[MediaWiki-commits] [Gerrit] wikidata...rdf[master]: Update GUI

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346876 )

Change subject: Update GUI
..


Update GUI

Change-Id: I9cb69ea3ea15a1ee73f20dddf9d244a0b2bf49a2
---
M gui
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Smalyshev: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/gui b/gui
index 282867e..ee8f535 16
--- a/gui
+++ b/gui
@@ -1 +1 @@
-Subproject commit 282867eb7a210a9a2393d62ed9d619b4248f95fe
+Subproject commit ee8f5350806b4f1eb9cdcb2380c2d44b05fa9dd9

-- 
To view, visit https://gerrit.wikimedia.org/r/346876
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9cb69ea3ea15a1ee73f20dddf9d244a0b2bf49a2
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/rdf
Gerrit-Branch: master
Gerrit-Owner: Smalyshev 
Gerrit-Reviewer: Smalyshev 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...cxserver[master]: Set default MT for CX articles into Chinese

[KartikMistry (Code Review)]

KartikMistry has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346944 )

Change subject: Set default MT for CX articles into Chinese
..

Set default MT for CX articles into Chinese

Bug: T162019
Change-Id: I7dc43da8f64839435e31ed135046736425410f4e
---
M registry.wikimedia.yaml
1 file changed, 81 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/cxserver 
refs/changes/44/346944/1

diff --git a/registry.wikimedia.yaml b/registry.wikimedia.yaml
index 915113a..1f2fa8d 100644
--- a/registry.wikimedia.yaml
+++ b/registry.wikimedia.yaml
@@ -8507,22 +8507,6 @@
 'ru-uk': source-mt
 'sk-uk': source-mt
 'sv-uk': source-mt
-'cs-zh': source-mt
-'de-zh': source-mt
-'en-zh': source-mt
-'es-zh': source-mt
-'fa-zh': source-mt
-'fr-zh': source-mt
-'id-zh': source-mt
-'ja-zh': source-mt
-'it-zh': source-mt
-'ko-zh': source-mt
-'nl-zh': source-mt
-'pt-zh': source-mt
-'ru-zh': source-mt
-'sv-zh': source-mt
-'uk-zh': source-mt
-'vi-zh': source-mt
 'en-bn': source-mt
 'eu-bn': source-mt
 'en-gu': source-mt
@@ -9928,6 +9912,87 @@
 'vi-xh': source-mt
 'yi-xh': source-mt
 'zh-xh': source-mt
+'af-zh': Yandex
+'am-zh': Yandex
+'ar-zh': Yandex
+'ba-zh': Yandex
+'be-zh': Yandex
+'bn-zh': Yandex
+'bg-zh': Yandex
+'bs-zh': Yandex
+'ca-zh': Yandex
+'ceb-zh': Yandex
+'cs-zh': Yandex
+'cy-zh': Yandex
+'da-zh': Yandex
+'el-zh': Yandex
+'en-zh': Yandex
+'eo-zh': Yandex
+'es-zh': Yandex
+'et-zh': Yandex
+'eu-zh': Yandex
+'fa-zh': Yandex
+'fi-zh': Yandex
+'fr-zh': Yandex
+'ga-zh': Yandex
+'gd-zh': Yandex
+'gl-zh': Yandex
+'gu-zh': Yandex
+'he-zh': Yandex
+'hi-zh': Yandex
+'hr-zh': Yandex
+'ht-zh': Yandex
+'hu-zh': Yandex
+'hy-zh': Yandex
+'id-zh': Yandex
+'is-zh': Yandex
+'ja-zh': Yandex
+'ka-zh': Yandex
+'kk-zh': Yandex
+'kn-zh': Yandex
+'ko-zh': Yandex
+'ky-zh': Yandex
+'la-zh': Yandex
+'lt-zh': Yandex
+'lv-zh': Yandex
+'mg-zh': Yandex
+'mi-zh': Yandex
+'mhr-zh': Yandex
+'mk-zh': Yandex
+'mn-zh': Yandex
+'mr-zh': Yandex
+'mrj-zh': Yandex
+'ms-zh': Yandex
+'mt-zh': Yandex
+'nb-zh': Yandex
+'ne-zh': Yandex
+'pa-zh': Yandex
+'pl-zh': Yandex
+'pt-zh': Yandex
+'ro-zh': Yandex
+'ru-zh': Yandex
+'si-zh': Yandex
+'sk-zh': Yandex
+'sl-zh': Yandex
+'sq-zh': Yandex
+'sr-zh': Yandex
+'su-zh': Yandex
+'sv-zh': Yandex
+'sw-zh': Yandex
+'ta-zh': Yandex
+'te-zh': Yandex
+'tg-zh': Yandex
+'th-zh': Yandex
+'tl-zh': Yandex
+'tr-zh': Yandex
+'tt-zh': Yandex
+'udm-zh': Yandex
+'uk-zh': Yandex
+'ur-zh': Yandex
+'uz-zh': Yandex
+'vi-zh': Yandex
+'yi-zh': Yandex
+'xh-zh': Yandex
 'nl-af': Apertium
 'mt-ar': Apertium
 'mk-bg': Apertium

-- 
To view, visit https://gerrit.wikimedia.org/r/346944
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7dc43da8f64839435e31ed135046736425410f4e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/cxserver
Gerrit-Branch: master
Gerrit-Owner: KartikMistry 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] oojs/ui[master]: MediaWiki theme: Add separator when toolbar items break on n...

[VolkerE (Code Review)]

VolkerE has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346943 )

Change subject: MediaWiki theme: Add separator when toolbar items break on 
narrow
..

MediaWiki theme: Add separator when toolbar items break on narrow

Bug: T92315
Change-Id: Iee97c1f105e1f2f2f90bc3c65468189661738b84
---
M src/themes/mediawiki/tools.less
1 file changed, 11 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/oojs/ui refs/changes/43/346943/1

diff --git a/src/themes/mediawiki/tools.less b/src/themes/mediawiki/tools.less
index a0dc7f5..4de2779 100644
--- a/src/themes/mediawiki/tools.less
+++ b/src/themes/mediawiki/tools.less
@@ -22,6 +22,17 @@
}
}
 
+   &-narrow .oo-ui-toolbar-bar:after {
+   content: '';
+   display: block;
+   position: absolute;
+   top: 3.125em;
+   left: 0;
+   width: 100%;
+   height: 0;
+   border-bottom: @border-toolbar;
+   }
+
&-actions {
> .oo-ui-buttonElement.oo-ui-labelElement,
> .oo-ui-buttonElement.oo-ui-indicatorElement,

-- 
To view, visit https://gerrit.wikimedia.org/r/346943
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iee97c1f105e1f2f2f90bc3c65468189661738b84
Gerrit-PatchSet: 1
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: VolkerE 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...cxserver[master]: Remove 'source-mt' from default from some languages

[KartikMistry (Code Review)]

KartikMistry has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346942 )

Change subject: Remove 'source-mt' from default from some languages
..

Remove 'source-mt' from default from some languages

Where deployment > 6 months

Bug: T162344
Change-Id: If32a0515c9d1887e9a9a88be1beb46caab353561
---
M registry.wikimedia.yaml
1 file changed, 0 insertions(+), 1,066 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/cxserver 
refs/changes/42/346942/1

diff --git a/registry.wikimedia.yaml b/registry.wikimedia.yaml
index 915113a..baea41a 100644
--- a/registry.wikimedia.yaml
+++ b/registry.wikimedia.yaml
@@ -8537,667 +8537,6 @@
 'ru-pa': source-mt
 'en-si': source-mt
 'en-ta': source-mt
-'af-ceb': source-mt
-'am-ceb': source-mt
-'ar-ceb': source-mt
-'ba-ceb': source-mt
-'be-ceb': source-mt
-'bn-ceb': source-mt
-'bg-ceb': source-mt
-'bs-ceb': source-mt
-'ca-ceb': source-mt
-'cs-ceb': source-mt
-'cy-ceb': source-mt
-'da-ceb': source-mt
-'el-ceb': source-mt
-'en-ceb': source-mt
-'eo-ceb': source-mt
-'es-ceb': source-mt
-'et-ceb': source-mt
-'eu-ceb': source-mt
-'fa-ceb': source-mt
-'fi-ceb': source-mt
-'fr-ceb': source-mt
-'ga-ceb': source-mt
-'gd-ceb': source-mt
-'gl-ceb': source-mt
-'gu-ceb': source-mt
-'he-ceb': source-mt
-'hi-ceb': source-mt
-'hr-ceb': source-mt
-'ht-ceb': source-mt
-'hu-ceb': source-mt
-'hy-ceb': source-mt
-'id-ceb': source-mt
-'is-ceb': source-mt
-'ja-ceb': source-mt
-'jv-ceb': source-mt
-'ka-ceb': source-mt
-'kk-ceb': source-mt
-'kn-ceb': source-mt
-'ko-ceb': source-mt
-'ky-ceb': source-mt
-'la-ceb': source-mt
-'lt-ceb': source-mt
-'lv-ceb': source-mt
-'mg-ceb': source-mt
-'mi-ceb': source-mt
-'mhr-ceb': source-mt
-'ml-ceb': source-mt
-'mk-ceb': source-mt
-'mn-ceb': source-mt
-'mr-ceb': source-mt
-'mrj-ceb': source-mt
-'ms-ceb': source-mt
-'mt-ceb': source-mt
-'nb-ceb': source-mt
-'ne-ceb': source-mt
-'pa-ceb': source-mt
-'pl-ceb': source-mt
-'pt-ceb': source-mt
-'ro-ceb': source-mt
-'ru-ceb': source-mt
-'si-ceb': source-mt
-'sk-ceb': source-mt
-'sl-ceb': source-mt
-'sq-ceb': source-mt
-'sr-ceb': source-mt
-'su-ceb': source-mt
-'sv-ceb': source-mt
-'sw-ceb': source-mt
-'ta-ceb': source-mt
-'te-ceb': source-mt
-'tg-ceb': source-mt
-'th-ceb': source-mt
-'tl-ceb': source-mt
-'tr-ceb': source-mt
-'tt-ceb': source-mt
-'udm-ceb': source-mt
-'uk-ceb': source-mt
-'ur-ceb': source-mt
-'uz-ceb': source-mt
-'vi-ceb': source-mt
-'xh-ceb': source-mt
-'yi-ceb': source-mt
-'zh-ceb': source-mt
-'af-am': source-mt
-'ar-am': source-mt
-'ba-am': source-mt
-'be-am': source-mt
-'bn-am': source-mt
-'bg-am': source-mt
-'bs-am': source-mt
-'ca-am': source-mt
-'cs-am': source-mt
-'cy-am': source-mt
-'da-am': source-mt
-'el-am': source-mt
-'en-am': source-mt
-'eo-am': source-mt
-'es-am': source-mt
-'et-am': source-mt
-'eu-am': source-mt
-'fa-am': source-mt
-'fi-am': source-mt
-'fr-am': source-mt
-'ga-am': source-mt
-'gd-am': source-mt
-'gl-am': source-mt
-'gu-am': source-mt
-'he-am': source-mt
-'hi-am': source-mt
-'hr-am': source-mt
-'ht-am': source-mt
-'hu-am': source-mt
-'hy-am': source-mt
-'id-am': source-mt
-'is-am': source-mt
-'ja-am': source-mt
-'jv-am': source-mt
-'ka-am': source-mt
-'kk-am': source-mt
-'kn-am': source-mt
-'ko-am': source-mt
-'ky-am': source-mt
-'la-am': source-mt
-'lt-am': source-mt
-'lv-am': source-mt
-'mg-am': source-mt
-'mi-am': source-mt
-'mhr-am': source-mt
-'ml-am': source-mt
-'mk-am': source-mt
-'mn-am': source-mt
-'mr-am': source-mt
-'mrj-am': source-mt
-'ms-am': source-mt
-'mt-am': source-mt
-'nb-am': source-mt
-'ne-am': source-mt
-'pa-am': source-mt
-'pl-am': source-mt
-'pt-am': source-mt
-'ro-am': source-mt
-'ru-am': source-mt
-'si-am': source-mt
-'sk-am': source-mt
-'sl-am': source-mt
-'sq-am': source-mt
-'sr-am': source-mt
-'su-am': source-mt
-'sv-am': source-mt
-'sw-am': source-mt
-'ta-am': source-mt
-'te-am': source-mt
-'tg-am': source-mt
-'th-am': source-mt
-'tl-am': source-mt
-'tr-am': source-mt
-'tt-am': source-mt
-'udm-am': source-mt
-'uk-am': source-mt
-'ur-am': source-mt
-'uz-am': source-mt
-'vi-am': source-mt
-'xh-am': source-mt
-'yi-am': source-mt
-'zh-am': source-mt
-'af-eo': source-mt
-'am-eo': source-mt
-'ar-eo': source-mt
-'ba-eo': source-mt
-'be-eo': source-mt
-'bn-eo': 

[MediaWiki-commits] [Gerrit] integration/config[master]: Add apertium-spa-cat package

[KartikMistry (Code Review)]

KartikMistry has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346941 )

Change subject: Add apertium-spa-cat package
..

Add apertium-spa-cat package

Change-Id: I5111ab7382786ede5c04656dc6c05ac3bc9ff792
---
M zuul/layout.yaml
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/integration/config 
refs/changes/41/346941/1

diff --git a/zuul/layout.yaml b/zuul/layout.yaml
index d759b91..100b32f 100644
--- a/zuul/layout.yaml
+++ b/zuul/layout.yaml
@@ -2127,6 +2127,7 @@
   - { name: operations/debs/contenttranslation/apertium-sme-nob,   test: 
['debian-glue'] }
   - { name: operations/debs/contenttranslation/apertium-spa,   test: 
['debian-glue'] }
   - { name: operations/debs/contenttranslation/apertium-spa-arg,   test: 
['debian-glue'] }
+  - { name: operations/debs/contenttranslation/apertium-spa-cat,   test: 
['debian-glue'] }
   - { name: operations/debs/contenttranslation/apertium-srd,   test: 
['debian-glue'] }
   - { name: operations/debs/contenttranslation/apertium-srd-ita,   test: 
['debian-glue'] }
   - { name: operations/debs/contenttranslation/apertium-sv-da, test: 
['debian-glue'] }

-- 
To view, visit https://gerrit.wikimedia.org/r/346941
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5111ab7382786ede5c04656dc6c05ac3bc9ff792
Gerrit-PatchSet: 1
Gerrit-Project: integration/config
Gerrit-Branch: master
Gerrit-Owner: KartikMistry 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] oojs/ui[master]: Apex theme: Align coding style to conventions

[VolkerE (Code Review)]

VolkerE has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346940 )

Change subject: Apex theme: Align coding style to conventions
..

Apex theme: Align coding style to conventions

Aligning Less/CSS coding style to coding conventions by
 - following whitespace rules &
 - lowercasing hex colors

Change-Id: I5050a1fd4df16e8b526311c9df2f62e965b25cc4
---
M src/themes/apex/elements.less
M src/themes/apex/tools.less
M src/themes/apex/widgets.less
M src/themes/apex/windows.less
4 files changed, 27 insertions(+), 27 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/oojs/ui refs/changes/40/346940/1

diff --git a/src/themes/apex/elements.less b/src/themes/apex/elements.less
index 12a86e9..02a76e5 100644
--- a/src/themes/apex/elements.less
+++ b/src/themes/apex/elements.less
@@ -23,7 +23,7 @@
> .oo-ui-buttonElement-button {
> .oo-ui-iconElement-icon {
// Don't animate opacities for now, causes 
wiggling in Chrome (bug 63020)
-   // .oo-ui-transition(opacity @medium-ease);
+   // .oo-ui-transition( opacity @medium-ease );
}
 
&:hover,
@@ -92,8 +92,8 @@
border-radius: 0.3em;
text-shadow: 0 1px 1px rgba( 255, 255, 255, 0.5 );
border: 1px #c9c9c9 solid;
-   .oo-ui-transition(border-color @quick-ease);
-   .oo-ui-vertical-gradient(#fff, #ddd);
+   .oo-ui-transition( border-color @quick-ease );
+   .oo-ui-vertical-gradient( #fff, #ddd );
 
&:hover,
&:focus {
@@ -115,7 +115,7 @@
box-shadow: inset 0 1px 4px 0 rgba( 0, 0, 0, 0.07 );
color: #000;
border-color: #c9c9c9;
-   .oo-ui-vertical-gradient(#ddd, #fff);
+   .oo-ui-vertical-gradient( #ddd, #fff );
}
 
&.oo-ui-iconElement {
@@ -161,14 +161,14 @@
&.oo-ui-buttonElement-active > 
.oo-ui-buttonElement-button,
&.oo-ui-buttonElement-pressed > 
.oo-ui-buttonElement-button {
border: 1px solid @progressive-border;
-   
.oo-ui-vertical-gradient(@progressive-gradient-end, 
@progressive-gradient-start);
+   .oo-ui-vertical-gradient( 
@progressive-gradient-end, @progressive-gradient-start );
}
}
 
&-constructive {
> .oo-ui-buttonElement-button {
border: 1px solid @constructive-border;
-   
.oo-ui-vertical-gradient(@constructive-gradient-start, 
@constructive-gradient-end);
+   .oo-ui-vertical-gradient( 
@constructive-gradient-start, @constructive-gradient-end );
 
&:hover,
&:focus {
@@ -180,7 +180,7 @@
&.oo-ui-buttonElement-active > 
.oo-ui-buttonElement-button,
&.oo-ui-buttonElement-pressed > 
.oo-ui-buttonElement-button {
border: 1px solid @constructive-border;
-   
.oo-ui-vertical-gradient(@constructive-gradient-end, 
@constructive-gradient-start);
+   .oo-ui-vertical-gradient( 
@constructive-gradient-end, @constructive-gradient-start );
}
}
 
@@ -247,7 +247,7 @@
 
 .theme-oo-ui-pendingElement () {
&-pending {
-   
.oo-ui-background-image('@{oo-ui-default-image-path}/textures/pending.gif');
+   .oo-ui-background-image( 
'@{oo-ui-default-image-path}/textures/pending.gif' );
}
 }
 
diff --git a/src/themes/apex/tools.less b/src/themes/apex/tools.less
index dccec8c..cb7c8a1 100644
--- a/src/themes/apex/tools.less
+++ b/src/themes/apex/tools.less
@@ -91,7 +91,7 @@
margin: 0.375em;
border-radius: 0.3125em;
border: 1px solid transparent;
-   .oo-ui-transition(border-color @medium-ease);
+   .oo-ui-transition( border-color @medium-ease );
 
.oo-ui-toolbar-narrow & {
+ .oo-ui-toolGroup {
@@ -150,7 +150,7 @@
&.oo-ui-widget-enabled {
border-color: rgba( 0, 0, 0, 0.2 );
box-shadow: inset 0 0.0875em 0.0875em 0 rgba( 
0, 0, 0, 0.07 );
-   .oo-ui-vertical-gradient(#F1F7FB, #fff);
+  

[MediaWiki-commits] [Gerrit] oojs/ui[master]: Apex theme: Simplify color usage through Less variables

[VolkerE (Code Review)]

VolkerE has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346939 )

Change subject: Apex theme: Simplify color usage through Less variables
..

Apex theme: Simplify color usage through Less variables

Also changing unique `#555` to widget-wide color.

Change-Id: If1077b2e62a20ce899bae11d54136ade019a8ef5
---
M src/themes/apex/common.less
M src/themes/apex/elements.less
M src/themes/apex/tools.less
M src/themes/apex/widgets.less
4 files changed, 16 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/oojs/ui refs/changes/39/346939/1

diff --git a/src/themes/apex/common.less b/src/themes/apex/common.less
index deff0b7..819b106 100644
--- a/src/themes/apex/common.less
+++ b/src/themes/apex/common.less
@@ -1,5 +1,9 @@
 // Theme variables
+@oo-ui-default-image-path: 'themes/apex/images';
+
 @background-color-main: #fff;
+
+@color-default: #333;
 
 @progressive: #087ecc;
 @constructive: #76ab36;
@@ -15,9 +19,9 @@
 @constructive-border: #b8d892;
 @constructive-border-selected: #adcb89;
 
-@color-placeholder: #72777d; // equals HSB 210°/9%/49%, aligns to WCAG 2.0 
level AA at 4.52:1 contrast ratio
-
-@oo-ui-default-image-path: 'themes/apex/images';
+@color-placeholder: #767676; // aligns to WCAG 2.0 level AA at 4.54:1 contrast 
ratio
+@color-readonly: #767676;
+@color-subtle: #767676;
 
 // Box Sizes
 @max-width-default: 50em;
diff --git a/src/themes/apex/elements.less b/src/themes/apex/elements.less
index cd31617..12a86e9 100644
--- a/src/themes/apex/elements.less
+++ b/src/themes/apex/elements.less
@@ -4,7 +4,7 @@
 
 .theme-oo-ui-buttonElement () {
> .oo-ui-buttonElement-button {
-   color: #333;
+   color: @color-default;
}
 
&.oo-ui-iconElement > .oo-ui-buttonElement-button > 
.oo-ui-iconElement-icon {
@@ -39,7 +39,7 @@
}
 
> .oo-ui-labelElement-label {
-   color: #333;
+   color: @color-default;
}
}
 
@@ -54,7 +54,7 @@
// Support  from ButtonInputWidget
> input.oo-ui-buttonElement-button {
padding-left: 0.25em;
-   color: #333;
+   color: @color-default;
 
&:hover,
&:focus {
@@ -197,7 +197,7 @@
// Opacity causes 1px measurement errors in 
Chrome, so force GPU rendering
.oo-ui-force-gpu-composite-layer();
box-shadow: none;
-   color: #333;
+   color: @color-default;
background: #eee;
border-color: #ccc;
 
diff --git a/src/themes/apex/tools.less b/src/themes/apex/tools.less
index 60cb00c..dccec8c 100644
--- a/src/themes/apex/tools.less
+++ b/src/themes/apex/tools.less
@@ -457,7 +457,7 @@
}
 
.oo-ui-tool-accel {
-   color: #888;
+   color: @color-subtle;
}
}
 }
diff --git a/src/themes/apex/widgets.less b/src/themes/apex/widgets.less
index a958355..011e6eb 100644
--- a/src/themes/apex/widgets.less
+++ b/src/themes/apex/widgets.less
@@ -111,7 +111,7 @@
line-height: 1.7em;
.oo-ui-vertical-gradient(#fff, #ddd);
border: 1px solid #ccc;
-   color: #555;
+   color: @color-default;
border-radius: 0.25em;
 
&:focus {
@@ -410,7 +410,7 @@
 
 .theme-oo-ui-menuSectionOptionWidget () {
padding: 0.33em 0.75em;
-   color: #888;
+   color: @color-subtle;
 }
 
 .theme-oo-ui-menuSelectWidget () {
@@ -1016,7 +1016,7 @@
 
input[readonly],
textarea[readonly] {
-   color: #777;
+   color: @color-readonly;
}
 
&.oo-ui-flaggedElement-invalid {
@@ -1072,7 +1072,7 @@
> .oo-ui-labelElement-label {
padding: 0.4em;
line-height: 1.5em;
-   color: #888;
+   color: @color-subtle;
}
 
&-labelPosition-after {

-- 
To view, visit https://gerrit.wikimedia.org/r/346939
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If1077b2e62a20ce899bae11d54136ade019a8ef5
Gerrit-PatchSet: 1
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: VolkerE 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: WIP: Lint mistested tags for better accuracy

[Subramanya Sastry (Code Review)]

Subramanya Sastry has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346938 )

Change subject: WIP: Lint mistested tags for better accuracy
..

WIP: Lint mistested tags for better accuracy

* Quick first try -- seems to work in many scenarios and
  generates one useful lint error in place 2 useless ones.
* More linter tests needed.

Change-Id: If3ba4e78cc43f85157a33b414d4a05c54fa43b84
---
M lib/wt2html/pp/handlers/linter.js
M tests/mocha/linter.js
2 files changed, 56 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid 
refs/changes/38/346938/1

diff --git a/lib/wt2html/pp/handlers/linter.js 
b/lib/wt2html/pp/handlers/linter.js
index a07f329..72fd9d2 100644
--- a/lib/wt2html/pp/handlers/linter.js
+++ b/lib/wt2html/pp/handlers/linter.js
@@ -41,6 +41,34 @@
env.log('lint/' + type, { dsr: tplInfo.dsr });
 }
 
+function leftMostDescendent(node, matchingName) {
+   if (!DU.isElt(node)) {
+   return node.parentNode;
+   } else if (node.nodeName === matchingName ||
+   (DU.isMarkerMeta(node, 'mw:Placeholder/StrippedTag')
+   && DU.getDataParsoid(node).name === matchingName)
+   ) {
+   return node;
+   } else if (!node.firstChild) {
+   return node.nodeName === matchingName ? node : null;
+   } else {
+   return leftMostDescendent(node.firstChild, matchingName);
+   }
+}
+
+function getNextStructurallyAdjacentNode(node, matchingName) {
+   if (DU.isBody(node)) {
+   return null;
+   }
+
+   if (node.nextSibling) {
+   return leftMostDescendent(node.nextSibling, matchingName);
+   }
+
+   return getNextStructurallyAdjacentNode(node.parentNode, matchingName);
+}
+
+
 /*
  * Log Treebuilder fixups marked by dom.markTreeBuilderFixup.js
  * It handles the following scenarios:
@@ -50,6 +78,12 @@
  * 3. Stripped tags
  */
 function logTreeBuilderFixup(env, c, dp, tplInfo) {
+   // This might have been processed as part of
+   // misnested-tag category identification.
+   if ((dp.tmp || {}).processed) {
+   return;
+   }
+
var cNodeName = c.nodeName.toLowerCase();
var dsr = dp.dsr;
var lintObj;
@@ -68,12 +102,9 @@
dsr = dp.tmp.origDSR;
}
 
-   if (DU.hasNodeName(c, 'meta')) {
-   var type = c.getAttribute('typeof');
-   if (type === 'mw:Placeholder/StrippedTag') {
-   lintObj = { dsr: dsr, templateInfo: templateInfo };
-   env.log('lint/stripped-tag', lintObj);
-   }
+   if (DU.isMarkerMeta(c, 'mw:Placeholder/StrippedTag')) {
+   lintObj = { dsr: dsr, templateInfo: templateInfo };
+   env.log('lint/stripped-tag', lintObj);
}
 
// Dont bother linting for auto-inserted start/end or self-closing-tag 
if:
@@ -108,7 +139,20 @@
templateInfo: templateInfo,
params: { name: cNodeName },
};
-   env.log('lint/missing-end-tag', lintObj);
+   var adjNode = getNextStructurallyAdjacentNode(c, 
c.nodeName);
+   var adjDp = adjNode && DU.getDataParsoid(adjNode);
+   if (adjNode && (
+   (adjDp.autoInsertedStart && 
!adjDp.autoInsertedEnd) ||
+   DU.isMarkerMeta(adjNode, 
'mw:Placeholder/StrippedTag'))
+   ) {
+   if (!adjDp.tmp) {
+   adjDp.tmp = {};
+   }
+   adjDp.tmp.processed = true;
+   env.log('lint/tag-misnesting', lintObj);
+   } else {
+   env.log('lint/missing-end-tag', lintObj);
+   }
}
 
if (dp.autoInsertedStart === true && (tplInfo ||  dsr[3] > 0)) {
diff --git a/tests/mocha/linter.js b/tests/mocha/linter.js
index 6afa1ad..9df09c0 100644
--- a/tests/mocha/linter.js
+++ b/tests/mocha/linter.js
@@ -63,9 +63,11 @@
});
it('should lint stripped tags correctly in misnested tag 
situations', function() {
return parseWT('a').then(function(result) 
{
-   result.should.have.length(2);
-   result[1].should.have.a.property("type", 
"stripped-tag");
-   result[1].dsr.should.deep.equal([ 11, 15, null, 
null ]);
+   result.should.have.length(1);
+   result[0].should.have.a.property("type", 
"tag-misnesting");
+   

[MediaWiki-commits] [Gerrit] operations/puppet[production]: [WIP] dnsrecursor: 4.x backport and edns-client-subnet

[BBlack (Code Review)]

BBlack has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346937 )

Change subject: [WIP] dnsrecursor: 4.x backport and edns-client-subnet
..

[WIP] dnsrecursor: 4.x backport and edns-client-subnet

I've manually tested the backports package with these settings,
and it functions correctly as expected (including correct
discovery geoip effects for private-network clients via
edns-client-subnet).

TODO: I'm not sure whether various labs usage of this class might
still be on trusty, in which case there will need to be some
conditional config to let 3.x continue to operate as it did before
there.

TODO: On jessie+, use a systemd unit file fragment to raise the FD
ulimit.

Change-Id: I73cfea9e56800624f1353a381540c0f410dd826d
---
M modules/dnsrecursor/manifests/init.pp
M modules/dnsrecursor/templates/recursor.conf.erb
2 files changed, 55 insertions(+), 83 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/37/346937/1

diff --git a/modules/dnsrecursor/manifests/init.pp 
b/modules/dnsrecursor/manifests/init.pp
index 8bfa3c7..a564e3b 100644
--- a/modules/dnsrecursor/manifests/init.pp
+++ b/modules/dnsrecursor/manifests/init.pp
@@ -29,6 +29,16 @@
 description => 'Recursive DNS server',
 }
 
+# This is to ensure we get pdns-recursor 4.x on jessie
+if os_version('debian < stretch') {
+apt::pin { 'pdns-recursor':
+package  => 'pdns-recursor',
+pin  => 'release a=jessie-backports',
+priority => '1001',
+before   => Package['pdns-recursor'],
+}
+}
+
 package { 'pdns-recursor':
 ensure => 'present',
 }
diff --git a/modules/dnsrecursor/templates/recursor.conf.erb 
b/modules/dnsrecursor/templates/recursor.conf.erb
index 7d2bc0a..fffdc48 100644
--- a/modules/dnsrecursor/templates/recursor.conf.erb
+++ b/modules/dnsrecursor/templates/recursor.conf.erb
@@ -1,7 +1,3 @@
-# This file is managed by puppet - don't edit it locally!
-# recursor.conf
-# https://doc.powerdns.com/3/recursor/settings/
-
 <%
 def flatten_ips(ips)
 result = []
@@ -19,42 +15,31 @@
 return result
 end
 -%>
+# --- Functional basics ---
 
-# location of configuration directory (recursor.conf)
 config-dir=/etc/powerdns/
-
 setgid=pdns
 setuid=pdns
-
 daemon=yes
-# THREADS x MAX-MTHREADS < FD's
-threads=2
+socket-dir=/var/run/
+export-etc-hosts=<%= @export_etc_hosts %>
 
-# maximum number of simultaneous MTasker threads
-# This is explicitly lowered to avoid a known bug:
-#  
http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recursor-configuration-file-guidance/
-max-mthreads=512
+# --- Listen IPs, allowed clients, local zones+authdns ---
 
 # local-addressIP addresses to listen on, separated by spaces or commas
 local-address=<%= flatten_ips(@listen_addresses).sort.join(" ") %>
 local-port=53
-
-# available since: 3.6
-#loglevel=1
-log-common-errors=yes
-# suppress logging of questions and answers
-quiet=yes
-# traceif we should output heaps of logging
-trace=off
-
-# which domains we only accept delegations from
-delegation-only=com,net
 
 # If set, only allow these comma separated netmasks to recurse
 allow-from=127.0.0.0/8, ::1/128, <%= (@allow_from + 
flatten_ips(@listen_addresses)).join(", ") %>
 
 # Zones for which we forward queries, comma separated domain=ip pairs
 forward-zones=<%= @forward_zones -%>, <%= @additional_forward_zones -%>
+
+# we need ECS to ensure our geoip resolution (e.g. for discovery hostnames) 
works correctly regardless of which recursor (x-dc) a client uses
+# XXX templatize this!
+# XXX 4.x-only! (do we have trusty recdns anywhere?)
+edns-subnet-whitelist=208.80.154.238/32, 208.80.153.231/32, 91.198.174.239/32
 
 <% if @lua_hooks -%>
 # lua scripts allow extending the resolver
@@ -67,70 +52,47 @@
 auth-zones=<%= @auth_zones -%>
 <% end -%>
 
-# maximum number of entries in the main cache (default 100)
-max-cache-entries=<%= @max_cache_entries %>
+# --- Cache Params ---
 
-# maximum number of seconds to keep a negative cached entry in memory
+max-cache-entries=<%= @max_cache_entries %>
 max-negative-ttl=<%= @max_negative_ttl %>
 
-# maximum number of simultaneous TCP clients
+# --- Public-facing things ---
+
+# This prevents pdns from polling a public server to check for sec fixes
+# XXX 4.x-only!
+security-poll-suffix=
+
+# which domains we only accept delegations from
+delegation-only=com,net
+
+# Root hints distributed by Debian
+hint-file=/usr/share/dns/root.hints
+
+# --- Scaling / Limits ---
+
+# For now (4.0.x), we want to keep threads to a more-reasonable value like 4
+# because they're sharing a socket and waking up under thundering-herd
+# behavior.
+# Later (4.1), we can raise threads to 8+ (1/core) and leave the rest of the
+# settings below the same, and the recursor will properly use separate
+# reuseport sockets
+
+# XXX 

[MediaWiki-commits] [Gerrit] mediawiki...Wikibase[master]: RCFilters: Make Wikidata filter conflict with non-minor edits

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/344451 )

Change subject: RCFilters: Make Wikidata filter conflict with non-minor edits
..


