Commit graph

7280 commits

Author SHA1 Message Date
Matěj Suchánek 11b9e66f9f Disallow anonymous non-IP agents, handle truncated names
Why:
* Echo stores agents by their user id or by the name if the user
  is not registered. This works for IPs since the "event_agent_ip"
  field has limit of 39 bytes (32× [0-9A-F] + 7× colon for IPv6).
* However, it's possible to hold a user identity that is not
  an IP address, but the user name has not been or cannot be
  registered (e.g., external users). Echo wouldn't validate this
  and would attempt to insert the user name into "event_agent_ip",
  possibly causing silent truncation and data corruption.

What:
* Do not let events with such agents be saved. For now, log an
  error in the production. Wikibase, the only known source of this
  problem, has already been fixed.
* In runtime, replace every possibly corrupted user name with
  a placeholder to avoid unexpected null values and exceptions
  in production.

Bug: T367638
Change-Id: Ic2bd218b10651d13da9e9aea54dd2d668a33d946
Depends-On: I03b4367355dc5a3fc0c14aad5fdf19fbcd0caa3d
Depends-On: I92eb93983e81708b289e9f7d837884d539dade0b
2024-11-14 11:44:19 +01:00
jenkins-bot eff1de4fdf Merge "Explicitly call DeferredUpdates::tryOpportunisticExecute() in ThankYouEditTest" 2024-11-12 17:32:54 +00:00
Translation updater bot dc0ff7e07d
Localisation updates from https://translatewiki.net.
Change-Id: Ieaa5e8290eef38220c526a8f8e6c9a183f5a0172
2024-11-12 08:17:49 +01:00
Translation updater bot 7a0b8d27e0
Localisation updates from https://translatewiki.net.
Change-Id: I8c0d71ced10918fa8e332e6e27f115f5e60990e2
2024-11-11 08:22:34 +01:00
Aaron Schulz 88ab531e17 Explicitly call DeferredUpdates::tryOpportunisticExecute() in ThankYouEditTest
Change-Id: I423f9a856fddab30e691d78cbcd0b70a292e3916
2024-11-07 12:16:46 -08:00
Translation updater bot 6b09de87db
Localisation updates from https://translatewiki.net.
Change-Id: Id8b159f2163e4a70dfc7ba95bd992e1c87c3a735
2024-11-07 08:18:37 +01:00
Translation updater bot 921cfcc165
Localisation updates from https://translatewiki.net.
Change-Id: I5a97aaa588ff592af366897959996853adb4dfb0
2024-11-06 08:22:19 +01:00
Translation updater bot f8a1081bb9
Localisation updates from https://translatewiki.net.
Change-Id: I04b96d365ede126a1eedafa8d8961722f5e9df6f
2024-11-05 08:32:28 +01:00
jenkins-bot 07a52928f8 Merge "Handle hidden revisions in user page edit notification" 2024-11-04 19:12:38 +00:00
Translation updater bot 9c3b3a8384
Localisation updates from https://translatewiki.net.
Change-Id: I9e4e7ccf22f89b1c4209491f3639417284db543e
2024-11-04 08:21:32 +01:00
libraryupgrader 60a7af8ab1 build: Updating mediawiki/mediawiki-codesniffer to 45.0.0
Change-Id: I5399cbf72f728c4453e3dba08f97645e69a6c282
2024-11-02 07:16:27 +00:00
Ammarpad b80f4294b5 Handle hidden revisions in user page edit notification
Bug: T378799
Change-Id: Ie68e024625c640f46e6af21a2829b33fbd57ec8a
2024-11-01 09:31:17 +01:00
jenkins-bot e6a51beca1 Merge "Avoid event insertion if possible" 2024-10-30 15:06:30 +00:00
Translation updater bot d322fde727
Localisation updates from https://translatewiki.net.
Change-Id: I22ca50ab28668a29fcfc2fa97ce37d6698f63754
2024-10-28 08:22:19 +01:00
jenkins-bot b58122fa3e Merge "special: Check login permissions before calling execute method" 2024-10-28 02:55:18 +00:00
Ammarpad 4303ab5f71 special: Check login permissions before calling execute method
Calling the parent method first means the form has to be built (as
well as various other things) and then it cannot be shown because
of permission and the user is redirected.

This also lead to confusing behavior where some code paths are
reached even though the user cannot actually access the page.

