkins-bot [Sat, 30 Jan 2016 18:07:35 +0000 (18:07 +0000)]
Merge "Do not auto-reconnect to DBs if named locks where lost"

5 years agoMerge "Use slave for selects in CategoryMembershipJob"
jenkins-bot [Sat, 30 Jan 2016 17:51:10 +0000 (17:51 +0000)]
Merge "Use slave for selects in CategoryMembershipJob"

5 years agoUse slave for selects in CategoryMembershipJob
addshore [Fri, 29 Jan 2016 10:10:52 +0000 (11:10 +0100)]
Use slave for selects in CategoryMembershipJob

This patch switches to using a slave but imediatly
waits for the slave to catch up with master
(so as not to miss things).

This may result in more delay between an edit and
category changes being inserted.

It may be possible to instead wait for the timestamp
that is passed in $this->params['revTimestamp']
which could result in slightly less delay.

I can't see any uses of waitForReplication in quite
this way but see no imediate reason this would not work.

Bug: T125147
Change-Id: Ia0aa722c97f41a3959bcd3cb4210b39db0c3bc45

5 years agoDo not auto-reconnect to DBs if named locks where lost
Aaron Schulz [Sat, 30 Jan 2016 17:17:17 +0000 (09:17 -0800)]
Do not auto-reconnect to DBs if named locks where lost

Otherwise, transactions might be committed without cooperative
locks that were supposed to be present. This is similar to the
logic of not auto-reconnecting if a transaction was started to
avoid committing incomplete changes.

Change-Id: Ia7bc6b188bb5ee53a5bf7c5a30718bc7c4dd0ba9

5 years agoMake sure getScopedLockAndFlush() commits before unlocking
Aaron Schulz [Sat, 30 Jan 2016 16:52:06 +0000 (08:52 -0800)]
Make sure getScopedLockAndFlush() commits before unlocking

This is necessary for callers to see changes from prior callers

Change-Id: I5e05215541e641b5b5a4bc55c91d6ec8ef774ca1