Commit graph

70 commits

Author SHA1 Message Date
Kunal Mehta f308135df3 Use PHP 7's ?? syntax
Change-Id: I768782b8acbc1776e29886d330358553675e272b
2019-03-20 21:16:08 -07:00
Kunal Mehta 237d059ea1 Add lua5.1 patch for CVE-2014-5461
For whenever anyone else has to recompile the binaries, it's easier if
the patch file is in git.

I copied it directly out of T72541, and verified with:
 patch -p1 < ../CVE-2014-5461.patch
in the lua5.1 source tree.

Change-Id: I714a9d55096d9b5d081cd3e54f3b2e6848dcafef
2019-01-08 21:33:47 -08:00
Brad Jorsch ec103b6966 Scribunto_LuaError: Make ->getMessage() return UTF-8 text
It's easily possible for Lua to raise errors where the string is not
valid UTF-8. When we turn that into a Scribunto_LuaError, we should
normalize it so other things don't break.

Bug: T208689
Change-Id: Idc5514261e99d64222b86877dd0500d425a26988
2018-12-11 14:46:56 -05:00
Marius Hoch 8dbde85b69 Parser profiling data: Nicer float format
No need to display three decimal points for the
given cpu limit all the time.

Will change outputs like:
"1.728/10.000 seconds"
to
"1.728/10 seconds"

Change-Id: Ib1f5b435825232eaf9fde7ff0d953c137c06ac32
2018-12-10 15:39:56 +00:00
Marius Hoch ab15dfe4ff Make sure interface functions with the same name don't clash
Test case (greatly simplified) by Anomie.

Bug: T211203
Change-Id: Id05c226b80343b1c333ae622d7390a96ff88ea99
2018-12-06 08:15:43 +01:00
Umherirrender 55bd9d22bb Add method scope visibility
Change-Id: I2efe0f71266d70e9a41e044406d82ef7daa31296
2018-11-19 21:18:12 +00:00
Brad Jorsch 18c08c23fc ustring: Match undocumented string.gsub behavior
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.

This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.

Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
2018-11-01 03:59:35 +00:00
libraryupgrader 8b489ca160 build: Updating mediawiki/mediawiki-codesniffer to 22.0.0
And updating CoC link to use Special:MyLanguage (T202047).

Change-Id: I091003f69b82c7cacc4cda320a38b1b07f3cdb6b
2018-09-03 21:33:35 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
jenkins-bot ea0c6d614d Merge "Get rid of call_user_func_array()" 2018-07-04 03:58:20 +00:00
Max Semenik eb8ccf03db Get rid of call_user_func_array()
Yay PHP7!

Change-Id: I777ed78d22efbddacaab22c4614a0defa6ad3f94
2018-07-03 19:40:19 -07:00
Kunal Mehta df7666aab6 Don't use deprecated Interwiki static method
Change-Id: If6d8681c84be4820724468f92c6f3cdb65a11736
2018-06-07 11:40:08 -07:00
libraryupgrader c88d231aed build: Updating mediawiki/mediawiki-codesniffer to 20.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Usage.ForbiddenFunctions.popen
* MediaWiki.Usage.ForbiddenFunctions.proc_open
* MediaWiki.Usage.ForbiddenFunctions.shell_exec

Change-Id: I39e352194565a5526c1a8a34992c028fb305b03b
2018-05-26 06:18:46 +00:00
Kunal Mehta f76ba3c465 Disable Squiz.Classes.ValidClassName.NotCamelCaps globally
Instead of per-file. This happens to also fix a false positive with the
PhpunitAnnotations sniff.

Change-Id: I22621c37217ed2db9d8b3591df1a1421c25fa7f6
2018-05-24 22:26:11 -07:00
Brad Jorsch 32718af677 ustring: Handle invalid types in gsub
If the replacement table or function results in a value that isn't a
string or number (or nil), string.gsub raises an error. Have ustring
raise the same error.

Bug: T195326
Change-Id: Ic36f9f5d7adc0c14e7a4a94d3747335107acd8b6
2018-05-22 18:55:49 -04:00
Kunal Mehta d245edbb94 Add phan configuration
Manually import LuaSandbox's git repository as a composer dependency to
provide the PHP stubs for phan.

Change-Id: I6226b9211f31d829da5a2775c6f5cf3599dd8ebc
2018-05-14 18:41:59 -07:00
Reedy 73f21a1155 Update at-ease calls
Bug: T187037
Change-Id: I9b681cf900a3aaf1be3e688d12e3e83f44bff91b
2018-04-18 14:31:04 +00:00
Brad Jorsch 6be48e2f7a Update ustring data tables
normalization-data.lua is updated to Unicode 8.0.0 (libicu57).

charsets.lua is updated to match the character classes used by PCRE 8.35,
which seems to be Unicode 6.3.0.

upper.lua and lower.lua are still based on whatever ancient version of
Unicode is used by mb_strtoupper and mb_strtolower in HHVM 3.18.6.

Bug: T177498
Change-Id: I00b471176e1fd21123c22d187ff222928819e459
2018-04-16 00:09:59 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00