Commit graph

42 commits

Author SHA1 Message Date
libraryupgrader ed10de4929 build: Updating mediawiki/mediawiki-phan-config to 0.12.0
Change-Id: Ib55f8796093b7fcab13069afbb45993de725d26b
2022-10-09 16:11:25 +00:00
Timo Tijhof 994cf917ec Hooks: Remove use of unsafe inDebugMode() from handleTag()
The handleTag() method is used for parsing `<templatestyles>` in
wikitext. The result of that should not vary by unregistered variables
such as ResourceLoader's `debug` parameter, or user cookies, which
seem likely to cause cache poisoning.

Bug: T36738
Change-Id: I85ab7bc694858bc8e7fe2f3cc79197ff4f2d1c38
2022-07-28 02:22:59 +00:00
Reedy c63fc13ff1 Update wikimedia/css-sanitizer to ~4.0.0
Change-Id: Ideac939b475fb95bf33ae8a77e4c2d87e6bcb05a
Depends-On: I5d0d34a8931a22a2c7f31e0da4897be55fdedfc0
2022-07-08 19:59:25 +00:00
libraryupgrader 3c2a967d65 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 38.0.0 → 39.0.0
* mediawiki/mediawiki-phan-config: 0.11.0 → 0.11.1
* php-parallel-lint/php-console-highlighter: 0.5.0 → 1.0.0
* php-parallel-lint/php-parallel-lint: 1.3.1 → 1.3.2

npm:
* eslint-config-wikimedia: 0.20.0 → 0.22.1
* grunt: 1.4.0 → 1.5.2
* grunt-eslint: 23.0.0 → 24.0.0
* async: 3.2.0 → 3.2.3
  * https://github.com/advisories/GHSA-fwr7-v2mv-hh25

Additional changes:
* Set `name` in package.json.

Change-Id: Ibf55736c404151cae62dd890cb49f57e0281d773
2022-05-22 01:19:07 +00:00
Reedy 3b337af58d Namespace extension
Change-Id: I7f64539f1c9c4c03088e28e99f77a9acc503f627
2022-02-06 15:05:09 +00:00
Roman Stolar cacfbe6a4f Override ContentHandler::validateSave instead of Content::prepareSave.
Prepare override for TemplateStylesContentHandler, remove usage in TemplateStylesContent.

Bug: T287159
Depends-On: I7f23e6e97b1c7d27a6aaefdb88b19b2fc6e8b3a8
Change-Id: I4d89a5871c8be9101b356dafe68fcbc0cf69f6ee
2021-11-04 13:51:27 +02:00
Alexander Vorwerk fe485d7c57 Override ContentHandler::fillParserOutput instead of Content::getParserOutput and TextContent::getHtml().
Prepare override for TemplateStylesContentHandler, remove usage in TemplateStylesContent.

Bug: T287158
Change-Id: Ia1c0a307337e43c26cc05a5a9b2883ad2349d07e
2021-10-19 17:09:58 +03:00
Umherirrender 2c5b76c9f5 build: Suppress phan failure
After removable of DeprecationHelper from Parser.php with
I4ff100136a777974f7206f599422589d51f02b88 the __set function is gone,
which indicates phan that undeclared properties are possible

Depends-On: I56397a085226538a8156e0e7a195db463240624c
Change-Id: I1cef45d5b0caff53ee126a55825dc85d8a276b43
2021-10-03 21:13:22 +00:00
Porplemontage cf7225f127 Allow the default source namespace to be changed
This adds a config option so that the src attribute of the <templatestyles> tag can be set to default namespace other than Template.

Bug: T290250
Change-Id: Iec4f5d630d025e0bacba05d40cd74fc9312fcae2
2021-09-05 17:19:33 +00:00
libraryupgrader b2ee2313c3 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: I0105b425acd5e65b15c789015cdc9144a2d4f8f1
2021-05-04 09:54:28 +00:00
Reedy e429d5d1ab Remove deprecated config variables
Bug: T277962
Change-Id: Idc1bd573d892a38a79c5c77917dd1fe1c7653a51
2021-04-19 01:02:32 +01:00
Reedy 57eba81d96 Rename TemplateStylesPropertyBlacklist and TemplateStylesAtRuleBlacklist
* $wgTemplateStylesPropertyBlacklist is now $wgTemplateStylesDisallowedProperties
* $wgTemplateStylesAtRuleBlacklist is now $wgTemplateStylesDisallowedAtRules

Bug: T277962
Change-Id: I2eb120f5c52db1ea9c49bcaf04955771987c1d62
2021-03-21 05:06:51 +00:00
C. Scott Ananian 9b7f131d8e Replace use of Parser::$mStripState, deprecated in 1.35
The replacement, Parser::getStripState(), was added to MediaWiki in
1.34.  This extension already requires MediaWiki >= 1.35.

