Commit graph

127 commits

Author SHA1 Message Date
Kunal Mehta c3d93b61e2 Use PHP 7 variadic params for LuaInterpreter::callFunction()
Change-Id: I3b32e73dcee6a92d91f29915a76dd4e83c080ada
2019-03-20 21:17:45 -07:00
Kunal Mehta f308135df3 Use PHP 7's ?? syntax
Change-Id: I768782b8acbc1776e29886d330358553675e272b
2019-03-20 21:16:08 -07:00
MGChecker 4bc7abb0ac Set "TemplateSandboxEditNamespaces" in extension.json
If TemplateStyles installed, then enable it in the Module namespace
by default. This change is analogous to I96d9601ff80c2d3eb052c01.

Since both extensions use the ContentHandlerDefaultModelFor hook, Scribunto
will check if the sanitized-css model has already been set, and if so, not
override it. If the page is in NS_MODULE, it will set the content model to
Scribunto, but allow further hooks to override it, in which case it is
expected that TemplateStyles would set it to sanitized-css.

Bug: T200914
Depends-On: I2fa9b822ee39bcc5f95a293c8c4aad4d53ede30a
Change-Id: I7a9b445accde35e4a5e7d13100c646f211d21afe
2019-01-15 09:39:30 -08:00
Kunal Mehta 237d059ea1 Add lua5.1 patch for CVE-2014-5461
For whenever anyone else has to recompile the binaries, it's easier if
the patch file is in git.

I copied it directly out of T72541, and verified with:
 patch -p1 < ../CVE-2014-5461.patch
in the lua5.1 source tree.

Change-Id: I714a9d55096d9b5d081cd3e54f3b2e6848dcafef
2019-01-08 21:33:47 -08:00
Brad Jorsch 1ef78f3d7f ApiScribuntoConsole: Use 'text' type for text fields
In the rare case where someone needs to test the module with
Special:ApiSandbox, it's helpful if these fields show up as <textarea>
rather than <input type="text">

Change-Id: I712d2f74bccd5ceee608dbf51e28b16dc7ed56be
2018-12-12 02:39:51 +00:00
Brad Jorsch ec103b6966 Scribunto_LuaError: Make ->getMessage() return UTF-8 text
It's easily possible for Lua to raise errors where the string is not
valid UTF-8. When we turn that into a Scribunto_LuaError, we should
normalize it so other things don't break.

Bug: T208689
Change-Id: Idc5514261e99d64222b86877dd0500d425a26988
2018-12-11 14:46:56 -05:00
Marius Hoch 8dbde85b69 Parser profiling data: Nicer float format
No need to display three decimal points for the
given cpu limit all the time.

Will change outputs like:
"1.728/10.000 seconds"
to
"1.728/10 seconds"

Change-Id: Ib1f5b435825232eaf9fde7ff0d953c137c06ac32
2018-12-10 15:39:56 +00:00
Marius Hoch ab15dfe4ff Make sure interface functions with the same name don't clash
Test case (greatly simplified) by Anomie.

Bug: T211203
Change-Id: Id05c226b80343b1c333ae622d7390a96ff88ea99
2018-12-06 08:15:43 +01:00
Umherirrender 55bd9d22bb Add method scope visibility
Change-Id: I2efe0f71266d70e9a41e044406d82ef7daa31296
2018-11-19 21:18:12 +00:00
Brad Jorsch 18c08c23fc ustring: Match undocumented string.gsub behavior
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.

This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.

Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
2018-11-01 03:59:35 +00:00
stibba 946874ef01 Update mediawiki http to https in Scribunto extension
This patch updates the scribunto extension so all old http links
to wikimedia are now https.

Bug: T189687
Change-Id: I3f030063e7c6277abd3b0458eaf4b973145afed2
2018-10-29 14:33:03 +01:00
libraryupgrader 8b489ca160 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
And updating CoC link to use Special:MyLanguage (T202047).

