aboutsummaryrefslogtreecommitdiffstats
path: root/includes/specials
Commit message (Collapse)AuthorAgeFilesLines
* SpecialExport: Prevent passing null to strtolowerPaladox2024-09-211-1/+1
| | | | | Change-Id: I89f0776ee5d61b2f58da2115b0a00ad2ddcbfe5a (cherry picked from commit deb607c3508bb7089581a39efd603387e5030e39)
* Use i18n strings for truncated subpage message in SpecialMovePageDreamy Jazz2024-04-061-10/+9
| | | | | | | | | | | | | | | | | | | Why: * Now that the security patch for T357760 has been uploaded to gerrit, the hardcoded English strings can be replaced with i18n message keys. The use of hardcoded English was necessary to avoid causing a localisation cache refresh on every WMF production deployment. * While this is being done, it would be useful to add tests to verify that the changes being made are correct and that the security fix continues to work. What: * Replace the hardcoded English strings with i18n message keys in SpecialMovePage::showSubpagesList Bug: T357760 Change-Id: Ib0603f9188f624229b3c9e6d30b8c7266420f8ce
* SECURITY: Limit subpages displayed on Special:MovePage formDreamy Jazz2024-03-281-3/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2024-PENDING Why: * Special:MovePage shows the list of subpages for the page provided before the user submits the form. * There is currently no limit on the number of subpages shown and as such loading the move page for a page with tens of thousands of subpages causes request timeouts when trying to generate the link HTML for each subpage. * Special:MovePage does not need to display all the subpages and can limit the list to wgMaximumMovedPages subpages as the user who submits the form would only move that many subpages if they specified to move these subpages. * A user wanting to find the full list can use Special:Prefix Index which provides paging. What: * Provide a $limit to Title::getSubpages for both calls in SpecialMovePage::showSubpages. $limit is defined as $wgMaximumMovedPages plus 1, where the extra subpage is used to determine if the results were truncated similar to IndexPager. * Because i18n modifications in security patches are to be strongly avoided, hard code the message shown when the list of subpages is truncated. This should be replaced with an actual message key when this is publicly uploaded to Gerrit. Bug: T357760 Change-Id: I78fa0b04d2bc82c8deffa2ed5433eb2563c17962
* filerepo: Fix img_major_mime for files with a non-standard extensionsapasternak2024-01-291-23/+3
| | | | | | | | When calculated img_major_mime is different than allowed by the database schema enum, set the value to unknown. Bug: T355530 Change-Id: Ie39b3330c3afffa670545413b943e5fcb6d24cf7 (cherry picked from commit ea00eefe4e5e551add09b0bf687ad92d23f42ebb)
* Add missing space in Special:RecentChangesLinkedJean-Luc Hassec2024-01-141-1/+1
| | | | | | Bug: T355017 Change-Id: Ia5a2147be040533ec26b8124d03045af28cd2ab7 (cherry picked from commit 38f8d82b2eaca5376b18ac9831f06773e88d64c1)
* Merge "Headings in the license pickers should not be selected" into REL1_39jenkins-bot2024-01-021-2/+2
|\
| * Headings in the license pickers should not be selectedDerk-Jan Hartman2023-12-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The default value for the license picker is empty string. The value of the headings within the license picker are also empty string. This caused the last heading to be pre selected instead of MediaWiki:nolicense when MediaWiki:licenses specified a list with headings. Bug: T334992 Change-Id: I837f30af96642831e5cac685218ddd84d4225ede (cherry picked from commit 16ee2133efc66eda56462e2f594dd47156f6e49f)
* | ActiveUsersPager: Count actions only onceMatěj Suchánek2023-12-241-1/+1
