[MediaWiki-commits] [Gerrit] labs/private[master]: passwords: update labs root key for Daniel

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/390240 )

Change subject: passwords: update labs root key for Daniel
..


passwords: update labs root key for Daniel

My labs root key is outdated. This is my new labs key
that i'm already using for regular (non-root) access
to cloud VPSes.

Please update my root key as well. Thanks!

Change-Id: I851de517a73304aa7bc2793fc24edd31693381c4
---
M modules/passwords/templates/root-authorized-keys.erb
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Rush: Looks good to me, but someone else must approve
  Dzahn: Verified; Looks good to me, approved



diff --git a/modules/passwords/templates/root-authorized-keys.erb 
b/modules/passwords/templates/root-authorized-keys.erb
index 7efbdec..0a71469 100644
--- a/modules/passwords/templates/root-authorized-keys.erb
+++ b/modules/passwords/templates/root-authorized-keys.erb
@@ -9,7 +9,7 @@
 # Alex
 ssh-rsa 
B3NzaC1yc2EDAQABAAACAQCVsc7DioQgShGqN7VhJlLbBqCzd+/uzs2q99HVPhx3yFRGeBBiF8Z0Kl2gThd1Hh/GvqfSglNLODNgpXIzAhX4I7uiuS4c757jj6LTtHrGTkmmOlGoRgUVz/njZMEckG/6BHF9LPzSeXwasDLPgq/jQUgA4FjEiwBukCTklna5CzBYZIBHfAg4N+sYNCOlk+/On9uX5/3Whm8RE/g8bI4PuFmYn4B9zm0eqMaq4Uw6ENZqB/H7wPjpSEf32h65J7pKTfhcLwAwKBXNhfy5qx+mszwFynsWr8kX0EtIuM++snalWl1rJ3xk/O/cNrZHRJNFc4fYtACRhnaOwJhjOQ8Cc6peL0Yw9GG+2LMwzG8FHic33ZBnwI0IMWD/6NVamv5R2qowQ3ARd6MVViKHbf+xXxp2GQR6JF5Pca4R9YZQghDLFFxxqSHyKVa1TYtC7ZL/pTEkCSKtgNbxDXrv+7P6NrQYkKf32RZ+5ydxIOUlDUKSnmmdu4GPzAqVA4q2lbo+VCal6TTIcdBLsBggM2ORgHzjKZUdWLLsUo5uoIU59vLUrwcjcjdXc3PN2vwhxwY9UmS7wbmzIiMb1Y38lMnMggGiZknCs1SLf7c3rO9wUuRjAeRO8Heqe5J65GrByI6OWgt+tkeHEPaJ1Wg+5G2E4374oQBDn9/4MhYd1Uvh2Q==
 akosiaris@labs
 # Daniel
-ssh-rsa 
B3NzaC1yc2EDAQABAAACAQDQId1GdtnPZwQhXbqLkkCjdRjfABprpFmnMI6eszhCSF4QjMUh0F9uUMTWyd8zBYm3LcQK05YN/fB1xj35BKb1CIq7b3PiJAG7djIBvw5Fhi1KwEmny8RQYG0+4qYsHyMT2hdyLlskp3kJyYlf9Zs/mxEuTxJ/XUVGXfojb4LvWDWDcpMiV8mHyrL3gqJBSpW5JHWDGe3IjSCehMkjMDebavsRu/JlHJwWZNIJRts+1rmrd6QY4JeBeXcQUakyUQs9UADttTjKCtHbOx/bVAh0gFO9ydkZm1x/0iO+EI7BfBs8L1Kec8jPCYmqrqyPxKtfpVbOFMPDKvC/j1KoXTFD4ykBAnucVLrNUFVA5KAmrE81Am8eTkU1ZyXvOxF6ft9Q61Wml+s18z0euXgPaH/qiyzoTCdOn+wzPhMMXbIq3t18bm3vGvW2uMf17oFqQN22QiaExIlDRaR3sZc9u+QV/kYLIMilQW8xx5/WLTxq8hJg7Fgag+hv0AnzsBrh1PgmM4lvaPbCakcllkGkHXRIKUnihhP8fDc8xJWX9KLTt6wDi1fFWb/OdQzGYwJzt7D095gcqtYI6FQMZSlFl87KovO0b9HASTSLTAh/OLjGtCHHoOsvqIVJ7t8mHGSLjik09kZ5tmF1jK++75sDD04r2AyFbYPdbVKJDw7cai7V/w==
 mutante@vanguard
+ssh-rsa 
B3NzaC1yc2EDAQABAAABAQCmC76hKKSms9eRR0ATa65d6W4hWZRybqjlnz4mmw91T0Zlh9gsNw2NnS7KHVVPYinDzcI9glIUzHL59L5dnBXRBLvXD348y9MmiezKsDchDMp+QUjURm7bbDpGVKIzUoh7qitmaq4kWEgexD27ZhB2kRQJBwysnhBWFN+N/+xQvYS8se814ylYZRfTPVX88VvXs165wcmy47TMxDtDqk60czgnvSrDk61IJzAmaqq6UzcNxEIymMetwgCdHFUucWtbNe9SXeaQtCsZ5v+phz0MQrSXFq4NIkh3gPCMWSUaIwKBF6ck/Dxzm+IUP4neekiCn12vPN6OJVwqe+Oc/zZB
 dzahn@wmflabs
 # Yuvi Panda
 ssh-rsa 
B3NzaC1yc2EDAQABAAABAQDSbKkh+XRHzTRE0fzQnSv8ZsfWgIa9uEhZV5d8Eq9AhIQC3AUkamt9QVnVxXVx/cnUEXqxD8grUcbN9HVf4T9T19zw19JPi4s68eG9Zm6ZSKZNYugLaAjb9QrZa5WBWgBYxTa5ZBtIAn4kWsMqG+d86NJxqLu35FyiiOsD10sVsB2mWvK6flMf7Kuux2dTlI6lqWThHoF/4JPw2Odjn5DrASOhjLXzaLzEhkkwcT+zgWQW1PN/ndSlmL6eT/CRgiOxxL97DE2osmYUXXBqgaXyzBnQGgK/DL03e55Epn6yCEYJ2YcBdjbF8J6Ev82zzvMmNlebKJz44SRRsPuOX3r9
 yuvipanda@picard
 # Brandon

-- 
To view, visit https://gerrit.wikimedia.org/r/390240
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I851de517a73304aa7bc2793fc24edd31693381c4
Gerrit-PatchSet: 3
Gerrit-Project: labs/private
Gerrit-Branch: master
Gerrit-Owner: Dzahn 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: Chasemp 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Rush 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/mediawiki-config[master]: Don't bother symlinking mobilelanding.php

[Chad (Code Review)]

Chad has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391349 )

Change subject: Don't bother symlinking mobilelanding.php
..

Don't bother symlinking mobilelanding.php

It's only used by a single docroot

Change-Id: I0c2d0e2d3af261c6606bdf3ce64a6c1103b9bace
---
D docroot/m.wikipedia.org/w/mobilelanding.php
R docroot/m.wikipedia.org/w/mobilelanding.php
2 files changed, 0 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/49/391349/1

diff --git a/docroot/m.wikipedia.org/w/mobilelanding.php 
b/docroot/m.wikipedia.org/w/mobilelanding.php
deleted file mode 12
index ac1f8ae..000
--- a/docroot/m.wikipedia.org/w/mobilelanding.php
+++ /dev/null
@@ -1 +0,0 @@
-../../../w/mobilelanding.php
\ No newline at end of file
diff --git a/w/mobilelanding.php b/docroot/m.wikipedia.org/w/mobilelanding.php
similarity index 100%
rename from w/mobilelanding.php
rename to docroot/m.wikipedia.org/w/mobilelanding.php

-- 
To view, visit https://gerrit.wikimedia.org/r/391349
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0c2d0e2d3af261c6606bdf3ce64a6c1103b9bace
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Chad 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/mediawiki-config[master]: Don't bother symlinking mobilelanding.php

[Chad (Code Review)]

Chad has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391349 )

Change subject: Don't bother symlinking mobilelanding.php
..


Don't bother symlinking mobilelanding.php

It's only used by a single docroot

Change-Id: I0c2d0e2d3af261c6606bdf3ce64a6c1103b9bace
---
D docroot/m.wikipedia.org/w/mobilelanding.php
R docroot/m.wikipedia.org/w/mobilelanding.php
2 files changed, 0 insertions(+), 1 deletion(-)

Approvals:
  Krinkle: Looks good to me, but someone else must approve
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/docroot/m.wikipedia.org/w/mobilelanding.php 
b/docroot/m.wikipedia.org/w/mobilelanding.php
deleted file mode 12
index ac1f8ae..000
--- a/docroot/m.wikipedia.org/w/mobilelanding.php
+++ /dev/null
@@ -1 +0,0 @@
-../../../w/mobilelanding.php
\ No newline at end of file
diff --git a/w/mobilelanding.php b/docroot/m.wikipedia.org/w/mobilelanding.php
similarity index 100%
rename from w/mobilelanding.php
rename to docroot/m.wikipedia.org/w/mobilelanding.php

-- 
To view, visit https://gerrit.wikimedia.org/r/391349
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0c2d0e2d3af261c6606bdf3ce64a6c1103b9bace
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Krinkle 
Gerrit-Reviewer: Urbanecm 
Gerrit-Reviewer: Zoranzoki21 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...mobileapps[master]: Tweak: Don't report git tag is applied if signing or tagging...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391133 )

Change subject: Tweak: Don't report git tag is applied if signing or tagging 
fails
..


Tweak: Don't report git tag is applied if signing or tagging fails

Change-Id: I0c33ce3dd333511365181d820243d48cf2d1e1d2
---
M scripts/tag-deploy.sh
1 file changed, 1 insertion(+), 2 deletions(-)

Approvals:
  BearND: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/scripts/tag-deploy.sh b/scripts/tag-deploy.sh
index a8926bf..8b63dab 100755
--- a/scripts/tag-deploy.sh
+++ b/scripts/tag-deploy.sh
@@ -35,5 +35,4 @@
 
 # Tag the latest code repo commit with it & push tags
 cd "$repo_dir"
-git tag -s "$tag" -m "deployed" && git push --tags
-printf "Applied new tag: $tag"
+git tag -s "$tag" -m "deployed" && git push --tags && printf "Applied new tag: 
$tag\n"

-- 
To view, visit https://gerrit.wikimedia.org/r/391133
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I0c33ce3dd333511365181d820243d48cf2d1e1d2
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/services/mobileapps
Gerrit-Branch: master
Gerrit-Owner: Mholloway 
Gerrit-Reviewer: BearND 
Gerrit-Reviewer: Fjalapeno 
Gerrit-Reviewer: Jdlrobson 
Gerrit-Reviewer: Mholloway 
Gerrit-Reviewer: Mhurd 
Gerrit-Reviewer: Ppchelko 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...chromium-render[master]: Lower render queue timeout to 60 seconds

[Pmiazga (Code Review)]

Pmiazga has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391072 )

Change subject: Lower render queue timeout to 60 seconds
..


Lower render queue timeout to 60 seconds

Marco says "90s is too high given the average amount of time it takes to
actually create the PDF ...".

Also fix up the logging messages, and make task IDs more unique.

Bug: T178501
Change-Id: Ie316bf281b0f82dfb74123243d797e3f8931e486
---
M config.dev.yaml
M lib/queue.js
2 files changed, 5 insertions(+), 5 deletions(-)

Approvals:
  Mobrovac: Looks good to me, but someone else must approve
  Pmiazga: Verified; Looks good to me, approved



diff --git a/config.dev.yaml b/config.dev.yaml
index ce24eb4..22792b5 100644
--- a/config.dev.yaml
+++ b/config.dev.yaml
@@ -97,4 +97,4 @@
   # the maximum number of puppeteer instances that can be launched at a 
time
   render_concurrency: 1
   # don't wait to render a PDF after this many seconds
-  render_queue_timeout: 90
\ No newline at end of file
+  render_queue_timeout: 60
\ No newline at end of file
diff --git a/lib/queue.js b/lib/queue.js
index 63ec493..19708c9 100644
--- a/lib/queue.js
+++ b/lib/queue.js
@@ -48,13 +48,13 @@
   */
 _onBeforePush(data, callback) {
 const that = this;
-data._id = uuid.TimeUuid.now().toString();
+data._id = `${uuid.TimeUuid.now().toString()}|${data.uri}`;
 data._timeoutID = setTimeout(() => {
 that._queueObject.remove((worker) => {
 if (worker.data._id === data._id) {
-that._logger.log('trace/warning', {
+that._logger.log('warn/queue', {
 msg: `Queue is still busy after waiting ` +
-`for ${that._timeout} secs.`
+`for ${that._timeout} secs. Data ID: ${data._id}.`
 });
 callback(callbackErrors.queueBusy, null);
 return true;
@@ -106,7 +106,7 @@
 callback(null, pdf);
 })
 .catch((error) => {
-this._logger.log('trace/error', {
+this._logger.log('error/render', {
 msg: `Cannot convert page ${data.uri} to PDF.`,
 error
 });

-- 
To view, visit https://gerrit.wikimedia.org/r/391072
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie316bf281b0f82dfb74123243d797e3f8931e486
Gerrit-PatchSet: 3
Gerrit-Project: mediawiki/services/chromium-render
Gerrit-Branch: master
Gerrit-Owner: Bmansurov 
Gerrit-Reviewer: Bmansurov 
Gerrit-Reviewer: Mobrovac 
Gerrit-Reviewer: Pmiazga 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetmaster: Use ruby-mysql2 over ruby-mysql

[Paladox (Code Review)]

Paladox has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391336 )

Change subject: puppetmaster: Use ruby-mysql2 over ruby-mysql
..

puppetmaster: Use ruby-mysql2 over ruby-mysql

ruby-mysql is not in stretch+ any more.

ruby-mysql2 recommends we use that package as it is more peformant
and supports UTF-8.

Change-Id: Ia0d9526a54c45bfda6db65de086c3d3fb62052c6
---
0 files changed, 0 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/36/391336/1


-- 
To view, visit https://gerrit.wikimedia.org/r/391336
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia0d9526a54c45bfda6db65de086c3d3fb62052c6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Paladox 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Allow users to prevent new users from sending them email.

[Dbarratt (Code Review)]

Dbarratt has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391342 )

Change subject: Allow users to prevent new users from sending them email.
..

Allow users to prevent new users from sending them email.

Users now have the option to prevent Newbie users from sending
them emails.

Bug: T138165
Change-Id: I5d5332e50971fbcd1fa630d6bd03bdf757a9d1f1
---
M includes/DefaultSettings.php
M includes/Preferences.php
M includes/specials/SpecialEmailuser.php
M languages/i18n/en.json
M languages/i18n/qqq.json
5 files changed, 19 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/42/391342/1

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 3cd7ef1..3308f63 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4869,6 +4869,7 @@
'editfont' => 'monospace',
'editondblclick' => 0,
'editsectiononrightclick' => 0,
+   'email-allow-new-users' => 1,
'enotifminoredits' => 0,
'enotifrevealaddr' => 0,
'enotifusertalkpages' => 1,
diff --git a/includes/Preferences.php b/includes/Preferences.php
index 94854fa..c324f26 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -548,6 +548,14 @@
'label-message' => 'allowemail',
'disabled' => $disableEmailPrefs,
];
+
+   $defaultPreferences['email-allow-new-users'] = [
+   'type' => 'toggle',
+   'section' => 'personal/email',
+   'label-message' => 
'email-allow-new-users-label',
+   'disabled' => $disableEmailPrefs,
+   ];
+
$defaultPreferences['ccmeonemails'] = [
'type' => 'toggle',
'section' => 'personal/email',
diff --git a/includes/specials/SpecialEmailuser.php 
b/includes/specials/SpecialEmailuser.php
index 30eb38d..edc6068 100644
--- a/includes/specials/SpecialEmailuser.php
+++ b/includes/specials/SpecialEmailuser.php
@@ -243,6 +243,14 @@
return 'nowikiemail';
}
}
+
+   if ( !$target->getOption( 'email-allow-new-users' ) ) {
+   if ( $sender->isNewbie() ) {
+   wfDebug( "User does not allow user 
emails from new users.\n" );
+
+   return 'nowikiemail';
+   }
+   }
}
 
return '';
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index dc5d97d..5164f86 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -1062,6 +1062,7 @@
"timezoneregion-indian": "Indian Ocean",
"timezoneregion-pacific": "Pacific Ocean",
"allowemail": "Allow other users to email me",
+   "email-allow-new-users-label": "Allow emails from brand-new users",
"email-blacklist-label": "Prohibit these users from emailing me:",
"prefs-searchoptions": "Search",
"prefs-namespaces": "Namespaces",
diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json
index 862f64c..9cb5fa0 100644
--- a/languages/i18n/qqq.json
+++ b/languages/i18n/qqq.json
@@ -1256,6 +1256,7 @@
"timezoneregion-indian": "Used in \"Time zone\" listbox in 
[[Special:Preferences#mw-prefsection-datetime|preferences]], \"date and time\" 
tab.\n{{Related|Timezoneregion}}",
"timezoneregion-pacific": "Used in \"Time zone\" listbox in 
[[Special:Preferences#mw-prefsection-datetime|preferences]], \"date and time\" 
tab.\n{{Related|Timezoneregion}}",
"allowemail": "Used in [[Special:Preferences]] > {{int:prefs-personal}} 
> {{int:email}}.",
+   "email-allow-new-users-label": "Used in [[Special:Preferences]] > 
{{int:prefs-prohibit}} > {{int:email}}.",
"email-blacklist-label": "Used in [[Special:Preferences]] > 
{{int:prefs-prohibit}} > {{int:email}}.",
"prefs-searchoptions": "{{Identical|Search}}",
"prefs-namespaces": "Shown as legend of the second fieldset of the tab 
'Search' in [[Special:Preferences]]\n{{Identical|Namespace}}",

-- 
To view, visit https://gerrit.wikimedia.org/r/391342
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5d5332e50971fbcd1fa630d6bd03bdf757a9d1f1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Dbarratt 

___
MediaWiki-commits mailing list

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Special:Preferences: Use OOjs UI

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/352071 )

Change subject: Special:Preferences: Use OOjs UI
..


Special:Preferences: Use OOjs UI

* Change the form to OOUI mode. Tweak some formatting to look better
  with this mode. Change various random links to be OOUI buttons.
* Rewrite custom tabs to use OO.ui.IndexLayout instead.
* Update styles and JS enhancements for OOUI widgets.
* Rename ResourceLoader modules so that old skin-specific styles
  (from $wgResourceModuleSkinStyles) no longer apply. They tend
  to make no sense with the OOUI styling.

Bug: T117781
Change-Id: Ie9396f0146f5020e52710c41e55ec86151ae0095
---
M includes/Preferences.php
M includes/specials/SpecialPreferences.php
M includes/specials/forms/PreferencesForm.php
M resources/Resources.php
M resources/src/mediawiki.legacy/oldshared.css
M resources/src/mediawiki.special/mediawiki.special.preferences.confirmClose.js
M resources/src/mediawiki.special/mediawiki.special.preferences.styles.css
M resources/src/mediawiki.special/mediawiki.special.preferences.tabs.js
M resources/src/mediawiki.special/mediawiki.special.preferences.timezone.js
M tests/phpunit/includes/PreferencesTest.php
M tests/selenium/pageobjects/preferences.page.js
11 files changed, 218 insertions(+), 212 deletions(-)

Approvals:
  jenkins-bot: Verified
  VolkerE: Looks good to me, but someone else must approve
  Jforrester: Looks good to me, approved



diff --git a/includes/Preferences.php b/includes/Preferences.php
index 94854fa..738f8ee 100644
--- a/includes/Preferences.php
+++ b/includes/Preferences.php
@@ -82,6 +82,11 @@
return self::$defaultPreferences;
}
 
+   OutputPage::setupOOUI(
+   strtolower( $context->getSkin()->getSkinName() ),
+   $context->getLanguage()->getDir()
+   );
+
$defaultPreferences = [];
 
self::profilePreferences( $user, $context, $defaultPreferences 
);
@@ -320,14 +325,17 @@
if ( $canEditPrivateInfo && 
$authManager->allowsAuthenticationDataChange(
new PasswordAuthenticationRequest(), false )->isGood()
) {
-   $link = $linkRenderer->makeLink( 
SpecialPage::getTitleFor( 'ChangePassword' ),
-   $context->msg( 'prefs-resetpass' )->text(), [],
-   [ 'returnto' => SpecialPage::getTitleFor( 
'Preferences' )->getPrefixedText() ] );
+   $link = new OOUI\ButtonWidget( [
+   'href' => SpecialPage::getTitleFor( 
'ChangePassword' )->getLinkURL( [
+   'returnto' => SpecialPage::getTitleFor( 
'Preferences' )->getPrefixedText()
+   ] ),
+   'label' => $context->msg( 'prefs-resetpass' 
)->text(),
+   ] );
 
$defaultPreferences['password'] = [
'type' => 'info',
'raw' => true,
-   'default' => $link,
+   'default' => (string)$link,
'label-message' => 'yourpassword',
'section' => 'personal/info',
];
@@ -471,16 +479,15 @@
 
$emailAddress = $user->getEmail() ? 
htmlspecialchars( $user->getEmail() ) : '';
if ( $canEditPrivateInfo && 
$authManager->allowsPropertyChange( 'emailaddress' ) ) {
-   $link = $linkRenderer->makeLink(
-   SpecialPage::getTitleFor( 
'ChangeEmail' ),
-   $context->msg( 
$user->getEmail() ? 'prefs-changeemail' : 'prefs-setemail' )->text(),
-   [],
-   [ 'returnto' => 
SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText() ] );
+   $link = new OOUI\ButtonWidget( [
+   'href' => 
SpecialPage::getTitleFor( 'ChangeEmail' )->getLinkURL( [
+   'returnto' => 
SpecialPage::getTitleFor( 'Preferences' )->getPrefixedText()
+   ] ),
+   'label' =>
+   $context->msg( 
$user->getEmail() ? 'prefs-changeemail' : 'prefs-setemail' )->text(),
+   ] );
 
-   $emailAddress .= $emailAddress == '' ? 
$link : (
-   $context->msg( 'word-separator' 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: planet: turn off day/time sections in rawdog style

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391323 )

Change subject: planet: turn off day/time sections in rawdog style
..

planet: turn off day/time sections in rawdog style

Change-Id: I888a230d40fcfc0e193c7d639dc90d22ead3fa28
---
M modules/planet/templates/feeds_rawdog/global.erb
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/23/391323/1

diff --git a/modules/planet/templates/feeds_rawdog/global.erb 
b/modules/planet/templates/feeds_rawdog/global.erb
index 206ec3d..5e51290 100644
--- a/modules/planet/templates/feeds_rawdog/global.erb
+++ b/modules/planet/templates/feeds_rawdog/global.erb
@@ -8,10 +8,10 @@
 expireage 7d
 keepmin 20
 currentonly false
-daysections true
+daysections false
 
 dayformat %A, %d %B
-timesections true
+timesections false
 timeformat %I:%M %p
 datetimeformat %H:%M, %A, %d %B
 

-- 
To view, visit https://gerrit.wikimedia.org/r/391323
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I888a230d40fcfc0e193c7d639dc90d22ead3fa28
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] apps...wikipedia[master]: Fix alignment of ConstraintLayouts for RTL.

