3 years agoInclude IP address in "Login for $1 succeeded" log entry
Kunal Mehta [Sat, 20 Oct 2018 12:35:22 +0000 (05:35 -0700)]
Include IP address in "Login for $1 succeeded" log entry

Bug: T207540
Change-Id: Iab4f2f2ddc8e64ead2f33356d03fa7beed399415

3 years agoAdd session_write_close() calls to SessionManager tests
Brad Jorsch [Tue, 16 Oct 2018 14:22:33 +0000 (10:22 -0400)]
Add session_write_close() calls to SessionManager tests

PHP 7.3 doesn't like it if session_id() is called when the session has
been started, so we need to be sure to close it first in a few tests.

Bug: T207112
Change-Id: Ief36c1bb7b5c9066f158b5bb0d6d785a7f7ddd3c
(cherry picked from commit 6698b7ea1d63fbd2e3014bf563c3ad9e937bc8dd)

3 years agoOutput only to stderr in unit tests
Aryeh Gregor [Mon, 8 Oct 2018 18:04:12 +0000 (21:04 +0300)]
Output only to stderr in unit tests

Otherwise, session tests don't work in PHP 7.2 because headers are
already sent: https://bugs.php.net/bug.php?id=75628

Bug: T206476
Change-Id: Ie88db4a61a56b756c6445d2579a2f30da22c3ee8

3 years agoSuppress "Headers already sent" in PHP 7.2 too
Aryeh Gregor [Mon, 8 Oct 2018 17:10:36 +0000 (20:10 +0300)]
Suppress "Headers already sent" in PHP 7.2 too

The "h" is now capitalized, so we need to update the regex.

Change-Id: I1111e1228868ec66d930c7a3b0d7972e5c6356b9
(cherry picked from commit 1572f3b1b89abc958da6a7d131553e3b67953403)

3 years agoAvoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable
Aaron Schulz [Sat, 26 May 2018 00:29:17 +0000 (17:29 -0700)]
Avoid PHP 7.2 warnings in DBConRefTest about count() on non-Countable

Change-Id: Ida81bf998b462f2f6bb2b708df1f15bbc1933db1
(cherry picked from commit b172aff090b7c59c2f602931d469cf3ac5e9e74a)

3 years agoFix PHP warnings "preg_replace(): [...] invalid range in character class"
Edward Chernenko [Mon, 18 Jun 2018 22:53:52 +0000 (01:53 +0300)]
Fix PHP warnings "preg_replace(): [...] invalid range in character class"

This was spotted when running tests on Travis (PHP 7.3 nighly, trusty).

Two expressions inside preg_replace() contained non-escaped "-" inside [],
where this "-" meant an actual "-" character.
The warning is because "-" has special meaning inside [] ("a-z" for range),
and things like [\w-.] are considered "invalid range".

Solution is to escape "-" like this: [\w\-.]

Change-Id: I41cc217081f00f54d957b6d8052ee209412f5ff6
(cherry picked from commit d88e924b6e5a7d529c471980e14f72430a94e546)

3 years agoLocalisationCache: Avoid use of compact()
Kunal Mehta [Mon, 15 Oct 2018 07:17:38 +0000 (00:17 -0700)]
LocalisationCache: Avoid use of compact()

In PHP 7.3, compact() now raises notices if the variable is undefined, which
is something that we expect. So we can check whether the key exists instead
of bothering with compat() and suppressing warnings.

Bug: T206979
Change-Id: I612049db4debd850a2e6d10bc631d31aa17be898
(cherry picked from commit d0463178dfa09b79b3a08fee939da1beed030824)

3 years agoUse "break" instead of "continue" inside a switch
RazeSoldier [Mon, 15 Oct 2018 15:58:26 +0000 (23:58 +0800)]
Use "break" instead of "continue" inside a switch

"continue" statements in a switch are equivalent to "break". In PHP 7.3, will generate a warning.

Bug: T206974
Change-Id: I54bcec013ff52ab81bff09f8f7ef02f3944a5b7d
(cherry picked from commit f3b012b51f492155cd7acf4d7f641cd43147bfc0)

3 years agoUpdate git submodules
RazeSoldier [Mon, 15 Oct 2018 10:35:36 +0000 (18:35 +0800)]
Update git submodules

* Update extensions/ParserFunctions from branch 'REL1_31'
  to f2c63e5062c136d756d5d4378a722385e4b0149c
  - Use "break" instead of "continue" inside a switch

    "continue" statements in a switch are equivalent to "break". In PHP 7.3, will generate a warning.

    Also change the indentation.

    Bug: T206977
    Change-Id: I8ad0ef6508e73bcca7dabfe2e88d661dd409bdfb
    (cherry picked from commit d258457e018bfa157bf4b782efed8c160ec40545)

3 years agoUse "break" instead of "continue"
RazeSoldier [Thu, 23 Aug 2018 16:18:07 +0000 (00:18 +0800)]
Use "break" instead of "continue"

"continue" statements are equivalent to "break". In PHP 7.3, will generate a

Bug: T200595
Change-Id: I244ecb2e1ce5a76295f014fb1becd8d263196846
(cherry picked from commit 24ffbd9bd182944daa8b12244b729562cd5f50db)

3 years agoMerge "Remove deprecated pear/mail_mime-decode from composer dependancies" into REL1_31
jenkins-bot [Fri, 12 Oct 2018 00:32:25 +0000 (00:32 +0000)]
Merge "Remove deprecated pear/mail_mime-decode from composer dependancies" into REL1_31

3 years agoUpdate git submodules
Reedy [Thu, 11 Oct 2018 20:54:58 +0000 (21:54 +0100)]
Update git submodules

* Update vendor from branch 'REL1_31'
  to 86a1bbc0ab0fe0a4a750b48a1f76baa48ed013b1
  - Remove pear/mail_mime-decode

    Code isn't PHP 7 compatible, and rotted. Useful code seems to have
    been merged into pear/mail

