3 years agoUpgrade wikimedia/ip-set to 1.3.0
Kunal Mehta [Tue, 18 Dec 2018 04:14:25 +0000 (20:14 -0800)]
Upgrade wikimedia/ip-set to 1.3.0

Bug: T209756
Depends-On: Ib749ec9aae5aeb3fad8232ecbea749530e0408a2
Change-Id: I7f5625924baea822f2679115278a3d7a02a72d57

3 years agoUse our fork of less.php
Kunal Mehta [Tue, 18 Dec 2018 04:12:14 +0000 (20:12 -0800)]
Use our fork of less.php

Supports PHP 7.3, among other things

Bug: T206975
Depends-On: I01e0b3328c8e1c4a69c37a471e436acd8911f1fa
Change-Id: I8edcd9316cbff40aee3d52c7295f5974ee2f44b0

3 years agoImageListPager: Actor migration for buildQueryConds()
Brad Jorsch [Tue, 4 Dec 2018 16:08:08 +0000 (11:08 -0500)]
ImageListPager: Actor migration for buildQueryConds()

This method got missed in I8d825eb0.

Bug: T211061
Change-Id: Ice7446e54a42cbf48eae2a2092862a722650086c
(cherry picked from commit 86b081aa4100bfde2c4903c16fd593f485954326)

3 years agoSave value from CLI installers `--lang` argument
rvogel [Mon, 3 Dec 2018 10:48:08 +0000 (11:48 +0100)]
Save value from CLI installers `--lang` argument

This way the value of `--lang` is available to `LocalSettingsGenerator`.

Bug: T210998
Change-Id: I8b6bd83603687e4d23fc7e0642c3b8f27157b62d
(cherry picked from commit 996ac9f61e34db8b5d50ca9574a021e422cf9030)

3 years agoRELEASE-NOTES-1.31: Add in other cherry-picks since 1.31.1 was cut
James D. Forrester [Fri, 30 Nov 2018 23:16:20 +0000 (15:16 -0800)]
RELEASE-NOTES-1.31: Add in other cherry-picks since 1.31.1 was cut

Gone through `git log --topo-order --no-merges --reverse 1.31.1..`
from 1f664ea4 to 7a6393fc (HEAD as of writing); re-worded a couple,
grouped the PHP version work together, and skipped a couple which
were just follow-up tweaks or test fixes to ones already in the list.

Change-Id: Ic04998209348abf73eefb1cad404700da91457ed

3 years agoLogFormatter: Fail softer when trying to link an invalid titles
Bartosz Dziewoński [Wed, 1 Aug 2018 01:13:18 +0000 (03:13 +0200)]
LogFormatter: Fail softer when trying to link an invalid titles

Old log entries contain titles that used to be valid, but now are not.

Bug: T185049
Change-Id: Ia66d901aedf1b385574b3910b29f020b3fd4bd97
(cherry picked from commit 26bb9d9b23eb2075eefca2097ca393a9d4aa3264)

3 years agoSQL syntax error in MS-SQL file
Seb35 [Tue, 20 Nov 2018 14:25:09 +0000 (15:25 +0100)]
SQL syntax error in MS-SQL file

Bug: T209870
Change-Id: I91e4f8472832c4bb17eb1d185db1bcbde57a9287
(cherry picked from commit e1100d2d53baa71d20cc282b6dc0a950b080aaad)

3 years agoUse $revQuery['joins'] in query in populateSearchIndex
Paladox [Mon, 19 Nov 2018 21:29:44 +0000 (21:29 +0000)]
Use $revQuery['joins'] in query in populateSearchIndex

Bug: T209885
Change-Id: Iaf53179535030064788eb107c4ebdd398ed306e4

3 years agoUpdate git submodules
RazeSoldier [Sat, 10 Nov 2018 07:32:34 +0000 (15:32 +0800)]
Update git submodules

* Update extensions/LocalisationUpdate from branch 'REL1_31'
  to 8ac18feceb9bf298a65c4e27d29cd458e4bc061a
  - Use "break" instead of "continue" inside a switch

    "continue" statements in a switch are equivalent to "break". In PHP 7.3, will generate a warning.

    Bug: T206976
    Change-Id: I7e28a59918edbbcc741a64c6c0ed2a55bd650384
    (cherry picked from commit fa93fda37e308a83e3211f53c8f828b5c3482c07)

3 years agoUpdate git submodules
Derk-Jan Hartman [Wed, 14 Nov 2018 20:01:22 +0000 (21:01 +0100)]
Update git submodules

* Update extensions/WikiEditor from branch 'REL1_31'
  to dca935d7de870eb5352788c0537c172b574f1475
  - Modules: Protect against loading modules twice

    Bug: T189029
    Change-Id: Ie0dff9c1dfa8e3a0927f2915a9a237dff739289a
    (cherry picked from commit 0161e37e6e67ac6eb76fbc0bea4f299e17fcdda2)

3 years agoAdd test for completionSearch with wgCapitalLinkOverrides
David Causse [Tue, 6 Nov 2018 13:35:03 +0000 (14:35 +0100)]
Add test for completionSearch with wgCapitalLinkOverrides

Bug: T208255
Change-Id: Id2299a013b2dc9b5391d400d7c7c4dc37185f714

3 years agoCompletion search should not change the search query
David Causse [Tue, 6 Nov 2018 14:52:08 +0000 (15:52 +0100)]
Completion search should not change the search query

when extracting the namespace

Bug: T208255
Change-Id: I98206bda9a32e12acc7e515c3396fa823c3cd4f3

3 years agoUpdate git submodules
Niklas Laxström [Wed, 24 Oct 2018 08:33:04 +0000 (10:33 +0200)]
Update git submodules

* Update extensions/LocalisationUpdate from branch 'REL1_31'
  to bdf7b30dbada29938bd92ee6b9370a45d0ecac61
  - Handle exceptions from GitHubFetcher

    If a l10n directory is not found, log a message but continue.

