| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace EditRightConstraint, UserBlockConstraint, and most of
UserRateLimitConstraint with the new AuthorizationConstraint.
Instead of many separate checks, everything is now handled by
one authorizeWrite() call.
Move 'editcontentmodel' rate limit to ContentModelChangeConstraint
(by making it use authorizeWrite()). Keep 'linkpurge' rate limit
in a separate check, renamed from UserRateLimitConstraint to
LinkPurgeRateLimitConstraint, since the way it works in unusual
and not portable to Authority without more refactoring in EditPage.
AuthorizationConstraint needs some special handling to produce
the idiosyncratic result codes required by EditPage, but luckily
PermissionStatus gives us everything we need for that.
Bug: T271975
Bug: T386346
Change-Id: Ic9f6f2fbd29efa3e349517013da540a363c263b5
|
| |
|
|
| |
Change-Id: I0d8d2237500ed6f18439410c902d47c42e4119bc
|
| |
|
|
|
| |
Bug: T353458
Change-Id: I3cf44dfe5425f2efb8409c83571c427447b053af
|
| |
|
|
|
|
|
|
|
| |
Generate the error message in the getLegacyStatus function in the constraint
class instead of EditPage. The submit button label has to be passed to the edit
constraint since the logic for determining it it resides in EditPage.
Bug: T384399
Change-Id: Id2a9ab57198dfa4df07f91b067944e9f9fefb81a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of special-casing it in EditPage and in ApiEditPage,
PageSizeConstraint sets the error message itself.
Add some notes about T384399. I hope this change can serve as an
example for further work on that task.
Other changes:
* Do not show the error on editor load, only on edit form submission.
The error on load was added in 2006 when the maximum page size was
first limited (aa2bde93 / SVN r13070), and should not be needed any
more now that there shouldn't be any pages exceeding the limit in
the database any more. In case there are, the user will still get
the message when they try to save an edit.
* Streamline the message (there's no need for emphasis in the message,
since it's shown in a very prominent error box these days).
* Use the same message in API errors. Preserve the API error code for
compatibility.
* Alphabetically sort some arrays and switch cases.
Bug: T384399
Change-Id: I0892d1189e29013b9ff4325c8017bab524b84b7e
|
| |
|
|
|
|
|
|
|
| |
Using Title::exists does not account for special or interwiki pages which are
also valid redirect targets. Using Title::isKnown instead does no longer cause
the warning to appear when redirecting to a special page or an interwiki link.
Bug: T384393
Change-Id: I35e4c72b0e21aaa36c1f8b1ac85fa819d353945e
|
| |
|
|
|
|
|
|
| |
Shows a warning when trying to create a redirect that points to another
redirect.
Bug: T326056
Change-Id: Ieb51dde88ce6c23753f74191a85cd40f0bfbd864
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Same as Ia294bf4 did for 1-line comments. This patch removes slightly
more complex 2-line PHPDoc comments that don't add any new information
to the code, but literally repeat what the code already says.
They say "don't document the code, code the documentation", and we
are doing this more and more. We just tend to forget to remove the
obsolete comments.
Note I'm also removing a line of text in a few cases when it's very
short and literally says the same as the method name. Again, such
comments add zero new information.
Change-Id: I01535404bab458c6c47e48e5456403b7a64198ed
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I assume these are all either auto-generated by an IDE or the
language-level type declarations have been added later. In any case
the comments don't add any new information to what the code already
says. This is just extra clutter that makes the code harder to read,
I would argue.
There are many, many more comments like this. In this patch I
intentionally focus on the most trivial 1-line comments.
Change-Id: Ia294bf4ce0d8a77036842fe25884bc175c2b0e7d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Rename the brokenredirect i18n key to edit-constraint-brokenredirect, as
requested in patch 1090544. Follow-up to 1089205.
