Commit graph

250 commits

Author SHA1 Message Date
Thiemo Mättig 856217d7ad Stop using deprecated class from UtfNormal library
Change-Id: I966a68c52eb4a59d91dc8a597c364f4e1ac44073
2018-03-22 11:06:15 +01:00
libraryupgrader 6d1a6ffb01 build: Updating mediawiki/mediawiki-codesniffer to 16.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.MissingCovers.MissingCovers

Change-Id: I07b2cf945f44fd5532812a712f7dd40d2f208be2
2018-02-15 13:57:18 +00:00
Brad Jorsch 6c69cd2ddf SECURITY: Reduce precision on os.clock() to mitigate timing attacks
While there is currently no demonstrated vulnerability, this provides
additional hardening against SPECTRE-like attacks, and any potential
future timing attacks.

Bug: T184156
Change-Id: I2b5cc177bded1a9b5600d77116e67817841204be
2018-02-09 15:24:02 -08:00
jenkins-bot 252d117fdd Merge "Improve some parameter docs" 2018-01-16 16:21:51 +00:00
Kunal Mehta 82584edd0e Don't use deprecated wfMemcKey() or wfGlobalCacheKey()
Change-Id: I7fe5a45226a92ef19c25790a800a7ae7b7a3a57a
2018-01-13 01:07:50 +05:30
Kunal Mehta f5a195a3db Remove no longer needed backwards-compatibility
This extension requires 1.31 (it follows the release branches compatibility
policy), so we can remove a lot of legacy checks and code.

Change-Id: Ieb42073010caffb1f6811d3a2f629aa60c1d2034
2018-01-12 07:07:21 +05:30
Umherirrender cfbd0a1a1b Improve some parameter docs
Change-Id: Ic85f74fc8dcefe86a3620e2d12f0b2ad2386ee23
2018-01-11 21:27:53 +01:00
Kunal Mehta 76dbe5d804 Treat phpdbg as being run from the command-line
The two lualib/ustring generation scripts run independently of MediaWiki, so
the new wfIsCLI() isn't usable there.

Bug: T184043
Change-Id: I217657d12e16a7b76dc814be5fed03540c461e7c
2018-01-10 19:47:19 +05:30
Rafid Aslam 07218fd02f Fix the return type of Scribunto_LuaLibraryBase::register()
Before this, tools like Phan and others read
`Scribunto_LuaLibraryBase::register()` returns `\Lua` type
from the document comment,
but it actually returns `array` type since the implementation
of this function should returns the value of
`Scribunto_LuaEngine::registerInterface()` which returns
`array` type.

Change-Id: I25beea963444b715bed7b2890475c0c812949520
2017-12-25 15:08:16 +07:00
Umherirrender f73e6a24c4 Improve some parameter docs
Change-Id: Ia21866f266bbd6fad4876485798370764ae13500
2017-09-25 18:07:03 +00:00
Kunal Mehta 6831174a91 Don't use Title::setFragment()
It's deprecated for public usage.

Change-Id: I063d9683910cf55e84f05ce29c9ebf5ac2ea2bee
2017-09-10 15:22:25 -07:00
Brad Jorsch ca85f20099 Make mw.uri.encode 'WIKI' mode match core {{urlencode:}}
The core {{urlencode:}} parser function doesn't encode various
characters in WIKI mode that it does in other modes. mw.uri.encode
should match that.

Bug: T174239
Change-Id: I2be0811cf39c02c5c0ad3433e4b0ef9030350e24
2017-08-28 10:34:16 -04:00
Kunal Mehta f49ad9081c Remove some PHP 5.3 compat code
Change-Id: I433ab9754606e2cbbaef534a1a5b70bad9b9387c
2017-08-22 22:39:15 -07:00
Kunal Mehta b8ff734aa4 Use namespaced ScopedCallback
The non-namespaced version is deprecated since 1.28

Change-Id: Icb3fed78882913a26aad4bdb1a84cb5a3e8ca6bb
2017-08-21 14:06:34 -07:00
Max Semenik e16533faf0 Remove retrieval of deprecated pageviews statistics
Both $wgDisableCounters and SiteStats::views() do nothing
these days.

