Bump and prep 1.32.6
Change-Id: I4a158bf883194ae9e57d128499c93c2a38913c48
Change-Id: I4a158bf883194ae9e57d128499c93c2a38913c48
SECURITY: Work around PHP bug in parse_url
It gets confused by URLs with a query portion but no path.
Bug: T212067
Change-Id: I15c15161a668115d68eb2e2f8004826b47148fc1
It gets confused by URLs with a query portion but no path.
Bug: T212067
Change-Id: I15c15161a668115d68eb2e2f8004826b47148fc1
Update RELEASE-NOTES
Change-Id: I957fbf04a0afa82287199f52a1d5e958a4cc555b
Change-Id: I957fbf04a0afa82287199f52a1d5e958a4cc555b
media: Log and fail gracefully on invalid EXIF coordinates
The $coord value is a value extracted from the EXIF section of an
image file. We expect it to be a float, but there is no guarantee this
is the case. It could, for example, be an empty string.
I suggest this trivial fix. It does have the following effects:
* Instead of logging a PHP notice when floor() hits something that is
not a number, I try to log something that's more useful for later,
more in-depth debugging. Note this log call isn't necessarily meant
to stay, but to find an even better fix for this issue.
* I return the string as it is. If it's "foo", the user will see "foo"
instead of "0° 0′ 0″ N", which wasn't helpful.
Also note how wrong and misleading the PHPDoc block for this function
was.
Bug: T226751
Change-Id: I1ca98728de4113ee1ae4362bd3e62b425d589388
(cherry picked from commit f6787ede2db29fcc2c1923e23eaa2e9bf86522a1)
The $coord value is a value extracted from the EXIF section of an
image file. We expect it to be a float, but there is no guarantee this
is the case. It could, for example, be an empty string.
I suggest this trivial fix. It does have the following effects:
* Instead of logging a PHP notice when floor() hits something that is
not a number, I try to log something that's more useful for later,
more in-depth debugging. Note this log call isn't necessarily meant
to stay, but to find an even better fix for this issue.
* I return the string as it is. If it's "foo", the user will see "foo"
instead of "0° 0′ 0″ N", which wasn't helpful.
Also note how wrong and misleading the PHPDoc block for this function
was.
Bug: T226751
Change-Id: I1ca98728de4113ee1ae4362bd3e62b425d589388
(cherry picked from commit f6787ede2db29fcc2c1923e23eaa2e9bf86522a1)
Merge "rdbms: Log debug message traces as 'exception.trace' instead of 'trace'" into REL1_32
rdbms: Log debug message traces as 'exception.trace' instead of 'trace'
Code cleanup and hardening (see also: T234014) of Database-related
lib code in MediaWiki core.
Bug: T233342
Change-Id: I3c968f4f5300374253dc80d99596cac50fbeb59e
Code cleanup and hardening (see also: T234014) of Database-related
lib code in MediaWiki core.
Bug: T233342
Change-Id: I3c968f4f5300374253dc80d99596cac50fbeb59e
ApiEditPage: Test for bad redirect targets
Apparently everything downstream assumes callers already handled
interwiki titles.
Bug: T239428
Change-Id: Ie54f366986056c876eade0fcad6c41f70b8b8de8
Apparently everything downstream assumes callers already handled
interwiki titles.
Bug: T239428
Change-Id: Ie54f366986056c876eade0fcad6c41f70b8b8de8
SECURITY: Do not allow user scripts on Special:PasswordReset
Bug: T192134
Change-Id: If5e91452f2e569476626bcf650ba4efaa122952c
Bug: T192134
Change-Id: If5e91452f2e569476626bcf650ba4efaa122952c
Replace deprecated lSize with lLen
lSize is an alias to lLen according to [1]
[1] https://github.com/phpredis/phpredis/blob/9f4ededa4139f0af324aab56773f26be5a9d1783/README.markdown#L2148
Bug: T239734
Change-Id: I5b72fbe61e313511b69e8d2e96c2042742370b85
lSize is an alias to lLen according to [1]
[1] https://github.com/phpredis/phpredis/blob/9f4ededa4139f0af324aab56773f26be5a9d1783/README.markdown#L2148
Bug: T239734
Change-Id: I5b72fbe61e313511b69e8d2e96c2042742370b85
Update RELEASE-NOTES-1.32
Change-Id: Id01bd86ae6dd7a900cb627b850c0dd89e0cbf118
Change-Id: Id01bd86ae6dd7a900cb627b850c0dd89e0cbf118
Mark options as requiring parameters in addSite.php
Bug: T239561
Change-Id: Ibd967da45f32c8ea58b8997f15d26ab06f1e14cb
Bug: T239561
Change-Id: Ibd967da45f32c8ea58b8997f15d26ab06f1e14cb
objectcache: avoid using deprecated phpredis::delete() alias
Bug: T227461
Change-Id: I3ca8bd9160eefff6590228082f030a32d0edb511
(cherry picked from commit f445700ccc6f7f48158ae27d2cd13004675fd431)
Bug: T227461
Change-Id: I3ca8bd9160eefff6590228082f030a32d0edb511
(cherry picked from commit f445700ccc6f7f48158ae27d2cd13004675fd431)
Avoid using deprecated phpredis::delete() alias
Bug: T227461
Change-Id: I5eb2fa42d61e4757b11b6eb909c04dafb40923a1
Bug: T227461
Change-Id: I5eb2fa42d61e4757b11b6eb909c04dafb40923a1
Fix support for HTTP/2 in MultiHttpClient
Under buster, curl uses HTTP/2 (confirmed when running eval):
Buster:
GET xxx HTTP/2
Stretch:
GET xxx HTTP/1.1
The code presumes that it will always be HTTP/1.x.
We fix this by adjusting the regex to match HTTP2.
Bug: T232866
Change-Id: Ibde6036048d5939508df143ec5956abcd0718ad1
Under buster, curl uses HTTP/2 (confirmed when running eval):
Buster:
GET xxx HTTP/2
Stretch:
GET xxx HTTP/1.1
The code presumes that it will always be HTTP/1.x.
We fix this by adjusting the regex to match HTTP2.
Bug: T232866
Change-Id: Ibde6036048d5939508df143ec5956abcd0718ad1
rdbms: Remove references to pg_attrdef.adsrc in Postgres code
PostgreSQL v12 will remove the long-deprecated column
pg_attrdef.adsrc. The supported way to introspect into column
default values is pg_get_expr(adbin, adrelid), which works
back through all versions of PostgreSQL supported by wikimedia.
Changing to the supported method will allow the upcoming v12 of the
database to be used while maintaining compatibility with older
versions, without needing to write version-specific code.
This patch has been tested with maintenance/update.php and
with phpunit in PostgreSQL versions 9.2, 11, and 12dev. It does
not harm the first two, and fixes errors that would otherwise
arise in the dev version. All unit tests which pass under version
11 now pass under 12dev as well.
Change-Id: I874d347fd286b26773113d4f0c6c30d9a4055ad3
(cherry picked from commit 27d342ef4bd31da48b0e10655daf1320e3d00b50)
PostgreSQL v12 will remove the long-deprecated column
pg_attrdef.adsrc. The supported way to introspect into column
default values is pg_get_expr(adbin, adrelid), which works
back through all versions of PostgreSQL supported by wikimedia.