Change-Id: I544fd9adc38f916f549d3fa1b7da51283a3beb68
|
| |/
|
|
|
|
|
| |
Extract the redirect target to a variable to avoid computing it multiple
times, as discussed in patch 1090544. Follow-up to 1089205.
Change-Id: I1603e8bd75c6e13055c0aa06fc435c34f60f11cf
|
| |
|
|
|
|
|
|
| |
Shows a warning when trying to create a redirect that points to a nonexistent page.
Update api tests to create the targets before the redirects.
Bug: T326057
Change-Id: Ib530f17527aa8e14b8865086faa8d9feff6116ef
|
| |
|
|
|
|
|
|
| |
Found by Phan thanks to the type hints being added in
I3e0df790ff9db2fa630f82408a7254a359fe61ca.
Bug: T378876
Change-Id: I286a4a51e879bdf61f65c87dc078621c51045bee
|
| |
|
|
|
|
|
|
|
| |
A constant is not a variable. The type is hard-coded via the value
and can never change. While the extra @var probably doesn't hurt much,
it's redundant and error-prone and can't provide any additional
information.
Change-Id: Iee1f36a1905d9b9c6b26d0684b7848571f0c1733
|
| |
|
|
| |
Change-Id: I017bcaffe6945d633d7387f9391803845369bfed
|
| |
|
|
|
| |
Bug: T353458
Change-Id: Id3202c0c4f4a2043bf97b7caee081acab684155c
|
| |
|
|
|
| |
Bug: T353458
Change-Id: Ia0f3e22078550be410c4b87faf6aa4eabe6e270d
|
| |
|
|
|
| |
Bug: T157658
Change-Id: I30829b61a992b9e6e9fde5d70f7fcf36bea56d5b
|
| |
|
|
|
|
|
|
|
| |
Instead of conditionally adding it, move the check for the section being new or
not into the constraint, to reduce the logic needed in
EditPage::internalAttemptSave().
Bug: T157658
Change-Id: If16f5a097dd38c5206f748fa4fb8dc6e56cf09cb
|
| |
|
|
|
|
|
|
| |
Use the renamed ExistingSectionEditConstraint, and just make the content it
gets nullable.
Bug: T157658
Change-Id: I6e077f1e54ea05f77b431a7437c4a56c9dc56306
|
| |
|
|
|
|
|
|
|
| |
In preparation for also handling the AS_REVISION_WAS_DELETED failure in the
constraint, rename it in a separate commit so that git can more easily track
the change.
Bug: T157658
Change-Id: Id55b40d8e327429fbaf45a96c0b00caaa9110da1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In all of these comparisons, both sides are strings (enforced by type
hints), so we don't need to worry about type jugging, and only need
to consider if it's possible for both sides to be numeric strings [1]
before we change the `==` comparisons to `===`.
AutoSummaryMissingSummaryConstraint.php:
The return value of md5() is very unlikely to be a numeric string
(and when it is, this code would work incorrectly, in effect only
comparing a part of the hash). Seems safe to change it.
MissingCommentConstraint.php:
NewSectionMissingSubjectConstraint.php:
The empty string is not a numeric string. Safe to change.
[1] "If both operands are numeric strings [2] [...] then the
comparison is done numerically."
https://www.php.net/manual/en/language.operators.comparison.php
[2] "A PHP string is considered numeric if it can be interpreted as
an int or a float."
https://www.php.net/manual/en/language.types.numeric-strings.php
Change-Id: Id47f006797df9df392323610480196b1ce09a0f4
|
| |
|
|
|
|
|
|
|
| |
Instead of conditionally adding the NewSectionMissingSubjectConstraint and
MissingCommentConstraint based on creating a new section, always add those and
have the constraints themselves just pass if not creating a new section
Bug: T157658
Change-Id: Ie5bf352bd714b6b706445f4f02c986706f26bb1f
|
| |
|
|
|
|
| |
This change improves type safety and code readability.
Change-Id: I839bff97e10188af79d658b44caa5413f6c538ad
|
| |
|
|
|
|
|
|
|
| |
getPermissionStatus() does the same thing but better.