Bug: T275160
Change-Id: I429da35ca4e276c852b8d6ee102ff19f742c22c0
2021-02-19 17:09:55 -05:00
Reedy 24cb62e044 Update use of css-sanitizer classes for PHP 8.0 compat
Bug: T268862
Depends-On: Ia33f51d54f0e0f51249c999c2bd6a0091aac0b66
Change-Id: I13ad3abe70b693886a79ab37c64f34e0113e9071
2021-01-08 19:03:26 +00:00
Thiemo Kreuz 7af3fcc8e3 Trivialize TemplateStylesHooks::getConfig()
This is cached anyway in the ConfigFactory.

This patch also includes a few very minor cleanups in the
same file.

Change-Id: Iec44dae1d6a69e0f28d62f875a22f30f8b10cf78
2020-11-11 16:44:09 +01:00
Gergő Tisza 53e0377986 Fix type doc for the extra wrapper
A token is a component value, but not all component values are tokens.
Follows up I5dc04611f.

Bug: T258093
Change-Id: I2292a5dbedf1607f9ad25d2b4021a225a202d407
2020-10-19 08:37:08 +00:00
jenkins-bot 8edccc8d4c Merge "Fix wrapper="…" failing for more complex selectors" 2020-10-15 17:03:02 +00:00
Thiemo Kreuz b76898e848 Fix remaining PHPCS warnings about missing PHPDocs
Change-Id: Ic1c638902066dd5bb9333a2607c9ff84093fb4a2
2020-10-15 08:53:57 +02:00
Thiemo Kreuz 1c0687c850 Fix wrapper="…" failing for more complex selectors
For example, <templatestyles wrapper="a[href]" /> fails with an
InvalidArgumentException very late in the process, long after
the actual validation in TemplateStylesHooks::validateExtraWrapper()
was done. This happens because validateExtraWrapper() works on a
proper tree (where the [href] from the example is a nested object),
but flattens this tree in the end via toTokenArray(). This
flattened array ends in StyleRuleSanitizer::doSanitize() where it
is added to a ComponentValueList – which expects a tree.

The only change in this patch is that the object structure is not
flattened any more. That's all.

Bug: T258093
Change-Id: I5dc04611f91fe672da706f31fa8d0c254e3123d3
2020-10-15 06:51:21 +00:00
DannyS712 324dcb3d06 Remove use of Parser::fetchCurrentRevisionOfTitle
Bug: T249384
Change-Id: Ice32a365ef7b85b46cb5a78d6d07a35a21727173
2020-06-03 03:27:35 +00:00
peter-ovchyn 08ce0c613e Remove onParserAfterTidy hood as tidy is dead
Bug: T244055
Change-Id: I7afa31c6a542bfafbd50a55a1e79058074bf4906
2020-02-21 21:59:16 +02:00
libraryupgrader ad916d481c build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
Additional changes:
* Also sorted "composer fix" command to run phpcbf last.

Change-Id: I51df4fe88464b3c166dca3e845958c9b5ea3819f
2020-01-14 12:48:19 +00:00
Umherirrender 2b2fb16fac Fix doc for TemplateStylesHooks->wrappers
It is a array of "Token arrays" or false

Change-Id: I62f4cd76af20eee67a7a4b9449538cddc80f26bd
2019-12-09 19:42:00 +01:00
Umherirrender 3aa0554cd5 Use correct default value for Status::getWikiText
Change-Id: Ib1cca93b5e0e88a837fe8548b251e6af7b5cdec2
2019-12-09 15:40:27 +01:00
Max Semenik c830032d9d Stop passing objects by reference
Bug: T193950
Change-Id: Ic93138c9cf5f120d36692c323c5d509abbc625d5
2019-11-14 21:37:54 -08:00
Umherirrender 6bfed64796 build: Updating mediawiki/mediawiki-phan-config to 0.8.0
Bug: T235049
Change-Id: Ic3e3b4a3b617fc3e82f20f1e2eeab4c7a72686d3
2019-11-06 20:24:26 +01:00
jenkins-bot fce3c1d142 Merge "Avoid using $wgContLang" 2019-05-17 12:09:43 +00:00
Umherirrender 679b3046ba Add phan
Change-Id: Ie1dec630c5f69c617020699049081a494f75b8bd
2019-05-01 16:06:46 +02:00
Max Semenik 7a6d9949e4 Avoid using $wgContLang
Change-Id: I98a60c71f08b8bf210cbcbc6a6e1b0d50c4138db
2019-04-13 18:49:39 +00:00
Umherirrender a2187ec403 Use php null coalesce operator ??
Change-Id: I6d3b2a1bf1510d37bdd36c1b59be3fe54fd8e43a
2019-03-11 22:04:27 +01:00
MGChecker f121c39613 Allow extensions to register additional namespaces in extension.json
Extensions can register additional namespaces by setting the
"TemplateStylesNamespaces" attribte in their extension.json. This change is
analogous to Ia5d34cb78fa6af.

There isn't really a simpler way to do this here, as the config setting uses
namespaces as keys, while the attribute is using them as values. Furthermore,
keys with falsey values are ignored in the config setting, and attributes can't
use the same setting architecture, as array_merge_recursive doesn't maintain
numeric keys.

