aboutsummaryrefslogtreecommitdiffstats
path: root/includes/actions/RollbackAction.php
Commit message (Collapse)AuthorAgeFilesLines
* Namespace all remaining files in includes/exceptionJames D. Forrester2025-03-251-4/+4
| | | | | | | | | In MediaWiki/Exception, to follow PSR-4 per plural vs. singular (this can be changed later if people really care). Also, move the couple of exceptions in here that were already namespaced in the MW-top-level into the new space. Bug: T353458 Change-Id: I12ed850ae99effb699a6d7ada173f54e72f0570e
* Namespace all remaining files in includes/actionsJames D. Forrester2025-03-191-0/+10
| | | | | Bug: T353458 Change-Id: Id3ca24e22877e544b707a8a527a58e00cc1bc247
* Namespace all remaining files in includes/pageJames D. Forrester2025-03-181-0/+1
| | | | | Bug: T353458 Change-Id: I7a9c74f2106655d41ae029742090253f541bd4a6
* RevisionRecord: add convenience methods for main slotdaniel2024-11-281-3/+1
| | | | | | | | | | | | | When accessing slot content and meta-data, most code wants to only access the main slot. Add convenience methods for making this less awkward. Originally, the intent was for all code to support arbitrary slots. This hasn't happened, instead we spread SlotREcord::MAIN all over the code base. It seems better to adjust the interface of RevisionRecord to reality. Change-Id: I8603f95c8e39d6fc3522a47f74657798e7f7c061
* Use namespaced classes (3)Umherirrender2024-06-161-0/+1
| | | | | | | Changes to the use statements done automatically via script Addition of missing use statement done manually Change-Id: Ia35b2d3105880631dd26ec974068b000ac7f4b6b
* Show all error messages on unsuccessful rollbackMatěj Suchánek2024-06-011-16/+14
| | | | | | | | | | | | | | | | | | Why: * When rollback fails, the status may include more than just one error message. This is quite common on Wikidata where the content is validated by multiple checks. Showing only one of them can mislead the patroller. What: * Show all messages from Status::getMessages. Do this not by throwing ErrorPageError, which can show only one message, but by writing them all to OutputPage. Note that there was already a code path that did the same thing (i.e., did not throw an exception). Bug: T127648 Change-Id: I90b1faea516644596a06d218f004dd13c2ae5f04
* Use StatusValue::getMessages() instead of deprecated methodsBartosz Dziewoński2024-05-181-4/+5
| | | | | | | | | This commit replaces some of the uses of getErrorsArray(), getWarningsArray(), getErrorsByType(), and getErrors(). In many cases the code becomes shorter and clearer. Follow-up to Ibc4ce11594cf36ce7b2495d2636ee080d3443b04. Change-Id: Id0ebeac26ae62231edb48458dbd2e13ddcbd0a9e
* Namespace Message, move to appropriate directoryJames D. Forrester2024-02-141-0/+1
| | | | | Bug: T353458 Change-Id: I088cbc53fbcdb974e5b05b45a62e91709dacc024
* Namespace includes/contextJames D. Forrester2024-02-081-0/+1
| | | | | Bug: T353458 Change-Id: I4dbef138fd0110c14c70214282519189d70c94fb
* Move user options related classes into its own namespaceMartin Urbanec2023-11-291-1/+1
| | | | | | | | | | | | | There are a couple of user options related classes already, and the T321527 work on dynamic defaults is going to add even more. Let's move them into a separate namespace to make core a bit more organized. Old name is kept as an alias for compatibility purposes. Bug: T321527 Bug: T352284 Change-Id: I9822eb1553870b876d0b8a927e4e86c27d83bd52
* Namespace remaining files under includes/deferredJames D. Forrester2023-11-221-0/+1
| | | | | Bug: T166010 Change-Id: Ibd40734b96fd2900e3ce12239d09becfb4150059
* Namespace Config-related classes under \MediaWiki\ConfigJames D. Forrester2023-09-211-0/+1
| | | | | Bug: T166010 Change-Id: I4066885a7ea071d22497abcdb3f95e73e154d08c
* Use OutputPage::setPageTitleMsg() instead of ::setPageTitle()C. Scott Ananian2023-09-181-2/+2
| | | | | | | | | | | | | | Passing a Message argument to OutputPage::setPageTitle() is deprecated, because the message is not properly HTML-escaped by default. Use ::setPageTitleMsg() instead wherever the message doesn't include HTML metacharacters. Also protect arguments with Message::plaintextParams() where appropriate. Bug: T343994 Bug: T343849 Change-Id: Iba67d008545249772c136c5d6d302110516d3b94