Change-Id: If354d98f9e51acef38cac114a7704d28c148017b
2024-10-27 10:03:09 +01:00
jenkins-bot 570d326543 Merge "fix ::getTruncatedSectionTitle() return type" 2024-10-26 22:19:15 +00:00
Andre Klapper 4da4dad97b Use explicit nullable type on parameter arguments (for PHP 8.4)
Implicitly marking parameter $... as nullable is deprecated in PHP
8.4. The explicit nullable type must be used instead.

Bug: T376276
Change-Id: I251cb37401c37242f493816b6f70ab61a64a4c32
2024-10-26 15:05:13 +02:00
Umherirrender 2edd88a166 Use type-declaration on api module constructor
Parent class constructor gets type-declaration in 1145328459
Remove simple doc-blocks without further information

Change-Id: I0ab283cd0510d8e85e93752a5ee7d65320a4ec2b
2024-10-25 19:14:31 +02:00
Translation updater bot f5173fbd78
Localisation updates from https://translatewiki.net.
Change-Id: Ice483859780ca575bd04c6ab88fc607babd435d2
2024-10-25 09:47:51 +02:00
jenkins-bot 052dc0a3ef Merge "Fix for Watchlist Notifications for deleted pages created in 1.35" 2024-10-25 00:13:25 +00:00
Ammarpad 0a677f4675 fix ::getTruncatedSectionTitle() return type
This method can return false if getParsedSectionTitle() returns false

Both Language::embedBidi and Language::truncateForVisual return
non-string primitives unchanged if they're passed to them as first
argument.

Ideally the Language methods arguments should be string-typed but
I am not sure how easy that change would be now, so better to
document the possibility here.

Change-Id: I7e2856862d6508ecd1aa57ad99b92942bc4d7bed
2024-10-24 22:46:00 +00:00
Reedy a76cc44a60 SpecialNotificationsMarkRead: Don't pass null to explode()
Bug: T377920
Change-Id: I426c76dbf2e8da4563e93fefe6bd628faa0e13b7
2024-10-23 15:16:04 +00:00
Translation updater bot 7ff17f90ee
Localisation updates from https://translatewiki.net.
Change-Id: I1a4629c91ae5f97896379254348866963a720606
2024-10-21 09:20:01 +02:00
Umherirrender 7e5eceb5a6 Use namespaced classes
Changes to the use statements done automatically via script

Change-Id: Iab065a2005acccfe05cc827fdafc7861687d053d
2024-10-20 00:55:03 +02:00
Translation updater bot 2dd635bb4d
Localisation updates from https://translatewiki.net.
Change-Id: Ic0546c5be84b744ea036d8b2622db94c5618cc20
2024-10-17 09:21:42 +02:00
Translation updater bot 2a31340689
Localisation updates from https://translatewiki.net.
Change-Id: Ibac4c37787a043d6e15fbf0b1721d9ced3b59bd5
2024-10-15 09:41:00 +02:00
Translation updater bot 018c9bc81a
Localisation updates from https://translatewiki.net.
Change-Id: I6fe6f0df8137275117a9d22f100a23cb3944c2ce
2024-10-14 09:29:02 +02:00
Matěj Suchánek 4ae63d1b4d Avoid event insertion if possible
Why:
* On wikis with lots of bot activity like Wikidata, there is a large
  volume of edits which can potentially create an article-linked
  notification. These notifications are now actually rarely sent
  because they are disabled for bots (T318523). However, the event
  record is always inserted into the database, with no reference to
  it, bloating the database.

What:
* Do not unconditionally insert an event into the database when
  Event::create is called. Pass it to downstream calls and have
  it inserted when it's clear it will actually be needed (i.e.,
  a notification is definitely going to be created).
* Pass the event's payload to the job queue instead of requiring
  its ID. Introduce Event::newFromArray, which unlike ::loadFromRow
  handles ::toDbArray values that haven't been inserted into
  the database yet.
* Introduce Event::acquireId which ensures the event has been
  inserted prior to returning its ID as well as it does not get
  re-inserted.

