User::isBlocked() by default reads from the replicas;
PermissionManager::isBlockedFrom() reads from master by default. The
'thank' link is not critical so it should be read from the replicas.
Bug: T231617
Change-Id: I262ed63df82e97862a8dfc8da49fc09465ac8507
This prevents users from accessing information about the actor
by abusing uselang=qqx and the thank button.
Bug: T224240
Change-Id: I3f42d56874776cfa0c9d364217f43253efc14782
Only prohibit users from using Thanks if they are blocked from the
associated page. This allows partially blocked users to use thanks
most of the time.
It also allows blocked users to thank on their own talk page, if
they are allowed to edit it, even if they are sitewide blocked.
Bug: T221371
Change-Id: Ic99ec38ea200e806963951b2dd67e56ecde63752
Added two new tests: thanked cookie and gets user gender. First uses jQuery cookies and second uses Sinon fake server
Bug: T160267
Change-Id: I8f5dad9c90e930d557e86acb4b175ec549849e7a
Several links that link to mediawiki.org still use
"http" protocol which isn't a safe protocol. This commit
changes http links that link to mediawiki.org to use
"https" protocol instead.
Bug: T189687
Change-Id: Ibb5f019e21f5d6ca0b4c40138dab22ae43e9004b
We were manually checking for the 'bot' group, but MW core has a method
for this that's more comprehensive.
Bug: T205224
Change-Id: Idce475ce10a21c5593d366470eede7d8dd1f6dfe
Modify the revision continuity check to be
resilient for pages with discontinuous histories
while still catching diff that span multiple
revisions.
Bug: T186470
Change-Id: If9614f6e3e278367530e9a4f5054ac370d1c0699
Thanks for logs are created with 'logid' extra param. Param 'id' was
never used and was added accidentally.
Bug: T192041
Change-Id: I1f7e0d53c674509200fc8c704f99fd3d8197636b
This extension is useless without Echo, and the API modules already
disable themselves if it's not installed. Just absolutely require Echo
to be installed.
Change-Id: I653eea78668bfe0875bc5a33e2d45607106d4ee5
The $oldRev could be null, but when set the null in argument list,
it is an optional parameter and the following argument $user must be
optional too. That is not needed here.
Change-Id: Ia7c1c44b29b191dc602513e07b90d3e2415d3a5d
Only log entries that were associated with revisions were
being thanked. This adds other log entries (if they're of
a whitelisted type still).
Bug: T187485
Change-Id: I9c644590b52bce9b04c7c655dd197c1b78a83777
Many log entries are associated to (exactly one) revision,
and for these (only, and only where the log type is
whitelisted) we add a thank-link that behaves exactly
as the thank-link on diff and history pages.
Bug: T189752
Change-Id: I5f4e84c65d4fe2d95b20cdb3c3f9522ad3e5f422
Many log entries are associated to (exactly one) revision,
and for these (only, and only where the log type is
whitelisted) we add a thank-link that behaves exactly
as the thank-link on diff and history pages.
Bug: T186763
Change-Id: I2af380d5cb06f19ef9eb5b232d95ad87379b5d9b
Originally introduced in b84eedc74e, it was reverted for security concerns.
New changes:
* Instead of bundling the log summary with notification, load it on display
* If the log event has been suppressed after the thanks for it has been sent,
silently delete the event to prevent the confusion of linking to something
zapped.
* Keep the 'already sent' cache key compatible with old format
* Validate the log id in the API
* Change ApiCoreThank::getRevisionFromParams() to ApiCoreThank::getRevisionFromId()
Bug: T186855
Bug: T188791
Depends-On: Ic5e9db0def857d9dcecbd06bf081c8c83712c1ea
Change-Id: I03aea7d9f4dfa0fe49639c53968deabf89999d2d
Add a 'log' API parameter (for the log ID to thank), and add
a whitelist config variable for specifying which log types are
thankable.
Bug: T186855
Change-Id: I58ae90c9729c0066f952e90fca2cf99b029d0d9b