Changing to the supported method will allow the upcoming v12 of the
database to be used while maintaining compatibility with older
versions, without needing to write version-specific code.
This patch has been tested with maintenance/update.php and
with phpunit in PostgreSQL versions 9.2, 11, and 12dev. It does
not harm the first two, and fixes errors that would otherwise
arise in the dev version. All unit tests which pass under version
11 now pass under 12dev as well.
Change-Id: I874d347fd286b26773113d4f0c6c30d9a4055ad3
(cherry picked from commit 27d342ef4bd31da48b0e10655daf1320e3d00b50)
rdbms: Use correct value for 'sslmode' in DatabasePostgres
Fix Postgres support by using ‘sslmode=require' instead of ‘sslmode=1'.
See https://www.postgresql.org/docs/current/static/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
Change-Id: I424b0e3e144bbe9f0a2bde9a3b4a674dde10c729
(cherry picked from commit 2e5d114a99cf162074f92fc390590da44084362d)
Fix Postgres support by using ‘sslmode=require' instead of ‘sslmode=1'.
See https://www.postgresql.org/docs/current/static/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
Change-Id: I424b0e3e144bbe9f0a2bde9a3b4a674dde10c729
(cherry picked from commit 2e5d114a99cf162074f92fc390590da44084362d)
when getting file (img) properties, suppress whines that it's not xml
Imports eventually succeed but the log fills up with stack traces
needlessly.
Bug: T206013
Change-Id: Icb004954272ea8fc6fbc4fd5090cd1310d66946c
(cherry picked from commit c9a05a70433ca420a52dd86eefd4feb4529d7e49)
Imports eventually succeed but the log fills up with stack traces
needlessly.
Bug: T206013
Change-Id: Icb004954272ea8fc6fbc4fd5090cd1310d66946c
(cherry picked from commit c9a05a70433ca420a52dd86eefd4feb4529d7e49)
Update RELEASE-NOTES
Change-Id: I02886fe4a219e3df4aa7cdd0197f00e80d5779c8
Change-Id: I02886fe4a219e3df4aa7cdd0197f00e80d5779c8
Do not insert page titles into querycache.qc_value
querycache.qc_value column is used to store a numeric value related
to the query results, generally a COUNT(*) aggregation or timestamp,
but some query pages insert the page title here after passing it through
PHP's intval() function to parse it into a number.
While this will cause 0 to be inserted for pages whose title is not numeric
(i.e. most titles), a DB error may occur for numeric page titles that exceed
the maximum value for unsigned integers, depending on relevant DB settings,
such as MySQL's strict mode.[1]
This patch changes query pages not to insert page titles into the qc_value
column. Also, it adds the getOrderFields() method to query pages that were
missing them, to ensure that the result set inserted into the querycache
table is correctly ordered by title.
---
[1] https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sql-mode-strict
Bug: T181658
Change-Id: I1ef297257c6f419826ba4ffc6e875389ccec46db
querycache.qc_value column is used to store a numeric value related
to the query results, generally a COUNT(*) aggregation or timestamp,
but some query pages insert the page title here after passing it through
PHP's intval() function to parse it into a number.
While this will cause 0 to be inserted for pages whose title is not numeric
(i.e. most titles), a DB error may occur for numeric page titles that exceed
the maximum value for unsigned integers, depending on relevant DB settings,
such as MySQL's strict mode.[1]
This patch changes query pages not to insert page titles into the qc_value
column. Also, it adds the getOrderFields() method to query pages that were
missing them, to ensure that the result set inserted into the querycache
table is correctly ordered by title.
---
[1] https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sql-mode-strict
Bug: T181658
Change-Id: I1ef297257c6f419826ba4ffc6e875389ccec46db
Fix for ArticleRevisionViewCustom hook in DifferenceEngine.php
Was missing a parameter, which actually made this hook unusable.
Bug: T236628
Change-Id: I6e260cd49f7083f34d4218712edf7d91d2f11ee9
(cherry picked from commit b10d0fa09d52fc6bd3d645fb39175b45973bb54b)
Was missing a parameter, which actually made this hook unusable.
Bug: T236628
Change-Id: I6e260cd49f7083f34d4218712edf7d91d2f11ee9
(cherry picked from commit b10d0fa09d52fc6bd3d645fb39175b45973bb54b)
Update git submodules
* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_32'
to 6df7c0610f64c3c74c777561292242d77133e6d5
- Update README to match pygments version
Bug: T235808
Change-Id: Iea9a1bc566f67507414f7f2a4fdfd89c8433b7fd
Follows-Up: I4dc1782f19881ba1294308e1cdea1b2e063f438a
(cherry picked from commit e286f3be4fada723e8a4cd32db2e56d32397f8d3)
* Update extensions/SyntaxHighlight_GeSHi from branch 'REL1_32'
to 6df7c0610f64c3c74c777561292242d77133e6d5
- Update README to match pygments version
Bug: T235808
Change-Id: Iea9a1bc566f67507414f7f2a4fdfd89c8433b7fd
Follows-Up: I4dc1782f19881ba1294308e1cdea1b2e063f438a
(cherry picked from commit e286f3be4fada723e8a4cd32db2e56d32397f8d3)
Start RELEASE-NOTES for 1.32.6
Change-Id: I3b307fea559db5ceb4cb2d3f0baf43f96bfcefe8
Change-Id: I3b307fea559db5ceb4cb2d3f0baf43f96bfcefe8
Prepare 1.32.5
Change-Id: I27f30b1a77fab8d99a2942c111f20e4b32317d5b
Change-Id: I27f30b1a77fab8d99a2942c111f20e4b32317d5b
Make Installer::parse not be parseAsBlock
Previously all the checkboxes had newlines before their labels
which looked really broken.
Change-Id: I5e17524d90d10867ed27553a90cfb246984486d3
Previously all the checkboxes had newlines before their labels
which looked really broken.
Change-Id: I5e17524d90d10867ed27553a90cfb246984486d3
PermissionManager doesn't exist in 1.33, so we cannot use it in 1.32
Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
backported patches to use User::isAllowed() instead.
Change-Id: Ia73bf71293d67f97fb5086ffc0384307568d4d43
Followup T230402, PermissionManager doesn't exist until 1.33, so fix the
backported patches to use User::isAllowed() instead.
Change-Id: Ia73bf71293d67f97fb5086ffc0384307568d4d43
PopulateContentTables: compute sha1 and length if needed.
PopulateContentTables tries to copy rev_sha1 to content_sha1 and rev_len
to content_size, but when updating directly from on old version of
MediaWiki, these fields may be empty or NULL. To ensure that the content
table gets the correct value, we have to compute them on the fly.
Note that PopulateRevisionSha1 runs *after* the normal database updates.
So even though it was introduced in 1.19, it will run after the schema
updates for 1.32, which include PopulateContentTables. This means that
PopulateContentTables can't rely on rev_sha1 to have been filled in
already. But per I0c22286a16d7b, it also means that PopulateRevisionSha1
can make use of the hash in content_sha1 instead of re-calculating.