    Bug: T109121
    Change-Id: Iaaba6985526e95699fe24e7fbc64817d3dd9ebaf

3 years agoRemove deprecated pear/mail_mime-decode from composer dependancies
Reedy [Thu, 11 Oct 2018 20:42:15 +0000 (21:42 +0100)]
Remove deprecated pear/mail_mime-decode from composer dependancies

Bug: T109121
Change-Id: I198e39e77d54bf3edd0ebf08403c6623d6092fd4

3 years agoLoad installer i18n when running update.php
Reedy [Thu, 11 Oct 2018 18:20:30 +0000 (19:20 +0100)]
Load installer i18n when running update.php

Bug: T206765
Change-Id: Ie1c1a5dbf7c905eaca55777448e5aba00267ed31
(cherry-picked from a8408122fd7982ec1f6f380288c887298ba07045)

3 years agoAdd pear/Net_SMTP 1.7.3 to composer dependencies
Mark A. Hershberger [Tue, 24 Jul 2018 16:36:46 +0000 (12:36 -0400)]
Add pear/Net_SMTP 1.7.3 to composer dependencies

Bug: T200254
Change-Id: I231759a1e0bd5b8750939acaad85ed327d052b79

3 years agoFix typo in postgres patch-drop-ar_text.sql
Brad Jorsch [Thu, 26 Apr 2018 18:52:12 +0000 (14:52 -0400)]
Fix typo in postgres patch-drop-ar_text.sql

I18f1c740 was cherry-picked to REL1_31 but it was broken.
Before that got merged to REL1_31, this was already in master,
but apparently that was missed when cherry-picking.
This should have made 1.31-rc.2.

Bug: T205967
Change-Id: I6d479d123848325b8501275ef4b98fc81cd99505
(cherry picked from commit 7e685a395d4a6e69d904c03f6e847b18795217a9)

3 years agoDocument removal of CologneBlue & Modern from the tarball
Kunal Mehta [Wed, 26 Sep 2018 04:44:50 +0000 (21:44 -0700)]
Document removal of CologneBlue & Modern from the tarball

Worth noting as a pre-upgrade thing, as trying to run the updater will fail
unless it's disabled or downloaded separately.

Reported by <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909589>.

Change-Id: I5ea6dc65d683dfceaa25104ca59f2f56c1ab1884

3 years agoWatchedItemStore::countVisitingWatchersMultiple() shouldn't query all titles when...
Brad Jorsch [Tue, 18 Sep 2018 16:01:32 +0000 (12:01 -0400)]
WatchedItemStore::countVisitingWatchersMultiple() shouldn't query all titles when asked for none

If a caller gives an empty array for $targetsWithVisitThresholds, per
the documentation it should be expecting an empty array in return, not a
count of watchers for every title in the database.

Bug: T204729
Change-Id: I0f25fae301450d077bb30597281aaef0fba209d4
(cherry picked from commit f5469d36602cb2a95396830b14e9a631d698f3a6)

3 years agoBump 1.31.1 1.31.1
Kunal Mehta [Mon, 3 Sep 2018 08:11:17 +0000 (01:11 -0700)]
Bump 1.31.1

Change-Id: I4f1dbc9ddf6daa9e67a08908d0c04db876493b84

3 years agoSECURITY: Don't exclude .htaccess files from `git archive`
Kunal Mehta [Fri, 20 Jul 2018 20:29:14 +0000 (22:29 +0200)]
SECURITY: Don't exclude .htaccess files from `git archive`

Bug: T199029
Change-Id: I7ada3dddc4f5f7f2800882ccc9c73c8494f7fac9

3 years agoSECURITY: Do not allow botpassword login if account locked.
Brian Wolff [Sun, 13 May 2018 19:37:09 +0000 (19:37 +0000)]
SECURITY: Do not allow botpassword login if account locked.

Reported by Rxy

Bug: T194605
Change-Id: Ib41005e69ab4db6f849837de12f0d41398b58f9a

3 years agoSECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit
Chad Horohoe [Tue, 13 Mar 2018 18:43:30 +0000 (18:43 +0000)]
SECURITY: Make 'newbie' limit in $wgRateLimits really override 'user' limit

The order of operations was incorrect.

Bug: T169545
Change-Id: Ia910aa2a494914d3b0017daac9ab294ea9fa8705

3 years agoUsersPager: Fix typo in formDescriptor array
Jayprakash12345 [Wed, 22 Aug 2018 18:53:05 +0000 (00:23 +0530)]
UsersPager: Fix typo in formDescriptor array

Bug: T202550
Change-Id: I06c6cf596ab0f159ad6a50251788ff3917125ae7
(cherry picked from commit eee4385869fab8d1b5dde7bd3f6520ed880ef673)

3 years agoFix pingback on non-MySQL
Tim Starling [Wed, 1 Aug 2018 01:30:49 +0000 (11:30 +1000)]
Fix pingback on non-MySQL

MySQL has its own implementation of upsert(), but the others rely on
$uniqueIndexes being a field list, not a field/value associative array.
The previous code generated an SQL error when checking for existing

Bug: T200864
Change-Id: Ifb56f7f350fbb84144bc6f5a1dd76939816338a6
(cherry picked from commit ba54f7f90dce0e06ff3c4ad1ec141362f10be9a9)

3 years agoMake ExternalStoreDB "wiki" context override the server "dbname" field
Aaron Schulz [Wed, 15 Aug 2018 01:44:40 +0000 (18:44 -0700)]
Make ExternalStoreDB "wiki" context override the server "dbname" field

This is all that is needed for b/c and going beyond that can break
foreign wiki (domain) external store access if matching per-wiki DB
names *are* used for external store.

Follow up to 92e4ace7eae61.

Bug: T200471
Change-Id: I877139ff659f542da04d4d8f5ef3297dbfcfd734

3 years agoUse LB server configuration to force DB domains in ExternalStorageDB
Aaron Schulz [Sun, 12 Aug 2018 10:14:54 +0000 (03:14 -0700)]
Use LB server configuration to force DB domains in ExternalStorageDB

This is for backwards-compatibility for pre 14ee3f210782 external store
configuration that relied on not using the main wiki DB name(s).

(cherry-picked from 92e4ace7eae612ce0fa040e02d932516c4d99712)

Bug: T200471
Change-Id: Ie60cae64e32ff2532565cbd79c8e084634a61cce

3 years agoFix total breakage of SQLite web upgrade
Tim Starling [Wed, 1 Aug 2018 00:18:08 +0000 (10:18 +1000)]
Fix total breakage of SQLite web upgrade

Partial revert of 8d61cf2793abd2, since LBFactoryTest.php passes without
overriding selectDB() in the current master. It's unclear why it was necessary.

Bug: T200861
Change-Id: I7c0560d7890616899297f81a227db98996d5cb7f
(cherry picked from commit 7584bf22fb2bda3c66ecf50c1edaad904ee1a649)

3 years agoGuard against uncountable tag values
Sam Wilson [Sat, 30 Jun 2018 07:55:47 +0000 (15:55 +0800)]
Guard against uncountable tag values

As of PHP 7.2 counting false or null raises a "Warning: count(): Parameter must be an array or an object that implements Countable".

Bug: T182377
Bug: T196793
Change-Id: I7ca38bc55ae04f68106fe0d27c7d496da1538459
(cherry picked from commit 61af022e5f8e06c2588a8fc3fd003f52bdb85b08)

3 years agoTreat all time values on Special:Watchlist as floats
Matěj Suchánek [Sun, 29 Jul 2018 09:54:45 +0000 (11:54 +0200)]
Treat all time values on Special:Watchlist as floats

PHP division may return float or int, depending on the operands. [1]
Make sure all numbers are of the same type (floats), because
XmlSelect compares values with ===.

[1] http://php.net/manual/en/language.operators.arithmetic.php

Bug: T199566
Change-Id: I37df6fd425f47d9a4562d83e04fcb50c3b97e0da
(cherry picked from commit 4b75063d0eafeb9260f177cde782156a81b56f6b)

3 years agoPHPSessionHandler: Suppress warnings in initialize()
Brad Jorsch [Wed, 13 Jun 2018 13:51:57 +0000 (09:51 -0400)]
PHPSessionHandler: Suppress warnings in initialize()

PHP 7.2 has gotten strict about calling various session-related methods
after headers were sent. Even in CLI mode where there are no headers to
send in the first place. Silence these warnings.

Bug: T197030
Change-Id: Idaabf1320c56e0d6c26387f03af05f32e1496a1c
(cherry picked from commit 701854b3ebc3c2b06067823395a7d95e8984cfda)

3 years agordbms: disable ChronologyProtector if EmptyBagOStuff is used
Aaron Schulz [Thu, 14 Jun 2018 00:14:23 +0000 (17:14 -0700)]
rdbms: disable ChronologyProtector if EmptyBagOStuff is used

Bug: T197206
Change-Id: Ic07634224fac1ae72d1ba20176c028fdda5ba415

3 years agoMerge "Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist...
jenkins-bot [Wed, 18 Jul 2018 10:26:57 +0000 (10:26 +0000)]
Merge "Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist" into REL1_31

3 years agoregistration: Use the correct key for skin dependencies
Florian Schmidt [Fri, 15 Jun 2018 15:51:22 +0000 (17:51 +0200)]
registration: Use the correct key for skin dependencies

Instead of using "skin" to check for skin dependencies, extension registration
now uses the correct key "skins" (from the schema).

Bug: T197478
Change-Id: I382fc79229e1406786f444192e6e3e3bde44d224
(cherry picked from commit 0f7e760334df920adca5f6340814ba028b95dae0)

3 years agoInsert space before compatibility link in PHP version message
petarpetkovic [Thu, 24 May 2018 22:27:21 +0000 (00:27 +0200)]
Insert space before compatibility link in PHP version message

Change-Id: Ia056ba7f9eddbcf31082c7b2f7a64e7dbf02cba4
(cherry picked from commit 6da2a437e3ce62652c5e5a0d631be36908eee369)

3 years agoSpecialChangeEmail: Log email changes
Brad Jorsch [Tue, 10 Jul 2018 18:13:58 +0000 (14:13 -0400)]
SpecialChangeEmail: Log email changes

Bug: T151415
Change-Id: Icc403be286f87a591ebc9d3e07d84b09f8b87713

3 years agoAvoid arithmetics on localized number string ("0,04") in SpecialWatchlist
Edward Chernenko [Sun, 1 Jul 2018 02:10:56 +0000 (05:10 +0300)]
Avoid arithmetics on localized number string ("0,04") in SpecialWatchlist

In SpecialWatchlist::cutoffselector(), values like 1/24 or 6/24 are cast
to string via strval(). However, in some locales (e.g. ru_RU.utf8) strval
will return a localized form of the number, e.g. "0,04" instead of "0.04".

This "0,04" is then used in arithmetic operations, where it's treated as 0,
resulting in "0 hours" being shown instead of "1 hour", "2 hours", etc.

Bug: T198501
Change-Id: Iaa4e6170b30a7bb9ce0f22d9d2cc4772b0faa3b8
(cherry picked from commit 6b240c699eb1e965dad3c51107566f1f27ed1887)

3 years agoGitInfo: Don't try shelling out if it's disabled
Kunal Mehta [Sun, 24 Jun 2018 20:55:43 +0000 (23:55 +0300)]
GitInfo: Don't try shelling out if it's disabled

Bug: T198037
Change-Id: I364f9bc0e78439474101f4b2a171805c91f50a72
(cherry picked from commit d503ac7c9433a36358b1db27c6365167ea869832)

3 years agoBotPasswords: Indicate when a password needs reset
Brad Jorsch [Fri, 4 May 2018 13:35:55 +0000 (09:35 -0400)]
BotPasswords: Indicate when a password needs reset

Certain things, such as changing the account's main login credentials,
causes all bot passwords to be invalidated. This state should be
indicated in Special:BotPasswords, and the API when login fails.