RCFilters: Make Wikidata filter conflict with non-minor edits

Bug: T161665
Change-Id: I5fc9707df56b1faf03f98cf04fdc7d705e10b1da
---
M client/i18n/en.json
M client/i18n/qqq.json
M client/includes/Hooks/ChangesListSpecialPageHookHandlers.php
3 files changed, 15 insertions(+), 1 deletion(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/client/i18n/en.json b/client/i18n/en.json
index 565b5ae..d64854c 100644
--- a/client/i18n/en.json
+++ b/client/i18n/en.json
@@ -81,6 +81,9 @@
"wikibase-rcfilters-hide-wikibase-conflicts-ores-global": "The 
\"{{WBREPONAME}} edits\" filter is conflicting with one or more Contribution 
Quality or User Intent filters. Quality and Intent predictions are not 
available for {{WBREPONAME}} edits. The conflicting filters are marked in the 
Active Filters area, above.",
"wikibase-rcfilters-damaging-conflicts-hide-wikibase": "Contribution 
Quality predictions are not available for certain types of change, so this 
filter conflicts with the following Type of Change 
{{PLURAL:$2|filter|filters}}: $1",
"wikibase-rcfilters-goodfaith-conflicts-hide-wikibase": "User Intent 
predictions are not available for certain types of change, so this filter 
conflicts with the following Type of Change {{PLURAL:$2|filter|filters}}: $1",
+   "wikibase-rcfilters-hide-wikibase-conflicts-major-global": "All 
{{WBREPONAME}} edits are designated as \"minor\", so the \"{{WBREPONAME}} 
edits\" filter conflicts with the \"Non-minor edits\" filter.",
+   "wikibase-rcfilters-major-conflicts-hide-wikibase": "All {{WBREPONAME}} 
edits are designated as \"minor\", so the \"{{WBREPONAME}} edits\" filter 
conflicts with the \"Non-minor edits\" filter.",
+   "wikibase-rcfilters-hide-wikibase-conflicts-major": "All {{WBREPONAME}} 
edits are designated as \"minor\", so the \"{{WBREPONAME}} edits\" filter 
conflicts with the \"Non-minor edits\" filter.",
"wikibase-replicationnote": "Please notice that it can take several 
minutes until the changes are visible on all wikis.",
"wikibase-watchlist-show-changes-pref": "Show {{WBREPONAME}} edits in 
your watchlist",
"wikibase-error-deserialize-error": "Failed to deserialize data.",
diff --git a/client/i18n/qqq.json b/client/i18n/qqq.json
index 91f05e2..6ba3017 100644
--- a/client/i18n/qqq.json
+++ b/client/i18n/qqq.json
@@ -92,6 +92,9 @@
"wikibase-rcfilters-hide-wikibase-conflicts-ores-global": "Message 
shown in the result area when both an ORES filter and the 'Wikidata edits' 
filter are selected.  This indicates that no results will be shown because 
propagated Wikidata edits do not have ORES scores available.\n\n* \"Wikidata 
edits\" is {{msg-mw|wikibase-rcfilters-hide-wikibase-label}}.\n* \"Contribution 
quality\" is based on {{msg-mw|Ores-rcfilters-damaging-title}}.\n* \"User 
intent\" is based on {{msg-mw|Ores-rcfilters-goodfaith-title}}.\n* \"Active 
Filters\" is based on {{msg-mw|rcfilters-activefilters}}.",
"wikibase-rcfilters-damaging-conflicts-hide-wikibase": "Tooltip shown 
when hovering over a 'Contribution quality predictions' filter tag, when the 
'Wikidata edits' filter is selected and there is a conflict.  Propagated 
Wikidata edits do not have ORES scores avaialble.  Parameters:\n* $1 - 
Comma-separated string of selected Type of Change filters, e.g. \"Wikidata 
edits\"\n* $2 - Count of selected Type of Change filters, for PLURAL",
"wikibase-rcfilters-goodfaith-conflicts-hide-wikibase": "Tooltip shown 
when hovering over a 'User intent predictions' filter tag, when the 'Wikidata 
edits' filter is selected and there is a conflict.  'Wikidata edits' are not 
scored by ORES.  Parameters:\n* $1 - Comma-separated string of selected Type of 
Change filters, e.g. \"Wikidata edits\"\n* $2 - Count of selected Type of 
Change filters, for PLURAL",
+   "wikibase-rcfilters-hide-wikibase-conflicts-major-global": "Message 
shown in the result area when both the Non-minor filter and 'Wikidata edits' 
filter are selected.  This indicates that no results will be 
shown.\n\n\"Non-minor edits\" is 
{{msg-mw|rcfilters-filter-major-label}}.\n\n\"Wikidata edits\" is 
{{msg-mw|wikibase-rcfilters-hide-wikibase-label}}.",
+   "wikibase-rcfilters-major-conflicts-hide-wikibase": "Tooltip shown when 
hovering over the Non-minor edits tag when 'Wikidata edits' filter is also 
selected.\n\n\"Non-minor edits\" is 
{{msg-mw|rcfilters-filter-major-label}}.\n\n\"\"Wikidata edits\" is 
{{msg-mw|wikibase-rcfilters-hide-wikibase-label}}.\n\nThis indicates that no 
results will be shown.",
+   "wikibase-rcfilters-hide-wikibase-conflicts-major": "Tooltip shown when 
hovering over a 'Wikidata edits' filter tag 

[MediaWiki-commits] [Gerrit] mediawiki...CentralNotice[master]: CNChoiceDataModule: Avoid deprecated getModifiedHash()

[Krinkle (Code Review)]

Krinkle has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346936 )

Change subject: CNChoiceDataModule: Avoid deprecated getModifiedHash()
..

CNChoiceDataModule: Avoid deprecated getModifiedHash()

ResourceLoaderModule::getModifiedHash was deprecated in 1.26
in favour of appending information to the array from
getDefinitionSummary (aded in MediaWiki 1.23).

The main benefit is so that getVersionHash() does not trigger
multiple phases of serialize, json_encode, md5 and/or sha1.
Instead, it only happens once and outside the concern of module
sub classes.

This is the last use of getModifiedHash() in Wikimedia Git,
Core and other extensions have also adopted getDefinitionSummary
(See Wikibase, Cite, ULS, EventLogging, etc.).

Change-Id: I0f76af33dc6f309d8c1969b078706e0283608a29
---
M includes/CNChoiceDataResourceLoaderModule.php
1 file changed, 7 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/CentralNotice 
refs/changes/36/346936/1

diff --git a/includes/CNChoiceDataResourceLoaderModule.php 
b/includes/CNChoiceDataResourceLoaderModule.php
index 763d40b..97e340e 100644
--- a/includes/CNChoiceDataResourceLoaderModule.php
+++ b/includes/CNChoiceDataResourceLoaderModule.php
@@ -162,9 +162,13 @@
}
 
/**
-* @see ResourceLoaderModule::getModifiedHash()
+* @see ResourceLoaderModule::getDefinitionSummary()
 */
-   public function getModifiedHash( ResourceLoaderContext $context ) {
-   return md5( serialize( $this->getChoices( $context ) ) );
+   public function getDefinitionSummary( ResourceLoaderContext $context ) {
+   $summary = parent::getDefinitionSummary( $context );
+   $summary[] = [
+   'choices' => $this->getChoices( $context ),
+   ];
+   return $summary;
}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346936
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0f76af33dc6f309d8c1969b078706e0283608a29
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/CentralNotice
Gerrit-Branch: master
Gerrit-Owner: Krinkle 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...FlaggedRevs[master]: FlaggablePageView#changeSaveButton: Address i18n FIXME, use ...

[Jforrester (Code Review)]

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346934 )

Change subject: FlaggablePageView#changeSaveButton: Address i18n FIXME, use the 
brackets message
..

FlaggablePageView#changeSaveButton: Address i18n FIXME, use the brackets message

Change-Id: Ia79fb800696bcfde72ae6a56e1004b6f31a085aa
---
M frontend/FlaggablePageView.php
1 file changed, 7 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/FlaggedRevs 
refs/changes/34/346934/1

diff --git a/frontend/FlaggablePageView.php b/frontend/FlaggablePageView.php
index fa98347..64cbeae 100644
--- a/frontend/FlaggablePageView.php
+++ b/frontend/FlaggablePageView.php
@@ -1800,11 +1800,13 @@
$dom = new DOMDocument();
$dom->loadXML( $buttons['save'] ); // load button XML 
from hook
foreach ( $dom->getElementsByTagName( 'input' ) as 
$input ) { // one 
-   $input->setAttribute( 'value', $this->msg( 
'revreview-submitedit' )->text() );
-   // @todo i18n FIXME: Hard coded brackets.
-   $input->setAttribute( 'title', // keep accesskey
-   $this->msg( 
'revreview-submitedit-title' )->text() .
-   ' [' . $this->msg( 
'accesskey-save' )->text() . ']' );
+   $buttonLabel = $this->msg( 
'revreview-submitedit' )->text();
+   $input->setAttribute( 'value', $buttonLabel );
+
+   $buttonTitle = $this->msg( 
'revreview-submitedit-title' )->text() .
+   $this->msg( 'brackets', $this->msg( 
'accesskey-save' )->text() )->text();
+   $input->setAttribute( 'title', $buttonTitle ); 
// keep accesskey
+
# Change submit button text & title
$buttons['save'] = $dom->saveXML( 
$dom->documentElement );
}

-- 
To view, visit https://gerrit.wikimedia.org/r/346934
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia79fb800696bcfde72ae6a56e1004b6f31a085aa
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/FlaggedRevs
Gerrit-Branch: master
Gerrit-Owner: Jforrester 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...FlaggedRevs[master]: [WIP] Vary the 'submit changes' button on 'Publish' wikis

[Jforrester (Code Review)]

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346935 )

Change subject: [WIP] Vary the 'submit changes' button on 'Publish' wikis
..

[WIP] Vary the 'submit changes' button on 'Publish' wikis

Change-Id: Ibad41a3889d73e24b002c62717e860bcd1ab5de9
---
M frontend/FlaggablePageView.php
M i18n/flaggedrevs/en.json
2 files changed, 14 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/FlaggedRevs 
refs/changes/35/346935/1

diff --git a/frontend/FlaggablePageView.php b/frontend/FlaggablePageView.php
index 64cbeae..c3c634f 100644
--- a/frontend/FlaggablePageView.php
+++ b/frontend/FlaggablePageView.php
@@ -1793,17 +1793,25 @@
if ( !$this->editWillRequireReview( $editPage ) ) {
return true; // edit will go live or be reviewed on save
}
+
if ( extension_loaded( 'domxml' ) ) {
wfDebug( "Warning: you have the obsolete domxml 
extension for PHP. Please remove it!\n" );
return true; # PECL extension conflicts with the core 
DOM extension (see bug 13770)
-   } elseif ( isset( $buttons['save'] ) && extension_loaded( 'dom' 
) ) {
+   }
+
+   $labelAsPublish =
+   $editPage->mArticle->getContext()->getConfig()->get( 
'EditSubmitButtonLabelPublish' );
+
+   if ( isset( $buttons['save'] ) && extension_loaded( 'dom' ) ) {
$dom = new DOMDocument();
$dom->loadXML( $buttons['save'] ); // load button XML 
from hook
foreach ( $dom->getElementsByTagName( 'input' ) as 
$input ) { // one 
-   $buttonLabel = $this->msg( 
'revreview-submitedit' )->text();
+   $buttonLabelKey = $labelAsPublish ? 
'revreview-publishsubmitedit' : 'revreview-submitedit';
+   $buttonLabel = $this->msg( $buttonLabelKey 
)->text();
$input->setAttribute( 'value', $buttonLabel );
 
-   $buttonTitle = $this->msg( 
'revreview-submitedit-title' )->text() .
+   $buttonTitleKey = $labelAsPublish ? 
'revreview-publishsubmitedit-title' : 'revreview-submitedit-title';
+   $buttonTitle = $this->msg( $buttonTitleKey 
)->text() .
$this->msg( 'brackets', $this->msg( 
'accesskey-save' )->text() )->text();
$input->setAttribute( 'title', $buttonTitle ); 
// keep accesskey
 
diff --git a/i18n/flaggedrevs/en.json b/i18n/flaggedrevs/en.json
index 3bab82f..9ec183f 100644
--- a/i18n/flaggedrevs/en.json
+++ b/i18n/flaggedrevs/en.json
@@ -97,6 +97,8 @@
"revreview-editnotice": "'''Your changes will be displayed to readers 
once an authorized user accepts them. 
([[{{MediaWiki:Validationpage}}|help]])'''",
"revreview-submitedit": "Submit changes",
"revreview-submitedit-title": "Submit your changes for review",
+   "revreview-publishsubmitedit": "Publish changes",
+   "revreview-publishsubmitedit-title": "Publish your changes for review",
"revreview-edited": "'''Your changes will be displayed to readers once 
an authorized user accepts them. 
([[{{MediaWiki:Validationpage}}|help]])'''\n\nThere {{PLURAL:$2|is|are}} 
[{{fullurl:{{FULLPAGENAMEE}}|oldid=$1=cur{{MediaWiki:flaggedrevs-diffonly
 $2 pending {{PLURAL:$2|change|changes}}] ''(shown below)'' awaiting review.",
"revreview-edited-section": "Return to page section named 
\"[[#$1|$2]]\".",
"revreview-newest-basic": 
"[{{fullurl:{{FULLPAGENAMEE}}|oldid=$1=cur{{MediaWiki:flaggedrevs-diffonly
 $3 {{PLURAL:$3|change|changes}}] in this version {{PLURAL:$3|is|are}} 
[[{{MediaWiki:Validationpage}}|pending review]].\nThe 
[{{fullurl:{{FULLPAGENAMEE}}|stable=1}} stable version] was 
[{{fullurl:{{#Special:Log}}|type=review={{FULLPAGENAMEE checked] on 
$2.",
@@ -200,4 +202,4 @@
"log-action-filter-stable-config": "New configuration",
"log-action-filter-stable-modify": "Modified configuration",
"log-action-filter-stable-reset": "Configuration reset"
-}
\ No newline at end of file
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/346935
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibad41a3889d73e24b002c62717e860bcd1ab5de9
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/FlaggedRevs
Gerrit-Branch: master
Gerrit-Owner: Jforrester 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...CentralNotice[master]: Admin UI campaign editor: Isolate and selectively load js/css

[Cdentinger (Code Review)]

Cdentinger has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346034 )

Change subject: Admin UI campaign editor: Isolate and selectively load js/css
..


Admin UI campaign editor: Isolate and selectively load js/css

Bug: T144453
Change-Id: Id03d141775c227bd3dcf081bfc6b7dbd51bac01f
---
M resources/infrastructure/campaignManager.css
M resources/infrastructure/campaignManager.js
M resources/infrastructure/ext.centralNotice.adminUi.css
M special/SpecialCentralNotice.php
4 files changed, 19 insertions(+), 12 deletions(-)

Approvals:
  jenkins-bot: Verified
  Awight: Looks good to me, approved



diff --git a/resources/infrastructure/campaignManager.css 
b/resources/infrastructure/campaignManager.css
index a7da508..73fc0ee 100644
--- a/resources/infrastructure/campaignManager.css
+++ b/resources/infrastructure/campaignManager.css
@@ -1,5 +1,5 @@
 /**
- * Styles specific to Special:CentralNotice
+ * Styles for campaign editor (handled by Special:CentralNotice)
  *
  * This file is part of the CentralNotice Extension to MediaWiki
  * https://www.mediawiki.org/wiki/Extension:CentralNotice
@@ -22,9 +22,6 @@
  *
  * @file
  */
-.cn-buttons {
-   text-align: right;
-}
 
 #preferences .ui-slider {
width: 50%;
diff --git a/resources/infrastructure/campaignManager.js 
b/resources/infrastructure/campaignManager.js
index 1a75453..a14855f 100644
--- a/resources/infrastructure/campaignManager.js
+++ b/resources/infrastructure/campaignManager.js
@@ -1,5 +1,5 @@
 /**
- * Backing JS for Special:CentralNotice, the campaign list view form.
+ * JS for campaign editor (handled by Special:CentralNotice)
  *
  * This file is part of the CentralNotice Extension to MediaWiki
  * https://www.mediawiki.org/wiki/Extension:CentralNotice
diff --git a/resources/infrastructure/ext.centralNotice.adminUi.css 
b/resources/infrastructure/ext.centralNotice.adminUi.css
index f4a2125..d3f5be4 100644
--- a/resources/infrastructure/ext.centralNotice.adminUi.css
+++ b/resources/infrastructure/ext.centralNotice.adminUi.css
@@ -1,8 +1,8 @@
 /* Common styles CentralNotice extension admin UI
  * @licence GNU General Public Licence 2.0 or later
  *
- * FIXME This file combines styles previously in centralnotice.css and 
adminui.common.css.
- * Check for coherence.
+ * FIXME This file combines styles previously in centralnotice.css and 
adminui.common.css,
+ * as well as one from campaignManager.css. Check for coherence.
  */
 
  /* Styles previously in centralnotice.css */
@@ -219,4 +219,10 @@
 }
 #mw-htmlform-banner-list .mw-label {
display: none;
-}
\ No newline at end of file
+}
+
+/* Styles from campaignManager.css */
+
+.cn-buttons {
+   text-align: right;
+}
diff --git a/special/SpecialCentralNotice.php b/special/SpecialCentralNotice.php
index b455ba6..c5a35b1 100644
--- a/special/SpecialCentralNotice.php
+++ b/special/SpecialCentralNotice.php
@@ -37,8 +37,6 @@
$out = $this->getOutput();
$request = $this->getRequest();
 
-   // Output ResourceLoader module for styling and javascript 
functions
-   $out->addModules( 'ext.centralNotice.adminUi.campaignManager' );
$this->addHelpLink( 
'//meta.wikimedia.org/wiki/Special:MyLanguage/Help:CentralNotice', true );
 
// Check permissions
@@ -473,12 +471,18 @@
 * @param $notice string The name of the campaign to view
 */
function outputNoticeDetail( $notice ) {
+
+   $out = $this->getOutput();
+
+   // Output specific ResourceLoader module
+   $out->addModules( 'ext.centralNotice.adminUi.campaignManager' );
+
$this->outputEnclosingDivStartTag();
 
$this->campaign = new Campaign( $notice ); // Todo: Convert the 
rest of this page to use this object
try {
if ( $this->campaign->isArchived() || 
$this->campaign->isLocked() ) {
-   $this->getOutput()->setSubtitle( $this->msg( 
'centralnotice-archive-edit-prevented' ) );
+   $out->setSubtitle( $this->msg( 
'centralnotice-archive-edit-prevented' ) );
$this->editable = false; // Todo: Fix this 
gross hack to prevent editing
}
} catch ( CampaignExistenceException $ex ) {
@@ -557,7 +561,7 @@
 
$this->displayCampaignWarnings();
 
-   $this->getOutput()->addHTML( $htmlOut );
+   $out->addHTML( $htmlOut );
$this->outputEnclosingDivEndTag();
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346034
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id03d141775c227bd3dcf081bfc6b7dbd51bac01f
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/extensions/CentralNotice
Gerrit-Branch: master

[MediaWiki-commits] [Gerrit] mediawiki...CentralNotice[master]: Admin UI: Consolidate common css

[Cdentinger (Code Review)]

Cdentinger has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346033 )

Change subject: Admin UI: Consolidate common css
..


Admin UI: Consolidate common css

Bug: T144453
Change-Id: Ib229bfc2c16e35222a6037334495505966817680
---
M extension.json
D resources/infrastructure/adminui.common.css
R resources/infrastructure/ext.centralNotice.adminUi.css
3 files changed, 83 insertions(+), 81 deletions(-)

Approvals:
  jenkins-bot: Verified
  Awight: Looks good to me, approved



diff --git a/extension.json b/extension.json
index d220b41..294490c 100644
--- a/extension.json
+++ b/extension.json
@@ -120,8 +120,7 @@
],
"scripts": "infrastructure/centralnotice.js",
"styles": [
-   "infrastructure/centralnotice.css",
-   "infrastructure/adminui.common.css"
+   "infrastructure/ext.centralNotice.adminUi.css"
],
"messages": [
"centralnotice-documentwrite-error",
diff --git a/resources/infrastructure/adminui.common.css 
b/resources/infrastructure/adminui.common.css
deleted file mode 100644
index 9495750..000
--- a/resources/infrastructure/adminui.common.css
+++ /dev/null
@@ -1,73 +0,0 @@
-#cn-js-error-warn {
-   padding: 0.5em;
-   background-color: #FF;
-   border: 2px solid #FF;
-   margin-bottom: 0.5em;
-   font-weight: bold;
-   text-align: center;
-}
-
-#cn-formsection-preview {
-   border: none;
-   margin: 0;
-   padding: 0;
-}
-#cn-formsection-preview legend {
-   display: none;
-}
-
-div.separate-form-element {
-   margin: 0.5em 0;
-}
-
-fieldset#cn-formsection-form-actions {
-   padding: 0.5em;
-   background-color: #F9F9F9;
-   border: 1px solid #2F6FAB;
-}
-fieldset#cn-formsection-form-actions legend {
-   display: none;
-}
-.cn-formbutton {
-   clear: none;
-   float: right;
-   display: inline;
-}
-
-input#mw-input-wpsummary,
-.cn-change-summary-input {
-   float: left;
-   margin-left: 3px;
-}
-
-label[for=mw-input-wpsummary],
-.cn-change-summary-label {
-   float: left;
-   position: relative;
-   top: 0.15em;
-   font-weight: bold;
-}
-
-.cn-dialog-message {
-   margin-bottom: 0.6em;
-}
-
-/* --- Banner preview list --- */
-#mw-htmlform-banner-list {
-   margin-left: 0.9em;
-}
-.cn-banner-list-element {
-   margin: 0.25em 0 0.5em 0.25em;
-}
-.cn-banner-preview-div {
-   border: 1px solid #A7D7F9;
-   padding: 1em;
-   margin-top: 0.5em;
-}
-#mw-htmlform-banner-list .mw-htmlform-field-HTMLCheckField {
-   display: inline-block;
-   float: left;
-}
-#mw-htmlform-banner-list .mw-label {
-   display: none;
-}
\ No newline at end of file
diff --git a/resources/infrastructure/centralnotice.css 
b/resources/infrastructure/ext.centralNotice.adminUi.css
similarity index 66%
rename from resources/infrastructure/centralnotice.css
rename to resources/infrastructure/ext.centralNotice.adminUi.css
index f6d33a5..f4a2125 100644
--- a/resources/infrastructure/centralnotice.css
+++ b/resources/infrastructure/ext.centralNotice.adminUi.css
@@ -1,11 +1,11 @@
-/* Stylesheet for the CentralNotice extension.
- *
- * @file
- * @ingroup Extensions
- * @author Ryan Kaldari 
- * @copyright © 2010 by Ryan Kaldari
+/* Common styles CentralNotice extension admin UI
  * @licence GNU General Public Licence 2.0 or later
+ *
+ * FIXME This file combines styles previously in centralnotice.css and 
adminui.common.css.
+ * Check for coherence.
  */
+
+ /* Styles previously in centralnotice.css */
 
 fieldset.prefsection {
margin:0;
@@ -143,4 +143,80 @@
padding: 0.5em;
background-color: #FF;
border: 2px solid #FF;
+}
+
+/* Styles previously in adminui.common.css */
+
+#cn-js-error-warn {
+   padding: 0.5em;
+   background-color: #FF;
+   border: 2px solid #FF;
+   margin-bottom: 0.5em;
+   font-weight: bold;
+   text-align: center;
+}
+
+#cn-formsection-preview {
+   border: none;
+   margin: 0;
+   padding: 0;
+}
+#cn-formsection-preview legend {
+   display: none;
+}
+
+div.separate-form-element {
+   margin: 0.5em 0;
+}
+
+fieldset#cn-formsection-form-actions {
+   padding: 0.5em;
+   background-color: #F9F9F9;
+   border: 1px solid #2F6FAB;
+}
+fieldset#cn-formsection-form-actions legend {
+   display: none;
+}
+.cn-formbutton {
+   clear: none;
+   float: right;
+   display: inline;
+}
+
+input#mw-input-wpsummary,
+.cn-change-summary-input {
+   float: left;
+   margin-left: 3px;
+}
+
+label[for=mw-input-wpsummary],
+.cn-change-summary-label {
+   float: left;
+   position: relative;
+   top: 0.15em;
+   

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: Bump $wgVersion and finalise RELEASE-NOTES for 1.27.2

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346857 )

Change subject: Bump $wgVersion and finalise RELEASE-NOTES for 1.27.2
..


Bump $wgVersion and finalise RELEASE-NOTES for 1.27.2

Change-Id: Ic430953abf5a3253c8fcca9becf05ce8ea4fb3ba
---
M RELEASE-NOTES-1.27
M includes/DefaultSettings.php
2 files changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 30d621f..9f6982d 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -1,5 +1,5 @@
 == MediaWiki 1.27.2 ==
-This is not a release yet!
+This is a security and maintenance release of the MediaWiki 1.27 branch.
 
 ApiCreateAccount was removed in 1.27.0. It was incorrectly still marked as
 deprecated (rather than already removed) in the RELEASE-NOTES at the point 
1.27.0
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 8c9a0f4..b63bcad 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.27.1';
+$wgVersion = '1.27.2';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php

-- 
To view, visit https://gerrit.wikimedia.org/r/346857
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic430953abf5a3253c8fcca9becf05ce8ea4fb3ba
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...VisualEditor[master]: dm.metaitems: Turn grouped metas into variadic ones

[Jforrester (Code Review)]

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346933 )

Change subject: dm.metaitems: Turn grouped metas into variadic ones
..

dm.metaitems: Turn grouped metas into variadic ones

We're getting rid of meta item grouping, so we need to prepare.

Merged:
* ve.dm.MWIndexMetaItem.js
  from ve.dm.MWIndexDisableMetaItem.js and ve.dm.MWIndexForceMetaItem.js
* ve.dm.MWNewSectionEditMetaItem.js
  from ve.dm.MWNewSectionEditDisableMetaItem.js and 
ve.dm.MWNewSectionEditForceMetaItem.js
* ve.dm.MWTOCMetaItem.js
  from ve.dm.MWTOCDisableMetaItem.js and ve.dm.MWTOCForceMetaItem.js

Change-Id: Ic8a9cdb1226dccac2c27e7f4b965c1590a7387c0
---
M extension.json
D modules/ve-mw/dm/metaitems/ve.dm.MWIndexDisableMetaItem.js
D modules/ve-mw/dm/metaitems/ve.dm.MWIndexForceMetaItem.js
A modules/ve-mw/dm/metaitems/ve.dm.MWIndexMetaItem.js
D modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditDisableMetaItem.js
D modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditForceMetaItem.js
A modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditMetaItem.js
D modules/ve-mw/dm/metaitems/ve.dm.MWTOCDisableMetaItem.js
D modules/ve-mw/dm/metaitems/ve.dm.MWTOCForceMetaItem.js
A modules/ve-mw/dm/metaitems/ve.dm.MWTOCMetaItem.js
M modules/ve-mw/ui/pages/ve.ui.MWAdvancedSettingsPage.js
M modules/ve-mw/ui/pages/ve.ui.MWSettingsPage.js
12 files changed, 229 insertions(+), 325 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/VisualEditor 
refs/changes/33/346933/1

diff --git a/extension.json b/extension.json
index e6106df..dc5f19c 100644
--- a/extension.json
+++ b/extension.json
@@ -1538,19 +1538,16 @@

"modules/ve-mw/dm/metaitems/ve.dm.MWDefaultSortMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWDisplayTitleMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWHiddenCategoryMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWIndexDisableMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWIndexForceMetaItem.js",
+   
"modules/ve-mw/dm/metaitems/ve.dm.MWIndexMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWLanguageMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditDisableMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditForceMetaItem.js",
+   
"modules/ve-mw/dm/metaitems/ve.dm.MWNewSectionEditMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWNoContentConvertMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWNoEditSectionMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWNoGalleryMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWNoTitleConvertMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWRedirectMetaItem.js",

"modules/ve-mw/dm/metaitems/ve.dm.MWStaticRedirectMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWTOCDisableMetaItem.js",
-   
"modules/ve-mw/dm/metaitems/ve.dm.MWTOCForceMetaItem.js",
+   
"modules/ve-mw/dm/metaitems/ve.dm.MWTOCMetaItem.js",

"modules/ve-mw/ui/widgets/ve.ui.MWCategoryInputWidget.js",

"modules/ve-mw/ui/widgets/ve.ui.MWCategoryPopupWidget.js",

"modules/ve-mw/ui/widgets/ve.ui.MWCategoryItemWidget.js",
diff --git a/modules/ve-mw/dm/metaitems/ve.dm.MWIndexDisableMetaItem.js 
b/modules/ve-mw/dm/metaitems/ve.dm.MWIndexDisableMetaItem.js
deleted file mode 100644
index 068b009..000
--- a/modules/ve-mw/dm/metaitems/ve.dm.MWIndexDisableMetaItem.js
+++ /dev/null
@@ -1,47 +0,0 @@
-/*!
- * VisualEditor DataModel MWIndexDisableMetaItem class.
- *
- * @copyright 2011-2017 VisualEditor Team and others; see AUTHORS.txt
- * @license The MIT License (MIT); see LICENSE.txt
- */
-
-/**
- * DataModel disable index meta item (for __NOINDEX__).
- *
- * @class
- * @extends ve.dm.MetaItem
- * @constructor
- * @param {Object} element Reference to element in meta-linmod
- */
-ve.dm.MWIndexDisableMetaItem = function VeDmMWIndexDisableMetaItem() {
-   // Parent constructor
-   ve.dm.MWIndexDisableMetaItem.super.apply( this, arguments );
-};
-
-/* Inheritance */
-
-OO.inheritClass( ve.dm.MWIndexDisableMetaItem, ve.dm.MetaItem );
-
-/* Static Properties */
-
-ve.dm.MWIndexDisableMetaItem.static.name = 'mwIndexDisable';
-
-ve.dm.MWIndexDisableMetaItem.static.group = 'mwIndex';
-
-ve.dm.MWIndexDisableMetaItem.static.matchTagNames = [ 'meta' ];
-
-ve.dm.MWIndexDisableMetaItem.static.matchRdfaTypes = [ 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Do not allow users to undelete a page they can't e...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346856 )

Change subject: SECURITY: Do not allow users to undelete a page they can't edit 
or create
..


