| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace EditRightConstraint, UserBlockConstraint, and most of
UserRateLimitConstraint with the new AuthorizationConstraint.
Instead of many separate checks, everything is now handled by
one authorizeWrite() call.
Move 'editcontentmodel' rate limit to ContentModelChangeConstraint
(by making it use authorizeWrite()). Keep 'linkpurge' rate limit
in a separate check, renamed from UserRateLimitConstraint to
LinkPurgeRateLimitConstraint, since the way it works in unusual
and not portable to Authority without more refactoring in EditPage.
AuthorizationConstraint needs some special handling to produce
the idiosyncratic result codes required by EditPage, but luckily
PermissionStatus gives us everything we need for that.
Bug: T271975
Bug: T386346
Change-Id: Ic9f6f2fbd29efa3e349517013da540a363c263b5
|
| |
|
|
|
|
|
|
|
|
| |
Added in 2022 with I7d97c9e2d4 (c6a0d433ec) for Ie430acd075
(e82f11c246) which was (after a revert and re-apply) eventually
removed after the warmup completed (I852060c8a4, 3df4952385).
Bug: T322672
Bug: T387478
Change-Id: I1921b4f985fb27b2227aef4a0eba6751c1c0b8d5
|
| |
|
|
|
|
| |
This now aligns with Parsoid commit 0965c908f046d659aab16b4023cc8de9ded1fce7
Change-Id: Ic007c7b4a893329de8499a88bb0edcb4b04d0905
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We converted most of the LinksUpdate tasks to use ::getLinkList()
in I32df68714ffdf2f0745b974f47bc3ccceef1f41c but CategoryLinksTable
got overlooked.
Follows-Up: I32df68714ffdf2f0745b974f47bc3ccceef1f41c
Change-Id: I2953947e2b0a3c05dcba89d798c6b977113c3dc0
|
| |\ \
| | |
| | |
| | | |
modules"
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We can improve this, but this is a start.
Change-Id: Ibd2e3987921b06955f1186ce5ce10b42104886ec
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This is used by the Parsoid library when an asynchronous fragment
is present in the wikitext content and it is not yet ready to
render.
Bug: T390341
Change-Id: Ic996f7b0c891338f8d4605a1789bf389e075e239
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Why:
- Currently, the list of changes provided by ContributionsPager has
links to user pages that start with a separator, then followed by a
link to the user page, then followed by a link to the user talk
page.
- For each row, the link to the user talk page is wrapped in
parenthesis by explicitly adding them to the HTML code. However, that
doesn't work as expected when using the the Minerva skin: The CSS
rules for that skin make the link to be shown out of the parenthesis.
- Moreover, the different parts of each line do not provide CSS classes
indicating their semantic meaning, making it difficult for skins to
modify their appearance.
What:
- Stop providing the parenthesis as part of the HTML output, replacing
them by the usage of semantic CSS classes 'mw-usertoollinks',
'mw-changeslist-links' and 'mw-usertoollinks-talk'.
Bug: T389478
Change-Id: I44cc510eb37458b03c217b91f24eeaa8866e6cfd
|
| |\ \ \
| |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The domain events framework is ready for release in 1.44.
The modeling of specific events is still experimental and should become
stable in 1.45.
Change-Id: Id53040c28ad559de4271f42f7403e39434f4ae0e
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Why:
- As suggested on I14944639e00407f59380c8787fd2810c7d24a5c9,
ChangeTrackingUpdateSpyTrait is a better place to assert on operations
performed by ChangeTrackingEventIngress than
DerivedPageDataUpdaterTest.
What:
- Add an expected number of enqueued CategoryMembershipChangeJobs to
ChangeTrackingUpdateSpyTrait.
- Update tests using the trait to specify the expected number of jobs.
- Clear hooks in relevant tests to avoid test failures when extensions
are loaded that attempt to call methods on the mocks set by
ChangeTrackingUpdateSpyTrait. These tests currently fail if
e.g. PageTriage, Echo or EventBus are loaded.
Bug: T390636
Change-Id: I6fe6cb87cd5a16b1ed39e0998c49713704633d71
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I found this relevant in the context of OutputPage::parserOptions()
being deprecated. Is the replacement safe to be used even in old
versions? Yes, it is.
Bug: T350626
Change-Id: Id67c9df8f149d247fb6a3e0a113095eed3e727b1
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Why:
- CategoryMembershipChangeJob is currently enqueued in
DerivedPageDataUpdater.
- This job is responsible for creating RC entries for category
membership changes that resulted from an edit, so it is semantically a
better fit for ChangeTrackingEventIngress instead.
- Idf6625d3e737e4a225648b0fd81cc929b095d315 unintentionally changed the
logic to enqueue this job for both direct content changes and
reconciliation requests, rather than only direct content changes.
Since the job creates RC entries, it should only be enqueued
as a result of direct content changes.
What:
- Move the logic of enqueueing CategoryMembershipChangeJobs into
ChangeTrackingEventIngress.
- Only enqueue CategoryMembershipChangeJobs for direct content changes
and update tests accordingly.
- Resolve the old TODO of making this logic MCR-aware by checking
whether any changed content slot supports categories as a precondition
of enqueueing the job, rather than only checking the main slot.
Bug: T390636
Change-Id: Icfe33ccc6cfa391e65ecae21d8c1d575dc247ee3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Why:
- Idf6625d3e737e4a225648b0fd81cc929b095d315 changed
DerivedPageDataUpdater to enqueue CategoryMembershipChangeJobs for
"nominal content changes", i.e. if the current change actually changed
the page content or was a "reconciliation request".