* rollback: Fire postEdit JavaScript hook on successKosta Harlan2023-09-011-0/+11
| | | | | | | | | | | | | | | | | | | | | Why: - Front-end code should be able to respond to actions that result in edits What: - Fire core's postEdit hook after a successful rollback action - Add the relevant code to the existing mediawiki.misc-authed-curate ResourceLoader module to avoid adding another RL Module - Output the mediawiki.misc-authed-curate module for successful scenarios in RollbackAction.php - Fire the postEdit hook without any messages. It's possible that a toast message makes sense, but that can be added later, if someone has a need for it; perhaps in the context of T88044 Bug: T345229 Change-Id: Icb33535d8d5ba3a386459befacab11971ae44f49
* Use real type hints for services etc. in actions/Bartosz Dziewoński2023-08-291-14/+5
| | | | | | | | | | | | | | | Mostly used find-and-replace: Find: /\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?)[\s\*]+/\s*(private|protected|public) (\$[a-z]\w+;\n)((?=\s*/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?))\n|) Replace with: \3 \1 \4 Followed by some manual review to make sure I'm not changing too much, omitting some changes that looked too complicated and anything that caused test failures, and some whitespace fixes. Change-Id: Ia8d8ce383525951a8ed09570d3eff08e3d3b7ed5
* Reorg: Move DummyLinker and Linker to linker/Amir Sarabadani2022-12-081-0/+1
| | | | | | | This feels like a no-brainer unless I'm missing something obvious Bug: T321882 Change-Id: Id49c3d0dd6ea4593211048850856b5b8e05a8fb3
* Action: Remove deprecated constructor parametersBartosz Dziewoński2022-11-031-5/+5
| | | | Change-Id: I8188172aeb7ec775eeb2060a1e163112e9e5ed66
* SECURITY: Hide suppressed users from rollback page error messagesManfredi Martorana2022-09-291-1/+8
| | | | | | | CVE-2022-41766 Bug: T307278 Change-Id: I6cd890d10cdbd2ea244b32ad4538728d64963210
* actions: Add Action::getAuthority and use itUmherirrender2022-07-081-1/+1
| | | | | | Shortcut function like SpecialPage::getAuthority Change-Id: I6e83fa270a4c57bbbc8e7343325bfe438f4ff459
* Use MainConfigNames instead of string literals, #4Aryeh Gregor2022-04-261-1/+2
| | | | | | | | | | | | | | | | | | | | | Now largely automated: VARS=$(grep -o "'[A-Za-z0-9_]*'" includes/MainConfigNames.php | \ tr "\n" '|' | sed "s/|$/\n/;s/'//g") sed -i -E "s/'($VARS)'/MainConfigNames::\1/g" \ $(grep -ERIl "'($VARS)'" includes/) Then git add -p with lots of error-prone manual checking. Then semi-manually add all the necessary "use" lines: vim $(grep -L 'use MediaWiki\\MainConfigNames;' \ $(git diff --cached --name-only --diff-filter=M HEAD^)) I didn't bother fixing lines that were over 100 characters unless they were over 120 and triggered phpcs. Bug: T305805 Change-Id: I74e0ab511abecb276717ad4276a124760a268147
* phan: Disable null_casts_as_any_type settingUmherirrender2022-03-211-0/+1
| | | | | | | | | | | Make phan stricter about null types by setting null_casts_as_any_type to false (the default in mediawiki-phan-config) Remaining false positive issues are suppressed. The suppression and the setting change can only be done together Bug: T242536 Bug: T301991 Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
* Pass rcid as integer to DifferenceEngine::createDifferenceEngineUmherirrender2022-03-051-1/+1
| | | | | | Found by phan strict checks Change-Id: I3c0454c1df66f6a04c3392acaf8368040d03eb77
* SECURITY: Fix permissions check in action=rollback (CVE-2021-45038)Kunal Mehta2021-12-151-1/+3
| | | | | | | | | | | | | | | | Because RollbackAction (as of 0a8403271109) overrided FormAction::show(), it was no longer checking that the user had the "rollback" userright. This restores that check, so people without the "rollback" right will not be able to even get to the rollback form. Then escape the user-supplied "from" parameter so it can't be used to reveal the contents of other pages through transclusion, e.g. "{{:Secret}}". wfEscapeWikiText() is also good practice for usernames in general, as they can contain markup like bullets or single quotes that affect output. Bug: T297574 Change-Id: I7424f67f1217482b977f9617f0275c41fb94b60f
* RollbackAction: fix missing pagetitleDerk-Jan Hartman2021-12-041-0/+2