Bug: T217831
Bug: T200653
Change-Id: I69e91a812ad5f038562220b02c3634589667cdb6
PopulateContentTables tries to copy rev_sha1 to content_sha1 and rev_len
to content_size, but when updating directly from on old version of
MediaWiki, these fields may be empty or NULL. To ensure that the content
table gets the correct value, we have to compute them on the fly.
Note that PopulateRevisionSha1 runs *after* the normal database updates.
So even though it was introduced in 1.19, it will run after the schema
updates for 1.32, which include PopulateContentTables. This means that
PopulateContentTables can't rely on rev_sha1 to have been filled in
already. But per I0c22286a16d7b, it also means that PopulateRevisionSha1
can make use of the hash in content_sha1 instead of re-calculating.
Bug: T217831
Bug: T200653
Change-Id: I69e91a812ad5f038562220b02c3634589667cdb6
Start RELEASE-NOTES for 1.32.5
Change-Id: I438e23c19b8441529f6d6ee1345f8cdcba914528
Change-Id: I438e23c19b8441529f6d6ee1345f8cdcba914528
Prepare 1.32.4
Change-Id: Ieb20ad2323004d62924ed8d76db904e28d071d4a
Change-Id: Ieb20ad2323004d62924ed8d76db904e28d071d4a
SQLite: Make patch-add-3d.sql a no-op
On a fresh install, update.php will apply patch-add-3d.sql even though
it doesn't need to. But this partially wipes out the new schema from
tables.sql, and the omnibus comment and actor table patched don't detect
this, leading to image, oldimage, and filearchive missing the new
fields.
Since SQLite doesn't actually care about the values in the ENUM type
(it's just an alias for TEXT), let's just make patch-add-3d.sql do
nothing.
Change-Id: I335cb8d9626f535a66b0fe18e051640b22848ef7
On a fresh install, update.php will apply patch-add-3d.sql even though
it doesn't need to. But this partially wipes out the new schema from
tables.sql, and the omnibus comment and actor table patched don't detect
this, leading to image, oldimage, and filearchive missing the new
fields.
Since SQLite doesn't actually care about the values in the ENUM type
(it's just an alias for TEXT), let's just make patch-add-3d.sql do
nothing.
Change-Id: I335cb8d9626f535a66b0fe18e051640b22848ef7
Split down patch-actor-table.sql
Bug: T227662
Change-Id: I024ff1d6f4c2726242138ba7e7f19480d9d2b948
Bug: T227662
Change-Id: I024ff1d6f4c2726242138ba7e7f19480d9d2b948
SQLite: Split actor and comment filearchive updates to a separate file
On a fresh install, update.php will apply patch-editsummary-length.sql
even though it doesn't need to. But this partially wipes out the new schema from
tables.sql, and the omnibus comment and actor table patches don't detect
this, leading to filearchive missing the new fields.
Unlike the case with patch-add-3d.sql in I335cb8d9, here the patch does
make a change (if only a tiny one): fa_deleted_reason changes from TEXT
to BLOB.
Change-Id: I08047ff1207d471660365c0eb3faabc0b47746bb
On a fresh install, update.php will apply patch-editsummary-length.sql
even though it doesn't need to. But this partially wipes out the new schema from
tables.sql, and the omnibus comment and actor table patches don't detect
this, leading to filearchive missing the new fields.
Unlike the case with patch-add-3d.sql in I335cb8d9, here the patch does
make a change (if only a tiny one): fa_deleted_reason changes from TEXT
to BLOB.
Change-Id: I08047ff1207d471660365c0eb3faabc0b47746bb
Split down patch-comment-table.sql
Bug: T227662
Change-Id: I7617616df57f7468d06e9b52426b6851bfef0e7d
Bug: T227662
Change-Id: I7617616df57f7468d06e9b52426b6851bfef0e7d
Update RELEASE-NOTES
Change-Id: Ib5777770cf1a4e3425819fe8166ab2865bad1bbe
Change-Id: Ib5777770cf1a4e3425819fe8166ab2865bad1bbe
dispatchUser() should use a 302 http status code
dispatchUser() in SpecialRedirect.php should use a 302 http
status code instead of a 301 to avoid certain caching issues.
Bug: T231386
Change-Id: Idb0cb21cc81d73bb9f77fc211af9cfd8b4f71e7d
dispatchUser() in SpecialRedirect.php should use a 302 http
status code instead of a 301 to avoid certain caching issues.
Bug: T231386
Change-Id: Idb0cb21cc81d73bb9f77fc211af9cfd8b4f71e7d
Cache redirects from Special:Redirect
People sometimes link these from high traffic places, so it is
important to cache in varnish.
File's with height can change so only cache that for 10 seconds.
Also change from 302 to 301.
Change-Id: I87a60c812cd1aa78a36359090c0cb8390be7183f
(cherry picked from commit f661f3373eb500949b7e421b0df5a955d2904809)
People sometimes link these from high traffic places, so it is
important to cache in varnish.
File's with height can change so only cache that for 10 seconds.
Also change from 302 to 301.
Change-Id: I87a60c812cd1aa78a36359090c0cb8390be7183f
(cherry picked from commit f661f3373eb500949b7e421b0df5a955d2904809)
Improve documentation for the MinimumPasswordLengthToLogin policy
Bug: T233119
Change-Id: I2d0fa6f7116b407cbf62ad93da73d0800c9d14f9
Bug: T233119
Change-Id: I2d0fa6f7116b407cbf62ad93da73d0800c9d14f9
Update RELEASE-NOTES-1.32
Change-Id: If12bb5aed3ea124b95cadd92d169d96a9a1327cc
Change-Id: If12bb5aed3ea124b95cadd92d169d96a9a1327cc
Fix XMP parser errors due to trailing nullchar
JPEG files can have trailing \0 chars at the end of the XMP value. Use
trim() to remove these from the string value.
Bug: T118799
Change-Id: Id4ab223ef432e5d2c0dd3b4e332320db02422700
(cherry picked from commit 9ce26a564d066a33ba7ae2a6502e3d57e7e4d48b)
JPEG files can have trailing \0 chars at the end of the XMP value. Use
trim() to remove these from the string value.
Bug: T118799
Change-Id: Id4ab223ef432e5d2c0dd3b4e332320db02422700
(cherry picked from commit 9ce26a564d066a33ba7ae2a6502e3d57e7e4d48b)
Merge "Remove title protection correctly for undeletions and imports" into REL1_32
Add missing helper for HTTPFileStreamer header syntax
Adds a helper function for transforming an intuitive header array
to the peculiar syntax expected by HTTPFileStreamer and the related
FileRepo/FileBackend streaming methods.
Bug: T230538
Change-Id: Idac9281b0f1b3c93f4ec1d1c3f336db110e5d260
(cherry picked from commit 65648f5523c9d1b772106e16e2adf57870892bc7)
Adds a helper function for transforming an intuitive header array
to the peculiar syntax expected by HTTPFileStreamer and the related
FileRepo/FileBackend streaming methods.
Bug: T230538
Change-Id: Idac9281b0f1b3c93f4ec1d1c3f336db110e5d260
(cherry picked from commit 65648f5523c9d1b772106e16e2adf57870892bc7)
Remove title protection correctly for undeletions and imports
Undeletions and imports can both produce "new" pages with more than
1 revision. The fact that $options['created'] for the associated
DerivedPageDataUpdater instance is unexpectedly changed to false is due
to the fact that the latest revision often has a nonzero rev_parent_id.