SECURITY: Do not allow users to undelete a page they can't edit or create

If the page exists, it only checks edit rights, otherwise it
checks both edit and create rights.

This would only matter on wikis that have a non-default rights
configuration where there are users with undelete rights but a
restriction level enabled that prevents them from creating/editing
pages (or they otherwise aren't allowed to edit/create)

It should be noted that the error messages aren't used in the
normal UI currently, but they could be in the future, and
extensions could potentially be using them (The backend functions
return them, but the UI functions in Special:Undelete ignore
them)

Bug: T108138
Change-Id: I164b80534cf89e0afca264e9de07431484af8508
---
M RELEASE-NOTES-1.27
M includes/Title.php
M includes/api/ApiUndelete.php
M languages/i18n/en.json
M languages/i18n/qqq.json
5 files changed, 23 insertions(+), 5 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index b2ce3a5..30d621f 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -38,6 +38,8 @@
   in it's fallback chain when trying to work out where to write the cache.
 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
   syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is 
protected against
+  it.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/Title.php b/includes/Title.php
index 6ba53d6..4228f93 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2300,6 +2300,17 @@
) {
$errors[] = [ 'delete-toobig', 
$wgLang->formatNum( $wgDeleteRevisionsLimit ) ];
}
+   } elseif ( $action === 'undelete' ) {
+   if ( count( $this->getUserPermissionsErrorsInternal( 
'edit', $user, $rigor, true ) ) ) {
+   // Undeleting implies editing
+   $errors[] = [ 'undelete-cantedit' ];
+   }
+   if ( !$this->exists()
+   && count( 
$this->getUserPermissionsErrorsInternal( 'create', $user, $rigor, true ) )
+   ) {
+   // Undeleting where nothing currently exists 
implies creating
+   $errors[] = [ 'undelete-cantcreate' ];
+   }
}
return $errors;
}
diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php
index e24f2ce..e201c4e 100644
--- a/includes/api/ApiUndelete.php
+++ b/includes/api/ApiUndelete.php
@@ -34,9 +34,6 @@
 
$params = $this->extractRequestParams();
$user = $this->getUser();
-   if ( !$user->isAllowed( 'undelete' ) ) {
-   $this->dieUsageMsg( 'permdenied-undelete' );
-   }
 
if ( $user->isBlocked() ) {
$this->dieBlocked( $user->getBlock() );
@@ -47,6 +44,10 @@
$this->dieUsageMsg( [ 'invalidtitle', $params['title'] 
] );
}
 
+   if ( !$titleObj->userCan( 'undelete', $user, 'secure' ) ) {
+   $this->dieUsageMsg( 'permdenied-undelete' );
+   }
+
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( 
$params['tags'], $user );
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 10e504a..88361e3 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -4174,5 +4174,7 @@
"rawhtml-notallowed": "html tags cannot be used outside of 
normal pages.",
"gotointerwiki": "Leaving {{SITENAME}}",
"gotointerwiki-invalid": "The specified title was invalid.",
-   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1]."
+   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1].",
+   "undelete-cantedit": "You cannot undelete this page as you are not 
allowed to edit this page.",
+   "undelete-cantcreate": "You cannot undelete this page as there is no 
existing page with this name and you are not allowed to create this page."
 }
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index a43c8ff..00c4188 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -4352,5 +4352,7 @@

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: phpunit: Shadow getMock() as deprecated in MediaWikiTestCase

[Krinkle (Code Review)]

Krinkle has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346932 )

Change subject: phpunit: Shadow getMock() as deprecated in MediaWikiTestCase
..

phpunit: Shadow getMock() as deprecated in MediaWikiTestCase

Signature must match to avoid strict violation.

Change-Id: I562add78b675a30c45a9376db62f1e3dd5640f70
---
M tests/phpunit/MediaWikiTestCase.php
M tests/phpunit/tests/MediaWikiTestCaseTest.php
2 files changed, 38 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/32/346932/1

diff --git a/tests/phpunit/MediaWikiTestCase.php 
b/tests/phpunit/MediaWikiTestCase.php
index 29da00d..5e8ec2c 100644
--- a/tests/phpunit/MediaWikiTestCase.php
+++ b/tests/phpunit/MediaWikiTestCase.php
@@ -1309,6 +1309,26 @@
}
 
/**
+* Return a mock for the specified class.
+*
+* TestCase::getMock() is deprecated in PHPUnit 5. We currently use
+* PHPUnit 4 mainly but want to avoid addin new calls.
+*
+* @deprecated Use createMock() or getMockBuilder() instead.
+* @return PHPUnit_Framework_MockObject_MockObject
+* @throws PHPUnit_Framework_Exception
+*/
+   public function getMock( $originalClassName, $methods = [], array 
$arguments = [],
+   $mockClassName = '', $callOriginalConstructor = true, 
$callOriginalClone = true,
+   $callAutoload = true, $cloneArguments = false, 
$callOriginalMethods = false,
+   $proxyTarget = null
+   ) {
+   wfDeprecated( __METHOD__ );
+   $ret = call_user_func_array( [ 'parent', __FUNCTION__ ], 
func_get_args() );
+   return $ret;
+   }
+
+   /**
 * Return a test double for the specified class.
 *
 * @param string $originalClassName
diff --git a/tests/phpunit/tests/MediaWikiTestCaseTest.php 
b/tests/phpunit/tests/MediaWikiTestCaseTest.php
index 7d75ffe..679eccc 100644
--- a/tests/phpunit/tests/MediaWikiTestCaseTest.php
+++ b/tests/phpunit/tests/MediaWikiTestCaseTest.php
@@ -30,6 +30,24 @@
}
}
 
+   public function testGetMock() {
+   MWDebug::clearLog();
+   MediaWiki\suppressWarnings();
+
+   $this->assertInstanceOf(
+   HashBagOStuff::class,
+   $this->getMock( HashBagOStuff::class )
+   );
+
+   MediaWiki\restoreWarnings();
+   $log = MWDebug::getLog();
+   MWDebug::clearLog();
+
+   $this->assertEquals( 1, count( $log ) );
+   $this->assertEquals( 'deprecated', $log[0]['type'] );
+   $this->assertEquals( 'MediaWikiTestCaseTest::testGetMock', 
$log[0]['caller'] );
+   }
+
public function provideExistingKeysAndNewValues() {
$providedArray = [];
foreach ( array_keys( self::$startGlobals ) as $key ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/346932
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I562add78b675a30c45a9376db62f1e3dd5640f70
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Krinkle 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[printstyles]: Thumbnail styles

[Jdlrobson (Code Review)]

Jdlrobson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346931 )

Change subject: Thumbnail styles
..

Thumbnail styles

Left align thumbnails,
Add dividing line underneath
reset width if one has been specified

Bug: T159857
Change-Id: Id89ed933e531274a57bf44e46b9c466923a55e1c
---
M resources/skins.minerva.print.styles/article.less
1 file changed, 37 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/31/346931/1

diff --git a/resources/skins.minerva.print.styles/article.less 
b/resources/skins.minerva.print.styles/article.less
index 1a9ffe8..b9fa500 100644
--- a/resources/skins.minerva.print.styles/article.less
+++ b/resources/skins.minerva.print.styles/article.less
@@ -1,6 +1,9 @@
 @import 'minerva.variables';
 @import 'minerva.mixins';
 
+@dividerHeight: 2px;
+@dividerSpacing: 28px;
+
 .pre-content {
display: block;
padding: 51px 0 35px;
@@ -28,19 +31,45 @@
 #bodyContent {
padding-top: 55px;
position: relative;
-
&:before {
-   position: absolute;
top: 0;
-   left: 0;
-   content: '';
-   display: block;
-   width: 55px;
-   height: 2px;
-   background: @printBorderColor;
}
 }
 
+.thumbinner {
+   width: auto !important;
+}
+
+.thumb {
+   position: relative;
+   padding: (@dividerSpacing*2) + @dividerHeight 0 !important;
+   text-align: left;
+   position: relative;
+   margin: 0 !important;
+
+   &:after {
+   bottom: @dividerHeight + @dividerSpacing;
+   }
+}
+
+.thumb:after,
+#bodyContent:before {
+   position: absolute;
+   left: 0;
+   content: '';
+   display: block;
+   width: 55px;
+   height: @dividerHeight;
+   background: @printBorderColor;
+}
+
+.thumbcaption {
+   margin-top: 23px !important;
+   width: 100%;
+   font-style: italic;
+   font-size: 28px;
+}
+
 #mw-content-text {
font-size: 36px;
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346931
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id89ed933e531274a57bf44e46b9c466923a55e1c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: printstyles
Gerrit-Owner: Jdlrobson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[printstyles]: Improved references print styles

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346928 )

Change subject: Improved references print styles
..


Improved references print styles

* All text is italic;
* Links are not underlined;
* Backlink and external link icons are hidden.

Bug: T159857
Change-Id: Ie455e09e8475f007b5dada3e726a79b32ba15ace
---
A resources/skins.minerva.print.styles/references.less
M resources/skins.minerva.print.styles/styles.less
2 files changed, 15 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jdlrobson: Looks good to me, approved



diff --git a/resources/skins.minerva.print.styles/references.less 
b/resources/skins.minerva.print.styles/references.less
new file mode 100644
index 000..232b629
--- /dev/null
+++ b/resources/skins.minerva.print.styles/references.less
@@ -0,0 +1,14 @@
+.references {
+   .mw-cite-backlink {
+   display: none;
+   }
+   .reference-text {
+   font-style: italic;
+   }
+   a {
+   text-decoration: none;
+   }
+   .external.text {
+   background-image: none;
+   }
+}
diff --git a/resources/skins.minerva.print.styles/styles.less 
b/resources/skins.minerva.print.styles/styles.less
index cdecd88..3eccaf9 100644
--- a/resources/skins.minerva.print.styles/styles.less
+++ b/resources/skins.minerva.print.styles/styles.less
@@ -1,3 +1,4 @@
 /* stylelint-disable block-no-empty */
 @media print {
+   @import 'references.less';
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346928
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie455e09e8475f007b5dada3e726a79b32ba15ace
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: printstyles
Gerrit-Owner: Jdlrobson 
Gerrit-Reviewer: Bmansurov 
Gerrit-Reviewer: Jdlrobson 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[printstyles]: Merge branch 'master' into HEAD

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346930 )

Change subject: Merge branch 'master' into HEAD
..


Merge branch 'master' into HEAD

Change-Id: I4257232f375d3c8f230a644c2bbae35f856d00de
---
M README.md
1 file changed, 0 insertions(+), 19 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jdlrobson: Looks good to me, approved



diff --git a/README.md b/README.md
index 2d4ff12..c6e8374 100644
--- a/README.md
+++ b/README.md
@@ -339,7 +339,6 @@
 * Type: `Boolean`
 * Default: `false`
 
-<<< HEAD   (f3017c Feature flagged print styles)
  $wgMinervaPrintStyles
 
 A temporary configuration variable to control roll out of styles to improve 
the MobileFrontend print experience.
@@ -353,24 +352,6 @@
   ]
 ```
 
- $wgMinervaUseHeaderV2
-
-A temporary configuration variable to control display of a new header which 
converts the search input
-to an icon and shows the site logo.
-
-The config variable currently controls whether the styles and template for new 
header should be invoked.
-
-* Type: `Array`
-* Default:
-```php
-  [
-'beta' => true,
-'base' => false,
-  ]
-```
-
-===
->>> BRANCH (32a337 Merge "Login and logout url should always be relative")
  $wgMinervaPageActions
 
 Controls which page actions, if any, are displayed. Allowed: `edit`, `watch`, 
`talk`, and

-- 
To view, visit https://gerrit.wikimedia.org/r/346930
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4257232f375d3c8f230a644c2bbae35f856d00de
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: printstyles
Gerrit-Owner: Jdlrobson 
Gerrit-Reviewer: Jdlrobson 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vagrant[trusty-compat]: Add HD logos

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346925 )

Change subject: Add HD logos
..


Add HD logos

Bug: T100999
Change-Id: Idb8559a178f339c1eb6aa520f2d7d0a8ac2c003e
(cherry picked from commit 60c3c69d51deb6395621ceac0588a51f277e6eb5)
---
M LocalSettings.php
A puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
A puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
M puppet/modules/mediawiki/manifests/init.pp
4 files changed, 13 insertions(+), 0 deletions(-)

Approvals:
  Krinkle: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/LocalSettings.php b/LocalSettings.php
index c927378..85c32f2 100644
--- a/LocalSettings.php
+++ b/LocalSettings.php
@@ -51,6 +51,11 @@
 
 // Images
 $wgLogo = '/mediawiki-vagrant.png';
+$wgLogoHD = [
+   '1.5x' => '/mediawiki-vagrant-1.5x.png',
+   '2x'   => '/mediawiki-vagrant-2x.png'
+];
+
 $wgUseInstantCommons = true;
 $wgEnableUploads = true;
 
diff --git a/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png 
b/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
new file mode 100644
index 000..5941782
--- /dev/null
+++ b/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
Binary files differ
diff --git a/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png 
b/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
new file mode 100644
index 000..a0316fd
--- /dev/null
+++ b/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
Binary files differ
diff --git a/puppet/modules/mediawiki/manifests/init.pp 
b/puppet/modules/mediawiki/manifests/init.pp
index de21365..19c9218 100644
--- a/puppet/modules/mediawiki/manifests/init.pp
+++ b/puppet/modules/mediawiki/manifests/init.pp
@@ -170,6 +170,14 @@
 source => 'puppet:///modules/mediawiki/mediawiki-vagrant.png',
 }
 
+file { "${mediawiki::apache::docroot}/mediawiki-vagrant-1.5x.png":
+source => 'puppet:///modules/mediawiki/mediawiki-vagrant-1.5x.png',
+}
+
+file { "${mediawiki::apache::docroot}/mediawiki-vagrant-2x.png":
+source => 'puppet:///modules/mediawiki/mediawiki-vagrant-2x.png',
+}
+
 file { '/usr/local/bin/run-mediawiki-tests':
 source => 'puppet:///modules/mediawiki/run-mediawiki-tests',
 mode   => '0755',

-- 
To view, visit https://gerrit.wikimedia.org/r/346925
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Idb8559a178f339c1eb6aa520f2d7d0a8ac2c003e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: trusty-compat
Gerrit-Owner: Krinkle 
Gerrit-Reviewer: BryanDavis 
Gerrit-Reviewer: Dduvall 
Gerrit-Reviewer: Gilles 
Gerrit-Reviewer: Krinkle 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[master]: Merge branch 'master' into HEAD

[Jdlrobson (Code Review)]

Jdlrobson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346929 )

Change subject: Merge branch 'master' into HEAD
..

Merge branch 'master' into HEAD

Change-Id: I0596c2aabea145230b5259dc1063fbbeb802b90d
---
M README.md
1 file changed, 0 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/29/346929/1

diff --git a/README.md b/README.md
index 2d4ff12..c6e8374 100644
--- a/README.md
+++ b/README.md
@@ -339,7 +339,6 @@
 * Type: `Boolean`
 * Default: `false`
 
-<<< HEAD   (f3017c Feature flagged print styles)
  $wgMinervaPrintStyles
 
 A temporary configuration variable to control roll out of styles to improve 
the MobileFrontend print experience.
@@ -353,24 +352,6 @@
   ]
 ```
 
- $wgMinervaUseHeaderV2
-
-A temporary configuration variable to control display of a new header which 
converts the search input
-to an icon and shows the site logo.
-
-The config variable currently controls whether the styles and template for new 
header should be invoked.
-
-* Type: `Array`
-* Default:
-```php
-  [
-'beta' => true,
-'base' => false,
-  ]
-```
-
-===
->>> BRANCH (32a337 Merge "Login and logout url should always be relative")
  $wgMinervaPageActions
 
 Controls which page actions, if any, are displayed. Allowed: `edit`, `watch`, 
`talk`, and

-- 
To view, visit https://gerrit.wikimedia.org/r/346929
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0596c2aabea145230b5259dc1063fbbeb802b90d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: master
Gerrit-Owner: Jdlrobson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[printstyles]: Merge branch 'master' into HEAD

[Jdlrobson (Code Review)]

Jdlrobson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346930 )

Change subject: Merge branch 'master' into HEAD
..

Merge branch 'master' into HEAD

Change-Id: I4257232f375d3c8f230a644c2bbae35f856d00de
---
M README.md
1 file changed, 0 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/30/346930/1

diff --git a/README.md b/README.md
index 2d4ff12..c6e8374 100644
--- a/README.md
+++ b/README.md
@@ -339,7 +339,6 @@
 * Type: `Boolean`
 * Default: `false`
 