[Dbrant (Code Review)]

Dbrant has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391332 )

Change subject: Fix alignment of ConstraintLayouts for RTL.
..

Fix alignment of ConstraintLayouts for RTL.

When using ConstraintLayout, one shouldn't forget to set the
constraintStart attribute. Even though things might appear correct in a
LTR configuration, they may be broken in RTL.

Bug: T180533
Change-Id: Ib407615e5521f972bfbcbb416baff23a0d686dd8
---
M app/src/main/res/layout/view_card_action_footer.xml
M app/src/main/res/layout/view_static_card.xml
2 files changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/apps/android/wikipedia 
refs/changes/32/391332/1

diff --git a/app/src/main/res/layout/view_card_action_footer.xml 
b/app/src/main/res/layout/view_card_action_footer.xml
index 76efc0d..896d88c 100644
--- a/app/src/main/res/layout/view_card_action_footer.xml
+++ b/app/src/main/res/layout/view_card_action_footer.xml
@@ -13,6 +13,7 @@
 android:layout_height="match_parent"
 android:paddingLeft="16dp"
 android:paddingRight="16dp"
+app:layout_constraintStart_toStartOf="parent"
 android:clickable="true"
 android:background="?attr/selectableItemBackgroundBorderless">
 
diff --git a/app/src/main/res/layout/view_static_card.xml 
b/app/src/main/res/layout/view_static_card.xml
index 1e09338..9eaddde 100644
--- a/app/src/main/res/layout/view_static_card.xml
+++ b/app/src/main/res/layout/view_static_card.xml
@@ -75,6 +75,7 @@
 android:layout_height="48dp"
 android:paddingLeft="16dp"
 android:paddingRight="16dp"
+app:layout_constraintStart_toStartOf="parent"
 android:clickable="true"
 android:background="?attr/selectableItemBackgroundBorderless"
 app:layout_constraintTop_toBottomOf="@id/view_static_card_container">

-- 
To view, visit https://gerrit.wikimedia.org/r/391332
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib407615e5521f972bfbcbb416baff23a0d686dd8
Gerrit-PatchSet: 1
Gerrit-Project: apps/android/wikipedia
Gerrit-Branch: master
Gerrit-Owner: Dbrant 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...ReadingLists[master]: Add missing testcase

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/390852 )

Change subject: Add missing testcase
..


Add missing testcase

With this, ReadingListRepository has 100% coverage apart from
the LogicExceptions.

Change-Id: Icb610c88bce1f10345625f73e0eb15a72093a004
---
M tests/src/ReadingListRepositoryTest.php
1 file changed, 5 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Mholloway: Looks good to me, approved



diff --git a/tests/src/ReadingListRepositoryTest.php 
b/tests/src/ReadingListRepositoryTest.php
index 8d5bb19..45bdde3 100644
--- a/tests/src/ReadingListRepositoryTest.php
+++ b/tests/src/ReadingListRepositoryTest.php
@@ -620,6 +620,11 @@
$res = $repository->getListEntries( [ $defaultId, $listId ], 2, 
2 );
$compare( array_slice( $expectedData, 2, 2 ), $res );
 
+   $this->assertFailsWith( 'readinglists-db-error-empty-list-ids',
+   function () use ( $repository ) {
+   $repository->getListEntries( [] );
+   }
+   );
$this->assertFailsWith( 'readinglists-db-error-no-such-list',
function () use ( $repository ) {
$repository->getListEntries( [ 123 ] );

-- 
To view, visit https://gerrit.wikimedia.org/r/390852
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Icb610c88bce1f10345625f73e0eb15a72093a004
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/ReadingLists
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza 
Gerrit-Reviewer: Mholloway 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: contint: migrate publisher to a profile

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/386813 )

Change subject: contint: migrate publisher to a profile
..


contint: migrate publisher to a profile

Drop the ::labs suffix while at it.
For /srv, switch to requiring profile::labs::lvm::srv

Change-Id: I8782fc55b6717f614341cad8e527b478a4fbdded
---
A modules/profile/manifests/ci/publisher.pp
A modules/role/manifests/ci/publisher.pp
D modules/role/manifests/ci/publisher/labs.pp
3 files changed, 37 insertions(+), 29 deletions(-)

Approvals:
  Hashar: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/profile/manifests/ci/publisher.pp 
b/modules/profile/manifests/ci/publisher.pp
new file mode 100644
index 000..ac56aa9
--- /dev/null
+++ b/modules/profile/manifests/ci/publisher.pp
@@ -0,0 +1,22 @@
+class profile::ci::publisher {
+
+require profile::labs::lvm::srv
+
+class { 'rsync::server': }
+
+file { '/srv/doc':
+ensure => directory,
+owner  => 'root',
+group  => 'root',
+mode   => '0775',
+}
+
+rsync::server::module { 'doc':
+path  => '/srv/doc',
+read_only => 'no',
+require   => [
+File['/srv/doc'],
+],
+}
+
+}
diff --git a/modules/role/manifests/ci/publisher.pp 
b/modules/role/manifests/ci/publisher.pp
new file mode 100644
index 000..feb2c52
--- /dev/null
+++ b/modules/role/manifests/ci/publisher.pp
@@ -0,0 +1,15 @@
+# == Class role::ci::publisher
+#
+# Intermediary rsync host in labs to let Jenkins slave publish their results
+# safely.  The production machine hosting doc.wikimedia.org can then fetch the
+# doc from there.
+#
+# filtertags: labs-project-integration
+class role::ci::publisher {
+system::role { 'role::ci::publisher':
+description => 'rsync host to publish Jenkins artifacts',
+}
+
+include profile::ci::publisher
+}
+
diff --git a/modules/role/manifests/ci/publisher/labs.pp 
b/modules/role/manifests/ci/publisher/labs.pp
deleted file mode 100644
index 3997f5b..000
--- a/modules/role/manifests/ci/publisher/labs.pp
+++ /dev/null
@@ -1,29 +0,0 @@
-# == Class role::ci::publisher::labs
-#
-# Intermediary rsync hosts in labs to let Jenkins slave publish their results
-# safely.  The production machine hosting doc.wikimedia.org can then fetch the
-# doc from there.
-#
-# filtertags: labs-project-integration
-class role::ci::publisher::labs {
-
-require ::profile::labs::lvm::srv
-include rsync::server
-
-file { '/srv/doc':
-ensure => directory,
-owner  => 'root',
-group  => 'root',
-mode   => '0775',
-}
-
-rsync::server::module { 'doc':
-path  => '/srv/doc',
-read_only => 'no',
-require   => [
-File['/srv/doc'],
-],
-}
-
-}
-

-- 
To view, visit https://gerrit.wikimedia.org/r/386813
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8782fc55b6717f614341cad8e527b478a4fbdded
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Giuseppe Lavagetto 
Gerrit-Reviewer: Hashar 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...crm[master]: Add extended reports extension to add Address History tab op...

[Eileen (Code Review)]

Eileen has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391352 )

Change subject: Add extended reports extension to add Address History tab 
option.
..

Add extended reports extension to add Address History tab option.

T142549

Change-Id: I54f76847d935d3e5e253d11a6bd6f74081520e2d
---
A sites/default/civicrm/extensions/nz.co.fuzion.extendedreport
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm 
refs/changes/52/391352/1

diff --git a/sites/default/civicrm/extensions/nz.co.fuzion.extendedreport 
b/sites/default/civicrm/extensions/nz.co.fuzion.extendedreport
new file mode 16
index 000..7d6c6d5
--- /dev/null
+++ b/sites/default/civicrm/extensions/nz.co.fuzion.extendedreport
@@ -0,0 +1 @@
+Subproject commit 7d6c6d580bd219c13b736438b8a4f55155e31c87

-- 
To view, visit https://gerrit.wikimedia.org/r/391352
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I54f76847d935d3e5e253d11a6bd6f74081520e2d
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm
Gerrit-Branch: master
Gerrit-Owner: Eileen 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: planet: add Wikimedia Community Logo to rawdog style

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391289 )

Change subject: planet: add Wikimedia Community Logo to rawdog style
..


planet: add Wikimedia Community Logo to rawdog style

Add Wikimedia Community Logo as svg from commons.
(https://meta.wikimedia.org/wiki/Wikimedia_Community_Logo)

Add it to the default style for rawdog.

Bug: T180498
Change-Id: If1bdf95b54fd0b8ef3a12079032e3b64c61971ae
---
A modules/planet/files/theme/Wikimedia_Community_Logo.svg
M modules/planet/manifests/theme.pp
M modules/planet/templates/html/rd_page.html.tmpl.erb
3 files changed, 79 insertions(+), 2 deletions(-)

Approvals:
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/planet/files/theme/Wikimedia_Community_Logo.svg 
b/modules/planet/files/theme/Wikimedia_Community_Logo.svg
new file mode 100644
index 000..96ac36f
--- /dev/null
+++ b/modules/planet/files/theme/Wikimedia_Community_Logo.svg
@@ -0,0 +1,72 @@
+
+
+http://purl.org/dc/elements/1.1/;
+   xmlns:cc="http://web.resource.org/cc/;
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#;
+   xmlns:svg="http://www.w3.org/2000/svg;
+   xmlns="http://www.w3.org/2000/svg;
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd;
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape;
+   version="1.0"
+   width="900"
+   height="900"
+   id="svg2848"
+   sodipodi:version="0.32"
+   inkscape:version="0.44.1"
+   sodipodi:docname="Wikimedia_Community_Logo.svg"
+   sodipodi:docbase="/home/fizyk/anizo/wiki/SVG/promocja">
+  
+
+  
+image/svg+xml
+http://purl.org/dc/dcmitype/StillImage; />
+  
+
+  
+  
+  
+  
+
+
+
+
+  
+
diff --git a/modules/planet/manifests/theme.pp 
b/modules/planet/manifests/theme.pp
index 6f8821c..238024e 100644
--- a/modules/planet/manifests/theme.pp
+++ b/modules/planet/manifests/theme.pp
@@ -22,6 +22,10 @@
 ensure => 'present',
 source => 'puppet:///modules/planet/theme/rawdog_style.css';
 }
+file { "/var/www/planet/${title}/Wikimedia_Community_Logo.svg":
+ensure => 'present',
+source => 
'puppet:///modules/planet/theme/Wikimedia_Community_Logo.svg';
+}
 file { "/etc/rawdog/theme/wikimedia/${title}/rd_page.tmpl":
 ensure  => 'present',
 content => template('planet/html/rd_page.html.tmpl.erb');
diff --git a/modules/planet/templates/html/rd_page.html.tmpl.erb 
b/modules/planet/templates/html/rd_page.html.tmpl.erb
index e1cefb2..5905ef0 100644
--- a/modules/planet/templates/html/rd_page.html.tmpl.erb
+++ b/modules/planet/templates/html/rd_page.html.tmpl.erb
@@ -123,8 +123,9 @@
 
 
 
-   
-   <%= @title %>.planet.wikimedia.org
+
+
+<%= @title %>.planet.wikimedia.org
 (rawdog __version__: __num_items__ items from 
__num_feeds__ feeds)
 Open all Close all Mark All 
Read
 

-- 
To view, visit https://gerrit.wikimedia.org/r/391289
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If1bdf95b54fd0b8ef3a12079032e3b64c61971ae
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Paladox 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] search...deploy[master]: Bump mjolnir submodule

[EBernhardson (Code Review)]

EBernhardson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391294 )

Change subject: Bump mjolnir submodule
..

Bump mjolnir submodule

This brings in the patch that made working_dir configurable. We
need that so the deployment to stat1005 is able to use the
new configuration file.

Change-Id: Ia73ba83edd1166412878008a32a09f36dd9a7572
---
M src
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/search/MjoLniR/deploy 
refs/changes/94/391294/1

diff --git a/src b/src
index 96337a0..0d7fdcf 16
--- a/src
+++ b/src
@@ -1 +1 @@
-Subproject commit 96337a0ab1931278f93b752ca3be5f30e8124762
+Subproject commit 0d7fdcf27b51b848a8c964f3c204f195c376dea5

-- 
To view, visit https://gerrit.wikimedia.org/r/391294
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia73ba83edd1166412878008a32a09f36dd9a7572
Gerrit-PatchSet: 1
Gerrit-Project: search/MjoLniR/deploy
Gerrit-Branch: master
Gerrit-Owner: EBernhardson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...release[master]: We need a vendor repo for older versions with no submodules

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391295 )

Change subject: We need a vendor repo for older versions with no submodules
..

We need a vendor repo for older versions with no submodules

Followup to Idd113e6506dbf909bba8668bd364e077db0bc38b

Change-Id: I97def322281a1ff41e141d78af55d4d2da7c56da
---
M make-release/make-release.py
1 file changed, 2 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/tools/release 
refs/changes/95/391295/2

diff --git a/make-release/make-release.py b/make-release/make-release.py
index 89ce180..4b930bd 100755
--- a/make-release/make-release.py
+++ b/make-release/make-release.py
@@ -571,6 +571,8 @@
 prev_mw_version = MwVersion(prevVersion)
 self.export(prev_mw_version.tag,
 prevDir, buildDir)
+
+self.exportExtension(branch, 'vendor', package)
 
 for ext in self.get_extensions_for_version(MwVersion(prevVersion),
extensions):

-- 
To view, visit https://gerrit.wikimedia.org/r/391295
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I97def322281a1ff41e141d78af55d4d2da7c56da
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/tools/release
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: [WIP] Use Remex in Sanitizer::stripAllTags()

[Catrope (Code Review)]

Catrope has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391348 )

Change subject: [WIP] Use Remex in Sanitizer::stripAllTags()
..

[WIP] Use Remex in Sanitizer::stripAllTags()

Using a real HTML tokenizer fixes bugs when < or > appear in attribute
values.

Bug: T179978
Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e
---
M autoload.php
M includes/Sanitizer.php
M includes/tidy/RemexDriver.php
A includes/tidy/RemexStripTagHandler.php
M tests/phpunit/includes/SanitizerTest.php
5 files changed, 43 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/48/391348/1

diff --git a/autoload.php b/autoload.php
index 8053f5e..caf8863 100644
--- a/autoload.php
+++ b/autoload.php
@@ -955,6 +955,7 @@
'MediaWiki\\Tidy\\RemexCompatMunger' => __DIR__ . 
'/includes/tidy/RemexCompatMunger.php',
'MediaWiki\\Tidy\\RemexDriver' => __DIR__ . 
'/includes/tidy/RemexDriver.php',
'MediaWiki\\Tidy\\RemexMungerData' => __DIR__ . 
'/includes/tidy/RemexMungerData.php',
+   'MediaWiki\\Tidy\\RemexStripTagHandler' => __DIR__ . 
'/includes/tidy/RemexStripTagHandler.php',
'MediaWiki\\Tidy\\TidyDriverBase' => __DIR__ . 
'/includes/tidy/TidyDriverBase.php',
'MediaWiki\\Widget\\ComplexNamespaceInputWidget' => __DIR__ . 
'/includes/widget/ComplexNamespaceInputWidget.php',
'MediaWiki\\Widget\\ComplexTitleInputWidget' => __DIR__ . 
'/includes/widget/ComplexTitleInputWidget.php',
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index 4c99677..6ad2c46 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1971,11 +1971,7 @@
 * @return string
 */
static function stripAllTags( $text ) {
-   # Actual 
-   $text = StringUtils::delimiterReplace( '<', '>', '', $text );
-
-   # Normalize  and whitespace
-   $text = self::decodeCharReferences( $text );
+   $text = MediaWiki\Tidy\RemexDriver::stripAllTags( $text );
$text = self::normalizeWhitespace( $text );
 
return $text;
diff --git a/includes/tidy/RemexDriver.php b/includes/tidy/RemexDriver.php
index e02af88..93f7f29 100644
--- a/includes/tidy/RemexDriver.php
+++ b/includes/tidy/RemexDriver.php
@@ -54,4 +54,16 @@
] );
return $serializer->getResult();
}
+
+   public static function stripAllTags( $html ) {
+   $handler = new RemexStripTagHandler;
+   $tokenizer = new Tokenizer( $handler, $html, [
+   'ignoreErrors' => true,
+   // don't ignore char refs, we want them to be decoded
+   'ignoreNulls' => true,
+   'skipPreprocess' => true,
+   ] );
+   $tokenizer->execute();
+   return $handler->getResult();
+   }
 }
diff --git a/includes/tidy/RemexStripTagHandler.php 
b/includes/tidy/RemexStripTagHandler.php
new file mode 100644
index 000..9ebdd62
--- /dev/null
+++ b/includes/tidy/RemexStripTagHandler.php
@@ -0,0 +1,28 @@
+text;
+   }
+
+   function startDocument( Tokenizer $t, $fns, $fn ) {}
+   function endDocument( $pos ) {}
+   function error( $text, $pos ) {}
+   function characters( $text, $start, $length, $sourceStart, 
$sourceLength ) {
+   $this->text .= substr( $text, $start, $length );
+   }
+   function startTag( $name, Attributes $attrs, $selfClose, $sourceStart, 
$sourceLength ) {}
+   function endTag( $name, $sourceStart, $sourceLength ) {}
+   function doctype( $name, $public, $system, $quirks, $sourceStart, 
$sourceLength ) {}
+   function comment( $text, $sourceStart, $sourceLength ) {}
+}
diff --git a/tests/phpunit/includes/SanitizerTest.php 
b/tests/phpunit/includes/SanitizerTest.php
index 4a33125..33da650 100644
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -530,8 +530,7 @@
[ 'FooBar', 'FooBar' ],
[ "Foo\nBar", 'Foo Bar' ],
[ 'Hello strong wor 
caf', 'Hello  world café' ],
-   // This one is broken, see T179978
-   //[ 'quux\'>Bar Whee!', 'Bar Whee!' ],
+   [ 'quux\'>Bar Whee!', 'Bar Whee!' ],
];
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/391348
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I53b98e6c877c00c03ff110914168b398559c9c3e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Catrope 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TimedMediaHandler[master]: Final adjust to Ogg Theora transcode settings

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391346 )

Change subject: Final adjust to Ogg Theora transcode settings
..


Final adjust to Ogg Theora transcode settings

Apply some final tweaks to Ogg Theora transcode settings:
* use --soft-target on ffmpeg2theora
* use a bandwidth target instead of quality target on HD targets
* include 1440p and 2160p defs for comparison testing
* don't force super-low frame rate on 15fps

(Note that Theora output is not in use in production anymore, and
will probably be removed later entirely.)

Change-Id: I51c02ba68cea452eb6f393f894018b852b34fc31
---
M WebVideoTranscode/WebVideoTranscode.php
M WebVideoTranscode/WebVideoTranscodeJob.php
2 files changed, 43 insertions(+), 4 deletions(-)

Approvals:
  Brion VIBBER: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/WebVideoTranscode/WebVideoTranscode.php 
b/WebVideoTranscode/WebVideoTranscode.php
index 8e21edd..c8125ab 100644
--- a/WebVideoTranscode/WebVideoTranscode.php
+++ b/WebVideoTranscode/WebVideoTranscode.php
@@ -32,6 +32,8 @@
const ENC_OGV_480P = '480p.ogv';
const ENC_OGV_720P = '720p.ogv';
const ENC_OGV_1080P = '1080p.ogv';
+   const ENC_OGV_1440P = '1440p.ogv';
+   const ENC_OGV_2160P = '2160p.ogv';
 
// WebM VP8/Vorbis profiles:
const ENC_WEBM_160P = '160p.webm';
@@ -84,8 +86,9 @@
self::ENC_OGV_160P =>
[
'maxSize'=> '288x160',
-   'videoBitrate'   => '160',
-   'framerate'  => '15',
+   'videoBitrate'   => '256',
+   'softTarget' => 'true',
+   'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '-1',
'channels'   => '2',
'noUpscaling'=> 'true', // also 
caps to source frame rate
@@ -100,6 +103,7 @@
[
'maxSize'=> '426x240',
'videoBitrate'   => '512',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '0',
'channels'   => '2',
@@ -115,6 +119,7 @@
[
'maxSize'=> '640x360',
'videoBitrate'   => '1024',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '1',
'channels'   => '2',
@@ -130,6 +135,7 @@
[
'maxSize'=> '854x480',
'videoBitrate'   => '2048',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '2',
'channels'   => '2',
@@ -145,7 +151,8 @@
self::ENC_OGV_720P =>
[
'maxSize'=> '1280x720',
-   'videoQuality'   => 6,
+   'videoBitrate'   => '4096',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => 3,
'noUpscaling'=> 'true', // also 
caps to source frame rate
@@ -159,7 +166,38 @@
self::ENC_OGV_1080P =>
[
'maxSize'=> '1920x1080',
-   'videoQuality'   => 6,
+   'videoBitrate'   => '8192',
+   'softTarget' => 'true',
+   'framerate'  => '60', // max to 
reduce "1000fps bug" problems
+   'audioQuality'   

[MediaWiki-commits] [Gerrit] mediawiki...PageTriage[master]: PageTriageTags.sql: clean up trailing whitespace

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391150 )

Change subject: PageTriageTags.sql: clean up trailing whitespace
..


PageTriageTags.sql: clean up trailing whitespace

Change-Id: I96a7663695cdd1d80efadebffaaa71b1f2ee370b
---
M sql/PageTriageTags.sql
1 file changed, 16 insertions(+), 16 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/sql/PageTriageTags.sql b/sql/PageTriageTags.sql
index 229ea4a..5e70873 100644
--- a/sql/PageTriageTags.sql
+++ b/sql/PageTriageTags.sql
@@ -7,37 +7,37 @@
 
 CREATE UNIQUE INDEX /*i*/ptrt_tag_id ON /*_*/pagetriage_tags (ptrt_tag_name);
 
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('linkcount', 'Number of inbound links');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('category_count', 'Category mapping count');
 INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('csd_status', 'CSD status');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('prod_status', 'PROD status');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('blp_prod_status', 'BLP PROD status');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('afd_status', 'AFD status');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('rev_count', 'Number of edits to the article');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('page_len', 'Number of bytes of article');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('snippet', 'Beginning of article snippet');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_name', 'User name');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_editcount', 'User total edit');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_creation_date', 'User registration date');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_autoconfirmed', 'Check if user is autoconfirmed' );
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_bot', 'Check if user is in bot group');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_block_status', 'User block status');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('user_id', 'User id');
-INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc) 
+INSERT INTO /*_*/pagetriage_tags (ptrt_tag_name, ptrt_tag_desc)
 VALUES ('reference', 'Check if page has references');

-- 
To view, visit https://gerrit.wikimedia.org/r/391150
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I96a7663695cdd1d80efadebffaaa71b1f2ee370b
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/PageTriage
Gerrit-Branch: master
Gerrit-Owner: Catrope 
Gerrit-Reviewer: Jforrester 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: DatabaseUpdater: Add modifyExtensionTable()

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391152 )

Change subject: DatabaseUpdater: Add modifyExtensionTable()
..