This causes WikiPage::onArticleCreate not to be applied correctly, and
so title protection is not correctly removed. The part about "created"
being forced is therefore being fixed.
Bug: T200088
Change-Id: I8c899893486976285eb6fac87d641e93a616676d
(cherry picked from commit 00104e2c0eeb7e713d0945d5b33893dac6e0d250)
Undeletions and imports can both produce "new" pages with more than
1 revision. The fact that $options['created'] for the associated
DerivedPageDataUpdater instance is unexpectedly changed to false is due
to the fact that the latest revision often has a nonzero rev_parent_id.
This causes WikiPage::onArticleCreate not to be applied correctly, and
so title protection is not correctly removed. The part about "created"
being forced is therefore being fixed.
Bug: T200088
Change-Id: I8c899893486976285eb6fac87d641e93a616676d
(cherry picked from commit 00104e2c0eeb7e713d0945d5b33893dac6e0d250)
Merge "MessageCache: Restore 'loadedLanguages' tracking for load()" into REL1_32
Fix typos in MessageCache
Change-Id: I5ede5ad5687144535545248940ca6f676f514900
(cherry picked from commit e96c15a521f743749a4cc370be43365be6b27624)
Change-Id: I5ede5ad5687144535545248940ca6f676f514900
(cherry picked from commit e96c15a521f743749a4cc370be43365be6b27624)
MessageCache: Restore 'loadedLanguages' tracking for load()
This was removed in 97e86d934b3 in 2018 in favour of using
`$this->cache->has($code)`. This is a problem because there
are cases where only a narrow subset of that structure is
populated (by MessageCache->replace) without things like
$this->overridable (or anything else that MessageCache->load does)
having ocurred yet.
The assumption that keys are only added to $this->cache by
MessageCache->load (or after that method has been called) was
actually true at some point. But, this changed in 2017 when
commit c962b480568e optimised MessageCache->replace to not call
MessageCache->load.
Bug: T208897
Change-Id: Ie8bb4a4793675e5f1454e65c427f3100035c8b4d
(cherry picked from commit a5c984cc5978f869516e8a0c4892e8113d1c139f)
This was removed in 97e86d934b3 in 2018 in favour of using
`$this->cache->has($code)`. This is a problem because there
are cases where only a narrow subset of that structure is
populated (by MessageCache->replace) without things like
$this->overridable (or anything else that MessageCache->load does)
having ocurred yet.
The assumption that keys are only added to $this->cache by
MessageCache->load (or after that method has been called) was
actually true at some point. But, this changed in 2017 when
commit c962b480568e optimised MessageCache->replace to not call
MessageCache->load.
Bug: T208897
Change-Id: Ie8bb4a4793675e5f1454e65c427f3100035c8b4d
(cherry picked from commit a5c984cc5978f869516e8a0c4892e8113d1c139f)
SECURITY: Add permission check for suppressed account
Bug: T230402
Change-Id: I6a13859be81e5c746bdf0993eb5416fecdac2306
(cherry picked from commit 4356572546b2b4e8eefda9bf10943ba1b12526b9)
Bug: T230402
Change-Id: I6a13859be81e5c746bdf0993eb5416fecdac2306
(cherry picked from commit 4356572546b2b4e8eefda9bf10943ba1b12526b9)
Add ImgAuthModifyHeaders hook to img_auth.php to modify headers
Change-Id: I3c6fd7b0c39d7fd52c484494233241093d152f88
Change-Id: I3c6fd7b0c39d7fd52c484494233241093d152f88
Update LanguageTrTest::testDottedAndDotlessI for PHP 7.3
PHP 7.3+ uses Unicode CaseFolding.txt for case mappings. For Turkic
languages(tr,az) the dotted i is given as a special case and we need
to implement it specifically for tr and az.
Updated the documentation and refactored the lcfirst and ucfirst methods
to use arrays containing the above mentioned special cases.
Bug: T207100
Change-Id: I317f2ca66b0adeaa79bc0f9e3dea5edfcd5e4693
(cherry picked from commit 27b424066453d59eeceda48a43d51e4915da960d)
PHP 7.3+ uses Unicode CaseFolding.txt for case mappings. For Turkic
languages(tr,az) the dotted i is given as a special case and we need
to implement it specifically for tr and az.
Updated the documentation and refactored the lcfirst and ucfirst methods
to use arrays containing the above mentioned special cases.
Bug: T207100
Change-Id: I317f2ca66b0adeaa79bc0f9e3dea5edfcd5e4693
(cherry picked from commit 27b424066453d59eeceda48a43d51e4915da960d)
Add 1.32.4 section to RELEASE-NOTES
Change-Id: I66908e46cf3fefcd946d49c58a04c1fcc44afacc
Change-Id: I66908e46cf3fefcd946d49c58a04c1fcc44afacc
Prepare 1.32.3
Bug: T227046
Change-Id: Ie271597fff356a4d8efaefde57b048acbeff8e16
Bug: T227046
Change-Id: Ie271597fff356a4d8efaefde57b048acbeff8e16
Add missing RELEASE-NOTES entries
Change-Id: I55f69c01045be8752b396e3acc506e531aa9cc81
Change-Id: I55f69c01045be8752b396e3acc506e531aa9cc81
Fix SQLite patch-(page|template)links-fix-pk.sql column order
Bug: T202211
Change-Id: Ife673b88c23acdc1bfc04630715d18243471035f
Bug: T202211
Change-Id: Ife673b88c23acdc1bfc04630715d18243471035f
Make sure database update succeeds from older database versions too.
Fixes the following error message when updating from an older database.
Renaming index il_from into PRIMARY to table imagelinks ...[7dbf1dd298ecf39128707744] [no req] Wikimedia\Rdbms\DBQueryError from line 1149 of /home/zok/mediawiki-1.30.1/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?
Query: INSERT INTO imagelinks_tmp
SELECT * FROM imagelinks
Function: Wikimedia\Rdbms\Database::sourceFile( /home/zok/mediawiki-1.30.1/maintenance/sqlite/archives/patch-imagelinks-fix-pk.sql )
Error: 19 UNIQUE constraint failed: imagelinks_tmp.il_from, imagelinks_tmp.il_to
Explanation:
the "imagelinks" table used to have two fields: il_from and il_to.
At one point during the development of mediawiki a new field has been
added called il_from_namespace. This new filed is the second column
if the database is created from scratch, however if the database is
updated from an older version then the il_from_namespace column becomes
the 3rd column.
That means that some of the older databases will have the columns in the
following order:
(1) il_from, il_from_namespace, il_to
while some older ones, which have been updated will have the following
order:
(2) il_from, il_to, il_from_namespace
This shouldn't matter much, except the file modified in this commit
copies records from one table to another using the INSERT INTO ... SELECT
command without explicitly listing the column names.
The newly created table has the (1) order, but the source table
might sometimes have the (2) order.
Explicitly listing the column names solves all the issues.
Change-Id: I222b171495d14ae45339c4679e263f0ab610e826
(cherry picked from commit 68c298ed05ef7b5be8099ff272e6dea20d00e42b)
Fixes the following error message when updating from an older database.
