Commit graph

19 commits

Author SHA1 Message Date
Kunal Mehta 0f2585244c Require CSRF token for action=scribunto-console
This is basically unexploitable, given that Scribunto sessions are
"extremely ephemeral", protected by a 31-bit non-cryptographically
random token and generally contain very little useful data.

But, requiring a CSRF token is a best practice and since this module
is internal and only used in one place, it's also unlikely to break
anything. Because it needs a token, the module is POST-only now too.

Bug: T212071
Change-Id: I7fb6b4f856ee6194eb37c26e14f178fea6c0a3f6
2022-10-05 14:38:50 +00:00
James D. Forrester d7f4812022 build: Update eslint-config-wikimedia from 0.8.1 to 0.11.0
Change-Id: Ifdda75899ef679bfd819ff044d5c23a7578637f7
2019-04-12 13:00:29 -07:00
Ed Sanders 9619727f3c build: Update devDependencies
eslint-config-wikimedia      0.5.0  →   0.8.1
 grunt-eslint                20.1.0  →  21.0.0
 grunt-stylelint              0.9.0  →  0.10.1
 stylelint                    8.2.0  →   9.2.0
 stylelint-config-wikimedia   0.4.2  →   0.4.3

Change-Id: I4c39a42f84303ee0d5d66032bf4cacd9e90821e9
2018-11-05 19:31:08 +00:00
Ed Sanders f03a32f6f8 build: Update linters
Change-Id: Iec64688e03c6efe81e3f5e4e5809290a1789bcd0
2018-02-04 22:10:26 +00:00
Ed Sanders 9399ba002e build: Replace jscs/jshint with eslint
Change-Id: I35b5f6b1ea2e45c8f361e3253d81da9ea55d9259
2017-05-12 16:24:59 +00:00
Paladox 0fd4cfb6b1 Update jscs configuration
Change-Id: I1da096b453413ae0faa06b551e35d270c78e0c41
2016-02-13 16:18:05 +01:00
Ricordisamoa f378c13472 build: Enable and configure jscs, fix some errors
Change-Id: I17115bfe09b91e6fcf84b329a12deab6c708086b
2016-01-03 05:07:04 +01:00
Jackmcbarn 52d4915201 Display backtraces in the Scribunto console
When the Scribunto console produces an error, display a full backtrace
instead of just the error message.

Bug: T74462
Change-Id: I305438284eae8e19a51a70b1e83d54e4831de396
2015-07-01 12:21:24 -04:00
Mormegil a5ea880567 Allow Lua console on protected module pages
Lua debugging console is useful even if the module page is protected,
so we should display it on read-only edit pages.

However, the `EditPage::showReadOnlyForm::initial` hook does not allow
to insert HTML below the textarea, so we let the JS do it client-side.
(In fact, it might be a good idea to do the same in the base case
and never send the HTML from server, I guess.)

Bug: T93902
Change-Id: I953c4313fc67c6e708b5ef68db5380991a75b363
2015-03-28 23:28:27 +01:00
Brad Jorsch 1a4d99431e Make mw.scribunto.edit not try to set undefined mw.scribunto
Not sure how this was missed in I1577dab2.

Bug: T93051
Change-Id: Ie2f2c6f7cbd80bca2ca493f1fe5a4f2ca7d02387
2015-03-18 10:59:21 -04:00
Timo Tijhof 4b31b71cfc Clean up existing code and pass jshint
Coding style:
* Avoid meaningless '_' in variable names, especially when used
  inconsistently.
* Avoid trailing line comments.
* Consistent if/else curly brace position.
* Consistently use single quotes (there are no magic quotes in js).
* Consistently use $ in variable names of jQuery-wrapped elements
  (as opposed to plain node references).
* Avoid using variable names like '_this' or 'that', instead name
  them after the object.
* Too many var statements.
* Hoist var statement.
* Fix alignment of closing parentheses in initEditPage.

Code quality:
* Remove commented out code.
* Add missing radix parameter for parseInt.
* Remove unused private function "printWithRunin".
* Remove unused parameters.
* Don't call "console.log" in production client-side code because
  the console doesn't always exist in normal browser modes (and
  would result in an Uncaught ReferenceError, aborting the script
  unexpectedly and leaving the user interface in a likely
  unresponsive state).
* Use the Promise.done and Promise.fail handlers of mw.Api,
  instead of the deprecated 'ok' and 'err' parameters.
* Use jQuery#on instead of the deprecated jQuery#bind.
* Use a local shared reference to the singleton instead of relying
  on 'this' context, this way the methods can be called
  regardless of context. Such as in the $(document).ready(), or
  when passing around setErrors callback.
* Avoid using invalid html shortcuts like <div/>, use <tag>
  for creation, and <tag>..</tag> for parsing (per style guide).
* Document inputKeydown parameter being jQuery.Event (as oppposed
  to native Event).

Misc:
* Renamed '_in' to 'in', and renamed again to 'input' ('in' is an
  illegal variable name and would've crashed).

Change-Id: I283fda1409b1e76db56a939183bdaefc95e60961
2013-12-13 00:50:13 +01:00
Brad Jorsch e4575c0b7c Use jquery.spinner when console is pending
This makes it more obvious to the user that something is going on.

Bug: 56472
Change-Id: I80938e0e48bd01eece4a99b8bda632a4b1375333
2013-12-10 13:07:54 -05:00
Brad Jorsch e878314048 Handle session loss in the console
If the session data gets lost, the console forgets the content and
previous commands. Detect this situation and handle it.

Change-Id: I82fb5e111c09091d4f9a87d2e1b1c245eced1420
2013-02-11 13:23:10 -05:00
Brad Jorsch 49ec3cee05 Fix title passed to API scribunto-console
The title should be passed with the proper namespace.

Change-Id: If63ebd707420ca600590f38b29d0e3c839b1f1b6
2013-02-07 12:37:14 -05:00
Tim Starling d5bd1102d0 Fixed transmission of \0 from Lua standalone
* string.format() truncates the string at a null character, causing a
  deadlock when Lua attempts to send null characters to PHP. Use
  concatenation instead.
* Added test.
* Fixed an error reporting issue in the console, which I happened to
  notice at the same time as the above bug.

Change-Id: I2e6061a04512557492bffbd04bc09ca3bc1d80d6
2012-12-03 17:46:11 +11:00
Siebrand Mazeland ce27d6eefc Reformat JavaScript and CSS code.
Change-Id: Id5630bacfbc97ace3d2c68b69403b463eb6b5e87
2012-10-07 16:13:39 +02:00
Siebrand Mazeland 7e43f640a6 Tweaks and fixes suggested by JSHint/JSLint.
Change-Id: Ia2e089dba787fafbd48e27a3da197dec328c5181
2012-10-07 02:36:28 +02:00
Amir E. Aharoni b70f8a064e Fix console directionality
Add dir="ltr" and lang="en" to the console element.

Change-Id: I73e6e35d2045dc4a7af7ab16799d4e0f06af0bec
2012-08-15 12:16:43 +03:00
Tim Starling b5c36bad59 Debug console module
* Added a debug console to the edit page, allowing unsaved modules to be
  tested.
* Removed the "preview" button from the edit page.
* Only show the "ignore code errors" checkbox on module edit pages, not
  all edit pages.
* Added Lua function mw.log() for sending messages to the debug log.

Change-Id: Ia51f439e573a1deb5b83f94ddd1a86792d5569c1
2012-07-14 14:35:55 +10:00