| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Bug: T353458
Change-Id: I35864ad9bd48701703c51367d62f8ebde963c52d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I assume these are all either auto-generated by an IDE or the
language-level type declarations have been added later. In any case
the comments don't add any new information to what the code already
says. This is just extra clutter that makes the code harder to read,
I would argue.
There are many, many more comments like this. In this patch I
intentionally focus on the most trivial 1-line comments.
Change-Id: Ia294bf4ce0d8a77036842fe25884bc175c2b0e7d
|
| |
|
|
|
|
|
|
|
|
|
| |
Implicitly marking parameter $... as nullable is deprecated in php8.4,
the explicit nullable type must be used instead
Created with autofix from Ide15839e98a6229c22584d1c1c88c690982e1d7a
Break one long line in SpecialPage.php
Bug: T376276
Change-Id: I807257b2ba1ab2744ab74d9572c9c3d3ac2a968e
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This avoids addition of new code with the deprecated global,
or at least it gives extra attention on review when new code also uses
the inline ignore
Change-Id: I5c1bc5a1685c28f153d4fbe3525959930f54b557
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As noted on the comments, this needed a markup that work better
in bidi scenarios and as a part of replacing bidi control codes
with HTML markup I was able to test different bidi scenarios
using <bdi> HTML tags.
Bug: T375975
Change-Id: If2af751fc9f78869acf7b7e93199fa927de2cc19
|
| |/
|
|
|
|
|
|
|
|
|
| |
This doesn't seem to be used anywhere except the tests and the
better API is to use $formatter->createBatch() API that
doesn't expose 'ugly boolean parameters' as described by
formatInternal method above so let's remove it.
https://codesearch.wmcloud.org/search/?q=formatStringsAsBlock
Change-Id: Ia7428f5dbdf6c76b7537ae3889aef077bb26c722
|
| |
|
|
|
| |
Bug: T353458
Change-Id: Id3202c0c4f4a2043bf97b7caee081acab684155c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move Linker::makeExternalLink to the LinkRenderer service, as has been
done with the other static methods of Linker.
In order to allow phan's SecurityCheckPlugin to perform a more accurate
analysis of taintedness, tweak the API of Linker::makeExternalLink to
clearly indicate via the type system whether the link text has already
been escaped or not: a `string` argument will always be escaped, and
if the argument is already escaped it should be passed as an HtmlArmor
object. In refactoring, `Message` arguments were also common, and accept
them as-is to avoid the caller having to think about whether to call
Message::text() or Message::escaped().
This allows us to provide a more precise taint type to the $text argument,
avoids an opaque boolean argument, and avoids spurious errors from
SecurityCheck.
We also require the caller to explicitly pass a Title context, instead
of implicitly relying on the global $wgTitle. This works cleanly
everywhere except for CommentParser, which has a $selfLinkTarget which
generally works as the title context for the external link, but which
is nullable. The original Linker::makeExternalLink() used $wgTitle as
a fallback, but $wgTitle can also be null in some circumstances. The
title context only determines how $wgNoFollowNsExceptions is handled,
so existing code basically just ignored $wgNoFollowNsExceptions when
$wgTitle was null, which isn't terrible. A future refactor could/should
clean up CommentParser to ensure that there is always a non-null title
context that can be used.
Change-Id: I9bcf4780f388ba639a9cc882dd9dd42eda5736ae
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-PENDING
A malicious editor could potentially create an edit summary or log
summary with links such that a link marker is in an attribute which
will then get replaced allowing the content to break out of the
attribute leading to an XSS.
Bug: T355538
Change-Id: If20a8a95e84bb2f6e132bdda4907e3db6f133a8e
|
| |
|
|
|
| |
Bug: T353458
Change-Id: Ic3f3168ef17113f5fb3ec11e0a47f52d65eefba9
|
| |
|
|
|
|
|
|
| |
Bug: T166010
Co-Authored-By: Daimona Eaytoy <daimona.wiki@gmail.com>
Co-Authored-By: James Forrester <jforrester@wikimedia.org>
Co-Authored-By: Subramanya Sastry <ssastry@wikimedia.org>
Change-Id: I79b4e732c45095eedbaa80afa5eb7479b387ed8a
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Updating name & email addresses for Brooke Vibber.