Renaming index il_from into PRIMARY to table imagelinks ...[7dbf1dd298ecf39128707744] [no req] Wikimedia\Rdbms\DBQueryError from line 1149 of /home/zok/mediawiki-1.30.1/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?
Query: INSERT INTO imagelinks_tmp
SELECT * FROM imagelinks
Function: Wikimedia\Rdbms\Database::sourceFile( /home/zok/mediawiki-1.30.1/maintenance/sqlite/archives/patch-imagelinks-fix-pk.sql )
Error: 19 UNIQUE constraint failed: imagelinks_tmp.il_from, imagelinks_tmp.il_to
Explanation:
the "imagelinks" table used to have two fields: il_from and il_to.
At one point during the development of mediawiki a new field has been
added called il_from_namespace. This new filed is the second column
if the database is created from scratch, however if the database is
updated from an older version then the il_from_namespace column becomes
the 3rd column.
That means that some of the older databases will have the columns in the
following order:
(1) il_from, il_from_namespace, il_to
while some older ones, which have been updated will have the following
order:
(2) il_from, il_to, il_from_namespace
This shouldn't matter much, except the file modified in this commit
copies records from one table to another using the INSERT INTO ... SELECT
command without explicitly listing the column names.
The newly created table has the (1) order, but the source table
might sometimes have the (2) order.
Explicitly listing the column names solves all the issues.
Change-Id: I222b171495d14ae45339c4679e263f0ab610e826
(cherry picked from commit 68c298ed05ef7b5be8099ff272e6dea20d00e42b)
Remove jetbrains/phpstorm-stubs from composer dev dependancies
Bug: T226766
Change-Id: I8f985996dcc780a8307c4d1ef9a1d6e2b9f1a1d0
Bug: T226766
Change-Id: I8f985996dcc780a8307c4d1ef9a1d6e2b9f1a1d0
installer: Detect APC for MainCacheType in CLI installer
The web installer did this already, but with the CLI installer,
the generated LocalSettings.php always contained the following
hardcoded:
$wgMainCacheType = CACHE_NONE;
Combined with the fact that in WMF CI, the generated local settings
is applied *after* the inclusion of Quibble settings and
DevelopmentSettings, meant that it was not possible to enable
object caching.
For now, make it match the behaviour of the web installer and thus
output $wgMainCacheType = CACHE_ACCELL if we detect a supported
implementation in the PHP runtime.
For later we should probably:
* Make this an option to install.php,
* or, change Quibble to append its overrides, instead of
prepending. So that DevelopmentSettings actually after the
generated LocalSettings.
Bug: T225496
Change-Id: I3f43cd054ce71d0f1b2395302e8ef9ee2f6b01c2
(cherry picked from commit 7e0fb4fff6a247802c2209df48cf9fab8bfb8563)
The web installer did this already, but with the CLI installer,
the generated LocalSettings.php always contained the following
hardcoded:
$wgMainCacheType = CACHE_NONE;
Combined with the fact that in WMF CI, the generated local settings
is applied *after* the inclusion of Quibble settings and
DevelopmentSettings, meant that it was not possible to enable
object caching.
For now, make it match the behaviour of the web installer and thus
output $wgMainCacheType = CACHE_ACCELL if we detect a supported
implementation in the PHP runtime.
For later we should probably:
* Make this an option to install.php,
* or, change Quibble to append its overrides, instead of
prepending. So that DevelopmentSettings actually after the
generated LocalSettings.
Bug: T225496
Change-Id: I3f43cd054ce71d0f1b2395302e8ef9ee2f6b01c2
(cherry picked from commit 7e0fb4fff6a247802c2209df48cf9fab8bfb8563)
Disable rate limiting in Development Settings
Bug: T225796
Change-Id: I2475a04066d4aaefeba372bd223ef68548a8cf18
Bug: T225796
Change-Id: I2475a04066d4aaefeba372bd223ef68548a8cf18
Reduce HashRing test load to avoid several seconds of CPU
Bug: T225719
Change-Id: I358383e99d7950c4747b48583dc8faf00b3deeab
Bug: T225719
Change-Id: I358383e99d7950c4747b48583dc8faf00b3deeab
Installer: Update link to PHP intl away from old PECL package
PHP 5.5 was the last version supported by PECL intl package. Now the
PHP intl extension is used instead.
Bug: T225558
Change-Id: I68cb7a549c899e69da9a8cfea5a69b9acb41e8ae
(cherry picked from commit 7f0f6af2902cb7cf1406df5b8ee8cd12a5a88f1f)
PHP 5.5 was the last version supported by PECL intl package. Now the
PHP intl extension is used instead.
Bug: T225558
Change-Id: I68cb7a549c899e69da9a8cfea5a69b9acb41e8ae
(cherry picked from commit 7f0f6af2902cb7cf1406df5b8ee8cd12a5a88f1f)
1.32.3 RELEASE-NOTES section
Change-Id: Ifc5075502d90b9d7eaa8eafdaf6e467846cc30d1
Change-Id: Ifc5075502d90b9d7eaa8eafdaf6e467846cc30d1
Prepare 1.32.2
Change-Id: I039d32576b4134d8cd8ed0d56bbd5efd197e025d
Change-Id: I039d32576b4134d8cd8ed0d56bbd5efd197e025d
Add RELEASE-NOTES for security patches
Change-Id: If5a939f3b3195913382a2b95d050e43c5a4c538a
Change-Id: If5a939f3b3195913382a2b95d050e43c5a4c538a
SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358
Patch taken from https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
and left in-repo. Note that this will break the foreign resources check,
which is not currently a unit test but was planned to become such soon.
Bug: T221739
Change-Id: I99c2be81c74a8f1d35c421f0ee43c75efb30a7d0
Patch taken from https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
and left in-repo. Note that this will break the foreign resources check,
which is not currently a unit test but was planned to become such soon.
Bug: T221739
Change-Id: I99c2be81c74a8f1d35c421f0ee43c75efb30a7d0
SECURITY: Add permission check for user is permitted to view the log type
Bug: T222038
Change-Id: I92ec2adfd9c514b3be1c07b7d22b9f9722d24a82
Bug: T222038
Change-Id: I92ec2adfd9c514b3be1c07b7d22b9f9722d24a82
SECURITY: Add permission check for user is permitted to view the log type
Bug: T222036
Change-Id: I7584ee8db23a8834bbab21e355cab9857a293f72
Bug: T222036
Change-Id: I7584ee8db23a8834bbab21e355cab9857a293f72
SECURITY: Fix cache mode for (un)patrolled recent changes query
Restricting the list of recent changes to patrolled, not patrolled,
autopatrolled, not autopatrolled, or unpatrolled recent changes requires
special permissions (as does displaying that status in the properties of
returned entries), but we only set the cache mode to private in the
first two cases.
Bug: T212118
Change-Id: I4c3fe6e47f80ebf97fa37875c704328d08772d26
Restricting the list of recent changes to patrolled, not patrolled,
autopatrolled, not autopatrolled, or unpatrolled recent changes requires
special permissions (as does displaying that status in the properties of
returned entries), but we only set the cache mode to private in the
first two cases.
