| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This supports use of Codex icons in user scripts, which do not have
access to them via ResourceLoader.
Bug: T311099
Change-Id: I4c47b0d17102bd446e6c846255349a6dbdeaf399
|
| | |
| |
| |
| |
| | |
Bug: T364905
Change-Id: Ia8fd682f6f173933e8678b78f7d8c837aaf62d7a
|
| | |
| |
| |
| |
| |
| |
| | |
Update query to filter pages that have the given min/max size
Bug: T364905
Change-Id: Ib7051f7594e6dd54d4f787c8781666bb9128f7d6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of special-casing it in EditPage and in ApiEditPage,
PageSizeConstraint sets the error message itself.
Add some notes about T384399. I hope this change can serve as an
example for further work on that task.
Other changes:
* Do not show the error on editor load, only on edit form submission.
The error on load was added in 2006 when the maximum page size was
first limited (aa2bde93 / SVN r13070), and should not be needed any
more now that there shouldn't be any pages exceeding the limit in
the database any more. In case there are, the user will still get
the message when they try to save an edit.
* Streamline the message (there's no need for emphasis in the message,
since it's shown in a very prominent error box these days).
* Use the same message in API errors. Preserve the API error code for
compatibility.
* Alphabetically sort some arrays and switch cases.
Bug: T384399
Change-Id: I0892d1189e29013b9ff4325c8017bab524b84b7e
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a session provider is safe against CSRF (e.g. OAuth), we can allow
cross-origin requests to be non-anonymous. This makes it possible to
have fully client-side web applications that authenticate users via an
OAuth 2.0 client (necessarily a non-confidential client) and then make
authorized requests against wikis using the Authorization header.
To opt into this new mode of CORS requests, we use a new boolean
parameter called "crossorigin". (An earlier version of this change
reused the existing "origin=*" parameter for this, but the change to its
previous “always anonymous” behavior was not welcomed during code
review.) The parameter is disabled by default via a config setting,
which is currently declared experimental; if this works out in practice,
we’ll presumably want to at least change it to non-experimental, though
I don’t know if we want to enable the feature by default (or even
unconditionally) or keep the setting as it is.
Note that the preflight request doesn’t send the real Authorization
header (it just includes its name in Access-Control-Request-Headers), so
the session provider in the preflight request is still the normal cookie
provider (which is why handleCORS() has to bypass the safeAgainstCsrf()
check in that case). This shouldn’t be an issue, because
executeActionWithErrorHandling() returns quite early if the request is
an OPTIONS request (immediately after handleCORS()), but to be sure that
the unsafe session isn’t used during the preflight request, I added a
"crossorigin" check to lacksSameOriginSecurity(). (That method is called
by the constructor before the param validator has been set up, so
$this->getParameter() is not available – hence the call to
$request->getCheck() instead, just as for the 'callback' parameter.)
Bug: T322944
Change-Id: I41200852ee5d22a36429ffadb049ec3076804c78
|
| |/
|
|
|
|
|
|
|
|
| |
This gives feature parity with ApiQueryLogEvents's 'parsedcomment'
leprop.
Needed by I2c24da2e44630b2bbbf1c041cb3c85cb1a1f7d66
Bug: T383180
Change-Id: Ia0c0c799e0b10b788ab414c9d7bd2fa3f018c3c7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ApiBlock:
* Add an "id" parameter. If this is given, update the specified block.
* Add a "newblock" parameter. If this is given, always add a new block,
don't check if the target is already blocked.
* If "reblock" is given and the target has more than one block, fail
with an "ambiguous-block" error.
Supporting changes:
* Add BlockUserFactory::newUpdateBlock(), which takes a DatabaseBlock
instead of a target union to act on. The block is passed through to
the BlockUser constructor.
* Rename the first parameter to BlockUser::placeBlock() from $reblock to
$conflictMode, and style it like an enum. Add the CONFLICT_NEW value,
to support the "newblock" API option.
