Commit graph

219 commits

Author SHA1 Message Date
Tim Starling eb01c6ad22 Fix invalid UTF-8 in LuaSandbox profiler data
Bug: T228746
Change-Id: Idf5cd4ed230a40f6894ed7b435c28c9ec2764b9b
2020-11-10 15:13:27 +00:00
C. Scott Ananian 7ec0ebfb2a Format Scribunto Lua Preview Limit Report memory numbers in bytes
Makes it consistent with other entries

Bug: T263592
Change-Id: Icc303455feab27966480854ea1c055ceab864ee0
2020-11-05 13:43:27 -05:00
libraryupgrader 00fc2c3f1e build: Updating mediawiki/mediawiki-codesniffer to 33.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.ObjectTypeHintParam
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic
* MediaWiki.Commenting.PropertyDocumentation.WrongStyle

Additional changes:
* Added the `wikimedia/mediawiki` profile in .eslintrc.json (T262222).
* Added the `wikimedia/jquery` profile in .eslintrc.json (T262222).
* Removed global `$`, included in the `wikimedia/jquery` profile (T262222).
* Removed global `mw`, included via `wikimedia/mediawiki` profile (T262222).
* Dropped the emtpy global definition in .eslintrc.json.

Change-Id: Ib0acbf92bcb8327ecd065db5db1083d7b222976c
2020-11-04 17:24:30 +00:00
Reedy b53689abde Fix double formatting of memory units
Bug: T263592
Change-Id: If8a71419d656530859552abaddeed66d5a9ddc4b
2020-10-23 19:46:57 +00:00
C. Scott Ananian 0cd8904842 Suppress phan false positives in LuaSandboxEngine::formatLimitData()
Most of this function deals with values for the single
scribunto-limitreport-profile key, where $value is an array of
strings.  Phan's security check plugin was getting confused because
*in general* the $value passed to a ParserLimitReportFormat hook can
be almost anything.

Change-Id: I0ef5ef71f00a92bd5db0df340725c88595fcb0c6
2020-10-23 17:02:23 +00:00
C. Scott Ananian 2bec230e3d Use Language::formatNumNoSeparators where appropriate
Avoids using the deprecated $noSeparators parameter to Language::formatNum
in favor of Language::formatNumNoSeparators, which has been around since
MW 1.21.

Change-Id: If3de5645a92514f605d4117fea3a820ed6c86624
2020-09-09 18:17:23 -04:00
libraryupgrader b9c82f4d4a build: Updating mediawiki/mediawiki-phan-config to 0.10.2
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.

Change-Id: I83fff3a5ff566790bc051d7bfffe7f3b124d3de7
2020-06-02 01:54:01 +00:00
Reedy aeaa5172b9 Fix PSR12.Properties.ConstantVisibility.NotFound
Bug: T253169
Change-Id: I50048f917c4b8cde4ebc002ed57f0e0afcf6e8c6
2020-05-30 01:32:16 +01:00
Brad Jorsch 34fc672f6d Add tests and type checking for mw.addWarning()
Testing was overlooked when this was added in Ibdd2506f.

Change-Id: Ie17020e3082668180dfa1d6532946891ea7951ea
2020-05-08 17:05:11 +00:00
DannyS712 c062595b01 Handle RevisionAccessException with try-catch
Failures caused by a9b073fc62

Bug: T252156
Change-Id: I703c2e0b13e79716f156e1c995fd139fbc68e321
2020-05-07 20:57:42 +00:00
DannyS712 a9b073fc62 Remove use of Parser::fetchCurrentRevisionOfTitle and Revision::getSha1
Use new fetchCurrentRevisionRecordOfTitle

Bug: T249384
Bug: T251233
Change-Id: I9a4974a990f8e4f7935cd8e38da918fd45a2282c
2020-04-28 09:34:26 +00:00
libraryupgrader 9facd741cc build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 29.0.0 → 30.0.0

npm:
* eslint-config-wikimedia: 0.15.0 → 0.15.3
* grunt-stylelint: 0.14.0 → 0.15.0
* stylelint-config-wikimedia: 0.9.0 → 0.10.1

Change-Id: I684372efb0248862700184546a5172bfd6d81ae0
2020-04-22 19:07:11 +00:00
C. Scott Ananian e0837cfd46 Don't use deprecated Parser::OutputType()
Depends-On: I0b4d5f170216597afb259cedbb13b8028d284715
Change-Id: I70e0ecb201d5ffdc3ccb75caf552a1dee4ad9e60
2020-04-17 00:47:42 +00:00
Antoine Musso fda6a663aa Remove trailing newline from log messages
wfDebug() required a newline in the message. That is no need with
wfDebugLog() or with our PSR-3 logging interface.