-<<< HEAD   (f3017c Feature flagged print styles)
  $wgMinervaPrintStyles
 
 A temporary configuration variable to control roll out of styles to improve 
the MobileFrontend print experience.
@@ -353,24 +352,6 @@
   ]
 ```
 
- $wgMinervaUseHeaderV2
-
-A temporary configuration variable to control display of a new header which 
converts the search input
-to an icon and shows the site logo.
-
-The config variable currently controls whether the styles and template for new 
header should be invoked.
-
-* Type: `Array`
-* Default:
-```php
-  [
-'beta' => true,
-'base' => false,
-  ]
-```
-
-===
->>> BRANCH (32a337 Merge "Login and logout url should always be relative")
  $wgMinervaPageActions
 
 Controls which page actions, if any, are displayed. Allowed: `edit`, `watch`, 
`talk`, and

-- 
To view, visit https://gerrit.wikimedia.org/r/346930
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4257232f375d3c8f230a644c2bbae35f856d00de
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: printstyles
Gerrit-Owner: Jdlrobson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[printstyles]: Improved references print styles

[Jdlrobson (Code Review)]

Jdlrobson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346928 )

Change subject: Improved references print styles
..

Improved references print styles

* All text is italic;
* Links are not underlined;
* Backlink and external link icons are hidden.

Bug: T159857
Change-Id: Ie455e09e8475f007b5dada3e726a79b32ba15ace
---
A resources/skins.minerva.print.styles/references.less
M resources/skins.minerva.print.styles/styles.less
2 files changed, 15 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/28/346928/1

diff --git a/resources/skins.minerva.print.styles/references.less 
b/resources/skins.minerva.print.styles/references.less
new file mode 100644
index 000..232b629
--- /dev/null
+++ b/resources/skins.minerva.print.styles/references.less
@@ -0,0 +1,14 @@
+.references {
+   .mw-cite-backlink {
+   display: none;
+   }
+   .reference-text {
+   font-style: italic;
+   }
+   a {
+   text-decoration: none;
+   }
+   .external.text {
+   background-image: none;
+   }
+}
diff --git a/resources/skins.minerva.print.styles/styles.less 
b/resources/skins.minerva.print.styles/styles.less
index 48114bd..d0e0379 100644
--- a/resources/skins.minerva.print.styles/styles.less
+++ b/resources/skins.minerva.print.styles/styles.less
@@ -1,4 +1,5 @@
 @media print {
@import 'article.less';
@import 'infobox.less';
+   @import 'references.less';
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346928
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie455e09e8475f007b5dada3e726a79b32ba15ace
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: printstyles
Gerrit-Owner: Jdlrobson 
Gerrit-Reviewer: Bmansurov 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MobileFrontend[master]: Log infobxes being wrapped in containers

[Pmiazga (Code Review)]

Pmiazga has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346927 )

Change subject: Log infobxes being wrapped in containers
..

Log infobxes being wrapped in containers

Lets log all page titles and revisions where infoboxes are wrapped
in any containers (the infobox parent node is not a lead section body)
Feature can be disabled by changing `MFLogWrappedInfoboxes` to false

Bug: T149884
Change-Id: If8ff2eb8d46bb3a53997038c5a17037591af4520
---
M extension.json
M includes/MobileFormatter.php
M tests/phpunit/MobileFormatterTest.php
3 files changed, 49 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/MobileFrontend 
refs/changes/27/346927/1

diff --git a/extension.json b/extension.json
index f2ceecd..212b435 100644
--- a/extension.json
+++ b/extension.json
@@ -1847,7 +1847,8 @@
],
"MFEnableManifest": true,
"MFManifestThemeColor": "#252525",
-   "MFManifestBackgroundColor": "#FF"
+   "MFManifestBackgroundColor": "#FF",
+   "MFLogWrappedInfoboxes": false
},
"manifest_version": 1
 }
diff --git a/includes/MobileFormatter.php b/includes/MobileFormatter.php
index 3d9d171..a88eaab 100644
--- a/includes/MobileFormatter.php
+++ b/includes/MobileFormatter.php
@@ -245,8 +245,23 @@
$leadSectionBody->insertBefore( $firstP, 
$infoboxAndParagraphs->item( 0 ) );
}
}
+   /**
+* @see https://phabricator.wikimedia.org/T149884
+* @todo remove after research is done
+*/
+   if ( MobileContext::singleton()->getMFConfig()->get( 
'MFLogWrappedInfoboxes' ) ) {
+   $this->logInfoboxesWrappedInContainers( 
$leadSectionBody, $xPath );
+   }
}
 
+   private function logInfoboxesWrappedInContainers( $leadSectionBody, 
DOMXPath $xPath ) {
+   $infoboxes = $xPath->query( 
'.//table[contains(@class,"infobox")]', $leadSectionBody );
+   if ( $infoboxes->length > 0 ) {
+   \MediaWiki\Logger\LoggerFactory::getInstance( 
'MobileFrontend' )->debug(
+   "Found infobox wrapped with container on 
{$this->title} (rev:{$this->revId})"
+   );
+   }
+   }
/**
 * Replaces any references links with a link to Special:MobileCite
 *
diff --git a/tests/phpunit/MobileFormatterTest.php 
b/tests/phpunit/MobileFormatterTest.php
index d0bb5db..8fb7eaf 100644
--- a/tests/phpunit/MobileFormatterTest.php
+++ b/tests/phpunit/MobileFormatterTest.php
@@ -817,4 +817,36 @@
$formatter = new MobileFormatter( $input, Title::newFromText( 
'Special:Foo' ) );
$formatter->filterContent( false, true, false );
}
+
+   /**
+* @see https://phabricator.wikimedia.org/T149884
+* @covers MobileFormatter::filterContent()
+*/
+   public function testLoggingOfInfoboxesBeingWrappedInContainers() {
+   $this->setMwGlobals( [
+   'wgMFLogWrappedInfoboxes' => true
+   ] );
+
+   $input =
+   'infobox' .
+   'paragraph 1';
+   $title = 'Special:T149884';
+
+   $formatter = new MobileFormatter( MobileFormatter::wrapHTML( 
$input ),
+   Title::newFromText( $title ) );
+   $formatter->enableExpandableSections();
+
+   $loggerMock = $this->getMock( \Psr\Log\LoggerInterface::class );
+   $loggerMock->expects( $this->once() )
+   ->method( 'debug' )
+   ->will( $this->returnCallback( function( $message ) use 
( $title ) {
+   // Debug message contains Page title
+   $this->assertContains( $title, $message );
+   // and contains revision id which is 0 by 
default
+   $this->assertContains( '0', $message );
+   } ) );
+
+   $this->setLogger( 'MobileFrontend', $loggerMock );
+   $formatter->filterContent( false, false, false, true );
+   }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346927
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If8ff2eb8d46bb3a53997038c5a17037591af4520
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/MobileFrontend
Gerrit-Branch: master
Gerrit-Owner: Pmiazga 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: mw_rc_irc: convert to profile/role structure

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346926 )

Change subject: mw_rc_irc: convert to profile/role structure
..

mw_rc_irc: convert to profile/role structure

Change-Id: I28e481efaa6b50ad2c57ea32dc03f6a1579c33f6
---
M manifests/site.pp
A modules/profile/manifests/mw_rc_irc.pp
M modules/role/manifests/mw_rc_irc.pp
3 files changed, 27 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/26/346926/1

diff --git a/manifests/site.pp b/manifests/site.pp
index a7a729d..ab00c61 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1143,8 +1143,6 @@
 # irc.wikimedia.org (replaced argon)
 node 'kraz.wikimedia.org' {
 role(mw_rc_irc)
-
-interface::add_ip6_mapped { 'main': }
 }
 
 # labservices1001 hosts openstack-designate, the labs DNS service.
diff --git a/modules/profile/manifests/mw_rc_irc.pp 
b/modules/profile/manifests/mw_rc_irc.pp
new file mode 100644
index 000..ed63d99
--- /dev/null
+++ b/modules/profile/manifests/mw_rc_irc.pp
@@ -0,0 +1,24 @@
+class profile::mw_rc_irc {
+
+interface::add_ip6_mapped { 'main': }
+
+$udpmxircecho_pass = $passwords::udpmxircecho::udpmxircecho_pass
+
+class { '::mw_rc_irc::irc_echo':
+ircpassword => $udpmxircecho_pass,
+}
+
+# IRCd - public access
+ferm::service { 'ircd_public':
+proto => 'tcp',
+port  => '(6664 6665  6667 6668 6669 8001)',
+}
+
+# IRC RecentChanges bot - gets updates from appservers
+ferm::service { 'udpmxircecho':
+proto  => 'udp',
+port   => '9390',
+srange => '$MW_APPSERVER_NETWORKS',
+}
+
+}
diff --git a/modules/role/manifests/mw_rc_irc.pp 
b/modules/role/manifests/mw_rc_irc.pp
index 7869b9e..8ea61ad 100644
--- a/modules/role/manifests/mw_rc_irc.pp
+++ b/modules/role/manifests/mw_rc_irc.pp
@@ -5,26 +5,8 @@
 
 include ::standard
 include ::base::firewall
-include passwords::udpmxircecho
-$udpmxircecho_pass = $passwords::udpmxircecho::udpmxircecho_pass
-
-class { '::mw_rc_irc::irc_echo':
-ircpassword => $udpmxircecho_pass,
-}
-
-include mw_rc_irc::ircserver
-
-# IRCd - public access
-ferm::service { 'ircd_public':
-proto => 'tcp',
-port  => '(6664 6665  6667 6668 6669 8001)',
-}
-
-# IRC RecentChanges bot - gets updates from appservers
-ferm::service { 'udpmxircecho':
-proto  => 'udp',
-port   => '9390',
-srange => '$MW_APPSERVER_NETWORKS',
-}
+include ::passwords::udpmxircecho
+include ::mw_rc_irc::ircserver
+include ::profile::mw_rc_irc
 
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346926
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I28e481efaa6b50ad2c57ea32dc03f6a1579c33f6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vagrant[trusty-compat]: Add HD logos

[Krinkle (Code Review)]

Krinkle has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346925 )

Change subject: Add HD logos
..

Add HD logos

Bug: T100999
Change-Id: Idb8559a178f339c1eb6aa520f2d7d0a8ac2c003e
(cherry picked from commit 60c3c69d51deb6395621ceac0588a51f277e6eb5)
---
M LocalSettings.php
A puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
A puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
M puppet/modules/mediawiki/manifests/init.pp
4 files changed, 13 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vagrant 
refs/changes/25/346925/1

diff --git a/LocalSettings.php b/LocalSettings.php
index c927378..85c32f2 100644
--- a/LocalSettings.php
+++ b/LocalSettings.php
@@ -51,6 +51,11 @@
 
 // Images
 $wgLogo = '/mediawiki-vagrant.png';
+$wgLogoHD = [
+   '1.5x' => '/mediawiki-vagrant-1.5x.png',
+   '2x'   => '/mediawiki-vagrant-2x.png'
+];
+
 $wgUseInstantCommons = true;
 $wgEnableUploads = true;
 
diff --git a/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png 
b/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
new file mode 100644
index 000..5941782
--- /dev/null
+++ b/puppet/modules/mediawiki/files/mediawiki-vagrant-1.5x.png
Binary files differ
diff --git a/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png 
b/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
new file mode 100644
index 000..a0316fd
--- /dev/null
+++ b/puppet/modules/mediawiki/files/mediawiki-vagrant-2x.png
Binary files differ
diff --git a/puppet/modules/mediawiki/manifests/init.pp 
b/puppet/modules/mediawiki/manifests/init.pp
index de21365..19c9218 100644
--- a/puppet/modules/mediawiki/manifests/init.pp
+++ b/puppet/modules/mediawiki/manifests/init.pp
@@ -170,6 +170,14 @@
 source => 'puppet:///modules/mediawiki/mediawiki-vagrant.png',
 }
 
+file { "${mediawiki::apache::docroot}/mediawiki-vagrant-1.5x.png":
+source => 'puppet:///modules/mediawiki/mediawiki-vagrant-1.5x.png',
+}
+
+file { "${mediawiki::apache::docroot}/mediawiki-vagrant-2x.png":
+source => 'puppet:///modules/mediawiki/mediawiki-vagrant-2x.png',
+}
+
 file { '/usr/local/bin/run-mediawiki-tests':
 source => 'puppet:///modules/mediawiki/run-mediawiki-tests',
 mode   => '0755',

-- 
To view, visit https://gerrit.wikimedia.org/r/346925
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idb8559a178f339c1eb6aa520f2d7d0a8ac2c003e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: trusty-compat
Gerrit-Owner: Krinkle 
Gerrit-Reviewer: Gilles 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...process-control[master]: Strip extra newline after job status

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346585 )

Change subject: Strip extra newline after job status
..


Strip extra newline after job status

Change-Id: Ifc95c860d8a2b84f0de03c1d6b3871531e29e0a3
---
M bin/run-job
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/bin/run-job b/bin/run-job
index 62dca5f..4c1a005 100755
--- a/bin/run-job
+++ b/bin/run-job
@@ -16,7 +16,7 @@
message = "{job} - {human_name}".format(job=job_name, 
human_name=job.name)
status = runner.JobRunner(job).status()
if status is not None:
-   message += "" + yaml.dump(status)
+   message += "" + yaml.dump(status).strip()
except AssertionError:
message = "{job} ***Invalid 
configuration***".format(job=job_name)
print(message)

-- 
To view, visit https://gerrit.wikimedia.org/r/346585
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifc95c860d8a2b84f0de03c1d6b3871531e29e0a3
Gerrit-PatchSet: 7
Gerrit-Project: wikimedia/fundraising/process-control
Gerrit-Branch: master
Gerrit-Owner: Awight 
Gerrit-Reviewer: Cdentinger 
Gerrit-Reviewer: Ejegg 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...process-control[master]: Include logfile path in failmails

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346583 )

Change subject: Include logfile path in failmails
..


Include logfile path in failmails

Change-Id: I919594c5c1c0f5316038d6ae63267806092c433e
---
M processcontrol/mailer.py
M processcontrol/runner.py
M tests/test_job_runner.py
3 files changed, 21 insertions(+), 14 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/processcontrol/mailer.py b/processcontrol/mailer.py
index 2d74472..ec17bfd 100644
--- a/processcontrol/mailer.py
+++ b/processcontrol/mailer.py
@@ -4,15 +4,20 @@
 
 
 class Mailer(object):
-def __init__(self, config):
-self.from_address = config.get("failmail/from_address")
-self.to_address = config.get("failmail/to_address")
+def __init__(self, job):
+self.job = job
+self.from_address = job.config.get("failmail/from_address")
+self.to_address = job.config.get("failmail/to_address")
 # FIXME: this is set to ensure one failmail per instance. Should
 # do something more sophisticated to collect all calls and send
 # the mail before exiting.
 self.sent_fail_mail = False
 
-def fail_mail(self, subject, body="Hope your wits are freshly sharpened!"):
+def fail_mail(self, subject, logfile=None):
+if logfile is not None:
+body = "See the logs for more information: 
{logfile}".format(logfile=logfile)
+else:
+body = "No details available."
 if self.sent_fail_mail:
 return
 
diff --git a/processcontrol/runner.py b/processcontrol/runner.py
index 1b05b57..e97494c 100644
--- a/processcontrol/runner.py
+++ b/processcontrol/runner.py
@@ -15,7 +15,8 @@
 def __init__(self, job):
 self.global_config = config.GlobalConfiguration()
 self.job = job
-self.mailer = mailer.Mailer(self.job.config)
+self.mailer = mailer.Mailer(self.job)
+self.logfile = None
 
 def run(self):
 # Check that we are the service user.
@@ -54,6 +55,7 @@
 
 self.process = subprocess.Popen(command, stdout=subprocess.PIPE, 
stderr=subprocess.PIPE, env=self.job.environment)
 streamer = output_streamer.OutputStreamer(self.process, self.job.slug, 
self.start_time)
+self.logfile = streamer.filename
 streamer.start()
 
 # should be safe from deadlocks because our OutputStreamer
@@ -69,25 +71,25 @@
 self.process = None
 
 def fail_exitcode(self, return_code):
-message = "Job {name} failed with code 
{code}".format(name=self.job.name, code=return_code)
+message = "{name} failed with code {code}".format(name=self.job.name, 
code=return_code)
 config.log.error(message)
 # TODO: Prevent future jobs according to config.
-self.mailer.fail_mail(message)
+self.mailer.fail_mail(message, logfile=self.logfile)
 raise JobFailure(message)
 
 def fail_has_stderr(self, stderr_data):
-message = "Job {name} printed things to 
stderr:".format(name=self.job.name)
+message = "{name} printed things to stderr:".format(name=self.job.name)
 config.log.error(message)
 body = stderr_data.decode("utf-8")
 config.log.error(body)
-self.mailer.fail_mail(message, body)
+self.mailer.fail_mail(message, body, logfile=self.logfile)
 raise JobFailure(message)
 
 def fail_timeout(self):
 self.process.kill()
-message = "Job {name} timed out after {timeout} 
minutes".format(name=self.job.name, timeout=self.job.timeout)
+message = "{name} timed out after {timeout} 
minutes".format(name=self.job.name, timeout=self.job.timeout)
 config.log.error(message)
-self.mailer.fail_mail(message)
+self.mailer.fail_mail(message, logfile=self.logfile)
 # FIXME: Job will return SIGKILL now, fail_exitcode should ignore that 
signal now?
 raise JobFailure(message)
 
diff --git a/tests/test_job_runner.py b/tests/test_job_runner.py
index a82e808..5af7fac 100644
--- a/tests/test_job_runner.py
+++ b/tests/test_job_runner.py
@@ -51,7 +51,7 @@
 run_job("return_code")
 
 loglines = caplog.actual()
-assert ("root", "ERROR", "Job False job failed with code 1") in loglines
+assert ("root", "ERROR", "False job failed with code 1") in loglines
 
 MockSmtp().sendmail.assert_called_once()
 
@@ -65,8 +65,8 @@
 run_job("timeout")
 
 loglines = caplog.actual()
-assert ("root", "ERROR", "Job Timing out job timed out after 0.005 
minutes") in loglines
-assert ("root", "ERROR", "Job Timing out job failed with code -9") in 
loglines
+assert ("root", "ERROR", "Timing out job timed out after 0.005 minutes") 
in loglines
+assert ("root", "ERROR", "Timing out job failed with code -9") in loglines
 
 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Always normalize link url before adding to ParserO...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346855 )

Change subject: SECURITY: Always normalize link url before adding to 
ParserOutput
..


SECURITY: Always normalize link url before adding to ParserOutput

Move link normalization directly into addExternalLink() method,
since you always need to do it - having it separate is just
inviting people to forget to normalize a link.

Additionally, links weren't properly registered for .
This was somewhat unnoticed, as the call to recursiveTagParse()
would register free links, but it wouldn't work for example with
protocol relative links.

Issue originally reported by MZMcBride.

Bug: T48143
Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
---
M RELEASE-NOTES-1.27
M includes/parser/Parser.php
M includes/parser/ParserOutput.php
3 files changed, 10 insertions(+), 7 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index ff34d4d..b2ce3a5 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -36,6 +36,8 @@
   declaration.
 * (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
   in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
+  syntax's link parameter.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 178d7fd..3adeb6c 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -1538,9 +1538,7 @@
true, 'free',
$this->getExternalLinkAttribs( $url ) );
# Register it in the output object...
-   # Replace unnecessary URL escape codes with their 
equivalent characters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
return $text . $trail;
}
@@ -1836,10 +1834,7 @@
$this->getExternalLinkAttribs( $url ) ) . 
$dtrail . $trail;
 
# Register link in the output object.
-   # Replace unnecessary URL escape codes with the 
referenced character
-   # This prevents spammers from hiding links from the 
filters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
 
return $s;
@@ -5445,9 +5440,11 @@
// check to see if link 
matches an absolute url, if not then it must be a wiki link.
if ( preg_match( 
"/^($prots)$addr$chars*$/u", $linkValue ) ) {
$link = 
$linkValue;
+   
$this->mOutput->addExternalLink( $link );
} else {
$localLinkTitle 
= Title::newFromText( $linkValue );
if ( 
$localLinkTitle !== null ) {
+   
$this->mOutput->addLink( $localLinkTitle );
$link = 
$localLinkTitle->getLinkURL();
}
}
diff --git a/includes/parser/ParserOutput.php b/includes/parser/ParserOutput.php
index 6c7ad4e..68305c5 100644
--- a/includes/parser/ParserOutput.php
+++ b/includes/parser/ParserOutput.php
@@ -509,6 +509,10 @@
# We don't register links pointing to our own server, unless... 
:-)
global $wgServer, $wgRegisterInternalExternals;
 
+   # Replace unnecessary URL escape codes with the referenced 
character
+   # This prevents spammers from hiding links from the filters
+   $url = parser::normalizeLinkUrl( $url );
+
$registerExternalLink = true;
if ( !$wgRegisterInternalExternals ) {
$registerExternalLink = !self::isLinkInternal( 
$wgServer, $url );

-- 
To view, visit https://gerrit.wikimedia.org/r/346855
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core

[MediaWiki-commits] [Gerrit] operations/puppet[production]: delete netmon::migration class, not needed anymore

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346924 )

Change subject: delete netmon::migration class, not needed anymore
..

delete netmon::migration class, not needed anymore

This was a temporary setup to migrate netmon1001 to jessie.
It has done the job and can be removed now. Gerrit2001
was just a random place to temp. store data since it is not in prod yet.

Change-Id: I1c77a0f01a3da1cc2e2e723a226df18ae731e83b
---
M manifests/site.pp
D modules/role/manifests/netmon/migration.pp
2 files changed, 0 insertions(+), 64 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/24/346924/1

diff --git a/manifests/site.pp b/manifests/site.pp
index a7a729d..4dfe31f 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1094,7 +1094,6 @@
 
 # upcoming gerrit server in codfw (T152525)
 node 'gerrit2001.wikimedia.org' {
-role('netmon::migration')
 include ::standard
 interface::add_ip6_mapped { 'main': }
 }
diff --git a/modules/role/manifests/netmon/migration.pp 
b/modules/role/manifests/netmon/migration.pp
deleted file mode 100644
index 0308bd7..000
--- a/modules/role/manifests/netmon/migration.pp
+++ /dev/null
@@ -1,63 +0,0 @@
-# temp. role to copy netmon1001 data for migration
-class role::netmon::migration {
-
-$sourceip='208.80.154.159'
-
-ferm::service { 'netmon-migration-rsync':
-proto  => 'tcp',
-port   => '873',
-srange => "${sourceip}/32",
-}
-
-include rsync::server
-
-file { [ '/srv/netmon1001',
-'/srv/netmon1001/librenms',
-'/srv/netmon1001/librenms/var',
-'/srv/netmon1001/librenms/var/lib',
-'/srv/netmon1001/librenms/var/lib/librenms',
-'/srv/netmon1001/smokeping',
-'/srv/netmon1001/smokeping/var',
-'/srv/netmon1001/smokeping/var/lib',
-'/srv/netmon1001/smokeping/var/lib/smokeping',
-'/srv/netmon1001/smokeping/var/cache',
-'/srv/netmon1001/smokeping/var/cache/smokeping',
-'/srv/netmon1001/torrus',
-'/srv/netmon1001/torrus/var',
-'/srv/netmon1001/torrus/var/cache',
-'/srv/netmon1001/torrus/var/cache/torrus',
-'/srv/netmon1001/torrus/var/lib',
-'/srv/netmon1001/torrus/var/lib/torrus', ]:
-ensure => 'directory',
-}
-
-rsync::server::module { 'librenms-lib':
-path=> '/srv/netmon1001/librenms/var/lib/librenms',
-read_only   => 'no',
-hosts_allow => $sourceip,
-}
-
-rsync::server::module { 'smokeping-lib':
-path=> '/srv/netmon1001/smokeping/var/lib/smokeping',
-read_only   => 'no',
-hosts_allow => $sourceip,
-}
-
-rsync::server::module { 'smokeping-cache':
-path=> '/srv/netmon1001/smokeping/var/cache/smokeping',
-read_only   => 'no',
-hosts_allow => $sourceip,
-}
-
-rsync::server::module { 'torrus-lib':
-path=> '/srv/netmon1001/torrus/var/lib/torrus',
-read_only   => 'no',
-hosts_allow => $sourceip,
-}
-
-rsync::server::module { 'torrus-cache':
-path=> '/srv/netmon1001/torrus/var/cache/torrus',
-read_only   => 'no',
-hosts_allow => $sourceip,
-}
-}

-- 
To view, visit https://gerrit.wikimedia.org/r/346924
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1c77a0f01a3da1cc2e2e723a226df18ae731e83b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: lists: convert to role/profile structure

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346923 )

Change subject: lists: convert to role/profile structure
..

lists: convert to role/profile structure

Change-Id: Ifdffd277d091b31f500084dfb3037e159b2b5ddd
---
M manifests/site.pp
R modules/profile/manifests/lists/server.pp
A modules/role/manifests/lists_server.pp
3 files changed, 20 insertions(+), 22 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/346923/1

diff --git a/manifests/site.pp b/manifests/site.pp
index a7a729d..06fe4ac 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1075,8 +1075,7 @@
 
 # virtual machine for mailman list server
 node 'fermium.wikimedia.org' {
-role(lists::server)
-interface::add_ip6_mapped { 'main': interface => 'eth0' }
+role(lists_server)
 }
 
 # ZIM dumps (https://en.wikipedia.org/wiki/ZIM_%28file_format%29)
diff --git a/modules/role/manifests/lists/server.pp 
b/modules/profile/manifests/lists/server.pp
similarity index 89%
rename from modules/role/manifests/lists/server.pp
rename to modules/profile/manifests/lists/server.pp
index 956c346..be9f7f7 100644
--- a/modules/role/manifests/lists/server.pp
+++ b/modules/profile/manifests/lists/server.pp
@@ -1,17 +1,12 @@
-class role::lists::server {
-include network::constants
-include ::base::firewall
-include ::standard
+class profile::lists_server (
+$outbound_ips = hiera_array('mailman::server_ip'),
+$list_outbound_ips = hiera_array('mailman::lists_ip'),
+) {
 
-system::role { 'role::lists::server':
-description => 'Mailing list server',
-}
-
-mailalias { 'root':
-recipient => 'r...@wikimedia.org',
-}
+mailalias { 'root': recipient => 'r...@wikimedia.org', }
 
 $lists_ip = hiera('mailman::lists_ip')
+interface::add_ip6_mapped { 'main': interface => 'eth0' },
 
 interface::ip { 'lists.wikimedia.org_v4':
 interface => 'eth0',
@@ -25,9 +20,6 @@
 prefixlen => '128',
 }
 
-$outbound_ips = hiera_array('mailman::server_ip')
-$list_outbound_ips = hiera_array('mailman::lists_ip')
-
 letsencrypt::cert::integrated { 'lists':
 subjects   => 'lists.wikimedia.org',
 puppet_svc => 'apache2',
@@ -35,16 +27,12 @@
 key_group  => 'Debian-exim',
 }
 
-include mailman
-
 class { 'spamassassin':
 required_score   => '4.0',
 use_bayes=> '0',
 bayes_auto_learn => '0',
 trusted_networks => $network::constants::all_networks,
 }
-
-include privateexim::listserve
 
 class { 'exim4':
 variant => 'heavy',
@@ -56,7 +44,6 @@
 Interface::Ip['lists.wikimedia.org_v6'],
 ],
 }
-include exim4::ganglia
 
 file { '/etc/exim4/aliases/lists.wikimedia.org':
 owner   => 'root',
@@ -72,7 +59,6 @@
 content  => secret('dkim/lists.wikimedia.org-wikimedia.key'),
 }
 
-include ::role::backup::host
 backup::set { 'var-lib-mailman': }
 
 monitoring::service { 'smtp':
diff --git a/modules/role/manifests/lists_server.pp 
b/modules/role/manifests/lists_server.pp
new file mode 100644
index 000..5cba141
--- /dev/null
+++ b/modules/role/manifests/lists_server.pp
@@ -0,0 +1,13 @@
+# sets up a mailing list server
+class role::lists_server {
+
+system::role { 'role::lists_server': description => 'Mailing list server', 
}
+
+include ::network::constants
+include ::standard
+include ::mailman
+include ::privateexim::listserve
+include ::exim4::ganglia
+include ::role::backup::host
+include ::role::lists::server
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/346923
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifdffd277d091b31f500084dfb3037e159b2b5ddd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...process-control[master]: Add text to assertions

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346922 )

Change subject: Add text to assertions
..

Add text to assertions

Change-Id: I0352db2bcfab288e394954a823456c04e1b3c42a
---
M processcontrol/config.py
M processcontrol/job_spec.py
M processcontrol/output_streamer.py
M processcontrol/runner.py
4 files changed, 23 insertions(+), 17 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/process-control 
refs/changes/22/346922/1

diff --git a/processcontrol/config.py b/processcontrol/config.py
index 9934806..862e083 100644
--- a/processcontrol/config.py
+++ b/processcontrol/config.py
@@ -84,7 +84,7 @@
 class MissingKeyException(Exception):
 
 def __init__(self, path):
-message = "Missing configuration key '" + path + "'"
+message = "Missing configuration key '{path}'".format(path=path)
 super(MissingKeyException, self).__init__(message)
 
 
@@ -108,12 +108,16 @@
 self.validate_global_config()
 
 def validate_global_config(self):
-assert "cron_template" in self.values
-assert "job_directory" in self.values
-assert "output_crontab" in self.values
-assert "output_directory" in self.values
-assert "runner_path" in self.values
-assert "user" in self.values
+required_settings = (
+"cron_template",
+"job_directory",
+"output_crontab",
+"output_directory",
+"runner_path",
+"user",
+)
+for setting in required_settings:
+assert setting in self.values, "Global config invalid: missing 
required '{setting}'".format(setting=setting)
 
 
 class JobConfiguration(Configuration):
@@ -132,19 +136,19 @@
 self.validate_job_config()
 
 def validate_job_config(self):
-assert "name" in self.values
+assert "name" in self.values, "Job config invalid: missing required 
'name'"
 
-assert "command" in self.values
-assert "\n" not in self.values["command"]
+assert "command" in self.values, "Job config invalid: missing required 
'command'"
+assert "\n" not in self.values["command"], "Job config invalid: 
'command' may not contain newlines"
 
 if "schedule" in self.values:
 # No tricky assignments.
-assert "=" not in self.values["schedule"]
+assert "=" not in self.values["schedule"], "Job config invalid: 
'schedule' may not contain the '=' character"
 # Legal cron, but I don't want to deal with it.
-assert "@" not in self.values["schedule"]
+assert "@" not in self.values["schedule"], "Job config invalid: 
'schedule' may not contain the '@' character"
 # No line breaks
-assert "\n" not in self.values["schedule"]
+assert "\n" not in self.values["schedule"], "Job config invalid: 
'schedule' may not contain newlines"
 
 # Be sure the schedule is valid.
 terms = self.values["schedule"].split()
-assert len(terms) == 5
+assert len(terms) == 5, "Job config invalid: 'schedule' must 
contain 5 values separated by whitespace"
diff --git a/processcontrol/job_spec.py b/processcontrol/job_spec.py
index 797a00e..93f095c 100644
--- a/processcontrol/job_spec.py
+++ b/processcontrol/job_spec.py
@@ -31,7 +31,9 @@
 self.config_path = job_path_for_slug(slug)
 
 # Validate that we're not allowing directory traversal.
-assert os.path.dirname(os.path.realpath(self.config_path)) == 
os.path.abspath(self.global_config.get("job_directory"))
+job_directory = 
os.path.abspath(self.global_config.get("job_directory"))
+assert os.path.dirname(os.path.realpath(self.config_path)) == 
job_directory, \
+"You may only run jobs with configuration files in 
'{path}'".format(path=job_directory)
 
 self.config = config.JobConfiguration(self.global_config, 
self.config_path)
 
diff --git a/processcontrol/output_streamer.py 
b/processcontrol/output_streamer.py
index 39e767b..8e6a5ac 100644
--- a/processcontrol/output_streamer.py
+++ b/processcontrol/output_streamer.py
@@ -12,7 +12,7 @@
 Makes the output file path and creates parent directory if needed
 """
 output_directory = config.GlobalConfiguration().get("output_directory")
-assert os.access(output_directory, os.W_OK)
+assert os.access(output_directory, os.W_OK), "Make sure directory '{path}' 
exists and is writable".format(path=output_directory)
 
 # per-job directory
 job_log_directory = output_directory + "/" + slug
diff --git a/processcontrol/runner.py b/processcontrol/runner.py
index d6a20fe..e4c3f45 100644
--- a/processcontrol/runner.py
+++ b/processcontrol/runner.py
@@ -28,7 +28,7 @@
 passwd_entry = pwd.getpwuid(int(service_user))
 else:
 passwd_entry = 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: etherpad: convert to profile/role structure

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346921 )

Change subject: etherpad: convert to profile/role structure
..

etherpad: convert to profile/role structure

Change-Id: I7ec9581907bf9bfb29f35694144302e6eb65cb3a
---
M manifests/site.pp
R modules/profile/manifests/etherpad/server.pp
A modules/role/manifests/etherpad_server.pp
3 files changed, 12 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/21/346921/1

diff --git a/manifests/site.pp b/manifests/site.pp
index a7a729d..6227e3b 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1050,7 +1050,7 @@
 
 # Etherpad (virtual machine)
 node 'etherpad1001.eqiad.wmnet' {
-role(etherpad::server)
+role(etherpad_server)
 }
 
 # Receives log data from Kafka processes it, and broadcasts
diff --git a/modules/role/manifests/etherpad/server.pp 
b/modules/profile/manifests/etherpad/server.pp
similarity index 85%
rename from modules/role/manifests/etherpad/server.pp
rename to modules/profile/manifests/etherpad/server.pp
index 7f84afb..46be216 100644
--- a/modules/role/manifests/etherpad/server.pp
+++ b/modules/profile/manifests/etherpad/server.pp
@@ -1,12 +1,7 @@
 # sets up an Etherpad lite server
-class role::etherpad::server{
-include ::standard
-include ::base::firewall
-include passwords::etherpad_lite
+class profile::etherpad::server{
 
-system::role { 'etherpad::server':
-description => 'Etherpad-lite server'
-}
+include ::base::firewall
 
 class { '::etherpad':
 etherpad_db_user => $passwords::etherpad_lite::etherpad_db_user,
diff --git a/modules/role/manifests/etherpad_server.pp 
b/modules/role/manifests/etherpad_server.pp
new file mode 100644
index 000..b780414
--- /dev/null
+++ b/modules/role/manifests/etherpad_server.pp
@@ -0,0 +1,9 @@
+# sets up an Etherpad lite server
+class role::etherpad_server{
+
+system::role { 'etherpad::server': description => 'Etherpad-lite server' }
+
+include ::standard
+include ::profile::etherpad::server
+include ::passwords::etherpad_lite
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/346921
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7ec9581907bf9bfb29f35694144302e6eb65cb3a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...VisualEditor[master]: MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustme...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346917 )

Change subject: MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustment 
to anchor instead
..


MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustment to anchor instead

Otherwise the anchor isn't correctly aligned below the icon.

Change-Id: I73a9db9be63354f1fa459e844eb40be1d3130189
---
M modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
1 file changed, 4 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css 
b/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
index 7b33e7b..fafdbf7 100644
--- a/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
+++ b/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
@@ -10,6 +10,10 @@
z-index: 4;
 }
 
+.ve-init-mw-switchPopupWidget .oo-ui-popupWidget-anchor {
+   margin-left: 1.25em;
+}
+
 .ve-init-mw-switchPopupWidget .oo-ui-popupWidget-head {
font-weight: bold;
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346917
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I73a9db9be63354f1fa459e844eb40be1d3130189
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/VisualEditor
Gerrit-Branch: master
Gerrit-Owner: Catrope 