Bug: T193829
Change-Id: Ib12929fed861742c9f2f76702c9ac3254e8a5d97
(cherry picked from commit ff6b4cb35c1944870fcd3cc525884790c20819b3)

3 years agoAdd 'logid' parameter to Special:Log
Sam Wilson [Mon, 23 Apr 2018 03:55:24 +0000 (11:55 +0800)]
Add 'logid' parameter to Special:Log

Make it possible to get a URL for a single log entry,
as an alternative to using Special:Redirect/logid/123.

The existing single-log-entry link of Special:Redirect/logid/123
is also simplified to be a redirect to this new parameter.

Bug: T191608
Bug: T187638
Change-Id: I5f2e52531cd2ba617a25570e40aa8c5168e284d9
(cherry picked from commit 8e04e60113272d498070e51ff2b50412ae7a9234)

3 years agoSECURITY: Special:BotPasswords should reauthenticate
Brad Jorsch [Wed, 9 May 2018 19:14:38 +0000 (15:14 -0400)]
SECURITY: Special:BotPasswords should reauthenticate

More specifically, it should reauthenticate when creating a bot password
or resetting the password. But we may as well do it for all accesses.

Bug: T194237
Change-Id: I9a38a3109492753fff1f33c0f280e5b0f1fc1a76

3 years agoFix error in various deprecated selectFields() methods
Brad Jorsch [Tue, 3 Jul 2018 15:59:18 +0000 (11:59 -0400)]
Fix error in various deprecated selectFields() methods

When aliasing a field to null, it has to be aliased to the string 'NULL'
rather than PHP null.

Bug: T198687
Change-Id: I6096f306b97022da781eaabeb15e502f391673a9
(cherry picked from commit 377ce5a469476a0ec68a6f03e3f5714eb40caeff)

3 years agoAvoid bad method call to patchPatch() in DbTestRecorder
Aaron Schulz [Mon, 25 Jun 2018 20:14:08 +0000 (21:14 +0100)]
Avoid bad method call to patchPatch() in DbTestRecorder

Bug: T193995
Change-Id: Ibc480b04463792b7cd720a6eb080e0960a30e440
(cherry picked from commit ec3289524e33fd93c9dc51c2a0ddffc24068583a)

3 years agoCorrect $specialPageAliases for sa.wiki
Jayprakash12345 [Wed, 20 Jun 2018 16:38:40 +0000 (22:08 +0530)]
Correct $specialPageAliases for sa.wiki

Bug: T102320
Change-Id: I10bf5a0039235a5b149dcea6bd62176d3763acf9
(cherry picked from commit 8d963e6a93bd9bbcb6d817de8b2a06947583e3e8)

3 years agoFix PHP7 warning "non well formed numeric value encountered"
Edward Chernenko [Mon, 25 Jun 2018 22:45:13 +0000 (01:45 +0300)]
Fix PHP7 warning "non well formed numeric value encountered"

PHP 7.1 warns when non-numeric string is implicitly cast to integer.

Change-Id: Ia46ea793e9495548c7d421b3372f6deaeda163f5
(cherry picked from commit 0a4a274b6255cc543df459f16902c1619697068f)

3 years agoUpdate git submodules
Edward Chernenko [Tue, 19 Jun 2018 23:43:01 +0000 (02:43 +0300)]
Update git submodules

* Update skins/MonoBook from branch 'REL1_31'
  to 53a78553e4b6cb091df318bf70291330f1425429
  - Missing 'class' in "newtalk" notification

    MonoBookTemplate incorrectly calls getIfExists() for newtalk/undelete:
    attributes of wrapper <div> must be under the 'parameters' key.

    Change-Id: I5392477d493174b0b5598927bfbcec2029b0987e
    (cherry picked from commit 73ad6a7835b587035e127d32d4667ba16e43ad03)

3 years agoUpdate git submodules
Paladox [Sat, 16 Jun 2018 21:27:22 +0000 (21:27 +0000)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 6860d4d96db3bfcc92172f08ddfe4a2344229937
  - Fix sidebar closing on iOS

    this follows this fix [1]

    [1] https://stackoverflow.com/questions/11397028/document-click-function-for-touch-device

    Bug: T161470
    Change-Id: I20e6a0e18a239131b94e4ab949b7784f241e4d40

3 years agoUpdate git submodules
Isarra [Wed, 13 Jun 2018 20:52:32 +0000 (20:52 +0000)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 2126f76540981047f072d672be5c15475a2556cf
  - Remove nonfunctional jquery mobile stuff

    Does not appear to work, and is possibly breaking things elsewise as
    well. In particular: chrome text selection in general, possibly iphone

    May or may not resolve the following; please test (does seem to
    effectively resolve T183215, for now, at least, but dunno at all about
    the other two.):

    Bug: T161470
    Bug: T183215
    Bug: T188387
    Change-Id: I2d4aae98fe47bce5a873bc44b6cea58f111f5086

3 years agoAdd Extension:Nuke submodule to REL1_31
MarcoAurelio [Thu, 14 Jun 2018 11:00:20 +0000 (13:00 +0200)]
Add Extension:Nuke submodule to REL1_31

Bug: T197229
Change-Id: I6dad2c00c7480894beeaf8979b8d66f4cc32cc89

3 years agoBump to 1.31.0 for final release 1.31.0
Chad Horohoe [Wed, 13 Jun 2018 15:33:16 +0000 (11:33 -0400)]
Bump to 1.31.0 for final release

Change-Id: Ie743443584e2c7a3aac2d185de1c3cb2eeca80b6

3 years agoAdd release notes for 0eb4eaefd3 and f7f71359
Kunal Mehta [Tue, 12 Jun 2018 01:11:08 +0000 (18:11 -0700)]
Add release notes for 0eb4eaefd3 and f7f71359

Change-Id: Ie139db2f178660aa42009661716290158d60c8fc
(cherry picked from commit 1f286e8d4019e7712916060ecb8dd00ff04fdc7b)

3 years agoMerge "parser: Validate $length in padleft/padright parser functions" into REL1_31
jenkins-bot [Tue, 12 Jun 2018 00:54:54 +0000 (00:54 +0000)]
Merge "parser: Validate $length in padleft/padright parser functions" into REL1_31

3 years agoparser: Validate $length in padleft/padright parser functions
Kunal Mehta [Sun, 10 Jun 2018 18:09:07 +0000 (11:09 -0700)]
parser: Validate $length in padleft/padright parser functions

$length is user input, so cast it to an int before passing it to min().
If there is nothing to add at that point, return immediately.