| | | | | | | | This reimplemented the FormAction::show() but was missing the call to setHeaders(), which is responsible for setting the page title. Bug: T225888 Change-Id: Ie3ec5ce08beb6d2207abc30bd9b48c89a95bfb2a
* Introduce CommentFormatterTim Starling2021-09-281-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CommentParser: * Move comment formatting backend from Linker to a CommentParser service. Allow link existence and file existence to be batched. * Rename $local to $samePage since I think that is clearer. * Rename $title to $selfLinkTarget since it was unclear what the title was used for. * Rename the "autocomment" concept to "section link" in public interfaces, although the old term remains in CSS classes. * Keep unsafe HTML pass-through in separate "unsafe" methods, for easier static analysis and code review. CommentFormatter: * Add CommentFormatter and RowCommentFormatter services as a usable frontend for comment batches, and to replace the Linker static methods. * Provide fluent and parametric interfaces. Linker: * Remove Linker::makeCommentLink() without deprecation -- nothing calls it and it is obviously an internal helper. * Soft-deprecate Linker methods formatComment(), formatLinksInComment(), commentBlock() and revComment(). Caller migration: * CommentFormatter single: Linker, RollbackAction, ApiComparePages, ApiParse * CommentFormatter parametric batch: ImageHistoryPseudoPager * CommentFormatter fluent batch: ApiQueryFilearchive * RowCommentFormatter sequential: History feed, BlocklistPager, ProtectedPagesPager, ApiQueryProtectedTitles * RowCommentFormatter with index: ChangesFeed, ChangesList, ApiQueryDeletedrevs, ApiQueryLogEvents, ApiQueryRecentChanges * RevisionCommentBatch: HistoryPager, ContribsPager Bug: T285917 Change-Id: Ia3fd50a4a13138ba5003d884962da24746d562d0
* Cleanup mixed space/tab line indentUmherirrender2021-09-041-1/+2
| | | | Change-Id: I833052a656b1ce419c0929f6f0514f2a33c2c4cc
* RollbackAction: use UserOptionsLookup for ::getOption()Alexander Vorwerk2021-09-021-1/+1
| | | | Change-Id: I5651ff8b9cb7731daf799d87ab14b2ce8113ba4c
* Remove unneeded explicit true/false inside conditionsUmherirrender2021-08-171-1/+1
| | | | | | | | | The non-strict conditions in if/while are true/false without the check. In some situation the true/false is removed, because it is known to be a bool (by is_bool check or type hint) Change-Id: I5ca4c4771af25d2e785e82732df204a73653886e
* Revert "Use CsrfTokenSet as CSRF token source"Kunal Mehta2021-08-051-1/+1
| | | | | | | This reverts commit 0d75fdb4f73ddbf4ad5f29e14258d58e507d55b4. Bug: T287542 Change-Id: Iedd3461869f973f8d621a39e6ad4674cbb577551
* Add an ActionFactory and start converting to DIDannyS7122021-07-291-10/+44
| | | | | | | | | | | | | | | | | | | | | $wgActions used to map string action names to true, false, a string, a callable, or an object. Now it can also be an array (that isn't a callable) corresponding to an ObjectFactory spec for DI. This patch converts the revisiondelete and rollback actions to use DI, with the rest to be converted later. The new structure of $wgActions is fully backwards-compatible. We don't yet deprecate Action::factory(), ::getActionName(), and ::exists(), those will be deprecated in a follow-up. Additionally, we no longer impose a rule that only some actions can be overridden on a per-article basis via Article::getActionOverrides(). Bug: T253078 Change-Id: I0fc3c53d671eced1758458f9a0148180b40c6c9b
* Use CsrfTokenSet as CSRF token sourcePetr Pchelko2021-07-121-1/+1
| | | | Change-Id: I079d2c802d9b48d6abf7f37fa9ef7dafac631345
* Remove unused `'vertical-label' => true` from various formsBartosz Dziewoński2021-06-011-1/+0
| | | | | | | This option only has an effect when using a HTMLForm with display format set to 'table'. All of these forms use the 'ooui' format. Change-Id: I415fd47c13e74ad5ac346538858895a01008f95d
* Use WatchlistManager in several classesCindy Cicalese2021-04-211-5/+4
| | | | Change-Id: I720629e08373736b5fc1e12563b5059311b113e1
* Merge "Move most remaining legacy styles to interface.helpers.styles"jenkins-bot2021-04-201-0/+1
|\
| * Move most remaining legacy styles to interface.helpers.stylesmainframe982021-04-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | This module is used almost everywhere these elements are found. Methods in Linker that produce these elements list that this module is required for proper styling. Where possible, the module is added to retain the styles. Bug: T278576 Change-Id: I7dedebd3bce3b4aec127738edc81b180325f0836