DatabaseUpdater: Add modifyExtensionTable()

We already had modifyExtensionField(), but to do a table modification
you still had to do
$updater->addExtensionUpdate( [ 'modifyTable', ... ] );

Change-Id: I20368bf3c007a01718513a435de24907dc0aaf81
---
M includes/installer/DatabaseUpdater.php
1 file changed, 11 insertions(+), 1 deletion(-)

Approvals:
  jenkins-bot: Verified
  Jforrester: Looks good to me, approved



diff --git a/includes/installer/DatabaseUpdater.php 
b/includes/installer/DatabaseUpdater.php
index a317822..54ff712 100644
--- a/includes/installer/DatabaseUpdater.php
+++ b/includes/installer/DatabaseUpdater.php
@@ -340,13 +340,23 @@
 *
 * @param string $tableName The table name
 * @param string $fieldName The field to be modified
-* @param string $sqlPath The path to the SQL change path
+* @param string $sqlPath The path to the SQL patch
 */
public function modifyExtensionField( $tableName, $fieldName, $sqlPath 
) {
$this->extensionUpdates[] = [ 'modifyField', $tableName, 
$fieldName, $sqlPath, true ];
}
 
/**
+* @since 1.31
+*
+* @param string $tableName The table name
+* @param string $sqlPath The path to the SQL patch
+*/
+   public function modifyExtensionTable( $tableName, $sqlPath ) {
+   $this->extensionUpdates[] = [ 'modifyTable', $tableName, 
$sqlPath, true ];
+   }
+
+   /**
 *
 * @since 1.20
 *

-- 
To view, visit https://gerrit.wikimedia.org/r/391152
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I20368bf3c007a01718513a435de24907dc0aaf81
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Catrope 
Gerrit-Reviewer: Jforrester 
Gerrit-Reviewer: Reedy 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: contint: Remove ruby2.1 as it is in base package

[Paladox (Code Review)]

Paladox has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391351 )

Change subject: contint: Remove ruby2.1 as it is in base package
..

contint: Remove ruby2.1 as it is in base package

Because base will install it anyways, ruby2.1 conflicts as then it is set in 
both places

Change-Id: I9ee4c6d39e4d94dedb79716599731e83ff488148
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Duplicate declaration: Package[ruby2.1] is already declared in file 
/etc/puppet/modules/base/manifests/standard_packages.pp:119; cannot redeclare 
at /etc/puppet/modules/contint/manifests/packages/ruby.pp:26 on node 
jenkins-slave-01.git.eqiad.wmflabs
Warning: Not using cache on failed catalog
---
0 files changed, 0 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/51/391351/1


-- 
To view, visit https://gerrit.wikimedia.org/r/391351
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9ee4c6d39e4d94dedb79716599731e83ff488148
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Paladox 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] search...deploy[master]: Deploy pip and wheel packages for jessie

[EBernhardson (Code Review)]

EBernhardson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391286 )

Change subject: Deploy pip and wheel packages for jessie
..

Deploy pip and wheel packages for jessie

Debian jessie based hosts (relforge100*) fail to install the
provided numpy and scipy packages. Included pip and wheel in
the artifacts and explicitly install them into the deployed
virtualenv.

Change-Id: Ie7a6788aec81b6b8dad4f0df0c17c26c8f2a3275
---
A artifacts/pip-9.0.1-py2.py3-none-any.whl
A artifacts/wheel-0.30.0-py2.py3-none-any.whl
M make_wheels.sh
M scap/checks/virtualenv.sh
M upload_wheels.py
5 files changed, 17 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/search/MjoLniR/deploy 
refs/changes/86/391286/1

diff --git a/artifacts/pip-9.0.1-py2.py3-none-any.whl 
b/artifacts/pip-9.0.1-py2.py3-none-any.whl
new file mode 100644
index 000..2b56f48
--- /dev/null
+++ b/artifacts/pip-9.0.1-py2.py3-none-any.whl
@@ -0,0 +1 @@
+#$# git-fat c70393185d27ae8b49a117e6dcc18bc5f8f3a1c3  1254803
diff --git a/artifacts/wheel-0.30.0-py2.py3-none-any.whl 
b/artifacts/wheel-0.30.0-py2.py3-none-any.whl
new file mode 100644
index 000..4869eee
--- /dev/null
+++ b/artifacts/wheel-0.30.0-py2.py3-none-any.whl
@@ -0,0 +1 @@
+#$# git-fat 11694b2cfb611fd4accb1135c7d0fef9db4cd92649751
diff --git a/make_wheels.sh b/make_wheels.sh
index 7ad71c5..5c29233 100755
--- a/make_wheels.sh
+++ b/make_wheels.sh
@@ -23,7 +23,12 @@
 virtualenv --python python2.7 $VENV || /bin/true
 $PIP install "${MJOLNIR}"
 $PIP freeze --local | grep -v mjolnir | grep -v pkg-resources > $REQUIREMENTS
-$PIP install wheel
+$PIP install pip wheel
+# Debian jessie based hosts require updated pip and wheel packages or they will
+# refuse to install some packages (numpy, scipy, maybe others)
+$PIP wheel --find-links "${WHEEL_DIR}" \
+--wheel-dir "${WHEEL_DIR}" \
+pip wheel
 $PIP wheel --find-links "${WHEEL_DIR}" \
 --wheel-dir "${WHEEL_DIR}" \
 --requirement "${REQUIREMENTS}"
diff --git a/scap/checks/virtualenv.sh b/scap/checks/virtualenv.sh
index 55c0a33..000c22c 100644
--- a/scap/checks/virtualenv.sh
+++ b/scap/checks/virtualenv.sh
@@ -17,6 +17,14 @@
 mkdir -p "$VENV"
 virtualenv --never-download --python python2.7 $VENV || /bin/true
 
+# Debian jessie based hosts need updated versions of pip and wheel or they will
+# fail to install some binary packages (numpy, scipy, maybe others)
+$PIP install \
+--no-index \
+--find-links "${WHEEL_DIR}" \
+--upgrade \
+--force-reinstall \
+pip wheel
 # Install or upgrade our packages
 $PIP install \
 --no-index \
diff --git a/upload_wheels.py b/upload_wheels.py
index e16453b..5d93792 100755
--- a/upload_wheels.py
+++ b/upload_wheels.py
@@ -3,7 +3,7 @@
 Uploads python wheels to archiva
 
 Usage:
-upload-wheels.py wheels/*.whl
+upload-wheels.py artifacts/*.whl
 """
 
 from __future__ import print_function

-- 
To view, visit https://gerrit.wikimedia.org/r/391286
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie7a6788aec81b6b8dad4f0df0c17c26c8f2a3275
Gerrit-PatchSet: 1
Gerrit-Project: search/MjoLniR/deploy
Gerrit-Branch: master
Gerrit-Owner: EBernhardson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Remove borked cp4024 from ipsec nodelists"

[BBlack (Code Review)]

BBlack has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391287 )

Change subject: Revert "Remove borked cp4024 from ipsec nodelists"
..

Revert "Remove borked cp4024 from ipsec nodelists"

This reverts commit 72792d0a70584084509660e3f25270cab6f5ee9e.

Change-Id: I291ddb8c6687a2750639e0d814f9e7834153750f
---
M hieradata/common/cache/upload.yaml
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/87/391287/1

diff --git a/hieradata/common/cache/upload.yaml 
b/hieradata/common/cache/upload.yaml
index 30f79b0..851bbcf 100644
--- a/hieradata/common/cache/upload.yaml
+++ b/hieradata/common/cache/upload.yaml
@@ -39,6 +39,6 @@
 - 'cp4021.ulsfo.wmnet'
 - 'cp4022.ulsfo.wmnet'
 - 'cp4023.ulsfo.wmnet'
-# - 'cp4024.ulsfo.wmnet' # borked, remove for now T174891
+- 'cp4024.ulsfo.wmnet'
 - 'cp4025.ulsfo.wmnet'
 - 'cp4026.ulsfo.wmnet'

-- 
To view, visit https://gerrit.wikimedia.org/r/391287
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I291ddb8c6687a2750639e0d814f9e7834153750f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Revert "Remove borked cp4024 from ipsec nodelists"

[BBlack (Code Review)]

BBlack has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391287 )

Change subject: Revert "Remove borked cp4024 from ipsec nodelists"
..


Revert "Remove borked cp4024 from ipsec nodelists"

This reverts commit 72792d0a70584084509660e3f25270cab6f5ee9e.

Change-Id: I291ddb8c6687a2750639e0d814f9e7834153750f
---
M hieradata/common/cache/upload.yaml
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  BBlack: Verified; Looks good to me, approved



diff --git a/hieradata/common/cache/upload.yaml 
b/hieradata/common/cache/upload.yaml
index 30f79b0..851bbcf 100644
--- a/hieradata/common/cache/upload.yaml
+++ b/hieradata/common/cache/upload.yaml
@@ -39,6 +39,6 @@
 - 'cp4021.ulsfo.wmnet'
 - 'cp4022.ulsfo.wmnet'
 - 'cp4023.ulsfo.wmnet'
-# - 'cp4024.ulsfo.wmnet' # borked, remove for now T174891
+- 'cp4024.ulsfo.wmnet'
 - 'cp4025.ulsfo.wmnet'
 - 'cp4026.ulsfo.wmnet'

-- 
To view, visit https://gerrit.wikimedia.org/r/391287
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I291ddb8c6687a2750639e0d814f9e7834153750f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack 
Gerrit-Reviewer: BBlack 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: planet: add Wikimedia Community Logo to rawdog style

[Dzahn (Code Review)]

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391289 )

Change subject: planet: add Wikimedia Community Logo to rawdog style
..

planet: add Wikimedia Community Logo to rawdog style

Add Wikimedia Community Logo as svg from commons.
(https://meta.wikimedia.org/wiki/Wikimedia_Community_Logo)

Add it to the default style for rawdog.

Bug: T180498
Change-Id: If1bdf95b54fd0b8ef3a12079032e3b64c61971ae
---
A modules/planet/files/theme/Wikimedia_Community_Logo.svg
M modules/planet/manifests/theme.pp
M modules/planet/templates/html/rd_page.html.tmpl.erb
3 files changed, 77 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/89/391289/1

diff --git a/modules/planet/files/theme/Wikimedia_Community_Logo.svg 
b/modules/planet/files/theme/Wikimedia_Community_Logo.svg
new file mode 100644
index 000..96ac36f
--- /dev/null
+++ b/modules/planet/files/theme/Wikimedia_Community_Logo.svg
@@ -0,0 +1,72 @@
+
+
+http://purl.org/dc/elements/1.1/;
+   xmlns:cc="http://web.resource.org/cc/;
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#;
+   xmlns:svg="http://www.w3.org/2000/svg;
+   xmlns="http://www.w3.org/2000/svg;
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd;
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape;
+   version="1.0"
+   width="900"
+   height="900"
+   id="svg2848"
+   sodipodi:version="0.32"
+   inkscape:version="0.44.1"
+   sodipodi:docname="Wikimedia_Community_Logo.svg"
+   sodipodi:docbase="/home/fizyk/anizo/wiki/SVG/promocja">
+  
+
+  
+image/svg+xml
+http://purl.org/dc/dcmitype/StillImage; />
+  
+
+  
+  
+  
+  
+
+
+
+
+  
+
diff --git a/modules/planet/manifests/theme.pp 
b/modules/planet/manifests/theme.pp
index 6f8821c..238024e 100644
--- a/modules/planet/manifests/theme.pp
+++ b/modules/planet/manifests/theme.pp
@@ -22,6 +22,10 @@
 ensure => 'present',
 source => 'puppet:///modules/planet/theme/rawdog_style.css';
 }
+file { "/var/www/planet/${title}/Wikimedia_Community_Logo.svg":
+ensure => 'present',
+source => 
'puppet:///modules/planet/theme/Wikimedia_Community_Logo.svg';
+}
 file { "/etc/rawdog/theme/wikimedia/${title}/rd_page.tmpl":
 ensure  => 'present',
 content => template('planet/html/rd_page.html.tmpl.erb');
diff --git a/modules/planet/templates/html/rd_page.html.tmpl.erb 
b/modules/planet/templates/html/rd_page.html.tmpl.erb
index e1cefb2..d58d2af 100644
--- a/modules/planet/templates/html/rd_page.html.tmpl.erb
+++ b/modules/planet/templates/html/rd_page.html.tmpl.erb
@@ -124,6 +124,7 @@
 
 

+   
<%= @title %>.planet.wikimedia.org
 (rawdog __version__: __num_items__ items from 
__num_feeds__ feeds)
 Open all Close all Mark All 
Read

-- 
To view, visit https://gerrit.wikimedia.org/r/391289
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If1bdf95b54fd0b8ef3a12079032e3b64c61971ae
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] search...deploy[master]: Bump mjolnir submodule

[EBernhardson (Code Review)]

EBernhardson has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391294 )

Change subject: Bump mjolnir submodule
..


Bump mjolnir submodule

This brings in the patch that made working_dir configurable. We
need that so the deployment to stat1005 is able to use the
new configuration file.

Change-Id: Ia73ba83edd1166412878008a32a09f36dd9a7572
---
M src
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  EBernhardson: Verified; Looks good to me, approved



diff --git a/src b/src
index 96337a0..0d7fdcf 16
--- a/src
+++ b/src
@@ -1 +1 @@
-Subproject commit 96337a0ab1931278f93b752ca3be5f30e8124762
+Subproject commit 0d7fdcf27b51b848a8c964f3c204f195c376dea5

-- 
To view, visit https://gerrit.wikimedia.org/r/391294
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia73ba83edd1166412878008a32a09f36dd9a7572
Gerrit-PatchSet: 1
Gerrit-Project: search/MjoLniR/deploy
Gerrit-Branch: master
Gerrit-Owner: EBernhardson 
Gerrit-Reviewer: EBernhardson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...mobileapps[master]: Fix swagger-ui spec parsing

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391075 )

Change subject: Fix swagger-ui spec parsing
..


Fix swagger-ui spec parsing

This was failing due to the types of items in arrays not being
specified.

Bug: T174983
Change-Id: I2a9b4034f46993d070dacd6633c32a56a4951e44
---
M spec.yaml
1 file changed, 14 insertions(+), 2 deletions(-)

Approvals:
  BearND: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/spec.yaml b/spec.yaml
index 839822c..484eea4 100644
--- a/spec.yaml
+++ b/spec.yaml
@@ -840,6 +840,8 @@
   $merge:
 type: array
 description: One-element array containing the link to the RESTBase 
summary for the article
+items:
+  type: string
 required:
   - $merge
 
@@ -975,6 +977,8 @@
   $merge:
 type: array
 description: One-element array containing the link to the RESTBase 
summary for the article
+items:
+  type: string
   views:
 type: integer
 description: Number of views on the requested day
@@ -1137,7 +1141,8 @@
   platforms:
 type: array
 description: An array of platforms to display the announcement. 
Possible values are "iOSApp" or "AndroidApp"
-items: { type: string }
+items:
+  type: string
   text:
 type: string
 description: The text of the announcement
@@ -1158,7 +1163,8 @@
   countries:
 type: array
 description: An array of country codes in which to display the 
announcement. Clients should derive the country from 'GeoIP' portion of the 
Set-Cookie header
-items: { type: string }
+items:
+  type: string
 required:
   - id
   - type
@@ -1191,6 +1197,8 @@
   lang:
 type: array
 description: A list of wiki language codes documenting the language(s) 
of the articles in the compilation
+items:
+  type: string
   summary:
 type: string
 description: A short description of the compilation contents
@@ -1264,6 +1272,8 @@
   derivatives:
 type: array
 description: a list of derivatives of the original file (applies only 
to videos)
+items:
+  type: object
   ext:
 type: object
 description: extended metadata about the object (provided by the 
CommonsMetadata extension)
@@ -1300,6 +1310,8 @@
   data:
 type: array
 description: Buffer contents
+items:
+  type: string
 additionalProperties: false
 
   titles_set:

-- 
To view, visit https://gerrit.wikimedia.org/r/391075
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2a9b4034f46993d070dacd6633c32a56a4951e44
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/services/mobileapps
Gerrit-Branch: master
Gerrit-Owner: Mholloway 
Gerrit-Reviewer: BearND 
Gerrit-Reviewer: Fjalapeno 
Gerrit-Reviewer: Gergő Tisza 
Gerrit-Reviewer: Jdlrobson 
Gerrit-Reviewer: Mholloway 
Gerrit-Reviewer: Mhurd 
Gerrit-Reviewer: Ppchelko 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TemplateStyles[master]: Type annotations for some tests

[MaxSem (Code Review)]

MaxSem has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391344 )

Change subject: Type annotations for some tests
..

Type annotations for some tests

Change-Id: Ibe1750e6cfed593304e027d4eda7609a73980e62
---
M tests/phpunit/TemplateStylesHooksTest.php
1 file changed, 4 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TemplateStyles 
refs/changes/44/391344/1

diff --git a/tests/phpunit/TemplateStylesHooksTest.php 
b/tests/phpunit/TemplateStylesHooksTest.php
index 61aff7e..641a182 100644
--- a/tests/phpunit/TemplateStylesHooksTest.php
+++ b/tests/phpunit/TemplateStylesHooksTest.php
@@ -134,7 +134,7 @@
 * tag's output depends on the revision IDs of the input pages.
 * @dataProvider provideTag
 */
-   public function testTag( $popt, $wikitext, $expect ) {
+   public function testTag( ParserOptions $popt, $wikitext, $expect ) {
global $wgParserConf;
 
$this->setMwGlobals( [
@@ -144,14 +144,14 @@
] );
 
$oldCurrentRevisionCallback = $popt->setCurrentRevisionCallback(
-   function ( $title, $parser = false ) use ( 
&$oldCurrentRevisionCallback ) {
+   function ( Title $title, Parser $parser = false ) use ( 
&$oldCurrentRevisionCallback ) {
if ( $title->getPrefixedText() === 
'Template:Test replacement' ) {
$user = 
RequestContext::getMain()->getUser();
return new Revision( [
'page' => 
$title->getArticleID(),
'user_text' => $user->getName(),
'user' => $user->getId(),
-   'parent_id' => 
$title->getLatestRevId(),
+   'parent_id' => 
$title->getLatestRevID(),
'title' => $title,
'content' => new 
TemplateStylesContent( '.baz { color:orange; bogus:bogus; }' )
] );
@@ -162,6 +162,7 @@
 
$class = $wgParserConf['class'];
$parser = new $class( $wgParserConf );
+   /** @var Parser $parser */
$parser->firstCallInit();
if ( !isset( $parser->mTagHooks['templatestyles'] ) ) {
$this->markTestSkipped( 'templatestyles tag hook is not 
in the parser' );

-- 
To view, visit https://gerrit.wikimedia.org/r/391344
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibe1750e6cfed593304e027d4eda7609a73980e62
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TemplateStyles
Gerrit-Branch: master
Gerrit-Owner: MaxSem 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TemplateStyles[master]: Don't skip tests if the hook is not present

[MaxSem (Code Review)]

MaxSem has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391345 )

Change subject: Don't skip tests if the hook is not present
..

Don't skip tests if the hook is not present

This just hides the error if something's broken with extension
registration because skipped tests don't result in a failed suite.
Instead, explode in everybody's eyes to make it clear there's a
problem.

Change-Id: I2f1e80a1fa4b99d857671c9d1061d34449764f01
---
M tests/phpunit/TemplateStylesHooksTest.php
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TemplateStyles 
refs/changes/45/391345/1

diff --git a/tests/phpunit/TemplateStylesHooksTest.php 
b/tests/phpunit/TemplateStylesHooksTest.php
index 641a182..d9f55d9 100644
--- a/tests/phpunit/TemplateStylesHooksTest.php
+++ b/tests/phpunit/TemplateStylesHooksTest.php
@@ -165,7 +165,7 @@
/** @var Parser $parser */
$parser->firstCallInit();
if ( !isset( $parser->mTagHooks['templatestyles'] ) ) {
-   $this->markTestSkipped( 'templatestyles tag hook is not 
in the parser' );
+   throw new Exception( 'templatestyles tag hook is not in 
the parser' );
}
$out = $parser->parse( $wikitext, Title::newFromText( 'Test' ), 
$popt );
$parser->mPreprocessor = null; # Break the Parser <-> 
Preprocessor cycle

-- 
To view, visit https://gerrit.wikimedia.org/r/391345
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2f1e80a1fa4b99d857671c9d1061d34449764f01
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TemplateStyles
Gerrit-Branch: master
Gerrit-Owner: MaxSem 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TemplateStyles[master]: Fix tests

[MaxSem (Code Review)]

MaxSem has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391343 )

Change subject: Fix tests
..

Fix tests

Change-Id: I07d9271511e279cd0e12910673848654e6ff5eef
---
M tests/phpunit/TemplateStylesHooksTest.php
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TemplateStyles 
refs/changes/43/391343/1

diff --git a/tests/phpunit/TemplateStylesHooksTest.php 
b/tests/phpunit/TemplateStylesHooksTest.php
index 2560a07..61aff7e 100644
--- a/tests/phpunit/TemplateStylesHooksTest.php
+++ b/tests/phpunit/TemplateStylesHooksTest.php
@@ -198,14 +198,14 @@
$popt,
'',
// @codingStandardsIgnoreStart Ignore 
Generic.Files.LineLength.TooLong
-   "Page Template:ThisDoesNotExist has no 
content.\n",
+   "Page Template:ThisDoesNotExist has no 
content.\n",
// @codingStandardsIgnoreEnd
],
'Tag with valid but nonexistent title, main namespace' 
=> [
$popt,
'',
// @codingStandardsIgnoreStart Ignore 
Generic.Files.LineLength.TooLong
-   "Page ThisDoesNotExist has no 
content.\n",
+   "Page ThisDoesNotExist has no 
content.\n",
// @codingStandardsIgnoreEnd
],
'Tag with wikitext page' => [

-- 
To view, visit https://gerrit.wikimedia.org/r/391343
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I07d9271511e279cd0e12910673848654e6ff5eef
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/TemplateStyles
Gerrit-Branch: master
Gerrit-Owner: MaxSem 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: webperf: Record navtiming discards to Graphite, and add is_s...

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/390061 )

Change subject: webperf: Record navtiming discards to Graphite, and add is_sane 
test
..


webperf: Record navtiming discards to Graphite, and add is_sane test

* Add a test case that has some of the values exceed 180s,
  to test the is_sane() filter.

  Observerved in navtiming (1):
  - The earlier values in the same event are still reported. (known bug, fixed 
in v2)
  - The ones above the treshold are ignored. (desired behaviour)
  - The ones for by_continent and by_country are not filtered by sanity. 
(previously
unknown bug, but already fixed in v2).
  Observed in navtiming (2):
  - The event is discarded in its entirely,
no partial reports of incomplete data. (desired behaviour)

* Add a new metric that records in Graphite when an event is discarded.
  This is similar to the logic we have already on the client-side where
  we increment the navtiming.logFailure.nonCompliant counter if the values
  were corrupted or not standards-compliant.