Gerrit-Reviewer: Jforrester 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...VisualEditor[master]: stylelint: Drop no-unsupported-browser-features references

[Jforrester (Code Review)]

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346920 )

Change subject: stylelint: Drop no-unsupported-browser-features references
..

stylelint: Drop no-unsupported-browser-features references

The rule hasn't been applied for a while, as it was deprecated upstream.

Change-Id: I7877d0e3bdcd05a609d61add2dc62d7598e348cb
---
M modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.css
M modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init-apextheme.css
M modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init.css
M modules/ve-mw/ui/styles/contextitems/ve.ui.MWInternalLinkContextItem.css
M modules/ve-mw/ui/styles/dialogs/ve.ui.MWGalleryDialog.css
M modules/ve-mw/ui/styles/dialogs/ve.ui.MWTransclusionDialog.css
M modules/ve-mw/ui/styles/dialogs/ve.ui.MWWelcomeDialog.css
M modules/ve-mw/ui/styles/tools/ve.ui.MWEducationPopupTool.css
M modules/ve-mw/ui/styles/widgets/ve.ui.MWCategoryWidget.css
M modules/ve-mw/ui/styles/widgets/ve.ui.MWMediaInfoFieldWidget.css
10 files changed, 8 insertions(+), 25 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/VisualEditor 
refs/changes/20/346920/1

diff --git a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.css 
b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.css
index 07e3403..7e84780 100644
--- a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.css
+++ b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.css
@@ -9,12 +9,12 @@
 
 .ve-init-mw-desktopArticleTarget-toolbar {
overflow: hidden;
-   transition: height 0.4s ease; /* stylelint-disable-line 
no-unsupported-browser-features */
+   transition: height 0.4s ease;
 }
 
 .ve-init-mw-desktopArticleTarget-toolbar > .oo-ui-toolbar-bar {
transform: translateY( -100% );
-   transition: transform 0.4s ease; /* stylelint-disable-line 
no-unsupported-browser-features */
+   transition: transform 0.4s ease;
 }
 
 .ve-init-mw-desktopArticleTarget-toolbar-opened {
diff --git 
a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init-apextheme.css 
b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init-apextheme.css
index 78405af..3b6a188 100644
--- 
a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init-apextheme.css
+++ 
b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init-apextheme.css
@@ -15,11 +15,9 @@
 .ve-init-mw-desktopArticleTarget-progress-bar {
border-right: 1px solid #ccc;
background: #cde7f4;
-   /* stylelint-disable no-unsupported-browser-features */
filter: progid:DXImageTransform.Microsoft.gradient( GradientType=0, 
startColorstr='#eaf4fa', endColorstr='#b0d9ee' );
background-image: -webkit-gradient( linear, right top, right bottom, 
color-stop( 0%, #eaf4fa ), color-stop( 100%, #b0d9ee ) );
background-image: -webkit-linear-gradient( top, #eaf4fa 0%, #b0d9ee 
100% );
background-image: -moz-linear-gradient( top, #eaf4fa 0%, #b0d9ee 100% );
background-image: linear-gradient( to bottom, #eaf4fa 0%, #b0d9ee 100% 
);
-   /* stylelint-enable no-unsupported-browser-features */
 }
diff --git a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init.css 
b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init.css
index 3a902bb..27c5b00 100644
--- a/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init.css
+++ b/modules/ve-mw/init/styles/ve.init.mw.DesktopArticleTarget.init.css
@@ -44,14 +44,11 @@
 .ve-loading #content > :not( .ve-init-mw-desktopArticleTarget-loading-overlay 
),
 /* Once activated, all uneditable content except catlinks */
 .ve-activated .ve-init-mw-desktopArticleTarget-uneditableContent {
-   /* IE9 is supported with JS events */
-   /* stylelint-disable no-unsupported-browser-features */
pointer-events: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
-   /* stylelint-enable no-unsupported-browser-features */
opacity: 0.5;
 }
 
diff --git 
a/modules/ve-mw/ui/styles/contextitems/ve.ui.MWInternalLinkContextItem.css 
b/modules/ve-mw/ui/styles/contextitems/ve.ui.MWInternalLinkContextItem.css
index b1e3525..d9550e5 100644
--- a/modules/ve-mw/ui/styles/contextitems/ve.ui.MWInternalLinkContextItem.css
+++ b/modules/ve-mw/ui/styles/contextitems/ve.ui.MWInternalLinkContextItem.css
@@ -22,12 +22,12 @@
 
 .ve-ui-mwInternalLinkContextItem-hasImage {
background-color: transparent;
-   background-size: cover; /* stylelint-disable-line 
no-unsupported-browser-features */
+   background-size: cover;
 }
 
 .ve-ui-mwInternalLinkContextItem-withImage 
.ve-ui-mwInternalLinkContextItem-hasImage {
border: 0;
-   background-size: cover; /* stylelint-disable-line 
no-unsupported-browser-features */
+   background-size: cover;
opacity: 1;
 

[MediaWiki-commits] [Gerrit] oojs/ui[master]: demos: Remove scaling restrictions

[VolkerE (Code Review)]

VolkerE has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346919 )

Change subject: demos: Remove scaling restrictions
..

demos: Remove scaling restrictions

Removing scaling restrictions on demos. We have to both, provide a
real world demo environment and not limit scaling as it is negatively
impacting accessibility, which we should avoid.

Bug: T149652
Change-Id: Ie236aa9014d97cefb1e9ca15bc10ef3b3be172f7
---
M demos/index.html
1 file changed, 1 insertion(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/oojs/ui refs/changes/19/346919/1

diff --git a/demos/index.html b/demos/index.html
index 2391065..4571afe 100644
--- a/demos/index.html
+++ b/demos/index.html
@@ -3,8 +3,7 @@
 

OOjs UI Demos
-   
-   
+   




-- 
To view, visit https://gerrit.wikimedia.org/r/346919
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie236aa9014d97cefb1e9ca15bc10ef3b3be172f7
Gerrit-PatchSet: 1
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: VolkerE 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] VisualEditor/VisualEditor[master]: stylelint: Drop no-unsupported-browser-features references

[Jforrester (Code Review)]

Jforrester has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346918 )

Change subject: stylelint: Drop no-unsupported-browser-features references
..

stylelint: Drop no-unsupported-browser-features references

The rule hasn't been applied for a while, as it was deprecated upstream.

Change-Id: Ibef4f2dc8508983baab2094952cf2649a99fab36
---
M demos/ve/demo.css
M src/ce/styles/nodes/ve.ce.ActiveNode.css
M src/ce/styles/nodes/ve.ce.AlienNode.css
M src/ce/styles/nodes/ve.ce.BranchNode.css
M src/ce/styles/nodes/ve.ce.FocusableNode.css
M src/ce/styles/nodes/ve.ce.ResizableNode.css
M src/ce/styles/nodes/ve.ce.SectionNode.css
M src/ce/styles/nodes/ve.ce.TableCellNode.css
M src/ce/styles/nodes/ve.ce.TableNode.css
M src/ui/styles/dialogs/ve.ui.CommandHelpDialog.css
M src/ui/styles/dialogs/ve.ui.FindAndReplaceDialog.css
M src/ui/styles/dialogs/ve.ui.SpecialCharacterDialog.css
M src/ui/styles/dialogs/ve.ui.ToolbarDialog.css
M src/ui/styles/elements/ve.ui.DiffElement.css
M src/ui/styles/ve.ui.ContextItem.css
M src/ui/styles/ve.ui.DebugBar.css
M src/ui/styles/ve.ui.DesktopContext.css
M src/ui/styles/ve.ui.Overlay.css
M src/ui/styles/ve.ui.Toolbar.css
19 files changed, 18 insertions(+), 47 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/VisualEditor/VisualEditor 
refs/changes/18/346918/1

diff --git a/demos/ve/demo.css b/demos/ve/demo.css
index e544b19..5a70bfc 100644
--- a/demos/ve/demo.css
+++ b/demos/ve/demo.css
@@ -19,7 +19,7 @@
float: right;
margin: 0.5em 0 0 0;
background-repeat: no-repeat;
-   background-size: contain; /* stylelint-disable-line 
no-unsupported-browser-features */
+   background-size: contain;
 }
 
 .ve-pad-logo {
diff --git a/src/ce/styles/nodes/ve.ce.ActiveNode.css 
b/src/ce/styles/nodes/ve.ce.ActiveNode.css
index c64b817..079785e 100644
--- a/src/ce/styles/nodes/ve.ce.ActiveNode.css
+++ b/src/ce/styles/nodes/ve.ce.ActiveNode.css
@@ -10,5 +10,5 @@
 
 .ve-ce-focusableNode .ve-ce-activeNode,
 .ve-ce-focusableNode .ve-ce-activeNode * {
-   -moz-user-select: text; /* stylelint-disable-line 
no-unsupported-browser-features */
+   -moz-user-select: text;
 }
diff --git a/src/ce/styles/nodes/ve.ce.AlienNode.css 
b/src/ce/styles/nodes/ve.ce.AlienNode.css
index 24a2b98..88145a9 100644
--- a/src/ce/styles/nodes/ve.ce.AlienNode.css
+++ b/src/ce/styles/nodes/ve.ce.AlienNode.css
@@ -6,21 +6,17 @@
 
 .ve-ce-alienNode-highlights .ve-ce-focusableNode-highlight {
background-color: #95d14f;
-   /* stylelint-disable no-unsupported-browser-features */
background-image: -webkit-repeating-linear-gradient( -45deg, #fff 0, 
#fff 5px, #95d14f 5px, #95d14f 10px );
background-image: -moz-repeating-linear-gradient( -45deg, #fff 0, #fff 
5px, #95d14f 5px, #95d14f 10px );
background-image: repeating-linear-gradient( -45deg, #fff 0, #fff 5px, 
#95d14f 5px, #95d14f 10px );
background-size: 14px 14px;
cursor: not-allowed;
-   /* stylelint-enable no-unsupported-browser-features */
 }
 
 .ve-ce-surface-highlights-focused .ve-ce-alienNode-highlights 
.ve-ce-focusableNode-highlight {
-   /* stylelint-disable no-unsupported-browser-features */
background-image: -webkit-repeating-linear-gradient( -45deg, #6da9f7 0, 
#6da9f7 5px, #95d14f 5px, #95d14f 10px );
background-image: -moz-repeating-linear-gradient( -45deg, #6da9f7 0, 
#6da9f7 5px, #95d14f 5px, #95d14f 10px );
background-image: repeating-linear-gradient( -45deg, #6da9f7 0, #6da9f7 
5px, #95d14f 5px, #95d14f 10px );
-   /* stylelint-enable no-unsupported-browser-features */
 }
 
 .ve-ce-surface-highlights-blurred .ve-ce-alienNode-highlights {
diff --git a/src/ce/styles/nodes/ve.ce.BranchNode.css 
b/src/ce/styles/nodes/ve.ce.BranchNode.css
index bc22d1d..4e8f033 100644
--- a/src/ce/styles/nodes/ve.ce.BranchNode.css
+++ b/src/ce/styles/nodes/ve.ce.BranchNode.css
@@ -13,11 +13,9 @@
visibility: hidden;
opacity: 0;
cursor: pointer;
-   /* stylelint-disable no-unsupported-browser-features */
-webkit-transition: opacity 200ms ease-out;
-moz-transition: opacity 200ms ease-out;
transition: opacity 200ms ease-out;
-   /* stylelint-enable no-unsupported-browser-features */
 }
 
 .ve-ce-branchNode-blockSlug,
@@ -42,11 +40,9 @@
background-color: transparent;
outline-color: transparent;
outline-offset: 1em;
-   /* stylelint-disable no-unsupported-browser-features */
-webkit-transition: all 400ms ease-out;
-moz-transition: all 400ms ease-out;
transition: all 400ms ease-out;
-   /* stylelint-enable no-unsupported-browser-features */
 }
 
 .ve-ce-branchNode-blockSlug > .oo-ui-buttonWidget {
@@ -62,7 +58,7 @@
 .ve-ce-branchNode-blockSlug > .oo-ui-buttonWidget > 
.oo-ui-buttonElement-button > .oo-ui-iconElement-icon {
width: 0.95em;
height: 0.95em;

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Don't write LocalisationCache to temporary directory

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346854 )

Change subject: SECURITY: Don't write LocalisationCache to temporary directory
..


SECURITY: Don't write LocalisationCache to temporary directory

Bug: T161453
Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
---
M RELEASE-NOTES-1.27
M includes/cache/localisation/LocalisationCache.php
2 files changed, 8 insertions(+), 8 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 94efaa1..ff34d4d 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -34,6 +34,8 @@
 * (T156184) SECURITY: Escape content model/format url parameter in message.
 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
   declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
+  in it's fallback chain when trying to work out where to write the cache.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/cache/localisation/LocalisationCache.php 
b/includes/cache/localisation/LocalisationCache.php
index dd7d81a..dcf2736 100644
--- a/includes/cache/localisation/LocalisationCache.php
+++ b/includes/cache/localisation/LocalisationCache.php
@@ -210,19 +210,17 @@
case 'detect':
if ( !empty( $conf['storeDirectory'] ) 
) {
$storeClass = 'LCStoreCDB';
+   } elseif ( $wgCacheDirectory ) {
+   $storeConf['directory'] = 
$wgCacheDirectory;
+   $storeClass = 'LCStoreCDB';
} else {
-   $cacheDir = $wgCacheDirectory 
?: wfTempDir();
-   if ( $cacheDir ) {
-   $storeConf['directory'] 
= $cacheDir;
-   $storeClass = 
'LCStoreCDB';
-   } else {
-   $storeClass = 
'LCStoreDB';
-   }
+   $storeClass = 'LCStoreDB';
}
break;
default:
throw new MWException(
-   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.' );
+   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.'
+   );
}
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346854
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Aaron Schulz 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Whitelist DTD declaration in SVG

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346853 )

Change subject: SECURITY: Whitelist DTD declaration in SVG
..


SECURITY: Whitelist DTD declaration in SVG

Only allow ENTITY declarations inside the doctype internal
subset. Do not allow parameter entities, recursive entity
references are entity values longer than 255 bytes, or
external entity references. Filter external doctype subset
to only allow the standard svg doctypes.

This prevents someone bypassing filter by using default
attribute values in internal dtd subset. No browser loads
the external dtd subset that I could find, but whitelist
just to be safe anyways.

Issue reported by Cassiogomes11.

Bug: T151735
Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
---
M RELEASE-NOTES-1.27
M includes/libs/XmlTypeCheck.php
M includes/upload/UploadBase.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/upload/UploadBaseTest.php
6 files changed, 321 insertions(+), 8 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 6ca333a..94efaa1 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -32,6 +32,8 @@
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
 * (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+  declaration.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/libs/XmlTypeCheck.php b/includes/libs/XmlTypeCheck.php
index f057140..7659dfd 100644
--- a/includes/libs/XmlTypeCheck.php
+++ b/includes/libs/XmlTypeCheck.php
@@ -73,19 +73,36 @@
 */
private $parserOptions = [
'processing_instruction_handler' => '',
+   'external_dtd_handler' => '',
+   'dtd_handler' => '',
+   'require_safe_dtd' => true
];
 
/**
+* Allow filtering an XML file.
+*
+* Filters should return either true or a string to indicate something
+* is wrong with the file. $this->filterMatch will store if the
+* file failed validation (true = failed validation).
+* $this->filterMatchType will contain the validation error.
+* $this->wellFormed will contain whether the xml file is well-formed.
+*
+* @note If multiple filters are hit, only one of them will have the
+*  result stored in $this->filterMatchType.
+*
 * @param string $input a filename or string containing the XML element
 * @param callable $filterCallback (optional)
 *Function to call to do additional custom validity checks from 
the
 *SAX element handler event. This gives you access to the 
element
 *namespace, name, attributes, and text contents.
-*Filter should return 'true' to toggle on $this->filterMatch
+*Filter should return a truthy value describing the error.
 * @param bool $isFile (optional) indicates if the first parameter is a
 *filename (default, true) or if it is a string (false)
 * @param array $options list of additional parsing options:
 *processing_instruction_handler: Callback for 
xml_set_processing_instruction_handler
+*external_dtd_handler: Callback for the url of external dtd 
subset
+*dtd_handler: Callback given the full text of the filterCallback = $filterCallback;
@@ -187,6 +204,9 @@
if ( $reader->nodeType === XMLReader::PI ) {
$this->processingInstructionHandler( 
$reader->name, $reader->value );
}
+   if ( $reader->nodeType === XMLReader::DOC_TYPE ) {
+   $this->DTDHandler( $reader );
+   }
} while ( $reader->nodeType != XMLReader::ELEMENT );
 
// Process the rest of the document
@@ -235,8 +255,13 @@
$reader->value
);
break;
+   case XMLReader::DOC_TYPE:
+   // We should never see a doctype after 
first
+   // element.
+   $this->wellFormed = false;
+   break;
default:
-   // One of DOC, DOC_TYPE, ENTITY, 
END_ENTITY,
+   // One of DOC, ENTITY, END_ENTITY,
// NOTATION, or XML_DECLARATION
// xml_parse didn't send these 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Escape wikitext content model/format in message

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346852 )

Change subject: SECURITY: Escape wikitext content model/format in message
..


SECURITY: Escape wikitext content model/format in message

Escape wikitext in model= and format= url parameter to
edit page. This goes along with 1c788944 to help prevent
XSS for wikis with $wgRawHtml = true; set.

Bug: T156184
Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
---
M RELEASE-NOTES-1.27
M includes/EditPage.php
2 files changed, 5 insertions(+), 1 deletion(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index d6cfebf..6ca333a 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -31,6 +31,7 @@
   their values out of the logs.
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/EditPage.php b/includes/EditPage.php
index ca2d6d1..8f6cd7e 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -980,7 +980,10 @@
throw new ErrorPageError(
'editpage-notsupportedcontentformat-title',
'editpage-notsupportedcontentformat-text',
-   [ $this->contentFormat, 
ContentHandler::getLocalizedName( $this->contentModel ) ]
+   [
+   wfEscapeWikiText( $this->contentFormat 
),
+   wfEscapeWikiText( 
ContentHandler::getLocalizedName( $this->contentModel ) )
+   ]
);
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346852
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Jackmcbarn 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: Tpt 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...VisualEditor[master]: MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustme...

[Catrope (Code Review)]

Catrope has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346917 )

Change subject: MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustment 
to anchor instead
..

MWVESwitchPopup: Follow-up 445f8b76a0525e0f1: apply adjustment to anchor instead

Otherwise the anchor isn't correctly aligned below the icon.

Change-Id: I73a9db9be63354f1fa459e844eb40be1d3130189
---
M lib/ve
M modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
2 files changed, 5 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/VisualEditor 
refs/changes/17/346917/1

diff --git a/lib/ve b/lib/ve
index 19a6c38..bf99ea5 16
--- a/lib/ve
+++ b/lib/ve
@@ -1 +1 @@
-Subproject commit 19a6c389cce3f69bd629140a193d382af42868d8
+Subproject commit bf99ea53bfc49fb4cc660ae182a55a9ed08ac3b5
diff --git a/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css 
b/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
index 7b33e7b..fafdbf7 100644
--- a/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
+++ b/modules/ve-mw/init/styles/ve.init.MWVESwitchPopupWidget.css
@@ -10,6 +10,10 @@
z-index: 4;
 }
 
+.ve-init-mw-switchPopupWidget .oo-ui-popupWidget-anchor {
+   margin-left: 1.25em;
+}
+
 .ve-init-mw-switchPopupWidget .oo-ui-popupWidget-head {
font-weight: bold;
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/346917
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I73a9db9be63354f1fa459e844eb40be1d3130189
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/VisualEditor
Gerrit-Branch: master
Gerrit-Owner: Catrope 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: phpunit: Avoid use of deprecated getMock for PHPUnit 5 compat

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/34 )

Change subject: phpunit: Avoid use of deprecated getMock for PHPUnit 5 compat
..


phpunit: Avoid use of deprecated getMock for PHPUnit 5 compat

The default will remain PHPUnit 4.x due to PHP 5.5 support.

But, we should allow developers to run tests with newer PHPUnit
versions which are noticably faster (especially for code coverage
reports).

* 

  PHPUnit 5 deprecates the getMock() shortcut for getMockBuilder()->getMock().
  It instead introduces the shortcut createMock() which has better defaults
  than getMockBuilder(). For example, it sets 'disableArgumentCloning' and
  other things by default.

  Going forward, code should either use getMockBuilder directly and configure
  it using the setter methods (instead of the confusing variadic arguments
  of getMock) or simply use the new minimalistic createMock method. This patch
  backports the createMock method to MediaWikiTestCase so that we can start
  using it.

Change-Id: I091c0289b21d2b1c876adba89529dc3e72b99af2
---
M tests/phpunit/MediaWikiTestCase.php
M tests/phpunit/includes/MWTimestampTest.php
M tests/phpunit/includes/MediaWikiServicesTest.php
M tests/phpunit/includes/Services/ServiceContainerTest.php
M tests/phpunit/includes/WatchedItemQueryServiceUnitTest.php
M tests/phpunit/includes/WatchedItemStoreUnitTest.php
M tests/phpunit/includes/WatchedItemUnitTest.php
M tests/phpunit/includes/api/ApiMainTest.php
M tests/phpunit/includes/auth/AbstractPrimaryAuthenticationProviderTest.php
M tests/phpunit/includes/auth/AbstractSecondaryAuthenticationProviderTest.php
M tests/phpunit/includes/auth/AuthManagerTest.php
M tests/phpunit/includes/auth/AuthPluginPrimaryAuthenticationProviderTest.php
M tests/phpunit/includes/auth/AuthenticationRequestTest.php
M 
tests/phpunit/includes/auth/EmailNotificationSecondaryAuthenticationProviderTest.php
M tests/phpunit/includes/auth/LegacyHookPreAuthenticationProviderTest.php
M tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
M 
tests/phpunit/includes/auth/TemporaryPasswordPrimaryAuthenticationProviderTest.php
M tests/phpunit/includes/auth/ThrottlePreAuthenticationProviderTest.php
M tests/phpunit/includes/auth/ThrottlerTest.php
M tests/phpunit/includes/changes/ChangesListStringOptionsFilterGroupTest.php
M tests/phpunit/includes/content/ContentHandlerTest.php
M tests/phpunit/includes/content/FileContentHandlerTest.php
M tests/phpunit/includes/content/TextContentHandlerTest.php
M tests/phpunit/includes/content/WikitextContentHandlerTest.php
M tests/phpunit/includes/debug/logger/monolog/KafkaHandlerTest.php
M tests/phpunit/includes/filerepo/FileBackendDBRepoWrapperTest.php
M tests/phpunit/includes/filerepo/MigrateFileRepoLayoutTest.php
M tests/phpunit/includes/filerepo/RepoGroupTest.php
M tests/phpunit/includes/filerepo/file/FileTest.php
M tests/phpunit/includes/jobqueue/JobTest.php
M tests/phpunit/includes/libs/MemoizedCallableTest.php
M tests/phpunit/includes/libs/SamplingStatsdClientTest.php
M tests/phpunit/includes/libs/objectcache/BagOStuffTest.php
M tests/phpunit/includes/libs/objectcache/WANObjectCacheTest.php
M tests/phpunit/includes/libs/rdbms/connectionmanager/ConnectionManagerTest.php
M 
tests/phpunit/includes/libs/rdbms/connectionmanager/SessionConsistentConnectionManagerTest.php
M tests/phpunit/includes/linker/LinkRendererFactoryTest.php
M tests/phpunit/includes/mail/MailAddressTest.php
M tests/phpunit/includes/search/SearchEngineTest.php
M tests/phpunit/includes/session/BotPasswordSessionProviderTest.php
M tests/phpunit/includes/session/CookieSessionProviderTest.php
M tests/phpunit/includes/session/ImmutableSessionProviderWithCookieTest.php
M tests/phpunit/includes/session/SessionBackendTest.php
M tests/phpunit/includes/session/SessionManagerTest.php
M tests/phpunit/includes/session/SessionTest.php
M tests/phpunit/includes/site/SiteExporterTest.php
M tests/phpunit/includes/site/SiteImporterTest.php
M tests/phpunit/includes/specials/SpecialPreferencesTest.php
M tests/phpunit/includes/user/BotPasswordTest.php
M tests/phpunit/includes/user/PasswordResetTest.php
M tests/phpunit/maintenance/MaintenanceTest.php
M tests/phpunit/maintenance/backupTextPassTest.php
M tests/phpunit/tests/MediaWikiTestCaseTest.php
53 files changed, 256 insertions(+), 185 deletions(-)

Approvals:
  Aaron Schulz: Looks good to me, approved
  jenkins-bot: Verified
  Anomie: Looks good to me, but someone else must approve



diff --git a/tests/phpunit/MediaWikiTestCase.php 
b/tests/phpunit/MediaWikiTestCase.php
index 564c0ff..29da00d 100644
--- a/tests/phpunit/MediaWikiTestCase.php
+++ b/tests/phpunit/MediaWikiTestCase.php
@@ -1298,6 +1298,7 @@
 */
public function __call( $func, $args ) {
static $compatibility = [
+

[MediaWiki-commits] [Gerrit] mediawiki...Wikibase[REL1_27]: Use default wiki id in example settings.

[Paladox (Code Review)]

Paladox has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346916 )

Change subject: Use default wiki id in example settings.
..

Use default wiki id in example settings.

Until now, we force the local wiki ID to "mywiki" in the exampel settings.
This triggers a warning if "mywiki" is not known to the SiteLookup.

Instead of forcing a fixed value, we can just rely on the default for the
local site ID, which is the wiki's database name. That is consistent with
the conventions used on the WMF cluster.

Bug: T153729
Change-Id: Ia0d578a8215280592001cfa5f413fb76e15a2d2f
(cherry picked from commit 8e5d3af54d8c5da0783ce1427c8deaf2d1a5d284)
(cherry picked from commit 166c4fc5b71f691c5b78579a4ab1ce69d940b777)
---
M client/config/WikibaseClient.example.php
1 file changed, 2 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Wikibase 
refs/changes/16/346916/1

diff --git a/client/config/WikibaseClient.example.php 
b/client/config/WikibaseClient.example.php
index 922cc2b..d54a763 100644
--- a/client/config/WikibaseClient.example.php
+++ b/client/config/WikibaseClient.example.php
@@ -19,7 +19,8 @@
 }
 
 // The global site ID by which this wiki is known on the repo.
-$wgWBClientSettings['siteGlobalID'] = "mywiki";
+// Defaults to $wgDBname.
+// $wgWBClientSettings['siteGlobalID'] = "mywiki";
 
 $wgWBClientSettings['injectRecentChanges'] = true;
 $wgWBClientSettings['showExternalRecentChanges'] = true;

-- 
To view, visit https://gerrit.wikimedia.org/r/346916
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia0d578a8215280592001cfa5f413fb76e15a2d2f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Wikibase
Gerrit-Branch: REL1_27
Gerrit-Owner: Paladox 
Gerrit-Reviewer: Daniel Kinzler 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: SpecialWatchlist: Check CSRF token when using "Mar...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346851 )

Change subject: SECURITY: SpecialWatchlist: Check CSRF token when using "Mark 
all pages visited"
..


SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"

Bug: T150044
Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
---
M RELEASE-NOTES-1.27
M includes/specials/SpecialWatchlist.php
2 files changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1a054a5..d6cfebf 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -29,6 +29,8 @@
   $wgAdvancedSearchHighlighting is true.
 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
   their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
+  token.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/specials/SpecialWatchlist.php 
b/includes/specials/SpecialWatchlist.php
index 15691f2..fcc0c91 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -76,6 +76,7 @@
if ( ( $config->get( 'EnotifWatchlist' ) || $config->get( 
'ShowUpdatedMarker' ) )
&& $request->getVal( 'reset' )
&& $request->wasPosted()
+   && $user->matchEditToken( $request->getVal( 'token' ) )
) {
$user->clearAllNotifications();
$output->redirect( $this->getPageTitle()->getFullURL( 
$opts->getChangedValues() ) );
@@ -604,6 +605,7 @@
'action' => 
$this->getPageTitle()->getLocalURL(),
'id' => 'mw-watchlist-resetbutton' ] ) . "\n" .
Xml::submitButton( $this->msg( 'enotif_reset' 
)->text(), [ 'name' => 'dummy' ] ) . "\n" .
+   Html::hidden( 'token', $user->getEditToken() ) . "\n" .
Html::hidden( 'reset', 'all' ) . "\n";
foreach ( $nondefaults as $key => $value ) {
$form .= Html::hidden( $key, $value ) . "\n";

-- 
To view, visit https://gerrit.wikimedia.org/r/346851
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Bartosz Dziewoński 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Florianschmidtwelzow 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...Popups[wmf/1.29.0-wmf.19]: actions: Correctly delay FETCH_COMPLETE

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346832 )

Change subject: actions: Correctly delay FETCH_COMPLETE
..


actions: Correctly delay FETCH_COMPLETE

I496fe317 caused a regression where the FETCH_COMPLETE was delayed for a
total of 650 ms rather than 500 ms. This is evidenced by a 150 ms step
in the median Time To Preview immediately after today's (Thursday, 6th
April) MediaWiki train [0].

[0] 
https://grafana.wikimedia.org/dashboard/db/reading-web-page-previews?refresh=1m=1=1491505806387=1491507027263

Change-Id: Ic31656208671766f2c08cfaf55babba64455a614
---
M resources/dist/index.js
M resources/dist/index.js.map
M src/actions.js
M tests/node-qunit/actions.test.js
4 files changed, 5 insertions(+), 5 deletions(-)

Approvals:
  Bmansurov: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dereckson: Looks good to me, approved




-- 
To view, visit https://gerrit.wikimedia.org/r/346832
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic31656208671766f2c08cfaf55babba64455a614
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Popups
Gerrit-Branch: wmf/1.29.0-wmf.19
Gerrit-Owner: Phuedx 
Gerrit-Reviewer: Bmansurov 
Gerrit-Reviewer: Dereckson 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: Bump $wgVersion and finalise RELEASE-NOTES for 1.28.1

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346867 )

Change subject: Bump $wgVersion and finalise RELEASE-NOTES for 1.28.1
..


Bump $wgVersion and finalise RELEASE-NOTES for 1.28.1

Change-Id: I4d9f9b245e2aa887b4fd04c917facdf5210d8923
---
M RELEASE-NOTES-1.28
M includes/DefaultSettings.php
2 files changed, 6 insertions(+), 5 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 49185c9..86f0657 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -1,5 +1,6 @@
 == MediaWiki 1.28.1 ==
-This is not a release yet!
+
+This is a security and maintenance release of the MediaWiki 1.28 branch.
 
 === Changes since 1.28.0 ===
 
@@ -7,12 +8,12 @@
   wikis with $wgJobRunRate > 0.
 * Fix fatal from "WaitConditionLoop" not being found, experienced when a wiki 
has
   more than one database server setup.
-* (T152717) Better escaping for PHP mail() command
+* (T152717) Better escaping for PHP mail() command,
 * (T154670) A missing method causing the MySQL installer to fatal in rare
   circumstances was restored.
 * (T154672) Un-deprecate ArticleAfterFetchContentObject hook.
-* (T158766) Avoid SQL error on MSSQL when using selectRowCount()
-* (T145635) Fix too long index error when installing with MSSQL
+* (T158766) Avoid SQL error on MSSQL when using selectRowCount().
+* (T145635) Fix too long index error when installing with MSSQL.
 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 
installed.
 * (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 
installs.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 846ed36..df0d63f 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.28.0';
+$wgVersion = '1.28.1';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php

-- 
To view, visit https://gerrit.wikimedia.org/r/346867
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4d9f9b245e2aa887b4fd04c917facdf5210d8923
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: API: Don't log "sensitive" parameters

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346850 )

Change subject: SECURITY: API: Don't log "sensitive" parameters
..


SECURITY: API: Don't log "sensitive" parameters

Stuff like passwords and CSRF tokens shouldn't be in the logs.

The fact of being sensitive is intentionally separated from the need to
be in the POST body because, for example, the wltoken parameter to
ApiQueryWatchlist needs to be in the query string to serve its purpose
but still shouldn't be logged.

Bug: T125177
Change-Id: I1d61f4dcf792d77401ee2e2988b1afcb2a2ad58f
---
M RELEASE-NOTES-1.27
M includes/api/ApiAuthManagerHelper.php
M includes/api/ApiBase.php
M includes/api/ApiCheckToken.php
M includes/api/ApiLogin.php
M includes/api/ApiMain.php
M includes/api/ApiQueryWatchlist.php
M includes/api/ApiQueryWatchlistRaw.php
8 files changed, 48 insertions(+), 3 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 3d4dfd3..1a054a5 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -27,6 +27,8 @@
   to interwiki links.
 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
   $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
 
 == MediaWiki 1.27.1 ==
 
@@ -341,6 +343,8 @@
 * Added action=changeauthenticationdata.
 * Added action=removeauthenticationdata.
 * Added action=resetpassword.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
 
 === Action API internal changes in 1.27 ===
 * ApiQueryORM removed.
diff --git a/includes/api/ApiAuthManagerHelper.php 
b/includes/api/ApiAuthManagerHelper.php
index da7c623..bdf1738 100644
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -171,6 +171,7 @@
$this->module->getMain()->markParamsUsed( array_keys( $data ) );
 
if ( $sensitive ) {
+   $this->module->getMain()->markParamsSensitive( 
array_keys( $sensitive ) );
try {
$this->module->requirePostedParameters( 
array_keys( $sensitive ), 'noprefix' );
} catch ( UsageException $ex ) {
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 40cc90a..7172e4d 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -171,6 +171,13 @@
 */
const PARAM_SUBMODULE_PARAM_PREFIX = 16;
 
+   /**
+* (boolean) Is the parameter sensitive? Note 'password'-type fields are
+* always sensitive regardless of the value of this field.
+* @since 1.28
+*/
+   const PARAM_SENSITIVE = 17;
+
/**@}*/
 
/** Fast query, standard limit. */
@@ -948,6 +955,11 @@
$type = 'NULL'; // allow everything
}
}
+
+   if ( $type == 'password' || !empty( 
$paramSettings[self::PARAM_SENSITIVE] ) ) {
+   $this->getMain()->markParamsSensitive( 
$encParamName );
+   }
+
}
 
if ( $type == 'boolean' ) {
@@ -2300,6 +2312,7 @@
$params['token'] = [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [
'api-help-param-token',
$this->needsToken(),
diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php
index 3d2159c..2736ff4 100644
--- a/includes/api/ApiCheckToken.php
+++ b/includes/api/ApiCheckToken.php
@@ -66,6 +66,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
],
'maxtokenage' => [
ApiBase::PARAM_TYPE => 'integer',
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 1798776..93215ca 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -264,6 +264,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => false, // for BC
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [ 
'api-help-param-token', 'login' ],
],
];

[MediaWiki-commits] [Gerrit] mediawiki...GuidedTour[master]: Tour: Fix initialize() race condition

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/343779 )

Change subject: Tour: Fix initialize() race condition
..


Tour: Fix initialize() race condition

Follows-up I4e9b366613bc.