|/ | | | | | | | | | | | | | | Since user groups are in 1:N relationship to users, the subquery returns one row for every user and user group pair. GROUP BY aggregates rows just by user, therefore actions are counted for each user group. Solve this by adding DISTINCT to COUNT. This is the least effort fix. Alternatively, the inner subquery could be rewritten to only return one row per user. Bug: T353929 Change-Id: If110b667ededae5053e94d7d930afb88c4c693ed (cherry picked from commit 9c91a2badd656c5dfe85c5ff5ef6bb9915217fef)
* ImportReporter: Make callback functions publicFunc2023-09-231-2/+2
| | | | | | Bug: T347227 Change-Id: Ice9a6f9cfbf6b6640d01e05b02c557f63b6a5600 (cherry picked from commit 500118ead372cdb6e2457d1d31c21f4796790f52)
* build: Update mediawiki/mediawiki-phan-config to 0.12.0Daimona Eaytoy2023-06-293-3/+1
| | | | | | | | This patch only adds and removes suppressions, which must be done in the same patch as the version bump. Bug: T298571 Change-Id: I4044d4d9ce82b3dae7ba0af85bf04f22cb1dd347
* Fixes for the phan upgrade, part 2Daimona Eaytoy2023-06-291-13/+14
| | | | Change-Id: I1c6beba4ff6132b07cbf0a6c96be056509aa5eff
* SpecialEditTags: Set default of '' for wpReasonReedy2023-02-251-1/+1
| | | | | | Bug: T330529 Change-Id: If0fcebbb5926cc6264dc51ce3f6ff9b3fb54a4e9 (cherry picked from commit 5b15c7c4393222be037dd9a2ea0ade0d4e20ef0c)
* SpecialRevisionDelete: Set default of '' for wpReasonReedy2023-01-311-1/+1
| | | | | | | | | | Prevents: PHP Deprecated: htmlspecialchars(): Passing null to parameter #1 () of type string is deprecated Bug: T289926 Change-Id: I29851ae8ccbc33f36bd40ac77b76bccb2b93605d (cherry picked from commit 490fc0fec34dbefbeee5e47a8b35b7397aff2223)
* Respond to some messages from Phan on PHP 8.1Tim Starling2023-01-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ForkController, OrderedStreamingForkController: indeed pcntl_fork() can't return false. * RL\Image: Specify type instead of using suppression, since the issue name changes. * VueComponentParser: Accept complaint about nullable nodeValue. * Disable PHP 8.0 polyfill stubs when running on PHP 8.0+ to avoid duplicate interface errors. * Add Socket stub and use it in LegacyHandler instead of multiple existing suppressions. * MemcachedPeclBagOStuff: accept complaint recommending !$result over $result === false when the type is boolean. * MemcachedPeclBagOStuff: fix probable bug, ignoring errors from Memcached::getMulti(). Phan noticed that $res=false was unreachable, but it should probably be reachable. * DatabaseMysqli: accept complaint that $this->conn->errno is already known to be an int. It was probably a hack for some previous version of Phan. * BcryptPassword, MWOldPassword, MWSaltedPassword: accept complaint that the !is_string() checks are unnecessary, after code review of PHP. * Pbkdf2Password: note that contrary to Phan's suggestion, this check is necessary. Squashed with @phan-var from e1041b4 * SpecialWatchlist: accept complaint that $selectedHours is unconditionally a float, being the return value of round(), and thus the cast is unnecessary. * Add stub for AllowDynamicProperties, resolving an error in User.php. * Xml: accept complaint that $encMonth is already known to be an int. * DefaultPreferencesFactory: Include fix for timezone list from e1041b4 (code was moved to HTMLTimezoneField) Six errors remain. These need suppressions or otherwise conflict with PHP 7.4 support. Bug: T322278 Bug: T326367 Change-Id: Ie375bbc8ccf22330b9a169e8da98f2bbe26ec8b9 (cherry picked from commit 7b3e7c017ab80667fffd2f893bb37addb037a2d1)
* SpecialBotPasswords: Don't pass null to trim()Reedy2022-11-091-6/+9
| | | | | | Bug: T322803 Change-Id: I4f9c1147b4a3f7d996c1ea4b23204d4f18402a95 (cherry picked from commit b550ea30128c39096a7d35b6c0c015461c67f92b)
* SpecialChangeEmail: Set default for returntoqueryReedy2022-09-241-1/+1
| | | | | | Bug: T318460 Change-Id: I8b3e0acebc0b17e7c0e7e2e90ea019f8967e2ff0 (cherry picked from commit d33683ffa1da4c87584f51a0a058c72824849df4)
* Introduce PagerNavigationBuilder for making pagination linksBartosz Dziewoński2022-09-052-36/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We had several implementations of almost identical paging links: * PrevNextNavigationRenderer: The nicest one, somewhat recently added (4ca72763ec). Unfortunately it was also the least featureful: only supporting paging by numeric offset and not by index, and not able to generate "first"/"last" links. Also, I didn't realize that it exists when working on 94553a1bcb and b95d208340, so it was missing those changes too. * IndexPager/ReverseChronologicalPager/AlphabeticPager: These have been here forever. The most featureful, but not configurable, so a large part of the implementation was copy-pasted in two classes. * SpecialWhatLinksHere: Through some accident of history, this one special page ended up with its own implementation??? They are all replaced to use the new PagerNavigationBuilder. It may be slightly too much, but I had fun writing it. Notable changes compared to PrevNextNavigationRenderer: * Adds <div class="mw-pager-navigation-bar"> wrapper around the navigation and <span class="…"> wrappers on inactive links * The current limit link is made inactive (like the "prev" link when on first page, etc.) Notable changes compared to ...Pager/...Pager/...Pager: * Does not generate useless tooltips that contain only the title of the page, can use custom tooltips * The current limit link is made inactive (like the "prev" link when on first page, etc.) * All links have query parameters in a consistent order: ?title= &... &dir= &offset= &limit= (some of them are optional) These changes affect many special pages and actions. I tested on: * Special:Contributions (ReverseChronologicalPager) * action=history (ReverseChronologicalPager) * Special:Categories (AlphabeticPager) * Special:WantedPages (PrevNextNavigationRenderer) * Special:Search (PrevNextNavigationRenderer) * Special:WhatLinksHere Bug: T308364 Change-Id: Ic75bd597b210e14612ca3aebb531b659897e8294
* Add a new function LanguageFactory::getRawLanguageFomafix2022-09-041-1/+1
| | | | | | | | | | | The new function getRawLanguage does not replace DummyLanguageCodes. Use the new function getRawLanguage on AllMessagesTablePager. This allows to see system messages defined in a dummy or deprecated language code. Bug: T315665 Change-Id: I4569d8106b8b6e0b637bb529a6cf48191d69ec5b
* Replace wfGetLangObj() by $languageFactory->getLanguage()Fomafix2022-09-042-1/+26
| | | | | | | The input validation with fallback to content language is done via $languageNameUtils->isKnownLanguageTag( $lang ). Change-Id: Ia41281d18108ff95f9439a8f0c0108746cb9ab40
* Track change email/passwordELLENR2022-09-012-4/+6
| | | | | Bug: T311672 Change-Id: I024d31fdc14a41468fd9c11c7b936c22cac8b286
* SpecialRecentChangesLinked: Pass query builder instead of SQLAmir Sarabadani2022-08-231-3/+8
| | | | | | | This allows to set max time when only one sub query is going to be executed. Change-Id: I519464a14f7145635266eab30bfc685bc196d7b2
* Merge "Remove references to removed 'watchlist' query group"jenkins-bot2022-08-171-1/+1
|\
| * Remove references to removed 'watchlist' query groupBartosz Dziewoński2022-08-161-1/+1
