Core now provides all-member count separately with type guarantee.
Depends-On: I8780a4f9bc6c4cb588d0da10b457130df104ced9
Change-Id: Iae795c7c46360727dd4a4d47e7b8bb4dc1c607ab
In addition, several variables which contained instances of ParserOutput
were renamed to $parserOutput to help future humans and code-searchers
to distinguish these from instances of OutputPage.
Bug: T296123
Change-Id: Ic532bca4348b17882716fcb2ca8656a04766c095
This reverts commit 602cef87e0.
Reason for revert: Production errors in 1.38.0-wmf.16
Bug: T298659
Change-Id: Ic6c0e31c8247f7d89824d20f28fb0aa56d6ed749
The global function wfWikiID() is deprecated since 1.35 and it's usages
should be replaced with WikiMap::getCurrentWikiId().
Bug: T298059
Change-Id: Idb937a82b08679f6552699ecc4a7ea1da7006e09
For some reason this is hard coded 5.1.4. But if you look at the
included binaries, the windows ones are clearly 5.1.5.
Change-Id: If0e7e6ae47b058b3d425b586955cc87a14b21eb8
This previously bypassed normalization because only the "value" part
of the internal exception message was normalized, the "module" part
can be invalid as well since it's derived from the original message.
Similar to Idc5514261e99d64222b86877dd0500d425a26988
Bug: T289358
Change-Id: I1ce09dd521eb80ba0d2fb6f84508a1a77d339496
This fixes an incompatibility introduced by Ia73ea587586cb69eb5.
Depends-On: I1f24703b80566220ac6fe8ee500e838ed7fd29af
Change-Id: I31ca0a8987f9694bc3b312a48c2c111ceda6fa3e
Extensions are supposed to return false to break hook chains when failed, which can avoid unnecessary call of later handlers in other extensions and work around with problems caused by difference betwen multiple triggers.
On mediawiki version 1.36 and before, just returning false in this hook can't display error message by default.
Set $status->value manually still to provide backward compatibility.
Bug: T280312
Change-Id: I935eb40d41c4bf9c123e131a54f6bfca2d517450
The MWNamespace class has been deprecated in favor of the NamespaceInfo
service. All methods in the MWNamespace should be replaced with the
equavilent methods of the NamespaceInfo service.
Change-Id: I964d3b191cc3129b8e467e6fbbccd2fcc0b89e11
On the Wikimedia cluster, 1.6% of MediaWiki wall-clock time is burnt on
calls from Lua into Scribunto_LuaSandboxCallback::frameExists()[1]. We
can optimize away many of these calls by not calling into PHP to check
if 'empty' or 'current' exist: the engine always reports that the
'empty' frame exists, and 'current' is guaranteed to have been set up
(in LuaEngine::setupCurrentFrames) prior to calling into Lua.
To help validate this, I added debug logging to the current production
branch of Scribunto[2] to see if there are any cases where
Scribunto_LuaSandboxCallback::frameExists('current') is false. As I
write this commit message, the logging code has been active for 24H and
there have not been any occurrences.
[1]: https://performance.wikimedia.org/arclamp/svgs/daily/2021-03-16.excimer-wall.all.reversed.svgz
[2]: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/672836
Change-Id: I1902b711c9a442a5a42745a582a6a9ff988a355f
Remove using of User::getDefaultOption since this method will be hard-deprecated. Now it is soft-deprecated
Bug: T276035
Change-Id: I34a9ece7ee25c8fa85849c9dc8d6634cde53cfe5
The replacement, Parser::getStripState(), was added to MediaWiki in
1.34.
The extension.json for this extension already requires MW >= 1.35.
Bug: T275160
Change-Id: I062ac8b69756a7ad35d8cc744b4735fd2e70f13e
These new error messages were referring to formatDate instead of
formatNum.