Change-Id: I091003f69b82c7cacc4cda320a38b1b07f3cdb6b
2018-09-03 21:33:35 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
Brad Jorsch a54087abee Remove unreachable code path
The $options parameter to ScribuntoContent::fillParserOutput() is
typehinted as `ParserOptions` and is not nullable, so the code path for
`!$options` will never be reached.

Also fix the @param doc to match.

Bug: T194263
Change-Id: I254a583b7f7ddd1797aa40f0ddfb973161185a49
2018-07-11 18:43:52 +00:00
jenkins-bot ea0c6d614d Merge "Get rid of call_user_func_array()" 2018-07-04 03:58:20 +00:00
Max Semenik eb8ccf03db Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I777ed78d22efbddacaab22c4614a0defa6ad3f94
2018-07-03 19:40:19 -07:00
Kunal Mehta df7666aab6 Don't use deprecated Interwiki static method
Change-Id: If6d8681c84be4820724468f92c6f3cdb65a11736
2018-06-07 11:40:08 -07:00
libraryupgrader c88d231aed build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Usage.ForbiddenFunctions.popen
* MediaWiki.Usage.ForbiddenFunctions.proc_open
* MediaWiki.Usage.ForbiddenFunctions.shell_exec

Change-Id: I39e352194565a5526c1a8a34992c028fb305b03b
2018-05-26 06:18:46 +00:00
Kunal Mehta f76ba3c465 Disable Squiz.Classes.ValidClassName.NotCamelCaps globally
Instead of per-file. This happens to also fix a false positive with the
PhpunitAnnotations sniff.

Change-Id: I22621c37217ed2db9d8b3591df1a1421c25fa7f6
2018-05-24 22:26:11 -07:00
Brad Jorsch 32718af677 ustring: Handle invalid types in gsub
If the replacement table or function results in a value that isn't a
string or number (or nil), string.gsub raises an error. Have ustring
raise the same error.

Bug: T195326
Change-Id: Ic36f9f5d7adc0c14e7a4a94d3747335107acd8b6
2018-05-22 18:55:49 -04:00
Kunal Mehta d245edbb94 Add phan configuration
Manually import LuaSandbox's git repository as a composer dependency to
provide the PHP stubs for phan.

Change-Id: I6226b9211f31d829da5a2775c6f5cf3599dd8ebc
2018-05-14 18:41:59 -07:00
jenkins-bot fb06f727f7 Merge "Update at-ease calls" 2018-04-18 18:47:16 +00:00
Gergő Tisza 8fb655258d Fix SyntaxHighlight incompatibility
The class existence check Scribunto used to tell apart current and
B/C versions of SyntaxHighlight does not work with recent versions.
This caused the B/C branch to be invoked unnecessarily, which
resulted in deprecation warnings.

Also, the supposedly non-B/C branch also invoked B/C code which has
no error handling.

The commit removes B/C support and adds a new way of interacting with
SyntaxHighlight.

Bug: T109873
Change-Id: I2d518b5412efbe4e8ddb43e7c465ea55dc44b1a3
2018-04-18 16:46:17 +00:00
Reedy 73f21a1155 Update at-ease calls
Bug: T187037
Change-Id: I9b681cf900a3aaf1be3e688d12e3e83f44bff91b
2018-04-18 14:31:04 +00:00
Brad Jorsch 6be48e2f7a Update ustring data tables
normalization-data.lua is updated to Unicode 8.0.0 (libicu57).

charsets.lua is updated to match the character classes used by PCRE 8.35,
which seems to be Unicode 6.3.0.

upper.lua and lower.lua are still based on whatever ancient version of
Unicode is used by mb_strtoupper and mb_strtolower in HHVM 3.18.6.

Bug: T177498
Change-Id: I00b471176e1fd21123c22d187ff222928819e459
2018-04-16 00:09:59 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00