Re-ran updateCredits.php as well so there are some new entries in
there as well.
There are a couple of files in resources/libs that will have to
be changed upstream to keep tests happy, I will do patches
later. :D
Change-Id: I2f2e75d3fa42e8cf6de19a8fbb615bac28efcd54
|
| |
|
|
| |
Change-Id: I2fa6d52871e863497459ae26156aa7bdac12f5ee
|
| |
|
|
|
| |
Bug: T166010
Change-Id: Id13dcbf7a0372017495958dbc4f601f40c122508
|
| |
|
|
|
| |
Bug: T166010
Change-Id: Ia2e5a7367cc8cdbd8a7b845ae2fd5d776ff22891
|
| |
|
|
|
|
|
| |
One of the big ones, so doing this alone.
Bug: T166010
Change-Id: I4848e903b0c0a2f7c58ac19e0baeef0085a36bdc
|
| |
|
|
|
|
|
| |
One of the big ones, so doing this alone.
Bug: T166010
Change-Id: Ibe103cd362535d3cb94cb8931e95fc74099d1497
|
| |
|
|
|
|
|
| |
One of the big ones, so doing this alone.
Bug: T166010
Change-Id: I4c901d5c32696d8334ec30cede7d9b6f3d8d645e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is moderately messy.
Process was principally:
* xargs rg --files-with-matches '^use Title;' | grep 'php$' | \
xargs -P 1 -n 1 sed -i -z 's/use Title;/use MediaWiki\\Title\\Title;/1'
* rg --files-without-match 'MediaWiki\\Title\\Title;' . | grep 'php$' | \
xargs rg --files-with-matches 'Title\b' | \
xargs -P 1 -n 1 sed -i -z 's/\nuse /\nuse MediaWiki\\Title\\Title;\nuse /1'
* composer fix
Then manual fix-ups for a few files that don't have any use statements.
Bug: T166010
Follows-Up: Ia5d8cb759dc3bc9e9bbe217d0fb109e2f8c4101a
Change-Id: If8fc9d0d95fc1a114021e282a706fc3e7da3524b
|
| |
|
|
|
|
|
| |
And WikiReference
Bug: T321882
Change-Id: I60cf4b9ef02b9d58118caa39172677ddfe03d787
|
| |
|
|
|
|
|
|
|
|
| |
so that extensions (i.e. CheckUser) can implement their own comment
store without having a lot of code duplication
basically the comment store version of I3a6486532f2ef36
Bug: T233004
Change-Id: Ib40f99e00a514d41776ce521baf113e46d37e9cd
|
| |
|
|
|
|
|
| |
This feels like a no-brainer unless I'm missing something obvious
Bug: T321882
Change-Id: Id49c3d0dd6ea4593211048850856b5b8e05a8fb3
|
| |
|
|
|
|
|
|
| |
Introduced in PHP 7.1. Because it's shorter and looks nice.
I used regex replacement.
Change-Id: I0555e199d126cd44501f859cb4589f8bd49694da
|
| |
|
|
|
| |
Bug: T307153
Change-Id: I24b5db2f06042b2021478ece5b46d5c8bdb38a22
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mostly about adding return types to methods that implement PHP
interfaces, and not passing null to core functions that want a string.
After this patch, and an update to return types in RemexHtml,
tests/phpunit/integration/ has no more errors than in PHP 8.0.