Change-Id: Ic20a5a5515ee55d46087449627138cc779909ec3
Follow-up: Ib7706ad40f7ee2da6ab7c6b2dab6ae8d129dab52
Bug: T268758
The core formatNum method only works on strings which pass `is_numeric`,
not NaN and +/- infinity.
Bug: T267587
Change-Id: Ib7706ad40f7ee2da6ab7c6b2dab6ae8d129dab52
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.ObjectTypeHintParam
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPrivate
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationProtected
* MediaWiki.Commenting.PropertyDocumentation.MissingDocumentationPublic
* MediaWiki.Commenting.PropertyDocumentation.WrongStyle
Additional changes:
* Added the `wikimedia/mediawiki` profile in .eslintrc.json (T262222).
* Added the `wikimedia/jquery` profile in .eslintrc.json (T262222).
* Removed global `$`, included in the `wikimedia/jquery` profile (T262222).
* Removed global `mw`, included via `wikimedia/mediawiki` profile (T262222).
* Dropped the emtpy global definition in .eslintrc.json.
Change-Id: Ib0acbf92bcb8327ecd065db5db1083d7b222976c
Most of this function deals with values for the single
scribunto-limitreport-profile key, where $value is an array of
strings. Phan's security check plugin was getting confused because
*in general* the $value passed to a ParserLimitReportFormat hook can
be almost anything.
Change-Id: I0ef5ef71f00a92bd5db0df340725c88595fcb0c6
Avoids using the deprecated $noSeparators parameter to Language::formatNum
in favor of Language::formatNumNoSeparators, which has been around since
MW 1.21.
Change-Id: If3de5645a92514f605d4117fea3a820ed6c86624
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.
Change-Id: I83fff3a5ff566790bc051d7bfffe7f3b124d3de7
wfDebug() required a newline in the message. That is no need with
wfDebugLog() or with our PSR-3 logging interface.
Bug: T228848
Change-Id: Ieb3de1ab59174ec0e1301e42bccee6cebce8749f
This triggers a needed reparse when a new page is created using a module
that accesses the page ID.
Bug: T237746
Change-Id: I5564c2e896dd2a025c5a886ca478c377fac83e74
Clear up a bunch of phpcs ignores by documenting many methods.
Also remove Scribunto_LuaError::setLineMap(), which has apparently never
been used since it was added in Ia51f439e.
Change-Id: I763bcdbc7edbbb8e4600495a03acca3439fc0ec9
This is getting close to the point of "don't do that, just wrap the
built-in". But since it's a regression in a recent patch, let's restore
the old behavior here.
Bug: T236092
Change-Id: Ieddc23d942bc91fd0246ae14d8a4af7719e3834f
When an #invoke is passed as an argument to another #invoke,
mw.getCurrentFrame() at module scope will return the wrong frame.
On the PHP side, we need to always reset the frame when processing
an #invoke, not just when there's no frame already. I don't remember why
I82dde43e wasn't done that way, but changing it doesn't make any tests
fail and Scribunto tends to have good tests.
On the Lua side, we need to do the same. The logic wih mw.getCurrentFrame()
using a global that gets stored, modified, and reset in several places
was getting confusing, so this patch reworks the logic to inject a
globalless mw.getCurrentFrame() into each #invoke's cloned environment
instead.
Bug: T234368
Change-Id: I8cb5bc4dc14c9b448c9f267e0539daa75e72af4c
GenderCache::singleton is deprecated since 1.28
The service exists since 1.28, this extensions required 1.31
Change-Id: I3925f9ac2facc59cf37c82e16284e53c61abbc6e
This reverts commit 0cfb5422dc.
Reason for revert: Not needed anymore and actually causing phan to fail on master
Change-Id: I2705489f9247e0d6741aaa04fe9c9800bcbda914
\BagOStuff::makeKey() and \BagOStuff::makeGlobalKey() can take
any number of arguments but phan gives out PhanParamTooMany
and this breaks master avoiding anything to be merged
Change-Id: I4b313606e03565182552d9c581feccabaa408022
These allows for some chance of avoiding extra save parses.
Also add wfDebug() call to mention the vary-* flag.
Bug: T226432
Depends-on: Idcd30a3fa3f7012dac76ce8bbf46625453ae331f
Change-Id: Id3bc207382aac90bd63df2d83d6334aae9b2477d
Ideally we'd just have composer.json require UtfNormal so we'd know
where it is and have an autoloader to load it for us, but that seems to
not be done in the world of MediaWiki extensions.
Previously we had been taking paths to the two data files from UtfNormal
and loading them into a stub class, but phan has started complaining
about the definition of the stub class colliding with the real UtfNormal.
So let's try loading the real UtfNormal\Validator and its data files.
Hopefully this continues to not try to pull in any other files via the
nonexistent autoloader.
Change-Id: I93baf20f0eef1892685e272793b4f99236e8c905
RFC 3986 allows IPv6 literals (and future IP versions) by having the
"host" enclosed in brackets, like `http://[2001:db8::]`. mw.uri should
handle these appropriately.
Bug: T223267
Change-Id: I6f712b87bc376cf606c6c2ebbe80176037d6dddb
Classes derived from TextContent support the getText method. The previously called method getNativeData is going to be deprecated.
Bug: T155582
Change-Id: I550d2ecf2c4b71da17258af0c2306c1ca49806d3
If TemplateStyles installed, then enable it in the Module namespace
by default. This change is analogous to I96d9601ff80c2d3eb052c01.
Since both extensions use the ContentHandlerDefaultModelFor hook, Scribunto
will check if the sanitized-css model has already been set, and if so, not
override it. If the page is in NS_MODULE, it will set the content model to
Scribunto, but allow further hooks to override it, in which case it is
expected that TemplateStyles would set it to sanitized-css.
Bug: T200914
Depends-On: I2fa9b822ee39bcc5f95a293c8c4aad4d53ede30a
Change-Id: I7a9b445accde35e4a5e7d13100c646f211d21afe
For whenever anyone else has to recompile the binaries, it's easier if
the patch file is in git.
I copied it directly out of T72541, and verified with:
patch -p1 < ../CVE-2014-5461.patch
in the lua5.1 source tree.
Change-Id: I714a9d55096d9b5d081cd3e54f3b2e6848dcafef
In the rare case where someone needs to test the module with
Special:ApiSandbox, it's helpful if these fields show up as <textarea>
rather than <input type="text">
Change-Id: I712d2f74bccd5ceee608dbf51e28b16dc7ed56be
It's easily possible for Lua to raise errors where the string is not
valid UTF-8. When we turn that into a Scribunto_LuaError, we should
normalize it so other things don't break.
Bug: T208689
Change-Id: Idc5514261e99d64222b86877dd0500d425a26988
No need to display three decimal points for the
given cpu limit all the time.
Will change outputs like:
"1.728/10.000 seconds"
to
"1.728/10 seconds"
Change-Id: Ib1f5b435825232eaf9fde7ff0d953c137c06ac32
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.
This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.
Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
This patch updates the scribunto extension so all old http links
to wikimedia are now https.
Bug: T189687
Change-Id: I3f030063e7c6277abd3b0458eaf4b973145afed2
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design
The last remaining phan-taint-check warning is due to a bug
in the plugin.
Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
The $options parameter to ScribuntoContent::fillParserOutput() is
typehinted as `ParserOptions` and is not nullable, so the code path for
`!$options` will never be reached.
Also fix the @param doc to match.
Bug: T194263
Change-Id: I254a583b7f7ddd1797aa40f0ddfb973161185a49
The following sniffs are failing and were disabled:
* MediaWiki.Usage.ForbiddenFunctions.popen
* MediaWiki.Usage.ForbiddenFunctions.proc_open
* MediaWiki.Usage.ForbiddenFunctions.shell_exec
Change-Id: I39e352194565a5526c1a8a34992c028fb305b03b