Change-Id: Ia2375fb3db31d1faade5f271e4725de64b10b55b
2017-08-14 15:38:54 -07:00
Kunal Mehta 3b20423ff7 build: Updating mediawiki/mediawiki-codesniffer to 0.11.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationProtected
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPublic
* MediaWiki.Commenting.FunctionComment.MissingParamComment
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
* MediaWiki.Commenting.FunctionComment.WrongStyle

The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment
* MediaWiki.Usage.ReferenceThis.Found

Change-Id: I1074884ab6810dd082b1baebb25d02b997424818
2017-08-11 00:28:16 -04:00
WMDE-Fisch e1763ff69a Updating mediawiki-codesniffer to 0.10.1 and fix issues
Change-Id: Iac61e49ab0f1318fcb7b23b4c90b6a427fe8957f
2017-07-25 17:16:47 +00:00
Umherirrender 18b22b3a3d build: Updating mediawiki/mediawiki-codesniffer to 0.10.0
Change-Id: I92b9fb936cb8fa8411850b97804e2aacf3984322
2017-07-08 15:42:23 +02:00
Kunal Mehta 11cf41c74c Automatically detect if luasandbox is installed
This makes it easier for people to use luasandbox and brings it in line
with how we currently take advantage of other PHP extensions if they're
available (e.g. wikidiff2). People can still explicitly use
luastandalone if they want to.

Bug: T128144
Change-Id: I585019be4dfeb0e2614d91dc3fb7eac0a3bd4bab
2017-06-29 18:24:11 +00:00
Umherirrender 4abed1d7c7 Use short array syntax
Done by phpcbf over composer fix

Change-Id: I9b7419e025ef499ff68be79789d76ad4b886d256
2017-06-16 13:26:30 +00:00
Tim Starling 0cf603ca9d Make the maximum language cache size configurable
Make the language cache size configurable, and increase the default from
20 to 30. It needs to be fairly small on default installations, but can
be essentially unlimited if $wgLocalisationCacheConf['manualRecache'] is
true.

Bug: T85461
Change-Id: Idb17691b30b0d2565a1624e5159df7d9b795764d
2017-03-23 15:24:00 +11:00
Brad Jorsch 5e28f67e88 Speed up PHP mw.ustring.gcodepoint
It seems to be over 200 times faster to iterate over the array instead
of shifting off the front.

Change-Id: Id29a4739ae2bd5dac4197e110ea73f74794e6d9f
2017-03-06 12:53:25 -05:00
Brad Jorsch fe094e7bae Update ustring data tables
normalization-data.lua is updated to Unicode 6.3.0.

upper.lua and lower.lua are updated to match HHVM 3.12.1's mb_strtoupper
and mb_strtolower. I don't know what version of Unicode that might be,
but it seems old.

Bug: T86096
Change-Id: I1a0c8be2756f86db5f36dd67319a1f79aea98b3e
2017-01-21 03:26:27 +00:00
jenkins-bot ae677fbc0d Merge "Ustring: Let gcodepoint work with moderately long strings" 2016-12-16 00:42:02 +00:00
Brad Jorsch db07787390 Cleanup backwards-compatibility code
https://www.mediawiki.org/wiki/Extension:Scribunto says that master
requires 1.25+, so let's remove checks for stuff that was added before
that.

* PPFrame::getTTL() was in 1.24.
* PPFrame::setTTL() was in 1.24.
* PPFrame::isVolatile() was in 1.24.
* Parser::fetchCurrentRevisionOfTitle() was in 1.24.
* ObjectCache::getLocalServerInstance() was added in 1.27, so restore the call to ObjectCache::newAccelerator() as BC.

This also removes BC with the php-luasandbox extension older than 1.6, which
was released before MediaWiki 1.22.

Bug: T148012
Change-Id: I36e37f3b65d0f167e1d28b00e0842d9721feee31
2016-10-13 11:07:44 -04:00
Aaron Schulz 3660ec17ba Clean up ObjectCache calls
Change-Id: I95b2d4d0f94a2e7f42372615ea9c612845502b30
2016-10-11 14:06:38 -07:00
Brad Jorsch 629f11d0dd Fix pure-Lua ustring and empty patterns
An empty pattern isn't "safe" since it could match in between the
bytes of a UTF-8 character.