    This commit introduces some output to normal update.php run, which
    can be disabled with the --quiet switch.

    Bug: T176390
    Change-Id: Ic1001303aef859d325e307edd4348364cab9ed7d
    (cherry picked from commit db84ba6ed2b4e255c844171db545fa451da08e1f)

3 years agocomposer.json, require ext-fileinfo
addshore [Mon, 24 Sep 2018 08:25:53 +0000 (09:25 +0100)]
composer.json, require ext-fileinfo

PHPVersionCheck requires fileinfo be installed for mime_content_type

Change-Id: Iea7d2c7842c770e77c05265d4f4b08b17f9ab71f
(cherry picked from commit 139bf5bc7b66c83bd5a27d4fc6806ddaebe3f188)

3 years agoDon't throw E_NOTICEs about undefined properties
Jack Phoenix [Fri, 13 Jul 2018 03:33:10 +0000 (06:33 +0300)]
Don't throw E_NOTICEs about undefined properties

Bug: T199494
Change-Id: Id24b9ece76ca0bedcaac29f1a6f5567af78658c1
(cherry picked from commit 83164669a140717797953f07baaf0b3239689017)

3 years agoMerge "Update wikimedia/base-convert to 2.0.0" into REL1_31
jenkins-bot [Mon, 22 Oct 2018 22:03:54 +0000 (22:03 +0000)]
Merge "Update wikimedia/base-convert to 2.0.0" into REL1_31

3 years agoUpdate git submodules
Kunal Mehta [Mon, 22 Oct 2018 18:17:22 +0000 (11:17 -0700)]
Update git submodules

* Update vendor from branch 'REL1_31'
  to 5f60e30d272ea5327b407e625b4398952d49f8cf
  - Update wikimedia/base-convert to 2.0.0

    Bug: T194052
    Change-Id: I4de5c0ab827c96e2cef4e0b2cd7d10a109393668
    (cherry picked from commit 2f3707a143c1ef3bbe69d57fa724ae9dc6541d0e)

3 years agoUpdate wikimedia/base-convert to 2.0.0
Kunal Mehta [Mon, 22 Oct 2018 18:17:40 +0000 (11:17 -0700)]
Update wikimedia/base-convert to 2.0.0

The breaking change is dropping PHP 5 support.

Bug: T194052
Depends-On: I4de5c0ab827c96e2cef4e0b2cd7d10a109393668
Change-Id: If39ea5274bfa3c9b0ce18f9a43a27445a90ea3fc
(cherry picked from commit bb2d81c3a47e1fb1266b6f0352bb89b786ea9235)

3 years agoMerge "Upgrade wikimedia/remex-html to 2.0.1" into REL1_31
jenkins-bot [Mon, 22 Oct 2018 15:18:08 +0000 (15:18 +0000)]
Merge "Upgrade wikimedia/remex-html to 2.0.1" into REL1_31

3 years agoUpdate git submodules
Kunal Mehta [Sun, 21 Oct 2018 05:10:45 +0000 (22:10 -0700)]
Update git submodules

* Update vendor from branch 'REL1_31'
  to 48fed251a916a78bf5bff4f38fc9c1131ee21f4f
  - Upgrade wikimedia/remex-html to 2.0.1

    Bug: T207088
    Change-Id: Id4bbbdb68678c37ec4aa84d519516199bb800393
    (cherry picked from commit 48f274d9cc6b2e8d4961c831e1cc81c4edba6689)

3 years agoMerge "Upgrade wikimedia/remex-html to 2.0.0" into REL1_31
jenkins-bot [Mon, 22 Oct 2018 15:18:02 +0000 (15:18 +0000)]
Merge "Upgrade wikimedia/remex-html to 2.0.0" into REL1_31

3 years agoUpdate git submodules
Kunal Mehta [Tue, 14 Aug 2018 20:38:26 +0000 (13:38 -0700)]
Update git submodules

* Update vendor from branch 'REL1_31'
  to 78271def9b2b28e6f176ca470f23e24526ff2c5c
  - Upgrade wikimedia/remex-html to 2.0.0

    Change-Id: Ie13945649314853cbd5707363f3a10da55752743
    (cherry picked from commit 1f29509a937d9ac7c6c0b876928307828a697fa9)

3 years agoMerge "RemexCompatMunger: Don't call endTag() in case B/b" into REL1_31
jenkins-bot [Mon, 22 Oct 2018 02:14:00 +0000 (02:14 +0000)]
Merge "RemexCompatMunger: Don't call endTag() in case B/b" into REL1_31

3 years agoMerge "<ins>/<del> elements can be phrasing or flow" into REL1_31
jenkins-bot [Mon, 22 Oct 2018 02:11:41 +0000 (02:11 +0000)]
Merge "<ins>/<del> elements can be phrasing or flow" into REL1_31

3 years agoUpgrade wikimedia/remex-html to 2.0.1
Kunal Mehta [Sun, 21 Oct 2018 05:12:14 +0000 (22:12 -0700)]
Upgrade wikimedia/remex-html to 2.0.1

Bug: T207088
Depends-On: Id4bbbdb68678c37ec4aa84d519516199bb800393
Change-Id: Ia5822f5f283f5d935c78402ce71e2d010e9a7a91
(cherry picked from commit a404d87418bb332deab92fa7189b999d1c0c410c)

3 years agoUpgrade wikimedia/remex-html to 2.0.0
Kunal Mehta [Tue, 14 Aug 2018 20:38:37 +0000 (13:38 -0700)]
Upgrade wikimedia/remex-html to 2.0.0

Depends-On: Ie13945649314853cbd5707363f3a10da55752743
Change-Id: Ib6c8aaa797c128c273cde8095eb0bb1527fc0e21
(cherry picked from commit 9cac6c5645cbde9c48a4fac43c8dfdd977bb200f)

3 years agoRemexCompatMunger: Don't call endTag() in case B/b
Tim Starling [Mon, 6 Aug 2018 02:30:51 +0000 (12:30 +1000)]
RemexCompatMunger: Don't call endTag() in case B/b

This was naïve, the linked bug documents a case where endTag() was
called despite children of the p-wrap still being in TreeBuilder's
stack. Instead, wait for the parent of the p-wrap to have endTag()
called on it, I've submitted a patch which will clean up the node in
that case.