A lot of things use the legacy error arrays though, we're nowhere near
removing it.
Change-Id: Iff60dbb0593329a584d003b2407bbf24d5b22aea
|
| |
|
|
|
| |
Bug: T353458
Change-Id: I088cbc53fbcdb974e5b05b45a62e91709dacc024
|
| |
|
|
|
| |
Bug: T353458
Change-Id: I4dbef138fd0110c14c70214282519189d70c94fb
|
| |
|
|
|
|
| |
Using RateLimiter::limit instead.
Change-Id: Ia27cba5023994bfdc61f6d27702eeb98502d6dd4
|
| |
|
|
|
|
|
| |
Changes to the use statements done automatically via script
Addition of missing use statements and changes to docs done manually
Change-Id: I443aada1c18c8628b02671aa9fd6f441961e5c2e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the edit rights check would fail if you didn't have edit
rights in general. This made it difficult to write custom permission
extensions that want to give users edit rights to a few specific pages
while not giving rights in general.
This check goes back to 2005 when the edit rights system was first
introduced a2a28a34c1fc. Presumably per-page permissions didn't exist
yet.
Bug: T342515
Change-Id: Ibcf0e18c44912abdd02a676a551da3cc7ed22ee0
|
| |
|
|
|
| |
Bug: T166010
Change-Id: I7257302b485588af31384d4f7fc8e30551f161f1
|
| |
|
|
|
|
|
|
|
|
| |
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The db/ directory does not have an owner and it's a mess in general.
These classes don't depend on anything in core except the rdbms library.
Let's simply move it there. In other words, Krinkle made me do it.
Since the class was moved in I6202e52ba73 merged less than a week ago,
no need to alias anything.
Bug: T321882
Change-Id: I24ceeb8bf765a50f441270136acd612359d50aa2
|
| |
|
|
|
|
|
|
| |
They are not suitable to go to rdbms library as they depend on mediawiki
pieces, the second best place is the db/ directory.
Bug: T321882
Change-Id: I6202e52ba7306d74261206c2ba7930c5f1a0a18e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is moderately messy.
Process was principally:
* xargs rg --files-with-matches '^use Title;' | grep 'php$' | \
xargs -P 1 -n 1 sed -i -z 's/use Title;/use MediaWiki\\Title\\Title;/1'
* rg --files-without-match 'MediaWiki\\Title\\Title;' . | grep 'php$' | \
xargs rg --files-with-matches 'Title\b' | \
xargs -P 1 -n 1 sed -i -z 's/\nuse /\nuse MediaWiki\\Title\\Title;\nuse /1'
* composer fix
Then manual fix-ups for a few files that don't have any use statements.
Bug: T166010
Follows-Up: Ia5d8cb759dc3bc9e9bbe217d0fb109e2f8c4101a
Change-Id: If8fc9d0d95fc1a114021e282a706fc3e7da3524b
|
| |
|
|
|
| |
Bug: T321882
Change-Id: I5dc1f7e9c303cd3f5b9dd7010d6bb470d8400a18
|
| |
|
|
|
|
| |
Doc-only changes
Change-Id: I5177f582ae7ee70c357e9389fed14819faf79463
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, `$this->summary` was used for two different purposes.
Usually it was just the summary. But when `$this->section` was 'new',
then it was actually the section title most of the time – unless
`$this->sectiontitle` was also set (in which case it took priority),
and until it was replaced by the real edit summary (near the end of
the processing, after copying the section title to the page content
and before saving changes).
Unsurprisingly some of the code didn't handle this duality correctly,
causing T191722 and T311533.
Now `$this->summary` is always the summary, and when `$this->section`
is 'new', then `$this->sectiontitle` is always the new section title.
The only place where this duality remains is in the input attributes
and query parameters, where 'wpSummary' is still used for both the
summary and the section title inputs (only one of them can appear,
depending on whether `$this->section` is 'new'). It would be an
unreasonable backwards-compatibility break to change this, and the
code handling this is somewhat isolated from the rest of the logic.
