lhc/web/wiklou.git
3 years agoRELEASE-NOTES to HISTORY for 1.27.4/1.28.3/1.29.2
Reedy [Tue, 21 Nov 2017 21:02:05 +0000 (21:02 +0000)]
RELEASE-NOTES to HISTORY for 1.27.4/1.28.3/1.29.2

Bug: T180276
Change-Id: I7c0a1e3712511d4d61f9c130690edda33fb7793d

3 years agoMerge "Reduce lag waiting time in CategoryMembershipUpdateJob critical section"
jenkins-bot [Tue, 21 Nov 2017 19:13:34 +0000 (19:13 +0000)]
Merge "Reduce lag waiting time in CategoryMembershipUpdateJob critical section"

3 years agoMerge "Make CategoryMembershipChangeJob query more readable"
jenkins-bot [Tue, 21 Nov 2017 19:13:30 +0000 (19:13 +0000)]
Merge "Make CategoryMembershipChangeJob query more readable"

3 years agoMerge "Display MAX_CHARS / MAX_BYTES in ApiSandbox"
jenkins-bot [Tue, 21 Nov 2017 15:22:23 +0000 (15:22 +0000)]
Merge "Display MAX_CHARS / MAX_BYTES in ApiSandbox"

3 years agoMerge "Add string length limits"
jenkins-bot [Tue, 21 Nov 2017 15:21:26 +0000 (15:21 +0000)]
Merge "Add string length limits"

3 years agoAdd localised tooltips for moved paragraph indicators
WMDE-Fisch [Tue, 7 Nov 2017 11:44:53 +0000 (12:44 +0100)]
Add localised tooltips for moved paragraph indicators

Bug: T166882
Change-Id: I71600acc19319f7b5781b42dc88cd5e8c65c29a0

3 years agoDifferenceEngine: Improve cache invalidation
Kunal Mehta [Sat, 4 Nov 2017 20:15:26 +0000 (13:15 -0700)]
DifferenceEngine: Improve cache invalidation

Invalidate the diff cache if the engine producing the diff changes, or
if a configuration setting that controls the diff output changes. This
is probably what most users expect, that changing the configuration will
result in a change for diffs that may have already been viewed.

For wikidiff2 specifically, a change in version or
$wgWikiDiff2MovedParagraphDetectionCutoff will invalidate the cache.

Refactor engine detection and sanity-checking into a private getEngine()
function.

As part of this getDiffBodyCacheKey() was deprecated, and subclasses
should implement getDiffBodyCacheKeyParams() instead. Drop the
deprecated and unused MW_DIFF_VERSION constant while we're at it, and
bump DIFF_VERSION since we're already changing the cache key format.

Bug: T180043
Change-Id: I4e386ca05bd2a2fb54208d760c131eb42e3a72ab

3 years agoDisplay MAX_CHARS / MAX_BYTES in ApiSandbox
Gergő Tisza [Mon, 13 Nov 2017 00:37:21 +0000 (00:37 +0000)]
Display MAX_CHARS / MAX_BYTES in ApiSandbox

Change-Id: I0f15afe6656765e92582e4e4cead714b31987b8a

3 years agoAdd string length limits
Gergő Tisza [Sun, 12 Nov 2017 09:51:34 +0000 (09:51 +0000)]
Add string length limits

Adds two new ApiBase::getAllowedParams() keys:
PARAM_MAX_BYTES and PARAM_MAX_CHARS, to set a length
limit for a (string-like) parameter.

This makes it easy to document and enforce database
field length limits (where relying on the database
would either result in unfriendly error messages or
silent truncation, depending on DB settings) and
also exposes them in structured form so API clients
can verify the length without doing roundtrips.

Change-Id: I2e784972d7e11cad79fdef887bbcde297dbd9ce0

3 years agoReduce lag waiting time in CategoryMembershipUpdateJob critical section
Aaron Schulz [Tue, 21 Nov 2017 02:09:52 +0000 (18:09 -0800)]
Reduce lag waiting time in CategoryMembershipUpdateJob critical section

Bug: T180793
Change-Id: Icfe8dd16f4194c5d4f88d7547f732acae8b1cfe2

3 years agoMake CategoryMembershipChangeJob query more readable
Aaron Schulz [Tue, 21 Nov 2017 02:43:40 +0000 (18:43 -0800)]
Make CategoryMembershipChangeJob query more readable

Previously, the INNER JOIN had "rc_timestamp >= rev_timestamp" which
complicates query planning. Even with "equals" it still was techinally
ambiguous. Instead, just use EXISTS and an exact equality operator.

Bug: T180793
Change-Id: I1e9ae7c2ce0f95484e09e867550283d816d151f0

3 years agoobjectcache: Make MemcachedBagOStuff::makeKeyInternal always have a key class
Aaron Schulz [Tue, 21 Nov 2017 00:04:38 +0000 (16:04 -0800)]
objectcache: Make MemcachedBagOStuff::makeKeyInternal always have a key class

Even if a key is too long and shortened, it should still have some key class.

Change-Id: I006b6b03ad1302e9e49362bbd051332bc6105837

3 years agoMerge "Special:UserRights: Prevent FOUC on loading"
jenkins-bot [Mon, 20 Nov 2017 22:47:54 +0000 (22:47 +0000)]
Merge "Special:UserRights: Prevent FOUC on loading"

3 years agoMerge "Crimean Tatar Transliteration"
jenkins-bot [Mon, 20 Nov 2017 22:27:57 +0000 (22:27 +0000)]
Merge "Crimean Tatar Transliteration"

3 years agoCrimean Tatar Transliteration
tjones [Mon, 31 Jul 2017 22:35:39 +0000 (18:35 -0400)]
Crimean Tatar Transliteration

This is a first pass at Latin/Cyrillic translitertion for Crimean
Tatar (crh).

Includes transliteration tables, prefix/suffix mappings, regex
mappings, and exceptions lists for words and abbreviations.

Regularize CRH language name in messages/* files.

Fix "varient" typos in qqq.json.

Add unit tests for CRH transliteration.

Bug: T23582
Change-Id: I424703f99adf837f6217872b882d1ea26bfdd068

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Mon, 20 Nov 2017 20:56:22 +0000 (21:56 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I2541976a8c5c079f0e11d84f843aff0ffd540dab

3 years agoMerge "objectcache: fix some makeKey/makeGlobalKey IDEA warnings"
jenkins-bot [Mon, 20 Nov 2017 20:51:26 +0000 (20:51 +0000)]
Merge "objectcache: fix some makeKey/makeGlobalKey IDEA warnings"

3 years agoMerge "Fix some broke cache key generations"
jenkins-bot [Mon, 20 Nov 2017 20:48:47 +0000 (20:48 +0000)]
Merge "Fix some broke cache key generations"

3 years agoMerge "objectcache: make sure variant keys are namespaced as keys should be"
jenkins-bot [Mon, 20 Nov 2017 20:41:16 +0000 (20:41 +0000)]
Merge "objectcache: make sure variant keys are namespaced as keys should be"

3 years agoobjectcache: make sure variant keys are namespaced as keys should be
Aaron Schulz [Mon, 20 Nov 2017 07:27:34 +0000 (23:27 -0800)]
objectcache: make sure variant keys are namespaced as keys should be

Change-Id: I02597d6dbc2febace25ef6d1981f69dc704efe8d

3 years agoRCFilters: Followup I08db859c571: Fix typo in "namespaces"
Moriel Schottlender [Mon, 20 Nov 2017 20:07:43 +0000 (12:07 -0800)]
RCFilters: Followup I08db859c571: Fix typo in "namespaces"

Bug: T180863
Change-Id: I1b65ed5dfceb99bea98cbcadea11ddab367c6ca7

3 years agoSpecial:UserRights: Prevent FOUC on loading
Fomafix [Mon, 20 Nov 2017 07:32:41 +0000 (08:32 +0100)]
Special:UserRights: Prevent FOUC on loading

Implement the show/hide based on the group checkbox with CSS instead of
JavaScript.
Hide the expiry input field initially with CSS instead of JavaScript.

Change-Id: I33a4b0a13dab92156aeea96529573ad49fa2d616

3 years agoDeprecate access to TitleValue properties
addshore [Mon, 20 Nov 2017 18:52:46 +0000 (18:52 +0000)]
Deprecate access to TitleValue properties

This switches from private to protected access of TitleValue
properties, and marks them as deprecated instead as per the
deprecation policy.

Partial revert of I3d8315ade6aa70bda43d90b0b32b730d8c9cbd2e

Change-Id: Ie290b6a84635ebb5865e82ae24fe4b27224e601a

3 years agoMerge "RCFilters: Only apply excluded label to namespace items"
jenkins-bot [Mon, 20 Nov 2017 18:20:45 +0000 (18:20 +0000)]
Merge "RCFilters: Only apply excluded label to namespace items"

3 years agoMerge "Tests for TitleValue::__toString"
jenkins-bot [Mon, 20 Nov 2017 16:26:48 +0000 (16:26 +0000)]
Merge "Tests for TitleValue::__toString"

3 years agoMerge "Set wgCommentTableSchemaMigrationStage for some RevisionTests"
jenkins-bot [Mon, 20 Nov 2017 16:15:38 +0000 (16:15 +0000)]
Merge "Set wgCommentTableSchemaMigrationStage for some RevisionTests"

3 years agoMerge "Move styles for Special:UserRights to separate style module"
jenkins-bot [Mon, 20 Nov 2017 11:50:13 +0000 (11:50 +0000)]
Merge "Move styles for Special:UserRights to separate style module"

3 years agoTests for TitleValue::__toString
addshore [Mon, 20 Nov 2017 09:39:55 +0000 (09:39 +0000)]
Tests for TitleValue::__toString

Change-Id: Ibb157b8e6e4fdc75bdb27ecaa4a552304465c4b2

3 years agoSet wgCommentTableSchemaMigrationStage for some RevisionTests
addshore [Mon, 20 Nov 2017 09:33:28 +0000 (09:33 +0000)]
Set wgCommentTableSchemaMigrationStage for some RevisionTests

Bug: T180922
Change-Id: Ib88b53e36a66042b3c177cae0663040b4fb14a4c

3 years agoMove styles for Special:UserRights to separate style module
Reedy [Sun, 19 Nov 2017 18:36:34 +0000 (18:36 +0000)]
Move styles for Special:UserRights to separate style module

Bug: T180914
Change-Id: I0e3cf5e3d69f32a30e5fe6dc0d2fd964c4f5720c

3 years agoFix some broke cache key generations
Aaron Schulz [Mon, 20 Nov 2017 05:30:45 +0000 (21:30 -0800)]
Fix some broke cache key generations

Change-Id: Ib724fe0cfa866351caee89d3451b6c4b7b6a4578

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sun, 19 Nov 2017 20:55:12 +0000 (21:55 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I571e77344da60ffec62d52ea79231ff94562c424

3 years agoobjectcache: fix some makeKey/makeGlobalKey IDEA warnings
Aaron Schulz [Sat, 18 Nov 2017 20:39:21 +0000 (12:39 -0800)]
objectcache: fix some makeKey/makeGlobalKey IDEA warnings

Change-Id: I5fefda9676a685167326c63c34b2b7df8be2e7cd

3 years agoMerge "@since tags & private class properties for TitleValue"
jenkins-bot [Sat, 18 Nov 2017 21:44:15 +0000 (21:44 +0000)]
Merge "@since tags & private class properties for TitleValue"

3 years agoMerge "Add __toString method to LinkTarget interface"
jenkins-bot [Sat, 18 Nov 2017 21:42:34 +0000 (21:42 +0000)]
Merge "Add __toString method to LinkTarget interface"

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Sat, 18 Nov 2017 20:53:19 +0000 (21:53 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: If8cc0f3abd7cde509909de175a32c9492f9388a6

3 years ago@since tags & private class properties for TitleValue
addshore [Sat, 18 Nov 2017 17:34:41 +0000 (17:34 +0000)]
@since tags & private class properties for TitleValue

Change-Id: I3d8315ade6aa70bda43d90b0b32b730d8c9cbd2e

3 years agoAdd __toString method to LinkTarget interface
addshore [Sat, 18 Nov 2017 17:34:10 +0000 (17:34 +0000)]
Add __toString method to LinkTarget interface

Change-Id: I4f12e3175a308f88e240db01cd4e91e78b283057

3 years agoIntroduce the UserIdentity interface.
daniel [Thu, 16 Nov 2017 19:44:44 +0000 (20:44 +0100)]
Introduce the UserIdentity interface.

This provides a narrow view on a user identity, providing access to
ID and name.

This has been extracted from I140f43a6fb443b for re-use with Actors,
on Anomie's request.

Change-Id: Ief00db5ce382537c5bf992159eae6baf096ae4be

3 years ago[MCR] tests for Revision::getQueryInfo
addshore [Sat, 18 Nov 2017 18:22:24 +0000 (18:22 +0000)]
[MCR] tests for Revision::getQueryInfo

Bug: T180210
Change-Id: I5bdb5eed853e22bacd6b4c2546343e9d0f2d8c89

3 years ago[MCR] tests for Revision::getArchiveQueryInfo
addshore [Sat, 18 Nov 2017 18:08:45 +0000 (18:08 +0000)]
[MCR] tests for Revision::getArchiveQueryInfo

Bug: T180210
Change-Id: Icb016be8d69dfdfa83f44bbc4fb259b5beb30678

3 years ago[MCR] Readd various field & cond method tests for Revision
addshore [Sat, 18 Nov 2017 17:49:22 +0000 (17:49 +0000)]
[MCR] Readd various field & cond method tests for Revision

This is a partial revert of:
Idcfd15568489d9f03a7ba4460e96610d33bc4089
which removed these tests.

Bug: T180210
Change-Id: Ib0617ee0a7bd4391ed25415b44a8ed077a985eaa

3 years agoMerge "Remove box-shadow from preference panels for ooui-apex"
jenkins-bot [Sat, 18 Nov 2017 13:00:39 +0000 (13:00 +0000)]
Merge "Remove box-shadow from preference panels for ooui-apex"

3 years agoMerge "Fix RemexCompatMunger infinite recursion"
jenkins-bot [Sat, 18 Nov 2017 03:54:22 +0000 (03:54 +0000)]
Merge "Fix RemexCompatMunger infinite recursion"

3 years agoMerge "SwiftFileBackend::resolveContainerPath() check the proper length"
jenkins-bot [Sat, 18 Nov 2017 02:08:27 +0000 (02:08 +0000)]
Merge "SwiftFileBackend::resolveContainerPath() check the proper length"

3 years agoRCFilters: Only apply excluded label to namespace items
Moriel Schottlender [Sat, 18 Nov 2017 00:57:40 +0000 (16:57 -0800)]
RCFilters: Only apply excluded label to namespace items

Bug: T180863
Change-Id: I08db859c571b82ed4e4793d97b99100875ff1e23

3 years agoSwiftFileBackend::resolveContainerPath() check the proper length
Aaron Schulz [Fri, 17 Nov 2017 23:27:49 +0000 (15:27 -0800)]
SwiftFileBackend::resolveContainerPath() check the proper length

The length sanity check should use this instead of urlencode()
see it is rawurlencode() that is actually used.

Change-Id: I5632e30c14c8ab27c8324c3e31311ca8bff7c162

3 years agoFollow-Up Iae63b6994: Add missing editfont dependency
Ed Sanders [Fri, 17 Nov 2017 22:02:58 +0000 (22:02 +0000)]
Follow-Up Iae63b6994: Add missing editfont dependency

Change-Id: I606a81576baf312891f3bb12f575892b00bca823

3 years agoRemove box-shadow from preference panels for ooui-apex
Ed Sanders [Fri, 17 Nov 2017 21:23:16 +0000 (21:23 +0000)]
Remove box-shadow from preference panels for ooui-apex

Change-Id: I7d42c75053b29cb634b18bae9e06e6b28ae1e967

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Fri, 17 Nov 2017 21:03:49 +0000 (22:03 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: Iabf53d3c29d23ea48d35c2a45d88b2b3d937d5c6

3 years agoRevision::userCanBitfield test fallback to $wgUser
addshore [Wed, 15 Nov 2017 10:37:29 +0000 (10:37 +0000)]
Revision::userCanBitfield test fallback to $wgUser

Bug: T180210
Change-Id: Ibda256d6fdd8762e0e90748d71034979e2de106f

3 years agoWork around Firefox 57 attribute parsing regression
Ed Sanders [Fri, 17 Nov 2017 17:15:44 +0000 (17:15 +0000)]
Work around Firefox 57 attribute parsing regression

Bug: T180138
Change-Id: I554d5adf88c448db64e6f135e19ee76a4ec28493

3 years agoMerge "Expose string->bool conversion as function"
jenkins-bot [Fri, 17 Nov 2017 15:53:52 +0000 (15:53 +0000)]
Merge "Expose string->bool conversion as function"

3 years agoFix RemexCompatMunger infinite recursion
Tim Starling [Fri, 17 Nov 2017 11:15:59 +0000 (22:15 +1100)]
Fix RemexCompatMunger infinite recursion

When TreeBuilder requests reparenting of all child nodes of a given
element, we do this by removing the existing child nodes, and then
inserting the proposed new parent under the old parent. However, when a
p-wrap diversion is in place, the insertion of the new parent is
diverted into the p-wrap, and the p-wrap then becomes a child of the new
parent, causing a reference loop, and ultimately infinite recursion in
Serializer.

