Commit graph

93 commits

Author SHA1 Message Date
Bartosz Dziewoński 07ed2531f2 SECURITY: Act like users don't exist if hidden from viewer (VE edit notices)
Applying the changes from the MediaWiki core patch for T120883
(Ife272a0eb1f3322bc8eb30ca803bd21801acba3e) to our duplicated
code implementing the same functionality.

Bug: T270453
Change-Id: I1b2de322aa0c69eb6d3b3ffadaed3fbaa3a58bca
2021-04-08 20:36:49 +01:00
jenkins-bot e358865765 Merge "Replace uses of Revision constants" 2020-07-03 04:18:58 +00:00
Ed Sanders 3ec5e04a37 NWE: Pre-populate editor when editing system messages
This is the same behaviour as EditPage.php

Bug: T256999
Change-Id: Id33161982742c16222ba5d58d2e800ab04dccca2
2020-07-03 04:21:18 +02:00
DannyS712 5fb5bc3060 Replace uses of Revision constants
Bug: T257010
Change-Id: I20c7737d0d00b3f47c2781c1c968db6a74a68ad3
2020-07-03 00:40:59 +00:00
Bartosz Dziewoński c73953a5f7 Fix switching to visual with changes in non-RESTBase mode
Bug: T253467
Change-Id: I02a524a539530f1907f276ef80b666dd446ae6b3
2020-06-29 16:23:02 +00:00
Ed Sanders 703fbaa6a2 Factor out revision fetching and validation logic to ApiParsoidTrait
Change-Id: I7707b419afac2c11d7d0ca91a597ffc68e5e3fe4
2020-06-26 14:44:47 +02:00
Bartosz Dziewoński 1b86093b70 api: Specify PARAM_TYPE => 'text' for multi-line text parameters
This allows Special:ApiSandbox to display multi-line text boxes for
them, which makes testing the API easier.

Change-Id: I10541a8e9033d81740033da80d842f58d1d3e0de
2020-06-10 21:23:13 +02:00
jenkins-bot a28a263192 Merge "Drop linting from the VE API" 2020-06-04 17:12:54 +00:00
Ed Sanders f01d4ab35d Drop linting from the VE API
Calling the linter is very slow as the result is not
cached. Extensions needing this (DiscussionTools) should
just call the Linter extension API directly.

Bug: T253799
Change-Id: I994b52ca70c29a32900741a36087f10144396720
2020-06-04 18:51:38 +02:00
jenkins-bot c65b311ecb Merge "Tweaks in API code per code review" 2020-06-03 10:40:14 +00:00
Umherirrender 742d91fe37 Parse messages in string context
The current default for Message::__toString() is to parse, so this
keeps that behaviour unchanged.

Change-Id: I528a60c1d9c0f8c1596a15e06a764200a2b2565f
2020-05-24 14:46:40 +02:00
Bartosz Dziewoński 63638e380d Tweaks in API code per code review
Follow-up to If5c8d95560cbb078ae4980f4a912cbaeafe53d3e.

Change-Id: Iff72b5b21c0f5ce6a45cc48d6a8fc060159d7d23
2020-05-19 19:56:56 +02:00
Bartosz Dziewoński 0528f806fa Extract Parsoid/RESTBase stuff out of our API code
Goals:
* Allow other extensions to reuse these methods (maybe upstream them
  to MediaWiki core later)
* Allow ApiVisualEditorEdit to extend ApiEditPage. We'll be able to
  reuse its definitions for API parameters instead of duplicating
  them, and we won't have to pass around unrecognized parameters.

Bug: T252573
Change-Id: If5c8d95560cbb078ae4980f4a912cbaeafe53d3e
2020-05-12 21:17:29 +02:00
Bartosz Dziewoński d92e600d58 Simplify API modules setup
We go through all this trouble to pass the config to the API modules,
and then we don't use it at all (we removed the uses recently in
ce094c72d and d85d30f9b).

If we end up needing the config there again, we can just get it by using
MediaWikiServices::getInstance()->getConfigFactory()->makeConfig( 'visualeditor' )
anywhere we want, like we do all over the place in VisualEditorHooks.