Bug: T228848
Change-Id: Ieb3de1ab59174ec0e1301e42bccee6cebce8749f
2020-03-23 14:58:33 +00:00
Umherirrender 724c38c892 Use MediaWikiServices::getRepoGroup
This required MediaWiki 1.34

Change-Id: Ie7186b0729b54ef9a52b18bb6a2a2696dca6daed
2020-03-16 17:58:49 +00:00
Umherirrender 92587641dc Use MediaWikiServices::getContentLanguage()
This required MediaWiki 1.32

Change-Id: Iff717eba8f4fad1e80229ebcf317ceec81667846
2020-03-16 17:58:26 +00:00
DannyS712 fb850e853c Don't fall back to global $wgUser when creating ParserOptions
Pass a user when relevant, or use ParserOptions::newFromAnon()

Bug: T246861
Change-Id: I44adb6d5c037de2fb05573cde3c7356cb73e8b42
2020-03-07 02:33:24 +00:00
DannyS712 d1f6e793ee Stop using old deprecated SpecialPageFactory static functions
Bug: T245686
Change-Id: If4d166c9a95bb9381ea4de560168f5d9d683d6f5
2020-02-19 23:12:56 +00:00
Brad Jorsch 66f83331db Record vary-page-id when ID is accessed via mw.title
This triggers a needed reparse when a new page is created using a module
that accesses the page ID.

Bug: T237746
Change-Id: I5564c2e896dd2a025c5a886ca478c377fac83e74
2020-02-13 17:24:41 +00:00
libraryupgrader 7b2cda5591 build: Updating composer dependencies
* mediawiki/minus-x: 0.3.2 → 1.0.0
* jakub-onderka/php-console-highlighter: 0.3.2 → 0.4.0
* mediawiki/mediawiki-phan-config: 0.9.0 → 0.9.1

Change-Id: Ibdedddbf19eb4712c31c1b95024391ff013f73e8
2020-02-07 06:37:29 +00:00
Brad Jorsch 3a19bb8b0c Document a lot of methods
Clear up a bunch of phpcs ignores by documenting many methods.

Also remove Scribunto_LuaError::setLineMap(), which has apparently never
been used since it was added in Ia51f439e.

Change-Id: I763bcdbc7edbbb8e4600495a03acca3439fc0ec9
2020-01-17 23:03:03 +00:00
Umherirrender ef8aff71ec Use class name resolution to refer to class names
::class is validated by phan and avoids misspelled class names

Change-Id: I613d5df56fcee6099e4294f5c6df078aafad1210
2020-01-02 16:59:55 +00:00
libraryupgrader 3b2d40f28d build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Depends-On: I9661ed8dd80cb827d7a1414c1eef952c0933a1f0
Change-Id: Ia34d9d9eade74cbb261dbfe4e39971de57cab888
2019-12-31 20:46:17 +00:00
Umherirrender 9c6f6f905a Split all classes in own files
Move autoload entries for test to TestAutoloadClasses key

Change-Id: Ie705db0e7225600b7b498cfa134733a65f1ae1c9
2019-12-21 10:20:18 +01:00
Umherirrender e83bc743ec Split classes in Base.php
Change-Id: Ie29a32aeb10cf23264481d3b0f5fb5096d49b60e
2019-12-18 19:06:57 +00:00
Umherirrender e70a548fbc build: Updating mediawiki/mediawiki-phan-config to 0.8.0
Bug: T235049
Change-Id: Ia8cb36d60d56eb899e96eacf7640d8da50c4adfe
2019-11-26 09:30:36 +00:00
Max Semenik d866df0ed8 Stop passing objects by reference
Bug: T193950
Change-Id: Ib18865bac35e52b52489fb0d501dfd0574906092
2019-11-15 19:23:28 +00:00
James D. Forrester a4f43da4d2 Drop use of wgParser, replaced in 1.32 and to be removed in 1.35
Bug: T160811
Change-Id: Ic18f8e3df636e092a2517a622cb3969ac048725e
2019-10-29 08:38:30 +00:00
Max Semenik 764847164a Replace trigger_error('') magic with error_clear_last()
Bug: T191247
Change-Id: I8bedd9c6df4648941c957d92fa8b0c8464f1d796
2019-10-28 14:08:55 +00:00
Brad Jorsch 0ee41431c2 Don't error if someone returns a built-in function from their module
This is getting close to the point of "don't do that, just wrap the
built-in". But since it's a regression in a recent patch, let's restore
the old behavior here.

Bug: T236092
Change-Id: Ieddc23d942bc91fd0246ae14d8a4af7719e3834f
2019-10-23 08:41:40 +00:00
Brad Jorsch 1617bb3deb Return correct frame from mw.getCurrentFrame in certain edge cases
When an #invoke is passed as an argument to another #invoke,
mw.getCurrentFrame() at module scope will return the wrong frame.

On the PHP side, we need to always reset the frame when processing
an #invoke, not just when there's no frame already. I don't remember why
I82dde43e wasn't done that way, but changing it doesn't make any tests
fail and Scribunto tends to have good tests.

On the Lua side, we need to do the same. The logic wih mw.getCurrentFrame()
using a global that gets stored, modified, and reset in several places
was getting confusing, so this patch reworks the logic to inject a
globalless mw.getCurrentFrame() into each #invoke's cloned environment
instead.

Bug: T234368
Change-Id: I8cb5bc4dc14c9b448c9f267e0539daa75e72af4c
2019-10-14 02:39:13 +00:00
Umherirrender fc7a6d5b5e Get GenderCache from MediaWikiServices
GenderCache::singleton is deprecated since 1.28
The service exists since 1.28, this extensions required 1.31

Change-Id: I3925f9ac2facc59cf37c82e16284e53c61abbc6e
2019-08-21 17:13:43 +00:00
libraryupgrader 8deabe62d4 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 24.0.0 → 26.0.0

npm:
* set-value: 2.0.0 → 2.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* union-value: 1.0.0 → 1.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* mixin-deep: 1.3.1 → 1.3.2
  * https://npmjs.com/advisories/1013
  * CVE-2019-10746
* lodash: 4.17.11 → 4.17.15
  * https://npmjs.com/advisories/1065
  * CVE-2019-10744

Change-Id: I8a6a2b4264a878c01d1d5a1b58ea59eb400f26a5
2019-08-03 04:53:01 +00:00
Ladsgroup 9bedee0604 Revert "Suppress wrong phan errors"
This reverts commit 0cfb5422dc.

Reason for revert: Not needed anymore and actually causing phan to fail on master

Change-Id: I2705489f9247e0d6741aaa04fe9c9800bcbda914
2019-07-28 14:14:41 +00:00
Amir Sarabadani 0cfb5422dc Suppress wrong phan errors
\BagOStuff::makeKey() and \BagOStuff::makeGlobalKey() can take
any number of arguments but phan gives out PhanParamTooMany
and this breaks master avoiding anything to be merged

Change-Id: I4b313606e03565182552d9c581feccabaa408022
2019-07-22 14:57:05 +00:00
Aaron Schulz e5097e6145 Use "vary-revision-sha1" over "vary-revision" in getContentInternal()
These allows for some chance of avoiding extra save parses.
Also add wfDebug() call to mention the vary-* flag.

Bug: T226432
Depends-on: Idcd30a3fa3f7012dac76ce8bbf46625453ae331f
Change-Id: Id3bc207382aac90bd63df2d83d6334aae9b2477d
2019-07-18 01:48:12 +00:00
James D. Forrester 9309269892 build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1
Change-Id: I3aa1b3ee7de78c11b66fdce02686720587eb4f72
2019-07-11 08:13:40 +00:00
Brad Jorsch 164974c4b5 ustring: Replace UtfNormal hack with a different one
Ideally we'd just have composer.json require UtfNormal so we'd know
where it is and have an autoloader to load it for us, but that seems to
not be done in the world of MediaWiki extensions.

Previously we had been taking paths to the two data files from UtfNormal
and loading them into a stub class, but phan has started complaining
about the definition of the stub class colliding with the real UtfNormal.
So let's try loading the real UtfNormal\Validator and its data files.
Hopefully this continues to not try to pull in any other files via the
nonexistent autoloader.

Change-Id: I93baf20f0eef1892685e272793b4f99236e8c905
2019-06-11 00:09:15 +00:00
Brad Jorsch 2e79d0a719 mw.uri: Support IP-Literal syntax
RFC 3986 allows IPv6 literals (and future IP versions) by having the
"host" enclosed in brackets, like `http://[2001:db8::]`. mw.uri should
handle these appropriately.