Change-Id: If56e392cbc2c5faaa550a85110c74001ccd20825
---
M modules/ext.guidedTour.lib/ext.guidedTour.lib.Tour.js
M tests/qunit/ext.guidedTour.lib.tests.js
2 files changed, 17 insertions(+), 21 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/modules/ext.guidedTour.lib/ext.guidedTour.lib.Tour.js 
b/modules/ext.guidedTour.lib/ext.guidedTour.lib.Tour.js
index a11b6fa..a3d1ed8 100644
--- a/modules/ext.guidedTour.lib/ext.guidedTour.lib.Tour.js
+++ b/modules/ext.guidedTour.lib/ext.guidedTour.lib.Tour.js
@@ -134,12 +134,12 @@
this.isExtensionDefined = ( mw.loader.getState( moduleName ) 
!== null );
 
/**
-* Whether this tour has been initialized (guiders have been 
created)
+* Promise tracking when this tour is initialized (guiders have 
been created)
 *
-* @property {boolean}
+* @property {null|jQuery.Deferred}
 * @private
 */
-   this.isInitialized = false;
+   this.initialized = null;
}
 
// TODO: Change this to use before/after (T142267)
@@ -191,24 +191,20 @@
 * @return {jQuery.Promise} Promise that waits on all steps to 
initialize (or one to fail)
 */
Tour.prototype.initialize = function () {
-   var stepName, promises = [], tour = this,
+   var stepName, promises = [],
$body = $( document.body ),
interfaceDirection = $( 'html' ).attr( 'dir' ),
siteDirection = $body.hasClass( 'sitedir-ltr' ) ? 'ltr' 
: 'rtl';
 
-   if ( this.isInitialized ) {
-   return $.Deferred().resolve();
+   if ( !this.initialized ) {
+   this.flipRTL = this.getShouldFlipHorizontally( 
interfaceDirection, siteDirection );
+   for ( stepName in this.steps ) {
+   promises.push( this.steps[ stepName 
].initialize() );
+   }
+   this.initialized = $.when.apply( $, promises );
}
 
-   this.flipRTL = this.getShouldFlipHorizontally( 
interfaceDirection, siteDirection );
-
-   for ( stepName in this.steps ) {
-   promises.push( this.steps[stepName].initialize() );
-   }
-
-   return $.when.apply( $, promises ).then( function () {
-   tour.isInitialized = true;
-   } );
+   return this.initialized;
};
 
/**
diff --git a/tests/qunit/ext.guidedTour.lib.tests.js 
b/tests/qunit/ext.guidedTour.lib.tests.js
index ca65cf8..33c5e77 100644
--- a/tests/qunit/ext.guidedTour.lib.tests.js
+++ b/tests/qunit/ext.guidedTour.lib.tests.js
@@ -1462,13 +1462,13 @@
var checkTransitionSpy = this.spy( firstStep, 'checkTransition' 
),
actualTransitionEvent, expectedTransitionEvent;
 
+   validTour.showStep( firstStep );
+
+   expectedTransitionEvent = new gt.TransitionEvent();
+   expectedTransitionEvent.type = gt.TransitionEvent.BUILTIN;
+   expectedTransitionEvent.subtype = 
gt.TransitionEvent.TRANSITION_BEFORE_SHOW;
+
return validTour.initialize().then( function () {
-   validTour.showStep( firstStep );
-
-   expectedTransitionEvent = new gt.TransitionEvent();
-   expectedTransitionEvent.type = 
gt.TransitionEvent.BUILTIN;
-   expectedTransitionEvent.subtype = 
gt.TransitionEvent.TRANSITION_BEFORE_SHOW;
-
actualTransitionEvent = 
checkTransitionSpy.lastCall.args[ 0 ];
 
assert.deepEqual(

-- 
To view, visit https://gerrit.wikimedia.org/r/343779
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If56e392cbc2c5faaa550a85110c74001ccd20825
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/GuidedTour
Gerrit-Branch: master
Gerrit-Owner: Krinkle 
Gerrit-Reviewer: Jforrester 
Gerrit-Reviewer: Mattflaschen 
Gerrit-Reviewer: Phuedx 
Gerrit-Reviewer: Swalling 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Do not allow users to undelete a page they can't e...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346866 )

Change subject: SECURITY: Do not allow users to undelete a page they can't edit 
or create
..


SECURITY: Do not allow users to undelete a page they can't edit or create

If the page exists, it only checks edit rights, otherwise it
checks both edit and create rights.

This would only matter on wikis that have a non-default rights
configuration where there are users with undelete rights but a
restriction level enabled that prevents them from creating/editing
pages (or they otherwise aren't allowed to edit/create)

It should be noted that the error messages aren't used in the
normal UI currently, but they could be in the future, and
extensions could potentially be using them (The backend functions
return them, but the UI functions in Special:Undelete ignore
them)

Bug: T108138
Change-Id: I164b80534cf89e0afca264e9de07431484af8508
---
M RELEASE-NOTES-1.28
M includes/Title.php
M includes/api/ApiUndelete.php
M languages/i18n/en.json
M languages/i18n/qqq.json
5 files changed, 23 insertions(+), 5 deletions(-)

Approvals:
  Reedy: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 9fa4a36..49185c9 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -31,6 +31,8 @@
   in it's fallback chain when trying to work out where to write the cache.
 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
   syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is 
protected against
+  it.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/Title.php b/includes/Title.php
index 35cbb89..cd28000 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2307,6 +2307,17 @@
) {
$errors[] = [ 'delete-toobig', 
$wgLang->formatNum( $wgDeleteRevisionsLimit ) ];
}
+   } elseif ( $action === 'undelete' ) {
+   if ( count( $this->getUserPermissionsErrorsInternal( 
'edit', $user, $rigor, true ) ) ) {
+   // Undeleting implies editing
+   $errors[] = [ 'undelete-cantedit' ];
+   }
+   if ( !$this->exists()
+   && count( 
$this->getUserPermissionsErrorsInternal( 'create', $user, $rigor, true ) )
+   ) {
+   // Undeleting where nothing currently exists 
implies creating
+   $errors[] = [ 'undelete-cantcreate' ];
+   }
}
return $errors;
}
diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php
index e24f2ce..e201c4e 100644
--- a/includes/api/ApiUndelete.php
+++ b/includes/api/ApiUndelete.php
@@ -34,9 +34,6 @@
 
$params = $this->extractRequestParams();
$user = $this->getUser();
-   if ( !$user->isAllowed( 'undelete' ) ) {
-   $this->dieUsageMsg( 'permdenied-undelete' );
-   }
 
if ( $user->isBlocked() ) {
$this->dieBlocked( $user->getBlock() );
@@ -47,6 +44,10 @@
$this->dieUsageMsg( [ 'invalidtitle', $params['title'] 
] );
}
 
+   if ( !$titleObj->userCan( 'undelete', $user, 'secure' ) ) {
+   $this->dieUsageMsg( 'permdenied-undelete' );
+   }
+
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( 
$params['tags'], $user );
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 10bc89a..5db2082 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -4244,5 +4244,7 @@
"rawhtml-notallowed": "html tags cannot be used outside of 
normal pages.",
"gotointerwiki": "Leaving {{SITENAME}}",
"gotointerwiki-invalid": "The specified title was invalid.",
-   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1]."
+   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1].",
+   "undelete-cantedit": "You cannot undelete this page as you are not 
allowed to edit this page.",
+   "undelete-cantcreate": "You cannot undelete this page as there is no 
existing page with this name and you are not allowed to create this page."
 }
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 39e4603..a5da643 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -4428,5 +4428,7 @@

[MediaWiki-commits] [Gerrit] mediawiki...SpamBlacklist[master]: Simplify and fix EventLogging instrumentation

[Milimetric (Code Review)]

Milimetric has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346915 )

Change subject: Simplify and fix EventLogging instrumentation
..

Simplify and fix EventLogging instrumentation

The ExternalLinksChange schema has instrumentation in this extension.
The former instrumentation was trying to optimize for speed and never
worked properly.  I simplified the implementation in the hope of
starting a review process.  I am very new at mediawiki development and
so far I only used my intuition and the documentation on Manual:Hooks

Bug: T162365
Change-Id: I455b09fe2e77d3f6faccfdd3e2b4e7940344219e
---
M SpamBlacklistHooks.php
M SpamBlacklist_body.php
2 files changed, 67 insertions(+), 68 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/SpamBlacklist 
refs/changes/15/346915/1

diff --git a/SpamBlacklistHooks.php b/SpamBlacklistHooks.php
index eb0d5dd..352c3b2 100644
--- a/SpamBlacklistHooks.php
+++ b/SpamBlacklistHooks.php
@@ -189,7 +189,7 @@
) {
if ( $revision ) {
BaseBlacklist::getInstance( 'spam' )
-   ->doLogging( $user, $wikiPage->getTitle(), 
$revision->getId() );
+   ->doLogging( $user, $wikiPage->getTitle(), 
$revision->getId(), $content );
}
 
if ( !BaseBlacklist::isLocalSource( $wikiPage->getTitle() ) ) {
@@ -266,10 +266,10 @@
return;
}
 
-   // Log the changes, but we only commit them once the deletion 
has happened.
-   // We do that since the external links table could get cleared 
before the
-   // ArticleDeleteComplete hook runs
-   $spam->logUrlChanges( $spam->getCurrentLinks( 
$article->getTitle() ), [], [] );
+   // The external links table could get cleared before the 
deletion is complete,
+   // so stash the old links to log them in onArticleDeleteComplete
+   // NOTE: I would've done that in this class but I'm still 
unsure about style
+   $spam->stashOldLinks( $article->getTitle() );
}
 
/**
@@ -285,6 +285,9 @@
) {
/** @var SpamBlacklist $spam */
$spam = BaseBlacklist::getInstance( 'spam' );
-   $spam->doLogging( $user, $page->getTitle(), $page->getLatest() 
);
+   // passing null as content means the new version has no links
+   // otherwise since the page is just archived there would be no 
change
+   // NOTE: restoring the page will not log that new links are 
added
+   $spam->doLogging( $user, $page->getTitle(), $page->getLatest(), 
null );
}
 }
diff --git a/SpamBlacklist_body.php b/SpamBlacklist_body.php
index 5dc807d..65ab5bd 100644
--- a/SpamBlacklist_body.php
+++ b/SpamBlacklist_body.php
@@ -11,10 +11,10 @@
const STASH_AGE_DYING = 150;
 
/**
-* Changes to external links, for logging purposes
-* @var array[]
-*/
-   private $urlChangeLog = array();
+   * old links can be purged before logging, stash here and clear after 
using
+   * @var array[]
+   */
+   private $stashedOldLinks = array();
 
/**
 * Returns the code for the blacklist implementation
@@ -55,12 +55,6 @@
$statsd = 
MediaWikiServices::getInstance()->getStatsdDataFactory();
$cache = ObjectCache::getLocalClusterInstance();
 
-   // If there are no new links, and we are logging,
-   // mark all of the current links as being removed.
-   if ( !$links && $this->isLoggingEnabled() ) {
-   $this->logUrlChanges( $this->getCurrentLinks( $title ), 
[], [] );
-   }
-
if ( !$links ) {
return false;
}
@@ -95,25 +89,7 @@
if ( count( $blacklists ) ) {
// poor man's anti-spoof, see bug 12896
$newLinks = array_map( array( $this, 'antiSpoof' ), 
$links );
-
-   $oldLinks = array();
-   if ( $title !== null ) {
-   $oldLinks = $this->getCurrentLinks( $title );
-   $addedLinks = array_diff( $newLinks, $oldLinks 
);
-   } else {
-   // can't load old links, so treat all links as 
added.
-   $addedLinks = $newLinks;
-   }
-
-   wfDebugLog( 'SpamBlacklist', "Old URLs: " . implode( ', 
', $oldLinks ) );
wfDebugLog( 'SpamBlacklist', "New URLs: " . implode( ', 
', $newLinks ) );
-   wfDebugLog( 'SpamBlacklist', "Added URLs: " . implode( 
', ', $addedLinks ) );
-
-   if ( 

[MediaWiki-commits] [Gerrit] oojs/ui[master]: Follow-up eceb6f20: MediaWiki theme: Remove unused indicator...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346872 )

Change subject: Follow-up eceb6f20: MediaWiki theme: Remove unused indicator 
flags
..


Follow-up eceb6f20: MediaWiki theme: Remove unused indicator flags

We only use the 'invert' flag for indicators, so this removes all the
other flags.

Change-Id: I47efe6587d88040c33f240106f00dff763730af7
---
M src/themes/mediawiki/indicators.json
1 file changed, 0 insertions(+), 12 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/src/themes/mediawiki/indicators.json 
b/src/themes/mediawiki/indicators.json
index df32417..1b99365 100644
--- a/src/themes/mediawiki/indicators.json
+++ b/src/themes/mediawiki/indicators.json
@@ -6,18 +6,6 @@
"invert": {
"color": "#fff",
"global": true
-   },
-   "progressive": {
-   "color": "#36c"
-   },
-   "constructive": {
-   "color": "#36c"
-   },
-   "destructive": {
-   "color": "#d33"
-   },
-   "warning": {
-   "color": "#ff5d00"
}
},
"images": {

-- 
To view, visit https://gerrit.wikimedia.org/r/346872
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I47efe6587d88040c33f240106f00dff763730af7
Gerrit-PatchSet: 2
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: VolkerE 
Gerrit-Reviewer: Jforrester 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: lxc: remove precise support

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/345558 )

Change subject: lxc: remove precise support
..


lxc: remove precise support

Remove support for Ubuntu precise, not used anymore.

Change-Id: I6ea88a2731102cff3d03877017a3fc974b6cacc2
---
M modules/lxc/manifests/init.pp
1 file changed, 1 insertion(+), 3 deletions(-)

Approvals:
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/lxc/manifests/init.pp b/modules/lxc/manifests/init.pp
index 36aabd7..38f4aaa 100644
--- a/modules/lxc/manifests/init.pp
+++ b/modules/lxc/manifests/init.pp
@@ -9,8 +9,6 @@
 class lxc(
 $container_root = '/srv/lxc',
 ) {
-requires_os('Ubuntu >= Trusty || Debian >= Jessie')
-
 package { [
 'bridge-utils',
 'dnsmasq-base',
@@ -50,7 +48,7 @@
   require => Apt::Pin[$backports],
 }
 
-if os_version('Debian >= Jessie') {
+if os_version('debian >= jessie') {
 file { '/etc/default/lxc-net':
 ensure  => 'present',
 owner   => 'root',

-- 
To view, visit https://gerrit.wikimedia.org/r/345558
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I6ea88a2731102cff3d03877017a3fc974b6cacc2
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = t...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346849 )

Change subject: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;
..


SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;

In the non-default configuration where $wgAdvancedSearchHighlighting
is set to true, there is an XSS vulnerability as HTML tags are
not properly escaped if the tag spans multiple search results

Issue introduced in abf726ea0 (MediaWiki 1.13 and above).

Bug: T144845
Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
---
M RELEASE-NOTES-1.27
M includes/search/SearchHighlighter.php
2 files changed, 10 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 3df89e0..3d4dfd3 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -25,6 +25,8 @@
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 
installed.
 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 
redirect
   to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+  $wgAdvancedSearchHighlighting is true.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/includes/search/SearchHighlighter.php 
b/includes/search/SearchHighlighter.php
index 2bd1955..dfe2e32 100644
--- a/includes/search/SearchHighlighter.php
+++ b/includes/search/SearchHighlighter.php
@@ -29,6 +29,10 @@
 class SearchHighlighter {
protected $mCleanWikitext = true;
 
+   /**
+* @warning If you pass false to this constructor, then
+*  the caller is responsible for HTML escaping.
+*/
function __construct( $cleanupWikitext = true ) {
$this->mCleanWikitext = $cleanupWikitext;
}
@@ -456,6 +460,10 @@
$text = preg_replace( "/('''|<\/?[iIuUbB]>)/", "", $text );
$text = preg_replace( "/''/", "", $text );
 
+   // Note, the previous /<\/?[^>]+>/ is insufficient
+   // for XSS safety as the HTML tag can span multiple
+   // search results (T144845).
+   $text = Sanitizer::escapeHtmlAllowEntities( $text );
return $text;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346849
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: DCausse 
Gerrit-Reviewer: Smalyshev 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...SyntaxHighlight_GeSHi[REL1_27]: SECURITY: Escape start argument before passing to pygments

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346871 )

Change subject: SECURITY: Escape start argument before passing to pygments
..


SECURITY: Escape start argument before passing to pygments

Issue identified by Yorick Koster

Bug: T158689
Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
---
M SyntaxHighlight_GeSHi.class.php
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php
index 5381351..c722c1a 100644
--- a/SyntaxHighlight_GeSHi.class.php
+++ b/SyntaxHighlight_GeSHi.class.php
@@ -263,8 +263,8 @@
}
 
// Starting line number
-   if ( isset( $args['start'] ) ) {
-   $options['linenostart'] = $args['start'];
+   if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) 
{
+   $options['linenostart'] = (int)$args['start'];
}
 
if ( $inline ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/346871
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/SyntaxHighlight_GeSHi
Gerrit-Branch: REL1_27
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...SyntaxHighlight_GeSHi[REL1_28]: SECURITY: Escape start argument before passing to pygments

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346870 )

Change subject: SECURITY: Escape start argument before passing to pygments
..


SECURITY: Escape start argument before passing to pygments

Issue identified by Yorick Koster

Bug: T158689
Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
---
M SyntaxHighlight_GeSHi.class.php
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php
index 8d52a93..aa8caba 100644
--- a/SyntaxHighlight_GeSHi.class.php
+++ b/SyntaxHighlight_GeSHi.class.php
@@ -263,8 +263,8 @@
}
 
// Starting line number
-   if ( isset( $args['start'] ) ) {
-   $options['linenostart'] = $args['start'];
+   if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) 
{
+   $options['linenostart'] = (int)$args['start'];
}
 
if ( $inline ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/346870
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/SyntaxHighlight_GeSHi
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Add .rej files to .gitignore

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346914 )

Change subject: Add .rej files to .gitignore
..

Add .rej files to .gitignore

Change-Id: Ie4f470f5f0528308871b78c7c823851b0a45e8eb
---
M .gitignore
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/14/346914/1

diff --git a/.gitignore b/.gitignore
index b2c4d45..a82ae21 100644
--- a/.gitignore
+++ b/.gitignore
@@ -72,3 +72,4 @@
 /.htaccess
 /.htpasswd
 /tests/phan/issues
+*.rej

-- 
To view, visit https://gerrit.wikimedia.org/r/346914
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie4f470f5f0528308871b78c7c823851b0a45e8eb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] maps...deploy[master]: Update tilerator to 817392e

[MaxSem (Code Review)]

MaxSem has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346913 )

Change subject: Update tilerator to 817392e
..


Update tilerator to 817392e

List of changes:
6ce2792 Tilerator UI: don't call it "Wikimedia maps beta" in page title
d01c42c Fix click handling after Leaflet upgrade
25f5fa0 Antiquated Node versions aren't supposed to work

Change-Id: I7fa55f18b5ecef90ee703a62fe91ef6395e79314
---
M src
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  MaxSem: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/src b/src
index 1ca1fa3..817392e 16
--- a/src
+++ b/src
@@ -1 +1 @@
-Subproject commit 1ca1fa3f5b35629b60976a7ab0a625d14643797a
+Subproject commit 817392efd0280ebea33db1467ab59ce59161c3b0

-- 
To view, visit https://gerrit.wikimedia.org/r/346913
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7fa55f18b5ecef90ee703a62fe91ef6395e79314
Gerrit-PatchSet: 1
Gerrit-Project: maps/tilerator/deploy
Gerrit-Branch: master
Gerrit-Owner: MaxSem 
Gerrit-Reviewer: MaxSem 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...SyntaxHighlight_GeSHi[master]: SECURITY: Escape start argument before passing to pygments

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346868 )

Change subject: SECURITY: Escape start argument before passing to pygments
..


SECURITY: Escape start argument before passing to pygments

Issue identified by Yorick Koster

Bug: T158689
Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
---
M SyntaxHighlight_GeSHi.class.php
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/SyntaxHighlight_GeSHi.class.php b/SyntaxHighlight_GeSHi.class.php
index 31299b0..855375a 100644
--- a/SyntaxHighlight_GeSHi.class.php
+++ b/SyntaxHighlight_GeSHi.class.php
@@ -267,8 +267,8 @@
}
 
// Starting line number
-   if ( isset( $args['start'] ) ) {
-   $options['linenostart'] = $args['start'];
+   if ( isset( $args['start'] ) && ctype_digit( $args['start'] ) ) 
{
+   $options['linenostart'] = (int)$args['start'];
}
 
if ( $inline ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/346868
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib55f7a38edbdd39c9587794d250e22d3b26950be
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/SyntaxHighlight_GeSHi
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] maps...deploy[master]: Update tilerator to 817392e

[MaxSem (Code Review)]

MaxSem has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346913 )

Change subject: Update tilerator to 817392e
..

Update tilerator to 817392e

List of changes:
6ce2792 Tilerator UI: don't call it "Wikimedia maps beta" in page title
d01c42c Fix click handling after Leaflet upgrade
25f5fa0 Antiquated Node versions aren't supposed to work

Change-Id: I7fa55f18b5ecef90ee703a62fe91ef6395e79314
---
M src
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/maps/tilerator/deploy 
refs/changes/13/346913/1

diff --git a/src b/src
index 1ca1fa3..817392e 16
--- a/src
+++ b/src
@@ -1 +1 @@
-Subproject commit 1ca1fa3f5b35629b60976a7ab0a625d14643797a
+Subproject commit 817392efd0280ebea33db1467ab59ce59161c3b0

-- 
To view, visit https://gerrit.wikimedia.org/r/346913
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7fa55f18b5ecef90ee703a62fe91ef6395e79314
Gerrit-PatchSet: 1
Gerrit-Project: maps/tilerator/deploy
Gerrit-Branch: master
Gerrit-Owner: MaxSem 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Standardize on lowercase os_version/require_os

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/345561 )

Change subject: Standardize on lowercase os_version/require_os
..


Standardize on lowercase os_version/require_os

Lowercase (e.g. "debian >= jessie") arguments to os_version/require_os
are the norm, but there are a few exceptions. These are annoying in
greps and such. Convert everything to lowercase to be harmonious across
the tree.

Change-Id: I125315f2ef75fc894924acb101d50ae89051744b
---
M modules/apache/manifests/mod_conf.pp
M modules/contint/manifests/package_builder.pp
M modules/etcd/manifests/init.pp
M modules/hhvm/manifests/debug.pp
M modules/labstore/manifests/fileserver/secondary.pp
M modules/osm/manifests/init.pp
M modules/osm/manifests/planet_sync.pp
M modules/puppetmaster/manifests/init.pp
M modules/puppetmaster/manifests/passenger.pp
M modules/puppetmaster/manifests/puppetdb.pp
M modules/puppetmaster/manifests/puppetdb/client.pp
M modules/role/manifests/ci/slave/android.pp
M modules/role/manifests/lvs/balancer.pp
M modules/striker/manifests/build.pp
M modules/striker/manifests/uwsgi.pp
M modules/wmflib/README.md
M modules/wmflib/lib/puppet/parser/functions/os_version.rb
M modules/wmflib/lib/puppet/parser/functions/requires_os.rb
18 files changed, 28 insertions(+), 28 deletions(-)

Approvals:
  Hashar: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/apache/manifests/mod_conf.pp 
b/modules/apache/manifests/mod_conf.pp
index 74fe2f3..e9ab28e 100644
--- a/modules/apache/manifests/mod_conf.pp
+++ b/modules/apache/manifests/mod_conf.pp
@@ -26,7 +26,7 @@
 
 include ::apache
 
-$flags = os_version('Debian >= jessie') ? {
+$flags = os_version('debian >= jessie') ? {
 true=> '-f',
 default => '',
 }
diff --git a/modules/contint/manifests/package_builder.pp 
b/modules/contint/manifests/package_builder.pp
index fc0de36..1ef005b 100644
--- a/modules/contint/manifests/package_builder.pp
+++ b/modules/contint/manifests/package_builder.pp
@@ -5,7 +5,7 @@
 class contint::package_builder {
 
 # We dont want package builder all over the place. Safeguard.
-requires_os('Debian == jessie')
+requires_os('debian == jessie')
 
 # Shell script wrappers to ease package building
 # Package generated via the mirror operations/debs/jenkins-debian-glue.git
diff --git a/modules/etcd/manifests/init.pp b/modules/etcd/manifests/init.pp
index bff6260..d01e757 100644
--- a/modules/etcd/manifests/init.pp
+++ b/modules/etcd/manifests/init.pp
@@ -51,7 +51,7 @@
 $use_client_certs = false,
 ) {
 # This module is jessie only for now
-requires_os('Debian >= jessie')
+requires_os('debian >= jessie')
 
 # Validation of parameters
 if ($use_client_certs and ! $use_ssl) {
diff --git a/modules/hhvm/manifests/debug.pp b/modules/hhvm/manifests/debug.pp
index d1f8078..59c1c6e 100644
--- a/modules/hhvm/manifests/debug.pp
+++ b/modules/hhvm/manifests/debug.pp
@@ -6,7 +6,7 @@
 
 ## Debugging symbols
 
-$libboost_dbg_package = os_version('Debian >= jessie') ? {
+$libboost_dbg_package = os_version('debian >= jessie') ? {
 true=> 'libboost1.55-dbg',
 default => 'libboost1.54-dbg',
 }
@@ -42,7 +42,7 @@
 # - apache2-utils provides `ab`, an HTTP server benchmarking tool.
 # - perf-tools is .
 
-$perftools_package = os_version('Debian >= jessie') ? {
+$perftools_package = os_version('debian >= jessie') ? {
 true=> 'perf-tools-unstable',
 default => 'perf-tools',
 }
@@ -105,7 +105,7 @@
 
 ## Misc
 
-if os_version('Ubuntu == trusty') {
+if os_version('ubuntu == trusty') {
 # Backported fix for pretty-printer bundled with libstdc++6-4.8-dbg.
 # See  and
 # .
diff --git a/modules/labstore/manifests/fileserver/secondary.pp 
b/modules/labstore/manifests/fileserver/secondary.pp
index a9118c6..bdcdefb 100644
--- a/modules/labstore/manifests/fileserver/secondary.pp
+++ b/modules/labstore/manifests/fileserver/secondary.pp
@@ -1,6 +1,6 @@
 class labstore::fileserver::secondary {
 
-requires_os('Debian >= jessie')
+requires_os('debian >= jessie')
 
 include ::labstore
 
diff --git a/modules/osm/manifests/init.pp b/modules/osm/manifests/init.pp
index 14b59f0..30c7f12 100644
--- a/modules/osm/manifests/init.pp
+++ b/modules/osm/manifests/init.pp
@@ -4,7 +4,7 @@
 
 # osm2pgsql 0.90 is only available on jessie at the moment
 # there is no need for 0.90 on labs machines (precise)
-if os_version('Debian == Jessie') {
+if os_version('debian == jessie') {
 apt::pin { 'osm2pgsql':
 pin  => 'release a=jessie-backports',
   

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Always normalize link url before adding to ParserO...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346865 )

Change subject: SECURITY: Always normalize link url before adding to 
ParserOutput
..


SECURITY: Always normalize link url before adding to ParserOutput

Move link normalization directly into addExternalLink() method,
since you always need to do it - having it separate is just
inviting people to forget to normalize a link.

Additionally, links weren't properly registered for .
This was somewhat unnoticed, as the call to recursiveTagParse()
would register free links, but it wouldn't work for example with
protocol relative links.

Issue originally reported by MZMcBride.

Bug: T48143
Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
---
M RELEASE-NOTES-1.28
M includes/parser/Parser.php
M includes/parser/ParserOutput.php
3 files changed, 10 insertions(+), 7 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 829db62..9fa4a36 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -29,6 +29,8 @@
   declaration.
 * (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
   in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
+  syntax's link parameter.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index e96bea9..5ad5af0 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -1574,9 +1574,7 @@
true, 'free',
$this->getExternalLinkAttribs( $url ), 
$this->mTitle );
# Register it in the output object...
-   # Replace unnecessary URL escape codes with their 
equivalent characters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
return $text . $trail;
}
@@ -1872,10 +1870,7 @@
$this->getExternalLinkAttribs( $url ), 
$this->mTitle ) . $dtrail . $trail;
 
# Register link in the output object.
-   # Replace unnecessary URL escape codes with the 
referenced character
-   # This prevents spammers from hiding links from the 
filters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
 
return $s;
@@ -5036,9 +5031,11 @@
// check to see if link 
matches an absolute url, if not then it must be a wiki link.
if ( preg_match( 
"/^($prots)$addr$chars*$/u", $linkValue ) ) {
$link = 
$linkValue;
+   
$this->mOutput->addExternalLink( $link );
} else {
$localLinkTitle 
= Title::newFromText( $linkValue );
if ( 
$localLinkTitle !== null ) {
+   
$this->mOutput->addLink( $localLinkTitle );
$link = 
$localLinkTitle->getLinkURL();
}
}
diff --git a/includes/parser/ParserOutput.php b/includes/parser/ParserOutput.php
index d2ef5e3..c10449e 100644
--- a/includes/parser/ParserOutput.php
+++ b/includes/parser/ParserOutput.php
@@ -528,6 +528,10 @@
# We don't register links pointing to our own server, unless... 
:-)
global $wgServer, $wgRegisterInternalExternals;
 
+   # Replace unnecessary URL escape codes with the referenced 
character
+   # This prevents spammers from hiding links from the filters
+   $url = parser::normalizeLinkUrl( $url );
+
$registerExternalLink = true;
if ( !$wgRegisterInternalExternals ) {
$registerExternalLink = !self::isLinkInternal( 
$wgServer, $url );

-- 
To view, visit https://gerrit.wikimedia.org/r/346865
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
Gerrit-PatchSet: 1

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Don't write LocalisationCache to temporary directory

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346864 )

Change subject: SECURITY: Don't write LocalisationCache to temporary directory
..


SECURITY: Don't write LocalisationCache to temporary directory

Bug: T161453
Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
---
M RELEASE-NOTES-1.28
M includes/cache/localisation/LocalisationCache.php
2 files changed, 8 insertions(+), 8 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 3b53e19..829db62 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -27,6 +27,8 @@
 * (T156184) SECURITY: Escape content model/format url parameter in message.
 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
   declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
+  in it's fallback chain when trying to work out where to write the cache.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/cache/localisation/LocalisationCache.php 
b/includes/cache/localisation/LocalisationCache.php
index 4970a2b..629eccc 100644
--- a/includes/cache/localisation/LocalisationCache.php
+++ b/includes/cache/localisation/LocalisationCache.php
@@ -212,19 +212,17 @@
case 'detect':
if ( !empty( $conf['storeDirectory'] ) 
) {
$storeClass = 'LCStoreCDB';
+   } elseif ( $wgCacheDirectory ) {
+   $storeConf['directory'] = 
$wgCacheDirectory;
+   $storeClass = 'LCStoreCDB';
} else {
-   $cacheDir = $wgCacheDirectory 
?: wfTempDir();
-   if ( $cacheDir ) {
-   $storeConf['directory'] 
= $cacheDir;
-   $storeClass = 
'LCStoreCDB';
-   } else {
-   $storeClass = 
'LCStoreDB';
-   }
+   $storeClass = 'LCStoreDB';
}
break;
default:
throw new MWException(
-   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.' );
+   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.'
+   );
}
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346864
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Aaron Schulz 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Whitelist DTD declaration in SVG

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346863 )

Change subject: SECURITY: Whitelist DTD declaration in SVG
..


SECURITY: Whitelist DTD declaration in SVG

Only allow ENTITY declarations inside the doctype internal
subset. Do not allow parameter entities, recursive entity
references are entity values longer than 255 bytes, or
external entity references. Filter external doctype subset
to only allow the standard svg doctypes.

This prevents someone bypassing filter by using default
attribute values in internal dtd subset. No browser loads
the external dtd subset that I could find, but whitelist
just to be safe anyways.

Issue reported by Cassiogomes11.

Bug: T151735
Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
---
M RELEASE-NOTES-1.28
M includes/libs/mime/XmlTypeCheck.php
M includes/upload/UploadBase.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/upload/UploadBaseTest.php
6 files changed, 321 insertions(+), 8 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index f384703..3b53e19 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -25,6 +25,8 @@
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
 * (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+  declaration.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/libs/mime/XmlTypeCheck.php 
b/includes/libs/mime/XmlTypeCheck.php
index f057140..7659dfd 100644
--- a/includes/libs/mime/XmlTypeCheck.php
+++ b/includes/libs/mime/XmlTypeCheck.php
@@ -73,19 +73,36 @@
 */
private $parserOptions = [
'processing_instruction_handler' => '',
+   'external_dtd_handler' => '',
+   'dtd_handler' => '',
+   'require_safe_dtd' => true
];
 
/**
+* Allow filtering an XML file.
+*
+* Filters should return either true or a string to indicate something
+* is wrong with the file. $this->filterMatch will store if the
+* file failed validation (true = failed validation).
+* $this->filterMatchType will contain the validation error.
+* $this->wellFormed will contain whether the xml file is well-formed.
+*
+* @note If multiple filters are hit, only one of them will have the
+*  result stored in $this->filterMatchType.
+*
 * @param string $input a filename or string containing the XML element
 * @param callable $filterCallback (optional)
 *Function to call to do additional custom validity checks from 
the
 *SAX element handler event. This gives you access to the 
element
 *namespace, name, attributes, and text contents.
-*Filter should return 'true' to toggle on $this->filterMatch
+*Filter should return a truthy value describing the error.
 * @param bool $isFile (optional) indicates if the first parameter is a
 *filename (default, true) or if it is a string (false)
 * @param array $options list of additional parsing options:
 *processing_instruction_handler: Callback for 
xml_set_processing_instruction_handler
+*external_dtd_handler: Callback for the url of external dtd 
subset
+*dtd_handler: Callback given the full text of the filterCallback = $filterCallback;
@@ -187,6 +204,9 @@
if ( $reader->nodeType === XMLReader::PI ) {
$this->processingInstructionHandler( 
$reader->name, $reader->value );
}
+   if ( $reader->nodeType === XMLReader::DOC_TYPE ) {
+   $this->DTDHandler( $reader );
+   }
} while ( $reader->nodeType != XMLReader::ELEMENT );
 