In PHP 7.1+ this raised a warning of "A non-numeric value encountered"
because min() will return the junk value, returning a string. Then we
try and subtract an int from it (return value of mb_strlen()),
triggering the warning.

Added a parser test to verify the behavior, and confirmed that it
triggers warnings without the patch.

Bug: T180403
Change-Id: I614750962104f6251a864519035366ac9798fc0f
(cherry picked from commit dc96f656affd1f8fab0ae72b0d96e77055e5b336)

3 years agoMake $wgEmailConfirmToEdit only affect edit actions.
Brian Wolff [Fri, 26 Aug 2016 01:29:58 +0000 (01:29 +0000)]
Make $wgEmailConfirmToEdit only affect edit actions.

Previously it would affect all actions that use Title::userCan.
This used to be less noticable, but recently was expanded to include
the 'read' action. This only affected the case where both
$wgBlockDisablesLogin and $wgEmailConfirmedToEdit were enabled.

I don't think anyone was relying on the old behaviour as it was
undocumented, and only affected obscure permissions (checked with
Title::userCan and not depending on "edit" rights)

Follow-up b675be2083

Bug: T143790
Change-Id: I4ad93ed78de4f1ed444f73df6dc26d405a67e553
(cherry picked from commit d561f646b9b8424bd79cfc14729a622a143d9f12)

3 years agoFollow-up Ieaeb3113a: Add RELEASE-NOTES
Jforrester [Fri, 8 Jun 2018 19:55:45 +0000 (19:55 +0000)]
Follow-up Ieaeb3113a: Add RELEASE-NOTES

Change-Id: I79f1d28b54532a7495fb8e205c9b6636016587d7
(cherry picked from commit 0d37539a7c9191f893dec6e77591ae753e6b461a)

3 years agoEnsure $user is passed by reference in TitleMoveComplete hook on HHVM
Kunal Mehta [Thu, 7 Jun 2018 19:52:04 +0000 (12:52 -0700)]
Ensure $user is passed by reference in TitleMoveComplete hook on HHVM

Suggested by Anomie in T118683#3688320.

Bug: T118683
Change-Id: I57e05c5ae42c8b85d0a8f9631a459c5686b27893
(cherry picked from commit d5e4bf920c7ff48bf4c907bee1ee47fa96907774)

3 years agoregistration: Allow the mtime of extension.json files to be zero
Ed Schouten [Thu, 7 Jun 2018 12:21:53 +0000 (14:21 +0200)]
registration: Allow the mtime of extension.json files to be zero

When creating Docker images of MediaWiki using the Bazel build system, I
noticed that I'm not able to load any extensions. This is due to the
fact that Bazel always generates container layers with mtimes of files
set to 1970-01-01 for determinism/reproducibility.

Relax the check a bit to only fail when the mtime is false, which
happens when filemtime() fails.

Bug: T196672
Change-Id: Ieaeb3113a7d9c44f29cca2d062c5bb11ebeada0d
(cherry picked from commit d7d5d3c82a84338bd2669284427193ea7a80bdbc)

3 years agoinstaller: Fix display of UPGRADE by disabling InterwikiLookup
Kunal Mehta [Thu, 7 Jun 2018 08:01:13 +0000 (01:01 -0700)]
installer: Fix display of UPGRADE by disabling InterwikiLookup

Since 129067c907ea65f62, parsing section titles has looked up interwiki
prefixes with InterwikiLookup. In the web upgrader, this triggers
database access, and since that service is disabled, it throws
exceptions, causing parsing to fail.

Work around that by using a dummy InterwikiLookup service that knows
about no interwiki prefixes. Maybe one could be written to just read
from the stock `interwiki.list`, but that's a project for another time.

Bug: T196607
Change-Id: I13485a9af79297b552a1128240cb8597c2ef83d8
(cherry picked from commit a498abf272c7aff376c5225a6f593349e3cc3eaa)

3 years agoFix UploadBase::checkXMLEncodingMissmatch() on PHP 7.1+
Kunal Mehta [Thu, 7 Jun 2018 00:54:07 +0000 (17:54 -0700)]
Fix UploadBase::checkXMLEncodingMissmatch() on PHP 7.1+

file_get_contents() started supporting a negative offset in 7.1+. But
we really just want to start with 0.

Also fix the order of arguments to assertSame() so that the expected
value is first.

Bug: T182366
Change-Id: I84c92652de5b51a43f6e2b58cd235d2889093453

3 years agoAdd vendor submodule
Kunal Mehta [Wed, 6 Jun 2018 22:21:12 +0000 (15:21 -0700)]
Add vendor submodule

People will no longer need to clone it separately, just run
`git submodule update --init`.

If people want to run composer locally and have already checked out the
submodule, a `git submodule deinit vendor` will disable the submodule.

Change-Id: I1fdaf8dc3c2a8e246bb7d2987a42a41272dffc29

3 years agoMove RELEASE-NOTES for I4678250331a48db4d50d1fc6c489c991a4dee920
Reedy [Wed, 6 Jun 2018 18:31:49 +0000 (18:31 +0000)]
Move RELEASE-NOTES for I4678250331a48db4d50d1fc6c489c991a4dee920

Change-Id: Ic880a54427bf8bd9adf96863da25c485cb3c5662

3 years agoMerge "objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0" into...
jenkins-bot [Wed, 6 Jun 2018 18:02:33 +0000 (18:02 +0000)]
Merge "objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0" into REL1_31

3 years agoPopulate 1.31 rc.0 -> rc.2 release notes
Reedy [Tue, 5 Jun 2018 21:40:41 +0000 (21:40 +0000)]
Populate 1.31 rc.0 -> rc.2 release notes

Change-Id: I15fa23e881c0e177d12a6f6374bc08af3b197435
(cherry picked from commit 6e3bb339713db677df2272d7ff6f634dff1f244d)

3 years agoobjectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0
Aaron Schulz [Thu, 31 May 2018 21:41:02 +0000 (14:41 -0700)]
objectcache: update MemcachedPeclBagOStuff for pecl memcached 3.0.0

The get() $cas_token parameter was changed into $flags, which can act
as a switch to make the return value an associative array of details.

pecl and PHP-based memcached BagOStuff class both pass all tests now.