| | | | | | | | | | | | | | | | The 'watchlist' query group no longer exists in WMF production since T263127, and it's not included in the list of supported query groups in docs/database.md. Change-Id: I6ea5c65921891ac6a705a6ff7e79b08fa5a9bf42
* | SpecialRecentChangesLinked: Use array_uniqe on fields and tablesAmir Sarabadani2022-08-171-2/+2
| | | | | | | | | | | | | | | | This fixes errors like P32464 when an extension (in this case Translate) re-introduces RC fields causing errors like this: Error 1060: Duplicate column name 'rc_title' Change-Id: I76113ca0dc17b1bb6125318cd68567d477d00f85
* | SpecialRecentChangesLinked: Use rdbms code for building the main queryAmir Sarabadani2022-08-151-4/+13
|/ | | | | | | | | | | | Currently, the main query is basically built by gluing string which can easily break in other RDBMS systems. In order to fix this, I basically wrapped this around a select and made the main query a subquery in FROM statement. Also while we are at it, let's add support for max execution time. Change-Id: I1320d03739968dac446065df747c3ecb99e292d6
* SpecialBlock: Set defaults for wpPageRestrictions and wpNamespaceRestrictionsReedy2022-08-101-0/+2
| | | | | | Bug: T314906 Bug: T314907 Change-Id: I36642030e1bb5dcf129427b8a54e5124e5e93b1f
* Update styling of message that show up when no results are foundMark Shenouda2022-08-091-5/+5
| | | | | | | | | [x] Spacing update [x] Font size adjustments [x] Switch the position of the sentences Bug: T308706 Change-Id: Ifbd264632bd281cd4d08c3bfbbb5c165c8b02673
* mail: Replace deprecated User::getOptionUmherirrender2022-08-051-2/+12
| | | | | Bug: T296083 Change-Id: Id6497992210b32cac0ddb5149869402e60a53fa2
* Merge "Suggest files when searching subpages for Special:FilePath"jenkins-bot2022-08-051-1/+37
|\
| * Suggest files when searching subpages for Special:FilePathUmherirrender2022-04-131-1/+37
| | | | | | | | | | | | Searching for "Special:FilePath/Wi" shows "Wiki.png" for example. Change-Id: I093951bbb294b07723c00dcea0d6488117a15895
* | Merge "Fix LoginHelper::showReturnToPage() docs"jenkins-bot2022-08-041-2/+4
|\ \
| * | Fix LoginHelper::showReturnToPage() docsGergő Tisza2022-08-031-2/+4
| | | | | | | | | | | | Change-Id: Ic51713d0b72aab50ce5231c2db7e4bd08eb40d18
* | | Merge "SpecialMergeHistory: Set timestamp to '' if no mergepoint"jenkins-bot2022-08-041-1/+1
|\ \ \
| * | | SpecialMergeHistory: Set timestamp to '' if no mergepointReedy2022-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | No point defaulting to '' then running preg_match over it anyway Bug: T314550 Change-Id: Id0be98caa91fa0f98a540dd7eb914ee5774c1e89
* | | | SpecialMergeHistory: Set defaults for target and dest parametersReedy2022-08-041-2/+2
|/ / / | | | | | | | | | | | | Bug: T314551 Change-Id: Iaad75f98aa6dbce981b4be1ab6b37967a83fe050
* | | Merge "SpecialBlock: Better handle null in getTargetUserTitle"jenkins-bot2022-08-021-2/+5
|\ \ \
| * | | SpecialBlock: Better handle null in getTargetUserTitleReedy2022-08-021-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update PHP docs to match * Only send $target to IPUtils::isIPAddress() if it's a string Bug: T314397 Change-Id: I3d885f4602e7a3017b73472dcd082c569c08b6d5
* | | | SpecialGoToInterwiki: Null coalescene $parReedy2022-08-021-0/+2
|/ / / | | | | | | | | | | | | Bug: T314404 Change-Id: I095e51c97fac71096ed9540408c0980f55c0a1c4
* | | Merge "SpecialCategories: Null coalescene $par"jenkins-bot2022-07-301-1/+1
|\ \ \
| * | | SpecialCategories: Null coalescene $parReedy2022-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | Bug: T314225 Change-Id: Ie5f0c212c978d88d7eda5cf80f3c5b21cab9eb5f
* | | | SpecialImport: Replace custom JS with HTMLForm disable-ifTimo Tijhof2022-07-301-6/+7