Change-Id: I9d254a9946f0d24783baf68c409b10291a8fd1b3
2020-05-12 18:53:31 +02:00
Bartosz Dziewoński ae86f7290b ApiVisualEditor: Add option to return lint errors from Parsoid
Depends-On: I6bbe2fc5aea07c65eb99768f2c44ed42601792a3
Depends-On: I6bdf5635763ef8a44d44a031c64cd7f289261a32
Change-Id: I723ec766d1244d117f8d624440026fe5af0d3403
2020-04-21 22:49:29 +02:00
C. Scott Ananian ce094c72d4 Remove X-Parsoid-Variant configuration value, which is no longer needed
Reverts Ib1403638b12ec5808f6b81bd114949043aa9ac2e.

Bug: T229074
Change-Id: I9bbc02821d5ee82c9944516ab07d3cb380d2f3a8
2020-03-11 13:24:43 -04:00
jenkins-bot 248f1ea5e4 Merge "Pass a user when creating a new ParserOptions" 2020-03-04 08:12:02 +00:00
DannyS712 0dca373c62 Pass a user when creating a new ParserOptions
Bug: T246861
Change-Id: Idaed22f2b4c1a43be97b48a7718cb5a35a58edd1
2020-03-04 04:57:45 +00:00
Petr Pchelko 543d436d79 Remove usage of deprecated Revision::newRevisionFromTitle
Bug: T246284
Change-Id: I3ba2de7bda3bdc228cb4136d0190c43188b9b185
2020-03-03 20:16:43 -08:00
jenkins-bot 6cd05e686d Merge "Don't display duplicate protection notices when user can't edit" 2020-02-03 17:33:39 +00:00
Bartosz Dziewoński ba3f222e42 Don't display duplicate protection notices when user can't edit
In the core MediaWiki editor, the detailed messages about page
protection are only shown when the user is allowed to edit the page;
otherwise, a generic permission error is shown. Do the same here.

Change-Id: Ia0ca52b9bf556354218b2aa91f141b429b0c5880
2020-01-31 14:55:32 -08:00
Thalia cbf259a6ed ApiVisualEditor: Replace calls to deprecated Title methods
Replace Title::userCan with PermissionManager::userCan.

Replace Title::getUserPermissionsErrors with
PermissionManager::getPermissionErrors.

Change-Id: I1afec4ba62185c3cd555a10ae35cef01b7194221
2020-01-29 20:58:19 -08:00
jenkins-bot 4c8c0e0253 Merge "ApiVisualEditor: Refactor edit notice code" 2020-01-29 21:46:00 +00:00
jenkins-bot 430d890cfb Merge "Pass the "count" parameter to 'cascadeprotectedwarning'" 2020-01-29 21:45:34 +00:00
jenkins-bot c72e3fbd48 Merge "Display log entry underneath 'titleprotectedwarning'" 2020-01-29 21:30:11 +00:00
libraryupgrader 1baeb9ef0c build: Updating composer dependencies
* mediawiki/minus-x: 0.3.2 → 1.0.0
* mediawiki/mediawiki-phan-config: 0.9.0 → 0.9.1

Change-Id: Ibf55f382c586603967da0086f86bfe4924e7cf96
2020-01-26 18:27:39 +00:00
Bartosz Dziewoński a9066989f2 ApiVisualEditor: Refactor edit notice code
* Query permission errors for 'edit' and 'create' in the same way,
  and consistently with how MediaWiki core EditPage does it.

* Prefer using Title::getUserPermissionsErrors() instead of custom
  code for user blocks. The result is the same, except for an extra
  line like "You do not have permission to edit this page, for the
  following reason:".

  Note that this loses the 'type' => 'block' property on each notice,
  which was previously used to track when a block notice was shown.
  This was however removed in 96de1353d3,
  and could probably be re-implemented by using the root 'blockinfo'
  property anyway.

* When Title::getUserPermissionsErrors() returns multiple messages
  (for example, you're blocked *and* the page is protected),
  display them all in a list instead of only the first one, using
  OutputPage::formatPermissionsErrorMessage().