Instead, divert the entire reparent request to the p-wrap, so that the
new parent is a child of the p-wrap. This makes sense since the new
parent is always a formatting element. The only caller of
reparentChildren(), apart from proxies, is AAA step 17, which reparents
children under the formatting element cloned from the AFE list.

Left in some debug code for next time.

Bug: T178632
Change-Id: Id77d21d99748e94c064ef24c43ee0033de627b8e

3 years agoMerge "Preferences: Improve visual appearance by “unboxing” sections"
jenkins-bot [Thu, 16 Nov 2017 23:05:43 +0000 (23:05 +0000)]
Merge "Preferences: Improve visual appearance by “unboxing” sections"

3 years agoMerge "Cleanup, removed space"
jenkins-bot [Thu, 16 Nov 2017 23:03:20 +0000 (23:03 +0000)]
Merge "Cleanup, removed space"

3 years agoPreferences: Improve visual appearance by “unboxing” sections
Volker E [Wed, 15 Nov 2017 00:47:52 +0000 (16:47 -0800)]
Preferences: Improve visual appearance by “unboxing” sections

Instead let's work with whitespace, which also saves virtual space and
makes the appearance not as jarring.

Bug: T180538
Depends-on: I39088107e6ab07399f9826dd925df9e1b8dda006
Change-Id: I24d21eb3c0d188004dacbce8a9bc1ac3ad7e2a8f

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Thu, 16 Nov 2017 21:34:02 +0000 (22:34 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I20f8422f709fe37f212b65f2e995db30776009eb

3 years agoMerge "Use Remex in Sanitizer::stripAllTags()"
jenkins-bot [Thu, 16 Nov 2017 20:34:31 +0000 (20:34 +0000)]
Merge "Use Remex in Sanitizer::stripAllTags()"

3 years agoMerge "OOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping"
jenkins-bot [Thu, 16 Nov 2017 17:31:44 +0000 (17:31 +0000)]
Merge "OOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping"

3 years agoMerge "HTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable...
jenkins-bot [Thu, 16 Nov 2017 17:22:39 +0000 (17:22 +0000)]
Merge "HTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable again"

3 years agoMerge "HTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets"
jenkins-bot [Thu, 16 Nov 2017 17:05:14 +0000 (17:05 +0000)]
Merge "HTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets"

3 years agoHTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets
Bartosz Dziewoński [Thu, 16 Nov 2017 16:14:29 +0000 (17:14 +0100)]
HTMLRadioField: Do not automatically infuse our RadioSelectInputWidgets

This is really a workaround for an issue in a completely different place:
JS RadioSelectInputWidget internally uses `<input type="hidden">`
rather than real radio buttons, which does not work correctly with the
code in mediawiki.special.preferences.confirmClose.js. Ideally we would
change RadioSelectInputWidget to not do such weird things.

However, I think this is actually a good thing to do in general.
From the user's perspective, PHP RadioSelectInputWidget and JS
RadioSelectInputWidget look and behave the same, so there's no reason
to infuse and rebuild them.

This behavior was implemented in f50cee1375201a5d3fd76c0c262cfc7e66bd5d42
in which unfortunately I did not document the reason for it. For other
fields it makes obvious sense (the JS widgets have improvements like
autocompletion, or at least look "pretty"), but I have no idea why
I did it for this one.

Bug: T180643
Change-Id: I53e50f8cda39466b2396b374e642c154487888bb

3 years agoOOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping
Bartosz Dziewoński [Thu, 16 Nov 2017 10:24:47 +0000 (11:24 +0100)]
OOUIHTMLForm: Prevent duplicate FieldsetLayout wrapping

The code in formatSection() assumed it was only called for the
toplevel section (the whole form), while it's actually called
for every subsection too. I think it was written before we added
support for subsections in OOUIHTMLForm.

Move code for toplevel section wrapping to wrapForm().

As a bonus, this also fixes display of custom headers and error
or warning messages for forms with subsections.

Bug: T180535
Change-Id: I6a88184d302a951be78387490404137acde3fa1a

3 years agoFixed hover circle for timeless skin
WMDE-Fisch [Thu, 16 Nov 2017 12:27:11 +0000 (13:27 +0100)]
Fixed hover circle for timeless skin

Bug: T180663
Change-Id: I5112636bcfae6f41e86ccc29524ccf5c9e2a6004

3 years agoHTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable again
Bartosz Dziewoński [Thu, 16 Nov 2017 10:51:19 +0000 (11:51 +0100)]
HTMLMultiSelectField: Fix OOUI\CheckboxMultiselectInputWidget to be infusable again

Regression from 5a113417e5af9d0d0dbed63429649a9780784d45.

Bug: T180677
Change-Id: Id1b0ebe9d9a56a76d73deb2b4d17213ae5e45a04

3 years agoMerge "Hide empty OOUI FieldsetLayout headers"
jenkins-bot [Thu, 16 Nov 2017 10:04:35 +0000 (10:04 +0000)]
Merge "Hide empty OOUI FieldsetLayout headers"

3 years agoUserGroupsChanged hook should specify the performer of the change
Huji Lee [Sun, 12 Nov 2017 01:44:00 +0000 (20:44 -0500)]
UserGroupsChanged hook should specify the performer of the change

Otherwise, there will be a unit-testing error when Echo is enabled

Bug: T180292
Change-Id: Ibc185c82ad2a03e06e5727a633e6ab6bccce3345

3 years agoMerge "Move Sanitizer.php to includes/parser/"
jenkins-bot [Thu, 16 Nov 2017 01:33:21 +0000 (01:33 +0000)]
Merge "Move Sanitizer.php to includes/parser/"

3 years agoMerge "SanitizerTest: Add tests for stripAllTags"
jenkins-bot [Thu, 16 Nov 2017 01:32:46 +0000 (01:32 +0000)]
Merge "SanitizerTest: Add tests for stripAllTags"

3 years agoUse Remex in Sanitizer::stripAllTags()
Roan Kattouw [Tue, 14 Nov 2017 22:22:31 +0000 (14:22 -0800)]
Use Remex in Sanitizer::stripAllTags()

Using a real HTML tokenizer fixes bugs when < or > appear in attribute
values. The old implementation used delimiterReplace(), which didn't
handle this case:

    > print Sanitizer::stripAllTags( '<p data-foo="a&lt;b>c">Hello</p>' );
    c">Hello

We also can't use PHP's built-in strip_tags() because it doesn't handle
<?php and <? correctly:

    > print strip_tags('1<span class="<?php">2</span>3');
    1
    > print strip_tags('1<span class="<?">2</span>3');
    1

Bug: T179978
Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e

3 years agoMove Sanitizer.php to includes/parser/
Roan Kattouw [Wed, 15 Nov 2017 20:44:48 +0000 (12:44 -0800)]
Move Sanitizer.php to includes/parser/

Change-Id: Id08d91c747ec77d715459b89b03eee247ccd4e1b

3 years agoSanitizerTest: Add tests for stripAllTags
Roan Kattouw [Tue, 14 Nov 2017 22:16:14 +0000 (14:16 -0800)]
SanitizerTest: Add tests for stripAllTags

Bug: T179978
Change-Id: I9776cfd51b1b3ec772d4216168fbe466f48f5892

3 years agoLocalisation updates from https://translatewiki.net.
Translation updater bot [Wed, 15 Nov 2017 20:54:46 +0000 (21:54 +0100)]
Localisation updates from https://translatewiki.net.

Change-Id: I746f9a0b5a9ffcfbe198b4d222e476b169bad2dc

3 years agoMerge "Preferences: Remove unwise caching of Preferences::getPreferences()"
jenkins-bot [Wed, 15 Nov 2017 19:27:05 +0000 (19:27 +0000)]
Merge "Preferences: Remove unwise caching of Preferences::getPreferences()"

3 years agoMerge "Revert "RCFilters: Remove excluded params from URL""
jenkins-bot [Wed, 15 Nov 2017 19:15:49 +0000 (19:15 +0000)]
Merge "Revert "RCFilters: Remove excluded params from URL""

3 years agoRevert "RCFilters: Remove excluded params from URL"
Catrope [Wed, 15 Nov 2017 18:34:55 +0000 (18:34 +0000)]
Revert "RCFilters: Remove excluded params from URL"

Breaks limit and days selection by also removing these
params from the AJAX request URL

This reverts commit b8a10e6dcf00da3519ccb9e43d1c2ce0db422557.

Bug: T180577
Change-Id: Ifc6fa8cde8ffce0ac79fc3a2db55291bc2a84e20

3 years agoClean up RELEASE-NOTES-1.31
Brad Jorsch [Wed, 15 Nov 2017 16:44:53 +0000 (11:44 -0500)]
Clean up RELEASE-NOTES-1.31

A few recent changes introduced entries with bad spacing, and there's no
need for the ellipsis placeholder entries in a section once real entries
have been added.

Change-Id: Ia1f4aaa63c1fc859a5f6b0ec7726d98f81df2c05

3 years agoSync up with Parsoid parserTests.txt
Arlo Breault [Wed, 15 Nov 2017 14:42:11 +0000 (09:42 -0500)]
Sync up with Parsoid parserTests.txt

This now aligns with Parsoid commit 3048db625dca69d8a89cde4cbabee0105f2975f5

Change-Id: I2bf07d6582367f25d9f69712dc4350982b627851

3 years agoMerge "Remove $wgAuth usage from wrapOldPasswords.php"
jenkins-bot [Wed, 15 Nov 2017 14:21:33 +0000 (14:21 +0000)]
Merge "Remove $wgAuth usage from wrapOldPasswords.php"

3 years agoMerge "Preferences: Show preview of edit fonts in edit font selector"
jenkins-bot [Wed, 15 Nov 2017 11:13:22 +0000 (11:13 +0000)]
Merge "Preferences: Show preview of edit fonts in edit font selector"

3 years agoPreferences: Show preview of edit fonts in edit font selector
Ed Sanders [Tue, 7 Nov 2017 15:33:03 +0000 (15:33 +0000)]
Preferences: Show preview of edit fonts in edit font selector

Change-Id: Iae63b69940485165b660f51deb864979aefb8cd0

3 years agoPreferences: Remove unwise caching of Preferences::getPreferences()
Bartosz Dziewoński [Mon, 13 Nov 2017 16:42:04 +0000 (17:42 +0100)]
Preferences: Remove unwise caching of Preferences::getPreferences()

The result of this function depends on the $user and $context
parameters (e.g. it includes the username from the user, and
localisation messages the language from the context). However,
both of them would be ignored if the result was cached, even
if calling with a different $user or $context.

Rather than make this more complicated just remove the caching.
This is not a hot code path: this function is not called at all
on normal page views, it's called just once when viewing
preferences, and at most twice when saving them.

Change-Id: I92390120a16448383a25e9ba2dd35a434a2f21bf

3 years agoApiOptionsTest: Do not use ->at()
Bartosz Dziewoński [Mon, 13 Nov 2017 18:42:33 +0000 (19:42 +0100)]
ApiOptionsTest: Do not use ->at()

Quoting PHPUnit docs:

  The $index parameter for the at() matcher refers to the index,
  starting at zero, in all method invocations for a given mock object.
  Exercise caution when using this matcher as it can lead to brittle
  tests which are too closely tied to specific implementation details.

Indeed these test cases would break horribly with unintuitive error
messages ("Mocked method does not exist") if anything in preferences
or API code called any additional methods on the mocked user. For
example, it relied on the caching in Preferences::getPreferences(),
which is being removed in I92390120a16448383a25e9ba2dd35a434a2f21bf.

I'm pretty sure all that matters here is that all the setOption()
calls with different arguments happen, so let's test just that.

Change-Id: I30a814151a006e5f147eebb918344049807b2b97

3 years agoMerge "MWExceptionRenderer: Wrap error message in a paragraph"
jenkins-bot [Wed, 15 Nov 2017 10:38:42 +0000 (10:38 +0000)]
Merge "MWExceptionRenderer: Wrap error message in a paragraph"

3 years agoMerge "Treat langtags in SVG switch case-insensitively"
jenkins-bot [Wed, 15 Nov 2017 10:17:32 +0000 (10:17 +0000)]
Merge "Treat langtags in SVG switch case-insensitively"

3 years agoMerge "Updated phpunit/phpunit from v4.8.35 to v4.8.36 in correct RELEASE-NOTES"
jenkins-bot [Wed, 15 Nov 2017 07:12:06 +0000 (07:12 +0000)]
Merge "Updated phpunit/phpunit from v4.8.35 to v4.8.36 in correct RELEASE-NOTES"

3 years agoExpose string->bool conversion as function
Stanislav Malyshev [Tue, 31 Oct 2017 21:01:02 +0000 (14:01 -0700)]
Expose string->bool conversion as function

There is code in several places in extensions which converts
setting or parameter string (such as "true", "yes", "false", "no")
to boolean. Since we already have the code that does in global
functions in wfStringToBool(), it makes sense to expose this code
and reuse it.

