Commit graph

25 commits

Author SHA1 Message Date
Umherirrender 5404ab51f8 Use namespaced classes
Changes to the use statements done automatically via script

Change-Id: Ie45f3705f5f2f9992ff93a77a3f0a7cbb8a8d3cd
2024-10-20 11:32:26 +02:00
jenkins-bot f0194c9e47 Merge "Fix description truncation for <a> and <img>" 2024-09-30 18:47:47 +00:00
Bartosz Dziewoński 6e2ce16be0 Fix Phan suppression
The SecurityCheck-XSS violation occurred because, in renderFeed(),
the $renderedFeed variable contains both wikitext (tainted) and
HTML (safe) at different points in the function, and Phan is unable
to disentangle that. Splitting it into two variables allows Phan to
validate the rest of the code just fine.

Change-Id: I4da446b869349f06fc0fc40816d44cee390c49a6
2024-09-19 07:45:02 +02:00
Umherirrender 2cc29f25a0 Add missing documentation to class properties
Add doc-typehints to class properties found by the PropertyDocumentation
sniff to improve the documentation and to remove the exclusion of the
sniff.
The activated sniff avoids that new code is missing doc-typehints or
real-typehints.

Adding a @var type to RSSData->items triggers a SecurityCheck-XSS issue by phan, but all is dealing with wikitext when building the items, so that looks like a false positive

Change-Id: I4f1d17372d62f02fe7447f5bf5e75b9471d7a338
2024-09-14 07:41:14 +00:00
Umherirrender c4074eab33 Removed unused $error property from RSSParser
Change-Id: I2b731fd3f56ce9f876bf0b4724328ef0a424f802
2024-08-20 21:17:39 +02:00
BlankEclair cec3712651 Fix description truncation for <a> and <img>
Language::truncateForVisual() is for plain text strings, while
Language::truncateHTML() is, unsurprisingly, for HTML.

Bug: T32377
Change-Id: Ica171d7c87781801a6634abd6056880bf02f96f0
2024-07-05 19:32:39 +10:00
Umherirrender 7b4ff5e4cb Use namespaced Parser class
Change-Id: Ie4e85e4a8cd967fe3293555d2de92e9e5a79d0c8
2024-06-10 20:17:47 +02:00
Umherirrender 29503101e5 build: Upgrade mediawiki/mediawiki-codesniffer to v43.0.0
Change-Id: I14948431331e02e0659e80b159f4b2e0ed0469ef
2024-03-11 22:44:41 +01:00
Umherirrender a7c9a664b8 Use namespaced classes
Done automatically via script

Change-Id: I960cc93c19639202cdb63c5b0b00bfc468abb37e
2024-01-05 21:23:30 +01:00
gerritbot f17d634c2d Replace some moved Title class uses, now MediaWiki\Title\Title
Bug: T321681
Change-Id: Ib0f9ab508739dd0633bcf0172434d24ae061a414
2023-08-19 12:36:13 +00:00
Umherirrender ec3f4fe4c6 Replace deprecated Parser::getFreshParser
Bug: T325959
Change-Id: Idc61f7f6beda4b71959e7e9781861d56a2291f6f
2022-12-27 15:51:54 +01:00
C. Scott Ananian 3e5dd2490c Replace Parser::getFunctionLang() with ::getTargetLanguage()
Parser::getFunctionLang() is being deprecated.  These two functions
have been identical since 7df3473cfea59df53debb7a9eefffed8a7f20fb3
in MW 1.19 (2012) and this extension already requires MW >= 1.38.

Bug: T318860
Change-Id: If5fa696e27e84a3aa1343551d7482c933da0a9b6
2022-09-28 15:55:49 -04:00
Reedy 80d1b67f19 Namespace extension
Change-Id: I0894842014e1a73f419c90cf11c8334ac102242a
2022-06-25 20:02:38 +00:00
Brian Wolff d8d1e067bd SECURITY: Prevent XSS from "stripItem" replacement strings in attribute
Previously when $wgRSSAllowLinkTag was true, you could put an
<a> tag containing unescaped ", inside another attribute to escape
from the attribute and create an XSS.

This makes the marker include " and ', so if they are put anywhere
where quotes aren't allowed, the marker will get mangled and not
replaced

Bug: T307028
Change-Id: I2f7827103bdee0ea766b1f5e7040e2a022fcd2f3
2022-04-29 12:08:58 -07:00
C. Scott Ananian fe2388f191 Replace deprecated Sanitizer::removeHTMLtags() with safer ::removeSomeTags()
The minimum required MW version has been bumped to 1.38.

Depends-On: Ic864c01471c292f11799c4fbdac4d7d30b8bc50f
Change-Id: I83923d8b38d33f3638cd53958dd10f257ec21f7c
2022-03-04 14:26:41 -05:00
Reedy 32ec2ae33b Replace usages of Wikimedia\(suppress|restore)Warnings()
Change-Id: I5ef62930f0d4f9522de16b6271f084bc7cc77efe
2022-02-24 21:17:28 +00:00
Alexander Vorwerk 01db40bcc1 Avoid using WikiPage::factory()
WikiPage::factory() is deprecated since 1.36 and should be replaced
with WikiPageFactory::newFromTitle().

Bug: T297688
Change-Id: I20898d956230627d820986a683c20bb487d1083b
2022-02-12 00:43:38 +00:00
Umherirrender 5d653445cf Remove type hint for removed class PhpHttpRequest/CurlHttpRequest
Follow-Up: I978b75827e69db02cbc027fe0b89a028adfc6820
Change-Id: I66244ad1f2751c33a47948c530e6ff9c576b6345
2022-02-12 01:20:00 +01:00
libraryupgrader 7039afa64f build: Updating composer dependencies
* mediawiki/mediawiki-phan-config: 0.10.6 → 0.11.0
* php-parallel-lint/php-parallel-lint: 1.3.0 → 1.3.1

Change-Id: I0e1ca4a925edb65d07aa40c9b89b062f5ead2754
2021-09-09 11:25:16 +00:00
libraryupgrader b3f3afee2b build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

npm:
* grunt: 1.3.0 → 1.4.0
* lodash: 4.17.19 → 4.17.21
  * https://npmjs.com/advisories/1673 (CVE-2021-23337)

Change-Id: Ie2a7289801cab5f79f967abaf0c09c3f9f691de3
2021-05-13 03:17:45 +00:00
Reedy 8adb5e68ca Wrap libxml_disable_entity_loader() calls in version constraint
Bug: T268847
Change-Id: I0b0dc4a334c7e30fd7af7a4b2d2ff45e609e7e0e
2020-12-27 16:37:05 +00:00
Umherirrender 3df840d216 Pass function name to HttpRequestFactory::create
Useful for logging
Replace deprecated MWHttpRequest::factory with service (since 1.32)

Change-Id: I81d8d350730f0f7da5cbf0a1463aaffbc07d2fab
2020-06-07 12:33:49 +02:00
peter-ovchyn 407c4aefe8 parser: Replace 'new Parser' in favour of using Parser::getFreshParser
Bug: T244055
Change-Id: Ib883d6ca154a01dd8f0ad45bc338e0aa05dee8ac
2020-04-01 10:59:06 +03:00
Aaron Schulz 517cb3fdfb Convert $wgMemc use to WANObjectCache
Bug: T160813
Change-Id: I3c7c1babfbeab915b09ec0100b0b8c51882cd36a
2020-03-16 20:44:10 +00:00
Umherirrender 64aaf72d6c Move all php classes into includes folder
Change-Id: I38c0eeeb1ee401f61bb205bd90eb4bbb21e46711
2019-04-24 21:20:11 +02:00
Renamed from RSSParser.php (Browse further)