* | Do not mark rollbacks as bot editsTaavi Väänänen2021-04-201-1/+5
|/ | | | | | | Also properly check for the CSRF token. Bug: T280655 Change-Id: I2446fd4f94dc04e2c10d878d372e32276fa8c3c8
* Factor out rollback logic from WikiPagePetr Pchelko2021-04-141-24/+20
| | | | Change-Id: I95da91875fcf2f53143c315560e35ccd5ffbf4b3
* Avoid using User::getBoolOption()ZabeMath2021-03-271-2/+4
| | | | | | | User::getBoolOption() is deprecated and should be replaced with UserOptionsLookup::getBoolOption() Bug: T277600 Change-Id: Ife3c721237258d50852bbf764def74657cc70428
* Convert WikiPage to authority.Petr Pchelko2021-02-271-1/+1
| | | | Change-Id: Iba5e36e5a13c304be51b82a952b2a3044e122c8c
* Use static closures where safe to useUmherirrender2021-02-111-1/+1
| | | | | | | | | This is micro-optimization of closure code to avoid binding the closure to $this where it is not needed. Created by I25a17fb22b6b669e817317a0f45051ae9c608208 Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
* WikiPage::commitRollback - also return a RevisionRecordDannyS7122020-06-201-4/+4
| | | | | | | | Still need to return a Revision until 1.36, but the Revision returned shouldn't be used in core Bug: T251965 Change-Id: Ie227c9449da2da2fdf99d595c08e80a15a78f5d5
* RollbackAction: Reduce uses of Revision objectsDannyS7122020-05-161-12/+23
| | | | | | | | | | | | WikiPage::doRollback passes Revision objects back to the caller, immediately convert to RevisionRecord and only use the RevisionRecord, will make eventual changes to stop returning Revision easier. Removes uses of Revision::getUserText and ::getContentHandler as well. Bug: T250579 Bug: T250981 Change-Id: Id812546ff24d7aa4fe11034a2beab51660bbbf45
* Replace uses and hard deprecate Article:: and WikiPage::getRevisionDannyS7122020-04-201-3/+6
| | | | | | Bug: T250532 Bug: T239975 Change-Id: Ic8f2baa0ac805d5196a7107bdc7a1abb36eba139
* Pass RevisionRecord to Linker methodsDannyS7122020-04-181-2/+2
| | | | | | | | | | | Hard deprecation of passing Revision objects will follow soon, but until that is ready core calls can be updated There is some code cleanup that could be done around the calls, but to simplify review no other changes are made. Bug: T249561 Change-Id: Ifcfb3811650decffeaa87dc033c41fd1710b47a6
* Remove direct access to Action::page and Article::page propertiesArtBaltai2020-03-271-3/+3
| | | | | Bug: T239975 Change-Id: Id0d4d1e099edbdd67cabbed423dfff68cc48d323
* phan: Disable enable_class_alias_supportUmherirrender2019-09-151-1/+1
| | | | | | It is enabled for b/c in extensions, but not needed in core Change-Id: I51dca12be9c77049f77563d9bf0edd07928c2300
* action: Avoid use of deprecated Revision::* constants, use RevisionRecordDerick Alangi2019-07-211-2/+4
| | | | Change-Id: I09e3182cd83977d143ca7b34b791ea2cd0df0ef8
* Remove temporary rollback confirmation toggleTim Eulitz2019-03-261-9/+1
| | | | | | | | | | | | | This patch removes the temporary rollback confirmation toggle that was implemented to allow certain wikis to disable the rollback confirmation feature while still showing the option in the user preferences. For reference: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/494249 Bug: T217437 Change-Id: I001d7927f6f44a4cc517a80b71f5b83aca33824c
* Implement temporary rollback confirmation toggleTim Eulitz2019-03-211-1/+9
| | | | | | | | | | This change implements a temporary feature toggle for the rollback confirmation change. The main purpose is to allow users of certain wikis (de-wiki, pl-wiki, for example) to turn off this upcoming feature before it is released to production. Bug: T217039 Change-Id: I6ed59afde5b75756053da3ae46858304dda9317d
* Implement non-JS RollbackAction with formTim Eulitz2019-03-211-28/+95
| | | | | | | | | | | This change prepares a form for the RollbackAction to allow rollbacks to be triggered via POST while also ensuring users are always prompted with a request to confirm the rollback if the rollback confirmation prompt is enabled. Bug: T215303 Change-Id: Iaf7e095b3bb34072eea6bcac76ba29358b14cc09
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-21 18:31:22 +0000