* In DatabaseBlockStore::newFromId(), add $fromPrimary, so that ApiBlock
can pass data to BlockUserFactory with equivalent freshness to the
LHS.
Also:
* In BlockUser, memoize prior blocks loaded from the DB
* Move T287798 autoblock check to the memoized accessor. Just don't
return autoblocks.
* Move "TODO handle failure" comment in BlockUser to the called method.
It really can't fail.
* In DatabaseBlockStore::newFromId(), add an $includeExpired parameter
and default to false although it was previously implicitly true.
Based on a brief review of callers, I think this is beneficial.
Bug: T378147
Change-Id: Iea5b77cb27006b33f3dde61660be5ad2c374a425
|
| |
|
|
| |
Change-Id: I20d4061a57342edd2f87779bd2d6d8fad0e15f49
|
| |
|
|
| |
Change-Id: Ia76bc30a2a942730ae1a786ae43ee8bd71adc9d3
|
| |
|
|
| |
Change-Id: Idc7e5209d84adf5af8c62c85c295f1011bb20b78
|
| |
|
|
| |
Change-Id: I3eb563f794e4d0b7c2696487d87fa63bca480d7e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
php documentation:
If the size of post data is greater than post_max_size, the $_POST and
$_FILES superglobals are empty.
When the action= and format= are not in the GET data,
the help page is returned in html, breaking the clients expected format.
Return api error with http status 413
Bug: T291754
Change-Id: I5906fb6b4412b161b198df0b51e2476e7e1079b8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This change introduces two new optional parameters to the 'allusers'
API call named 'excludenamed' and 'excludetemp' that allows filtering
accounts based on whether they're named accounts or temporary
accounts. This is tested by using the temporary matchPattern
configured with $wgAutoCreateTempUser.
* User widgets that call 'allusers' have been updated so that
'excludenamed' and 'excludetemp' can be optionally set so that named
or temporary accounts may not returned with user suggestions.
Bug: T332030
Change-Id: I6563ae610017fd1cd35c36ba65906041f7f68c4b
|
| |
|
|
| |
Change-Id: I55d48a6c8844e87442f46a368f0e4112896825d3
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Extensions can use the ArticleParserOptions hook to customize the
parser options used for article read views, and Visual Editor uses
ApiParse to regenerate the article read view HTML after edit. In
order for VE to remain consistent with the original parse options,
provide a `usearticle` option to the parse API to allow it to invoke
the ArticleParserOptions hook.
Bug: T373212
Change-Id: I906affc8d2335b7bb48dff3a4b061fcf86b71cee
|
| |
|
|
|
|
|
|
|
| |
Add a "global" parameter to ApiOptions which allows it to update or
override global preferences.
Bug: T323076
Depends-On: I686c0091768ed330683fff89201fae4f93b8a1c4
Change-Id: Ieb2d0c0d0da5c51b2a47ed8a967a47b4e7ad4577
|
| |
|
|
|
|
|
| |
Removes usage of various deprecated SpecialEmailUser classes.
Bug: T362636
Change-Id: Ieb71a3741348ca9dae8c5bf32e891fee458ed5b2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Why:
* The ApiQueryContributors API description says that it returns
'the list of logged-in contributors' for given pages in the API
summary text.
* When temporary accounts are enabled, this list will include both
named and temporary accounts. As such, the message needs to be
updated to make this clear for users of the API on a wiki which
has temporary accounts enabled.
What:
* Add 'apihelp-query+contributors-summary-tempusers-enabled'
which is shown instead of the existing summary message for the
API if TempUserConfig::isEnabled returns true.
* Update existing mention of 'anonymous' with 'logged-out' to
per https://w.wiki/9Ji$ in the existing summary message.
* Update the existing message documentation for the summary message
to link to this new message to make it easier for translators.
* Test the newly added PHP code.