Bug: T212118
Change-Id: I4c3fe6e47f80ebf97fa37875c704328d08772d26
SECURITY: API: Respect $wgBlockCIDRLimit in action=block
$wgBlockCIDRLimit states how large rangeblocks are allowed to be for IPv4
and IPv6. The API now calls SpecialBlock::validateTarget() to perform
that validation step.
As a minor thing, SpecialBlock::checkUnblockSelf() is now called twice by
the API, but that can probably be cleaned up at another time.
Tests included.
Bug: T199540
Change-Id: Ic7d60240d9ebd9580c0eb3b41e4befceab69bd81
$wgBlockCIDRLimit states how large rangeblocks are allowed to be for IPv4
and IPv6. The API now calls SpecialBlock::validateTarget() to perform
that validation step.
As a minor thing, SpecialBlock::checkUnblockSelf() is now called twice by
the API, but that can probably be cleaned up at another time.
Tests included.
Bug: T199540
Change-Id: Ic7d60240d9ebd9580c0eb3b41e4befceab69bd81
SECURITY: rate-limit and prevent blocked users from changing email
This is to counter spam where people use Special:ChangeEmail to
spam people with the confirmation email and using the username
to promote their thing
Bug: T209794
Change-Id: I8b2bd0f60c66f44c91dc78e3512a73e4237df2f3
This is to counter spam where people use Special:ChangeEmail to
spam people with the confirmation email and using the username
to promote their thing
Bug: T209794
Change-Id: I8b2bd0f60c66f44c91dc78e3512a73e4237df2f3
SECURITY: blacklist CSS var()
Bug: T208881
Change-Id: I9a4ced2bc47eb5f96cf35e693bf5261c48acb126
Bug: T208881
Change-Id: I9a4ced2bc47eb5f96cf35e693bf5261c48acb126
SECURITY: Fix reauth in Special:ChangeEmail
Previously you could bypass reauthentication by directly
POSTing to Special:ChangeEmail.
Bug: T197279
Change-Id: I674557351e0e91a8105c12ddf6cd30283aac9f7a
Previously you could bypass reauthentication by directly
POSTing to Special:ChangeEmail.
Bug: T197279
Change-Id: I674557351e0e91a8105c12ddf6cd30283aac9f7a
Merge "Add more missing RELEASE-NOTES" into REL1_32
selenium: wdio-mocha-framework now v0.6.4
Bug: T213268
Bug: T222406
Change-Id: I5935fc5d5bc23978e50275d3c99ac870b3b82f49
Bug: T213268
Bug: T222406
Change-Id: I5935fc5d5bc23978e50275d3c99ac870b3b82f49
Add more missing RELEASE-NOTES
Change-Id: Iae9b73faad389fa78d5163d069a3042c5a45eaf1
Change-Id: Iae9b73faad389fa78d5163d069a3042c5a45eaf1
ExternalStore: Pass external domain to getReadOnlyReason
Be consistent with other paths of code that supply the external domain
id to LoadBalancer instead of defaulting to the wiki's domain.
This was causing the getReadOnlyReason to fail because it tries to
connect to the local wiki database using external storage credentials.
Bug: T200471
Change-Id: Ie73ea931d5c93f967624ee67717f87c2d9a31559
(cherry picked from commit df6100e0cc069451913479483f3773532a60ffae)
(cherry picked from commit 7a485ef6609510e1835b7b68796f04c7435e2cfc)
Be consistent with other paths of code that supply the external domain
id to LoadBalancer instead of defaulting to the wiki's domain.
This was causing the getReadOnlyReason to fail because it tries to
connect to the local wiki database using external storage credentials.
Bug: T200471
Change-Id: Ie73ea931d5c93f967624ee67717f87c2d9a31559
(cherry picked from commit df6100e0cc069451913479483f3773532a60ffae)
(cherry picked from commit 7a485ef6609510e1835b7b68796f04c7435e2cfc)
externalstore: make ExternalStoreDB::getDomainId treat false the same as null
Callers like SqlBlobStore sometimes pass in false for the current wiki
Bug: T200471
Change-Id: I3025c869df07de312471d00a0ab7107c1fa14a90
(cherry picked from commit bbf7fee3ac08952075d85f714340dfde8c1d7b8e)
Callers like SqlBlobStore sometimes pass in false for the current wiki
Bug: T200471
Change-Id: I3025c869df07de312471d00a0ab7107c1fa14a90
(cherry picked from commit bbf7fee3ac08952075d85f714340dfde8c1d7b8e)
Add/update RELEASE-NOTES to match commits
Change-Id: I0418dd73a2a982931607d86edcba8bd86fbc977a
Change-Id: I0418dd73a2a982931607d86edcba8bd86fbc977a
Make config-outdated-sqlite parameter numbers consistent with config-*-old
Bug: T224374
Change-Id: Iebfb8299234cc9c66db0ecc4abd0c0a32af63602
(cherry picked from commit 3681fa5907280a876eca46cc3c857b4ea541d24d)
Bug: T224374
Change-Id: Iebfb8299234cc9c66db0ecc4abd0c0a32af63602
(cherry picked from commit 3681fa5907280a876eca46cc3c857b4ea541d24d)
resourceloader: Use AND instead of OR for upsert conds in saveFileDependencies()
Follows-up e7b57d881a, which changed it from replace() to upsert()
but lost one of the wrapping arrays in doing so.
Previously updated many more rows than expected on Postgresql, when it
should only be updating individual rows, not all rows that match either
criteria.
SQL query before:
WHERE ((md_module = 'jquery.makeCollapsible.styles') OR (md_skin = 'vector|en-gb'))
SQL query after:
WHERE ((md_module = 'jquery.makeCollapsible.styles' AND md_skin = 'vector|en-gb'))
Not a problem on MySQL as upsert() is implemented differently there.
Bug: T222385
Change-Id: If8a458bf4543b297b3a06f31e09c0e77666bf7e6
Follows-up e7b57d881a, which changed it from replace() to upsert()
but lost one of the wrapping arrays in doing so.
Previously updated many more rows than expected on Postgresql, when it
should only be updating individual rows, not all rows that match either
criteria.
SQL query before:
WHERE ((md_module = 'jquery.makeCollapsible.styles') OR (md_skin = 'vector|en-gb'))
SQL query after:
WHERE ((md_module = 'jquery.makeCollapsible.styles' AND md_skin = 'vector|en-gb'))
Not a problem on MySQL as upsert() is implemented differently there.
Bug: T222385
Change-Id: If8a458bf4543b297b3a06f31e09c0e77666bf7e6
Update git submodules
* Update extensions/ConfirmEdit from branch 'REL1_32'
to 198612589290e1d4301e1121bea338d74a9df107
- Do not ignore message parameters
The return value of the getMessage function is intentionally a Message
object (which can have different stuff, be a RawMessage or contain
parameters. Just getting the key of the message, passing it to another
function which just creates a new message out of it, doesn't make sense
and breaks the original intention of the method.
This is now fixed by this change.
