| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a few missing `@group Language` tags as well.
Remove stray `@group Cache` from two classes since "Cache" is not a
MediaWiki core component (per T248519 and related tasks, we did long
ago in Bugzilla have a "MediaWiki-Cache" category, but that's since
been re-orged into BagOStuff, HTTP-Cache, and Parser/ParserCache,
and Internationalization/LocalisationCache, per the description at
<https://phabricator.wikimedia.org/project/profile/1329/>.)
Ref https://gerrit.wikimedia.org/r/q/owner:Krinkle+is:merged+message:Widen
> Given all called methods are de-facto and liberally claimed, and
> that we keep the coverage limited to the subject class, it maintains
> the spirit and intent by listing the class explicitly instead.
>
> PHPUnit offers a more precise tool when you need it (i.e. when testing
> legacy monster/god classes), but for well-written code, the
> class-wide tag is exactly what you want.
>
> We lose useful coverage and waste valuable time on keeping tags
> accurate through refactors (or worse, forget to do so).
> Tracking tiny per-method details wastes time in realizing (and
> fixing) when people inevitably don't keep them in sync, and time
> lost in finding uncovered code to write tests to realize it was
> already covered but "not yet claimed".
Bug: T364652
Change-Id: I9cfc4c210b90bfed6fd988a2525f80f5f5ee4870
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This creates a new language code, 'x-xss', which is enabled using the
setting $wgUseXssLanguage (similar to how $wgUsePigLatinVariant enables
the 'en-x-piglatin' language code, and likewise defaults to false; will
be enabled in development settings soon).
In this language code, all messages become “malicious”, trying to run
some alert() JavaScript; if any alert() actually fires in the browser,
the message was not escaped properly. ($wgRawHtmlMessages are exempt,
since they’re already known to be “unsafe” and require more rights to
edit on-wiki.) Messages that are not escaped properly are generally a
minor security issue; they effectively let a user with 'editinterface'
right (such as a sysop, on many wikis) run arbitrary JS, without needing
the 'editsitejs' right (normally restricted to interface admins).
Developers can use this language code to more easily check their code
for escaping issues / cross-site scripting vulnerabilities.
Bug: T340201
Change-Id: Ia9a1cf712b139fea5da72046e37035e6de39d8d5
|
| |
|
|
|
|
|
| |
There should be no need to call hook handlers directly,
this should only be done by HookContainer.
Change-Id: I8fa46c2eb6a40ad98e564c31dcfb103825608426
|
| |
|
|
|
|
|
|
|
|
| |
Having pig-latin enabled per default in dev environments is convenient
for manual testing. More importantly, it will allow us to write
end-to-end tests for variant conversion.
Depends-On: I9dc2f743ac487b0f7cfb667150c0f6950d5e7fce
Depends-On: I85b66c85be3959d48a048733af17197bc4cf70af
Change-Id: Ia80ad33cbf5e311fa8b84bd765a8df8d156f4c38
|
| |
|
|
|
|
|
|
| |
Available since PHP 7.4.
Automated search, manual replacement.
Change-Id: Ibb163141526e799bff08cfeb4037b52144bb39fa
|
| |
|
|
|
|
|
| |
When creating ServiceOptions objects or fake HashConfigs use the
constant to refer the config name
Change-Id: I59a29f25b76e896c07e82156c6cc4494f98e64cc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
composer:
* mediawiki/mediawiki-codesniffer: 36.0.0 → 37.0.0
The following sniffs now pass and were enabled:
* Generic.ControlStructures.InlineControlStructure
* MediaWiki.PHPUnit.AssertCount.NotUsed
npm:
* svgo: 2.3.0 → 2.3.1
* https://npmjs.com/advisories/1754 (CVE-2021-33587)
Change-Id: I2a9bbee2fecbf7259876d335f565ece4b3622426
|
| |
|
|
| |
Change-Id: Ic663e81cca0bf007804a70772250914a85f1fef4
|
| |
|
|
|
|
|
|
|
| |
* parent::setUp() should be first, and ::tearDown()
should be last
* Move tests that directly extend PHPUnit\Framework\TestCase
to /unit
Change-Id: I1172855c58f4f52a8f624e6d596ec43beb8c93ff
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These are mostly easy fixes. Tests were fixed when that didn't require
any change to the tested code, and moved to /integration otherwise.
MediaWikiUnitTestCase::setTemporaryHook was removed: the
caller should provide a HookContainer, at which point it would just
become a useless wrapper around HookContainer::register. (We don't
really need it to be temporary, if proper DI is used).
The method was only used in the tests touched by this commit.
Change-Id: I2aba02560c41b77eea9dd4bff0e4d1c4bb0da9a2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
|
| |
|
|
|
|
|
| |
PHP 8 is stricter about this.
Bug: T248925
Change-Id: I0e9c736d0e2a28ce4a1e096a8ec63321d8b41635
|
| |
|
|
|
|
| |
constructorOptions
Change-Id: I357dddf39834e9eed4b173245033d2f27edab329
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are static methods that have to do with processing language names
and codes. I didn't include fallback behavior, because that would mean a
circular dependency with LocalisationCache.
In the new class, I renamed AS_AUTONYMS to AUTONYMS, and added a class
constant DEFINED for 'mw' to match the existing SUPPORTED and ALL. I
also renamed fetchLanguageName(s) to getLanguageName(s).
There is 100% test coverage for the code in the new class.
This was previously committed as 2e52f48c2ed and reverted because it
depended on e4468a1d6b6, which had to be reverted for performance
issues. There should be no changes other than rebasing.
Bug: T201405
Change-Id: Ifa346c8a92bf1eb57dc5e79458b32b7b26f1ee8a
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commits:
- 76a940350d36c323ebedb4ab45cc81ed1c6b6c92
- b78b8804d076618e967c7b31ec15a1bd9e35d1d0
- 2e52f48c2ed8dcf480843e2186f685a86810e2ac
- e4468a1d6b6b9fdc5b64800febdc8748d21f213d
Bug: T231200
Bug: T231198
Change-Id: I1a7e46a979ae5c9c8130dd3927f6663a216ba753
|
|
|
These are static methods that have to do with processing language names
and codes. I didn't include fallback behavior, because that would mean a
circular dependency with LocalisationCache.
In the new class, I renamed AS_AUTONYMS to AUTONYMS, and added a class
constant DEFINED for 'mw' to match the existing SUPPORTED and ALL. I
also renamed fetchLanguageName(s) to getLanguageName(s).
There is 100% test coverage for the code in the new class.
Change-Id: I245ae94bfc1f62b6af75ea57525139adf2539fe6
|