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Make use of the HTMLForm `disable-if` feature. This is documented in HTMLForm.php, and implemented by htmlform/cond-state.js using the same `$radios.filter( ':checked' )` and `setDisabled()` logic as was done here. * After enabling `disable-if` for HTMLForm in SpecialImport.php, one notable thing happens, which is that the individual radio buttons are wrapped and infused by OOUI. This would break the other hack in special.import.js relating to injecting the namespace selector in-between two adjacent radio inputs. This isn't natively supported in HTMLForm yet (afaik), and can be kept working by changing the CSS selector slightly to not rely on that implementation detail. It now works based on the default HTML rendering as done in PHP, regardless of whether it is infused or not. * Declare JS variables inline where possible. * Refactor the `sources` array to not involve extra DOM queries. Instead, list them as plain strings unconditionally and instead check for presence within the forEach. Change-Id: Ied90166a4a9deede220c7b8a9f9c1711ac69c72d
* | | Migrate use of ${var}-style string interpolationMáté Szabó2022-07-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | The "${var}" and "${expr}" style string interpolations are deprecated in PHP 8.2. Migrate usages in core to "{$var}" as appropriate. Bug: T314096 Change-Id: I269bad3d4a68c2b251b3e71a066289d4ad9fd496
* | | Fix some special pages submitting 'title' parameter twiceBartosz Dziewoński2022-07-272-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow-up to ef2e948d31d9fc57cb208ebbd85a9fc902c6f28d. Use setTitle() to suppress the subpage title instead, like in 947ba9f2acde02b908041074aeb1258f274d5a8d. Bug: T313990 Change-Id: I895c637277e5eea8a454d0f45dc4b16e2be28ab9
* | | Merge "SpecialContributions: Display form errors"jenkins-bot2022-07-201-1/+13
|\ \ \ | |/ / |/| |
| * | SpecialContributions: Display form errorsBartosz Dziewoński2022-07-141-1/+13
| | | | | | | | | | | | | | | Bug: T311948 Change-Id: Idd5028ccc123096b6e3b8f1b686cebf61f6d7f19
* | | Handle setComment for specialsMark A. Hershberger2022-07-183-5/+5
| | | | | | | | | | | | | | | Bug: T313220 Change-Id: I7e35a949b5eebf41608fa40cbc5502b17f13880c
* | | SpecialRecentChangesLinked: Only add the second join if it's read newAmir Sarabadani2022-07-141-2/+4
|/ / | | | | | | | | | | | | Otherwise, it errors with: Not unique table/alias: 'templatelinks' Change-Id: I747d7cc34cadf194ad04850be0c54637303340e4
* | SpecialDiff: Don't pass null to trim()Alexander Vorwerk2022-07-131-1/+1
| | | | | | | | | | Bug: T312301 Change-Id: Idb1233c94c3e9b6c636996834b8a3cef0797aeff
* | tests: Remove intermediary `suites` concept from /tests/qunitTimo Tijhof2022-07-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I don't recall why I added this. Possibly in a confused effort to match /tests/phpunit, except /tests/phpunit/suites is not where test cases live, they live under /tests/phpunit/* directly, mostly /tests/phpunit/includes named after the source directory. The correct equivalent to that is /tests/qunit/resources for JS. While at it, also remove mention of this concept from various other places where it doesn't add value. It's one more word/concept to learn, process, understand, or translate mentally. They're just tests, or for the one or two places where we care about how they are internally transmitted, a "test module". Bug: T250045 Change-Id: I5ea22e4965d190357aa69883f29f9049ee8ebf13
* | Show fragment of middle page in Special:DoubleRedirectsBrian Wolff2022-07-111-1/+4
| | | | | | | | | | Bug: T312825 Change-Id: Ic60d80abe194f4f065f7694a64e76c953dc2adca
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 13:12:26 +0000