Bug: T222590
Change-Id: Id8ebba6b8239e6eee4be698680edcafad6c86cb0
(cherry picked from commit a46515f782d5e446fd908247ec754a27b87cb9af)
* Update extensions/ConfirmEdit from branch 'REL1_32'
to 198612589290e1d4301e1121bea338d74a9df107
- Do not ignore message parameters
The return value of the getMessage function is intentionally a Message
object (which can have different stuff, be a RawMessage or contain
parameters. Just getting the key of the message, passing it to another
function which just creates a new message out of it, doesn't make sense
and breaks the original intention of the method.
This is now fixed by this change.
Bug: T222590
Change-Id: Id8ebba6b8239e6eee4be698680edcafad6c86cb0
(cherry picked from commit a46515f782d5e446fd908247ec754a27b87cb9af)
Remove useless use of current and end
The ConfigRepository is not an Interable (any more), so these functions
don't have any useable effect.
Bug: T221045
Change-Id: I6e5bfd9d922d2838c65d52815590dcad1fe6d284
(cherry picked from commit e2273bcd864c53a5eb0b6d62d5f4890d937527f8)
The ConfigRepository is not an Interable (any more), so these functions
don't have any useable effect.
Bug: T221045
Change-Id: I6e5bfd9d922d2838c65d52815590dcad1fe6d284
(cherry picked from commit e2273bcd864c53a5eb0b6d62d5f4890d937527f8)
Merge "Update cssjanus/cssjanus from 1.2.0 to 1.3.0" into REL1_32
Update git submodules
* Update vendor from branch 'REL1_32'
to 99a0723aa79921409687eed17c2d6cd221eb9bb1
- Update cssjanus/cssjanus from 1.2.0 to 1.3.0
https://github.com/cssjanus/php-cssjanus/releases/tag/v1.3.0
https://github.com/cssjanus/php-cssjanus/compare/v1.2.0...v1.3.0
Change-Id: Id8aba2d9e99671a9c45e02b271dbf290a11228d7
* Update vendor from branch 'REL1_32'
to 99a0723aa79921409687eed17c2d6cd221eb9bb1
- Update cssjanus/cssjanus from 1.2.0 to 1.3.0
https://github.com/cssjanus/php-cssjanus/releases/tag/v1.3.0
https://github.com/cssjanus/php-cssjanus/compare/v1.2.0...v1.3.0
Change-Id: Id8aba2d9e99671a9c45e02b271dbf290a11228d7
Update cssjanus/cssjanus from 1.2.0 to 1.3.0
https://github.com/cssjanus/php-cssjanus/releases/tag/v1.3.0
https://github.com/cssjanus/php-cssjanus/compare/v1.2.0...v1.3.0
Change-Id: I352f79f6f34279e669057aee7c2f1570800c8a11
Depends-On: Id8aba2d9e99671a9c45e02b271dbf290a11228d7
https://github.com/cssjanus/php-cssjanus/releases/tag/v1.3.0
https://github.com/cssjanus/php-cssjanus/compare/v1.2.0...v1.3.0
Change-Id: I352f79f6f34279e669057aee7c2f1570800c8a11
Depends-On: Id8aba2d9e99671a9c45e02b271dbf290a11228d7
ApiLogout: Follow up Icb674095
This implements getWebUITokenSalt(), as mentioned in T25227#2008199 and
implemented in F3328897. Somehow it didn't make it into Icb674095.
This also fixes some issues in the unit test:
* Properly link the user to the request's Session so User::doLogout()
won't log a warning. This also gives use to the otherwise-unneeded
implementation of setUp(), and lets us get rid of the broken call to
User::newFromId() that was passing an IP address rather than a user ID.
* Privatize some internal methods.
* Use setExpectedApiException() instead of manually catching and
hard-coding the English exception message.
* Also assert that the bad token error didn't result in a logout.
Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2
This implements getWebUITokenSalt(), as mentioned in T25227#2008199 and
implemented in F3328897. Somehow it didn't make it into Icb674095.
This also fixes some issues in the unit test:
* Properly link the user to the request's Session so User::doLogout()
won't log a warning. This also gives use to the otherwise-unneeded
implementation of setUp(), and lets us get rid of the broken call to
User::newFromId() that was passing an IP address rather than a user ID.
* Privatize some internal methods.
* Use setExpectedApiException() instead of manually catching and
hard-coding the English exception message.
* Also assert that the bad token error didn't result in a logout.
Bug: T25227
Change-Id: I2aecfba821cca3c367c5e7e8d188a88197fb82d2
[SECURITY] [API BREAKING CHANGE] Require logout token.
Special:Userlogout now requires a token
Api action=logout requires a csrf token and the request to be POSTed
Patch author: bawolff
Bug: T25227
Change-Id: Icb674095956bb3f6c847c9553c53e404402ea774
Special:Userlogout now requires a token
Api action=logout requires a csrf token and the request to be POSTed
Patch author: bawolff
Bug: T25227
Change-Id: Icb674095956bb3f6c847c9553c53e404402ea774
Add support for new Japanese era name "Reiwa"
Bug: T219728
Change-Id: I28c26291c38e7e6c167011472236fb81a8adf032
Bug: T219728
Change-Id: I28c26291c38e7e6c167011472236fb81a8adf032
Add use Wikimedia\StaticArrayWriter statements to maintenance scripts
Follows-Up: I022c074e8a708fb5219bc4ff4b53e7e31f60dc4b
Change-Id: Ieea214b31a6ba9cc8eb2b6bae50529d70448a872
Follows-Up: I022c074e8a708fb5219bc4ff4b53e7e31f60dc4b
Change-Id: Ieea214b31a6ba9cc8eb2b6bae50529d70448a872
Urlencode fragments when redirecting after editing
This is a quick fix for the main symptom of the Chrome bug that results in
users being redirected to Special:BadTitle after section editing. We'll
need to discuss a more permanent solution.
Bug: T216029
Change-Id: I4b2d42ebc74031df86bc52310da71819da11c1ae
This is a quick fix for the main symptom of the Chrome bug that results in
users being redirected to Special:BadTitle after section editing. We'll
need to discuss a more permanent solution.
Bug: T216029
Change-Id: I4b2d42ebc74031df86bc52310da71819da11c1ae
Rearrange code in User::getBlockedStatus to avoid isAllowed calls
User::isAllowed() triggers session loading, which results in a loop
if it is called during session loading. Session providers need to
check block status when $wgBlockDisablesLogin is enabled, so try to
avoid isAllowed calls in that situation.
Bug: T218608
Change-Id: Iab24923c613d6aeed4b574f587fc4cee8f33077c
User::isAllowed() triggers session loading, which results in a loop
if it is called during session loading. Session providers need to
check block status when $wgBlockDisablesLogin is enabled, so try to
avoid isAllowed calls in that situation.
Bug: T218608
Change-Id: Iab24923c613d6aeed4b574f587fc4cee8f33077c
Replace $wgUser with RequestContext::getUser in User::getBlockedStatus
$wgUser is not guaranteed to exist until MediaWiki has been fully
initialized; block status needs to be checked early on for
authentication-related permission checks.
Bug: T218608
Change-Id: I16315c071855024bc0412d5360c95f843420d9a9
$wgUser is not guaranteed to exist until MediaWiki has been fully
initialized; block status needs to be checked early on for
authentication-related permission checks.