// Process the rest of the document
@@ -235,8 +255,13 @@
$reader->value
);
break;
+   case XMLReader::DOC_TYPE:
+   // We should never see a doctype after 
first
+   // element.
+   $this->wellFormed = false;
+   break;
default:
-   // One of DOC, DOC_TYPE, ENTITY, 
END_ENTITY,
+   // One of DOC, ENTITY, END_ENTITY,
// NOTATION, or XML_DECLARATION
// 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Gerrit: Add log4j.logger.org.apache.sshd.common.keyprovider....

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/345583 )

Change subject: Gerrit: Add 
log4j.logger.org.apache.sshd.common.keyprovider.FileKeyPairProvider=INFO to 
log4j
..


Gerrit: Add 
log4j.logger.org.apache.sshd.common.keyprovider.FileKeyPairProvider=INFO to 
log4j

The class was renamed upstream in sshd. sshd was recently updated in gerrit. So 
when we upgrade we need this new class.

This is a preparation change.

This replaces 
log4j.logger.org.apache.sshd.common.keyprovider.AbstractFileKeyPairProvider=INFO
 but that will not be removed until we upgrade to gerrit 2.14.

I did this change also upstream in 
https://gerrit-review.googlesource.com/#/c/101241/

Change-Id: Ia102c8ca47f7876569aab107c2b68e2ea70b479f
---
M modules/gerrit/templates/log4j.properties.erb
1 file changed, 3 insertions(+), 0 deletions(-)

Approvals:
  Hashar: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/gerrit/templates/log4j.properties.erb 
b/modules/gerrit/templates/log4j.properties.erb
index 8fdff5e..429bba2 100644
--- a/modules/gerrit/templates/log4j.properties.erb
+++ b/modules/gerrit/templates/log4j.properties.erb
@@ -69,7 +69,10 @@
 log4j.logger.org.apache.mina=WARN
 log4j.logger.org.apache.sshd.common=WARN
 log4j.logger.org.apache.sshd.server=WARN
+# To be removed when we upgrade to gerrit 2.14.
 
log4j.logger.org.apache.sshd.common.keyprovider.AbstractFileKeyPairProvider=INFO
+# Replaces the above
+log4j.logger.org.apache.sshd.common.keyprovider.FileKeyPairProvider=INFO
 log4j.logger.com.google.gerrit.sshd.GerritServerSession=WARN
 
 # Silence non-critical messages from mime-util.

-- 
To view, visit https://gerrit.wikimedia.org/r/345583
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia102c8ca47f7876569aab107c2b68e2ea70b479f
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Paladox 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Hashar 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Escape wikitext content model/format in message

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346862 )

Change subject: SECURITY: Escape wikitext content model/format in message
..


SECURITY: Escape wikitext content model/format in message

Escape wikitext in model= and format= url parameter to
edit page. This goes along with 1c788944 to help prevent
XSS for wikis with $wgRawHtml = true; set.

Bug: T156184
Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
---
M RELEASE-NOTES-1.28
M includes/EditPage.php
2 files changed, 6 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 7811588..f384703 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -24,6 +24,7 @@
   their values out of the logs.
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/EditPage.php b/includes/EditPage.php
index a9d1c48..a563b27 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1015,7 +1015,7 @@
throw new ErrorPageError(
'editpage-invalidcontentmodel-title',
'editpage-invalidcontentmodel-text',
-   [ $this->contentModel ]
+   [ wfEscapeWikiText( $this->contentModel ) ]
);
}
 
@@ -1023,7 +1023,10 @@
throw new ErrorPageError(
'editpage-notsupportedcontentformat-title',
'editpage-notsupportedcontentformat-text',
-   [ $this->contentFormat, 
ContentHandler::getLocalizedName( $this->contentModel ) ]
+   [
+   wfEscapeWikiText( $this->contentFormat 
),
+   wfEscapeWikiText( 
ContentHandler::getLocalizedName( $this->contentModel ) )
+   ]
);
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346862
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Jackmcbarn 
Gerrit-Reviewer: Tpt 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: API: Don't log "sensitive" parameters

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346860 )

Change subject: SECURITY: API: Don't log "sensitive" parameters
..


SECURITY: API: Don't log "sensitive" parameters

Stuff like passwords and CSRF tokens shouldn't be in the logs.

The fact of being sensitive is intentionally separated from the need to
be in the POST body because, for example, the wltoken parameter to
ApiQueryWatchlist needs to be in the query string to serve its purpose
but still shouldn't be logged.

Bug: T125177
Change-Id: I1d61f4dcf792d77401ee2e2988b1afcb2a2ad58f
---
M RELEASE-NOTES-1.28
M includes/api/ApiAuthManagerHelper.php
M includes/api/ApiBase.php
M includes/api/ApiCheckToken.php
M includes/api/ApiLogin.php
M includes/api/ApiMain.php
M includes/api/ApiQueryWatchlist.php
M includes/api/ApiQueryWatchlistRaw.php
8 files changed, 47 insertions(+), 3 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 0913a74..c643761 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -20,6 +20,8 @@
   to interwiki links.
 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
   $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
 
 == MediaWiki 1.28 ==
 
@@ -210,6 +212,8 @@
   these hooks by passing an array for $hookData to ApiQueryBase::select() and
   by calling ApiQueryBase->processRow() before adding a row's data to the
   result.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
 
 === Languages updated in 1.28 ===
 
diff --git a/includes/api/ApiAuthManagerHelper.php 
b/includes/api/ApiAuthManagerHelper.php
index 1a42ccc..32910d1 100644
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -173,6 +173,7 @@
$this->module->getMain()->markParamsUsed( array_keys( $data ) );
 
if ( $sensitive ) {
+   $this->module->getMain()->markParamsSensitive( 
array_keys( $sensitive ) );
try {
$this->module->requirePostedParameters( 
array_keys( $sensitive ), 'noprefix' );
} catch ( UsageException $ex ) {
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 506ff73..6dfd425 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -171,6 +171,13 @@
 */
const PARAM_SUBMODULE_PARAM_PREFIX = 16;
 
+   /**
+* (boolean) Is the parameter sensitive? Note 'password'-type fields are
+* always sensitive regardless of the value of this field.
+* @since 1.28
+*/
+   const PARAM_SENSITIVE = 17;
+
/**@}*/
 
/** Fast query, standard limit. */
@@ -947,6 +954,10 @@
} else {
$type = 'NULL'; // allow everything
}
+   }
+
+   if ( $type == 'password' || !empty( 
$paramSettings[self::PARAM_SENSITIVE] ) ) {
+   $this->getMain()->markParamsSensitive( 
$encParamName );
}
}
 
@@ -2366,6 +2377,7 @@
$params['token'] = [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [
'api-help-param-token',
$this->needsToken(),
diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php
index 3d2159c..2736ff4 100644
--- a/includes/api/ApiCheckToken.php
+++ b/includes/api/ApiCheckToken.php
@@ -66,6 +66,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
],
'maxtokenage' => [
ApiBase::PARAM_TYPE => 'integer',
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index 6ac261d..c4060c5 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -256,6 +256,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => false, // for BC
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [ 
'api-help-param-token', 'login' ],
],
 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: SpecialWatchlist: Check CSRF token when using "Mar...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346861 )

Change subject: SECURITY: SpecialWatchlist: Check CSRF token when using "Mark 
all pages visited"
..


SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"

Bug: T150044
Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
---
M RELEASE-NOTES-1.28
M includes/specials/SpecialWatchlist.php
2 files changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index c643761..7811588 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -22,6 +22,8 @@
   $wgAdvancedSearchHighlighting is true.
 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
   their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
+  token.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/specials/SpecialWatchlist.php 
b/includes/specials/SpecialWatchlist.php
index 4824961..3629fd8 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -78,6 +78,7 @@
if ( ( $config->get( 'EnotifWatchlist' ) || $config->get( 
'ShowUpdatedMarker' ) )
&& $request->getVal( 'reset' )
&& $request->wasPosted()
+   && $user->matchEditToken( $request->getVal( 'token' ) )
) {
$user->clearAllNotifications();
$output->redirect( $this->getPageTitle()->getFullURL( 
$opts->getChangedValues() ) );
@@ -609,6 +610,7 @@
'action' => 
$this->getPageTitle()->getLocalURL(),
'id' => 'mw-watchlist-resetbutton' ] ) . "\n" .
Xml::submitButton( $this->msg( 'enotif_reset' 
)->text(), [ 'name' => 'dummy' ] ) . "\n" .
+   Html::hidden( 'token', $user->getEditToken() ) . "\n" .
Html::hidden( 'reset', 'all' ) . "\n";
foreach ( $nondefaults as $key => $value ) {
$form .= Html::hidden( $key, $value ) . "\n";

-- 
To view, visit https://gerrit.wikimedia.org/r/346861
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Bartosz Dziewoński 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Florianschmidtwelzow 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = t...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346859 )

Change subject: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;
..


SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;

In the non-default configuration where $wgAdvancedSearchHighlighting
is set to true, there is an XSS vulnerability as HTML tags are
not properly escaped if the tag spans multiple search results

Issue introduced in abf726ea0 (MediaWiki 1.13 and above).

Bug: T144845
Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
---
M RELEASE-NOTES-1.28
M includes/search/SearchHighlighter.php
2 files changed, 10 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 3cdaebf..0913a74 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -18,6 +18,8 @@
 * (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 
installs.
 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 
redirect
   to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+  $wgAdvancedSearchHighlighting is true.
 
 == MediaWiki 1.28 ==
 
diff --git a/includes/search/SearchHighlighter.php 
b/includes/search/SearchHighlighter.php
index dd41a6e..79c401d 100644
--- a/includes/search/SearchHighlighter.php
+++ b/includes/search/SearchHighlighter.php
@@ -29,6 +29,10 @@
 class SearchHighlighter {
protected $mCleanWikitext = true;
 
+   /**
+* @warning If you pass false to this constructor, then
+*  the caller is responsible for HTML escaping.
+*/
function __construct( $cleanupWikitext = true ) {
$this->mCleanWikitext = $cleanupWikitext;
}
@@ -456,6 +460,10 @@
$text = preg_replace( "/('''|<\/?[iIuUbB]>)/", "", $text );
$text = preg_replace( "/''/", "", $text );
 
+   // Note, the previous /<\/?[^>]+>/ is insufficient
+   // for XSS safety as the HTML tag can span multiple
+   // search results (T144845).
+   $text = Sanitizer::escapeHtmlAllowEntities( $text );
return $text;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346859
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_28
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: DCausse 
Gerrit-Reviewer: Smalyshev 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_28]: SECURITY: Do not directly redirect to interwikis, but use sp...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346858 )

Change subject: SECURITY: Do not directly redirect to interwikis, but use 
splash page
..


SECURITY: Do not directly redirect to interwikis, but use splash page

Directly redirecting based on a url paramter might potentially
be used in a phishing attack to confuse users.

Bug: T109140
Bug: T122209
Change-Id: I6c604439320fa876719933cc7f3a3ff04fb1a6ad
---
M RELEASE-NOTES-1.28
M autoload.php
M includes/OutputPage.php
M includes/Title.php
M includes/specialpage/RedirectSpecialPage.php
M includes/specialpage/SpecialPageFactory.php
M includes/specials/SpecialChangeCredentials.php
M includes/specials/SpecialChangeEmail.php
A includes/specials/SpecialGoToInterwiki.php
M includes/specials/SpecialPageLanguage.php
M includes/specials/SpecialPreferences.php
M includes/specials/SpecialSearch.php
M includes/specials/helpers/LoginHelper.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M languages/messages/MessagesEn.php
16 files changed, 129 insertions(+), 10 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.28 b/RELEASE-NOTES-1.28
index 7354b5d..3cdaebf 100644
--- a/RELEASE-NOTES-1.28
+++ b/RELEASE-NOTES-1.28
@@ -16,6 +16,8 @@
 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 
installed.
 * (T154872) Fix incorrect ar_usertext_timestamp index names in new 1.28 
installs.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 
redirect
+  to interwiki links.
 
 == MediaWiki 1.28 ==
 
diff --git a/autoload.php b/autoload.php
index 9171494..de4be7e 100644
--- a/autoload.php
+++ b/autoload.php
@@ -1320,6 +1320,7 @@
'SpecialExpandTemplates' => __DIR__ . 
'/includes/specials/SpecialExpandTemplates.php',
'SpecialExport' => __DIR__ . '/includes/specials/SpecialExport.php',
'SpecialFilepath' => __DIR__ . '/includes/specials/SpecialFilepath.php',
+   'SpecialGoToInterwiki' => __DIR__ . 
'/includes/specials/SpecialGoToInterwiki.php',
'SpecialImport' => __DIR__ . '/includes/specials/SpecialImport.php',
'SpecialJavaScriptTest' => __DIR__ . 
'/includes/specials/SpecialJavaScriptTest.php',
'SpecialLinkAccounts' => __DIR__ . 
'/includes/specials/SpecialLinkAccounts.php',
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 40de17d..ab94adb 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2657,7 +2657,9 @@
} else {
$titleObj = Title::newFromText( $returnto );
}
-   if ( !is_object( $titleObj ) ) {
+   // We don't want people to return to external interwiki. That
+   // might potentially be used as part of a phishing scheme
+   if ( !is_object( $titleObj ) || $titleObj->isExternal() ) {
$titleObj = Title::newMainPage();
}
 
diff --git a/includes/Title.php b/includes/Title.php
index 213572b..35cbb89 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1688,6 +1688,33 @@
}
 
/**
+* Get a url appropriate for making redirects based on an untrusted url 
arg
+*
+* This is basically the same as getFullUrl(), but in the case of 
external
+* interwikis, we send the user to a landing page, to prevent possible
+* phishing attacks and the like.
+*
+* @note Uses current protocol by default, since technically relative 
urls
+*   aren't allowed in redirects per HTTP spec, so this is not suitable 
for
+*   places where the url gets cached, as might pollute between
+*   https and non-https users.
+* @see self::getLocalURL for the arguments.
+* @param array|string $query
+* @param string $proto Protocol type to use in URL
+* @return String. A url suitable to use in an HTTP location header.
+*/
+   public function getFullUrlForRedirect( $query = '', $proto = 
PROTO_CURRENT ) {
+   $target = $this;
+   if ( $this->isExternal() ) {
+   $target = SpecialPage::getTitleFor(
+   'GoToInterwiki',
+   $this->getPrefixedDBKey()
+   );
+   }
+   return $target->getFullUrl( $query, false, $proto );
+   }
+
+   /**
 * Get a URL with no fragment or server name (relative URL) from a 
Title object.
 * If this page is generated with action=render, however,
 * $wgServer is prepended to make an absolute URL.
diff --git a/includes/specialpage/RedirectSpecialPage.php 
b/includes/specialpage/RedirectSpecialPage.php
index ea7d783..01787d3 100644
--- 

[MediaWiki-commits] [Gerrit] mediawiki...parsoid[master]: Address edge case in DSR code that affects lint output in so...

[Subramanya Sastry (Code Review)]

Subramanya Sastry has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346904 )

Change subject: Address edge case in DSR code that affects lint output in some 
cases
..

Address edge case in DSR code that affects lint output in some cases

eccca398 added some DSR correction code for b/i tag misnesting
by (correctly) swallowing the DSR width of the stripped meta tag.

However, this also causes the stripped-elt meta tag itself to get
its DSR corrected to zero-width because of the forward pass.

This is not a problem normally since the meta tag will get stripped.

However, this trips up the linter stripped-tag DSR values for snippets
with i/b tags in them. It emits zero-width DSR for them. To prevent
this, we record the original DSR in a dp.tmp and utilize it in the
linter.

Added a new test case that passes with this patch and fails without.

Change-Id: Ie15c5311957995bf4fdbb97771e927b6ac39ba9e
---
M lib/wt2html/pp/handlers/linter.js
M lib/wt2html/pp/processors/computeDSR.js
M tests/mocha/linter.js
3 files changed, 21 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/parsoid 
refs/changes/04/346904/1

diff --git a/lib/wt2html/pp/handlers/linter.js 
b/lib/wt2html/pp/handlers/linter.js
index b83ec0f..a07f329 100644
--- a/lib/wt2html/pp/handlers/linter.js
+++ b/lib/wt2html/pp/handlers/linter.js
@@ -60,6 +60,12 @@
templateInfo = {
name: DU.findEnclosingTemplateName(tplInfo),
};
+   } else if (dp.tmp.origDSR) {
+   // During DSR computation, stripped meta tags
+   // surrender their width to its previous sibling.
+   // We record the original DSR in the tmp attribute
+   // for that reason.
+   dsr = dp.tmp.origDSR;
}
 
if (DU.hasNodeName(c, 'meta')) {
diff --git a/lib/wt2html/pp/processors/computeDSR.js 
b/lib/wt2html/pp/processors/computeDSR.js
index 038cf49..3b0abb8 100644
--- a/lib/wt2html/pp/processors/computeDSR.js
+++ b/lib/wt2html/pp/processors/computeDSR.js
@@ -241,6 +241,14 @@
correction = ndp.src.length;
ce += correction;
dsrCorrection = correction;
+
+   // Record original DSR for the 
meta tag
+   // since it will now get 
corrected to zero width
+   // since child acquires its 
width.
+   if (!ndp.tmp) {
+   ndp.tmp = {};
+   }
+   ndp.tmp.origDSR = [ndp.dsr[0], 
ndp.dsr[1], null, null];
}
}
}
diff --git a/tests/mocha/linter.js b/tests/mocha/linter.js
index 7c7dc89..6afa1ad 100644
--- a/tests/mocha/linter.js
+++ b/tests/mocha/linter.js
@@ -61,6 +61,13 @@
result[0].dsr.should.deep.equal([ 0, 27, null, 
null ]);
});
});
+   it('should lint stripped tags correctly in misnested tag 
situations', function() {
+   return parseWT('a').then(function(result) 
{
+   result.should.have.length(2);
+   result[1].should.have.a.property("type", 
"stripped-tag");
+   result[1].dsr.should.deep.equal([ 11, 15, null, 
null ]);
+   });
+   });
it('should lint obsolete tags correctly', function() {
return parseWT('foobar').then(function(result) 
{
result.should.have.length(1);

-- 
To view, visit https://gerrit.wikimedia.org/r/346904
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie15c5311957995bf4fdbb97771e927b6ac39ba9e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/parsoid
Gerrit-Branch: master
Gerrit-Owner: Subramanya Sastry 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Do not directly redirect to interwikis, but use sp...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346848 )

Change subject: SECURITY: Do not directly redirect to interwikis, but use 
splash page
..


SECURITY: Do not directly redirect to interwikis, but use splash page

Directly redirecting based on a url paramter might potentially
be used in a phishing attack to confuse users.

Bug: T109140
Bug: T122209
Change-Id: I6c604439320fa876719933cc7f3a3ff04fb1a6ad
---
M RELEASE-NOTES-1.27
M autoload.php
M includes/OutputPage.php
M includes/Title.php
M includes/specialpage/RedirectSpecialPage.php
M includes/specialpage/SpecialPageFactory.php
M includes/specials/SpecialChangeCredentials.php
M includes/specials/SpecialChangeEmail.php
A includes/specials/SpecialGoToInterwiki.php
M includes/specials/SpecialPageLanguage.php
M includes/specials/SpecialPreferences.php
M includes/specials/SpecialSearch.php
M includes/specials/helpers/LoginHelper.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M languages/messages/MessagesEn.php
16 files changed, 129 insertions(+), 10 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 3a496f2..3df89e0 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -23,6 +23,8 @@
 * (T145635) Fix too long index error when installing with MSSQL.
 * (T156184) $wgRawHtml will no longer apply to internationalization messages.
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 
installed.
+* (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 
redirect
+  to interwiki links.
 
 == MediaWiki 1.27.1 ==
 
diff --git a/autoload.php b/autoload.php
index f36e613..dbba50d 100644
--- a/autoload.php
+++ b/autoload.php
@@ -1255,6 +1255,7 @@
'SpecialExpandTemplates' => __DIR__ . 
'/includes/specials/SpecialExpandTemplates.php',
'SpecialExport' => __DIR__ . '/includes/specials/SpecialExport.php',
'SpecialFilepath' => __DIR__ . '/includes/specials/SpecialFilepath.php',
+   'SpecialGoToInterwiki' => __DIR__ . 
'/includes/specials/SpecialGoToInterwiki.php',
'SpecialImport' => __DIR__ . '/includes/specials/SpecialImport.php',
'SpecialJavaScriptTest' => __DIR__ . 
'/includes/specials/SpecialJavaScriptTest.php',
'SpecialLinkAccounts' => __DIR__ . 
'/includes/specials/SpecialLinkAccounts.php',
diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index 1985ab4..e5be2c7 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -2639,7 +2639,9 @@
} else {
$titleObj = Title::newFromText( $returnto );
}
-   if ( !is_object( $titleObj ) ) {
+   // We don't want people to return to external interwiki. That
+   // might potentially be used as part of a phishing scheme
+   if ( !is_object( $titleObj ) || $titleObj->isExternal() ) {
$titleObj = Title::newMainPage();
}
 
diff --git a/includes/Title.php b/includes/Title.php
index 589130d..6ba53d6 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -1682,6 +1682,33 @@
}
 
/**
+* Get a url appropriate for making redirects based on an untrusted url 
arg
+*
+* This is basically the same as getFullUrl(), but in the case of 
external
+* interwikis, we send the user to a landing page, to prevent possible
+* phishing attacks and the like.
+*
+* @note Uses current protocol by default, since technically relative 
urls
+*   aren't allowed in redirects per HTTP spec, so this is not suitable 
for
+*   places where the url gets cached, as might pollute between
+*   https and non-https users.
+* @see self::getLocalURL for the arguments.
+* @param array|string $query
+* @param string $proto Protocol type to use in URL
+* @return String. A url suitable to use in an HTTP location header.
+*/
+   public function getFullUrlForRedirect( $query = '', $proto = 
PROTO_CURRENT ) {
+   $target = $this;
+   if ( $this->isExternal() ) {
+   $target = SpecialPage::getTitleFor(
+   'GoToInterwiki',
+   $this->getPrefixedDBKey()
+   );
+   }
+   return $target->getFullUrl( $query, false, $proto );
+   }
+
+   /**
 * Get a URL with no fragment or server name (relative URL) from a 
Title object.
 * If this page is generated with action=render, however,
 * $wgServer is prepended to make an absolute URL.
diff --git a/includes/specialpage/RedirectSpecialPage.php 
b/includes/specialpage/RedirectSpecialPage.php
index ea7d783..01787d3 100644
--- 

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Do not allow users to undelete a page they can't e...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346847 )

Change subject: SECURITY: Do not allow users to undelete a page they can't edit 
or create
..


SECURITY: Do not allow users to undelete a page they can't edit or create

If the page exists, it only checks edit rights, otherwise it
checks both edit and create rights.

This would only matter on wikis that have a non-default rights
configuration where there are users with undelete rights but a
restriction level enabled that prevents them from creating/editing
pages (or they otherwise aren't allowed to edit/create)

It should be noted that the error messages aren't used in the
normal UI currently, but they could be in the future, and
extensions could potentially be using them (The backend functions
return them, but the UI functions in Special:Undelete ignore
them)

Bug: T108138
Change-Id: I164b80534cf89e0afca264e9de07431484af8508
---
M RELEASE-NOTES-1.29
M includes/Title.php
M includes/api/ApiUndelete.php
M languages/i18n/en.json
M languages/i18n/qqq.json
5 files changed, 23 insertions(+), 3 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index b835eb5..4b7de88 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -103,6 +103,8 @@
   in it's fallback chain when trying to work out where to write the cache.
 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
   syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is 
protected against
+  it.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/Title.php b/includes/Title.php
index f1cf81f..0db4094 100644
--- a/includes/Title.php
+++ b/includes/Title.php
@@ -2316,6 +2316,17 @@
) {
$errors[] = [ 'delete-toobig', 
$wgLang->formatNum( $wgDeleteRevisionsLimit ) ];
}
+   } elseif ( $action === 'undelete' ) {
+   if ( count( $this->getUserPermissionsErrorsInternal( 
'edit', $user, $rigor, true ) ) ) {
+   // Undeleting implies editing
+   $errors[] = [ 'undelete-cantedit' ];
+   }
+   if ( !$this->exists()
+   && count( 
$this->getUserPermissionsErrorsInternal( 'create', $user, $rigor, true ) )
+   ) {
+   // Undeleting where nothing currently exists 
implies creating
+   $errors[] = [ 'undelete-cantcreate' ];
+   }
}
return $errors;
}
diff --git a/includes/api/ApiUndelete.php b/includes/api/ApiUndelete.php
index 952e008..3aa7b60 100644
--- a/includes/api/ApiUndelete.php
+++ b/includes/api/ApiUndelete.php
@@ -33,7 +33,6 @@
$this->useTransactionalTimeLimit();
 
$params = $this->extractRequestParams();
-   $this->checkUserRightsAny( 'undelete' );
 
$user = $this->getUser();
if ( $user->isBlocked() ) {
@@ -45,6 +44,10 @@
$this->dieWithError( [ 'apierror-invalidtitle', 
wfEscapeWikiText( $params['title'] ) ] );
}
 
+   if ( !$titleObj->userCan( 'undelete', $user, 'secure' ) ) {
+   $this->dieWithError( 'permdenied-undelete' );
+   }
+
// Check if user can add tags
if ( !is_null( $params['tags'] ) ) {
$ableToTag = ChangeTags::canAddTagsAccompanyingChange( 
$params['tags'], $user );
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index a44ff92..d4196b0 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -4291,5 +4291,7 @@
"rawhtml-notallowed": "html tags cannot be used outside of 
normal pages.",
"gotointerwiki": "Leaving {{SITENAME}}",
"gotointerwiki-invalid": "The specified title was invalid.",
-   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1]."
+   "gotointerwiki-external": "You are about to leave {{SITENAME}} to visit 
[[$2]] which is a separate website.\n\n[$1 Click here to continue on to $1].",
+   "undelete-cantedit": "You cannot undelete this page as you are not 
allowed to edit this page.",
+   "undelete-cantcreate": "You cannot undelete this page as there is no 
existing page with this name and you are not allowed to create this page."
 }
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 5adfecd..fc1994b 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -4478,5 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): remove yuvi as it is a wikimedia address

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346884 )

Change subject: shinken (labs): remove yuvi as it is a wikimedia address
..


shinken (labs): remove yuvi as it is a wikimedia address

I hope we readd this shortly but at some personal address.

Change-Id: Ifcfd0a2fbcf813c3799e3c3bac0bcf2eafd23ae2
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 4 insertions(+), 11 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index f96ccd9..2165ca9 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,gehel
+members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel
 }
 
 define contactgroup {
@@ -22,7 +22,7 @@
 define contactgroup {
 contactgroup_name   wdq-mm
 alias   WDQ-mm Administrators
-members guest,yuvipanda,gehel
+members guest,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,bd808,andrewbogott
+members guest,chasemp,madhuvishy,bd808,andrewbogott
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 3b308d6..16f93af 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -89,13 +89,6 @@
 }
 
 define contact {
-contact_nameyuvipanda
-alias   Yuvi Panda
-email   yuvipa...@wikimedia.org
-use generic-contact
-}
-
-define contact {
 contact_namechasemp
 alias   Chase Pettet
 email   cpet...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifcfd0a2fbcf813c3799e3c3bac0bcf2eafd23ae2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): remove yuvi as it is a wikimedia address

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346884 )

Change subject: shinken (labs): remove yuvi as it is a wikimedia address
..

shinken (labs): remove yuvi as it is a wikimedia address

I hope we readd this shortly but at some personal address.

Change-Id: Ifcfd0a2fbcf813c3799e3c3bac0bcf2eafd23ae2
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 4 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/84/346884/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index f96ccd9..2165ca9 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
+members 
guest,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,gehel
+members guest,chasemp,madhuvishy,andrewbogott,bd808,gehel
 }
 
 define contactgroup {
@@ -22,7 +22,7 @@
 define contactgroup {
 contactgroup_name   wdq-mm
 alias   WDQ-mm Administrators
-members guest,yuvipanda,gehel
+members guest,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,bd808,andrewbogott
+members guest,chasemp,madhuvishy,bd808,andrewbogott
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 3b308d6..16f93af 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -89,13 +89,6 @@
 }
 
 define contact {
-contact_nameyuvipanda
-alias   Yuvi Panda
-email   yuvipa...@wikimedia.org
-use generic-contact
-}
-
-define contact {
 contact_namechasemp
 alias   Chase Pettet
 email   cpet...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346884
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifcfd0a2fbcf813c3799e3c3bac0bcf2eafd23ae2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add andrew Shinken Administrators

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346883 )

Change subject: shinken (labs): add andrew Shinken Administrators
..


shinken (labs): add andrew Shinken Administrators

Change-Id: I619125be5f1721ffae348ed37cb4ebd5fd29fe00
---
M modules/nagios_common/files/contactgroups-labs.cfg
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index b4058da..f96ccd9 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp,madhuvishy,bd808
+members 
guest,yuvipanda,chasemp,madhuvishy,bd808,andrewbogott
 }
 
 define contactgroup {

-- 
To view, visit https://gerrit.wikimedia.org/r/346883
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I619125be5f1721ffae348ed37cb4ebd5fd29fe00
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add andrew Shinken Administrators

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346883 )

Change subject: shinken (labs): add andrew Shinken Administrators
..

shinken (labs): add andrew Shinken Administrators

Change-Id: I619125be5f1721ffae348ed37cb4ebd5fd29fe00
---
M modules/nagios_common/files/contactgroups-labs.cfg
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/83/346883/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index b4058da..f96ccd9 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp,madhuvishy,bd808
+members 
guest,yuvipanda,chasemp,madhuvishy,bd808,andrewbogott
 }
 
 define contactgroup {

-- 
To view, visit https://gerrit.wikimedia.org/r/346883
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I619125be5f1721ffae348ed37cb4ebd5fd29fe00
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Escape wikitext content model/format in message

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346843 )

Change subject: SECURITY: Escape wikitext content model/format in message
..


SECURITY: Escape wikitext content model/format in message

Escape wikitext in model= and format= url parameter to
edit page. This goes along with 1c788944 to help prevent
XSS for wikis with $wgRawHtml = true; set.

Bug: T156184
Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
---
M RELEASE-NOTES-1.29
M includes/EditPage.php
2 files changed, 6 insertions(+), 2 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index eece3de..2552b40 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -94,6 +94,7 @@
   their values out of the logs.
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
+* (T156184) SECURITY: Escape content model/format url parameter in message.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/EditPage.php b/includes/EditPage.php
index e4d217c..2153b8c 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -1027,7 +1027,7 @@
throw new ErrorPageError(
'editpage-invalidcontentmodel-title',
'editpage-invalidcontentmodel-text',
-   [ $this->contentModel ]
+   [ wfEscapeWikiText( $this->contentModel ) ]
);
}
 
@@ -1035,7 +1035,10 @@
throw new ErrorPageError(
'editpage-notsupportedcontentformat-title',
'editpage-notsupportedcontentformat-text',
-   [ $this->contentFormat, 
ContentHandler::getLocalizedName( $this->contentModel ) ]
+   [
+   wfEscapeWikiText( $this->contentFormat 
),
+   wfEscapeWikiText( 
ContentHandler::getLocalizedName( $this->contentModel ) )
+   ]
);
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346843
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ifcaa2ccf05a2a691d0b150e2f7e0e765db25fc7f
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Jackmcbarn 
Gerrit-Reviewer: Tpt 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Don't write LocalisationCache to temporary directory

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346845 )

Change subject: SECURITY: Don't write LocalisationCache to temporary directory
..


SECURITY: Don't write LocalisationCache to temporary directory

Bug: T161453
Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
---
M RELEASE-NOTES-1.29
M includes/cache/localisation/LocalisationCache.php
2 files changed, 10 insertions(+), 8 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 25f72a8..8b099bd 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -35,6 +35,8 @@
 * (T156983) $wgRateLimitsExcludedIPs now accepts CIDR ranges as well as single 
IPs.
 * $wgDummyLanguageCodes is deprecated. Additional language code mappings may be
   added to $wgExtraLanguageCodes instead.
+* (T161453) LocalisationCache will no longer use the temporary directory in 
it's
+  fallback chain when trying to work out where to write the cache.
 
 === New features in 1.29 ===
 * (T5233) A cookie can now be set when a user is autoblocked, to track that 
user
@@ -97,6 +99,8 @@
 * (T156184) SECURITY: Escape content model/format url parameter in message.
 * (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
