Commit graph

39 commits

Author SHA1 Message Date
Brad Jorsch 1617bb3deb Return correct frame from mw.getCurrentFrame in certain edge cases
When an #invoke is passed as an argument to another #invoke,
mw.getCurrentFrame() at module scope will return the wrong frame.

On the PHP side, we need to always reset the frame when processing
an #invoke, not just when there's no frame already. I don't remember why
I82dde43e wasn't done that way, but changing it doesn't make any tests
fail and Scribunto tends to have good tests.

On the Lua side, we need to do the same. The logic wih mw.getCurrentFrame()
using a global that gets stored, modified, and reset in several places
was getting confusing, so this patch reworks the logic to inject a
globalless mw.getCurrentFrame() into each #invoke's cloned environment
instead.

Bug: T234368
Change-Id: I8cb5bc4dc14c9b448c9f267e0539daa75e72af4c
2019-10-14 02:39:13 +00:00
Umherirrender fc7a6d5b5e Get GenderCache from MediaWikiServices
GenderCache::singleton is deprecated since 1.28
The service exists since 1.28, this extensions required 1.31

Change-Id: I3925f9ac2facc59cf37c82e16284e53c61abbc6e
2019-08-21 17:13:43 +00:00
libraryupgrader 8deabe62d4 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 24.0.0 → 26.0.0

npm:
* set-value: 2.0.0 → 2.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* union-value: 1.0.0 → 1.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* mixin-deep: 1.3.1 → 1.3.2
  * https://npmjs.com/advisories/1013
  * CVE-2019-10746
* lodash: 4.17.11 → 4.17.15
  * https://npmjs.com/advisories/1065
  * CVE-2019-10744

Change-Id: I8a6a2b4264a878c01d1d5a1b58ea59eb400f26a5
2019-08-03 04:53:01 +00:00
Ladsgroup 9bedee0604 Revert "Suppress wrong phan errors"
This reverts commit 0cfb5422dc.

Reason for revert: Not needed anymore and actually causing phan to fail on master

Change-Id: I2705489f9247e0d6741aaa04fe9c9800bcbda914
2019-07-28 14:14:41 +00:00
Amir Sarabadani 0cfb5422dc Suppress wrong phan errors
\BagOStuff::makeKey() and \BagOStuff::makeGlobalKey() can take
any number of arguments but phan gives out PhanParamTooMany
and this breaks master avoiding anything to be merged

Change-Id: I4b313606e03565182552d9c581feccabaa408022
2019-07-22 14:57:05 +00:00
Aaron Schulz e5097e6145 Use "vary-revision-sha1" over "vary-revision" in getContentInternal()
These allows for some chance of avoiding extra save parses.
Also add wfDebug() call to mention the vary-* flag.

Bug: T226432
Depends-on: Idcd30a3fa3f7012dac76ce8bbf46625453ae331f
Change-Id: Id3bc207382aac90bd63df2d83d6334aae9b2477d
2019-07-18 01:48:12 +00:00
James D. Forrester 9309269892 build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1
Change-Id: I3aa1b3ee7de78c11b66fdce02686720587eb4f72
2019-07-11 08:13:40 +00:00
Brad Jorsch 164974c4b5 ustring: Replace UtfNormal hack with a different one
Ideally we'd just have composer.json require UtfNormal so we'd know
where it is and have an autoloader to load it for us, but that seems to
not be done in the world of MediaWiki extensions.

Previously we had been taking paths to the two data files from UtfNormal
and loading them into a stub class, but phan has started complaining
about the definition of the stub class colliding with the real UtfNormal.
So let's try loading the real UtfNormal\Validator and its data files.
Hopefully this continues to not try to pull in any other files via the
nonexistent autoloader.

Change-Id: I93baf20f0eef1892685e272793b4f99236e8c905
2019-06-11 00:09:15 +00:00
Brad Jorsch 2e79d0a719 mw.uri: Support IP-Literal syntax
RFC 3986 allows IPv6 literals (and future IP versions) by having the
"host" enclosed in brackets, like `http://[2001:db8::]`. mw.uri should
handle these appropriately.

Bug: T223267
Change-Id: I6f712b87bc376cf606c6c2ebbe80176037d6dddb
2019-05-19 07:55:29 +00:00
Holger Knust 6c231cbe4d Call method getText() instead of getNativeData()
Classes derived from TextContent support the getText method. The previously called method getNativeData is going to be deprecated.

Bug:  T155582
Change-Id: I550d2ecf2c4b71da17258af0c2306c1ca49806d3
2019-03-27 11:02:34 -04:00
Kunal Mehta 8328acb9b1 Upgrade to newer phan
Bug: T216940
Change-Id: If8c2027f6bb7b91504fb51a3d2668b6d929b5da1
2019-03-20 21:19:37 -07:00
Kunal Mehta 017d6a133b Fix @return for SiteLibrary::pagesInCategory()
If $which === '*', then it returns int[][].

Change-Id: If9204367ce7acf67625b343a35b61aba02dd6a31
2019-03-20 21:18:51 -07:00
Kunal Mehta c3d93b61e2 Use PHP 7 variadic params for LuaInterpreter::callFunction()
Change-Id: I3b32e73dcee6a92d91f29915a76dd4e83c080ada
2019-03-20 21:17:45 -07:00
Kunal Mehta f308135df3 Use PHP 7's ?? syntax
Change-Id: I768782b8acbc1776e29886d330358553675e272b
2019-03-20 21:16:08 -07:00
MGChecker 4bc7abb0ac Set "TemplateSandboxEditNamespaces" in extension.json
If TemplateStyles installed, then enable it in the Module namespace
by default. This change is analogous to I96d9601ff80c2d3eb052c01.

Since both extensions use the ContentHandlerDefaultModelFor hook, Scribunto
will check if the sanitized-css model has already been set, and if so, not
override it. If the page is in NS_MODULE, it will set the content model to
Scribunto, but allow further hooks to override it, in which case it is
expected that TemplateStyles would set it to sanitized-css.

Bug: T200914
Depends-On: I2fa9b822ee39bcc5f95a293c8c4aad4d53ede30a
Change-Id: I7a9b445accde35e4a5e7d13100c646f211d21afe
2019-01-15 09:39:30 -08:00
Kunal Mehta 237d059ea1 Add lua5.1 patch for CVE-2014-5461
For whenever anyone else has to recompile the binaries, it's easier if
the patch file is in git.

I copied it directly out of T72541, and verified with:
 patch -p1 < ../CVE-2014-5461.patch
in the lua5.1 source tree.

Change-Id: I714a9d55096d9b5d081cd3e54f3b2e6848dcafef
2019-01-08 21:33:47 -08:00
Brad Jorsch 1ef78f3d7f ApiScribuntoConsole: Use 'text' type for text fields
In the rare case where someone needs to test the module with
Special:ApiSandbox, it's helpful if these fields show up as <textarea>
rather than <input type="text">

Change-Id: I712d2f74bccd5ceee608dbf51e28b16dc7ed56be
2018-12-12 02:39:51 +00:00
Brad Jorsch ec103b6966 Scribunto_LuaError: Make ->getMessage() return UTF-8 text
It's easily possible for Lua to raise errors where the string is not
valid UTF-8. When we turn that into a Scribunto_LuaError, we should
normalize it so other things don't break.

Bug: T208689
Change-Id: Idc5514261e99d64222b86877dd0500d425a26988
2018-12-11 14:46:56 -05:00
Marius Hoch 8dbde85b69 Parser profiling data: Nicer float format
No need to display three decimal points for the
given cpu limit all the time.

Will change outputs like:
"1.728/10.000 seconds"
to
"1.728/10 seconds"

Change-Id: Ib1f5b435825232eaf9fde7ff0d953c137c06ac32
2018-12-10 15:39:56 +00:00
Marius Hoch ab15dfe4ff Make sure interface functions with the same name don't clash
Test case (greatly simplified) by Anomie.

Bug: T211203
Change-Id: Id05c226b80343b1c333ae622d7390a96ff88ea99
2018-12-06 08:15:43 +01:00
Umherirrender 55bd9d22bb Add method scope visibility
Change-Id: I2efe0f71266d70e9a41e044406d82ef7daa31296
2018-11-19 21:18:12 +00:00
Brad Jorsch 18c08c23fc ustring: Match undocumented string.gsub behavior
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.

This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.

Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
2018-11-01 03:59:35 +00:00
stibba 946874ef01 Update mediawiki http to https in Scribunto extension
This patch updates the scribunto extension so all old http links
to wikimedia are now https.

Bug: T189687
Change-Id: I3f030063e7c6277abd3b0458eaf4b973145afed2
2018-10-29 14:33:03 +01:00
libraryupgrader 8b489ca160 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
And updating CoC link to use Special:MyLanguage (T202047).

Change-Id: I091003f69b82c7cacc4cda320a38b1b07f3cdb6b
2018-09-03 21:33:35 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
Brad Jorsch a54087abee Remove unreachable code path
The $options parameter to ScribuntoContent::fillParserOutput() is
typehinted as `ParserOptions` and is not nullable, so the code path for
`!$options` will never be reached.

Also fix the @param doc to match.

Bug: T194263
Change-Id: I254a583b7f7ddd1797aa40f0ddfb973161185a49
2018-07-11 18:43:52 +00:00
jenkins-bot ea0c6d614d Merge "Get rid of call_user_func_array()" 2018-07-04 03:58:20 +00:00
Max Semenik eb8ccf03db Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I777ed78d22efbddacaab22c4614a0defa6ad3f94
2018-07-03 19:40:19 -07:00
Kunal Mehta df7666aab6 Don't use deprecated Interwiki static method
Change-Id: If6d8681c84be4820724468f92c6f3cdb65a11736
2018-06-07 11:40:08 -07:00
libraryupgrader c88d231aed build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Usage.ForbiddenFunctions.popen
* MediaWiki.Usage.ForbiddenFunctions.proc_open
* MediaWiki.Usage.ForbiddenFunctions.shell_exec

Change-Id: I39e352194565a5526c1a8a34992c028fb305b03b
2018-05-26 06:18:46 +00:00
Kunal Mehta f76ba3c465 Disable Squiz.Classes.ValidClassName.NotCamelCaps globally
Instead of per-file. This happens to also fix a false positive with the
PhpunitAnnotations sniff.

Change-Id: I22621c37217ed2db9d8b3591df1a1421c25fa7f6
2018-05-24 22:26:11 -07:00
Brad Jorsch 32718af677 ustring: Handle invalid types in gsub
If the replacement table or function results in a value that isn't a
string or number (or nil), string.gsub raises an error. Have ustring
raise the same error.

Bug: T195326
Change-Id: Ic36f9f5d7adc0c14e7a4a94d3747335107acd8b6
2018-05-22 18:55:49 -04:00
Kunal Mehta d245edbb94 Add phan configuration
Manually import LuaSandbox's git repository as a composer dependency to
provide the PHP stubs for phan.

Change-Id: I6226b9211f31d829da5a2775c6f5cf3599dd8ebc
2018-05-14 18:41:59 -07:00
jenkins-bot fb06f727f7 Merge "Update at-ease calls" 2018-04-18 18:47:16 +00:00
Gergő Tisza 8fb655258d Fix SyntaxHighlight incompatibility
The class existence check Scribunto used to tell apart current and
B/C versions of SyntaxHighlight does not work with recent versions.
This caused the B/C branch to be invoked unnecessarily, which
resulted in deprecation warnings.

Also, the supposedly non-B/C branch also invoked B/C code which has
no error handling.

The commit removes B/C support and adds a new way of interacting with
SyntaxHighlight.

Bug: T109873
Change-Id: I2d518b5412efbe4e8ddb43e7c465ea55dc44b1a3
2018-04-18 16:46:17 +00:00
Reedy 73f21a1155 Update at-ease calls
Bug: T187037
Change-Id: I9b681cf900a3aaf1be3e688d12e3e83f44bff91b
2018-04-18 14:31:04 +00:00
Brad Jorsch 6be48e2f7a Update ustring data tables
normalization-data.lua is updated to Unicode 8.0.0 (libicu57).

charsets.lua is updated to match the character classes used by PCRE 8.35,
which seems to be Unicode 6.3.0.

upper.lua and lower.lua are still based on whatever ancient version of
Unicode is used by mb_strtoupper and mb_strtolower in HHVM 3.18.6.

Bug: T177498
Change-Id: I00b471176e1fd21123c22d187ff222928819e459
2018-04-16 00:09:59 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00