Change-Id: I5c4dc247f131ce9eceaef0d60e844aaf4039556b
---
M modules/webperf/files/navtiming.py
M modules/webperf/files/navtiming_fixture.yaml
2 files changed, 77 insertions(+), 1 deletion(-)

Approvals:
  Phedenskog: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Gilles: Looks good to me, but someone else must approve
  Dzahn: Looks good to me, approved



diff --git a/modules/webperf/files/navtiming.py 
b/modules/webperf/files/navtiming.py
index d055375..5e7d737 100755
--- a/modules/webperf/files/navtiming.py
+++ b/modules/webperf/files/navtiming.py
@@ -306,10 +306,24 @@
 
 
 def make_stat(*args):
+"""
+Create a statsd packet for adding a measure to a Timing metric
+"""
 args = list(args)
 value = args.pop()
 name = '.'.join(arg.replace(' ', '_') for arg in args)
 stat = '%s:%s|ms' % (name, value)
+return stat.encode('utf-8')
+
+
+def make_count(*args):
+"""
+Create a statsd packet for incrementing a Counter metric
+"""
+args = list(args)
+value = 1
+name = '.'.join(arg.replace(' ', '_') for arg in args)
+stat = '%s:%s|c' % (name, value)
 return stat.encode('utf-8')
 
 
@@ -458,7 +472,9 @@
 break
 
 # If one of the metrics are over the max then skip it entirely
-if (isSane):
+if not isSane:
+yield make_count('frontend.navtiming_discard', 'isSane')
+else:
 for metric, value in metrics_nav2.items():
 prefix = 'frontend.navtiming2'
 yield make_stat(prefix, metric, site, auth, value)
diff --git a/modules/webperf/files/navtiming_fixture.yaml 
b/modules/webperf/files/navtiming_fixture.yaml
index 639ff57..b2b9f63 100644
--- a/modules/webperf/files/navtiming_fixture.yaml
+++ b/modules/webperf/files/navtiming_fixture.yaml
@@ -443,6 +443,66 @@
   - frontend.navtiming2.domInteractive.by_continent.Europe:2936|ms
   - frontend.navtiming2.domInteractive.by_country.Russia:2936|ms
 
+View with timings above threshold:
+ input: {"event": {"action": "view", "connectEnd": 0, "connectStart": 0, 
"dnsLookup": 0, "domComplete": 203077, "domInteractive": 7403, "fetchStart": 0, 
"firstPaint": 9356, "isAnon": true, "isHiDPI": false, "isHttp2": true, 
"loadEventEnd": 204085, "loadEventStart": 204083, "mediaWikiLoadComplete": 
20922, "mediaWikiVersion": "1.30.0-wmf.19", "namespaceId": 1, "originCountry": 
"FR", "originRegion": "X", "pageId": 1, "requestStart": 4484, "responseEnd": 
6286, "responseStart": 5027, "revId": 1}, "recvFrom": "example", "revision": 1, 
"schema": "NavigationTiming", "seqId": 1, "timestamp": 1, "userAgent": 
"{\"os_minor\": null, \"is_bot\": false, \"os_major\": null, \"device_family\": 
\"Other\", \"os_family\": \"Windows 10\", \"browser_minor\": \"15063\", 
\"wmf_app_version\": \"-\", \"browser_major\": \"15\", \"browser_family\": 
\"Edge\", \"is_mediawiki\": false}", "uuid": "example", "webHost": "example", 
"wiki": "example"}
+ expect:
+  # domComplete, loadEventStart and loadEventEnd are above threshold
+  - frontend.navtiming.loadEventStart.by_continent.Europe:204083|ms
+  - frontend.navtiming.loadEventStart.by_country.France:204083|ms
+  - frontend.navtiming.mediaWikiLoadComplete.desktop.anonymous:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.desktop.overall:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.overall:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.by_browser.Edge.15:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.by_browser.Edge.all:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.by_continent.Europe:20922|ms
+  - frontend.navtiming.mediaWikiLoadComplete.by_country.France:20922|ms
+  - frontend.navtiming.dnsLookup.by_continent.Europe:0|ms
+  - frontend.navtiming.dnsLookup.by_country.France:0|ms
+  - frontend.navtiming.firstPaint.desktop.anonymous:9356|ms
+  - 

[MediaWiki-commits] [Gerrit] operations/puppet[production]: webperf: Refactor tests to directly associate expected data ...

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/390083 )

Change subject: webperf: Refactor tests to directly associate expected data 
with cases
..


webperf: Refactor tests to directly associate expected data with cases

Previously we had a file with all input and a file with all output,
which is pretty hard to review and basically only helps catch errors
when the intent is to change nothing in the output.

Whenever we do make a change in the output, the expected data was
sufficiently mixed up that one basically ends up just recreating
it with the new input with no feasible way to review.

Hopefully this new structure will make it easier to review by
having the input and expected output directly associated with
each another, and in the same file.

Change-Id: Ibb6c11476535e45490a5147294099d1965a3f970
---
D modules/webperf/files/navtiming_expected.txt
M modules/webperf/files/navtiming_fixture.yaml
M modules/webperf/files/navtiming_test.py
3 files changed, 467 insertions(+), 6,775 deletions(-)

Approvals:
  jenkins-bot: Verified
  Gilles: Looks good to me, but someone else must approve
  Dzahn: Looks good to me, approved




-- 
To view, visit https://gerrit.wikimedia.org/r/390083
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ibb6c11476535e45490a5147294099d1965a3f970
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Krinkle 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Gilles 
Gerrit-Reviewer: Phedenskog 
Gerrit-Reviewer: Volans 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...PageForms[master]: Changed addModuleStyles() + ...Scripts() to just addModules()

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391282 )

Change subject: Changed addModuleStyles() + ...Scripts() to just addModules()
..


Changed addModuleStyles() + ...Scripts() to just addModules()

The two separately seem to no longer work in all cases.

Change-Id: Ic1762cda259bd673bee66448e7c7f73e5822ccef
---
M includes/forminputs/PF_FormInput.php
1 file changed, 1 insertion(+), 2 deletions(-)

Approvals:
  Yaron Koren: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/includes/forminputs/PF_FormInput.php 
b/includes/forminputs/PF_FormInput.php
index 961a98f..e2e129b 100644
--- a/includes/forminputs/PF_FormInput.php
+++ b/includes/forminputs/PF_FormInput.php
@@ -335,8 +335,7 @@
 
// Register modules for the input.
if ( $modules !== null ) {
-   $output->addModuleStyles( $modules );
-   $output->addModuleScripts( $modules );
+   $output->addModules( $modules );
}
 
if ( $this->getJsInitFunctionData() || 
$this->getJsValidationFunctionData() ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/391282
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ic1762cda259bd673bee66448e7c7f73e5822ccef
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/extensions/PageForms
Gerrit-Branch: master
Gerrit-Owner: Yaron Koren 
Gerrit-Reviewer: Yaron Koren 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] apps...wikipedia[master]: Fix: Incorrect language counts

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391132 )

Change subject: Fix: Incorrect language counts
..


Fix: Incorrect language counts

 - Update the language counts when the article is in Chinese (should +1 if it's 
in Traditional or Simplified Chinese)

Bug: T180182
Change-Id: I4c40b7edcf9324404ccff9c7c99540e03fc0b114
---
M app/src/main/java/org/wikipedia/page/bottomcontent/BottomContentView.java
M app/src/main/java/org/wikipedia/util/L10nUtil.java
2 files changed, 24 insertions(+), 4 deletions(-)

Approvals:
  Dbrant: Looks good to me, approved
  jenkins-bot: Verified



diff --git 
a/app/src/main/java/org/wikipedia/page/bottomcontent/BottomContentView.java 
b/app/src/main/java/org/wikipedia/page/bottomcontent/BottomContentView.java
index d43dc68..1a8fe01 100644
--- a/app/src/main/java/org/wikipedia/page/bottomcontent/BottomContentView.java
+++ b/app/src/main/java/org/wikipedia/page/bottomcontent/BottomContentView.java
@@ -37,6 +37,7 @@
 import org.wikipedia.search.SearchResults;
 import org.wikipedia.util.DimenUtil;
 import org.wikipedia.util.GeoUtil;
+import org.wikipedia.util.L10nUtil;
 import org.wikipedia.util.StringUtil;
 import org.wikipedia.util.log.L;
 import org.wikipedia.views.ConfigurableTextView;
@@ -265,12 +266,18 @@
 
pageLastUpdatedText.setText(parentFragment.getString(R.string.last_updated_text,
 
formatDateRelative(page.getPageProperties().getLastModified(;
 pageLastUpdatedText.setVisibility(View.VISIBLE);
-
 pageTalkContainer.setVisibility(page.getTitle().namespace() == 
Namespace.TALK ? GONE : VISIBLE);
 
-
pageLanguagesContainer.setVisibility(page.getPageProperties().getLanguageCount()
 == 0 ? GONE : VISIBLE);
-
pageLanguagesCount.setText(parentFragment.getString(R.string.language_count_link_text,
-page.getPageProperties().getLanguageCount()));
+/**
+ * TODO: It only updates the count when the article is in Chinese.
+ * If an article is also available in Chinese, the count will be less 
one.
+ * @see LangLinksActivity.java updateLanguageEntriesSupported()
+ */
+int getLanguageCount = 
L10nUtil.getUpdatedLanguageCountIfNeeded(page.getTitle().getWikiSite().languageCode(),
+page.getPageProperties().getLanguageCount());
+
+pageLanguagesContainer.setVisibility(getLanguageCount == 0 ? GONE : 
VISIBLE);
+
pageLanguagesCount.setText(parentFragment.getString(R.string.language_count_link_text,
 getLanguageCount));
 
 pageMapContainer.setVisibility(page.getPageProperties().getGeo() == 
null ? GONE : VISIBLE);
 
diff --git a/app/src/main/java/org/wikipedia/util/L10nUtil.java 
b/app/src/main/java/org/wikipedia/util/L10nUtil.java
index fcb9cf1..a4b015b 100644
--- a/app/src/main/java/org/wikipedia/util/L10nUtil.java
+++ b/app/src/main/java/org/wikipedia/util/L10nUtil.java
@@ -225,6 +225,19 @@
 }
 }
 
+public static int getUpdatedLanguageCountIfNeeded(String getLanguageCode, 
int originalLanguageCount) {
+
+int updatedLanguageCount = originalLanguageCount;
+
+if (getLanguageCode.equals(CHINESE_LANGUAGE_CODE)) {
+updatedLanguageCount = updatedLanguageCount + 2; // for both 
Traditional and Simplified
+} else if (getLanguageCode.equals(TRADITIONAL_CHINESE_LANGUAGE_CODE) 
|| getLanguageCode.equals(SIMPLIFIED_CHINESE_LANGUAGE_CODE)) {
+updatedLanguageCount = updatedLanguageCount + 1;
+}
+
+return updatedLanguageCount;
+}
+
 private L10nUtil() {
 }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/391132
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4c40b7edcf9324404ccff9c7c99540e03fc0b114
Gerrit-PatchSet: 2
Gerrit-Project: apps/android/wikipedia
Gerrit-Branch: master
Gerrit-Owner: Cooltey 
Gerrit-Reviewer: Brion VIBBER 
Gerrit-Reviewer: Dbrant 
Gerrit-Reviewer: Sharvaniharan 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...release[master]: make-release: Remove old pre-semver support

[Chad (Code Review)]

Chad has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391290 )

Change subject: make-release: Remove old pre-semver support
..

make-release: Remove old pre-semver support

Change-Id: Ib9ffbedf928037ace84330e8fcdfbe3371c37501
---
M make-release/make-release.py
1 file changed, 2 insertions(+), 20 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/tools/release 
refs/changes/90/391290/1

diff --git a/make-release/make-release.py b/make-release/make-release.py
index 89ce180..36b524e 100755
--- a/make-release/make-release.py
+++ b/make-release/make-release.py
@@ -181,19 +181,7 @@
 del ret['major2']
 
 try:
-# Special case for when we switched to semantic versioning
-if(ret['major'] <= '1.22' or
-   (ret['major'] == '1.23' and
-ret['minor'] == '0' and
-(ret['phase'] == 'rc' and
- ret['cycle'] == '0'))):
-ret['tag'] = 'tags/%s.%s%s%s' % (
-ret['major'],
-ret['minor'],
-ret.get('phase', ''),
-ret.get('cycle', '')
-)
-elif('phase' in ret):
+if('phase' in ret):
 ret['tag'] = 'tags/%s.%s-%s.%s' % (
 ret['major'],
 ret['minor'],
@@ -224,13 +212,7 @@
 
 bits[last] = str(int(bits[last]) - 1)
 
-if(bits[0] <= '1.22' or
-   (bits[0] == '1.23' and
-bits[1] == '0' and
-(bits[2] == 'rc' and
- bits[3] == '0'))):
-ret['prevVersion'] = '%s.%s%s%s' % tuple(bits)
-elif 'phase' in ret:
+if 'phase' in ret:
 ret['prevVersion'] = '%s.%s-%s.%s' % tuple(bits)
 else:
 ret['prevVersion'] = '%s.%s' % (bits[0], bits[1])

-- 
To view, visit https://gerrit.wikimedia.org/r/391290
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib9ffbedf928037ace84330e8fcdfbe3371c37501
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/tools/release
Gerrit-Branch: master
Gerrit-Owner: Chad 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] search...deploy[master]: Dont recreate virtualenv unless necessary

[EBernhardson (Code Review)]

EBernhardson has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391296 )

Change subject: Dont recreate virtualenv unless necessary
..

Dont recreate virtualenv unless necessary

It appears that while the first run of the virtualenv.sh script will
succeed on a debian jessie based system, future runs will attempt
to overwrite the upgraded pip with the older system version of pip. This
causes pip to completly break with a mismatch between versions.

Change-Id: I7c6fd8ea1e1ee35a3e7386fd9b628c0605a11fda
---
M scap/checks/virtualenv.sh
1 file changed, 7 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/search/MjoLniR/deploy 
refs/changes/96/391296/1

diff --git a/scap/checks/virtualenv.sh b/scap/checks/virtualenv.sh
index 2f8ebba..56da498 100644
--- a/scap/checks/virtualenv.sh
+++ b/scap/checks/virtualenv.sh
@@ -13,9 +13,13 @@
 
 PIP="${VENV}/bin/pip"
 
-# Ensure that the virtual environment exists
-mkdir -p "$VENV"
-virtualenv --never-download --python python2.7 $VENV || /bin/true
+# Ensure that the virtual environment exists. Don't recreate if already
+# existing, as this will try and downgrade pip on debian jessie from the one
+# installed later which then breaks pip.
+if [ ! -x "$PIP" ]; then
+mkdir -p "$VENV"
+virtualenv --never-download --python python2.7 $VENV || /bin/true
+fi
 
 # Debian jessie based hosts need updated versions of pip and wheel or they will
 # fail to install some binary packages (numpy, scipy, maybe others)

-- 
To view, visit https://gerrit.wikimedia.org/r/391296
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7c6fd8ea1e1ee35a3e7386fd9b628c0605a11fda
Gerrit-PatchSet: 1
Gerrit-Project: search/MjoLniR/deploy
Gerrit-Branch: master
Gerrit-Owner: EBernhardson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] search...deploy[master]: Dont recreate virtualenv unless necessary

[EBernhardson (Code Review)]

EBernhardson has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391296 )

Change subject: Dont recreate virtualenv unless necessary
..


Dont recreate virtualenv unless necessary

It appears that while the first run of the virtualenv.sh script will
succeed on a debian jessie based system, future runs will attempt
to overwrite the upgraded pip with the older system version of pip. This
causes pip to completly break with a mismatch between versions.

Change-Id: I7c6fd8ea1e1ee35a3e7386fd9b628c0605a11fda
---
M scap/checks/virtualenv.sh
1 file changed, 7 insertions(+), 3 deletions(-)

Approvals:
  EBernhardson: Verified; Looks good to me, approved



diff --git a/scap/checks/virtualenv.sh b/scap/checks/virtualenv.sh
index 2f8ebba..56da498 100644
--- a/scap/checks/virtualenv.sh
+++ b/scap/checks/virtualenv.sh
@@ -13,9 +13,13 @@
 
 PIP="${VENV}/bin/pip"
 
-# Ensure that the virtual environment exists
-mkdir -p "$VENV"
-virtualenv --never-download --python python2.7 $VENV || /bin/true
+# Ensure that the virtual environment exists. Don't recreate if already
+# existing, as this will try and downgrade pip on debian jessie from the one
+# installed later which then breaks pip.
+if [ ! -x "$PIP" ]; then
+mkdir -p "$VENV"
+virtualenv --never-download --python python2.7 $VENV || /bin/true
+fi
 
 # Debian jessie based hosts need updated versions of pip and wheel or they will
 # fail to install some binary packages (numpy, scipy, maybe others)

-- 
To view, visit https://gerrit.wikimedia.org/r/391296
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7c6fd8ea1e1ee35a3e7386fd9b628c0605a11fda
Gerrit-PatchSet: 1
Gerrit-Project: search/MjoLniR/deploy
Gerrit-Branch: master
Gerrit-Owner: EBernhardson 
Gerrit-Reviewer: EBernhardson 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...MinervaNeue[master]: Unify SVG markup

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/389290 )

Change subject: Unify SVG markup
..


Unify SVG markup

Align SVG markup across Foundation products by:
- unifying XML declaration,
- adding `width` and `height` attributes where missing,
- removing all unnecessary `g` group elements where applicable,
- putting attributes in order,
- removing unnecessary ids and
- unifying whitespace.

Bug: T178867
Change-Id: I6860c9259553e0e41f7656f9e98534db8e02bbc2
---
M resources/skins.minerva.base.styles/magnifying-glass.svg
M resources/skins.minerva.content.styles/images/external-link-ltr-icon.svg
M resources/skins.minerva.content.styles/images/external-link-rtl-icon.svg
M resources/skins.minerva.icons.images.scripts/download.svg
M resources/skins.minerva.icons.images.scripts/userAnonymous.svg
M resources/skins.minerva.icons.images.scripts/watch.svg
M resources/skins.minerva.icons.images.scripts/watched.svg
M resources/skins.minerva.icons.images.variants/arrow.svg
M resources/skins.minerva.icons.images/bell.svg
M resources/skins.minerva.icons.images/edit.svg
M resources/skins.minerva.icons.images/editLocked.svg
M resources/skins.minerva.icons.images/languageSwitcher.svg
M resources/skins.minerva.mainMenu.icons/anonymous.svg
M resources/skins.minerva.mainMenu.icons/contributions.svg
M resources/skins.minerva.mainMenu.icons/home.svg
M resources/skins.minerva.mainMenu.icons/logout.svg
M resources/skins.minerva.mainMenu.icons/nearby.svg
M resources/skins.minerva.mainMenu.icons/profile.svg
M resources/skins.minerva.mainMenu.icons/random.svg
M resources/skins.minerva.mainMenu.icons/settings.svg
M resources/skins.minerva.mainMenu.icons/watchlist.svg
M skinStyles/mobile.startup/images/error.svg
22 files changed, 22 insertions(+), 22 deletions(-)

Approvals:
  jenkins-bot: Verified
  Jdlrobson: Looks good to me, approved



diff --git a/resources/skins.minerva.base.styles/magnifying-glass.svg 
b/resources/skins.minerva.base.styles/magnifying-glass.svg
index 7103adb..42f4289 100644
--- a/resources/skins.minerva.base.styles/magnifying-glass.svg
+++ b/resources/skins.minerva.base.styles/magnifying-glass.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg; 
viewBox="0 0 24 24">
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="24" height="24" viewBox="0 0 24 24">
\ No newline at end of file
diff --git 
a/resources/skins.minerva.content.styles/images/external-link-ltr-icon.svg 
b/resources/skins.minerva.content.styles/images/external-link-ltr-icon.svg
index 499dc22..0f4e407 100644
--- a/resources/skins.minerva.content.styles/images/external-link-ltr-icon.svg
+++ b/resources/skins.minerva.content.styles/images/external-link-ltr-icon.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg; 
width="10" height="10">
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="10" height="10" viewBox="0 0 10 10">
\ No newline at end of file
diff --git 
a/resources/skins.minerva.content.styles/images/external-link-rtl-icon.svg 
b/resources/skins.minerva.content.styles/images/external-link-rtl-icon.svg
index 2577607..061e385 100644
--- a/resources/skins.minerva.content.styles/images/external-link-rtl-icon.svg
+++ b/resources/skins.minerva.content.styles/images/external-link-rtl-icon.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg; 
width="10" height="10">
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="10" height="10" viewBox="0 0 10 10">
\ No newline at end of file
diff --git a/resources/skins.minerva.icons.images.scripts/download.svg 
b/resources/skins.minerva.icons.images.scripts/download.svg
index 1a19a9f..18b2388 100644
--- a/resources/skins.minerva.icons.images.scripts/download.svg
+++ b/resources/skins.minerva.icons.images.scripts/download.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg;>
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="24" height="24" viewBox="0 0 24 24">
\ No newline at end of file
diff --git a/resources/skins.minerva.icons.images.scripts/userAnonymous.svg 
b/resources/skins.minerva.icons.images.scripts/userAnonymous.svg
index cccd4de..17ed037 100644
--- a/resources/skins.minerva.icons.images.scripts/userAnonymous.svg
+++ b/resources/skins.minerva.icons.images.scripts/userAnonymous.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg; 
viewBox="0 0 16 16">
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="16" height="16" viewBox="0 0 16 16">
\ No newline at end of file
diff --git a/resources/skins.minerva.icons.images.scripts/watch.svg 
b/resources/skins.minerva.icons.images.scripts/watch.svg
index ed9baa9..9a4a99d 100644
--- a/resources/skins.minerva.icons.images.scripts/watch.svg
+++ b/resources/skins.minerva.icons.images.scripts/watch.svg
@@ -1 +1 @@
-http://www.w3.org/2000/svg;>
\ No newline at end of file
+http://www.w3.org/2000/svg; 
width="24" height="24" viewBox="0 0 24 24">
\ No newline at end of file
diff --git 

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SanitizerTest: Add tests for stripAllTags

[Catrope (Code Review)]

Catrope has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391347 )

Change subject: SanitizerTest: Add tests for stripAllTags
..