Bug: T200827
Change-Id: I34694813eace9cadabf2db8f9ccca83d1368cfad
(cherry picked from commit 10c8cfea305ec1d450b16ad54ebddb5f910016f4)

3 years ago<ins>/<del> elements can be phrasing or flow
Arlo Breault [Thu, 12 Jul 2018 18:31:04 +0000 (14:31 -0400)]
<ins>/<del> elements can be phrasing or flow

The changes to the parserTests.txt highlight the differing opinions that
doBlockLevels and Remex had on whether these should be paragraph wrapped.

Since the only time they wouldn't have been was when found on a line
with other flow tags, this likely isn't a behaviour that was depended on
in practice.  And, indeed, the task describes this as a bug.

A sampling of pages from an insource:/\<(ins|del)\>/ search on wiki bears
this out.

Bug: T17491
Change-Id: I311da777a63aa3c45013f2cfc090be35a022497e
(cherry picked from commit 5a7f860b7859146d006d09c29f542be835165870)

3 years agoSECURITY: Don't allow loading unprotected JS files
Brian Wolff [Thu, 27 Sep 2018 11:42:37 +0000 (11:42 +0000)]
SECURITY: Don't allow loading unprotected JS files

This is meant to protect against malicious people while avoiding
annoying good users as much as possible. We may want to restrict
this further in the future, but that's something that can be discussed
in the normal way.

Bug: T194204
Bug: T113042
Bug: T112937
Change-Id: I27e049bae78b5c0f63b10f454b740cb1dc394813

3 years agoSECURITY: Disallow loading JS/CSS/Json subpages from unregistered users and log
Brian Wolff [Tue, 15 May 2018 00:34:14 +0000 (00:34 +0000)]
SECURITY: Disallow loading JS/CSS/Json subpages from unregistered users and log

Loading JS from an unregistered user's JS subpage is a severe
security risk as someone could potentially register that account
and then modify the JS.

Bug: T207603
Change-Id: I741736e12b0ed49e95f22c869a2b53e2c97b31f0

3 years agoMerge "Don't pass a MailAddress pass the email to mail()" into REL1_31
jenkins-bot [Sun, 21 Oct 2018 17:33:31 +0000 (17:33 +0000)]
Merge "Don't pass a MailAddress pass the email to mail()" into REL1_31

3 years agoMerge "Update ImportableUploadRevisionImporter for interwiki usernames" into REL1_31
jenkins-bot [Sun, 21 Oct 2018 15:59:47 +0000 (15:59 +0000)]
Merge "Update ImportableUploadRevisionImporter for interwiki usernames" into REL1_31

3 years agoMerge "installer: Don't link to the obsolete "Extension Matrix" page" into REL1_31
jenkins-bot [Sun, 21 Oct 2018 15:59:42 +0000 (15:59 +0000)]
Merge "installer: Don't link to the obsolete "Extension Matrix" page" into REL1_31

3 years agoDatabase: Allow selectFieldValues() to accept SQL fragments
Brad Jorsch [Wed, 17 Oct 2018 15:26:51 +0000 (11:26 -0400)]
Database: Allow selectFieldValues() to accept SQL fragments

The documentation says "This must be a valid SQL fragment", but as
written it breaks if given anything other than a field name. It's easy
enough to fix by adding an alias to the internal select() call.

Bug: T201781
Change-Id: I76428af6d3aadc266254fdb24109a0ac2db3761f
(cherry picked from commit c5a5b022400318e52638a4d34369ddbb74d7a21b)

3 years agoinstaller: Don't link to the obsolete "Extension Matrix" page
Zoranzoki21 [Sat, 29 Sep 2018 00:06:23 +0000 (03:06 +0300)]
installer: Don't link to the obsolete "Extension Matrix" page

Bug: T205765
Change-Id: Id1ba965c7c06ce03611ba745421dc982f5393f8c
(cherry picked from commit 8b7b5f04b7c84ffd2cda3aae06513a8e4fca6128)

3 years agoDon't pass a MailAddress pass the email to mail()
Reedy [Sat, 20 Oct 2018 12:37:15 +0000 (13:37 +0100)]
Don't pass a MailAddress pass the email to mail()

Bug: T207541
Change-Id: I1516023907e9773cb093010c6b67279f695abb1a
(cherry picked from commit c57aacb782f5ce5e53253192a53d736ece300d3c)

3 years agoInclude IP address in "Login for $1 succeeded" log entry
Kunal Mehta [Sat, 20 Oct 2018 12:35:22 +0000 (05:35 -0700)]
Include IP address in "Login for $1 succeeded" log entry

Bug: T207540
Change-Id: Iab4f2f2ddc8e64ead2f33356d03fa7beed399415

3 years agoUpdate ImportableUploadRevisionImporter for interwiki usernames
Brad Jorsch [Tue, 16 Oct 2018 14:47:44 +0000 (10:47 -0400)]
Update ImportableUploadRevisionImporter for interwiki usernames

This was somehow missed in I5401941c.

Bug: T206013
Change-Id: Ia618b05329e6cbfca7c95d9161f12ba4150705c8
(cherry picked from commit afb2578055b49f3fe523cf9314f75d63bac4786b)

3 years agoAdd session_write_close() calls to SessionManager tests
Brad Jorsch [Tue, 16 Oct 2018 14:22:33 +0000 (10:22 -0400)]
Add session_write_close() calls to SessionManager tests

PHP 7.3 doesn't like it if session_id() is called when the session has
been started, so we need to be sure to close it first in a few tests.

Bug: T207112
Change-Id: Ief36c1bb7b5c9066f158b5bb0d6d785a7f7ddd3c
(cherry picked from commit 6698b7ea1d63fbd2e3014bf563c3ad9e937bc8dd)

3 years agoOutput only to stderr in unit tests
Aryeh Gregor [Mon, 8 Oct 2018 18:04:12 +0000 (21:04 +0300)]
Output only to stderr in unit tests

Otherwise, session tests don't work in PHP 7.2 because headers are
already sent: https://bugs.php.net/bug.php?id=75628

Bug: T206476
Change-Id: Ie88db4a61a56b756c6445d2579a2f30da22c3ee8

3 years agoSuppress "Headers already sent" in PHP 7.2 too
Aryeh Gregor [Mon, 8 Oct 2018 17:10:36 +0000 (20:10 +0300)]
Suppress "Headers already sent" in PHP 7.2 too

The "h" is now capitalized, so we need to update the regex.

Change-Id: I1111e1228868ec66d930c7a3b0d7972e5c6356b9
(cherry picked from commit 1572f3b1b89abc958da6a7d131553e3b67953403)

3 years agoAvoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable
Aaron Schulz [Sat, 26 May 2018 00:29:17 +0000 (17:29 -0700)]
Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable

Change-Id: Ida81bf998b462f2f6bb2b708df1f15bbc1933db1
(cherry picked from commit b172aff090b7c59c2f602931d469cf3ac5e9e74a)

3 years agoFix PHP warnings "preg_replace(): [...] invalid range in character class"
Edward Chernenko [Mon, 18 Jun 2018 22:53:52 +0000 (01:53 +0300)]
Fix PHP warnings "preg_replace(): [...] invalid range in character class"

This was spotted when running tests on Travis (PHP 7.3 nighly, trusty).

Two expressions inside preg_replace() contained non-escaped "-" inside [],
where this "-" meant an actual "-" character.
The warning is because "-" has special meaning inside [] ("a-z" for range),
and things like [\w-.] are considered "invalid range".

Solution is to escape "-" like this: [\w\-.]

Change-Id: I41cc217081f00f54d957b6d8052ee209412f5ff6
(cherry picked from commit d88e924b6e5a7d529c471980e14f72430a94e546)

3 years agoLocalisationCache: Avoid use of compact()
Kunal Mehta [Mon, 15 Oct 2018 07:17:38 +0000 (00:17 -0700)]
LocalisationCache: Avoid use of compact()

In PHP 7.3, compact() now raises notices if the variable is undefined, which
is something that we expect. So we can check whether the key exists instead
of bothering with compat() and suppressing warnings.

Bug: T206979
Change-Id: I612049db4debd850a2e6d10bc631d31aa17be898
(cherry picked from commit d0463178dfa09b79b3a08fee939da1beed030824)

3 years agoUse "break" instead of "continue" inside a switch
RazeSoldier [Mon, 15 Oct 2018 15:58:26 +0000 (23:58 +0800)]
Use "break" instead of "continue" inside a switch

"continue" statements in a switch are equivalent to "break". In PHP 7.3, will generate a warning.

Bug: T206974
Change-Id: I54bcec013ff52ab81bff09f8f7ef02f3944a5b7d
(cherry picked from commit f3b012b51f492155cd7acf4d7f641cd43147bfc0)

3 years agoUpdate git submodules
RazeSoldier [Mon, 15 Oct 2018 10:35:36 +0000 (18:35 +0800)]
Update git submodules

* Update extensions/ParserFunctions from branch 'REL1_31'
  to f2c63e5062c136d756d5d4378a722385e4b0149c
  - Use "break" instead of "continue" inside a switch

    "continue" statements in a switch are equivalent to "break". In PHP 7.3, will generate a warning.

    Also change the indentation.

    Bug: T206977
    Change-Id: I8ad0ef6508e73bcca7dabfe2e88d661dd409bdfb
    (cherry picked from commit d258457e018bfa157bf4b782efed8c160ec40545)

3 years agoUse "break" instead of "continue"
RazeSoldier [Thu, 23 Aug 2018 16:18:07 +0000 (00:18 +0800)]
Use "break" instead of "continue"

"continue" statements are equivalent to "break". In PHP 7.3, will generate a

Bug: T200595
Change-Id: I244ecb2e1ce5a76295f014fb1becd8d263196846
(cherry picked from commit 24ffbd9bd182944daa8b12244b729562cd5f50db)

3 years agoMerge "Remove deprecated pear/mail_mime-decode from composer dependancies" into REL1_31
jenkins-bot [Fri, 12 Oct 2018 00:32:25 +0000 (00:32 +0000)]
Merge "Remove deprecated pear/mail_mime-decode from composer dependancies" into REL1_31

3 years agoUpdate git submodules
Reedy [Thu, 11 Oct 2018 20:54:58 +0000 (21:54 +0100)]
Update git submodules

* Update vendor from branch 'REL1_31'
  to 86a1bbc0ab0fe0a4a750b48a1f76baa48ed013b1
  - Remove pear/mail_mime-decode

    Code isn't PHP 7 compatible, and rotted. Useful code seems to have
    been merged into pear/mail

    Bug: T109121
    Change-Id: Iaaba6985526e95699fe24e7fbc64817d3dd9ebaf

3 years agoRemove deprecated pear/mail_mime-decode from composer dependancies
Reedy [Thu, 11 Oct 2018 20:42:15 +0000 (21:42 +0100)]
Remove deprecated pear/mail_mime-decode from composer dependancies

Bug: T109121
Change-Id: I198e39e77d54bf3edd0ebf08403c6623d6092fd4

3 years agoLoad installer i18n when running update.php
Reedy [Thu, 11 Oct 2018 18:20:30 +0000 (19:20 +0100)]
Load installer i18n when running update.php

Bug: T206765
Change-Id: Ie1c1a5dbf7c905eaca55777448e5aba00267ed31
(cherry-picked from a8408122fd7982ec1f6f380288c887298ba07045)

3 years agoAdd pear/Net_SMTP 1.7.3 to composer dependencies
Mark A. Hershberger [Tue, 24 Jul 2018 16:36:46 +0000 (12:36 -0400)]
Add pear/Net_SMTP 1.7.3 to composer dependencies

Bug: T200254
Change-Id: I231759a1e0bd5b8750939acaad85ed327d052b79

4 years agoFix typo in postgres patch-drop-ar_text.sql
Brad Jorsch [Thu, 26 Apr 2018 18:52:12 +0000 (14:52 -0400)]
Fix typo in postgres patch-drop-ar_text.sql

I18f1c740 was cherry-picked to REL1_31 but it was broken.
Before that got merged to REL1_31, this was already in master,
but apparently that was missed when cherry-picking.
This should have made 1.31-rc.2.