Bug: T200914
Depends-On: I9e62a02ed2044c847e9ab2dcdfab094001f88986
Change-Id: I2fa9b822ee39bcc5f95a293c8c4aad4d53ede30a
2019-01-12 11:40:58 -08:00
Brad Jorsch f7bf5a4e23 Add "wrapper" attribute to <templatestyles/>
The wrapper attribute may contain an extra CSS simple selector to
include when prefixing. For example, including a template as
<templatestyles src="..." wrapper="div.my-template"/> would transform

 .foo .bar { color:red; }

into

 .mw-parser-output div.my-template .foo .bar{color:red}

This can allow particular templates to opt in to the "styles are scoped
to the template itself" model that was desired by some when
TemplateStyles was being designed; the driving use case in the linked
task is doing so for the benefit of side-by-side comparisons of the
current and sandboxed versions of a template.

Bug: T200441
Change-Id: If49d4c5be31feca95abd21452238fd10ab1916b1
2018-10-17 14:17:59 -04:00
Gergő Tisza 17756c44b2
Hoist selectors for html and body element
Bug: T197617
Depends-On: Iac00198495cf08dec034f45100937df0f6cb1590
Change-Id: I5dd85d12eb77c70c1632974561c4cad8636fad1d
2018-08-24 22:16:17 +02:00
Umherirrender d9b730de44 Add phan-taint-check-plugin
Change-Id: Id410e41889bc6e4920c15c56d507c2f59601ec88
2018-08-19 19:14:00 -07:00
Umherirrender c2083e7455 Avoid variable reuse under same name
It makes the code easier to read when using different variable names

Change-Id: Ia65e8b7ebdc0692e8dac29c605c13092cef9b0ad
2018-08-11 00:16:25 +02:00
Brad Jorsch 435e06e2f5 Replace deprecated ContentHandler::makeParserOptions()
Having a different ParserOptions for each content model isn't feasible
in an MCR world. And the only thing using this was Wikibase, which has
been fixed to do what it needs in a different way.

Bug: T194263
Change-Id: Ia95f3e2c1ea944366ff9a478c3c86f8565023394
Depends-On: I01373b29ee25fa9346c6b0317155be4ccdc8c515
2018-07-11 12:34:25 -04:00
Brad Jorsch d1734fbeb2 Add tracking categories for errors
Two tracking categories are added:
* A category to track stylesheets with errors. While it's usually not
  possible to save a stylesheet with errors, it can happen if a
  server-side change makes formerly-valid CSS become invalid.
* A category to track pages displaying errors from incorrect use of
  the <templatestyles/> tag.

Bug: T195676
Change-Id: I123679d4bffe36cb28aca1688c052470027ea2a8
2018-05-29 14:36:03 -04:00
Kunal Mehta 37fc1df457 Use SPDX 3.0 license identifier
SPDX released version 3 of their license list (<https://spdx.org/licenses/>),
which changed the FSF licenses to explicitly end in -only or -or-later
instead of relying on an easy to miss + symbol.

Bug: T183858
Change-Id: Ic9accb2eb34bc32d455f48dfe81a91d23a2d5f5e
2018-03-03 23:27:16 +00:00
Fomafix c1c8bed584 Add ENT_NOQUOTES to htmlspecialchars
There is no need to encode double quotes in HTML content.

Change-Id: If30adcf9196ecbfdfd1a9e21fa7b1c0bcd0e51d2
2018-02-11 17:22:27 +01:00
Brad Jorsch 164b8861d8 Deduplicate embedded style rules
Use the facility added in core change I055abdf4d to deduplicate the
embedded style rules.

Bug: T168333
Change-Id: I98c6d5ca4b474de8826b19355f15a5230aef5650
Depends-On: I055abdf4d73ec65771eaa4fe0999ec907c831568
2018-02-11 05:50:55 +00:00
Brad Jorsch f99d171c80 Fix coverage
* Fix test for TemplateStylesFontFaceAtRuleSanitizer so it's actually run
* Hack up a broken Sanitizer to test a code path in
  TemplateStylesContent::sanitize() that handles such things.
* Ignore an InvalidArgumentException in TemplateStylesContent::processError()
  that's not worth checking. User input can't hit that, only logic bugs.
* Ignore TemplateStylesHooks::getConfig(), it's tested but gets called
  before PHPUnit starts counting.
* Test TemplateStylesHooksTest::onCodeEditorGetPageLanguage()
* Test $wgTemplateStylesDisable
* Test a back-compat code path in TemplateStylesHooks::handleTag().

Change-Id: I7078e5a353a624aa53fe72de7990b93a77b44cf6
2018-02-05 22:36:58 -05:00
Kunal Mehta 9a1a06b77d Move PHP classes into includes/ directory
Change-Id: Ibc03a6c298ec3bf3bbfa435033095546db6fc5f0
2018-02-05 18:18:01 -08:00