SanitizerTest: Add tests for stripAllTags

Bug: T179978
Change-Id: I9776cfd51b1b3ec772d4216168fbe466f48f5892
---
M tests/phpunit/includes/SanitizerTest.php
1 file changed, 23 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/47/391347/1

diff --git a/tests/phpunit/includes/SanitizerTest.php 
b/tests/phpunit/includes/SanitizerTest.php
index 6fc25df..4a33125 100644
--- a/tests/phpunit/includes/SanitizerTest.php
+++ b/tests/phpunit/includes/SanitizerTest.php
@@ -513,6 +513,29 @@
}
 
/**
+* @dataProvider provideStripAllTags
+*
+* @covers Sanitizer::stripAllTags()
+*
+* @param string $input
+* @param string $expected
+*/
+   public function testStripAllTags( $input, $expected ) {
+   $this->assertEquals( $expected, Sanitizer::stripAllTags( $input 
) );
+   }
+
+   public function provideStripAllTags() {
+   return [
+   [ 'Foo', 'Foo' ],
+   [ 'FooBar', 'FooBar' ],
+   [ "Foo\nBar", 'Foo Bar' ],
+   [ 'Hello strong wor 
caf', 'Hello  world café' ],
+   // This one is broken, see T179978
+   //[ 'quux\'>Bar Whee!', 'Bar Whee!' ],
+   ];
+   }
+
+   /**
 * @expectedException InvalidArgumentException
 * @covers Sanitizer::escapeIdInternal()
 */

-- 
To view, visit https://gerrit.wikimedia.org/r/391347
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9776cfd51b1b3ec772d4216168fbe466f48f5892
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Catrope 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...wetzel[develop]: Fix prevalence bugs

[Bearloga (Code Review)]

Bearloga has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391288 )

Change subject: Fix prevalence bugs
..

Fix prevalence bugs

(Hopefully) fixes:
- the shadow and the text are a bit off
- the list of projects/wikis that have maps enabled
- the project selector is weird—selecting wikipedia
  and commons also shows results from mediawiki and
  meta and wikivoyage
- the summary prevalence chart needs to be updated
  to take into account the small increases in
  mapframe/maplink prevalence (tab removed)
- can the lang/project selectors only show the
  projects/languages that have mapframe—when the
  user selects to only show mapframe?

Bug: T170022
Change-Id: Ia44972c0691f026f7ad73c1a78341eaef7743aa6
---
M CHANGELOG.md
D modules/kartographer/overall_prevalence.R
R modules/kartographer_prevalence.R
M server.R
D tab_documentation/overall_prevalence.md
M tab_documentation/prevalence_langproj.md
M ui.R
M utils.R
8 files changed, 61 insertions(+), 159 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/discovery/wetzel 
refs/changes/88/391288/1

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f3e77ee..f6265a2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Change Log (Patch Notes)
 All notable changes to this project will be documented in this file.
 
+## 2017/11/13
+- Fixed some bugs 
([T170022#3678043](https://phabricator.wikimedia.org/T170022#3678043))
+- Removed "overall mapframe/maplink prevalence" tab
+
 ## 2017/09/18
 - Modularized the dashboard source code
 - Added maplink & mapframe prevalence graphs 
([T170022](https://phabricator.wikimedia.org/T170022))
diff --git a/modules/kartographer/overall_prevalence.R 
b/modules/kartographer/overall_prevalence.R
deleted file mode 100644
index cd28296..000
--- a/modules/kartographer/overall_prevalence.R
+++ /dev/null
@@ -1,7 +0,0 @@
-output$overall_prevalence_series <- renderDygraph({
-  prevalence %>%
-polloi::reorder_columns() %>%
-polloi::make_dygraph("Date", "Prevalence (%)", "Maplink and Mapframe 
prevalence on Wikimedia projects") %>%
-dyLegend(labelsDiv = "overall_prevalence_series_legend", show = "always") 
%>%
-dyRangeSelector(retainDateWindow = TRUE, fillColor = "", strokeColor = "")
-})
diff --git a/modules/kartographer/language-project_breakdown.R 
b/modules/kartographer_prevalence.R
similarity index 89%
rename from modules/kartographer/language-project_breakdown.R
rename to modules/kartographer_prevalence.R
index f10e982..38c4139 100644
--- a/modules/kartographer/language-project_breakdown.R
+++ b/modules/kartographer_prevalence.R
@@ -1,18 +1,35 @@
-output$language_selector_container <- renderUI({
-  req(input$project_selector)
-  temp_language <- available_languages
-  if ("Maplink" %in% input$prevalence_langproj_feature) {
-temp_language <- temp_language[temp_language$maplink, ]
-  }
-  if ("Mapframe" %in% input$prevalence_langproj_feature) {
-temp_language <- temp_language[temp_language$mapframe, ]
+output$project_selector_container <- renderUI({
+  temp_project <- available_projects
+
+  if (input$project_order == "alphabet") {
+projects_to_display <- sort(temp_project$project)
+  } else {
+projects_to_display <- 
temp_project$project[order(temp_project$total_articles, decreasing = TRUE)]
   }
 
+  return(selectInput(
+"project_selector", "Project",
+multiple = TRUE, selectize = FALSE, size = 19,
+choices = projects_to_display, selected = projects_to_display[1]
+  ))
+})
+
+output$language_selector_container <- renderUI({
+  req(input$project_selector)
+  temp_language <- available_combos[available_combos$project %in% 
input$project_selector, ]
+  if ("Maplink" %in% input$prevalence_langproj_feature) {
+temp_language <- dplyr::filter(temp_language, !is.na(maplink_articles), 
maplink_articles > 0)
+  }
+  if ("Mapframe" %in% input$prevalence_langproj_feature) {
+temp_language <- dplyr::filter(temp_language, !is.na(mapframe_articles), 
mapframe_articles > 0)
+  }
+  req(temp_language$language)
   if (input$language_order == "alphabet") {
 languages_to_display <- sort(temp_language$language)
   } else {
-languages_to_display <- 
temp_language$language[order(temp_language$articles, decreasing = TRUE)]
+languages_to_display <- 
temp_language$language[order(pmax(temp_language$total_articles.x, 
temp_language$total_articles.y, na.rm = TRUE), decreasing = TRUE)]
   }
+  languages_to_display <- unique(languages_to_display)
 
   # e.g. if user sorts projects alphabetically and the selected project is 
"10th Anniversary of Wikipeda"
   #  then automatically select the language "(None)" to avoid giving user 
an error. This also works if
@@ -23,7 +40,7 @@
   if (!is.null(input$language_selector)) {
 selected_language <- union("(None)", input$language_selector)
   } else {
-selected_language <- c("(None)", languages_to_display[[1]])
+

[MediaWiki-commits] [Gerrit] mediawiki...DonationInterface[master]: More debugging for orphan rectifier

[Mepps (Code Review)]

Mepps has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391291 )

Change subject: More debugging for orphan rectifier
..

More debugging for orphan rectifier

Change-Id: I32d81751fa16d87874536493ad384a4a61c3f8d8
---
M gateway_common/gateway.adapter.php
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface 
refs/changes/91/391291/1

diff --git a/gateway_common/gateway.adapter.php 
b/gateway_common/gateway.adapter.php
index a4c82ef..0c98b09 100644
--- a/gateway_common/gateway.adapter.php
+++ b/gateway_common/gateway.adapter.php
@@ -1313,6 +1313,7 @@
 
do {
$this->logger->info( "Preparing to send 
{$this->getCurrentTransaction()} transaction to $gatewayName" );
+$this->logger->info( "Curl call for 
{$this->getCurrentTransaction()}:" . print_r($ch) );
 
// Execute the cURL operation
$curl_response = $this->curl_exec( $ch );

-- 
To view, visit https://gerrit.wikimedia.org/r/391291
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I32d81751fa16d87874536493ad384a4a61c3f8d8
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: master
Gerrit-Owner: Mepps 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: snapshot: Use --no-cache for dumping Wikidata entities

[Dzahn (Code Review)]

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391053 )

Change subject: snapshot: Use --no-cache for dumping Wikidata entities
..


snapshot: Use --no-cache for dumping Wikidata entities

This flag will work once 795350da2 is deployed, but
passing it earlier is fine (MW discards those).

Bug: T180048
Change-Id: Iac6fa3fb055834cebc1f10ba472d63671cb1322a
---
M modules/snapshot/files/cron/dumpwikidatajson.sh
M modules/snapshot/files/cron/dumpwikidatardf.sh
2 files changed, 4 insertions(+), 2 deletions(-)

Approvals:
  jenkins-bot: Verified
  Thiemo Mättig (WMDE): Looks good to me, but someone else must approve
  Dzahn: Looks good to me, approved



diff --git a/modules/snapshot/files/cron/dumpwikidatajson.sh 
b/modules/snapshot/files/cron/dumpwikidatajson.sh
index a53ac8d..49136ab 100644
--- a/modules/snapshot/files/cron/dumpwikidatajson.sh
+++ b/modules/snapshot/files/cron/dumpwikidatajson.sh
@@ -30,7 +30,8 @@
set -o pipefail

errorLog=/var/log/wikidatadump/dumpwikidatajson-$filename-$i.log
# NOTE: We temporary set the shard size differently for 
each shard. T177486#3674942.
-   php5 $multiversionscript 
extensions/Wikidata/extensions/Wikibase/repo/maintenance/dumpJson.php --wiki 
wikidatawiki --shard $i --sharding-factor $shards --batch-size `expr $(expr $i 
+ 1) \* 500` --snippet 2>> $errorLog | gzip -9 > $tempDir/wikidataJson.$i.gz
+   # Remove --no-cache once this runs on hhvm (or 
everything is back on Zend), see T180048.
+   php5 $multiversionscript 
extensions/Wikidata/extensions/Wikibase/repo/maintenance/dumpJson.php --wiki 
wikidatawiki --shard $i --sharding-factor $shards --batch-size `expr $(expr $i 
+ 1) \* 500` --snippet 2 --no-cache >> $errorLog | gzip -9 > 
$tempDir/wikidataJson.$i.gz
exitCode=$?
if [ $exitCode -gt 0 ]; then
echo -e "\n\n(`date --iso-8601=minutes`) 
Process for shard $i failed with exit code $exitCode" >> $errorLog
diff --git a/modules/snapshot/files/cron/dumpwikidatardf.sh 
b/modules/snapshot/files/cron/dumpwikidatardf.sh
index 006c36d..c3f866f 100755
--- a/modules/snapshot/files/cron/dumpwikidatardf.sh
+++ b/modules/snapshot/files/cron/dumpwikidatardf.sh
@@ -56,7 +56,8 @@
(
set -o pipefail

errorLog=/var/log/wikidatadump/dumpwikidata$dumpFormat-$filename-$i.log
-   php5 $multiversionscript 
extensions/Wikidata/extensions/Wikibase/repo/maintenance/dumpRdf.php --wiki 
wikidatawiki --shard $i --sharding-factor $shards --batch-size `expr $shards \* 
500` --format $dumpFormat --flavor $dumpFlavor 2>> $errorLog | gzip -9 > 
$tempDir/wikidata$dumpFormat-$dumpName.$i.gz
+   # Remove --no-cache once this runs on hhvm (or 
everything is back on Zend), see T180048.
+   php5 $multiversionscript 
extensions/Wikidata/extensions/Wikibase/repo/maintenance/dumpRdf.php --wiki 
wikidatawiki --shard $i --sharding-factor $shards --batch-size `expr $shards \* 
500` --format $dumpFormat --flavor $dumpFlavor --no-cache 2>> $errorLog | gzip 
-9 > $tempDir/wikidata$dumpFormat-$dumpName.$i.gz
exitCode=$?
if [ $exitCode -gt 0 ]; then
echo -e "\n\n(`date --iso-8601=minutes`) 
Process for shard $i failed with exit code $exitCode" >> $errorLog

-- 
To view, visit https://gerrit.wikimedia.org/r/391053
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iac6fa3fb055834cebc1f10ba472d63671cb1322a
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hoo man 
Gerrit-Reviewer: ArielGlenn 
Gerrit-Reviewer: Dzahn 
Gerrit-Reviewer: Thiemo Mättig (WMDE) 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...TimedMediaHandler[master]: Final adjust to Ogg Theora transcode settings

[Brion VIBBER (Code Review)]

Brion VIBBER has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391346 )

Change subject: Final adjust to Ogg Theora transcode settings
..

Final adjust to Ogg Theora transcode settings

Apply some final tweaks to Ogg Theora transcode settings:
* use --soft-target on ffmpeg2theora
* use a bandwidth target instead of quality target on HD targets
* include 1440p and 2160p defs for comparison testing
* don't force super-low frame rate on 15fps

(Note that Theora output is not in use in production anymore, and
will probably be removed later entirely.)

Change-Id: I51c02ba68cea452eb6f393f894018b852b34fc31
---
M WebVideoTranscode/WebVideoTranscode.php
M WebVideoTranscode/WebVideoTranscodeJob.php
2 files changed, 43 insertions(+), 4 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/TimedMediaHandler 
refs/changes/46/391346/1

diff --git a/WebVideoTranscode/WebVideoTranscode.php 
b/WebVideoTranscode/WebVideoTranscode.php
index 8e21edd..c8125ab 100644
--- a/WebVideoTranscode/WebVideoTranscode.php
+++ b/WebVideoTranscode/WebVideoTranscode.php
@@ -32,6 +32,8 @@
const ENC_OGV_480P = '480p.ogv';
const ENC_OGV_720P = '720p.ogv';
const ENC_OGV_1080P = '1080p.ogv';
+   const ENC_OGV_1440P = '1440p.ogv';
+   const ENC_OGV_2160P = '2160p.ogv';
 
// WebM VP8/Vorbis profiles:
const ENC_WEBM_160P = '160p.webm';
@@ -84,8 +86,9 @@
self::ENC_OGV_160P =>
[
'maxSize'=> '288x160',
-   'videoBitrate'   => '160',
-   'framerate'  => '15',
+   'videoBitrate'   => '256',
+   'softTarget' => 'true',
+   'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '-1',
'channels'   => '2',
'noUpscaling'=> 'true', // also 
caps to source frame rate
@@ -100,6 +103,7 @@
[
'maxSize'=> '426x240',
'videoBitrate'   => '512',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '0',
'channels'   => '2',
@@ -115,6 +119,7 @@
[
'maxSize'=> '640x360',
'videoBitrate'   => '1024',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '1',
'channels'   => '2',
@@ -130,6 +135,7 @@
[
'maxSize'=> '854x480',
'videoBitrate'   => '2048',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => '2',
'channels'   => '2',
@@ -145,7 +151,8 @@
self::ENC_OGV_720P =>
[
'maxSize'=> '1280x720',
-   'videoQuality'   => 6,
+   'videoBitrate'   => '4096',
+   'softTarget' => 'true',
'framerate'  => '60', // max to 
reduce "1000fps bug" problems
'audioQuality'   => 3,
'noUpscaling'=> 'true', // also 
caps to source frame rate
@@ -159,7 +166,38 @@
self::ENC_OGV_1080P =>
[
'maxSize'=> '1920x1080',
-   'videoQuality'   => 6,
+   'videoBitrate'   => '8192',
+   'softTarget' => 'true',
+   'framerate'  => '60', // max to 
reduce "1000fps bug" problems
+   

[MediaWiki-commits] [Gerrit] apps...wikipedia[master]: Fix alignment of ConstraintLayouts for RTL.

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391332 )

Change subject: Fix alignment of ConstraintLayouts for RTL.
..


Fix alignment of ConstraintLayouts for RTL.

When using ConstraintLayout, one shouldn't forget to set the
constraintStart attribute. Even though things might appear correct in a
LTR configuration, they may be broken in RTL.

Bug: T180533
Change-Id: Ib407615e5521f972bfbcbb416baff23a0d686dd8
---
M app/src/main/res/layout/view_card_action_footer.xml
M app/src/main/res/layout/view_static_card.xml
2 files changed, 2 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Cooltey: Looks good to me, approved



diff --git a/app/src/main/res/layout/view_card_action_footer.xml 
b/app/src/main/res/layout/view_card_action_footer.xml
index 76efc0d..896d88c 100644
--- a/app/src/main/res/layout/view_card_action_footer.xml
+++ b/app/src/main/res/layout/view_card_action_footer.xml
@@ -13,6 +13,7 @@
 android:layout_height="match_parent"
 android:paddingLeft="16dp"
 android:paddingRight="16dp"
+app:layout_constraintStart_toStartOf="parent"
 android:clickable="true"
 android:background="?attr/selectableItemBackgroundBorderless">
 
diff --git a/app/src/main/res/layout/view_static_card.xml 
b/app/src/main/res/layout/view_static_card.xml
index 1e09338..9eaddde 100644
--- a/app/src/main/res/layout/view_static_card.xml
+++ b/app/src/main/res/layout/view_static_card.xml
@@ -75,6 +75,7 @@
 android:layout_height="48dp"
 android:paddingLeft="16dp"
 android:paddingRight="16dp"
+app:layout_constraintStart_toStartOf="parent"
 android:clickable="true"
 android:background="?attr/selectableItemBackgroundBorderless"
 app:layout_constraintTop_toBottomOf="@id/view_static_card_container">

-- 
To view, visit https://gerrit.wikimedia.org/r/391332
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib407615e5521f972bfbcbb416baff23a0d686dd8
Gerrit-PatchSet: 1
Gerrit-Project: apps/android/wikipedia
Gerrit-Branch: master
Gerrit-Owner: Dbrant 
Gerrit-Reviewer: Brion VIBBER 
Gerrit-Reviewer: Cooltey 
Gerrit-Reviewer: Sharvaniharan 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/mediawiki-config[master]: extract2.php: Stop allowing the www portal templates

[Chad (Code Review)]

Chad has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391353 )

Change subject: extract2.php: Stop allowing the www portal templates
..

extract2.php: Stop allowing the www portal templates

None of them actually load from this file anymore. Its sole remaining
use is for the API listing endpoint.

Also kill $wgArticle while I'm here

Change-Id: Ic4194b7625d2b375ee9286c94e473a3b9467985d
---
M w/extract2.php
1 file changed, 2 insertions(+), 22 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/53/391353/1

diff --git a/w/extract2.php b/w/extract2.php
index 8f5133e..0ab1994 100644
--- a/w/extract2.php
+++ b/w/extract2.php
@@ -5,28 +5,8 @@
 require_once __DIR__ . '/../multiversion/MWMultiVersion.php';
 require MWMultiVersion::getMediaWiki( 'includes/WebStart.php' );
 
-$allowed_templates = [
-   'Www.wikimedia.org_template',
-   'Www.wikipedia.org_template',
-   'Www.wikinews.org_template',
-   'Www.wiktionary.org_template',
-   'Www.wikiquote.org_template',
-   'Www.wikiversity.org_template',
-   'Www.wikibooks.org_template',
-   'Www.wikivoyage.org_template',
-   'API_listing_template',
-];
-
-$template = $wgRequest->getText( 'template', 'Www.wikipedia.org_template' );
-if ( !in_array( $template, $allowed_templates ) ) {
-   header( 'Content-Type: text/plain; charset=utf-8' );
-   echo 'Invalid parameters...';
-   exit;
-}
-
-$wgTitle = Title::newFromText( $template );
-$wgArticle = new Article( $wgTitle );
-$rawHtml = $wgArticle->getPage()->getContent()->getNativeData();
+$wgTitle = Title::newFromText( 'API_listing_template' );
+$rawHtml = (new Article( $wgTitle ))->getPage()->getContent()->getNativeData();
 
 $lastmod = gmdate( 'D, j M Y H:i:s', wfTimestamp( TS_UNIX, 
$wgArticle->getTouched() ) ) . ' GMT';
 header( 'Content-Type: text/html; charset=utf-8' );

-- 
To view, visit https://gerrit.wikimedia.org/r/391353
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic4194b7625d2b375ee9286c94e473a3b9467985d
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Chad 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...vendor[master]: Add .htaccess to disallow web access

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391361 )

Change subject: Add .htaccess to disallow web access
..

Add .htaccess to disallow web access

No need to expose vendor/ to web

Bug: T180237
Change-Id: Ie7b09c27cca01399974cd8e631747288ad3b6bcb
---
A .htaccess
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface/vendor 
refs/changes/61/391361/1

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391361
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie7b09c27cca01399974cd8e631747288ad3b6bcb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface/vendor
Gerrit-Branch: master
Gerrit-Owner: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...DonationInterface[deployment]: Update vendor submodule for .htaccess

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391362 )

Change subject: Update vendor submodule for .htaccess
..

Update vendor submodule for .htaccess

Change-Id: If5aaaec80fd65e1a8c7a2d000b4967767cb50292
---
M vendor
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/DonationInterface 
refs/changes/62/391362/1

diff --git a/vendor b/vendor
index 79e237f..53851be 16
--- a/vendor
+++ b/vendor
@@ -1 +1 @@
-Subproject commit 79e237f573c03efbe5f16fe2c9524c0264cedad8
+Subproject commit 53851be57e9e8e5e45021d033ffb0fe9c97e2616

-- 
To view, visit https://gerrit.wikimedia.org/r/391362
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If5aaaec80fd65e1a8c7a2d000b4967767cb50292
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface
Gerrit-Branch: deployment
Gerrit-Owner: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...vendor[master]: Deny web access to /vendor

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391367 )

Change subject: Deny web access to /vendor
..


Deny web access to /vendor

Change-Id: I160a581ff2d7ba7ff2b6d3ef2b4c710803f42700
---
A .htaccess
1 file changed, 1 insertion(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391367
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I160a581ff2d7ba7ff2b6d3ef2b4c710803f42700
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm/vendor
Gerrit-Branch: master
Gerrit-Owner: Ejegg 
Gerrit-Reviewer: Ejegg 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vendor[REL1_29]: Add .htaccess to disallow web access

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391371 )

Change subject: Add .htaccess to disallow web access
..


Add .htaccess to disallow web access

The /vendor directory does not need to be web accessible, and to reduce
attack surface, should not be web accessible.

Bug: T180237
Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
---
M .gitignore
A .htaccess
2 files changed, 1 insertion(+), 1 deletion(-)



diff --git a/.gitignore b/.gitignore
index 9d96ec6..c3d5b76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,5 +34,4 @@
 .settings
 /static*
 /tags
-/.htaccess
 /.htpasswd
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391371
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vendor
Gerrit-Branch: REL1_29
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vendor[REL1_29]: Add .htaccess to disallow web access

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391371 )

Change subject: Add .htaccess to disallow web access
..

Add .htaccess to disallow web access

The /vendor directory does not need to be web accessible, and to reduce
attack surface, should not be web accessible.

Bug: T180237
Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
---
M .gitignore
A .htaccess
2 files changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vendor 
refs/changes/71/391371/1

diff --git a/.gitignore b/.gitignore
index 9d96ec6..c3d5b76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,5 +34,4 @@
 .settings
 /static*
 /tags
-/.htaccess
 /.htpasswd
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391371
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vendor
Gerrit-Branch: REL1_29
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: update.php: Remove eval-stdin.php if necessary

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391381 )

Change subject: SECURITY: update.php: Remove eval-stdin.php if necessary
..

SECURITY: update.php: Remove eval-stdin.php if necessary

If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.

Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
---
M RELEASE-NOTES-1.27
M maintenance/update.php
2 files changed, 19 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/81/391381/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 9c40e39..ed6b1f6 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -26,6 +26,7 @@
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
+* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/maintenance/update.php b/maintenance/update.php
index 775fa7b..8d8a15b 100755
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -165,6 +165,24 @@
 
$time1 = microtime( true );
 
+   $badPhpUnit = dirname( __DIR__ ) . 
'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+   if ( file_exists( $badPhpUnit ) ) {
+   // Bad versions of the file are:
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+   $md5 = md5_file( $badPhpUnit );
+   if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+   || $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+   ) {
+   $success = unlink( $badPhpUnit );
+   if ( $success ) {
+   $this->output( "Removed PHPUnit 
eval-stdin.php to protect against CVE-2017-9841\n" );
+   } else {
+   $this->error( "Unable to remove 
$badPhpUnit, you should manually. See CVE-2017-9841" );
+   }
+   }
+   }
+
$shared = $this->hasOption( 'doshared' );
 
$updates = [ 'core', 'extensions' ];

-- 
To view, visit https://gerrit.wikimedia.org/r/391381
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Create a .htaccess in /vendor after composer runs

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391380 )

Change subject: SECURITY: Create a .htaccess in /vendor after composer runs
..


SECURITY: Create a .htaccess in /vendor after composer runs

The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.

If the htaccess file already exists, this hook won't do anything.

Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M RELEASE-NOTES-1.27
M composer.json
A includes/composer/ComposerVendorHtaccessCreator.php
3 files changed, 49 insertions(+), 1 deletion(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1fb2380..9c40e39 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -25,6 +25,7 @@
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
+* (T180237) SECURITY: Protect vendor folder with .htaccess.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/composer.json b/composer.json
index 52883d5..1bca405 100644
--- a/composer.json
+++ b/composer.json
@@ -68,7 +68,8 @@
},
"autoload": {
"psr-0": {
-   "ComposerHookHandler": "includes/composer"
+   "ComposerHookHandler": "includes/composer",
+   "ComposerVendorHtaccessCreator": "includes/composer"
}
},
"scripts": {
@@ -77,6 +78,8 @@
"fix": "phpcbf",
"pre-install-cmd": "ComposerHookHandler::onPreInstall",
"pre-update-cmd": "ComposerHookHandler::onPreUpdate",
+   "post-install-cmd": "ComposerVendorHtaccessCreator::onEvent",
+   "post-update-cmd": "ComposerVendorHtaccessCreator::onEvent",
"test": [
"composer lint",
"composer phpcs"
diff --git a/includes/composer/ComposerVendorHtaccessCreator.php 
b/includes/composer/ComposerVendorHtaccessCreator.php
new file mode 100644
index 000..cc2941a
--- /dev/null
+++ b/includes/composer/ComposerVendorHtaccessCreator.php
@@ -0,0 +1,44 @@
+
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+/**
+ * Creates a .htaccess in the vendor/ directory
+ * to prevent web access.
+ *
+ * This class runs *outside* of the normal MediaWiki
+ * environment and cannot depend upon any MediaWiki
+ * code.
+ */
+class ComposerVendorHtaccessCreator {
+
+   /**
+* Handle post-install-cmd and post-update-cmd hooks
+*/
+   public static function onEvent() {
+   $fname = dirname( dirname( __DIR__ ) ) . "/vendor/.htaccess";
+   if ( file_exists( $fname ) ) {
+   // Already exists
+   return;
+   }
+
+   file_put_contents( $fname, "Deny from all\n" );
+   }
+}
+

-- 
To view, visit https://gerrit.wikimedia.org/r/391380
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: update.php: Remove eval-stdin.php if necessary

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391381 )

Change subject: SECURITY: update.php: Remove eval-stdin.php if necessary
..


SECURITY: update.php: Remove eval-stdin.php if necessary

If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.

Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
---
M RELEASE-NOTES-1.27
M maintenance/update.php
2 files changed, 19 insertions(+), 0 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 9c40e39..ed6b1f6 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -26,6 +26,7 @@
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
+* (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/maintenance/update.php b/maintenance/update.php
index 775fa7b..8d8a15b 100755
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -165,6 +165,24 @@
 
$time1 = microtime( true );
 
+   $badPhpUnit = dirname( __DIR__ ) . 
'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+   if ( file_exists( $badPhpUnit ) ) {
+   // Bad versions of the file are:
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+   $md5 = md5_file( $badPhpUnit );
+   if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+   || $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+   ) {
+   $success = unlink( $badPhpUnit );
+   if ( $success ) {
+   $this->output( "Removed PHPUnit 
eval-stdin.php to protect against CVE-2017-9841\n" );
+   } else {
+   $this->error( "Unable to remove 
$badPhpUnit, you should manually. See CVE-2017-9841" );
+   }
+   }
+   }
+
$shared = $this->hasOption( 'doshared' );
 
$updates = [ 'core', 'extensions' ];

-- 
To view, visit https://gerrit.wikimedia.org/r/391381
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Handle -{}- syntax in attributes safely

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391383 )

Change subject: SECURITY: Handle -{}- syntax in attributes safely
..


SECURITY: Handle -{}- syntax in attributes safely

Previously, if one had an attribute with the contents
"-{}-foo-{}-", foo would get replaced by language converter as if
it wasn't in an attribute. This lead to an XSS attack.

This breaks doing manual conversions in url href's (or any
other attribute that goes through an escaping method
other than Sanitizer's). e.g. http://{sr-el:foo';sr-ec:bar}.com
won't work anymore. See also T87332

Bug: T119158
Change-Id: Idbc45cac12c309b0ccb4adeff6474fa527b48edb
---
M RELEASE-NOTES-1.27
M languages/LanguageConverter.php
M tests/parser/parserTests.txt
3 files changed, 40 insertions(+), 10 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 79b8b98..38859b1 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -28,6 +28,7 @@
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
 * (T124404) SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit.
+* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index 4200978..87eb80d 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -377,9 +377,12 @@
$scriptfix = 
']*+>[^<]*+(?:(?:(?!<\/script>).)[^<]*+)*+<\/script>|';
// disable conversion of  tags
$prefix = 
']*+>[^<]*+(?:(?:(?!<\/pre>).)[^<]*+)*+<\/pre>|';
+   // The "|.*+)" at the end, is in case we missed some part of 
html syntax,
+   // we will fail securely (hopefully) by matching the rest of 
the string.
+   $htmlFullTag = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)|';
 
-   $reg = '/' . $codefix . $scriptfix . $prefix .
-   '<[^>]++>|&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
+   $reg = '/' . $codefix . $scriptfix . $prefix . $htmlFullTag .
+   '&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
$startPos = 0;
$sourceBlob = '';
$literalBlob = '';
@@ -660,29 +663,41 @@
$out = '';
$length = strlen( $text );
$shouldConvert = !$this->guessVariant( $text, $variant );
+   $continue = 1;
 
-   while ( $startPos < $length ) {
-   $pos = strpos( $text, '-{', $startPos );
+   $noScript = '.*?<\/script>(*SKIP)(*FAIL)';
+   $noStyle = '.*?<\/style>(*SKIP)(*FAIL)';
+   $noHtml = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)(*SKIP)(*FAIL)';
+   while ( $startPos < $length && $continue ) {
+   $continue = preg_match(
+   // Only match -{ outside of html.
+   "/$noScript|$noStyle|$noHtml|-\{/",
+   $text,
+   $m,
+   PREG_OFFSET_CAPTURE,
+   $startPos
+   );
 
-   if ( $pos === false ) {
+   if ( !$continue ) {
// No more markup, append final segment
$fragment = substr( $text, $startPos );
$out .= $shouldConvert ? $this->autoConvert( 
$fragment, $variant ) : $fragment;
return $out;
}
 
-   // Markup found
+   // Offset of the match of the regex pattern.
+   $pos = $m[0][1];
+
// Append initial segment
$fragment = substr( $text, $startPos, $pos - $startPos 
);
$out .= $shouldConvert ? $this->autoConvert( $fragment, 
$variant ) : $fragment;
-
-   // Advance position
+   // -{ marker found, not in attribute
+   // Advance position up to -{ marker.
$startPos = $pos;
-
// Do recursive conversion
+   // Note: This passes $startPos by reference, and 
advances it.
$out .= $this->recursiveConvertRule( $text, $variant, 
$startPos, $depth + 1 );
}
-
return $out;
}
 
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Ensure Message::rawParams can't lead to XSS

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391378 )

Change subject: SECURITY: Ensure Message::rawParams can't lead to XSS
..


SECURITY: Ensure Message::rawParams can't lead to XSS

If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.

To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.

This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.

This is similar to the parser strip marker issue.

Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
---
M RELEASE-NOTES-1.27
M includes/Message.php
2 files changed, 21 insertions(+), 2 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1936d73..2f7a2e9 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -23,6 +23,7 @@
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
 * (T128209) SECURITY: Reflected File Download from api.php.
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
+* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/Message.php b/includes/Message.php
index 303a4b9..dc311fb 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -1064,11 +1064,29 @@
 * @return string
 */
protected function replaceParameters( $message, $type = 'before' ) {
+   // A temporary marker for $1 parameters that is only valid
+   // in non-attribute contexts. However if the entire message is 
escaped
+   // then we don't want to use it because it will be mangled in 
all contexts
+   // and its unnessary as ->escaped() messages aren't html.
+   $marker = $this->format === 'escaped' ? '$' : '$\'"';
$replacementKeys = [];
foreach ( $this->parameters as $n => $param ) {
list( $paramType, $value ) = $this->extractParam( 
$param );
-   if ( $type === $paramType ) {
-   $replacementKeys['$' . ( $n + 1 )] = $value;
+   if ( $type === 'before' ) {
+   if ( $paramType === 'before' ) {
+   $replacementKeys['$' . ( $n + 1 )] = 
$value;
+   } else /* $paramType === 'after' */ {
+   // To protect against XSS from 
replacing parameters
+   // inside html attributes, we convert 
$1 to $'"1.
+   // In the event that one of the 
parameters ends up
+   // in an attribute, either the ' or the 
" will be
+   // escaped, breaking the replacement 
and avoiding XSS.
+   $replacementKeys['$' . ( $n + 1 )] = 
$marker . ( $n + 1 );
+   }
+   } else {
+   if ( $paramType === 'after' ) {
+   $replacementKeys[$marker . ( $n + 1 )] 
= $value;
+   }
}
}
$message = strtr( $message, $replacementKeys );

-- 
To view, visit https://gerrit.wikimedia.org/r/391378
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Handle -{}- syntax in attributes safely

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391383 )

Change subject: SECURITY: Handle -{}- syntax in attributes safely
..

SECURITY: Handle -{}- syntax in attributes safely

Previously, if one had an attribute with the contents
"-{}-foo-{}-", foo would get replaced by language converter as if
it wasn't in an attribute. This lead to an XSS attack.

This breaks doing manual conversions in url href's (or any
other attribute that goes through an escaping method
other than Sanitizer's). e.g. http://{sr-el:foo';sr-ec:bar}.com
won't work anymore. See also T87332

Bug: T119158
Change-Id: Idbc45cac12c309b0ccb4adeff6474fa527b48edb
---
M RELEASE-NOTES-1.27
M languages/LanguageConverter.php
M tests/parser/parserTests.txt
3 files changed, 40 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/83/391383/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 79b8b98..38859b1 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -28,6 +28,7 @@
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
 * (T124404) SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit.
+* (T119158) SECURITY: Handle -{}- syntax in attributes safely.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index 4200978..87eb80d 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -377,9 +377,12 @@
$scriptfix = 
']*+>[^<]*+(?:(?:(?!<\/script>).)[^<]*+)*+<\/script>|';
// disable conversion of  tags
$prefix = 
']*+>[^<]*+(?:(?:(?!<\/pre>).)[^<]*+)*+<\/pre>|';
+   // The "|.*+)" at the end, is in case we missed some part of 
html syntax,
+   // we will fail securely (hopefully) by matching the rest of 
the string.
+   $htmlFullTag = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)|';
 
-   $reg = '/' . $codefix . $scriptfix . $prefix .
-   '<[^>]++>|&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
+   $reg = '/' . $codefix . $scriptfix . $prefix . $htmlFullTag .
+   '&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
$startPos = 0;
$sourceBlob = '';
$literalBlob = '';
@@ -660,29 +663,41 @@
$out = '';
$length = strlen( $text );
$shouldConvert = !$this->guessVariant( $text, $variant );
+   $continue = 1;
 
-   while ( $startPos < $length ) {
-   $pos = strpos( $text, '-{', $startPos );
+   $noScript = '.*?<\/script>(*SKIP)(*FAIL)';
+   $noStyle = '.*?<\/style>(*SKIP)(*FAIL)';
+   $noHtml = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)(*SKIP)(*FAIL)';
+   while ( $startPos < $length && $continue ) {
+   $continue = preg_match(
+   // Only match -{ outside of html.
+   "/$noScript|$noStyle|$noHtml|-\{/",
+   $text,
+   $m,
+   PREG_OFFSET_CAPTURE,
+   $startPos
+   );
 
-   if ( $pos === false ) {
+   if ( !$continue ) {
// No more markup, append final segment
$fragment = substr( $text, $startPos );
$out .= $shouldConvert ? $this->autoConvert( 
$fragment, $variant ) : $fragment;
return $out;
}
 
-   // Markup found
+   // Offset of the match of the regex pattern.
+   $pos = $m[0][1];
+
// Append initial segment
$fragment = substr( $text, $startPos, $pos - $startPos 
);
$out .= $shouldConvert ? $this->autoConvert( $fragment, 
$variant ) : $fragment;
-
-   // Advance position
+   // -{ marker found, not in attribute
+   // Advance position up to -{ marker.
$startPos = $pos;
-
// Do recursive conversion
+   // Note: This passes $startPos by reference, and 
advances it.
$out .= $this->recursiveConvertRule( $text, $variant, 
$startPos, $depth + 1 );
}
-
return $out;
}
 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: Bump 1.27.4

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391384 )

Change subject: Bump 1.27.4
..


Bump 1.27.4

Change-Id: Idf9a1146054dab3a2b3126cf84efcc6787b39357
---
M RELEASE-NOTES-1.27
M includes/DefaultSettings.php
2 files changed, 2 insertions(+), 2 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 38859b1..a84c6e8 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -1,5 +1,5 @@
 == MediaWiki 1.27.4 ==
-This not a release yet!
+This is a security and maintenance release of the MediaWiki 1.27 branch.
 
 === Changes since 1.27.3 ===
 * (T100085) Better handling of jobs execution in post-connection shutdown.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 3397616..e300b35 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.27.3';
+$wgVersion = '1.27.4';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php

-- 
To view, visit https://gerrit.wikimedia.org/r/391384
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Idf9a1146054dab3a2b3126cf84efcc6787b39357
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Make anchor for headlines escape > and

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391379 )

Change subject: SECURITY: Make anchor for headlines escape > and <
..


SECURITY: Make anchor for headlines escape > and <

As a hardening step against language converter and its crazy regexes.

Bug: T125163
Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
---
M RELEASE-NOTES-1.27
M includes/Linker.php
2 files changed, 9 insertions(+), 6 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 2f7a2e9..1fb2380 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -24,6 +24,7 @@
 * (T128209) SECURITY: Reflected File Download from api.php.
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
+* (T125163) SECURITY: Make anchor for headlines escape > and <.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/Linker.php b/includes/Linker.php
index 5717fba..70488c5 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1789,22 +1789,24 @@
 *   a space and ending with '>'
 *   This *must* be at least '>' for no attribs
 * @param string $anchor The anchor to give the headline (the bit after 
the #)
-* @param string $html Html for the text of the header
+* @param string $html HTML for the text of the header
 * @param string $link HTML to add for the section edit link
-* @param bool|string $legacyAnchor A second, optional anchor to give 
for
+* @param string|bool $fallbackAnchor A second, optional anchor to give 
for
 *   backward compatibility (false to omit)
 *
 * @return string HTML headline
 */
public static function makeHeadline( $level, $attribs, $anchor, $html,
-   $link, $legacyAnchor = false
+   $link, $fallbackAnchor = false
) {
+   $anchorEscaped = htmlspecialchars( $anchor );
$ret = "
Gerrit-Reviewer: MaxSem 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Escape internal error message

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391374 )

Change subject: SECURITY: Escape internal error message
..


SECURITY: Escape internal error message

This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.

Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
M RELEASE-NOTES-1.27
M includes/exception/MWException.php
2 files changed, 11 insertions(+), 7 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index b32e82a..2bcf219 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -18,6 +18,8 @@
 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
 * (T142304) Allow putting the app ID in the password for bot passwords.
 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
+  sends non-standard url escaping.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/exception/MWException.php 
b/includes/exception/MWException.php
index bebd915..dcb38b2 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -144,13 +144,15 @@
$logId = WebRequest::getRequestId();
$type = get_class( $this );
return "" .
-   '[' . $logId . '] ' .
-   gmdate( 'Y-m-d H:i:s' ) . ": " .
-   $this->msg( "internalerror-fatal-exception",
-   "Fatal exception of type $1",
-   $type,
-   $logId,
-   MWExceptionHandler::getURL( $this )
+   htmlspecialchars(
+   '[' . $logId . '] ' .
+   gmdate( 'Y-m-d H:i:s' ) . ": " .
+   $this->msg( "internalerror-fatal-exception",
+   "Fatal exception of type $1",
+   $type,
+   $logId,
+   MWExceptionHandler::getURL( $this )
+   )
) . "\n" .

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Do not reveal if user exists during login failure

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391377 )

Change subject: SECURITY: Do not reveal if user exists during login failure
..


SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
---
M RELEASE-NOTES-1.27
M includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
M languages/i18n/en.json
3 files changed, 6 insertions(+), 2 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 753c7a8..1936d73 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -22,6 +22,7 @@
   sends non-standard url escaping.
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
 * (T128209) SECURITY: Reflected File Download from api.php.
+* (T134100) SECURITY: Do not reveal if user exists during login failure.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php 
b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 5f5ef79..3f96cba 100644
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -96,7 +96,10 @@
__METHOD__
);
if ( !$row ) {
-   return AuthenticationResponse::newAbstain();
+   // Do not reveal whether its bad username or
+   // bad password to prevent username enumeration
+   // on private wikis. (T134100)
+   return $this->failResponse( $req );
}
 
// Check for *really* old password hashes that don't even have 
a type
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 1f5c9ed..0d72330 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -482,7 +482,7 @@
"nosuchusershort": "There is no user by the name \"$1\".\nCheck your 
spelling.",
"nouserspecified": "You have to specify a username.",
"login-userblocked": "This user is blocked. Login not allowed.",
-   "wrongpassword": "Incorrect password entered.\nPlease try again.",
+   "wrongpassword": "Incorrect username or password entered.\nPlease try 
again.",
"wrongpasswordempty": "Password entered was blank.\nPlease try again.",
"passwordtooshort": "Passwords must be at least {{PLURAL:$1|1 
character|$1 characters}}.",
"passwordtoolong": "Passwords cannot be longer than {{PLURAL:$1|1 
character|$1 characters}}.",

-- 
To view, visit https://gerrit.wikimedia.org/r/391377
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Ensure Message::rawParams can't lead to XSS

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391378 )

Change subject: SECURITY: Ensure Message::rawParams can't lead to XSS
..

SECURITY: Ensure Message::rawParams can't lead to XSS

If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.

To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.

This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.

This is similar to the parser strip marker issue.

Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
---
M RELEASE-NOTES-1.27
M includes/Message.php
2 files changed, 21 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/78/391378/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1936d73..2f7a2e9 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -23,6 +23,7 @@
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
 * (T128209) SECURITY: Reflected File Download from api.php.
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
+* (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/Message.php b/includes/Message.php
index 303a4b9..dc311fb 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -1064,11 +1064,29 @@
 * @return string
 */
protected function replaceParameters( $message, $type = 'before' ) {
+   // A temporary marker for $1 parameters that is only valid
+   // in non-attribute contexts. However if the entire message is 
escaped
+   // then we don't want to use it because it will be mangled in 
all contexts
+   // and its unnessary as ->escaped() messages aren't html.
+   $marker = $this->format === 'escaped' ? '$' : '$\'"';
$replacementKeys = [];
foreach ( $this->parameters as $n => $param ) {
list( $paramType, $value ) = $this->extractParam( 
$param );
-   if ( $type === $paramType ) {
-   $replacementKeys['$' . ( $n + 1 )] = $value;
+   if ( $type === 'before' ) {
+   if ( $paramType === 'before' ) {
+   $replacementKeys['$' . ( $n + 1 )] = 
$value;
+   } else /* $paramType === 'after' */ {
+   // To protect against XSS from 
replacing parameters
+   // inside html attributes, we convert 
$1 to $'"1.
+   // In the event that one of the 
parameters ends up
+   // in an attribute, either the ' or the 
" will be
+   // escaped, breaking the replacement 
and avoiding XSS.
+   $replacementKeys['$' . ( $n + 1 )] = 
$marker . ( $n + 1 );
+   }
+   } else {
+   if ( $paramType === 'after' ) {
+   $replacementKeys[$marker . ( $n + 1 )] 
= $value;
+   }
}
}
$message = strtr( $message, $replacementKeys );

-- 
To view, visit https://gerrit.wikimedia.org/r/391378
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: API: Avoid some silliness with browser-guessed fil...

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391376 )

Change subject: SECURITY: API: Avoid some silliness with browser-guessed 
filenames
..


SECURITY: API: Avoid some silliness with browser-guessed filenames

If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.

We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.

Issue reported by: Abdullah Hussam

Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
---
M RELEASE-NOTES-1.27
M api.php
M includes/Feed.php
M includes/api/ApiFormatBase.php
M includes/api/ApiFormatRaw.php
M includes/api/ApiHelp.php
M includes/api/ApiQuery.php
7 files changed, 59 insertions(+), 0 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index e31654c..753c7a8 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -21,6 +21,7 @@
 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
   sends non-standard url escaping.
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
+* (T128209) SECURITY: Reflected File Download from api.php.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/api.php b/api.php
index 6e75fb7..7362137 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@
return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+   $correctUrl = wfAppendQuery( wfScript( 'api' ), 
$wgRequest->getQueryValues() );
+   $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+   header( "Location: $correctUrl", true, 301 );
+   echo 'This endpoint does not support "path info", i.e. extra text 
between "api.php"'
+   . 'and the "?". Remove any such text and try again.';
+   die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration 
Error', true, 500 );
diff --git a/includes/Feed.php b/includes/Feed.php
index 8bfe1c7..882a449 100644
--- a/includes/Feed.php
+++ b/includes/Feed.php
@@ -232,6 +232,12 @@
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+   // Set a sane filename
+   $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype 
);
+   $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+   header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" 
);
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index c826bba..af6fcc8 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -64,6 +64,26 @@
abstract public function getMimeType();
 
/**
+* Return a filename for this module's output.
+* @note If $this->getIsWrappedHtml() || $this->getIsHtml(), you'll very
+*  likely want to fall back to this class's version.
+* @since 1.27
+* @return string Generally this should be "api-result.$ext", and must 
be
+*  encoded for inclusion in a Content-Disposition header's filename 
parameter.
+*/
+   public function getFilename() {
+   if ( $this->getIsWrappedHtml() ) {
+   return 'api-result-wrapped.json';
+   } elseif ( $this->getIsHtml() ) {
+   return 'api-result.html';
+   } else {
+   $exts = MimeMagic::singleton()->getExtensionsForType( 
$this->getMimeType() );
+   $ext = $exts ? strtok( $exts, ' ' ) : strtolower( 
$this->mFormat );
+   return "api-result.$ext";
+   }
+   }
+
+   /**
 * Get the internal format name
 * @return string
 */
@@ -173,6 +193,13 @@
if ( $apiFrameOptions ) {
$this->getMain()->getRequest()->response()->header( 
"X-Frame-Options: $apiFrameOptions" );
}
+
+   // Set a Content-Disposition header so something downloading an 
API
+   // response uses a halfway-sensible filename (T128209).
+   $filename = $this->getFilename();
+   $this->getMain()->getRequest()->response()->header(
+   "Content-Disposition: inline; 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Add throttling for BotPasswords authentication att...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391375 )

Change subject: SECURITY: Add throttling for BotPasswords authentication 
attempts
..