- In DE parlance, null edits are considered to be a form of
"reconciliation request".
- CategoryMembershipChangeJob is responsible for generating RC entries
for each category membership change that resulted from an edit, with
some added heavy lifting to handle multiple edits that occurred in
quick succession inside a single job. It therefore is not intended to
run in the context of a reconciliation request, be it a null edit or
something else, and is better suited to be enqueued from
ChangeTrackingEventIngress rather than DerivedPageDataUpdater.
- Before we make this change, it would be valuable to add test coverage
around null edit handling in DerivedPageDataUpdater and to assert on a
CategoryMembershipChangeJob being enqueued as needed.
What:
- Expand DerivedPageDataUpdater integration tests to cover page creation
and null edits.
- Add an assertion checking that a CategoryMembershipChangeJob is
enqueued (or not) as needed.
Bug: T390636
Change-Id: I14944639e00407f59380c8787fd2810c7d24a5c9
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Contains tweaks to keep phan happy with the more precise property
types introduced in Parsoid upstream in this release.
Bug: T391042
Depends-On: Ibcf6d7ae272a27905f80390a1b8e2a609d31f6ab
Change-Id: Ib475a2b82d9faccec1c5752fa6d941f8cc849ed7
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follows-up I1b9435dcdacd952b, which introduced this and silenced the
warning, but it appears this warning is spot-on:
> $ composer phpcs
> …
> assertEquals accepts many non-zero values, please use strict alternatives like
> assertSame (MediaWiki.PHPUnit.AssertEquals.Int)
We don't want to tolerate something like this:
```
var_dump(1 == true);
class Foo{}
var_dump(1 == new Foo());
var_dump(1 == (object)[]);
var_dump(1 == new stdClass);
var_dump(1 == '01.0');
var_dump(1 == '01.');
var_dump(1 == '01');
var_dump(1 == '1');
```
Bug: T368740
Change-Id: Ib3966b96f65d41b1d320ae043dcbea1a445a55f5
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
WANObjectCache
Change-Id: I9977d80bbbff215b18c9f099f0bef0865a3d1ac5
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
These .htaccess files are intended to prohibit all web access. But if
the user sets "Satisfy Any" on a parent directory, in conjunction with
any permissive require directive like "Require all granted", access will
be allowed despite "Require all denied" in .htaccess.
So, override Satisfy so that the "Require all denied" will reliably take
effect.
Note that "Satisfy All" is the default. This only affects non-default
installations.
Change-Id: Ia5862fb69e439b7ea2ed7af011e1ebf8f1b1f6d6
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mistaking getDimensionsString() for another HTML-returning method has
now caused two separate security vulnerabilities, so let’s try to make
it clearer that it returns plain text that a caller might have to escape
themselves.
Bug: T297543
Bug: T389369
Change-Id: I567f78c60e38ce0fa9d9ad6312860baec559c00f
|
| | |/ / /
|/| | |
| | | |
| | | | |
Change-Id: I030398e0ef3a20be9a0d500b051e2a3d88ecc01f
|
| |\ \ \ \
| | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Bug: T390735
Change-Id: I0ebec537bb15925e8507ee6934cd4a17973c536a
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I2998ad3ccc5a54eccfe36ad09fe509e83dfb719c
|
| |\ \ \ \ \ |
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Change-Id: Ib394792b10afabf5e0440cd3be34c1f2fd9cfe1d
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change-Id: I2c1bc3b4e0ee782076ddaeae133672b730d345d9
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The current total bytes sent is computed on the response body recieved from the server. What we want is to compute this on the actual request body being sent to the server.
Bug: T390815
Change-Id: I7d48a5e08f112329ebc4743a1cbd98d0f7144a69
|
| |\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
|
| | | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also include media and upload parts
Change-Id: Iaa0f1d1a7dc6b25ee3ddc0f4683b9ca9643192d3
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When the target is an IP or IP range, show an 'Active range blocks'
accordion that lists all range blocks that apply to the target. The idea
is that admins should be informed if an IP or range is already blocked,
even if the target is a wider CIDR range. Each row in the table has a
'View' link to load that range as the target. We do this instead of
providing direct 'Edit' / 'Remove' links because admins may not realize
the range block is for a different target.
In effect, 'Active range blocks' surfaces blocks that effect the target,
but not directly. The 'Active range blocks' accordion is always shown
for IPs and ranges (situations where there could be active range blocks)
but has an empty state like the other tables.
Bug: T389987
Change-Id: I4d5f42984b05cf1b30e2f962b9381779196fcab3
|
| |\ \ \ \ \ \ \ |
|
| | | |/ / / / /
| |/| | | | |
| | | | | | |
| | | | | | | |
Change-Id: Ic9c1e2051775733672fe8a5378fd3b7ed0a3f652
|
| |\ \ \ \ \ \ \ |
|
| | |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | | |
Change-Id: I9a74c316b87ae35597ce846a830a55542d9aa14c
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bug: T374117
Depends-On: I0a2da3bdf3bced8e872809b76b2286c0ddd12ec4
Change-Id: Ib2744c4e6f5767b834375cbe6942a5ef918941ba
|
| |\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I4270e66ae19755953f248938665b1e7b2b38484f
|
| |\ \ \ \ \ \ \ \ |
|