Bug: T341228
Change-Id: Id1bd597e068cb3aa946c94686ca6fa39ef1df89f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Why:
* Since 1941f28f609e88da1677f0beb99468bb77748040, the
recentchangesfeed API (ApiFeedRecentChanges) has treated
temporary accounts as being anon users for the purposes of the
'hideanons' parameter.
* However, the help text does not describe that temporary accounts
are treated in this way and as such the help text needs to be
modified depending on whether temporary accounts are enabled.
What:
* Add 'apihelp-feedrecentchanges-param-hideanons-temp' as a i18n
message which duplicates the existing 'apihelp-feedrecentchanges
-param-hideanons' but includes temporary accounts.
* Update ApiFeedRecentChanges::getAllowedParams to use the new
message if TempUserConfig::isEnabled returns true.
* Add the TempUserConfig as a injected dependency for
ApiFeedRecentChanges.
* Add an integration test to verify that the correct help message
is used for the 'hideanons' parameter in ApiFeedRecentChanges.
Bug: T358249
Change-Id: I516c1a563a81777217cda998efaeda7967dd224d
|
| |
|
|
| |
Change-Id: Ifc3dd77d11146b90f02981e0abcaaaa9ee80b2fe
|
| |\ |
|
| | |
| |
| |
| |
| | |
Bug: T196059
Change-Id: Ia41b55a1da13e14f633cb32ee8efcc2b4ff88cee
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
Bug: T196059
Co-Authored-by: Reedy <reedy@wikimedia.org>
Change-Id: I92236cea845c10ef1725891a49d48a04d5d3bfad
|
| |/
|
|
|
| |
Bug: T355146
Change-Id: Ieff4f1e57b59bfe246d355fd7f2dc5ab3f4c7303
|
| |
|
|
|
|
|
|
| |
This reverts commit 4afdd0e5c5727b268e0bba809c078d6f8904ba6c.
Reason for revert: translatewiki.net repos not in sync
Change-Id: I734323d296179b0204cfde738bb06ca2925574d7
|
| |
|
|
| |
Change-Id: I6b9748d4286f6e7bbc09fc724e0f4b69d28ad179
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Why:
* When using the TempUserCreator::create or ::acquireAndStashName to
get temporary account when the chosen username already existed, that
temporary account is treated as if it doesn't exist. This causes
confusing "userexists" errors and also causes the user to be logged
into an already existing temporary account.
* Furthermore, because the user existence check in AuthManager::auto
CreateUser only checks the local wiki, if an existing temporary
account exists globally but not on the local wiki then the code
sign a new user into an existing temporary account.
* This is very bad behaviour, though shouldn't happen unless the
serialMapping configuration uses a SerialMapping class that could
provide duplicates and/or the configuration has been changed to
use a different SerialMapping class.
* There is a need to change the SerialMapping class in use to a
different class, which means that the code will attempt to use
temporary account usernames which already exist.
* As such, the code that is generating the temporary account usernames
based on the SerialMapping and SerialProvider should be aware that
it may produce an already existing temporary account username, even
if the SerialMapping class being used is asserted to never provide
duplicates.
* Therefore, the code that generates temporary account usernames
should always attempt to verify that a automatically generated
temporary account name does not already exist on the wiki.
What:
* Update TempUserCreator::acquireName to check to see if the username
it generates already exists centrally using the CentralIdLookup.
If it does, then the method returns null. Otherwise, the username
that hasn't been used yet is returned.
* Create the private method TempUserCreator::attemptAutoCreate that
attempts an autocreate for a temporary account name, and optionally
logs the account in.
* Update TempUserCreator::create to use ::attemptAutoCreate to
first to check if the account can be created and then again once
the account is created to actually login to that temporary account.
This is done to prevent logins to existing temporary accounts on
the local wiki. The second call to actually perform the login is
necessary as there is no other way to login to a temporary account.
* Update TempUserCreator::acquireAndStashName to respond to the changes
to ::acquireName, such that it returns null if ::acquireName returns
null and also does not modify the session.