Bug: T205967
Change-Id: I6d479d123848325b8501275ef4b98fc81cd99505
(cherry picked from commit 7e685a395d4a6e69d904c03f6e847b18795217a9)

4 years agoDocument removal of CologneBlue & Modern from the tarball
Kunal Mehta [Wed, 26 Sep 2018 04:44:50 +0000 (21:44 -0700)]
Document removal of CologneBlue & Modern from the tarball

Worth noting as a pre-upgrade thing, as trying to run the updater will fail
unless it's disabled or downloaded separately.

Reported by <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909589>.

Change-Id: I5ea6dc65d683dfceaa25104ca59f2f56c1ab1884

4 years agoWatchedItemStore::countVisitingWatchersMultiple() shouldn't query all titles when...
Brad Jorsch [Tue, 18 Sep 2018 16:01:32 +0000 (12:01 -0400)]
WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all titles when asked for none

If a caller gives an empty array for $targetsWithVisitThresholds, per
the documentation it should be expecting an empty array in return, not a
count of watchers for every title in the database.

Bug: T204729
Change-Id: I0f25fae301450d077bb30597281aaef0fba209d4
(cherry picked from commit f5469d36602cb2a95396830b14e9a631d698f3a6)

4 years agoBump 1.31.1 1.31.1
Kunal Mehta [Mon, 3 Sep 2018 08:11:17 +0000 (01:11 -0700)]
Bump 1.31.1

Change-Id: I4f1dbc9ddf6daa9e67a08908d0c04db876493b84

4 years agoSECURITY: Don't exclude .htaccess files from `git archive`
Kunal Mehta [Fri, 20 Jul 2018 20:29:14 +0000 (22:29 +0200)]
SECURITY: Don't exclude .htaccess files from `git archive`

Bug: T199029
Change-Id: I7ada3dddc4f5f7f2800882ccc9c73c8494f7fac9

4 years agoSECURITY: Do not allow botpassword login if account locked.
Brian Wolff [Sun, 13 May 2018 19:37:09 +0000 (19:37 +0000)]
SECURITY: Do not allow botpassword login if account locked.

Reported by Rxy

Bug: T194605
Change-Id: Ib41005e69ab4db6f849837de12f0d41398b58f9a

4 years agoSECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit
Chad Horohoe [Tue, 13 Mar 2018 18:43:30 +0000 (18:43 +0000)]
SECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit

The order of operations was incorrect.

Bug: T169545
Change-Id: Ia910aa2a494914d3b0017daac9ab294ea9fa8705

4 years agoUsersPager: Fix typo in formDescriptor array
Jayprakash12345 [Wed, 22 Aug 2018 18:53:05 +0000 (00:23 +0530)]
UsersPager: Fix typo in formDescriptor array

Bug: T202550
Change-Id: I06c6cf596ab0f159ad6a50251788ff3917125ae7
(cherry picked from commit eee4385869fab8d1b5dde7bd3f6520ed880ef673)

4 years agoFix pingback on non-MySQL
Tim Starling [Wed, 1 Aug 2018 01:30:49 +0000 (11:30 +1000)]
Fix pingback on non-MySQL

MySQL has its own implementation of upsert(), but the others rely on
$uniqueIndexes being a field list, not a field/value associative array.
The previous code generated an SQL error when checking for existing

Bug: T200864
Change-Id: Ifb56f7f350fbb84144bc6f5a1dd76939816338a6
(cherry picked from commit ba54f7f90dce0e06ff3c4ad1ec141362f10be9a9)

4 years agoMake ExternalStoreDB "wiki" context override the server "dbname" field
Aaron Schulz [Wed, 15 Aug 2018 01:44:40 +0000 (18:44 -0700)]
Make ExternalStoreDB "wiki" context override the server "dbname" field

This is all that is needed for b/c and going beyond that can break
foreign wiki (domain) external store access if matching per-wiki DB
names *are* used for external store.

Follow up to 92e4ace7eae61.

Bug: T200471
Change-Id: I877139ff659f542da04d4d8f5ef3297dbfcfd734

4 years agoUse LB server configuration to force DB domains in ExternalStorageDB
Aaron Schulz [Sun, 12 Aug 2018 10:14:54 +0000 (03:14 -0700)]
Use LB server configuration to force DB domains in ExternalStorageDB

This is for backwards-compatibility for pre 14ee3f210782 external store
configuration that relied on not using the main wiki DB name(s).

(cherry-picked from 92e4ace7eae612ce0fa040e02d932516c4d99712)

Bug: T200471
Change-Id: Ie60cae64e32ff2532565cbd79c8e084634a61cce

4 years agoFix total breakage of SQLite web upgrade
Tim Starling [Wed, 1 Aug 2018 00:18:08 +0000 (10:18 +1000)]
Fix total breakage of SQLite web upgrade

Partial revert of 8d61cf2793abd2, since LBFactoryTest.php passes without
overriding selectDB() in the current master. It's unclear why it was necessary.

Bug: T200861
Change-Id: I7c0560d7890616899297f81a227db98996d5cb7f
(cherry picked from commit 7584bf22fb2bda3c66ecf50c1edaad904ee1a649)

4 years agoGuard against uncountable tag values
Sam Wilson [Sat, 30 Jun 2018 07:55:47 +0000 (15:55 +0800)]
Guard against uncountable tag values

As of PHP 7.2 counting false or null raises a "Warning: count(): Parameter must be an array or an object that implements Countable".