Bug: T196125
Change-Id: I4678250331a48db4d50d1fc6c489c991a4dee920

3 years agoDeprecate $wgDBmysql5
Kunal Mehta [Mon, 4 Jun 2018 20:35:06 +0000 (13:35 -0700)]
Deprecate $wgDBmysql5

Bug: T196185
Change-Id: Iea74b5dd1fc49c911dcc0070604f05100e56ce0d
(cherry picked from commit 7271d50bab79231efcedeabf5fbe4db0aa13fa4d)

3 years agoMerge "installer: Don't allow setting $wgDBmysql5" into REL1_31
jenkins-bot [Fri, 1 Jun 2018 21:49:45 +0000 (21:49 +0000)]
Merge "installer: Don't allow setting $wgDBmysql5" into REL1_31

3 years agoinstaller: Don't allow setting $wgDBmysql5
Kunal Mehta [Fri, 1 Jun 2018 18:57:36 +0000 (11:57 -0700)]
installer: Don't allow setting $wgDBmysql5

It was possible to pass --dbmysql5 to the command line installer to
enable this experimental option. This removes that ability, and removes
setting of $wgDBmysql5 in the generated LocalSettings.php, so new
installs will fallback to the default of false.

Bug: T196185
Change-Id: Id5ff69f493d14cf7b16157f729fbe4f4b4e2e8c8
(cherry picked from commit c9339ba552cb5f87586e7045b46519bd9db04fe0)

3 years agoinstaller: Hide binary/utf-8 charset option from users
Kunal Mehta [Thu, 31 May 2018 18:29:19 +0000 (11:29 -0700)]
installer: Hide binary/utf-8 charset option from users

This is still used internally for the preUpgrade() checks that see if
the user has an existing table using the utf8 charset, but hide it from
users so they don't accidentally pick utf8.

Bug: T196092
Change-Id: Iaace2e5bf9df7563e1d233496366c95b3f1faf16
(cherry picked from commit d5cde75416893983bfc65d161049798c26e33c54)

3 years agoregistration: Initialize PSR-4 namespaces at same stage as normal autoloader
Antoine Musso [Wed, 30 May 2018 19:02:46 +0000 (21:02 +0200)]
registration: Initialize PSR-4 namespaces at same stage as normal autoloader

readFromQueue() injects the content of AutoloadClasses to
$wgAutoloadClasses however it missed doing the same for

When using the installer with an extension having AutoloadNamespaces
set, its classes would not be found.

Make ExtensionRegistry append to AutoLoader::$psr4Namespaces, and add
a test to cover the new behavior.

Bug: T195783
Change-Id: Id61155867a4ca7d9bc4a347f8671da74b0fa490b
(cherry picked from commit 224864ebddab2e448f9ae4f247b85c652d9df42e)

3 years agoUpdate git submodules
Bartosz Dziewoński [Wed, 30 May 2018 22:27:05 +0000 (00:27 +0200)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 58301ba4468f4667c0c180f67bda238f0fedd58e
  - Fix condition for 'emptyPortlet' class

    Follow-up to 6b9616d1ca337308d773441dcfb263d9c68fdab6, which
    accidentally inverted the logic.

    This is a manual cherry-pick of 70b5f24986a5162c06ab343820e54c989753eeb4.

    Bug: T196026
    Change-Id: I98bc7529a1894b09ec3d80aab244327f526c022c

3 years agoBump version from rc.0 to rc.2 1.31.0-rc.2
Chad Horohoe [Wed, 30 May 2018 18:00:05 +0000 (11:00 -0700)]
Bump version from rc.0 to rc.2

Should've been bumped awhile ago to rc.1, meaning the rc.1
tag had the wrong version number. Rather than re-issue the
tag, we'll just move forward and not bother with rc.1

Change-Id: Ie89caf3826c35c3a15fe1390c4caec1f8b7d19cc

3 years agoUpdate git submodules
Paladox [Tue, 29 May 2018 16:13:19 +0000 (16:13 +0000)]
Update git submodules

* Update skins/Timeless from branch 'REL1_31'
  to 97ba1dd2996811899b6b1a96dce3fa20dd613b21
  - Fix $count to === against array instead of using count that fails

    Bug: T195613
    Change-Id: If2b51af8c5335394b8c0266ac2765e1c7ce49618

3 years agoRelease notes for I61749f1d864cf68afe90cd9e15ba2d7a74252501
Bartosz Dziewoński [Wed, 9 May 2018 20:39:20 +0000 (22:39 +0200)]
Release notes for I61749f1d864cf68afe90cd9e15ba2d7a74252501

Change-Id: Idd0a8f5bbc1da161817276cef44ff61a0e72f8b2

3 years agoOnly load PEAR Smtp mailer from vendor/composer, not from `pear` itself 1.31.0-rc.1
Chad Horohoe [Fri, 18 May 2018 01:56:00 +0000 (18:56 -0700)]
Only load PEAR Smtp mailer from vendor/composer, not from `pear` itself

Change-Id: I91c42a3eafd079039ddbc17a11ad3c7b6579e3c1

3 years agomail: Refactor checks looking for PEAR libraries to be clearer
Kunal Mehta [Thu, 26 Apr 2018 05:24:24 +0000 (22:24 -0700)]
mail: Refactor checks looking for PEAR libraries to be clearer

I don't think this makes any difference towards the linked bug, but
it makes it more obvious that MediaWiki doesn't try to use any PEAR
classes before attempting to require them.

Bug: T186456
Change-Id: I342f41903a15f13e72e76464499351412a9afa34
(cherry picked from commit 5d30435e81427fcce3353d900faaf8d9fa9a8709)

3 years agobuild: Updating mediawiki/mediawiki-codesniffer to 18.0.0
libraryupgrader [Sat, 14 Apr 2018 10:27:27 +0000 (10:27 +0000)]
build: Updating mediawiki/mediawiki-codesniffer to 18.0.0

Change-Id: Id39e8dcf22262d1b3c57628467163a995fe4053b
(cherry picked from commit 5a024697a272981fc491e7502d6d5fddef4d2c22)

3 years agoinstaller: Do not wrongly hide namespace input field
Fomafix [Fri, 27 Apr 2018 14:27:39 +0000 (16:27 +0200)]
installer: Do not wrongly hide namespace input field

When the radio button is already on "other" then the input field for
the namespace should not get hidden by JavaScript on load.

Also remove the readonly attribute in HTML because the readonly
attribute can not get removed with disabled JavaScript.

Change-Id: I8cfde90d791765234572caf00b731881ac2eda48
(cherry picked from commit 31a472655b246df3c072d36959afcb7d2897889d)

3 years agoFix warning "ob_end_flush(): failed to delete and flush buffer" during uploads
Edward Chernenko [Sun, 1 Apr 2018 21:39:59 +0000 (00:39 +0300)]
Fix warning "ob_end_flush(): failed to delete and flush buffer" during uploads

Bug: T186565
Change-Id: Ia4b29611ccee4acac11717f5220ff9e0fdbd55a9
(cherry picked from commit 30d72ec3d0914bb905d4114dee9256f02cbdcc7f)

3 years agoDon't require trailing slash in PSR-4 autoloader directory
Mark A. Hershberger [Sun, 20 May 2018 14:51:34 +0000 (10:51 -0400)]
Don't require trailing slash in PSR-4 autoloader directory

This avoids the confusing error “Fatal error: Uncaught
InvalidArgumentException” or similar.

Bug: T195211
Change-Id: Ifda59a26f8bd968a2d0acbdb157d81dc0bf6aab4
(cherry picked from commit 3b85e362a4098832a08529adc89571a86bf6e9a2)

3 years agoUpdate git submodules
Cindy Cicalese [Wed, 16 May 2018 12:43:54 +0000 (12:43 +0000)]
Update git submodules

* Update extensions/ReplaceText from branch 'REL1_31'
  to a027ec972c1d98e92483230e1cbf71cc08a31150
  - Fix path to maintenance directory.

    Change-Id: Ife7a7076ee87938cadb84aa56982cc667bd90e2f
    (cherry picked from commit f7b59db9b3aba2e5523a11d7922f668ef05806ee)

3 years agoMerge "registration: Improve duplicate config setting exception" into REL1_31
jenkins-bot [Tue, 15 May 2018 23:54:23 +0000 (23:54 +0000)]
Merge "registration: Improve duplicate config setting exception" into REL1_31

3 years agoMerge "IcuCollation: Use codepoint as tiebreaker when getting first-letters" into...
jenkins-bot [Tue, 15 May 2018 23:53:37 +0000 (23:53 +0000)]
Merge "IcuCollation: Use codepoint as tiebreaker when getting first-letters" into REL1_31

3 years agoregistration: Improve duplicate config setting exception
Kunal Mehta [Tue, 15 May 2018 17:26:43 +0000 (10:26 -0700)]
registration: Improve duplicate config setting exception

We don't keep track of what set a specific global, so at least mention
the name of the extension that is setting a duplicate for easier

Also, fix the case where if the first extension to be loaded was setting
a core setting, it would not throw an exception since config was being
processed before the rest of extension.json. Now we process config after
all core settings, going only before attributes.

Bug: T194319
Change-Id: I4fd96e7d167cf0652ee3e8e66167c86f2b91b992
(cherry picked from commit 5490b1270a0a7447f28d2407736fc3c1deb41d44)

3 years agoinstaller: Don't shell out if it's disabled
Kunal Mehta [Tue, 15 May 2018 18:23:38 +0000 (11:23 -0700)]
installer: Don't shell out if it's disabled

Bug: T191947
Change-Id: I16a82d271157cd0024aa14d7eaec80b4870947b5
(cherry picked from commit 2e473413a8fd1e205142b5c5980addb34aaf369f)

3 years agoUpdate git submodules
James D. Forrester [Thu, 3 May 2018 18:59:00 +0000 (11:59 -0700)]
Update git submodules

* Update extensions/MultimediaViewer from branch 'REL1_31'
  to 1273d3e0b2189e33fed0567f589a3e7bc4ae6d4e
  - tests: Comment out failing tests

    Bug: T192932
    Change-Id: Iba81676ebb13407679bd99b0e08d29e225a7ebde
    (cherry picked from commit 2078fbfb53acd357c96ea187f31a6ba878afc053)

3 years agoIcuCollation: Use codepoint as tiebreaker when getting first-letters
Bartosz Dziewoński [Tue, 8 May 2018 11:43:10 +0000 (13:43 +0200)]
IcuCollation: Use codepoint as tiebreaker when getting first-letters

This prevents unexpected cuneiform digits from acting as headings for
2 and 3 on category pages.

Bug: T187645
Change-Id: I0424a24769899cb23b28704f97e1002fa44999fd
(cherry picked from commit 390ff7fca179e26ac177810145d27d98fe2fff43)

3 years agoAdd default edit rate limit of 90 edits/minute for all users
Brian Wolff [Wed, 9 May 2018 20:43:51 +0000 (20:43 +0000)]
Add default edit rate limit of 90 edits/minute for all users

Previously there was no rate limit at all if you were autoconfirmed.

This initial setting is set on the high end of things, we may
adjust later. See also T192668, T194204.