Also, it turns out there's a bug in PHP <5.6.9 preg_replace() that we
need to work around too.

Change-Id: I282e5909e4663461d60c5386693db182de2fd44c
2016-10-05 14:32:27 -04:00
jenkins-bot c48bda0698 Merge "Add handling for PCRE errors in ustringGsub" 2016-10-05 18:15:10 +00:00
Marius Hoch 0f4db74148 Add mw.hash to Scribunto
Provides a simple wrapper for PHP's hash() and
hash_algos() functions.

I will add docs to the Lua reference manual once
this is merged.

Bug: T142585
Change-Id: I6697463974a175e99f9b77428a1085247165ebc9
2016-08-18 04:39:04 +02:00
Brad Jorsch ba19a82c06 Add handling for PCRE errors in ustringGsub
Bug: T130823
Change-Id: I6fab71c82ddab92daf6b369cb9857d9892f2d246
2016-07-15 15:43:58 -04:00
Brad Jorsch d643f40de9 Ustring: Let gcodepoint work with moderately long strings
For the PHP implementation, return the codepoints as a table instead of
multiple return values that get table-ified in Lua, to avoid hitting
too-many-values stack limits.

For the pure-Lua version, inline most of ustring.codepoint instead of
calling it to avoid what's effectively "{ unpack( stuff ) }".

Bug: T118687
Change-Id: I105f388cc23ab55d4124739700ef89d5354b7dbc
2016-07-15 19:35:58 +00:00
Kunal Mehta 9275cc14fb Expose ParserOutput::addWarning() to modules
Bug: T137900
Change-Id: Ibdd2506f4ab27f531ae49187bc57ba0d5c56b7cc
2016-06-16 15:48:53 -07:00
Jackmcbarn f4501ccd22 Only use mw.ustring when necessary
mw.ustring is really really slow. I've discovered that in a lot of modules
on enwiki, upwards of 2/3 of the total runtime gets used when mw.html
calls mw.ustring.gsub. This change checks whether any Unicode characters
are present, and if not, calls string.gsub instead.

Change-Id: Ia50061584be3901ae7428354c449236225c318db
2016-05-30 18:38:32 +00:00
Brad Jorsch c9de00aeff SECURITY: Don't escape strip markers when escaping attributes in mw.html
Core strip markers were changed in T110143 to include characters that
are normally encoded in attributes, however we want to pass them through
here so they can be unstripped correctly in the output wikitext.

This fix makes "Strip markers in CSS" parser test pass again.

Bug: T110143
Bug: T135961
Change-Id: I1353931a53c668d8a453dfa2300a99f59fdb01c5
2016-05-22 21:40:32 -04:00
Brad Jorsch aa4d72e3ff Fix uncontroversial phpcs errors
The following continue to be ignored:
* Generic.Arrays.DisallowLongArraySyntax.Found, because I'm not sure
  Scribunto is ready to abandon old version support in master.
* MediaWiki.ControlStructures.AssignmentInControlStructures.AssignmentInControlStructures,
  because it's overly strict for its purpose.

Squiz.Classes.ValidClassName.NotCamelCaps isn't ignored globally, we
just ignore it explicitly every place it's needed.

Change-Id: I307668da6ef7b3e23da19b1fd1e08914239b99b3
2016-05-18 16:31:28 -04:00
jenkins-bot c753698eaa Merge "Provide a standard way to get the target of a redirect page" 2016-05-12 19:32:17 +00:00
Brad Jorsch b3da8a698d Add toNFKC and toNFKD to mw.ustring
This also makes some updates to make-normalization-table.php to handle
the move of UtfNormal to a separate library.

Bug: T126427
Change-Id: Id4985c3ca441cf92f08ba1f1af85c762ba43d7d2
2016-04-02 15:22:42 +00:00
Jackmcbarn b82ed4aa7d Restrict cached results to their original frame
When caching results from frame:preprocess and frame:expandTemplate,
restrict the scope of the cache to the frame object that was used. This
allows the integrity of the empty-frame expansion cache to be maintained
while also allowing parent frame access. This change is the equivalent of
I621e9075 in core.