Bug: T289879
Bug: T289926
Change-Id: Ia424f5cc897070f4188ae126b5bf6a1f552db0e1
|
| |
|
|
|
|
|
|
|
| |
Make phan stricter about conditional variable declaration
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T259172
Change-Id: I1f200ac37df7448453688bf464a8250c97313e5d
|
| |
|
|
|
|
|
|
|
|
|
| |
Make phan stricter about array keys
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T304887
Depends-On: I3105a5fd4826f8667b5232834defc5ec93be32a1
Depends-On: Ie9610a6e83731468311edb3ed17f80fc509de385
Change-Id: I701f12ab94478c3b8e7fd82110ade74a8e6b04ef
|
| |
|
|
|
|
|
|
|
|
|
| |
Make phan stricter about null types by setting null_casts_as_any_type to
false (the default in mediawiki-phan-config)
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T242536
Bug: T301991
Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
|
| |
|
|
|
|
|
|
| |
Also check for false if needed
Found by phan strict checks
Change-Id: I298204653dfb788515a87978dd8705b6e4f9c775
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Some functions accept only string, cast ints and floats to string
* After preg_matches or explode() casts numbers to int to do maths
* Cast unix timestamps to int to do maths
* Cast return values from timestamp format function to int
* Cast bitwise operator to bool when needed as bool
* php internal functions like floor/round/ceil documented to return
float, most cases the result is used as int, added casts
Found by phan strict checks
Change-Id: Icb2de32107f43817acc45fe296fb77acf65c1786
|
| |
|
|
|
|
|
|
|
|
| |
Check the more common case (local cached title) first, before
calling isAlwaysKnown which can be expensive due to hooks.
Follows-up Ica8733fb4a890fd2d2fc37eb85657c3715805133.
Bug: T293665
Change-Id: I8eb6144a3f1de5ebf9b4bd44e4021f9b6837f442
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Existence of global userpages (or similar nonlocal pages) can only be
known if the relevant title hook is involved, but LinkBatch is caching
these pages as bad links immediately after querying the local database.
CommentParser is then relying on this information to treat them as
always bad; thus preempting any further checks that might be done by
LinkRenderer to properly account for their magical existence.
Now title always-known status will be checked, to preempt bad linking.
Bug: T293665
Change-Id: Ica8733fb4a890fd2d2fc37eb85657c3715805133
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* In LinkBatch::addObj(), reject interwiki links with a warning.
Otherwise the link is added to the batch by ns/title and later
reconstructed as if it were a local link without an interwiki
prefix.
* In CommentParser, treat interwiki links as always good, don't defer
the existence check.
* In LinkBatch, inject a LoggerInstance instead of calling LoggerFactory
in four places.
* Add a regression test, and some general tests for known links.
Bug: T300311
Change-Id: I0e5825eb48a6ba2932aea69a4d0fff3439c50ff5
|
| |
|
|
|
|
| |
For better tracking of db queries
Change-Id: Idad72d0dabb2ff1684189bf958d14aaa8b3c08ab
|
| |
|
|
|
| |
Bug: T254646
Change-Id: Ia660ab95353cd8f05c50e60f30d29fd22b018a43
|
| |
|
|
|
| |
Bug: T292590
Change-Id: I8f830183c6deeb8bea146f1c1b791722a384220c
|
|
|
CommentParser:
* Move comment formatting backend from Linker to a CommentParser service.
Allow link existence and file existence to be batched.
* Rename $local to $samePage since I think that is clearer.
* Rename $title to $selfLinkTarget since it was unclear what the title
was used for.
* Rename the "autocomment" concept to "section link" in public
interfaces, although the old term remains in CSS classes.
* Keep unsafe HTML pass-through in separate "unsafe" methods, for easier
static analysis and code review.
CommentFormatter:
* Add CommentFormatter and RowCommentFormatter services as a usable
frontend for comment batches, and to replace the Linker static methods.
* Provide fluent and parametric interfaces.
Linker:
* Remove Linker::makeCommentLink() without deprecation -- nothing calls
it and it is obviously an internal helper.
* Soft-deprecate Linker methods formatComment(), formatLinksInComment(),
commentBlock() and revComment().
Caller migration:
* CommentFormatter single: Linker, RollbackAction, ApiComparePages,
ApiParse
* CommentFormatter parametric batch: ImageHistoryPseudoPager
* CommentFormatter fluent batch: ApiQueryFilearchive
* RowCommentFormatter sequential: History feed, BlocklistPager,
ProtectedPagesPager, ApiQueryProtectedTitles
* RowCommentFormatter with index: ChangesFeed, ChangesList,
ApiQueryDeletedrevs, ApiQueryLogEvents, ApiQueryRecentChanges
* RevisionCommentBatch: HistoryPager, ContribsPager
Bug: T285917
Change-Id: Ia3fd50a4a13138ba5003d884962da24746d562d0
|