Change-Id: I7cb002900bae2da3f4f4758671186659c1720e1d
(cherry picked from commit cefdcefdb8f15ffdec8345b93aff2036db92d1f7)

3 years agoAdd ReplaceText submodule
Kunal Mehta [Mon, 7 May 2018 09:07:59 +0000 (02:07 -0700)]
Add ReplaceText submodule

Bug: T191741
Change-Id: Iea4e0e4e04b2ec1b4fc07b11fb0af1ac3ee6347f

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 03:05:58 +0000 (20:05 -0700)]
Update git submodules

* Update extensions/TitleBlacklist from branch 'REL1_31'
  to 1143a1f61e049e4f8e4de317e7299091a2ca0707
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: I9c02ca49f9e35873adc2e2462df1020fd30eb934
    (cherry picked from commit 616a7afb885bd8707c143bb271831fb31fc8d377)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 02:52:32 +0000 (19:52 -0700)]
Update git submodules

* Update extensions/Renameuser from branch 'REL1_31'
  to f8e515711db88fdd2aae02b760d2e11df3d70489
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: I3af50c0a15b7ec0ecea087fefc3d026cced99749
    (cherry picked from commit 52ac2bdc3221a65a15d383f7fafc56f47e31b08b)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 03:01:48 +0000 (20:01 -0700)]
Update git submodules

* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_31'
  to a7d04ae33439d1c1b595d68fbad08c43f930fdcf
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: I2fa1c622dc495e3f4969d7684934f1839f9caf00
    (cherry picked from commit b185d9892f5c45d02c0bb3c620644c831945d7bb)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 02:56:08 +0000 (19:56 -0700)]
Update git submodules

* Update extensions/SpamBlacklist from branch 'REL1_31'
  to f6fa789ad2c07a4fe89e4d1e636aea1126f26afc
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: Iaefb223d2217762f6fa91a854d0f963270362c07
    (cherry picked from commit 9a87cc3c060eab4d576f3561f0f197f91ac090c2)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 02:53:10 +0000 (19:53 -0700)]
Update git submodules

* Update extensions/Poem from branch 'REL1_31'
  to c4098df5ea8132826164f71c0c18b54ae8450edf
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: I38ce057fc41a0164922f403b77d998df2b4f1099
    (cherry picked from commit 8552303267a4f45a38048f90595385572efe30f0)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 02:47:00 +0000 (19:47 -0700)]
Update git submodules

* Update extensions/PdfHandler from branch 'REL1_31'
  to 21f2fe96901077927bde13ec15496c186a208197
  - Configure phan-taint-check-plugin

    Change-Id: I934702057ecee687d9966a6f042ee8aa7c68f2d7
    (cherry picked from commit 5f0b10d2a5e8ea8e5aa1f05ab1c9ddbab07a1584)

3 years agoUpdate git submodules
Kunal Mehta [Sat, 5 May 2018 03:08:33 +0000 (20:08 -0700)]
Update git submodules

* Update extensions/WikiEditor from branch 'REL1_31'
  to 277159cd3ae6fdafb7f49db3dbfedfa023e81d35
  - Upgrade phan-taint-check-plugin to 1.2.0

    Change-Id: Ib6953c3f1eb5b9c9edc7d58735391b965ac6b27a
    (cherry picked from commit 9ba9e3e4e12a8004fe7198285a8864e752259091)

3 years agoAdding Timeless skin to 1.31
Chad Horohoe [Sat, 5 May 2018 17:02:46 +0000 (10:02 -0700)]
Adding Timeless skin to 1.31

Change-Id: I57d868eb596f5067690fbfdb9c546dcbdbaf5be2

3 years agoUpdate git submodules
Brian Wolff [Fri, 4 May 2018 21:00:56 +0000 (21:00 +0000)]
Update git submodules

* Update extensions/InputBox from branch 'REL1_31'
  to dfec2613ddd6b2bfc6cf291be74429b5bfebea89
  - Bump phan-taint-check 1.1.0->1.2.0

    Bug: T193909
    Change-Id: I1bf4d64e68bff516b5f8b6266d85f670200084df
    (cherry picked from commit 4d4aefd2f24e9e8e996e3fba29df3f5cae60c7b7)

3 years agoUpdate git submodules
Brian Wolff [Fri, 4 May 2018 20:57:11 +0000 (20:57 +0000)]
Update git submodules

* Update extensions/InputBox from branch 'REL1_31'
  to 0fdeec73bd212f4409bfbdfcfc1aa977694d3c43
  - Fix a phan-taint-check false positive

    phan-taint-check gets confused when you escape a variable and
    assign the escaped version to the same name as the unescaped

    Change-Id: I1bf4d64e68bff516b5f8b6266d85f67020008433
    (cherry picked from commit 252fed5d27cc67701c7fbf98370e4af0d50fcb38)

3 years agoUpdate git submodules
Brian Wolff [Fri, 4 May 2018 20:30:10 +0000 (20:30 +0000)]
Update git submodules

* Update extensions/CodeEditor from branch 'REL1_31'
  to 886d7971ae1b04edc463bc7e11d7f5d282ae4f10
  - Add phan-taint-check as version 1.2.0

    Bug: T193909
    Change-Id: Ibbfa1554ed1fe4dcaba2629abf608b59a2dd2733
    (cherry picked from commit e9df595a2670e967fd5005b87fa401287cc18a48)

3 years agoUpdate git submodules
Brian Wolff [Fri, 4 May 2018 20:27:19 +0000 (20:27 +0000)]
Update git submodules

* Update extensions/CiteThisPage from branch 'REL1_31'
  to f224f44304637e739ac470f7fca25498486cb0fe
  - Bump phan-taint-check 1.1.0->1.2.0

    Bug: T193909
    Change-Id: I1bf4d64e68bff516b5f8b6266d85f670200084df
    (cherry picked from commit 860ece0d63309b077d605526790e198907bbd185)

3 years agoUpdate git submodules
Brian Wolff [Fri, 4 May 2018 19:45:52 +0000 (19:45 +0000)]
Update git submodules

* Update extensions/ParserFunctions from branch 'REL1_31'
  to 7ec426b9a1d5fabfa8ba79e08806c5b3f796837a
  - Update phan-taint-check version 1.1.0 -> 1.2.0

    Change-Id: Ib3eec1e70d8c1e4fdcfe811168adff7e32878d3b
    (cherry picked from commit b67b90c6a4918396c221c7154a827495d3d6d942)