* Update EditPage::maybeActivateTempUserCreate to return a Status and
return a good status in all cases except when a temporary account
name could not be acquired.
* Add IEditObject::AS_UNABLE_TO_ACQUIRE_TEMP_ACCOUNT, and use it as
the value of the fatal status returned by EditPage
::internalAttemptSave if a temporary account name could not be
acquired. This will cause the display of a useful error to the
user on edit.
* Update ApiEditPage and ApiAcquireTempUserName to die with an error
if a temporary account username was unable to be acquired.
* Provide tests for the untested ApiAcquireTempUserName.php file
including testing the new behaviour.
* Add and update tests for TempUserCreator.php
Bug: T353390
Change-Id: Id3a316ea0eba544d51d4ffcdfb03e35f4b3c54cc
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Give hint that limits are lower as expected.
Pass the limit as parameter to the messages.
Bug: T351024
Change-Id: I11eb482eff3eb958b40c088de5a3b9e34a4ed9b2
|
| |/
|
|
| |
Change-Id: I5e2027db4b1c16c173c49ed576b79705a94c63d1
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rvcontentformat was deprecated in 07842be without replacement,
but it allows to control the expected output format of the content for
the client.
This is only useful for content handler with different formats,
like ProofreadPage's proofread-index format (supports wikitext and json)
or Wikibase's wikibase-property (supports json and php)
Bug: T174032
Bug: T321446
Change-Id: I4e0cde9c2d5c2857028e6dfa2b96ba9070a7fa8e
|
| |
|
|
|
|
|
|
|
| |
Most notably, uselang can be applied to a lot of API requests, but
is not automatically listed, & is very frequently not mentioned in
the examples given.
Bug: T265734
Change-Id: Idac9cec817a4eec6dd063310e4185014b38f6db3
|
| |
|
|
|
| |
Bug: T272294
Change-Id: I8078bb4a2f5cc2e45e8eb7a8ab29a71f5edb5ba8
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Easier to translate
There is no visible change on Special:ApiHelp/query+redirects
There is no visible change on Special:ApiHelp/query+linkshere
There is no visible change on Special:ApiHelp/query+transcludedin
There is no visible change on Special:ApiHelp/query+fileusage
Bug: T285545
Change-Id: Ifaf996219e48e7c0cb072f3d25424f56f2827045
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Easier to translate
There is no visible change on Special:ApiHelp/managetags
Bug: T285545
Change-Id: I329496afb7d30197d5fa8e3ca0a54d048542ceae
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Easier to translate
There is no visible change on Special:ApiHelp/query+deletedrevs
Bug: T285545
Change-Id: Ib2e3c6191c2f293136504a39cf6758cd1032398b
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Easier to translate
There is no visible change on Special:ApiHelp/opensearch
Bug: T285545
Change-Id: I0e6e49bc5a35b910b797c2860573cfe9da6746e9
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Easier to translate
There is no visible change on Special:ApiHelp/query+allpages
Bug: T285545
Change-Id: I3567596cba484e8ddf2ce58b3db2fce08cec8723
|
| |/
|
|
|
|
|
|
|
| |
Easier to translate
There is no visible change for example on
Special:ApiHelp/query+watchlist
Bug: T285545
Change-Id: I536fa3e07a951f3ff98870678ffdbc294a3c7bc0
|
| |\ |
|
| | |
| |
| |
| |
| | |
Bug: T342635
Change-Id: Id14c693f9f93eb2800605ce4235030926a534bd4
|
| |/
|
|
|
| |
Bug: T342633
Change-Id: I2ff53e12de9df8fe55bbdb668a72e0ba24c4f7b8
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add an API action=acquiretempusername
* Add a mw.config variable with the temp user name
* Add mw.user.acquireTempUserName, which checks the mw.config
variable, then fetches a name from the API
* Use mw.user.acquireTempUserName when previewing
Bug: T331397
Change-Id: Iec8a15dadd595bed0f7e54f907fbb8e192b45cf3
|