Bug: T218608
Change-Id: I16315c071855024bc0412d5360c95f843420d9a9
Update git submodules
* Update extensions/Renameuser from branch 'REL1_32'
to 7d0f5f0d9c2df36ffe3f88fb8909147cae4eb000
- Suppress issue from phan-taint-check-plugin
Partial backport from I13fb505ea5ece15c007e6e857481996a11c1aad4
Change-Id: I5c80f9a1d30724604d3e0c01e98926afc8b25fbb
* Update extensions/Renameuser from branch 'REL1_32'
to 7d0f5f0d9c2df36ffe3f88fb8909147cae4eb000
- Suppress issue from phan-taint-check-plugin
Partial backport from I13fb505ea5ece15c007e6e857481996a11c1aad4
Change-Id: I5c80f9a1d30724604d3e0c01e98926afc8b25fbb
user_group, the nonexistent table that keeps on giving
Follow-up to 27c61fb1e94da9114314468fd00bcf129ec064b6.
Bug: T199474
Change-Id: Ie8e054f5898209c51538669149e966bee7754f1e
Follow-up to 27c61fb1e94da9114314468fd00bcf129ec064b6.
Bug: T199474
Change-Id: Ie8e054f5898209c51538669149e966bee7754f1e
Fix a rather fatal typo in rebuildrecentchanges.php
The JOIN condition was being ignored because there is no table called "user_group" in MediaWiki core.
Thus if and when using $wgSharedDB, the query would end up listing *all* registered users from the shared user table.
And even without $wgSharedDB, running rebuildrecentchanges.php would result in everyone's edits being marked as bot edits (recentchanges.rc_bot = 1) and thus hidden from the Special:RecentChanges page.
Thanks to Lcawte for reporting this bug.
Follow-up to 27c61fb1e94da9114314468fd00bcf129ec064b6
Change-Id: I18d658b67c50f2200341f732783c2e7524dd27f1
The JOIN condition was being ignored because there is no table called "user_group" in MediaWiki core.
Thus if and when using $wgSharedDB, the query would end up listing *all* registered users from the shared user table.
And even without $wgSharedDB, running rebuildrecentchanges.php would result in everyone's edits being marked as bot edits (recentchanges.rc_bot = 1) and thus hidden from the Special:RecentChanges page.
Thanks to Lcawte for reporting this bug.
Follow-up to 27c61fb1e94da9114314468fd00bcf129ec064b6
Change-Id: I18d658b67c50f2200341f732783c2e7524dd27f1
RELEASE-NOTES for last two commits
Change-Id: Ifc6546ebf616e16e3f54d664b2ce0739d0826e48
Change-Id: Ifc6546ebf616e16e3f54d664b2ce0739d0826e48
DatabasePostgres: Ignore "IGNORE" option to update()
PostgreSQL doesn't support anything like this. For now, avoid generating
invalid SQL by just ignoring the option. If we come up with a use case
someday, that can guide implementation of a workalike.
Also, remove a pointless "IGNORE" from populateExternallinksIndex60.php.
el_index_60 isn't uniquely indexed, so it has no effect anyway.
Bug: T215169
Change-Id: I1409c80b39834d1977c82c489226255a8cc93fd0
(cherry picked from commit 814605a979633fc37bcfa8319ddbfe627a66a308)
PostgreSQL doesn't support anything like this. For now, avoid generating
invalid SQL by just ignoring the option. If we come up with a use case
someday, that can guide implementation of a workalike.
Also, remove a pointless "IGNORE" from populateExternallinksIndex60.php.
el_index_60 isn't uniquely indexed, so it has no effect anyway.
Bug: T215169
Change-Id: I1409c80b39834d1977c82c489226255a8cc93fd0
(cherry picked from commit 814605a979633fc37bcfa8319ddbfe627a66a308)
Return the page_id in list=langbacklinks as an int
Bug: T216968
Change-Id: I5b16779be7b24b1e46d4787a82a8daa3611f67b1
Bug: T216968
Change-Id: I5b16779be7b24b1e46d4787a82a8daa3611f67b1
Return the page_id in list=iwbacklinks as an int rather than string
Bug: T216968
Change-Id: I6645c5f1c6e76be3187c24053ed430e99c03bff4
Bug: T216968
Change-Id: I6645c5f1c6e76be3187c24053ed430e99c03bff4
Backport WikiMap/JobQueueGroup logic to handle hyphenated DB names
Although the documentation in DefaultSettings.php states that such
cases should be avoided, some common cases and code paths can be
made to work easily enough.
Partially cherry-picked from dcd0a3d53, 51945dbca3594, and 5196ac32c6.
Bug: T204423
Change-Id: Ia3c5855b18b98d9fc5bc02fe68358cfa52ccbce1
Although the documentation in DefaultSettings.php states that such
cases should be avoided, some common cases and code paths can be
made to work easily enough.
Partially cherry-picked from dcd0a3d53, 51945dbca3594, and 5196ac32c6.
Bug: T204423
Change-Id: Ia3c5855b18b98d9fc5bc02fe68358cfa52ccbce1
Bump version to 1.32.1
Bug: T213595
Change-Id: I5ab9b717a3d5f41780f577c4c61fd6e6ba9e627c
Bug: T213595
Change-Id: I5ab9b717a3d5f41780f577c4c61fd6e6ba9e627c
Use "try-catch" block instead of "if" block to prevent interruption of new installation
New installation blocked when checking if the DB exists,
because when select DB, if it fails, it will throw an exception.
So I modify the checking logic to determine if there is an exception
thrown instead of detecting the return value.
Bug: T215566
Change-Id: I6817997434df7adc79fbc1b224b77c0daa8cc11d
(cherry picked from commit 56d2fc8081502ebcc793e17cc9c7083c8b9d2126)
New installation blocked when checking if the DB exists,
because when select DB, if it fails, it will throw an exception.
So I modify the checking logic to determine if there is an exception
thrown instead of detecting the return value.
Bug: T215566
Change-Id: I6817997434df7adc79fbc1b224b77c0daa8cc11d
(cherry picked from commit 56d2fc8081502ebcc793e17cc9c7083c8b9d2126)
RELEASENOTES: Update required PHP version to 7.0.13
Bug: T209423
Change-Id: Ib76c4235e3a3a45986595d99e98a97bfc0e59be9
Bug: T209423
Change-Id: Ib76c4235e3a3a45986595d99e98a97bfc0e59be9
Update git submodules
* Update extensions/CategoryTree from branch 'REL1_32'
to 5866bb9268fa3df8dfd5b8dce2cb5153e2623ca2
- Change 'title' attributes to links to use full page name
This changes the title attribute on the link generated in the
CategoryTree. The only effect is additional information about the
link target that may be truncated by 'hideprefix' or CSS overflow,
will now still be accessible in another way.
Change-Id: I4f07fa88f0a528634e9bf3c504e84fb4bf55e3bf
* Update extensions/CategoryTree from branch 'REL1_32'
to 5866bb9268fa3df8dfd5b8dce2cb5153e2623ca2
- Change 'title' attributes to links to use full page name
This changes the title attribute on the link generated in the
CategoryTree. The only effect is additional information about the
link target that may be truncated by 'hideprefix' or CSS overflow,
will now still be accessible in another way.
Change-Id: I4f07fa88f0a528634e9bf3c504e84fb4bf55e3bf