Bug: T221258
Change-Id: I8b9a99a197d6af2845d85d9e35c6703640f70b91
2024-10-11 20:12:11 +02:00
jenkins-bot 5128e3c288 Merge "Fix improper @private documentation in .js code" 2024-10-08 11:23:15 +00:00
Translation updater bot 8964b251d7
Localisation updates from https://translatewiki.net.
Change-Id: I2c235f7757c78ee4f6960225bad1d33bf0fcedde
2024-10-08 09:42:34 +02:00
James D. Forrester 291ea47dd3 tests: Namespace the PHP classes
This might make dependencies easier to find.

Change-Id: I158fd9f63f18a2b8da0368ac95d5fb5aa9bca3ff
2024-10-03 20:30:06 +00:00
Translation updater bot 7f9637e543
Localisation updates from https://translatewiki.net.
Change-Id: I5c7a98b2fa6559a8a6de6768abdee13953e4b055
2024-10-02 09:24:03 +02:00
Translation updater bot 7776cde84c
Localisation updates from https://translatewiki.net.
Change-Id: I090d63afba6815ba722553ea0f086674c75d873f
2024-09-30 09:21:00 +02:00
Translation updater bot 2cc5f4db96
Localisation updates from https://translatewiki.net.
Change-Id: I17aec82e6753c3e64e54c7e393568546b50de79a
2024-09-27 09:18:41 +02:00
Translation updater bot bb47448a8a
Localisation updates from https://translatewiki.net.
Change-Id: I18232c26a9b93f6fa32d33b01e4b27b3337016bd
2024-09-23 09:21:24 +02:00
Umherirrender f95c0cc11d Pass function name to HttpRequestFactory::create
Change-Id: Ie48127731f0731f780e153f6aacce25961acc3ed
2024-09-19 22:48:37 +02:00
Gergő Tisza 89a3a1fc57 DiscussionParser: Do not create User objects from subpages
Bug: T375212
Change-Id: Id409a4f9adcda840400e529db72eb696ec55b3f4
2024-09-19 16:06:00 +00:00
Translation updater bot 816ca3ad47
Localisation updates from https://translatewiki.net.
Change-Id: I69b569e6d92245d2eeaf65ab5452903cefc53905
2024-09-19 09:18:06 +02:00
Translation updater bot 2eb264770b
Localisation updates from https://translatewiki.net.
Change-Id: I50c797f2eca214f2088696bf36df42d3bf834f97
2024-09-16 09:25:59 +02:00
Translation updater bot 5ff9e343ff
Localisation updates from https://translatewiki.net.
Change-Id: I2ab86b91603a77170721d7059132597ff8dd2cbd
2024-09-05 09:23:55 +02:00
Translation updater bot 96bb324fe1
Localisation updates from https://translatewiki.net.
Change-Id: If64219056e723de70510e7566393cc6a175ce03e
2024-09-04 09:16:21 +02:00
Sjoerd de Bruin e289b69f20 Set Codex-token for @notification-background-unseen
Bug: T370042
Change-Id: Ic91a853431a813aa77e8d7dcfadf863da56182c1
2024-09-02 17:31:47 +02:00
Translation updater bot 28c463e16b
Localisation updates from https://translatewiki.net.
Change-Id: I1874d622fd435706582db006c9149a41724614dd
2024-09-02 09:20:39 +02:00
Translation updater bot 89b02c67ba
Localisation updates from https://translatewiki.net.
Change-Id: I077160ae1173f887a137c0ee6b81d73295ba11ff
2024-08-28 09:38:07 +02:00
jenkins-bot b502c52a94 Merge "build: Update MediaWiki requirement to 1.43" 2024-08-27 14:54:28 +00:00
Translation updater bot 183d81c29d
Localisation updates from https://translatewiki.net.
Change-Id: I3180d8eed503e29953fad93cfbfacb179c48f268
2024-08-27 09:47:39 +02:00
Translation updater bot 0b1f206acf
Localisation updates from https://translatewiki.net.
Change-Id: I4c52a228d5e54e76cd4c3e0409babad2ab5965e1
2024-08-26 09:22:08 +02:00
libraryupgrader 855cef7304 build: Updating micromatch to 4.0.8
* https://github.com/advisories/GHSA-952p-6rrq-rcjv

Change-Id: Iade8adc0bdd11f086b59dccfa3cb3f04b0157369
2024-08-25 00:45:50 +00:00
jenkins-bot cae6fc46dd Merge "Replace deprecated LinksUpdate::getAddedLinks" 2024-08-23 20:06:58 +00:00