Bug: T182377
Bug: T196793
Change-Id: I7ca38bc55ae04f68106fe0d27c7d496da1538459
(cherry picked from commit 61af022e5f8e06c2588a8fc3fd003f52bdb85b08)

4 years agoTreat all time values on Special:Watchlist as floats
Matěj Suchánek [Sun, 29 Jul 2018 09:54:45 +0000 (11:54 +0200)]
Treat all time values on Special:Watchlist as floats

PHP division may return float or int, depending on the operands. [1]
Make sure all numbers are of the same type (floats), because
XmlSelect compares values with ===.

[1] http://php.net/manual/en/language.operators.arithmetic.php

Bug: T199566
Change-Id: I37df6fd425f47d9a4562d83e04fcb50c3b97e0da
(cherry picked from commit 4b75063d0eafeb9260f177cde782156a81b56f6b)

4 years agoPHPSessionHandler: Suppress warnings in initialize()
Brad Jorsch [Wed, 13 Jun 2018 13:51:57 +0000 (09:51 -0400)]
PHPSessionHandler: Suppress warnings in initialize()

PHP 7.2 has gotten strict about calling various session-related methods
after headers were sent. Even in CLI mode where there are no headers to
send in the first place. Silence these warnings.

Bug: T197030
Change-Id: Idaabf1320c56e0d6c26387f03af05f32e1496a1c
(cherry picked from commit 701854b3ebc3c2b06067823395a7d95e8984cfda)

4 years agordbms: disable ChronologyProtector if EmptyBagOStuff is used
Aaron Schulz [Thu, 14 Jun 2018 00:14:23 +0000 (17:14 -0700)]
rdbms: disable ChronologyProtector if EmptyBagOStuff is used

Bug: T197206
Change-Id: Ic07634224fac1ae72d1ba20176c028fdda5ba415

4 years agoMerge "Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist...
jenkins-bot [Wed, 18 Jul 2018 10:26:57 +0000 (10:26 +0000)]
Merge "Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist" into REL1_31

4 years agoregistration: Use the correct key for skin dependencies
Florian Schmidt [Fri, 15 Jun 2018 15:51:22 +0000 (17:51 +0200)]
registration: Use the correct key for skin dependencies

Instead of using "skin" to check for skin dependencies, extension registration
now uses the correct key "skins" (from the schema).

Bug: T197478
Change-Id: I382fc79229e1406786f444192e6e3e3bde44d224
(cherry picked from commit 0f7e760334df920adca5f6340814ba028b95dae0)

4 years agoInsert space before compatibility link in PHP version message
petarpetkovic [Thu, 24 May 2018 22:27:21 +0000 (00:27 +0200)]
Insert space before compatibility link in PHP version message

Change-Id: Ia056ba7f9eddbcf31082c7b2f7a64e7dbf02cba4
(cherry picked from commit 6da2a437e3ce62652c5e5a0d631be36908eee369)

4 years agoSpecialChangeEmail: Log email changes
Brad Jorsch [Tue, 10 Jul 2018 18:13:58 +0000 (14:13 -0400)]
SpecialChangeEmail: Log email changes

Bug: T151415
Change-Id: Icc403be286f87a591ebc9d3e07d84b09f8b87713

4 years agoAvoid arithmetics on localized number string ("0,04") in SpecialWatchlist
Edward Chernenko [Sun, 1 Jul 2018 02:10:56 +0000 (05:10 +0300)]
Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist

In SpecialWatchlist::cutoffselector(), values like 1/24 or 6/24 are cast
to string via strval(). However, in some locales (e.g. ru_RU.utf8) strval
will return a localized form of the number, e.g. "0,04" instead of "0.04".

This "0,04" is then used in arithmetic operations, where it's treated as 0,
resulting in "0 hours" being shown instead of "1 hour", "2 hours", etc.

Bug: T198501
Change-Id: Iaa4e6170b30a7bb9ce0f22d9d2cc4772b0faa3b8
(cherry picked from commit 6b240c699eb1e965dad3c51107566f1f27ed1887)

4 years agoGitInfo: Don't try shelling out if it's disabled
Kunal Mehta [Sun, 24 Jun 2018 20:55:43 +0000 (23:55 +0300)]
GitInfo: Don't try shelling out if it's disabled

Bug: T198037
Change-Id: I364f9bc0e78439474101f4b2a171805c91f50a72
(cherry picked from commit d503ac7c9433a36358b1db27c6365167ea869832)

4 years agoBotPasswords: Indicate when a password needs reset
Brad Jorsch [Fri, 4 May 2018 13:35:55 +0000 (09:35 -0400)]
BotPasswords: Indicate when a password needs reset

Certain things, such as changing the account's main login credentials,
causes all bot passwords to be invalidated. This state should be
indicated in Special:BotPasswords, and the API when login fails.

Bug: T193829
Change-Id: Ib12929fed861742c9f2f76702c9ac3254e8a5d97
(cherry picked from commit ff6b4cb35c1944870fcd3cc525884790c20819b3)

4 years agoAdd 'logid' parameter to Special:Log
Sam Wilson [Mon, 23 Apr 2018 03:55:24 +0000 (11:55 +0800)]
Add 'logid' parameter to Special:Log

Make it possible to get a URL for a single log entry,
as an alternative to using Special:Redirect/logid/123.

The existing single-log-entry link of Special:Redirect/logid/123
is also simplified to be a redirect to this new parameter.

Bug: T191608
Bug: T187638
Change-Id: I5f2e52531cd2ba617a25570e40aa8c5168e284d9
(cherry picked from commit 8e04e60113272d498070e51ff2b50412ae7a9234)

4 years agoSECURITY: Special:BotPasswords should reauthenticate
Brad Jorsch [Wed, 9 May 2018 19:14:38 +0000 (15:14 -0400)]
SECURITY: Special:BotPasswords should reauthenticate

More specifically, it should reauthenticate when creating a bot password
or resetting the password. But we may as well do it for all accesses.