   declaration.
+* (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
+  in it's fallback chain when trying to work out where to write the cache.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/cache/localisation/LocalisationCache.php 
b/includes/cache/localisation/LocalisationCache.php
index cbff113..d499340 100644
--- a/includes/cache/localisation/LocalisationCache.php
+++ b/includes/cache/localisation/LocalisationCache.php
@@ -212,19 +212,17 @@
case 'detect':
if ( !empty( $conf['storeDirectory'] ) 
) {
$storeClass = 'LCStoreCDB';
+   } elseif ( $wgCacheDirectory ) {
+   $storeConf['directory'] = 
$wgCacheDirectory;
+   $storeClass = 'LCStoreCDB';
} else {
-   $cacheDir = $wgCacheDirectory 
?: wfTempDir();
-   if ( $cacheDir ) {
-   $storeConf['directory'] 
= $cacheDir;
-   $storeClass = 
'LCStoreCDB';
-   } else {
-   $storeClass = 
'LCStoreDB';
-   }
+   $storeClass = 'LCStoreDB';
}
break;
default:
throw new MWException(
-   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.' );
+   'Please set 
$wgLocalisationCacheConf[\'store\'] to something sensible.'
+   );
}
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346845
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I51b375c63fcece908da921c465c861968c9eee1c
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Aaron Schulz 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Always normalize link url before adding to ParserO...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346846 )

Change subject: SECURITY: Always normalize link url before adding to 
ParserOutput
..


SECURITY: Always normalize link url before adding to ParserOutput

Move link normalization directly into addExternalLink() method,
since you always need to do it - having it separate is just
inviting people to forget to normalize a link.

Additionally, links weren't properly registered for .
This was somewhat unnoticed, as the call to recursiveTagParse()
would register free links, but it wouldn't work for example with
protocol relative links.

Issue originally reported by MZMcBride.

Bug: T48143
Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
---
M RELEASE-NOTES-1.29
M includes/parser/Parser.php
M includes/parser/ParserOutput.php
3 files changed, 10 insertions(+), 7 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 8b099bd..b835eb5 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -101,6 +101,8 @@
   declaration.
 * (T161453) SECURITY: LocalisationCache will no longer use the temporary 
directory
   in it's fallback chain when trying to work out where to write the cache.
+* (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file 
inclusion
+  syntax's link parameter.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index be4557d..953f021 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -1610,9 +1610,7 @@
true, 'free',
$this->getExternalLinkAttribs( $url ), 
$this->mTitle );
# Register it in the output object...
-   # Replace unnecessary URL escape codes with their 
equivalent characters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
return $text . $trail;
}
@@ -1908,10 +1906,7 @@
$this->getExternalLinkAttribs( $url ), 
$this->mTitle ) . $dtrail . $trail;
 
# Register link in the output object.
-   # Replace unnecessary URL escape codes with the 
referenced character
-   # This prevents spammers from hiding links from the 
filters
-   $pasteurized = self::normalizeLinkUrl( $url );
-   $this->mOutput->addExternalLink( $pasteurized );
+   $this->mOutput->addExternalLink( $url );
}
 
return $s;
@@ -5086,9 +5081,11 @@
}
if ( preg_match( 
"/^($prots)$addr$chars*$/u", $linkValue ) ) {
$link = 
$linkValue;
+   
$this->mOutput->addExternalLink( $link );
} else {
$localLinkTitle 
= Title::newFromText( $linkValue );
if ( 
$localLinkTitle !== null ) {
+   
$this->mOutput->addLink( $localLinkTitle );
$link = 
$localLinkTitle->getLinkURL();
}
}
diff --git a/includes/parser/ParserOutput.php b/includes/parser/ParserOutput.php
index b2f99b3..7de3b30 100644
--- a/includes/parser/ParserOutput.php
+++ b/includes/parser/ParserOutput.php
@@ -535,6 +535,10 @@
# We don't register links pointing to our own server, unless... 
:-)
global $wgServer, $wgRegisterInternalExternals;
 
+   # Replace unnecessary URL escape codes with the referenced 
character
+   # This prevents spammers from hiding links from the filters
+   $url = parser::normalizeLinkUrl( $url );
+
$registerExternalLink = true;
if ( !$wgRegisterInternalExternals ) {
$registerExternalLink = !self::isLinkInternal( 
$wgServer, $url );

-- 
To view, visit https://gerrit.wikimedia.org/r/346846
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I557fb3b433ef9d618097b6ba4eacc6bada250ca2
Gerrit-PatchSet: 1

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Whitelist DTD declaration in SVG

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346844 )

Change subject: SECURITY: Whitelist DTD declaration in SVG
..


SECURITY: Whitelist DTD declaration in SVG

Only allow ENTITY declarations inside the doctype internal
subset. Do not allow parameter entities, recursive entity
references are entity values longer than 255 bytes, or
external entity references. Filter external doctype subset
to only allow the standard svg doctypes.

Recursive entities that are simple aliases are allowed
because people appear to use them on commons. Declaring
xmlns:xlink to have a #FIXED value to the xlink namespace
is allowed because GraphViz apparently does that so its
somewhat common.

This prevents someone bypassing filter by using default
attribute values in internal dtd subset. No browser loads
the external dtd subset that I could find, but whitelist
just to be safe anyways.

Issue reported by Cassiogomes11.

Bug: T151735
Change-Id: I7cb4690f759ad97e70e06e560978b6207d84c446
---
M RELEASE-NOTES-1.29
M includes/libs/mime/XmlTypeCheck.php
M includes/upload/UploadBase.php
M languages/i18n/en.json
M languages/i18n/qqq.json
M tests/phpunit/includes/upload/UploadBaseTest.php
6 files changed, 321 insertions(+), 8 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 2552b40..25f72a8 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -95,6 +95,8 @@
 * (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
   token.
 * (T156184) SECURITY: Escape content model/format url parameter in message.
+* (T151735) SECURITY: SVG filter evasion using default attribute values in DTD
+  declaration.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/libs/mime/XmlTypeCheck.php 
b/includes/libs/mime/XmlTypeCheck.php
index 7f2bf5e..e48cf62 100644
--- a/includes/libs/mime/XmlTypeCheck.php
+++ b/includes/libs/mime/XmlTypeCheck.php
@@ -73,19 +73,36 @@
 */
private $parserOptions = [
'processing_instruction_handler' => '',
+   'external_dtd_handler' => '',
+   'dtd_handler' => '',
+   'require_safe_dtd' => true
];
 
/**
+* Allow filtering an XML file.
+*
+* Filters should return either true or a string to indicate something
+* is wrong with the file. $this->filterMatch will store if the
+* file failed validation (true = failed validation).
+* $this->filterMatchType will contain the validation error.
+* $this->wellFormed will contain whether the xml file is well-formed.
+*
+* @note If multiple filters are hit, only one of them will have the
+*  result stored in $this->filterMatchType.
+*
 * @param string $input a filename or string containing the XML element
 * @param callable $filterCallback (optional)
 *Function to call to do additional custom validity checks from 
the
 *SAX element handler event. This gives you access to the 
element
 *namespace, name, attributes, and text contents.
-*Filter should return 'true' to toggle on $this->filterMatch
+*Filter should return a truthy value describing the error.
 * @param bool $isFile (optional) indicates if the first parameter is a
 *filename (default, true) or if it is a string (false)
 * @param array $options list of additional parsing options:
 *processing_instruction_handler: Callback for 
xml_set_processing_instruction_handler
+*external_dtd_handler: Callback for the url of external dtd 
subset
+*dtd_handler: Callback given the full text of the filterCallback = $filterCallback;
@@ -186,6 +203,9 @@
if ( $reader->nodeType === XMLReader::PI ) {
$this->processingInstructionHandler( 
$reader->name, $reader->value );
}
+   if ( $reader->nodeType === XMLReader::DOC_TYPE ) {
+   $this->DTDHandler( $reader );
+   }
} while ( $reader->nodeType != XMLReader::ELEMENT );
 
// Process the rest of the document
@@ -234,8 +254,13 @@
$reader->value
);
break;
+   case XMLReader::DOC_TYPE:
+   // We should never see a doctype after 
first
+   // element.
+   $this->wellFormed = false;
+   

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): remove coren as contact tools/inf groups

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346882 )

Change subject: shinken (labs): remove coren as contact tools/inf groups
..


shinken (labs): remove coren as contact tools/inf groups

Change-Id: Iff465473fe3ce920e45b8b3772cbda7d0df848cc
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 2 insertions(+), 9 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 87b4c2b..b4058da 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,gehel
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 9157781..3b308d6 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -131,13 +131,6 @@
 }
 
 define contact {
-contact_namecoren
-alias   Coren
-email   m...@wikimedia.org
-use generic-contact
-}
-
-define contact {
 contact_nameandrewbogott
 alias   Andrew Bogott
 email   abog...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346882
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iff465473fe3ce920e45b8b3772cbda7d0df848cc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): remove coren as contact tools/inf groups

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346882 )

Change subject: shinken (labs): remove coren as contact tools/inf groups
..

shinken (labs): remove coren as contact tools/inf groups

Change-Id: Iff465473fe3ce920e45b8b3772cbda7d0df848cc
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 2 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/82/346882/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 87b4c2b..b4058da 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,gehel
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 9157781..3b308d6 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -131,13 +131,6 @@
 }
 
 define contact {
-contact_namecoren
-alias   Coren
-email   m...@wikimedia.org
-use generic-contact
-}
-
-define contact {
 contact_nameandrewbogott
 alias   Andrew Bogott
 email   abog...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346882
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iff465473fe3ce920e45b8b3772cbda7d0df848cc
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add bdavis as contact tools/inf groups

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346881 )

Change subject: shinken (labs): add bdavis as contact tools/inf groups
..


shinken (labs): add bdavis as contact tools/inf groups

Change-Id: I23df8d795963e428aaa6ba25820c75868a48c4a6
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index ad6a472..87b4c2b 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp,madhuvishy
+members guest,yuvipanda,chasemp,madhuvishy,bd808
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 6f6c9ad..9157781 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -103,6 +103,13 @@
 }
 
 define contact {
+contact_namebd808
+alias   Bryan Davis
+email   bda...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namemadhuvishy
 alias   Madhumitha Viswanathan
 email   mviswanat...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346881
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I23df8d795963e428aaa6ba25820c75868a48c4a6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add bdavis as contact tools/inf groups

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346881 )

Change subject: shinken (labs): add bdavis as contact tools/inf groups
..

shinken (labs): add bdavis as contact tools/inf groups

Change-Id: I23df8d795963e428aaa6ba25820c75868a48c4a6
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/81/346881/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index ad6a472..87b4c2b 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,bd808,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp,madhuvishy
+members guest,yuvipanda,chasemp,madhuvishy,bd808
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 6f6c9ad..9157781 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -103,6 +103,13 @@
 }
 
 define contact {
+contact_namebd808
+alias   Bryan Davis
+email   bda...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namemadhuvishy
 alias   Madhumitha Viswanathan
 email   mviswanat...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346881
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I23df8d795963e428aaa6ba25820c75868a48c4a6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Keystonehooks: Add two more ldap ous for sudo handling.

[Andrew Bogott (Code Review)]

Andrew Bogott has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346880 )

Change subject: Keystonehooks:  Add two more ldap ous for sudo handling.
..

Keystonehooks:  Add two more ldap ous for sudo handling.

These are pointless stubs, but apparently we need them.

Change-Id: I62b2300b6fbf0b806755bcd6f0e5ee931f1a0aa7
---
M modules/openstack/files/liberty/keystone/wmfkeystonehooks/ldapgroups.py
1 file changed, 21 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/80/346880/1

diff --git 
a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/ldapgroups.py 
b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/ldapgroups.py
index e77067d..5e485c8 100644
--- a/modules/openstack/files/liberty/keystone/wmfkeystonehooks/ldapgroups.py
+++ b/modules/openstack/files/liberty/keystone/wmfkeystonehooks/ldapgroups.py
@@ -204,6 +204,27 @@
 except ldap.LDAPError as e:
 LOG.warning("Failed to create project base %s in ldap: %s" % 
(projectbase, e))
 
+# this record is empty and arbitrary, but keeps sudo-ldap from
+#  freaking out and ignoring all groups.
+groupsdn = "ou=groups,%s" % projectbase
+groupsentry = {}
+groupsentry['objectClass'] = ['organizationalunit']
+modlist = ldap.modlist.addModlist(groupsentry)
+try:
+ds.add_s(groupsdn, modlist)
+except ldap.LDAPError as e:
+LOG.warning("Failed to create base group entry: %s" % e)
+
+#  This one too!
+peopledn = "ou=people,%s" % projectbase
+peopleentry = {}
+peopleentry['objectClass'] = ['organizationalunit']
+modlist = ldap.modlist.addModlist(peopleentry)
+try:
+ds.add_s(peopledn, modlist)
+except ldap.LDAPError as e:
+LOG.warning("Failed to create base people entry: %s" % e)
+
 sudoerbase = "ou=sudoers,%s" % projectbase
 sudoEntry = {}
 sudoEntry['objectClass'] = ['organizationalunit', 'top']

-- 
To view, visit https://gerrit.wikimedia.org/r/346880
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I62b2300b6fbf0b806755bcd6f0e5ee931f1a0aa7
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add madhuvishy as contact tools/inf groups

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346879 )

Change subject: shinken (labs): add madhuvishy as contact tools/inf groups
..


shinken (labs): add madhuvishy as contact tools/inf groups

Change-Id: I9867f69e494121d34f590b6fc13a7bf4c80208d2
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)

Approvals:
  Madhuvishy: Looks good to me, but someone else must approve
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 9a00b5a..ad6a472 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,yuvipanda,chasemp,andrewbogott,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp
+members guest,yuvipanda,chasemp,madhuvishy
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 77d112f..6f6c9ad 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -103,6 +103,13 @@
 }
 
 define contact {
+contact_namemadhuvishy
+alias   Madhumitha Viswanathan
+email   mviswanat...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namegehel
 alias   Guillaume Lederrey
 email   gleder...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346879
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9867f69e494121d34f590b6fc13a7bf4c80208d2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Madhuvishy 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add madhuvishy as contact tools/inf groups

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346879 )

Change subject: shinken (labs): add madhuvishy as contact tools/inf groups
..

shinken (labs): add madhuvishy as contact tools/inf groups

Change-Id: I9867f69e494121d34f590b6fc13a7bf4c80208d2
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/79/346879/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 9a00b5a..ad6a472 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,chasemp,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,yuvipanda,chasemp,andrewbogott,coren,gehel
+members 
guest,yuvipanda,chasemp,madhuvishy,andrewbogott,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda,chasemp
+members guest,yuvipanda,chasemp,madhuvishy
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 77d112f..6f6c9ad 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -103,6 +103,13 @@
 }
 
 define contact {
+contact_namemadhuvishy
+alias   Madhumitha Viswanathan
+email   mviswanat...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namegehel
 alias   Guillaume Lederrey
 email   gleder...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346879
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9867f69e494121d34f590b6fc13a7bf4c80208d2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: SpecialWatchlist: Check CSRF token when using "Mar...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346842 )

Change subject: SECURITY: SpecialWatchlist: Check CSRF token when using "Mark 
all pages visited"
..


SECURITY: SpecialWatchlist: Check CSRF token when using "Mark all pages visited"

Bug: T150044
Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
---
M RELEASE-NOTES-1.29
M includes/specials/SpecialWatchlist.php
2 files changed, 4 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 94bdcf7..eece3de 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -92,6 +92,8 @@
   $wgAdvancedSearchHighlighting is true.
 * (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
   their values out of the logs.
+* (T150044) SECURITY: "Mark all pages visited" on the watchlist now requires a 
CSRF
+  token.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/specials/SpecialWatchlist.php 
b/includes/specials/SpecialWatchlist.php
index 365736f..c1c9ab0 100644
--- a/includes/specials/SpecialWatchlist.php
+++ b/includes/specials/SpecialWatchlist.php
@@ -81,6 +81,7 @@
if ( ( $config->get( 'EnotifWatchlist' ) || $config->get( 
'ShowUpdatedMarker' ) )
&& $request->getVal( 'reset' )
&& $request->wasPosted()
+   && $user->matchEditToken( $request->getVal( 'token' ) )
) {
$user->clearAllNotifications();
$output->redirect( $this->getPageTitle()->getFullURL( 
$opts->getChangedValues() ) );
@@ -660,6 +661,7 @@
'id' => 'mw-watchlist-resetbutton' ] ) . "\n" .
Xml::submitButton( $this->msg( 'enotif_reset' )->text(),
[ 'name' => 'mw-watchlist-reset-submit' ] ) . 
"\n" .
+   Html::hidden( 'token', $user->getEditToken() ) . "\n" .
Html::hidden( 'reset', 'all' ) . "\n";
foreach ( $nondefaults as $key => $value ) {
$form .= Html::hidden( $key, $value ) . "\n";

-- 
To view, visit https://gerrit.wikimedia.org/r/346842
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7f75cab4ceb4a2c320af210fad15956b70c29661
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Bartosz Dziewoński 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Florianschmidtwelzow 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikidata...rdf[master]: Update GUI

[Smalyshev (Code Review)]

Smalyshev has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346876 )

Change subject: Update GUI
..

Update GUI

Change-Id: I9cb69ea3ea15a1ee73f20dddf9d244a0b2bf49a2
---
M gui
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/rdf 
refs/changes/76/346876/1

diff --git a/gui b/gui
index 282867e..ee8f535 16
--- a/gui
+++ b/gui
@@ -1 +1 @@
-Subproject commit 282867eb7a210a9a2393d62ed9d619b4248f95fe
+Subproject commit ee8f5350806b4f1eb9cdcb2380c2d44b05fa9dd9

-- 
To view, visit https://gerrit.wikimedia.org/r/346876
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9cb69ea3ea15a1ee73f20dddf9d244a0b2bf49a2
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/rdf
Gerrit-Branch: master
Gerrit-Owner: Smalyshev 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add chasemp as contact tools/inf groups

[Rush (Code Review)]

Rush has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346874 )

Change subject: shinken (labs): add chasemp as contact tools/inf groups
..


shinken (labs): add chasemp as contact tools/inf groups

Change-Id: I1dec798d6edb1dc5ef3d1dfe387deb4a3fc9eae1
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)

Approvals:
  Rush: Verified; Looks good to me, approved



diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 95c6e1e..9a00b5a 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,andrewbogott,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,yuvipanda,andrewbogott,coren,gehel
+members guest,yuvipanda,chasemp,andrewbogott,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda
+members guest,yuvipanda,chasemp
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 640865a..77d112f 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -96,6 +96,13 @@
 }
 
 define contact {
+contact_namechasemp
+alias   Chase Pettet
+email   cpet...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namegehel
 alias   Guillaume Lederrey
 email   gleder...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346874
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1dec798d6edb1dc5ef3d1dfe387deb4a3fc9eae1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: API: Don't log "sensitive" parameters

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346841 )

Change subject: SECURITY: API: Don't log "sensitive" parameters
..


SECURITY: API: Don't log "sensitive" parameters

Stuff like passwords and CSRF tokens shouldn't be in the logs.

The fact of being sensitive is intentionally separated from the need to
be in the POST body because, for example, the wltoken parameter to
ApiQueryWatchlist needs to be in the query string to serve its purpose
but still shouldn't be logged.

Bug: T125177
Change-Id: I1d61f4dcf792d77401ee2e2988b1afcb2a2ad58f
---
M RELEASE-NOTES-1.29
M includes/api/ApiAuthManagerHelper.php
M includes/api/ApiBase.php
M includes/api/ApiCheckToken.php
M includes/api/ApiLogin.php
M includes/api/ApiMain.php
M includes/api/ApiQueryWatchlist.php
M includes/api/ApiQueryWatchlistRaw.php
8 files changed, 47 insertions(+), 3 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index a2dbcd5..94bdcf7 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -90,6 +90,8 @@
   to interwiki links.
 * (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
   $wgAdvancedSearchHighlighting is true.
+* (T125177) SECURITY: API parameters may now be marked as "sensitive" to keep
+  their values out of the logs.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
@@ -150,6 +152,8 @@
   various methods now take a module path rather than a module name.
 * ApiMessageTrait::getApiCode() now strips 'apierror-' and 'apiwarn-' prefixes
   from the message key, and maps some message keys for backwards compatibility.
+* API parameters may now be marked as "sensitive" to keep their values out of
+  the logs.
 
 === Languages updated in 1.29 ===
 
diff --git a/includes/api/ApiAuthManagerHelper.php 
b/includes/api/ApiAuthManagerHelper.php
index d037c36..8862cc7 100644
--- a/includes/api/ApiAuthManagerHelper.php
+++ b/includes/api/ApiAuthManagerHelper.php
@@ -169,6 +169,7 @@
$this->module->getMain()->markParamsUsed( array_keys( $data ) );
 
if ( $sensitive ) {
+   $this->module->getMain()->markParamsSensitive( 
array_keys( $sensitive ) );
$this->module->requirePostedParameters( array_keys( 
$sensitive ), 'noprefix' );
}
 
diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index fec4234..b698cef 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -188,6 +188,13 @@
 */
const PARAM_EXTRA_NAMESPACES = 18;
 
+   /*
+* (boolean) Is the parameter sensitive? Note 'password'-type fields are
+* always sensitive regardless of the value of this field.
+* @since 1.29
+*/
+   const PARAM_SENSITIVE = 19;
+
/**@}*/
 
const ALL_DEFAULT_STRING = '*';
@@ -1024,6 +1031,10 @@
$type = gettype( $default );
} else {
$type = 'NULL'; // allow everything
+   }
+
+   if ( $type == 'password' || !empty( 
$paramSettings[self::PARAM_SENSITIVE] ) ) {
+   $this->getMain()->markParamsSensitive( 
$encParamName );
}
}
 
@@ -2030,6 +2041,7 @@
$params['token'] = [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [
'api-help-param-token',
$this->needsToken(),
diff --git a/includes/api/ApiCheckToken.php b/includes/api/ApiCheckToken.php
index 3cc7a8a..480915e 100644
--- a/includes/api/ApiCheckToken.php
+++ b/includes/api/ApiCheckToken.php
@@ -73,6 +73,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => true,
+   ApiBase::PARAM_SENSITIVE => true,
],
'maxtokenage' => [
ApiBase::PARAM_TYPE => 'integer',
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index e3513da..41bec35 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -250,6 +250,7 @@
'token' => [
ApiBase::PARAM_TYPE => 'string',
ApiBase::PARAM_REQUIRED => false, // for BC
+   ApiBase::PARAM_SENSITIVE => true,
ApiBase::PARAM_HELP_MSG => [ 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: shinken (labs): add chasemp as contact tools/inf groups

[Rush (Code Review)]

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346874 )

Change subject: shinken (labs): add chasemp as contact tools/inf groups
..

shinken (labs): add chasemp as contact tools/inf groups

Change-Id: I1dec798d6edb1dc5ef3d1dfe387deb4a3fc9eae1
---
M modules/nagios_common/files/contactgroups-labs.cfg
M modules/nagios_common/files/contacts-labs.cfg
2 files changed, 10 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/74/346874/1

diff --git a/modules/nagios_common/files/contactgroups-labs.cfg 
b/modules/nagios_common/files/contactgroups-labs.cfg
index 95c6e1e..9a00b5a 100644
--- a/modules/nagios_common/files/contactgroups-labs.cfg
+++ b/modules/nagios_common/files/contactgroups-labs.cfg
@@ -4,13 +4,13 @@
 define contactgroup {
 contactgroup_name   tools
 alias   ToolLabs Administrators
-members 
guest,yuvipanda,andrewbogott,coren,scfc_de,valhallasw,irc-labs
+members 
guest,yuvipanda,chasemp,andrewbogott,coren,scfc_de,valhallasw,irc-labs
 }
 
 define contactgroup {
 contactgroup_name   labs-infra
 alias   Wikimedia Labs Infrastructure Administrators
-members guest,yuvipanda,andrewbogott,coren,gehel
+members guest,yuvipanda,chasemp,andrewbogott,coren,gehel
 }
 
 define contactgroup {
@@ -52,7 +52,7 @@
 define contactgroup {
 contactgroup_name   shinken
 alias   Shinken Administrators
-members guest,yuvipanda
+members guest,yuvipanda,chasemp
 }
 
 define contactgroup {
diff --git a/modules/nagios_common/files/contacts-labs.cfg 
b/modules/nagios_common/files/contacts-labs.cfg
index 640865a..77d112f 100644
--- a/modules/nagios_common/files/contacts-labs.cfg
+++ b/modules/nagios_common/files/contacts-labs.cfg
@@ -96,6 +96,13 @@
 }
 
 define contact {
+contact_namechasemp
+alias   Chase Pettet
+email   cpet...@wikimedia.org
+use generic-contact
+}
+
+define contact {
 contact_namegehel
 alias   Guillaume Lederrey
 email   gleder...@wikimedia.org

-- 
To view, visit https://gerrit.wikimedia.org/r/346874
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1dec798d6edb1dc5ef3d1dfe387deb4a3fc9eae1
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/debian[master]: Update changelog for 1.27.2 release

[Legoktm (Code Review)]

Legoktm has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346873 )

Change subject: Update changelog for 1.27.2 release
..


Update changelog for 1.27.2 release

Change-Id: Idefbf2b9b3ab9711c85f708f00b776793332c960
---
M debian/changelog
1 file changed, 6 insertions(+), 2 deletions(-)

Approvals:
  Legoktm: Verified; Looks good to me, approved
  jenkins-bot: Verified



diff --git a/debian/changelog b/debian/changelog
index b3bc3f7..6db2cc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,12 @@
-mediawiki (1:1.27.1-4) UNRELEASED; urgency=medium
+mediawiki (1:1.27.2-1) unstable; urgency=medium
 
   * Improve NEWS file (Closes: #852862, #854352)
+  * Imported Upstream version 1.27.2 (security release), fixing
+CVE-2017-0363, CVE-2017-0364, CVE-2017-0365, CVE-2017-0361,
+CVE-2017-0362, CVE-2017-0368, CVE-2017-0366, CVE-2017-0370,
+CVE-2017-0369, CVE-2017-0367, CVE-2017-0372
 
- -- Kunal Mehta   Sun, 29 Jan 2017 21:28:59 -0800
+ -- Kunal Mehta   Thu, 06 Apr 2017 14:04:24 -0700
 
 mediawiki (1:1.27.1-3) unstable; urgency=medium
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346873
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Idefbf2b9b3ab9711c85f708f00b776793332c960
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/debian
Gerrit-Branch: master
Gerrit-Owner: Legoktm 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/debian[master]: Merge tag 'upstream/1.27.2'

[Legoktm (Code Review)]

Legoktm has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346869 )

Change subject: Merge tag 'upstream/1.27.2'
..


Merge tag 'upstream/1.27.2'

Upstream version 1.27.2

Change-Id: I2e44f6b70cac648b1a7f7a3b04fd9eb2e37bfce7
---
0 files changed, 0 insertions(+), 0 deletions(-)

Approvals:
  Legoktm: Looks good to me, approved
  jenkins-bot: Verified




-- 
To view, visit https://gerrit.wikimedia.org/r/346869
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2e44f6b70cac648b1a7f7a3b04fd9eb2e37bfce7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/debian
Gerrit-Branch: master
Gerrit-Owner: Legoktm 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/debian[master]: Update changelog for 1.27.2 release

[Legoktm (Code Review)]

Legoktm has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346873 )

Change subject: Update changelog for 1.27.2 release
..

Update changelog for 1.27.2 release

Change-Id: Idefbf2b9b3ab9711c85f708f00b776793332c960
---
M debian/changelog
1 file changed, 6 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/debian 
refs/changes/73/346873/1

diff --git a/debian/changelog b/debian/changelog
index b3bc3f7..6db2cc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,12 @@
-mediawiki (1:1.27.1-4) UNRELEASED; urgency=medium
+mediawiki (1:1.27.2-1) unstable; urgency=medium
 
   * Improve NEWS file (Closes: #852862, #854352)
+  * Imported Upstream version 1.27.2 (security release), fixing
+CVE-2017-0363, CVE-2017-0364, CVE-2017-0365, CVE-2017-0361,
+CVE-2017-0362, CVE-2017-0368, CVE-2017-0366, CVE-2017-0370,
+CVE-2017-0369, CVE-2017-0367, CVE-2017-0372
 
- -- Kunal Mehta   Sun, 29 Jan 2017 21:28:59 -0800
+ -- Kunal Mehta   Thu, 06 Apr 2017 14:04:24 -0700
 
 mediawiki (1:1.27.1-3) unstable; urgency=medium
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346873
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idefbf2b9b3ab9711c85f708f00b776793332c960
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/debian
Gerrit-Branch: master
Gerrit-Owner: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = t...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/346840 )

Change subject: SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;
..


SECURITY: XSS in search if $wgAdvancedSearchHighlighting = true;

In the non-default configuration where $wgAdvancedSearchHighlighting
is set to true, there is an XSS vulnerability as HTML tags are
not properly escaped if the tag spans multiple search results

Issue introduced in abf726ea0 (MediaWiki 1.13 and above).

Bug: T144845
Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
---
M RELEASE-NOTES-1.29
M includes/search/SearchHighlighter.php
2 files changed, 10 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index 11f961e..a2dbcd5 100644
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -88,6 +88,8 @@
 * (T160519) CACHE_ANYTHING will not be CACHE_ACCEL if no accelerator is 
installed.
 * (T109140) (T122209) SECURITY: Special:UserLogin and Special:Search allow 
redirect
   to interwiki links.
+* (T144845) SECURITY: XSS in SearchHighlighter::highlightText() when
+  $wgAdvancedSearchHighlighting is true.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
diff --git a/includes/search/SearchHighlighter.php 
b/includes/search/SearchHighlighter.php
index d0e3a24..cebdb40 100644
--- a/includes/search/SearchHighlighter.php
+++ b/includes/search/SearchHighlighter.php
@@ -29,6 +29,10 @@
 class SearchHighlighter {
protected $mCleanWikitext = true;
 
+   /**
+* @warning If you pass false to this constructor, then
+*  the caller is responsible for HTML escaping.
+*/
function __construct( $cleanupWikitext = true ) {
$this->mCleanWikitext = $cleanupWikitext;
}
@@ -456,6 +460,10 @@
$text = preg_replace( "/('''|<\/?[iIuUbB]>)/", "", $text );
$text = preg_replace( "/''/", "", $text );
 
+   // Note, the previous /<\/?[^>]+>/ is insufficient
+   // for XSS safety as the HTML tag can span multiple
+   // search results (T144845).
+   $text = Sanitizer::escapeHtmlAllowEntities( $text );
return $text;
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/346840
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2db7888d591b97f1a01bfd3b7567ce6f169874d3
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: DCausse 
Gerrit-Reviewer: Smalyshev 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] oojs/ui[master]: MediaWiki theme: Remove non-used indicator flags

[VolkerE (Code Review)]

VolkerE has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/346872 )

Change subject: MediaWiki theme: Remove non-used indicator flags
..

MediaWiki theme: Remove non-used indicator flags

Removing all flags, but 'invert' from indicators. Related to
I89d7d21707b53b

Change-Id: I47efe6587d88040c33f240106f00dff763730af7
---
M src/themes/mediawiki/indicators.json
1 file changed, 0 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/oojs/ui refs/changes/72/346872/1

diff --git a/src/themes/mediawiki/indicators.json 
b/src/themes/mediawiki/indicators.json
index df32417..1b99365 100644
--- a/src/themes/mediawiki/indicators.json
+++ b/src/themes/mediawiki/indicators.json
@@ -6,18 +6,6 @@
"invert": {
"color": "#fff",
"global": true
-   },
-   "progressive": {
-   "color": "#36c"
-   },
-   "constructive": {
-   "color": "#36c"
-   },
-   "destructive": {
-   "color": "#d33"
-   },
-   "warning": {
-   "color": "#ff5d00"
}
},
"images": {

-- 
To view, visit https://gerrit.wikimedia.org/r/346872
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I47efe6587d88040c33f240106f00dff763730af7
Gerrit-PatchSet: 1
Gerrit-Project: oojs/ui
Gerrit-Branch: master
Gerrit-Owner: VolkerE 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits