4 years agoRemove else from UserGroupMembership
Reedy [Fri, 18 May 2018 19:39:26 +0000 (19:39 +0000)]
Remove else from UserGroupMembership

Change-Id: I7c18df1cab69df5f124c95b1ddb241e3f1be5927

4 years agoMerge "Special:Preferences: Construct fake tabs to avoid FOUC"
jenkins-bot [Fri, 18 May 2018 18:44:01 +0000 (18:44 +0000)]
Merge "Special:Preferences: Construct fake tabs to avoid FOUC"

4 years agoMerge "Remove everything related to CollationFa"
jenkins-bot [Fri, 18 May 2018 18:27:26 +0000 (18:27 +0000)]
Merge "Remove everything related to CollationFa"

4 years agoSpecial:Preferences: Construct fake tabs to avoid FOUC
Ed Sanders [Mon, 23 Apr 2018 11:56:13 +0000 (12:56 +0100)]
Special:Preferences: Construct fake tabs to avoid FOUC

Bug: T192769
Bug: T189366
Change-Id: I4aabda97d14d97dce3e35abda2ce82925d721c9b

4 years agoMerge "Make Special:TrackingCategories sortable"
jenkins-bot [Fri, 18 May 2018 17:03:47 +0000 (17:03 +0000)]
Merge "Make Special:TrackingCategories sortable"

4 years agoMerge "Use redirect=no in whatLinksHere if the target is a redirect"
jenkins-bot [Fri, 18 May 2018 16:58:34 +0000 (16:58 +0000)]
Merge "Use redirect=no in whatLinksHere if the target is a redirect"

4 years agoMerge "Add checkbox in Special:ListUsers to display only users in temporary user...
jenkins-bot [Fri, 18 May 2018 16:54:52 +0000 (16:54 +0000)]
Merge "Add checkbox in Special:ListUsers to display only users in temporary user groups"

4 years agoMerge "resourceloader: Refactor CSP $nonce passing"
jenkins-bot [Fri, 18 May 2018 16:54:50 +0000 (16:54 +0000)]
Merge "resourceloader: Refactor CSP $nonce passing"

4 years agoUse redirect=no in whatLinksHere if the target is a redirect
Daimona Eaytoy [Mon, 7 May 2018 18:37:46 +0000 (20:37 +0200)]
Use redirect=no in whatLinksHere if the target is a redirect

When the user is looking at links to a redirect page and clicks on the
link of the page, he would expect to be sent to the page itself, not to
the final destination of the redirect.

Bug: T189860
Change-Id: I11e663cbce32b4199f16df6ed1e9b980630ece7a

4 years agoMerge "Names.php: Remove U+200E after autonym of language 'lki'"
jenkins-bot [Fri, 18 May 2018 16:42:47 +0000 (16:42 +0000)]
Merge "Names.php: Remove U+200E after autonym of language 'lki'"

4 years agoRemove everything related to CollationFa
Amir Sarabadani [Fri, 18 May 2018 14:44:18 +0000 (16:44 +0200)]
Remove everything related to CollationFa

This workaround was needed when ICU in production was broken
but after T189295 this is not needed anymore and we switched off
this collation from all Persian Wikis already

Bug: T139110
Change-Id: Ifad89555b6ac96a3eb36ca24b55e1f8ee57a1f05

4 years agoMerge "Strip Unicode 6.3.0 directional formatting characters from title"
jenkins-bot [Fri, 18 May 2018 15:32:34 +0000 (15:32 +0000)]
Merge "Strip Unicode 6.3.0 directional formatting characters from title"

4 years agoMerge "Strip soft hyphens (U+00AD) from title"
jenkins-bot [Fri, 18 May 2018 15:32:30 +0000 (15:32 +0000)]
Merge "Strip soft hyphens (U+00AD) from title"

4 years agoMerge "Fix documentation of InfoAction::pageInfo"
jenkins-bot [Fri, 18 May 2018 14:52:06 +0000 (14:52 +0000)]
Merge "Fix documentation of InfoAction::pageInfo"

4 years agoMerge "Special:PrefixIndex: Convert to OOUI"
jenkins-bot [Fri, 18 May 2018 13:32:38 +0000 (13:32 +0000)]
Merge "Special:PrefixIndex: Convert to OOUI"

4 years agoMerge "makeCollapsible: Add test for nested collapsibles"
jenkins-bot [Fri, 18 May 2018 13:06:09 +0000 (13:06 +0000)]
Merge "makeCollapsible: Add test for nested collapsibles"

4 years agoMerge "Use .json extension for OOUI source maps"
jenkins-bot [Fri, 18 May 2018 12:55:34 +0000 (12:55 +0000)]
Merge "Use .json extension for OOUI source maps"

4 years agoSpecial:PrefixIndex: Convert to OOUI
gopavasanth [Sat, 21 Apr 2018 13:24:16 +0000 (18:54 +0530)]
Special:PrefixIndex: Convert to OOUI

Bug: T117726
Change-Id: I13c4d6d5132b7085bc954a97d270efbef0acb846

4 years agoUse .json extension for OOUI source maps
Bartosz Dziewoński [Mon, 14 May 2018 17:49:30 +0000 (19:49 +0200)]
Use .json extension for OOUI source maps

OOUI is being changed to use .json in

Bug: T194676
Change-Id: I5971efc2db7a2cdc5ca0ba843625b76de25dbd8b

4 years agoMerge "Special:AllPages: Overriding the title for form submission"
jenkins-bot [Fri, 18 May 2018 11:35:52 +0000 (11:35 +0000)]
Merge "Special:AllPages: Overriding the title for form submission"

4 years agoSpecial:AllPages: Overriding the title for form submission
Jayprakash12345 [Tue, 8 May 2018 20:21:43 +0000 (01:51 +0530)]
Special:AllPages: Overriding the title for form submission

Bug: T193965
Change-Id: I10867b89e94d9aa54f30f5f4f8b5974f68479f6f

4 years agoMerge "Enable a bunch of disabled phan checks that are no longer failing"
jenkins-bot [Fri, 18 May 2018 09:19:41 +0000 (09:19 +0000)]
Merge "Enable a bunch of disabled phan checks that are no longer failing"

4 years agoMerge "Enable "PhanTypeInvalidRightOperand" phan checks"
jenkins-bot [Fri, 18 May 2018 09:13:24 +0000 (09:13 +0000)]
Merge "Enable "PhanTypeInvalidRightOperand" phan checks"

4 years agoMerge "Enable "PhanUndeclaredVariable" phan check"
jenkins-bot [Fri, 18 May 2018 09:08:53 +0000 (09:08 +0000)]
Merge "Enable "PhanUndeclaredVariable" phan check"

4 years agoMerge "Fix improper parameters to ReflectionMethod::invoke"
jenkins-bot [Fri, 18 May 2018 09:08:50 +0000 (09:08 +0000)]
Merge "Fix improper parameters to ReflectionMethod::invoke"

4 years agoMerge "mw.special.changeslist.enhanced: Remove special case handled by jquery.makeCol...
jenkins-bot [Fri, 18 May 2018 08:08:44 +0000 (08:08 +0000)]
Merge "mw.special.changeslist.enhanced: Remove special case handled by jquery.makeCollapsible now"

4 years agoEnable a bunch of disabled phan checks that are no longer failing
Kunal Mehta [Fri, 18 May 2018 06:27:59 +0000 (23:27 -0700)]
Enable a bunch of disabled phan checks that are no longer failing

Change-Id: I471bffa8a4aa20d22e7e1830a2b01fce3e099d9e

4 years agoEnable "PhanTypeInvalidRightOperand" phan checks
Kunal Mehta [Fri, 18 May 2018 06:27:42 +0000 (23:27 -0700)]
Enable "PhanTypeInvalidRightOperand" phan checks

HTMLFormField subclasses triggered false positives when phan incorrectly
thought that $this->mOptions was only a boolean.

ReplacementArray $this->data was defined as possibly being boolean, but
in reality that never happened.

Change-Id: I06bae9c9952366ff7927df37373b146d570f4a02

4 years agoEnable "PhanUndeclaredVariable" phan check
Kunal Mehta [Fri, 18 May 2018 05:35:31 +0000 (22:35 -0700)]
Enable "PhanUndeclaredVariable" phan check

All of the instances of it have been fixed. This would have prevented
T194899 from happening in the first place.

Change-Id: I19357ffc858022d3b89a040eafe9047f83df1c88

4 years agoFix improper parameters to ReflectionMethod::invoke
Kunal Mehta [Fri, 18 May 2018 05:30:58 +0000 (22:30 -0700)]
Fix improper parameters to ReflectionMethod::invoke

The first argument to the function is supposed to be an object, or null if
the method is static.

Otherwise on PHP 7.2 the tests fail with:
 ReflectionMethod::invoke() expects parameter 1 to be object, string given

Change-Id: I7002be5809f9dfbee0788907fe85139d05c0e1fc

4 years agoresourceloader: Refactor CSP $nonce passing
Timo Tijhof [Thu, 17 May 2018 18:25:49 +0000 (20:25 +0200)]
resourceloader: Refactor CSP $nonce passing

Follows-up 70941efd35562dcb700 which broke various public
signatures of the ClientHtml class that I'd prefer to handle

This commit mainly restores support for all previously public
signatures, and either removes the need for a parameter, or moves
it to the end of the original signature (as optional param).

* ClientHtml::getHeadHtml: Remove the positional/required parameter
  that was added. Restoring the method to being a stateless computer
  that requires no parameters. Pass the option via construct instead.

* ClientHtml::makeLoad:
  - Make $nonce optional.
  - Restore $extraQuery as optional.

* ResourceLoader::makeInlineScript: Document $nonce as optional
  (matching the implementation).

Change-Id: Iaf33f2a060048e6606fba8d875b6d2953b21ef45

4 years agoApiCSPReport: Fix undefined $userAgent variable
Kunal Mehta [Fri, 18 May 2018 05:18:20 +0000 (22:18 -0700)]
ApiCSPReport: Fix undefined $userAgent variable

Bug: T194899
Change-Id: Ia83f961da1db2d1245859ae584db883b7a11081c

4 years agomakeCollapsible: Add test for nested collapsibles
Derk-Jan Hartman [Thu, 17 May 2018 18:20:13 +0000 (20:20 +0200)]
makeCollapsible: Add test for nested collapsibles

Follow-up to: I1c3c29dc9ca4ccbf8da83796e56964a7a6d58a81

Bug: T168689
Change-Id: I7059d870976e36b20634e9c2c919408b3eb1d7fc

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Thu, 17 May 2018 19:54:02 +0000 (21:54 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: I75e62a47c7b013e87304f62e87f589ea588a469e

4 years agoMerge "resourceloader: Make various CSSMin performance optimizations and cleanups"
jenkins-bot [Thu, 17 May 2018 18:50:45 +0000 (18:50 +0000)]
Merge "resourceloader: Make various CSSMin performance optimizations and cleanups"

4 years agoresourceloader: Make various CSSMin performance optimizations and cleanups
Thiemo Kreuz [Thu, 19 Apr 2018 13:45:44 +0000 (15:45 +0200)]
resourceloader: Make various CSSMin performance optimizations and cleanups

This is called relatively often. Even small improvements might have an

I'm intentionally replacing method_exists with class_exists because the
old check looked like it was done for backwards compatibility (MediaWiki
before 1.27 did not contained the method), while in reality this code is
meant to run without MediaWiki. This is much better reflected with a
straight "if this class doesn't exist, there is no MediaWiki".

I'm intentionally using the …::class feature. Yes, this works, even if the
class is not there.

Change-Id: I7f250a7cb000105bb751f68f25c6cc1c44c8f221

4 years agomw.special.changeslist.enhanced: Remove special case handled by jquery.makeCollapsibl...
Bartosz Dziewoński [Tue, 8 May 2018 14:28:01 +0000 (16:28 +0200)]
mw.special.changeslist.enhanced: Remove special case handled by jquery.makeCollapsible now

No longer needed after 8cdfcc5fd4ba36b7c91ac8097390220de230f8ae.
This reverts 070374b7a4811bfb5c9da4350bc16b77321537e3.

Change-Id: I78879358f6305c1b0fa6dbba8fe9fdc06ab05cc0

4 years agoMerge "CSSMin: Do not escape U+FFFD as code point"
jenkins-bot [Thu, 17 May 2018 17:44:09 +0000 (17:44 +0000)]
Merge "CSSMin: Do not escape U+FFFD as code point"

4 years agoMerge "mediawiki.special.watchlist: Combine visitedstatus module"
jenkins-bot [Thu, 17 May 2018 16:26:16 +0000 (16:26 +0000)]
Merge "mediawiki.special.watchlist: Combine visitedstatus module"

4 years agoMerge "mediawiki.special: Combine various tiny specialpage style modules"
jenkins-bot [Thu, 17 May 2018 16:15:22 +0000 (16:15 +0000)]
Merge "mediawiki.special: Combine various tiny specialpage style modules"

4 years agoMerge "jquery.spinner: Remove obsolete IE8 support"
jenkins-bot [Thu, 17 May 2018 11:45:14 +0000 (11:45 +0000)]
Merge "jquery.spinner: Remove obsolete IE8 support"

4 years agoMerge "jquery.spinner: Move files to their own src/ directory"
jenkins-bot [Thu, 17 May 2018 11:45:11 +0000 (11:45 +0000)]
Merge "jquery.spinner: Move files to their own src/ directory"

4 years agoCSSMin: Do not escape U+FFFD as code point
Fomafix [Thu, 17 May 2018 10:18:27 +0000 (12:18 +0200)]
CSSMin: Do not escape U+FFFD as code point

The current editors draft from 23 April 2018 does not require to escape
the REPLACEMENT CHARACTER (U+FFFD) as code point anymore.

  If the character is NULL (U+0000), then the REPLACEMENT CHARACTER

  If the character is NULL (U+0000), then the REPLACEMENT CHARACTER
  (U+FFFD) escaped as code point.

Change-Id: Ia67e89b3c9561ca29e133d61a2eca8f3db306d8c

4 years agoMerge "objectcache: add BagOStuff comment additions about access scope"
jenkins-bot [Thu, 17 May 2018 07:54:30 +0000 (07:54 +0000)]
Merge "objectcache: add BagOStuff comment additions about access scope"

4 years agoobjectcache: add BagOStuff comment additions about access scope
Aaron Schulz [Tue, 15 May 2018 22:33:38 +0000 (15:33 -0700)]
objectcache: add BagOStuff comment additions about access scope

Change-Id: Id23859a58ea3bde0338ba4d22ce12ffcbbf4480a

4 years agojquery.spinner: Remove obsolete IE8 support
Timo Tijhof [Wed, 16 May 2018 22:57:25 +0000 (00:57 +0200)]
jquery.spinner: Remove obsolete IE8 support

This is a JS-only module that cannot be loaded on IE8 given
it's currently in Grade C (Grade A requires IE11).

Change-Id: I8707d7d2fd1d20c2b354c1589248ba7fda0d5e85

4 years agojquery.spinner: Move files to their own src/ directory
Timo Tijhof [Wed, 16 May 2018 22:55:42 +0000 (00:55 +0200)]
jquery.spinner: Move files to their own src/ directory

Reduce clutter in src/jquery/.

Bug: T193826
Change-Id: Idb9c7ab89a10728249b6051057b7edbf7efcca78

4 years agomediawiki.special.watchlist: Combine visitedstatus module
Timo Tijhof [Fri, 11 May 2018 15:18:23 +0000 (16:18 +0100)]
mediawiki.special.watchlist: Combine visitedstatus module

The 'mediawiki.special.changeslist.visitedstatus' module is only
used in SpecialWatchlist.php, which also always loads
'mediawiki.special.watchlist'. Thus, registering them as seperate
deliverables isn't needed.

In terms of size, they're also sufficiently small that even if
they could load under different conditions, it'd fine to load
as one module regardless.

Bug: T192623
Change-Id: I67d78083ce7a3000c05356e3eb0bcb98d0c1e990

4 years agomediawiki.special: Combine various tiny specialpage style modules
Timo Tijhof [Fri, 11 May 2018 14:33:41 +0000 (15:33 +0100)]
mediawiki.special: Combine various tiny specialpage style modules

These stylesheets are sufficiently tiny that it doesn't make sense to
offer them the ability to be loaded separately from each other (saving
bytes in double-digits) at the cost of 1) exporting a dedicated registry
item with meta data shipped on every page view, 2) reduced cache re-use
from increased fragmentation.

Instead, move these to the 'mediawiki.special' style module.
The entries retain their own files to keep them as easy to find
and edit as before.

Where not already, ensure addModuleStyles() is always placed above
any addModules() call in the same method. The load order isn't
affected by the call order, but given blocking style-modules load
before async JS, it helps to order them in a way that visually
matches the effective load order (from top to bottom).

The following 7 modules were remove without deprecation:

1. "mediawiki.special.apisandbox.styles" (1 rule)
2. "mediawiki.special.edittags.styles" (3 rules)
3. "mediawiki.special.movePage.styles" (1 rule)
4. "mediawiki.special.pagesWithProp" (1 rule)
5. "mediawiki.special.upload.styles" (2 rules)
6. "mediawiki.special.watchlist.styles" (3 rules)
7. "mediawiki.special.comparepages.styles" (4 rules)

These module names were only used on the core classes loading them, and
aren't depended on outside core by module name, rather, extensions and
gadgets depend on the styles styles being loaded in a blocking manner on
these pages, which remains unaffected.

Bug: T192623
Change-Id: I6e663dc3c80c7104c9b9abdde44c654543185373

4 years agoMerge "Preferences: Fix timezone selectors"
jenkins-bot [Wed, 16 May 2018 21:58:21 +0000 (21:58 +0000)]
Merge "Preferences: Fix timezone selectors"

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Wed, 16 May 2018 20:47:27 +0000 (22:47 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: Id63d8cbbd732543020b777d068e00cc48657a6bf

4 years agoAPI: Introduce "templated parameters"
Brad Jorsch [Wed, 4 Apr 2018 20:22:01 +0000 (16:22 -0400)]
API: Introduce "templated parameters"

With MCR coming up, ApiEditPage is going to need to be able to take
"text" and "contentmodel" parameters for each slot-role, and enumerating
such parameters for every possible slot would probably get rather
confusing as to what is required when, or at least long-winded in
repeating the exact same thing for every possible role.

So let's abstract it: we'll have an "editroles" parameter to specify which
slots are being edited, and ApiEditPage will just declare that
"text-{role}" and "contentmodel-{role}" parameters should exist for each
value of "editroles" in the submission.

Note this patch doesn't introduce anything that uses templated
parameters, just the functionality itself. For testing purposes you
might cherry pick I2d658e9a.

Bug: T174032
Change-Id: Ia19a1617b73067bfb1f0f16ccc57d471778b7361

4 years agoNames.php: Remove U+200E after autonym of language 'lki'
Fomafix [Wed, 16 May 2018 18:10:05 +0000 (20:10 +0200)]
Names.php: Remove U+200E after autonym of language 'lki'

The LEFT-TO-RIGHT MARK (U+200E) after the RTL autonym of the language
'lki' was inserted in 04fcd20c.

The LRM causes wrong parentheses on mixed bidi sequences on Google
<span dir="rtl">({{#language:lki}}) Foo</span>

Change-Id: I9db84938e2b2142a3cb61955dfcbda790e6bbc5f

4 years agoPreferences: Fix timezone selectors
Ed Sanders [Wed, 16 May 2018 17:10:47 +0000 (18:10 +0100)]
Preferences: Fix timezone selectors

Change-Id: I6a3c4c811361188a9a288cf688f64155b48a906d

4 years agoMerge "parser: Don't unnecessarily add and remove a pipe "
jenkins-bot [Wed, 16 May 2018 16:51:38 +0000 (16:51 +0000)]
Merge "parser: Don't unnecessarily add and remove a pipe "

4 years agoMerge "resourceloader: avoid use of $.globalEval in mediawiki.js"
jenkins-bot [Wed, 16 May 2018 16:40:07 +0000 (16:40 +0000)]
Merge "resourceloader: avoid use of $.globalEval in mediawiki.js"

4 years agoparser: Don't unnecessarily add and remove a pipe
Arlo Breault [Wed, 16 May 2018 15:29:10 +0000 (11:29 -0400)]
parser: Don't unnecessarily add and remove a pipe

Change-Id: I884ab88f9e8ac6f402cd4b3a54e33ccbd30637a2

4 years agoMake Special:TrackingCategories sortable
Raymond [Wed, 16 May 2018 13:39:44 +0000 (15:39 +0200)]
Make Special:TrackingCategories sortable

https://de.wikipedia.org/wiki/Spezial:Tracking-Kategorien is longer
than 1 screen page

Change-Id: Idf2681960bc87f5f189b1666899bd609d74495bb

4 years agoMerge "Deprecate overriding SearchEngine::search*"
jenkins-bot [Wed, 16 May 2018 13:31:56 +0000 (13:31 +0000)]
Merge "Deprecate overriding SearchEngine::search*"

4 years agoMerge "Add missing __METHOD__ to onTransactionPreCommitOrIdle() caller"
jenkins-bot [Wed, 16 May 2018 13:00:35 +0000 (13:00 +0000)]
Merge "Add missing __METHOD__ to onTransactionPreCommitOrIdle() caller"

4 years agoMerge "Deduplicate archive.ar_rev_id"
jenkins-bot [Wed, 16 May 2018 12:53:05 +0000 (12:53 +0000)]
Merge "Deduplicate archive.ar_rev_id"

4 years agoDeduplicate archive.ar_rev_id
Brad Jorsch [Fri, 27 Apr 2018 17:10:36 +0000 (13:10 -0400)]
Deduplicate archive.ar_rev_id

Old bugs and such may have left the archive table with multiple rows
using the same ar_rev_id, or rows that also exist in the revision table.
These need to be cleaned up for MCR.

The maintenance script added here will delete rows that appear to be
duplicates of the same change, and will assign new IDs to rows that do
not appear to be duplicates.

Bug: T193180
Change-Id: I39b0825c9469e074ded3df33a4f06a1ef0edb494

4 years agoMerge "Special:PrefixIndex: Fix regression on prefix input value"
jenkins-bot [Wed, 16 May 2018 07:58:23 +0000 (07:58 +0000)]
Merge "Special:PrefixIndex: Fix regression on prefix input value"

4 years agoMerge "mw.widgets.datetime.DateTimeInputWidget: Increase width"
jenkins-bot [Wed, 16 May 2018 01:09:47 +0000 (01:09 +0000)]
Merge "mw.widgets.datetime.DateTimeInputWidget: Increase width"

4 years agomw.widgets.datetime.DateTimeInputWidget: Increase width
Prateek Saxena [Tue, 15 May 2018 08:41:35 +0000 (14:11 +0530)]
mw.widgets.datetime.DateTimeInputWidget: Increase width

The condition to add extra width for 'strings' was already there
but was putting the same value for both. Increased from 1.15 to
1.25 per character for strings.

Bug: T193907
Change-Id: I474a8a84756d7222a47ef9d4f2d4b50050c4e20e

4 years agoMerge "registration: Improve duplicate config setting exception"
jenkins-bot [Tue, 15 May 2018 23:20:50 +0000 (23:20 +0000)]
Merge "registration: Improve duplicate config setting exception"

4 years agoAdd missing __METHOD__ to onTransactionPreCommitOrIdle() caller
Aaron Schulz [Tue, 15 May 2018 19:52:19 +0000 (12:52 -0700)]
Add missing __METHOD__ to onTransactionPreCommitOrIdle() caller

Change-Id: I3722411dc63ff69253096f9c05e4fd1f130931ae

4 years agoMerge "Make internal search methods private for db implementations"
jenkins-bot [Tue, 15 May 2018 20:09:59 +0000 (20:09 +0000)]
Merge "Make internal search methods private for db implementations"

4 years agoMerge "installer: Don't shell out if it's disabled"
jenkins-bot [Tue, 15 May 2018 19:59:35 +0000 (19:59 +0000)]
Merge "installer: Don't shell out if it's disabled"

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Tue, 15 May 2018 19:58:24 +0000 (21:58 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: I753e6748d026de5a07d3a6b9b07484671059d8db

4 years agoMerge "Populate externallinks.el_index_60 and drop default"
jenkins-bot [Tue, 15 May 2018 19:15:08 +0000 (19:15 +0000)]
Merge "Populate externallinks.el_index_60 and drop default"

4 years agoinstaller: Don't shell out if it's disabled
Kunal Mehta [Tue, 15 May 2018 18:23:38 +0000 (11:23 -0700)]
installer: Don't shell out if it's disabled

Bug: T191947
Change-Id: I16a82d271157cd0024aa14d7eaec80b4870947b5

4 years agoregistration: Improve duplicate config setting exception
Kunal Mehta [Tue, 15 May 2018 17:26:43 +0000 (10:26 -0700)]
registration: Improve duplicate config setting exception

We don't keep track of what set a specific global, so at least mention
the name of the extension that is setting a duplicate for easier

Also, fix the case where if the first extension to be loaded was setting
a core setting, it would not throw an exception since config was being
processed before the rest of extension.json. Now we process config after
all core settings, going only before attributes.

Bug: T194319
Change-Id: I4fd96e7d167cf0652ee3e8e66167c86f2b91b992

4 years agoMerge "User: System block reasons shouldn't expand templates"
jenkins-bot [Tue, 15 May 2018 16:21:29 +0000 (16:21 +0000)]
Merge "User: System block reasons shouldn't expand templates"

4 years agoPopulate externallinks.el_index_60 and drop default
Brad Jorsch [Fri, 18 Nov 2016 20:42:11 +0000 (15:42 -0500)]
Populate externallinks.el_index_60 and drop default

Adds a maintenance script to populate the field, has that be
automatically run during update.php, and drops the no-longer-needed
default value on the column (where possible: mssql has some sort of
constraint thing going on that I have no idea how it works).

Bug: T59176
Change-Id: I971edf013a1a39466aca3b6e34c915cb24fd3aa7

4 years agoDeprecate overriding SearchEngine::search*
Erik Bernhardson [Thu, 10 May 2018 20:52:47 +0000 (13:52 -0700)]
Deprecate overriding SearchEngine::search*

The plan is to convert these methods into final, considering
it a removal under the deprecation policy. By making entry
points into the search engine final we provide a guaranteed
point where generic handling can be applied to all search engines.

The first use case for this generic handling is pushing pagination
via overfetch into the SearchEngine class instead of re-implementing
an overfetch in individual parts of the code that perform searches.

