The following sniffs are failing and were disabled:
* MediaWiki.Commenting.MissingCovers.MissingCovers
Change-Id: I07b2cf945f44fd5532812a712f7dd40d2f208be2
While there is currently no demonstrated vulnerability, this provides
additional hardening against SPECTRE-like attacks, and any potential
future timing attacks.
Bug: T184156
Change-Id: I2b5cc177bded1a9b5600d77116e67817841204be
This extension requires 1.31 (it follows the release branches compatibility
policy), so we can remove a lot of legacy checks and code.
Change-Id: Ieb42073010caffb1f6811d3a2f629aa60c1d2034
The two lualib/ustring generation scripts run independently of MediaWiki, so
the new wfIsCLI() isn't usable there.
Bug: T184043
Change-Id: I217657d12e16a7b76dc814be5fed03540c461e7c
Before this, tools like Phan and others read
`Scribunto_LuaLibraryBase::register()` returns `\Lua` type
from the document comment,
but it actually returns `array` type since the implementation
of this function should returns the value of
`Scribunto_LuaEngine::registerInterface()` which returns
`array` type.
Change-Id: I25beea963444b715bed7b2890475c0c812949520
The core {{urlencode:}} parser function doesn't encode various
characters in WIKI mode that it does in other modes. mw.uri.encode
should match that.
Bug: T174239
Change-Id: I2be0811cf39c02c5c0ad3433e4b0ef9030350e24
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle
The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment
* MediaWiki.Usage.ReferenceThis.Found
Change-Id: I1074884ab6810dd082b1baebb25d02b997424818
This makes it easier for people to use luasandbox and brings it in line
with how we currently take advantage of other PHP extensions if they're
available (e.g. wikidiff2). People can still explicitly use
luastandalone if they want to.
Bug: T128144
Change-Id: I585019be4dfeb0e2614d91dc3fb7eac0a3bd4bab
Make the language cache size configurable, and increase the default from
20 to 30. It needs to be fairly small on default installations, but can
be essentially unlimited if $wgLocalisationCacheConf['manualRecache'] is
true.
Bug: T85461
Change-Id: Idb17691b30b0d2565a1624e5159df7d9b795764d
normalization-data.lua is updated to Unicode 6.3.0.
upper.lua and lower.lua are updated to match HHVM 3.12.1's mb_strtoupper
and mb_strtolower. I don't know what version of Unicode that might be,
but it seems old.
Bug: T86096
Change-Id: I1a0c8be2756f86db5f36dd67319a1f79aea98b3e
https://www.mediawiki.org/wiki/Extension:Scribunto says that master
requires 1.25+, so let's remove checks for stuff that was added before
that.
* PPFrame::getTTL() was in 1.24.
* PPFrame::setTTL() was in 1.24.
* PPFrame::isVolatile() was in 1.24.
* Parser::fetchCurrentRevisionOfTitle() was in 1.24.
* ObjectCache::getLocalServerInstance() was added in 1.27, so restore the call to ObjectCache::newAccelerator() as BC.
This also removes BC with the php-luasandbox extension older than 1.6, which
was released before MediaWiki 1.22.
Bug: T148012
Change-Id: I36e37f3b65d0f167e1d28b00e0842d9721feee31
An empty pattern isn't "safe" since it could match in between the
bytes of a UTF-8 character.
Also, it turns out there's a bug in PHP <5.6.9 preg_replace() that we
need to work around too.
Change-Id: I282e5909e4663461d60c5386693db182de2fd44c
Provides a simple wrapper for PHP's hash() and
hash_algos() functions.
I will add docs to the Lua reference manual once
this is merged.
Bug: T142585
Change-Id: I6697463974a175e99f9b77428a1085247165ebc9
For the PHP implementation, return the codepoints as a table instead of
multiple return values that get table-ified in Lua, to avoid hitting
too-many-values stack limits.
For the pure-Lua version, inline most of ustring.codepoint instead of
calling it to avoid what's effectively "{ unpack( stuff ) }".