Bug: T223267
Change-Id: I6f712b87bc376cf606c6c2ebbe80176037d6dddb
2019-05-19 07:55:29 +00:00
Holger Knust 6c231cbe4d Call method getText() instead of getNativeData()
Classes derived from TextContent support the getText method. The previously called method getNativeData is going to be deprecated.

Bug:  T155582
Change-Id: I550d2ecf2c4b71da17258af0c2306c1ca49806d3
2019-03-27 11:02:34 -04:00
Kunal Mehta 8328acb9b1 Upgrade to newer phan
Bug: T216940
Change-Id: If8c2027f6bb7b91504fb51a3d2668b6d929b5da1
2019-03-20 21:19:37 -07:00
Kunal Mehta 017d6a133b Fix @return for SiteLibrary::pagesInCategory()
If $which === '*', then it returns int[][].

Change-Id: If9204367ce7acf67625b343a35b61aba02dd6a31
2019-03-20 21:18:51 -07:00
Kunal Mehta c3d93b61e2 Use PHP 7 variadic params for LuaInterpreter::callFunction()
Change-Id: I3b32e73dcee6a92d91f29915a76dd4e83c080ada
2019-03-20 21:17:45 -07:00
Kunal Mehta f308135df3 Use PHP 7's ?? syntax
Change-Id: I768782b8acbc1776e29886d330358553675e272b
2019-03-20 21:16:08 -07:00
MGChecker 4bc7abb0ac Set "TemplateSandboxEditNamespaces" in extension.json
If TemplateStyles installed, then enable it in the Module namespace
by default. This change is analogous to I96d9601ff80c2d3eb052c01.

Since both extensions use the ContentHandlerDefaultModelFor hook, Scribunto
will check if the sanitized-css model has already been set, and if so, not
override it. If the page is in NS_MODULE, it will set the content model to
Scribunto, but allow further hooks to override it, in which case it is
expected that TemplateStyles would set it to sanitized-css.

Bug: T200914
Depends-On: I2fa9b822ee39bcc5f95a293c8c4aad4d53ede30a
Change-Id: I7a9b445accde35e4a5e7d13100c646f211d21afe
2019-01-15 09:39:30 -08:00
Kunal Mehta 237d059ea1 Add lua5.1 patch for CVE-2014-5461
For whenever anyone else has to recompile the binaries, it's easier if
the patch file is in git.

I copied it directly out of T72541, and verified with:
 patch -p1 < ../CVE-2014-5461.patch
in the lua5.1 source tree.

Change-Id: I714a9d55096d9b5d081cd3e54f3b2e6848dcafef
2019-01-08 21:33:47 -08:00
Brad Jorsch 1ef78f3d7f ApiScribuntoConsole: Use 'text' type for text fields
In the rare case where someone needs to test the module with
Special:ApiSandbox, it's helpful if these fields show up as <textarea>
rather than <input type="text">

Change-Id: I712d2f74bccd5ceee608dbf51e28b16dc7ed56be
2018-12-12 02:39:51 +00:00
Brad Jorsch ec103b6966 Scribunto_LuaError: Make ->getMessage() return UTF-8 text
It's easily possible for Lua to raise errors where the string is not
valid UTF-8. When we turn that into a Scribunto_LuaError, we should
normalize it so other things don't break.

Bug: T208689
Change-Id: Idc5514261e99d64222b86877dd0500d425a26988
2018-12-11 14:46:56 -05:00
Marius Hoch 8dbde85b69 Parser profiling data: Nicer float format
No need to display three decimal points for the
given cpu limit all the time.

Will change outputs like:
"1.728/10.000 seconds"
to
"1.728/10 seconds"

Change-Id: Ib1f5b435825232eaf9fde7ff0d953c137c06ac32
2018-12-10 15:39:56 +00:00
Marius Hoch ab15dfe4ff Make sure interface functions with the same name don't clash
Test case (greatly simplified) by Anomie.

Bug: T211203
Change-Id: Id05c226b80343b1c333ae622d7390a96ff88ea99
2018-12-06 08:15:43 +01:00
Umherirrender 55bd9d22bb Add method scope visibility
Change-Id: I2efe0f71266d70e9a41e044406d82ef7daa31296
2018-11-19 21:18:12 +00:00
Brad Jorsch 18c08c23fc ustring: Match undocumented string.gsub behavior
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.