Change-Id: Iae4c00e7e19ba12cfdaac135be16c991d9d0cea1
2016-03-09 11:27:23 -05:00
Ricordisamoa 1573bee81a Provide a standard way to get the target of a redirect page
The new Scribunto_LuaTitleLibrary::redirectTarget() method is
used by mw.title objects as read-only attribute 'redirectTarget'.

If the page does not exist or it is not a redirect, the value
of the attribute is `false`; otherwise, it is the target of the
redirect page, as mw.title object.

This is a proper alternative to parsing wikitext as it is done in:
https://en.wikipedia.org/wiki/Module:Redirect

Bug: T68974
Change-Id: Id4d9b0f8c1cd09ebc42c031d4d3fc0c33eea44aa
2016-03-01 14:30:22 +01:00
Brad Jorsch 31dd4d535f Pass language to SpecialVersion::getVersion()
The language used should be $parser->getTargetLanguage(), not the user
language.

Soft-depends on Id14733aaef3e52a2e315bffe74baeb926d46e238.

Bug: T127233
Change-Id: I712e048367d9d65fd223cb085dbf9e5fceca286c
2016-02-24 00:11:17 +00:00
Jackmcbarn dc9446b84d Remove loadedLibraries
Nothing actually uses this, so I'm not sure why we ever kept track of it.

Change-Id: I60480b96a83731c7b25aed55099886a86efc08b1
2016-01-19 02:25:25 +00:00
Brad Jorsch 29266a9a0f Use correct variable in ustring.lua
Change-Id: Ic576b8c31c487c106593050538f9f2cc5b722b62
2016-01-02 10:49:48 -05:00
Brad Jorsch cd618c7a92 ustring: Handle "empty" charset like Lua does (part 2)
Lua actually treats a close-bracket at the start of a bracketed
character class as a literal, rather than using it to close the
character class. Probably unintended behavior, but it happens.

Also, have the pure-lua version throw our more informative errors on
error even when falling back to string.find and the like, and fix some
other weird edge cases that came up in testing.

Bug: T95958
Bug: T115686
Change-Id: Iab783d4a3e58b1514cc09729d4a71c2cb1242ee8
2015-10-16 09:26:55 -04:00
Jan Berkel fb20934b16 Fix a problem with simple pattern detection
A string with a dot pattern is only "simple" if
followed by +, - or *. The end of string condition was not checked
properly.

Change-Id: Ia10b9164caeabe464c76441cc82eef37a7013048
2015-10-07 10:27:45 -04:00
Jan Berkel 7c5454b36c Fix off-by one error in gsub
Change-Id: I49c0386970e007271d23087fd112580af7b21c9c
2015-09-23 17:41:15 +01:00
Ori Livneh eec31286bc Fix-up for I32bad5fd9
Don't return nonexistent variable $content, and don't bypass loadString / callFunction.

Change-Id: Iae493606d0167853c3c79536e35eeb23a54bb6d1
2015-08-25 17:36:26 -07:00
Ori Livneh 7bd4959b55 Cache Lua code files in APC
Cache Lua libraries in APC (if available) for up to 5 minutes. Always check the
file's mtime to avoid serving a stale copy.

This code path is hot enough that using APC makes a difference.

Change-Id: I32bad5fd9443c1759fe6dc91f8df2ac2f120d75b
2015-08-25 16:28:36 -07:00
Jackmcbarn 828c6cf513 Prevent leaking title fragments across invokes
Bug: T106951
Change-Id: Iace5d75deac3d8ffde6f3dec6a4f910dcb77d1e2
2015-07-27 10:46:23 -04:00
Jackmcbarn bd5e46b941 Check content model instead of title
Make Scribunto compatible with storing content model in the database, by
checking for it directly instead of guessing it based on the title.

Change-Id: I94ae07bc47273fbf65d64b2909e5895c1c3fd7e9
2015-07-19 22:16:21 -04:00
Mr. Stradivarius d59d852290 Fix accidental global in mw.uri.parseQueryString
The result of the type function should be compared against the
string "table", not the global variable. This bug probably went
undetected until now, as "table" is also the global variable for the Lua
table library.

Change-Id: Ia28fa10388bfc587d95b522bfa8f3524b4a3ee5f
2015-07-15 23:07:37 +09:00