Bug: T194237
Change-Id: I9a38a3109492753fff1f33c0f280e5b0f1fc1a76

4 years agoFix error in various deprecated selectFields() methods
Brad Jorsch [Tue, 3 Jul 2018 15:59:18 +0000 (11:59 -0400)]
Fix error in various deprecated selectFields() methods

When aliasing a field to null, it has to be aliased to the string 'NULL'
rather than PHP null.

Bug: T198687
Change-Id: I6096f306b97022da781eaabeb15e502f391673a9
(cherry picked from commit 377ce5a469476a0ec68a6f03e3f5714eb40caeff)

4 years agoAvoid bad method call to patchPatch() in DbTestRecorder
Aaron Schulz [Mon, 25 Jun 2018 20:14:08 +0000 (21:14 +0100)]
Avoid bad method call to patchPatch() in DbTestRecorder

Bug: T193995
Change-Id: Ibc480b04463792b7cd720a6eb080e0960a30e440
(cherry picked from commit ec3289524e33fd93c9dc51c2a0ddffc24068583a)

4 years agoCorrect $specialPageAliases for sa.wiki
Jayprakash12345 [Wed, 20 Jun 2018 16:38:40 +0000 (22:08 +0530)]
Correct $specialPageAliases for sa.wiki

Bug: T102320
Change-Id: I10bf5a0039235a5b149dcea6bd62176d3763acf9
(cherry picked from commit 8d963e6a93bd9bbcb6d817de8b2a06947583e3e8)

4 years agoFix PHP7 warning "non well formed numeric value encountered"
Edward Chernenko [Mon, 25 Jun 2018 22:45:13 +0000 (01:45 +0300)]
Fix PHP7 warning "non well formed numeric value encountered"

PHP 7.1 warns when non-numeric string is implicitly cast to integer.

Change-Id: Ia46ea793e9495548c7d421b3372f6deaeda163f5
(cherry picked from commit 0a4a274b6255cc543df459f16902c1619697068f)

4 years agoUpdate git submodules
Edward Chernenko [Tue, 19 Jun 2018 23:43:01 +0000 (02:43 +0300)]
Update git submodules

* Update skins/MonoBook from branch 'REL1_31'
  to 53a78553e4b6cb091df318bf70291330f1425429
  - Missing 'class' in "newtalk" notification

    MonoBookTemplate incorrectly calls getIfExists() for newtalk/undelete:
    attributes of wrapper <div> must be under the 'parameters' key.

    Change-Id: I5392477d493174b0b5598927bfbcec2029b0987e
    (cherry picked from commit 73ad6a7835b587035e127d32d4667ba16e43ad03)

4 years agoUpdate git submodules
Paladox [Sat, 16 Jun 2018 21:27:22 +0000 (21:27 +0000)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 6860d4d96db3bfcc92172f08ddfe4a2344229937
  - Fix sidebar closing on iOS

    this follows this fix [1]

    [1] https://stackoverflow.com/questions/11397028/document-click-function-for-touch-device

    Bug: T161470
    Change-Id: I20e6a0e18a239131b94e4ab949b7784f241e4d40

4 years agoUpdate git submodules
Isarra [Wed, 13 Jun 2018 20:52:32 +0000 (20:52 +0000)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 2126f76540981047f072d672be5c15475a2556cf
  - Remove nonfunctional jquery mobile stuff

    Does not appear to work, and is possibly breaking things elsewise as
    well. In particular: chrome text selection in general, possibly iphone

    May or may not resolve the following; please test (does seem to
    effectively resolve T183215, for now, at least, but dunno at all about
    the other two.):

    Bug: T161470
    Bug: T183215
    Bug: T188387
    Change-Id: I2d4aae98fe47bce5a873bc44b6cea58f111f5086

4 years agoAdd Extension:Nuke submodule to REL1_31
MarcoAurelio [Thu, 14 Jun 2018 11:00:20 +0000 (13:00 +0200)]
Add Extension:Nuke submodule to REL1_31

Bug: T197229
Change-Id: I6dad2c00c7480894beeaf8979b8d66f4cc32cc89

4 years agoBump to 1.31.0 for final release 1.31.0
Chad Horohoe [Wed, 13 Jun 2018 15:33:16 +0000 (11:33 -0400)]
Bump to 1.31.0 for final release

Change-Id: Ie743443584e2c7a3aac2d185de1c3cb2eeca80b6

4 years agoAdd release notes for 0eb4eaefd3 and f7f71359
Kunal Mehta [Tue, 12 Jun 2018 01:11:08 +0000 (18:11 -0700)]
Add release notes for 0eb4eaefd3 and f7f71359

Change-Id: Ie139db2f178660aa42009661716290158d60c8fc
(cherry picked from commit 1f286e8d4019e7712916060ecb8dd00ff04fdc7b)

4 years agoMerge "parser: Validate $length in padleft/padright parser functions" into REL1_31
jenkins-bot [Tue, 12 Jun 2018 00:54:54 +0000 (00:54 +0000)]
Merge "parser: Validate $length in padleft/padright parser functions" into REL1_31

4 years agoparser: Validate $length in padleft/padright parser functions
Kunal Mehta [Sun, 10 Jun 2018 18:09:07 +0000 (11:09 -0700)]
parser: Validate $length in padleft/padright parser functions

$length is user input, so cast it to an int before passing it to min().
If there is nothing to add at that point, return immediately.

In PHP 7.1+ this raised a warning of "A non-numeric value encountered"
because min() will return the junk value, returning a string. Then we
try and subtract an int from it (return value of mb_strlen()),
triggering the warning.

Added a parser test to verify the behavior, and confirmed that it
triggers warnings without the patch.