Change-Id: I88d98b012ff4bf14fd64a05a9135a6e75cf2d4e7

3 years agoFollow-up I077d30c50 fix phpcs error
Brian Wolff [Wed, 15 Nov 2017 06:56:38 +0000 (06:56 +0000)]
Follow-up I077d30c50 fix phpcs error

Change-Id: I28cb7060d6149d96ceb0dcad7e2bff2ed3434411

3 years agoFix langauge converter parser test with self-close tags
Brian Wolff [Wed, 15 Nov 2017 05:34:10 +0000 (05:34 +0000)]
Fix langauge converter parser test with self-close tags

This fixes an issue in f21f3942 where if there was an html
element with an alt or title attribute containing an &lt;
entity, an ascii EOT control character (0x04) may become
inserted into the text if language converter was enabled.

Due to a really old bug in language converter, self-closed tags
got turned into non-self closed tags. However due a different
bug which was fixed in f21f3942 this code path was rarely taken
so nobody noticed until now.

Follow-up Idbc45cac12

Bug: T180552
Change-Id: I077d30c50fcb419837fef937d27caca307153d2d

3 years agoFollow-up 5e56f01f1. Rebase failure.
Brian Wolff [Wed, 15 Nov 2017 04:37:15 +0000 (04:37 +0000)]
Follow-up 5e56f01f1. Rebase failure.

Bug: T180551
Change-Id: I07a8c2555f08c6c731cd7e1917be451ec40d4d0c

3 years agoFix LanguageSrTest for language converter
Brian Wolff [Wed, 15 Nov 2017 03:42:38 +0000 (03:42 +0000)]
Fix LanguageSrTest for language converter

Language converter seems to maintain state between parser
invocations. Use a more unique string for the test.

This is a follow-up to 98b6635895.

Bug: T180551
Change-Id: I0259b378549f7d9778c27c4bc3efd8d277893f8c

3 years agoIgnore long git hashes for eval-stdin.php
Reedy [Wed, 15 Nov 2017 03:45:30 +0000 (03:45 +0000)]
Ignore long git hashes for eval-stdin.php

This reverts commit 5b205725842edbae6ccde5a13baf20c2eb3ec4ae.

Change-Id: Ib47ffed1174628959b9ef537370ff88f8bcb22f1

3 years agoFix phpcs issues from LanguageConverter patches
Reedy [Wed, 15 Nov 2017 03:37:27 +0000 (03:37 +0000)]
Fix phpcs issues from LanguageConverter patches

Change-Id: I34e57c90ffd40fbd9f8afe3c57dd73fa7f655841

3 years agoSECURITY: Handle -{}- syntax in attributes safely
Brian Wolff [Thu, 11 Feb 2016 22:08:03 +0000 (17:08 -0500)]
SECURITY: Handle -{}- syntax in attributes safely

Previously, if one had an attribute with the contents
"-{}-foo-{}-", foo would get replaced by language converter as if
it wasn't in an attribute. This lead to an XSS attack.

This breaks doing manual conversions in url href's (or any
other attribute that goes through an escaping method
other than Sanitizer's). e.g. http://{sr-el:foo';sr-ec:bar}.com
won't work anymore. See also T87332

Bug: T119158
Change-Id: Idbc45cac12c309b0ccb4adeff6474fa527b48edb

3 years agoSECURITY: XSS in langconverter when regex hits pcre.backtrack_limit
Brian Wolff [Sun, 24 Jan 2016 10:29:10 +0000 (05:29 -0500)]
SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a

3 years agoSECURITY: Fix rebase error in 4d38a489
Brad Jorsch [Tue, 14 Nov 2017 16:17:02 +0000 (11:17 -0500)]
SECURITY: Fix rebase error in 4d38a489

The fix for T125177 from F4932228 was incorrectly rebased when it was
applied to master as 4d38a489, causing the bug to not actually be fixed.

Bug: T180488
Change-Id: Ie6b87ef2373369987c112c19903c99afb789c1ff

3 years agoShorten git hashes for eval-stdin.php
Reedy [Wed, 15 Nov 2017 03:19:00 +0000 (03:19 +0000)]
Shorten git hashes for eval-stdin.php

Ping I5b838686ede9764083c52853cc05c52ea72739df

Change-Id: Ie80a068507444721f8ffdbdc1867555338489283

3 years agoSECURITY: update.php: Remove eval-stdin.php if necessary
Kunal Mehta [Sat, 11 Nov 2017 00:53:24 +0000 (16:53 -0800)]
SECURITY: update.php: Remove eval-stdin.php if necessary

If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.

Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df

3 years agoAdd missing ComposerVendorHtaccessCreator class to autoload.php
Reedy [Wed, 15 Nov 2017 01:55:22 +0000 (01:55 +0000)]
Add missing ComposerVendorHtaccessCreator class to autoload.php

Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38aaaa
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1