This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.

Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
2018-11-01 03:59:35 +00:00
stibba 946874ef01 Update mediawiki http to https in Scribunto extension
This patch updates the scribunto extension so all old http links
to wikimedia are now https.

Bug: T189687
Change-Id: I3f030063e7c6277abd3b0458eaf4b973145afed2
2018-10-29 14:33:03 +01:00
libraryupgrader 8b489ca160 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
And updating CoC link to use Special:MyLanguage (T202047).

Change-Id: I091003f69b82c7cacc4cda320a38b1b07f3cdb6b
2018-09-03 21:33:35 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
Brad Jorsch a54087abee Remove unreachable code path
The $options parameter to ScribuntoContent::fillParserOutput() is
typehinted as `ParserOptions` and is not nullable, so the code path for
`!$options` will never be reached.

Also fix the @param doc to match.

Bug: T194263
Change-Id: I254a583b7f7ddd1797aa40f0ddfb973161185a49
2018-07-11 18:43:52 +00:00
jenkins-bot ea0c6d614d Merge "Get rid of call_user_func_array()" 2018-07-04 03:58:20 +00:00
Max Semenik eb8ccf03db Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I777ed78d22efbddacaab22c4614a0defa6ad3f94
2018-07-03 19:40:19 -07:00
Kunal Mehta df7666aab6 Don't use deprecated Interwiki static method
Change-Id: If6d8681c84be4820724468f92c6f3cdb65a11736
2018-06-07 11:40:08 -07:00
libraryupgrader c88d231aed build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Usage.ForbiddenFunctions.popen
* MediaWiki.Usage.ForbiddenFunctions.proc_open
* MediaWiki.Usage.ForbiddenFunctions.shell_exec

Change-Id: I39e352194565a5526c1a8a34992c028fb305b03b
2018-05-26 06:18:46 +00:00
Kunal Mehta f76ba3c465 Disable Squiz.Classes.ValidClassName.NotCamelCaps globally
Instead of per-file. This happens to also fix a false positive with the
PhpunitAnnotations sniff.

Change-Id: I22621c37217ed2db9d8b3591df1a1421c25fa7f6
2018-05-24 22:26:11 -07:00
Brad Jorsch 32718af677 ustring: Handle invalid types in gsub
If the replacement table or function results in a value that isn't a
string or number (or nil), string.gsub raises an error. Have ustring
raise the same error.

Bug: T195326
Change-Id: Ic36f9f5d7adc0c14e7a4a94d3747335107acd8b6
2018-05-22 18:55:49 -04:00
Kunal Mehta d245edbb94 Add phan configuration
Manually import LuaSandbox's git repository as a composer dependency to
provide the PHP stubs for phan.

Change-Id: I6226b9211f31d829da5a2775c6f5cf3599dd8ebc
2018-05-14 18:41:59 -07:00
jenkins-bot fb06f727f7 Merge "Update at-ease calls" 2018-04-18 18:47:16 +00:00
Gergő Tisza 8fb655258d Fix SyntaxHighlight incompatibility
The class existence check Scribunto used to tell apart current and
B/C versions of SyntaxHighlight does not work with recent versions.
This caused the B/C branch to be invoked unnecessarily, which
resulted in deprecation warnings.

Also, the supposedly non-B/C branch also invoked B/C code which has
no error handling.

The commit removes B/C support and adds a new way of interacting with
SyntaxHighlight.

Bug: T109873
Change-Id: I2d518b5412efbe4e8ddb43e7c465ea55dc44b1a3
2018-04-18 16:46:17 +00:00
Reedy 73f21a1155 Update at-ease calls
Bug: T187037
Change-Id: I9b681cf900a3aaf1be3e688d12e3e83f44bff91b
2018-04-18 14:31:04 +00:00
Brad Jorsch 6be48e2f7a Update ustring data tables
normalization-data.lua is updated to Unicode 8.0.0 (libicu57).

charsets.lua is updated to match the character classes used by PCRE 8.35,
which seems to be Unicode 6.3.0.

upper.lua and lower.lua are still based on whatever ancient version of
Unicode is used by mb_strtoupper and mb_strtolower in HHVM 3.18.6.

Bug: T177498
Change-Id: I00b471176e1fd21123c22d187ff222928819e459
2018-04-16 00:09:59 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00