Bug: T118687
Change-Id: I105f388cc23ab55d4124739700ef89d5354b7dbc
mw.ustring is really really slow. I've discovered that in a lot of modules
on enwiki, upwards of 2/3 of the total runtime gets used when mw.html
calls mw.ustring.gsub. This change checks whether any Unicode characters
are present, and if not, calls string.gsub instead.
Change-Id: Ia50061584be3901ae7428354c449236225c318db
Core strip markers were changed in T110143 to include characters that
are normally encoded in attributes, however we want to pass them through
here so they can be unstripped correctly in the output wikitext.
This fix makes "Strip markers in CSS" parser test pass again.
Bug: T110143
Bug: T135961
Change-Id: I1353931a53c668d8a453dfa2300a99f59fdb01c5
The following continue to be ignored:
* Generic.Arrays.DisallowLongArraySyntax.Found, because I'm not sure
Scribunto is ready to abandon old version support in master.
* MediaWiki.ControlStructures.AssignmentInControlStructures.AssignmentInControlStructures,
because it's overly strict for its purpose.
Squiz.Classes.ValidClassName.NotCamelCaps isn't ignored globally, we
just ignore it explicitly every place it's needed.
Change-Id: I307668da6ef7b3e23da19b1fd1e08914239b99b3
This also makes some updates to make-normalization-table.php to handle
the move of UtfNormal to a separate library.
Bug: T126427
Change-Id: Id4985c3ca441cf92f08ba1f1af85c762ba43d7d2
When caching results from frame:preprocess and frame:expandTemplate,
restrict the scope of the cache to the frame object that was used. This
allows the integrity of the empty-frame expansion cache to be maintained
while also allowing parent frame access. This change is the equivalent of
I621e9075 in core.
Change-Id: Iae4c00e7e19ba12cfdaac135be16c991d9d0cea1
The new Scribunto_LuaTitleLibrary::redirectTarget() method is
used by mw.title objects as read-only attribute 'redirectTarget'.
If the page does not exist or it is not a redirect, the value
of the attribute is `false`; otherwise, it is the target of the
redirect page, as mw.title object.
This is a proper alternative to parsing wikitext as it is done in:
https://en.wikipedia.org/wiki/Module:Redirect
Bug: T68974
Change-Id: Id4d9b0f8c1cd09ebc42c031d4d3fc0c33eea44aa
The language used should be $parser->getTargetLanguage(), not the user
language.
Soft-depends on Id14733aaef3e52a2e315bffe74baeb926d46e238.
Bug: T127233
Change-Id: I712e048367d9d65fd223cb085dbf9e5fceca286c
Lua actually treats a close-bracket at the start of a bracketed
character class as a literal, rather than using it to close the
character class. Probably unintended behavior, but it happens.
Also, have the pure-lua version throw our more informative errors on
error even when falling back to string.find and the like, and fix some
other weird edge cases that came up in testing.
Bug: T95958
Bug: T115686
Change-Id: Iab783d4a3e58b1514cc09729d4a71c2cb1242ee8
A string with a dot pattern is only "simple" if
followed by +, - or *. The end of string condition was not checked
properly.
Change-Id: Ia10b9164caeabe464c76441cc82eef37a7013048
Cache Lua libraries in APC (if available) for up to 5 minutes. Always check the
file's mtime to avoid serving a stale copy.
This code path is hot enough that using APC makes a difference.
Change-Id: I32bad5fd9443c1759fe6dc91f8df2ac2f120d75b
Make Scribunto compatible with storing content model in the database, by
checking for it directly instead of guessing it based on the title.
Change-Id: I94ae07bc47273fbf65d64b2909e5895c1c3fd7e9
The result of the type function should be compared against the
string "table", not the global variable. This bug probably went
undetected until now, as "table" is also the global variable for the Lua
table library.
Change-Id: Ia28fa10388bfc587d95b522bfa8f3524b4a3ee5f