Bug: T191722
Bug: T311533
Change-Id: I5313ca9a045d112ece390b011a34192220e2abc1
|
| |
|
|
|
|
|
|
|
| |
'summary' must only be used as the section title when 'sectiontitle'
is not provided. Otherwise the provided section title must be used,
even if it is empty.
Bug: T54747
Change-Id: Id86d5cdd9e04cf1b2f3fbf243a4b250e2924cf87
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now largely automated:
VARS=$(grep -o "'[A-Za-z0-9_]*'" includes/MainConfigNames.php | \
tr "\n" '|' | sed "s/|$/\n/;s/'//g")
sed -i -E "s/'($VARS)'/MainConfigNames::\1/g" \
$(grep -ERIl "'($VARS)'" includes/)
Then git add -p with lots of error-prone manual checking. Then
semi-manually add all the necessary "use" lines:
vim $(grep -L 'use MediaWiki\\MainConfigNames;' \
$(git diff --cached --name-only --diff-filter=M HEAD^))
I didn't bother fixing lines that were over 100 characters unless they
were over 120 and triggered phpcs.
Bug: T305805
Change-Id: I74e0ab511abecb276717ad4276a124760a268147
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow EditPage to create a user on page save. This has to be enabled
in config and then activated by the UI/API caller.
* Add an autocreate source for temporary users.
* Allow editing by anonymous users via automatic account creation when
$wgGroupPermisions['*']['edit'] = false. On an edit GET request, use
an unsaved placeholder user to stand in for post-create permissions.
* On preview or aborted save, the username to be created is stashed in a
session and restored on subsequent requests.
* On a (likely) successful page save, create the account.
* Put regular non-temporary users in a "named" group so that they can be
given additional permissions.
* Use a different "~~~" signature for temporary users
* Show account creation warnings on edit and preview.
Change-Id: I67b23abf73cc371280bfb2b6c43b3ce0e077bfe5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use multiple error boxes instead of a wikitext list of error messages,
as the latter has several issues (as reported on phab). Also, remove the
edit-error-* messages as they don't seem to add any value. Also, don't
use the passed-in context, inject what the class actually needs instead
(but keep the context for the hook).
Bug: T303060
Bug: T230229
Change-Id: I2806e57826e7ab062b45dd1d9972b05fd6baeafb
|
| |
|
|
|
|
|
| |
Replace HTML class for boxes with "mw-message-box-" style.
Bug: T300358
Change-Id: Iddb0fd3ae859714fb03d3a6d4586f8525becaac6
|
| |
|
|
|
|
|
|
|
| |
The functions returning null or the class property is set explict null.
Some function should not accept null or return null.
Found by phan strict checks
Change-Id: Ie50f23249282cdb18caa332f562a3945a58d86ff
|
| |
|
|
|
|
|
|
|
| |
When the value is a constant, the initialization can be done
way up together with the property declaration. I believe
this makes the code easier to read because it's not spread
out so much.
Change-Id: I5af482feccb746c144c0f318e119165cf5a56cbe
|
| |
|
|
| |
Change-Id: Icaea2b6665cfc3b811d94f70c93452237f5e72bf
|
| |
|
|
| |
Change-Id: I852453fbeeebdc4e34c0b35c0fdca4b4ab74fde9
|
| |
|
|
| |
Change-Id: I833052a656b1ce419c0929f6f0514f2a33c2c4cc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0
The following sniffs now pass and were enabled:
* Generic.ControlStructures.InlineControlStructure
* MediaWiki.PHPUnit.AssertCount.NotUsed
npm:
* svgo: 2.3.0 → 2.3.1
* https://npmjs.com/advisories/1754 (CVE-2021-33587)
Change-Id: I2a9bbee2fecbf7259876d335f565ece4b3622426
|