  That method returns wikitext, which we have to parse ourselves. This
  is a bit silly, but I found this approach in SpecialChangeContentModel
  in MediaWiki core, so it should be fine.

Change-Id: Ifaf95d8aab836e45665b1fbdf98dd1980a867d8c
2020-01-17 01:18:46 +01:00
Bartosz Dziewoński ac36b242c3 Pass the "count" parameter to 'cascadeprotectedwarning'
It will now correctly say "page" instead of "pages" when there is just one.

Change-Id: I7be6368da977a7eeba976ca63134efce3db1e01a
2020-01-17 01:17:30 +01:00
Bartosz Dziewoński 18c899374b Display log entry underneath 'titleprotectedwarning'
The message ends with "The latest log entry is provided below for
reference:", but we were not providing it. Use the same code as
'protectedpagewarning' and 'semiprotectedpagewarning', which behave
the same.

Change-Id: Ibe5463aa3d93cd1d6d6e3c0b9da82bfa2c813f86
2020-01-17 01:08:12 +01:00
jenkins-bot 523e9379c2 Merge "ApiVisualEditor.php: Add notices also when not blocked" 2020-01-16 23:29:36 +00:00
Umherirrender a7497703a7 Fix new documentation sniffs
Change-Id: If9fc2d1d29aefdcb61a5f69c28f7d50c86b3ac4a
2020-01-10 16:28:16 -08:00
libraryupgrader 6afa14fe4d build: Updating mediawiki/mediawiki-codesniffer to 29.0.0
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate
* MediaWiki.Commenting.FunctionComment.MissingParamName
* MediaWiki.Commenting.FunctionComment.MissingParamTag

Change-Id: If59d450236a7d1afa3c6a05536abea819535f984
2020-01-10 17:51:43 +00:00
James D. Forrester 2c77e88d2c doc: Bump copyright year for 2020
Change-Id: I30539877543dc2a57bd1428a00d10ac46d8fc294
2020-01-08 09:13:24 -08:00
lens0021 a01f28c8a3
ApiVisualEditor.php: Add notices also when not blocked
Bug: T241693
Change-Id: I2c4355f7a2398b742d635f1de0cf87d4ec527cb3
2020-01-06 17:41:17 +09:00
jenkins-bot 0d0ef6071f Merge "Remove an unused piece of code from ApiVisualEditor" 2019-12-18 10:30:22 +00:00
Thiemo Kreuz 8e4dc67ec7 Fix unchecked array access in ApiVisualEditor
I'm not sure if this qualifies as an actual fix. I don't really know
what this code is supposed to do. Maybe the bad array access is a hint
for a completely different error somewhere else. All this patch really
does is silencing the bad array access.

This line of code was introduced with I1b35b28 in May already. Why does
it start failing now?

Bug: T240961
Change-Id: I5ec2dc453e5d8db5d2f9e49058eda001ed021d3d
2019-12-18 08:22:25 +01:00
Thiemo Kreuz 0f4918e3e3 Remove an unused piece of code from ApiVisualEditor
Change-Id: I5ca2ad9df0decfada199d44366de8efc9f2b26ac
2019-12-18 08:17:01 +01:00
libraryupgrader c8de97fcd2 build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Change-Id: Iaaea284190aa9306177b3ee945a75da631a89b93
2019-12-16 10:11:47 +00:00
David Lynch 46e7b3ba19 Config value for X-Parsoid-Variant
Bug: T229074
Change-Id: Ib1403638b12ec5808f6b81bd114949043aa9ac2e
2019-11-05 10:56:10 -06:00
James D. Forrester 2479f5c7f8 Drop use of wgParser, replaced in 1.32 and to be removed in 1.35
Bug: T160811
Change-Id: Id7332a19d64d83bcbccfd3ac89464dfea593cdc2
2019-10-28 20:10:14 +00:00
Bartosz Dziewoński f31bcc219f ApiVisualEditor: Fix preload handling further
Follow-up to 57ad605dc4.