Bug: T180403
Change-Id: I614750962104f6251a864519035366ac9798fc0f
(cherry picked from commit dc96f656affd1f8fab0ae72b0d96e77055e5b336)

4 years agoMake $wgEmailConfirmToEdit only affect edit actions.
Brian Wolff [Fri, 26 Aug 2016 01:29:58 +0000 (01:29 +0000)]
Make $wgEmailConfirmToEdit only affect edit actions.

Previously it would affect all actions that use Title::userCan.
This used to be less noticable, but recently was expanded to include
the 'read' action. This only affected the case where both
$wgBlockDisablesLogin and $wgEmailConfirmedToEdit were enabled.

I don't think anyone was relying on the old behaviour as it was
undocumented, and only affected obscure permissions (checked with
Title::userCan and not depending on "edit" rights)

Follow-up b675be2083

Bug: T143790
Change-Id: I4ad93ed78de4f1ed444f73df6dc26d405a67e553
(cherry picked from commit d561f646b9b8424bd79cfc14729a622a143d9f12)

4 years agoFollow-up Ieaeb3113a: Add RELEASE-NOTES
Jforrester [Fri, 8 Jun 2018 19:55:45 +0000 (19:55 +0000)]
Follow-up Ieaeb3113a: Add RELEASE-NOTES

Change-Id: I79f1d28b54532a7495fb8e205c9b6636016587d7
(cherry picked from commit 0d37539a7c9191f893dec6e77591ae753e6b461a)

4 years agoEnsure $user is passed by reference in TitleMoveComplete hook on HHVM
Kunal Mehta [Thu, 7 Jun 2018 19:52:04 +0000 (12:52 -0700)]
Ensure $user is passed by reference in TitleMoveComplete hook on HHVM

Suggested by Anomie in T118683#3688320.

Bug: T118683
Change-Id: I57e05c5ae42c8b85d0a8f9631a459c5686b27893
(cherry picked from commit d5e4bf920c7ff48bf4c907bee1ee47fa96907774)

4 years agoregistration: Allow the mtime of extension.json files to be zero
Ed Schouten [Thu, 7 Jun 2018 12:21:53 +0000 (14:21 +0200)]
registration: Allow the mtime of extension.json files to be zero

When creating Docker images of MediaWiki using the Bazel build system, I
noticed that I'm not able to load any extensions. This is due to the
fact that Bazel always generates container layers with mtimes of files
set to 1970-01-01 for determinism/reproducibility.

Relax the check a bit to only fail when the mtime is false, which
happens when filemtime() fails.

Bug: T196672
Change-Id: Ieaeb3113a7d9c44f29cca2d062c5bb11ebeada0d
(cherry picked from commit d7d5d3c82a84338bd2669284427193ea7a80bdbc)

4 years agoinstaller: Fix display of UPGRADE by disabling InterwikiLookup
Kunal Mehta [Thu, 7 Jun 2018 08:01:13 +0000 (01:01 -0700)]
installer: Fix display of UPGRADE by disabling InterwikiLookup

Since 129067c907ea65f62, parsing section titles has looked up interwiki
prefixes with InterwikiLookup. In the web upgrader, this triggers
database access, and since that service is disabled, it throws
exceptions, causing parsing to fail.

Work around that by using a dummy InterwikiLookup service that knows
about no interwiki prefixes. Maybe one could be written to just read
from the stock `interwiki.list`, but that's a project for another time.

Bug: T196607
Change-Id: I13485a9af79297b552a1128240cb8597c2ef83d8
(cherry picked from commit a498abf272c7aff376c5225a6f593349e3cc3eaa)

4 years agoFix UploadBase::checkXMLEncodingMissmatch() on PHP 7.1+
Kunal Mehta [Thu, 7 Jun 2018 00:54:07 +0000 (17:54 -0700)]
Fix UploadBase::checkXMLEncodingMissmatch() on PHP 7.1+

file_get_contents() started supporting a negative offset in 7.1+. But
we really just want to start with 0.

Also fix the order of arguments to assertSame() so that the expected
value is first.

Bug: T182366
Change-Id: I84c92652de5b51a43f6e2b58cd235d2889093453

4 years agoAdd vendor submodule
Kunal Mehta [Wed, 6 Jun 2018 22:21:12 +0000 (15:21 -0700)]
Add vendor submodule

People will no longer need to clone it separately, just run
`git submodule update --init`.

If people want to run composer locally and have already checked out the
submodule, a `git submodule deinit vendor` will disable the submodule.

Change-Id: I1fdaf8dc3c2a8e246bb7d2987a42a41272dffc29

4 years agoMove RELEASE-NOTES for I4678250331a48db4d50d1fc6c489c991a4dee920
Reedy [Wed, 6 Jun 2018 18:31:49 +0000 (18:31 +0000)]
Move RELEASE-NOTES for I4678250331a48db4d50d1fc6c489c991a4dee920

Change-Id: Ic880a54427bf8bd9adf96863da25c485cb3c5662

4 years agoMerge "objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0" into...
jenkins-bot [Wed, 6 Jun 2018 18:02:33 +0000 (18:02 +0000)]
Merge "objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0" into REL1_31

4 years agoPopulate 1.31 rc.0 -> rc.2 release notes
Reedy [Tue, 5 Jun 2018 21:40:41 +0000 (21:40 +0000)]
Populate 1.31 rc.0 -> rc.2 release notes

Change-Id: I15fa23e881c0e177d12a6f6374bc08af3b197435
(cherry picked from commit 6e3bb339713db677df2272d7ff6f634dff1f244d)

4 years agoobjectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0
Aaron Schulz [Thu, 31 May 2018 21:41:02 +0000 (14:41 -0700)]
objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0

The get() $cas_token parameter was changed into $flags, which can act
as a switch to make the return value an associative array of details.

pecl and PHP-based memcached BagOStuff class both pass all tests now.

Bug: T196125
Change-Id: I4678250331a48db4d50d1fc6c489c991a4dee920