Change-Id: I3426d6a2f32d8b368b044b154e1cb70dac007c62

4 years agoMerge "Add setting to control the creation of NullRevision on upload"
jenkins-bot [Tue, 15 May 2018 07:31:09 +0000 (07:31 +0000)]
Merge "Add setting to control the creation of NullRevision on upload"

4 years agoResolve used lazy options in ParserOptions::optionsHash()
Brad Jorsch [Mon, 26 Mar 2018 17:59:24 +0000 (13:59 -0400)]
Resolve used lazy options in ParserOptions::optionsHash()

If a lazy option is passed to ParserOptions::optionsHash(), we should
resolve the option so the hash can incorporate the proper value instead
of omitting it.

Also, completely unrelatedly, refactor the hook overriding in the unit
test because people won't stop whining about it in code review.

Change-Id: I2df78ed90875c229090b503b65f20fbbbba7f237

4 years agoAdd whether user is elevated to unsafe js load log
Brian Wolff [Tue, 15 May 2018 04:14:37 +0000 (04:14 +0000)]
Add whether user is elevated to unsafe js load log

To better triage the log entries.

Change-Id: Idf6d967d06b118ebd7b4d848e12bb36faf55a1b6

4 years agoSpecial:PrefixIndex: Fix regression on prefix input value
Volker E [Sat, 5 May 2018 23:19:08 +0000 (16:19 -0700)]
Special:PrefixIndex: Fix regression on prefix input value

Regression introduced in Ieb9713f8346316e9c3cf1e83eae00848f3921b43

Bug: T193927
Change-Id: I9a3477af89a7e303a67f1769859a649b86113604

4 years agoMerge "Disallow loading JS/CSS/Json subpages from unregistered users and log"
jenkins-bot [Tue, 15 May 2018 01:08:20 +0000 (01:08 +0000)]
Merge "Disallow loading JS/CSS/Json subpages from unregistered users and log"

4 years agoMerge "Better logging for botpasswords"
jenkins-bot [Tue, 15 May 2018 00:59:09 +0000 (00:59 +0000)]
Merge "Better logging for botpasswords"

4 years agoDisallow loading JS/CSS/Json subpages from unregistered users and log
Brian Wolff [Tue, 15 May 2018 00:34:14 +0000 (00:34 +0000)]
Disallow loading JS/CSS/Json subpages from unregistered users and log

Loading JS from an unregistered user's JS subpage is a severe
security risk as someone could potentially register that account
and then modify the JS.

Bug: T194204
Change-Id: I741736e12b0ed49e95f22c869a2b53e2c97b31f0

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Mon, 14 May 2018 20:04:40 +0000 (22:04 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: I0d75de10ff839f02973bf055e40d65ff7277c102

4 years agoConnectionManager: Require ILoadBalancer instead of LoadBalancer
Thiemo Kreuz [Mon, 14 May 2018 11:27:23 +0000 (13:27 +0200)]
ConnectionManager: Require ILoadBalancer instead of LoadBalancer

Since I4fdf7f7 more code stops returning the implementation, but only
returns the interface. This is a good, very welcome change. However,
ConnectionManager still requires the LoadBalancer implementation, for
no obvious reason. All code in this class works fine with the interface.

This is currently reported by Phan as a violation (and it actually is
one), e.g.:

Change-Id: I63cbb98fd277b0c64ab8b303888b9354c4be29e2

4 years agoMerge "Initial support for Content Security Policy, disabled by default"
jenkins-bot [Mon, 14 May 2018 04:17:15 +0000 (04:17 +0000)]
Merge "Initial support for Content Security Policy, disabled by default"

4 years agoInitial support for Content Security Policy, disabled by default
Brian Wolff [Mon, 29 Feb 2016 04:13:10 +0000 (23:13 -0500)]
Initial support for Content Security Policy, disabled by default

The primary goal here is a defense in depth measure to
stop an attacker who found a bug in the parser allowing
them to insert malicious attributes.

This wouldn't stop someone who could insert a full
script tag (since at current it can't distinguish between
malicious and legit user js). It also would not prevent
DOM-based or reflected XSS for anons, as the nonce value
is guessable for anons when receiving a response cached
by varnish. However, the limited protection of just stopping
stored XSS where the attacker only has control of attributes,
is still a big win in my opinion. (But it wouldn't prevent
someone who has that type of xss from abusing things like
data-ooui attribute).

This will likely break many gadgets. Its expected that any
sort of rollout on Wikimedia will be done very slowly, with
lots of testing and the report-only option to begin with.

This is behind feature flags that are off by default, so
merging this patch should not cause any change in default

This may break some extensions (The most obvious one
is charinsert (See fe648d41005), but will probably need
some testing in report-only mode to see if anything else breaks)

This uses the unsafe-eval option of CSP, in order to
support RL's local storage thingy. For better security,
we may want to remove some of the sillier uses of eval
(e.g. jquery.ui.datepicker.js).

For more info, see spec: https://www.w3.org/TR/CSP2/
Additionally see:

Bug: T135963
Change-Id: I80f6f469ba4c0b608385483457df96ccb7429ae5

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sun, 13 May 2018 19:54:52 +0000 (21:54 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: I2fe5d9477437629090322b4647bee405ed4ec9e5

4 years agoAdd checkbox in Special:ListUsers to display only users in temporary user groups
Framawiki [Mon, 28 Aug 2017 16:45:49 +0000 (18:45 +0200)]
Add checkbox in Special:ListUsers to display only users in temporary user groups

New checkbox "temporaryGroupsOnly" with new message "listusers-temporarygroupsonly"

Bug: T174313
Change-Id: I388a8aab1145dc958ee110da324aeeb03660ff40

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sat, 12 May 2018 22:28:48 +0000 (00:28 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: Ibe96d7ea807526ab2df4dc6cad608016b432fe88

4 years agoUser: System block reasons shouldn't expand templates
Brad Jorsch [Sat, 12 May 2018 12:03:04 +0000 (08:03 -0400)]
User: System block reasons shouldn't expand templates

The block reasons for "system" blocks shouldn't expand wikitext
templates immediately. That should be left for the code parsing the
block reason for display.

This should only affect how these blocks are reported to API clients, as
when the block is displayed in the web UI it's passed through the parser
anyway. The main drawback, as far as the default messages go, is that
MediaWiki:sorbsreason won't have {{SITENAME}} expanded in
the API response anymore.

Bug: T191939
Change-Id: Ib2024721ea0e26358b9b50efdac16316d6d0f0b6

4 years agoMerge "Use {{int:}} on MediaWiki:Blockedtext and MediaWiki:Autoblockedtext"
jenkins-bot [Sat, 12 May 2018 07:40:54 +0000 (07:40 +0000)]
Merge "Use {{int:}} on MediaWiki:Blockedtext and MediaWiki:Autoblockedtext"

4 years agoresourceloader: avoid use of $.globalEval in mediawiki.js
Aaron Schulz [Thu, 10 May 2018 19:46:23 +0000 (12:46 -0700)]
resourceloader: avoid use of $.globalEval in mediawiki.js

Bug: T192623
Change-Id: Icdd5d76546a6c265a8e941c4e9b28f73bf9dd028

4 years agoMerge "Allow 'all:' on all wikis in addition to 'searchall' translation"
jenkins-bot [Fri, 11 May 2018 22:05:22 +0000 (22:05 +0000)]
Merge "Allow 'all:' on all wikis in addition to 'searchall' translation"

4 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Fri, 11 May 2018 19:59:40 +0000 (21:59 +0200)]
Localisation updates from https://translatewiki.net.

Change-Id: I51c74d19d11c6eda9fbd78aa55eeba4b3e56f1c9

4 years agoresources: Give mediawiki.special.* files their own place in src/
Timo Tijhof [Thu, 10 May 2018 17:38:34 +0000 (18:38 +0100)]
resources: Give mediawiki.special.* files their own place in src/

Bug: T193826
Change-Id: Id25cd18079f48308f6ab42207445bbbd74ed5fda

4 years agoMerge "OOUI prefs: Use late static binding"
jenkins-bot [Fri, 11 May 2018 17:18:08 +0000 (17:18 +0000)]
Merge "OOUI prefs: Use late static binding"

4 years agoMerge "build: update to grunt-contrib-watch@1.0.1 to resolve a vulnerability"
jenkins-bot [Fri, 11 May 2018 16:07:33 +0000 (16:07 +0000)]
Merge "build: update to grunt-contrib-watch@1.0.1  to resolve a vulnerability"

4 years agoMerge "Remove 'patrol' from $wgActionFilteredLogs"
jenkins-bot [Fri, 11 May 2018 15:25:48 +0000 (15:25 +0000)]
Merge "Remove 'patrol' from $wgActionFilteredLogs"

4 years agobuild: update to grunt-contrib-watch@1.0.1 to resolve a vulnerability
Željko Filipin [Fri, 11 May 2018 14:30:32 +0000 (16:30 +0200)]
build: update to grunt-contrib-watch@1.0.1  to resolve a vulnerability

Recommended by `npm audit`.

Moves us from

21 vulnerabilities ... 12 Low | 5 Moderate | 4 High


20 vulnerabilities ... 11 Low | 5 Moderate | 4 High

Bug: T194280
Change-Id: I9d6d2fed4ca3d4c43d9b5085873210493081f7e0