Pass parameters like when switching from wikitext editor:
* bodyOnly=false
* stash=true

Bug: T233320
Change-Id: Ied2d9a48e884e033ef9d41b2da9cfa3599784ae0
2019-10-28 13:42:00 +01:00
Bartosz Dziewoński 57ad605dc4 ApiVisualEditor: Return 'etag' with 'content' for preloaded content
Previously we were not returning it, so when saving the edit, wikitext
syntax would not be preserved. This was probably not a big problem,
but I noticed it coming up in the logs for T233320.

Now making an edit starting with preloaded content behaves like
switching from wikitext to visual mode, rather than like starting the
edit in visual mode.

Similar to 679e777cfa.

Bug: T233320
Change-Id: Id1ee6877b103fa4274deec11b1b3cacbdcdae606
2019-10-23 22:24:52 +02:00
Bartosz Dziewoński f7ee7dc807 Try using structured logging again
The configuration of Wikimedia wikis should be fixed.

This reverts commit 04407e9eb1
and also makes similar changes to new logging code added in
5d1a67757a.

Bug: T234564
Change-Id: Ic999b050e68b71f5a1737366e16f133e5a557307
2019-10-21 17:04:23 +02:00
Daimona Eaytoy dd1d022c9d build: Bump mediawiki-phan-config to 0.8.0
Change-Id: Iafcf36672189c7729e9936634d95e585ed2247be
2019-10-20 12:27:16 +00:00
Bartosz Dziewoński 5d1a67757a Detect mangled etags from RESTBase and retry via MediaWiki API
Something is causing the 'ETag' headers produced by the "public"
RESTBase (queried directly from the client) to be mangled or lost.
My theory is that some proxy or browser extension is doing that.

When we detect a bad etag when fetching the page contents, discard
the result and try querying the "private" RESTBase via the MediaWiki
API (similar to what we do on private wikis, except there we talk
directly to Parsoid instead of RESTBase). After I463a84de63, that
returns the etag as part of the payload rather than HTTP headers,
and should pass unharmed through whatever is mangling the data.

Also compare and log the two etags.

Bug: T233320
Change-Id: I2ef0ca872597566f74b650aea71bf3f15747a6d7
2019-10-16 19:53:43 +02:00
Bartosz Dziewoński 679e777cfa ApiVisualEditor: Always return 'etag' with 'content'
For consistency, I guess. Also I need this in I2ef0ca8725.

Previously, when querying the HTML content of an existing page, we did
not return the 'etag', on the assumption that anyone who needs it will
instead query RESTBase directly.

Bug: T233320
Change-Id: I463a84de631598243893946ad1d060a9aa0b180e
2019-10-15 18:31:56 +00:00
Bartosz Dziewoński 04407e9eb1 Don't try to use structured data in structured logging, it doesn't work
Our log messages were being silently dropped. Experimentation revealed
that our structured logging system doesn't actually like it when we
try to log structured data.

See: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/540464/3/includes/ApiVisualEditorEdit.php

Put it all in the message strings, whatever.

Change-Id: Iae778f95774df2e24b30387221e39e097e25a4cf
2019-10-02 23:13:40 +02:00
Bartosz Dziewoński 9ce8ae05c7 ApiVisualEditor: Add logging for RESTBase HTTP errors
Bug: T233127
Change-Id: Ide5138d8f8f462b9c3d7da10f26ff57c9d17f1c9
2019-10-02 01:00:32 +02:00
Bartosz Dziewoński c0eb57ed3b Remove Phan suppression for a fixed false positive
Unnecessary suppression causes build failures. Probably fixed by the
EditPage.php changes in e2e543f7c2a98f40c9b43ba3989d0f6689f4cb67.

Change-Id: I2ac7e95886ce6bef2ba08e1614728caae7d26442
2019-09-02 21:50:16 +02:00
Petr Pchelko c0d2d52e95 Remove usages of deprecated MWNamespace.
Bug: T11977
Change-Id: I6da497464a77286d5fd2d30a85e70de85fe1c868
2019-08-26 17:49:52 -07:00