SECURITY: Add throttling for BotPasswords authentication attempts

ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.

There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.

Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
---
M RELEASE-NOTES-1.27
M includes/api/ApiLogin.php
M includes/user/BotPassword.php
3 files changed, 20 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/75/391375/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 2bcf219..e31654c 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -20,6 +20,7 @@
 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
   sends non-standard url escaping.
+* (T165846) SECURITY: BotPassword login attempts weren't throttled.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index be2d93e..0df9057 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -121,7 +121,7 @@
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
-   } elseif ( !$botLoginData[2] ) {
+   } elseif ( !$botLoginData[2] || $status->hasMessage( 
'login-throttled' ) ) {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authmanager' 
)->info(
diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php
index 80fa7f3..2b38559 100644
--- a/includes/user/BotPassword.php
+++ b/includes/user/BotPassword.php
@@ -436,7 +436,7 @@
 * @return Status On success, the good status's value is the new 
Session object
 */
public static function login( $username, $password, WebRequest $request 
) {
-   global $wgEnableBotPasswords;
+   global $wgEnableBotPasswords, $wgPasswordAttemptThrottle;
 
if ( !$wgEnableBotPasswords ) {
return Status::newFatal( 'botpasswords-disabled' );
@@ -461,6 +461,20 @@
return Status::newFatal( 'nosuchuser', $name );
}
 
+   // Throttle
+   $throttle = null;
+   if ( !empty( $wgPasswordAttemptThrottle ) ) {
+   $throttle = new MediaWiki\Auth\Throttler( 
$wgPasswordAttemptThrottle, [
+   'type' => 'botpassword',
+   'cache' => 
ObjectCache::getLocalClusterInstance(),
+   ] );
+   $result = $throttle->increase( $user->getName(), 
$request->getIP(), __METHOD__ );
+   if ( $result ) {
+   $msg = wfMessage( 'login-throttled' 
)->durationParams( $result['wait'] );
+   return Status::newFatal( $msg );
+   }
+   }
+
// Get the bot password
$bp = self::newFromUser( $user, $appId );
if ( !$bp ) {
@@ -479,6 +493,9 @@
}
 
// Ok! Create the session.
+   if ( $throttle ) {
+   $throttle->clear( $user->getName(), $request->getIP() );
+   }
return Status::newGood( $provider->newSessionForRequest( $user, 
$bp, $request ) );
}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/391375
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Anomie 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: API: Avoid some silliness with browser-guessed fil...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391376 )

Change subject: SECURITY: API: Avoid some silliness with browser-guessed 
filenames
..

SECURITY: API: Avoid some silliness with browser-guessed filenames

If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.

We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.

Issue reported by: Abdullah Hussam

Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
---
M RELEASE-NOTES-1.27
M api.php
M includes/Feed.php
M includes/api/ApiFormatBase.php
M includes/api/ApiFormatRaw.php
M includes/api/ApiHelp.php
M includes/api/ApiQuery.php
7 files changed, 59 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/76/391376/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index e31654c..753c7a8 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -21,6 +21,7 @@
 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
   sends non-standard url escaping.
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
+* (T128209) SECURITY: Reflected File Download from api.php.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/api.php b/api.php
index 6e75fb7..7362137 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@
return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+   $correctUrl = wfAppendQuery( wfScript( 'api' ), 
$wgRequest->getQueryValues() );
+   $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+   header( "Location: $correctUrl", true, 301 );
+   echo 'This endpoint does not support "path info", i.e. extra text 
between "api.php"'
+   . 'and the "?". Remove any such text and try again.';
+   die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration 
Error', true, 500 );
diff --git a/includes/Feed.php b/includes/Feed.php
index 8bfe1c7..882a449 100644
--- a/includes/Feed.php
+++ b/includes/Feed.php
@@ -232,6 +232,12 @@
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+   // Set a sane filename
+   $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype 
);
+   $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+   header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" 
);
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index c826bba..af6fcc8 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -64,6 +64,26 @@
abstract public function getMimeType();
 
/**
+* Return a filename for this module's output.
+* @note If $this->getIsWrappedHtml() || $this->getIsHtml(), you'll very
+*  likely want to fall back to this class's version.
+* @since 1.27
+* @return string Generally this should be "api-result.$ext", and must 
be
+*  encoded for inclusion in a Content-Disposition header's filename 
parameter.
+*/
+   public function getFilename() {
+   if ( $this->getIsWrappedHtml() ) {
+   return 'api-result-wrapped.json';
+   } elseif ( $this->getIsHtml() ) {
+   return 'api-result.html';
+   } else {
+   $exts = MimeMagic::singleton()->getExtensionsForType( 
$this->getMimeType() );
+   $ext = $exts ? strtok( $exts, ' ' ) : strtolower( 
$this->mFormat );
+   return "api-result.$ext";
+   }
+   }
+
+   /**
 * Get the internal format name
 * @return string
 */
@@ -173,6 +193,13 @@
if ( $apiFrameOptions ) {
$this->getMain()->getRequest()->response()->header( 
"X-Frame-Options: $apiFrameOptions" );
}
+
+   // Set a Content-Disposition header so something downloading an 
API
+   // response uses a halfway-sensible filename (T128209).
+   $filename = $this->getFilename();
+   

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Escape internal error message

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391374 )

Change subject: SECURITY: Escape internal error message
..

SECURITY: Escape internal error message

This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.

Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
M RELEASE-NOTES-1.27
M includes/exception/MWException.php
2 files changed, 11 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/74/391374/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index b32e82a..2bcf219 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -18,6 +18,8 @@
 * (T160298) Remove use of implicitGroupBy() in ActiveUsersPager.
 * (T142304) Allow putting the app ID in the password for bot passwords.
 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
+* (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
+  sends non-standard url escaping.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/exception/MWException.php 
b/includes/exception/MWException.php
index bebd915..dcb38b2 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -144,13 +144,15 @@
$logId = WebRequest::getRequestId();
$type = get_class( $this );
return "" .
-   '[' . $logId . '] ' .
-   gmdate( 'Y-m-d H:i:s' ) . ": " .
-   $this->msg( "internalerror-fatal-exception",
-   "Fatal exception of type $1",
-   $type,
-   $logId,
-   MWExceptionHandler::getURL( $this )
+   htmlspecialchars(
+   '[' . $logId . '] ' .
+   gmdate( 'Y-m-d H:i:s' ) . ": " .
+   $this->msg( "internalerror-fatal-exception",
+   "Fatal exception of type $1",
+   $type,
+   $logId,
+   MWExceptionHandler::getURL( $this )
+   )
) . "\n" .

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Add throttling for BotPasswords authentication att...

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391375 )

Change subject: SECURITY: Add throttling for BotPasswords authentication 
attempts
..


SECURITY: Add throttling for BotPasswords authentication attempts

ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.

There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.

Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
---
M RELEASE-NOTES-1.27
M includes/api/ApiLogin.php
M includes/user/BotPassword.php
3 files changed, 20 insertions(+), 2 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 2bcf219..e31654c 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -20,6 +20,7 @@
 * Updated dev dependancy phpunit/phpunit from v4.8.24 to v4.8.36.
 * (T178451) SECURITY: Potential XSS when $wgShowExceptionDetails = false and 
browser
   sends non-standard url escaping.
+* (T165846) SECURITY: BotPassword login attempts weren't throttled.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index be2d93e..0df9057 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -121,7 +121,7 @@
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
-   } elseif ( !$botLoginData[2] ) {
+   } elseif ( !$botLoginData[2] || $status->hasMessage( 
'login-throttled' ) ) {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authmanager' 
)->info(
diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php
index 80fa7f3..2b38559 100644
--- a/includes/user/BotPassword.php
+++ b/includes/user/BotPassword.php
@@ -436,7 +436,7 @@
 * @return Status On success, the good status's value is the new 
Session object
 */
public static function login( $username, $password, WebRequest $request 
) {
-   global $wgEnableBotPasswords;
+   global $wgEnableBotPasswords, $wgPasswordAttemptThrottle;
 
if ( !$wgEnableBotPasswords ) {
return Status::newFatal( 'botpasswords-disabled' );
@@ -461,6 +461,20 @@
return Status::newFatal( 'nosuchuser', $name );
}
 
+   // Throttle
+   $throttle = null;
+   if ( !empty( $wgPasswordAttemptThrottle ) ) {
+   $throttle = new MediaWiki\Auth\Throttler( 
$wgPasswordAttemptThrottle, [
+   'type' => 'botpassword',
+   'cache' => 
ObjectCache::getLocalClusterInstance(),
+   ] );
+   $result = $throttle->increase( $user->getName(), 
$request->getIP(), __METHOD__ );
+   if ( $result ) {
+   $msg = wfMessage( 'login-throttled' 
)->durationParams( $result['wait'] );
+   return Status::newFatal( $msg );
+   }
+   }
+
// Get the bot password
$bp = self::newFromUser( $user, $appId );
if ( !$bp ) {
@@ -479,6 +493,9 @@
}
 
// Ok! Create the session.
+   if ( $throttle ) {
+   $throttle->clear( $user->getName(), $request->getIP() );
+   }
return Status::newGood( $provider->newSessionForRequest( $user, 
$bp, $request ) );
}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/391375
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Anomie 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...vendor[master]: Add .htaccess to disallow web access

[Ejegg (Code Review)]

Ejegg has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391361 )

Change subject: Add .htaccess to disallow web access
..


Add .htaccess to disallow web access

No need to expose vendor/ to web

Bug: T180237
Change-Id: Ie7b09c27cca01399974cd8e631747288ad3b6bcb
---
A .htaccess
1 file changed, 1 insertion(+), 0 deletions(-)

Approvals:
  Ejegg: Verified; Looks good to me, approved



diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391361
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie7b09c27cca01399974cd8e631747288ad3b6bcb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/DonationInterface/vendor
Gerrit-Branch: master
Gerrit-Owner: Ejegg 
Gerrit-Reviewer: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...crm[deployment]: Update submodules to deny /vendor web access

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391385 )

Change subject: Update submodules to deny /vendor web access
..

Update submodules to deny /vendor web access

Change-Id: Ifecd582bc4f1adf33928bee63835e6ab8dfc5aaa
---
M civicrm
M vendor
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm 
refs/changes/85/391385/1

diff --git a/civicrm b/civicrm
index 456c342..c07b083 16
--- a/civicrm
+++ b/civicrm
@@ -1 +1 @@
-Subproject commit 456c34246ba8c90caa5c13a66196fb2b455f5bca
+Subproject commit c07b083b5f7221febaba0133a2360869f1ef6022
diff --git a/vendor b/vendor
index d626fd3..49c9168 16
--- a/vendor
+++ b/vendor
@@ -1 +1 @@
-Subproject commit d626fd35ac242364af22cc522c37debac4e32905
+Subproject commit 49c91683753ae79fec6f633af461e06f0b6318cc

-- 
To view, visit https://gerrit.wikimedia.org/r/391385
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ifecd582bc4f1adf33928bee63835e6ab8dfc5aaa
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/crm
Gerrit-Branch: deployment
Gerrit-Owner: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: XSS in langconverter when regex hits pcre.backtrac...

[Reedy (Code Review)]

Reedy has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391382 )

Change subject: SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit
..


SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
---
M RELEASE-NOTES-1.27
M languages/LanguageConverter.php
M tests/phpunit/languages/LanguageConverterTest.php
3 files changed, 59 insertions(+), 12 deletions(-)



diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index ed6b1f6..79b8b98 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -27,6 +27,7 @@
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
+* (T124404) SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index b31b10f..4200978 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -19,6 +19,8 @@
  * @ingroup Language
  */
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Base class for language conversion.
  * @ingroup Language
@@ -357,21 +359,27 @@
   1. HTML markups (anything between < and >)
   2. HTML entities
   3. placeholders created by the parser
+  IMPORTANT: Beware of failure from pcre.backtrack_limit 
(T124404).
+  Minimize use of backtracking where possible.
*/
-   $marker = '|' . Parser::MARKER_PREFIX . '[\-a-zA-Z0-9]+';
+   $marker = '|' . Parser::MARKER_PREFIX . '[^\x7f]++\x7f';
 
// this one is needed when the text is inside an HTML markup
-   $htmlfix = '|<[^>]+$|^[^<>]*>';
+   $htmlfix = '|<[^>\004]++(?=\004$)|^[^<>]*+>';
+
+   // Optimize for the common case where these tags have
+   // few or no children. Thus try and possesively get as much as
+   // possible, and only engage in backtracking when we hit a '<'.
 
// disable convert to variants between  tags
-   $codefix = '.+?<\/code>|';
+   $codefix = '[^<]*+(?:(?:(?!<\/code>).)[^<]*+)*+<\/code>|';
// disable conversion of 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: Bump 1.27.4

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391384 )

Change subject: Bump 1.27.4
..

Bump 1.27.4

Change-Id: Idf9a1146054dab3a2b3126cf84efcc6787b39357
---
M RELEASE-NOTES-1.27
M includes/DefaultSettings.php
2 files changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/84/391384/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 38859b1..a84c6e8 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -1,5 +1,5 @@
 == MediaWiki 1.27.4 ==
-This not a release yet!
+This is a security and maintenance release of the MediaWiki 1.27 branch.
 
 === Changes since 1.27.3 ===
 * (T100085) Better handling of jobs execution in post-connection shutdown.
diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 3397616..e300b35 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -75,7 +75,7 @@
  * MediaWiki version number
  * @since 1.2
  */
-$wgVersion = '1.27.3';
+$wgVersion = '1.27.4';
 
 /**
  * Name of the site. It must be changed in LocalSettings.php

-- 
To view, visit https://gerrit.wikimedia.org/r/391384
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idf9a1146054dab3a2b3126cf84efcc6787b39357
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: XSS in langconverter when regex hits pcre.backtrac...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391382 )

Change subject: SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit
..

SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
---
M RELEASE-NOTES-1.27
M languages/LanguageConverter.php
M tests/phpunit/languages/LanguageConverterTest.php
3 files changed, 59 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/82/391382/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index ed6b1f6..79b8b98 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -27,6 +27,7 @@
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
 * (T180237) SECURITY: Protect vendor folder with .htaccess.
 * (T180231) SECURITY: Remove PHPUnit file with known RCE if exists in 
update.php.
+* (T124404) SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index b31b10f..4200978 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -19,6 +19,8 @@
  * @ingroup Language
  */
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Base class for language conversion.
  * @ingroup Language
@@ -357,21 +359,27 @@
   1. HTML markups (anything between < and >)
   2. HTML entities
   3. placeholders created by the parser
+  IMPORTANT: Beware of failure from pcre.backtrack_limit 
(T124404).
+  Minimize use of backtracking where possible.
*/
-   $marker = '|' . Parser::MARKER_PREFIX . '[\-a-zA-Z0-9]+';
+   $marker = '|' . Parser::MARKER_PREFIX . '[^\x7f]++\x7f';
 
// this one is needed when the text is inside an HTML markup
-   $htmlfix = '|<[^>]+$|^[^<>]*>';
+   $htmlfix = '|<[^>\004]++(?=\004$)|^[^<>]*+>';
+
+   // Optimize for the common case where these tags have
+   // few or no children. Thus try and possesively get as much as
+   // possible, and only engage in backtracking when we hit a '<'.
 
// disable convert to variants between  tags
-   $codefix = '.+?<\/code>|';
+   $codefix = '[^<]*+(?:(?:(?!<\/code>).)[^<]*+)*+<\/code>|';
// disable conversion of 

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Do not reveal if user exists during login failure

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391377 )

Change subject: SECURITY: Do not reveal if user exists during login failure
..

SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
---
M RELEASE-NOTES-1.27
M includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
M languages/i18n/en.json
3 files changed, 6 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/77/391377/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 753c7a8..1936d73 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -22,6 +22,7 @@
   sends non-standard url escaping.
 * (T165846) SECURITY: BotPassword login attempts weren't throttled.
 * (T128209) SECURITY: Reflected File Download from api.php.
+* (T134100) SECURITY: Do not reveal if user exists during login failure.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php 
b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 5f5ef79..3f96cba 100644
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -96,7 +96,10 @@
__METHOD__
);
if ( !$row ) {
-   return AuthenticationResponse::newAbstain();
+   // Do not reveal whether its bad username or
+   // bad password to prevent username enumeration
+   // on private wikis. (T134100)
+   return $this->failResponse( $req );
}
 
// Check for *really* old password hashes that don't even have 
a type
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 1f5c9ed..0d72330 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -482,7 +482,7 @@
"nosuchusershort": "There is no user by the name \"$1\".\nCheck your 
spelling.",
"nouserspecified": "You have to specify a username.",
"login-userblocked": "This user is blocked. Login not allowed.",
-   "wrongpassword": "Incorrect password entered.\nPlease try again.",
+   "wrongpassword": "Incorrect username or password entered.\nPlease try 
again.",
"wrongpasswordempty": "Password entered was blank.\nPlease try again.",
"passwordtooshort": "Passwords must be at least {{PLURAL:$1|1 
character|$1 characters}}.",
"passwordtoolong": "Passwords cannot be longer than {{PLURAL:$1|1 
character|$1 characters}}.",

-- 
To view, visit https://gerrit.wikimedia.org/r/391377
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Create a .htaccess in /vendor after composer runs

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391380 )

Change subject: SECURITY: Create a .htaccess in /vendor after composer runs
..

SECURITY: Create a .htaccess in /vendor after composer runs

The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.

If the htaccess file already exists, this hook won't do anything.

Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M RELEASE-NOTES-1.27
M composer.json
A includes/composer/ComposerVendorHtaccessCreator.php
3 files changed, 49 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/80/391380/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 1fb2380..9c40e39 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -25,6 +25,7 @@
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
 * (T125163) SECURITY: Make anchor for headlines escape > and <.
+* (T180237) SECURITY: Protect vendor folder with .htaccess.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/composer.json b/composer.json
index 52883d5..1bca405 100644
--- a/composer.json
+++ b/composer.json
@@ -68,7 +68,8 @@
},
"autoload": {
"psr-0": {
-   "ComposerHookHandler": "includes/composer"
+   "ComposerHookHandler": "includes/composer",
+   "ComposerVendorHtaccessCreator": "includes/composer"
}
},
"scripts": {
@@ -77,6 +78,8 @@
"fix": "phpcbf",
"pre-install-cmd": "ComposerHookHandler::onPreInstall",
"pre-update-cmd": "ComposerHookHandler::onPreUpdate",
+   "post-install-cmd": "ComposerVendorHtaccessCreator::onEvent",
+   "post-update-cmd": "ComposerVendorHtaccessCreator::onEvent",
"test": [
"composer lint",
"composer phpcs"
diff --git a/includes/composer/ComposerVendorHtaccessCreator.php 
b/includes/composer/ComposerVendorHtaccessCreator.php
new file mode 100644
index 000..cc2941a
--- /dev/null
+++ b/includes/composer/ComposerVendorHtaccessCreator.php
@@ -0,0 +1,44 @@
+
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+/**
+ * Creates a .htaccess in the vendor/ directory
+ * to prevent web access.
+ *
+ * This class runs *outside* of the normal MediaWiki
+ * environment and cannot depend upon any MediaWiki
+ * code.
+ */
+class ComposerVendorHtaccessCreator {
+
+   /**
+* Handle post-install-cmd and post-update-cmd hooks
+*/
+   public static function onEvent() {
+   $fname = dirname( dirname( __DIR__ ) ) . "/vendor/.htaccess";
+   if ( file_exists( $fname ) ) {
+   // Already exists
+   return;
+   }
+
+   file_put_contents( $fname, "Deny from all\n" );
+   }
+}
+

-- 
To view, visit https://gerrit.wikimedia.org/r/391380
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: SECURITY: Make anchor for headlines escape > and

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391379 )

Change subject: SECURITY: Make anchor for headlines escape > and <
..

SECURITY: Make anchor for headlines escape > and <

As a hardening step against language converter and its crazy regexes.

Bug: T125163
Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
---
M RELEASE-NOTES-1.27
M includes/Linker.php
2 files changed, 9 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/79/391379/1

diff --git a/RELEASE-NOTES-1.27 b/RELEASE-NOTES-1.27
index 2f7a2e9..1fb2380 100644
--- a/RELEASE-NOTES-1.27
+++ b/RELEASE-NOTES-1.27
@@ -24,6 +24,7 @@
 * (T128209) SECURITY: Reflected File Download from api.php.
 * (T134100) SECURITY: Do not reveal if user exists during login failure.
 * (T176247) SECURITY: Ensure Message::rawParams can't lead to XSS.
+* (T125163) SECURITY: Make anchor for headlines escape > and <.
 
 == MediaWiki 1.27.3 ==
 Due to a packaging error, the wrong version of the SyntaxHighlight extension 
was
diff --git a/includes/Linker.php b/includes/Linker.php
index 5717fba..70488c5 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1789,22 +1789,24 @@
 *   a space and ending with '>'
 *   This *must* be at least '>' for no attribs
 * @param string $anchor The anchor to give the headline (the bit after 
the #)
-* @param string $html Html for the text of the header
+* @param string $html HTML for the text of the header
 * @param string $link HTML to add for the section edit link
-* @param bool|string $legacyAnchor A second, optional anchor to give 
for
+* @param string|bool $fallbackAnchor A second, optional anchor to give 
for
 *   backward compatibility (false to omit)
 *
 * @return string HTML headline
 */
public static function makeHeadline( $level, $attribs, $anchor, $html,
-   $link, $legacyAnchor = false
+   $link, $fallbackAnchor = false
) {
+   $anchorEscaped = htmlspecialchars( $anchor );
$ret = "
Gerrit-Reviewer: MaxSem 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[fundraising/REL1_27]: XSS in langconverter when regex hits pcre.backtrack_limit

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391409 )

Change subject: XSS in langconverter when regex hits pcre.backtrack_limit
..


XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
---
M languages/LanguageConverter.php
M tests/phpunit/languages/LanguageConverterTest.php
2 files changed, 58 insertions(+), 12 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index b31b10f..4200978 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -19,6 +19,8 @@
  * @ingroup Language
  */
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Base class for language conversion.
  * @ingroup Language
@@ -357,21 +359,27 @@
   1. HTML markups (anything between < and >)
   2. HTML entities
   3. placeholders created by the parser
+  IMPORTANT: Beware of failure from pcre.backtrack_limit 
(T124404).
+  Minimize use of backtracking where possible.
*/
-   $marker = '|' . Parser::MARKER_PREFIX . '[\-a-zA-Z0-9]+';
+   $marker = '|' . Parser::MARKER_PREFIX . '[^\x7f]++\x7f';
 
// this one is needed when the text is inside an HTML markup
-   $htmlfix = '|<[^>]+$|^[^<>]*>';
+   $htmlfix = '|<[^>\004]++(?=\004$)|^[^<>]*+>';
+
+   // Optimize for the common case where these tags have
+   // few or no children. Thus try and possesively get as much as
+   // possible, and only engage in backtracking when we hit a '<'.
 
// disable convert to variants between  tags
-   $codefix = '.+?<\/code>|';
+   $codefix = '[^<]*+(?:(?:(?!<\/code>).)[^<]*+)*+<\/code>|';
// disable conversion of 

[MediaWiki-commits] [Gerrit] mediawiki/core[fundraising/REL1_27]: SECURITY: API: Avoid some silliness with browser-guessed fil...

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391411 )

Change subject: SECURITY: API: Avoid some silliness with browser-guessed 
filenames
..


SECURITY: API: Avoid some silliness with browser-guessed filenames

If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.

We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.

Issue reported by: Abdullah Hussam

Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
---
M api.php
M includes/Feed.php
M includes/api/ApiFormatBase.php
M includes/api/ApiFormatRaw.php
M includes/api/ApiHelp.php
M includes/api/ApiQuery.php
6 files changed, 58 insertions(+), 0 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/api.php b/api.php
index 6e75fb7..7362137 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@
return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+   $correctUrl = wfAppendQuery( wfScript( 'api' ), 
$wgRequest->getQueryValues() );
+   $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+   header( "Location: $correctUrl", true, 301 );
+   echo 'This endpoint does not support "path info", i.e. extra text 
between "api.php"'
+   . 'and the "?". Remove any such text and try again.';
+   die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration 
Error', true, 500 );
diff --git a/includes/Feed.php b/includes/Feed.php
index 8bfe1c7..882a449 100644
--- a/includes/Feed.php
+++ b/includes/Feed.php
@@ -232,6 +232,12 @@
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+   // Set a sane filename
+   $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype 
);
+   $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+   header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" 
);
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index c826bba..af6fcc8 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -64,6 +64,26 @@
abstract public function getMimeType();
 
/**
+* Return a filename for this module's output.
+* @note If $this->getIsWrappedHtml() || $this->getIsHtml(), you'll very
+*  likely want to fall back to this class's version.
+* @since 1.27
+* @return string Generally this should be "api-result.$ext", and must 
be
+*  encoded for inclusion in a Content-Disposition header's filename 
parameter.
+*/
+   public function getFilename() {
+   if ( $this->getIsWrappedHtml() ) {
+   return 'api-result-wrapped.json';
+   } elseif ( $this->getIsHtml() ) {
+   return 'api-result.html';
+   } else {
+   $exts = MimeMagic::singleton()->getExtensionsForType( 
$this->getMimeType() );
+   $ext = $exts ? strtok( $exts, ' ' ) : strtolower( 
$this->mFormat );
+   return "api-result.$ext";
+   }
+   }
+
+   /**
 * Get the internal format name
 * @return string
 */
@@ -173,6 +193,13 @@
if ( $apiFrameOptions ) {
$this->getMain()->getRequest()->response()->header( 
"X-Frame-Options: $apiFrameOptions" );
}
+
+   // Set a Content-Disposition header so something downloading an 
API
+   // response uses a halfway-sensible filename (T128209).
+   $filename = $this->getFilename();
+   $this->getMain()->getRequest()->response()->header(
+   "Content-Disposition: inline; filename=\"{$filename}\""
+   );
}
 
/**
diff --git a/includes/api/ApiFormatRaw.php b/includes/api/ApiFormatRaw.php
index 9da040c..d73e3dc 100644
--- a/includes/api/ApiFormatRaw.php
+++ b/includes/api/ApiFormatRaw.php
@@ -60,6 +60,17 @@
return $data['mime'];
}
 
+   public function getFilename() {
+   $data = $this->getResult()->getResultData();
+   if ( isset( $data['error'] ) ) {
+ 

[MediaWiki-commits] [Gerrit] mediawiki/core[fundraising/REL1_27]: Make anchor for headlines escape > and

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391410 )

Change subject: Make anchor for headlines escape > and <
..


Make anchor for headlines escape > and <

As a hardening step against language converter and its crazy regexes.

Bug: T125163
Change-Id: Id304010a0342efbb7ef2d56c5b8b244f2e4fb2c5
---
M includes/Linker.php
1 file changed, 8 insertions(+), 6 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/includes/Linker.php b/includes/Linker.php
index 5717fba..70488c5 100644
--- a/includes/Linker.php
+++ b/includes/Linker.php
@@ -1789,22 +1789,24 @@
 *   a space and ending with '>'
 *   This *must* be at least '>' for no attribs
 * @param string $anchor The anchor to give the headline (the bit after 
the #)
-* @param string $html Html for the text of the header
+* @param string $html HTML for the text of the header
 * @param string $link HTML to add for the section edit link
-* @param bool|string $legacyAnchor A second, optional anchor to give 
for
+* @param string|bool $fallbackAnchor A second, optional anchor to give 
for
 *   backward compatibility (false to omit)
 *
 * @return string HTML headline
 */
public static function makeHeadline( $level, $attribs, $anchor, $html,
-   $link, $legacyAnchor = false
+   $link, $fallbackAnchor = false
) {
+   $anchorEscaped = htmlspecialchars( $anchor );
$ret = "
Gerrit-Reviewer: Ejegg 
Gerrit-Reviewer: Jackmcbarn 
Gerrit-Reviewer: MaxSem 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[fundraising/REL1_27]: SECURITY: Do not reveal if user exists during login failure

[Ejegg (Code Review)]

Ejegg has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391412 )

Change subject: SECURITY: Do not reveal if user exists during login failure
..


SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
---
M includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
M languages/i18n/en.json
M tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
3 files changed, 8 insertions(+), 2 deletions(-)

Approvals:
  Ejegg: Verified; Looks good to me, approved



diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php 
b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 5f5ef79..3f96cba 100644
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -96,7 +96,10 @@
__METHOD__
);
if ( !$row ) {
-   return AuthenticationResponse::newAbstain();
+   // Do not reveal whether its bad username or
+   // bad password to prevent username enumeration
+   // on private wikis. (T134100)
+   return $this->failResponse( $req );
}
 
// Check for *really* old password hashes that don't even have 
a type
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index 1f5c9ed..0d72330 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -482,7 +482,7 @@
"nosuchusershort": "There is no user by the name \"$1\".\nCheck your 
spelling.",
"nouserspecified": "You have to specify a username.",
"login-userblocked": "This user is blocked. Login not allowed.",
-   "wrongpassword": "Incorrect password entered.\nPlease try again.",
+   "wrongpassword": "Incorrect username or password entered.\nPlease try 
again.",
"wrongpasswordempty": "Password entered was blank.\nPlease try again.",
"passwordtooshort": "Passwords must be at least {{PLURAL:$1|1 
character|$1 characters}}.",
"passwordtoolong": "Passwords cannot be longer than {{PLURAL:$1|1 
character|$1 characters}}.",
diff --git 
a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
 
b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
index 637810a..a2460c5 100644
--- 
a/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
+++ 
b/tests/phpunit/includes/auth/LocalPasswordPrimaryAuthenticationProviderTest.php
@@ -170,6 +170,9 @@
$this->assertFalse( $ret->hard );
}
 
+/**
+ * @skipped till backport fixed
+ */
public function testAuthentication() {
$dbw = wfGetDB( DB_MASTER );
$oldHash = $dbw->selectField( 'user', 'user_password', [ 
'user_name' => 'UTSysop' ] );

-- 
To view, visit https://gerrit.wikimedia.org/r/391412
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: fundraising/REL1_27
Gerrit-Owner: Ejegg 
Gerrit-Reviewer: Anomie 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Ejegg 
Gerrit-Reviewer: Siebrand 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Fix rebase error in 4d38a489

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391456 )

Change subject: SECURITY: Fix rebase error in 4d38a489
..

SECURITY: Fix rebase error in 4d38a489

The fix for T125177 from F4932228 was incorrectly rebased when it was
applied to master as 4d38a489, causing the bug to not actually be fixed.

Bug: T180488
Change-Id: Ie6b87ef2373369987c112c19903c99afb789c1ff
---
M includes/api/ApiBase.php
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/56/391456/1

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 80aeff5..bf2b977 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1069,10 +1069,10 @@
} else {
$type = 'NULL'; // allow everything
}
+   }
 
-   if ( $type == 'password' || !empty( 
$paramSettings[self::PARAM_SENSITIVE] ) ) {
-   $this->getMain()->markParamsSensitive( 
$encParamName );
-   }
+   if ( $type == 'password' || !empty( 
$paramSettings[self::PARAM_SENSITIVE] ) ) {
+   $this->getMain()->markParamsSensitive( $encParamName );
}
 
if ( $type == 'boolean' ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/391456
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie6b87ef2373369987c112c19903c99afb789c1ff
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Anomie 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Handle -{}- syntax in attributes safely

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391455 )

Change subject: SECURITY: Handle -{}- syntax in attributes safely
..

SECURITY: Handle -{}- syntax in attributes safely

Previously, if one had an attribute with the contents
"-{}-foo-{}-", foo would get replaced by language converter as if
it wasn't in an attribute. This lead to an XSS attack.

This breaks doing manual conversions in url href's (or any
other attribute that goes through an escaping method
other than Sanitizer's). e.g. http://{sr-el:foo';sr-ec:bar}.com
won't work anymore. See also T87332

Bug: T119158
Change-Id: Idbc45cac12c309b0ccb4adeff6474fa527b48edb
---
M languages/LanguageConverter.php
M tests/parser/parserTests.txt
2 files changed, 39 insertions(+), 10 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/55/391455/1

diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index 00bc02d..f9610fa 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -376,9 +376,12 @@
$scriptfix = 
']*+>[^<]*+(?:(?:(?!<\/script>).)[^<]*+)*+<\/script>|';
// disable conversion of  tags
$prefix = 
']*+>[^<]*+(?:(?:(?!<\/pre>).)[^<]*+)*+<\/pre>|';
+   // The "|.*+)" at the end, is in case we missed some part of 
html syntax,
+   // we will fail securely (hopefully) by matching the rest of 
the string.
+   $htmlFullTag = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)|';
 
-   $reg = '/' . $codefix . $scriptfix . $prefix .
-   '<[^>]++>|&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
+   $reg = '/' . $codefix . $scriptfix . $prefix . $htmlFullTag .
+   '&[a-zA-Z#][a-z0-9]++;' . $marker . $htmlfix . 
'|\004$/s';
$startPos = 0;
$sourceBlob = '';
$literalBlob = '';
@@ -658,29 +661,41 @@
$out = '';
$length = strlen( $text );
$shouldConvert = !$this->guessVariant( $text, $variant );
+   $continue = 1;
 
-   while ( $startPos < $length ) {
-   $pos = strpos( $text, '-{', $startPos );
+   $noScript = '.*?<\/script>(*SKIP)(*FAIL)';
+   $noStyle = '.*?<\/style>(*SKIP)(*FAIL)';
+   $noHtml = 
'<(?:[^>=]*+(?>[^>=]*+=\s*+(?:"[^"]*"|\'[^\']*\'|[^\'">\s]*+))*+[^>=]*+>|.*+)(*SKIP)(*FAIL)';
+   while ( $startPos < $length && $continue ) {
+   $continue = preg_match(
+   // Only match -{ outside of html.
+   "/$noScript|$noStyle|$noHtml|-\{/",
+   $text,
+   $m,
+   PREG_OFFSET_CAPTURE,
+   $startPos
+   );
 
-   if ( $pos === false ) {
+   if ( !$continue ) {
// No more markup, append final segment
$fragment = substr( $text, $startPos );
$out .= $shouldConvert ? $this->autoConvert( 
$fragment, $variant ) : $fragment;
return $out;
}
 
-   // Markup found
+   // Offset of the match of the regex pattern.
+   $pos = $m[0][1];
+
// Append initial segment
$fragment = substr( $text, $startPos, $pos - $startPos 
);
$out .= $shouldConvert ? $this->autoConvert( $fragment, 
$variant ) : $fragment;
-
-   // Advance position
+   // -{ marker found, not in attribute
+   // Advance position up to -{ marker.
$startPos = $pos;
-
// Do recursive conversion
+   // Note: This passes $startPos by reference, and 
advances it.
$out .= $this->recursiveConvertRule( $text, $variant, 
$startPos, $depth + 1 );
}
-
return $out;
}
 
diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt
index ff574d1..fb549f5 100644
--- a/tests/parser/parserTests.txt
+++ b/tests/parser/parserTests.txt
@@ -18506,6 +18506,20 @@
 !! end
 
 !! test
+Language converter glossary rules inside attributes (T119158)
+!! options
+language=sr variant=sr-el
+!! wikitext
+-{H|abc=>sr-el:" onload="alert(1)" data-foo="}-
+
+[[File:Foobar.jpg|alt=-{}-abc-{}-]]
+!! html
+
+http://example.com/images/3/3a/Foobar.jpg; width="1941" height="220">
+
+!! end
+
+!! test
 Self closed html pairs (T7487)
 !! wikitext
 

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: update.php: Remove eval-stdin.php if necessary

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391453 )

Change subject: SECURITY: update.php: Remove eval-stdin.php if necessary
..

SECURITY: update.php: Remove eval-stdin.php if necessary

If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.

Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
---
M maintenance/update.php
1 file changed, 18 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/53/391453/1

diff --git a/maintenance/update.php b/maintenance/update.php
index ba66c76..70cea51 100755
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -170,6 +170,24 @@
 
$time1 = microtime( true );
 
+   $badPhpUnit = dirname( __DIR__ ) . 
'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+   if ( file_exists( $badPhpUnit ) ) {
+   // Bad versions of the file are:
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+   // 
https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+   $md5 = md5_file( $badPhpUnit );
+   if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+   || $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+   ) {
+   $success = unlink( $badPhpUnit );
+   if ( $success ) {
+   $this->output( "Removed PHPUnit 
eval-stdin.php to protect against CVE-2017-9841\n" );
+   } else {
+   $this->error( "Unable to remove 
$badPhpUnit, you should manually. See CVE-2017-9841" );
+   }
+   }
+   }
+
$shared = $this->hasOption( 'doshared' );
 
$updates = [ 'core', 'extensions' ];

-- 
To view, visit https://gerrit.wikimedia.org/r/391453
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Create a .htaccess in /vendor after composer runs

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391452 )

Change subject: SECURITY: Create a .htaccess in /vendor after composer runs
..

SECURITY: Create a .htaccess in /vendor after composer runs

The /vendor directory does not need to be web accessible, and to reduce
attack surface, it should not be web accessible. We can use the
post-install-cmd and post-update-cmd hooks to create a .htaccess after
the user has run "composer install" or "composer update". On the first
run of composer, this hook will be invoked twice due to the composer
merge plugin.

If the htaccess file already exists, this hook won't do anything.

Bug: T180237
Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M composer.json
A includes/composer/ComposerVendorHtaccessCreator.php
2 files changed, 47 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/52/391452/1

diff --git a/composer.json b/composer.json
index 71c9398..a5501d0 100644
--- a/composer.json
+++ b/composer.json
@@ -79,7 +79,8 @@
},
"autoload": {
"psr-0": {
-   "ComposerHookHandler": "includes/composer"
+   "ComposerHookHandler": "includes/composer",
+   "ComposerVendorHtaccessCreator": "includes/composer"
},
"files": [
"includes/compat/Timestamp.php"
@@ -97,6 +98,8 @@
"fix": "phpcbf",
"pre-install-cmd": "ComposerHookHandler::onPreInstall",
"pre-update-cmd": "ComposerHookHandler::onPreUpdate",
+   "post-install-cmd": "ComposerVendorHtaccessCreator::onEvent",
+   "post-update-cmd": "ComposerVendorHtaccessCreator::onEvent",
"test": [
"composer lint",
"composer phpcs"
diff --git a/includes/composer/ComposerVendorHtaccessCreator.php 
b/includes/composer/ComposerVendorHtaccessCreator.php
new file mode 100644
index 000..1e5efdf
--- /dev/null
+++ b/includes/composer/ComposerVendorHtaccessCreator.php
@@ -0,0 +1,43 @@
+
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+/**
+ * Creates a .htaccess in the vendor/ directory
+ * to prevent web access.
+ *
+ * This class runs *outside* of the normal MediaWiki
+ * environment and cannot depend upon any MediaWiki
+ * code.
+ */
+class ComposerVendorHtaccessCreator {
+
+   /**
+* Handle post-install-cmd and post-update-cmd hooks
+*/
+   public static function onEvent() {
+   $fname = dirname( dirname( __DIR__ ) ) . "/vendor/.htaccess";
+   if ( file_exists( $fname ) ) {
+   // Already exists
+   return;
+   }
+
+   file_put_contents( $fname, "Deny from all\n" );
+   }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/391452
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: API: Avoid some silliness with browser-guessed fil...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391449 )

Change subject: SECURITY: API: Avoid some silliness with browser-guessed 
filenames
..

SECURITY: API: Avoid some silliness with browser-guessed filenames

If someone is both dumb enough to blindly save an API response and to
then execute the resulting file, this can be used to attack their
computer.

We can mitigate this by disallowing PATH_INFO in api.php URLs (because
we don't make any use of them anyway) and by setting a sensible filename
using a Content-Disposition header so the browser won't go guessing at
the filename based on what is in the URL.

Issue reported by: Abdullah Hussam

Bug: T128209
Change-Id: I8526f5cc506c551edb6138d68450b6acea065e93
---
M api.php
M includes/Feed.php
M includes/api/ApiFormatBase.php
M includes/api/ApiFormatRaw.php
M includes/api/ApiHelp.php
M includes/api/ApiQuery.php
6 files changed, 58 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/49/391449/1

diff --git a/api.php b/api.php
index a6ce3b2..d9a69db 100644
--- a/api.php
+++ b/api.php
@@ -44,6 +44,17 @@
return;
 }
 
+// Pathinfo can be used for stupid things. We don't support it for api.php at
+// all, so error out if it's present.
+if ( isset( $_SERVER['PATH_INFO'] ) && $_SERVER['PATH_INFO'] != '' ) {
+   $correctUrl = wfAppendQuery( wfScript( 'api' ), 
$wgRequest->getQueryValues() );
+   $correctUrl = wfExpandUrl( $correctUrl, PROTO_CANONICAL );
+   header( "Location: $correctUrl", true, 301 );
+   echo 'This endpoint does not support "path info", i.e. extra text 
between "api.php"'
+   . 'and the "?". Remove any such text and try again.';
+   die( 1 );
+}
+
 // Verify that the API has not been disabled
 if ( !$wgEnableAPI ) {
header( $_SERVER['SERVER_PROTOCOL'] . ' 500 MediaWiki configuration 
Error', true, 500 );
diff --git a/includes/Feed.php b/includes/Feed.php
index bc7747f..fd223e6 100644
--- a/includes/Feed.php
+++ b/includes/Feed.php
@@ -230,6 +230,12 @@
$wgOut->disable();
$mimetype = $this->contentType();
header( "Content-type: $mimetype; charset=UTF-8" );
+
+   // Set a sane filename
+   $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype 
);
+   $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+   header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" 
);
+
if ( $wgVaryOnXFP ) {
$wgOut->addVaryHeader( 'X-Forwarded-Proto' );
}
diff --git a/includes/api/ApiFormatBase.php b/includes/api/ApiFormatBase.php
index 06eaa19..c5f2fcf 100644
--- a/includes/api/ApiFormatBase.php
+++ b/includes/api/ApiFormatBase.php
@@ -65,6 +65,26 @@
abstract public function getMimeType();
 
/**
+* Return a filename for this module's output.
+* @note If $this->getIsWrappedHtml() || $this->getIsHtml(), you'll very
+*  likely want to fall back to this class's version.
+* @since 1.27
+* @return string Generally this should be "api-result.$ext", and must 
be
+*  encoded for inclusion in a Content-Disposition header's filename 
parameter.
+*/
+   public function getFilename() {
+   if ( $this->getIsWrappedHtml() ) {
+   return 'api-result-wrapped.json';
+   } elseif ( $this->getIsHtml() ) {
+   return 'api-result.html';
+   } else {
+   $exts = MimeMagic::singleton()->getExtensionsForType( 
$this->getMimeType() );
+   $ext = $exts ? strtok( $exts, ' ' ) : strtolower( 
$this->mFormat );
+   return "api-result.$ext";
+   }
+   }
+
+   /**
 * Get the internal format name
 * @return string
 */
@@ -192,6 +212,13 @@
if ( $apiFrameOptions ) {
$this->getMain()->getRequest()->response()->header( 
"X-Frame-Options: $apiFrameOptions" );
}
+
+   // Set a Content-Disposition header so something downloading an 
API
+   // response uses a halfway-sensible filename (T128209).
+   $filename = $this->getFilename();
+   $this->getMain()->getRequest()->response()->header(
+   "Content-Disposition: inline; filename=\"{$filename}\""
+   );
}
 
/**
diff --git a/includes/api/ApiFormatRaw.php b/includes/api/ApiFormatRaw.php
index 228b47e..ebaeb2c 100644
--- a/includes/api/ApiFormatRaw.php
+++ b/includes/api/ApiFormatRaw.php
@@ -60,6 +60,17 @@
return $data['mime'];
}
 
+   public function getFilename() {
+   $data = $this->getResult()->getResultData();
+   if ( isset( $data['error'] ) ) {
+  

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: XSS in langconverter when regex hits pcre.backtrac...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391454 )

Change subject: SECURITY: XSS in langconverter when regex hits 
pcre.backtrack_limit
..

SECURITY: XSS in langconverter when regex hits pcre.backtrack_limit

Adjust regexes for what not to convert to avoid backtracking by
preferring possesive quantifiers

Add check that we really have matched to the end of the string, and
log error if the regex hits some sort of error preventing the
entire string from being matched. Should the regex not match to the
end, then language conversion is disabled for the string.

Bug: T124404
Change-Id: I4f0c171c7da804e9c1508ef1f59556665a318f6a
---
M languages/LanguageConverter.php
M tests/phpunit/languages/LanguageConverterTest.php
2 files changed, 61 insertions(+), 15 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/54/391454/1

diff --git a/languages/LanguageConverter.php b/languages/LanguageConverter.php
index 67c0ca7..00bc02d 100644
--- a/languages/LanguageConverter.php
+++ b/languages/LanguageConverter.php
@@ -20,6 +20,8 @@
  */
 use MediaWiki\MediaWikiServices;
 
+use MediaWiki\Logger\LoggerFactory;
+
 /**
  * Base class for language conversion.
  * @ingroup Language
@@ -353,24 +355,30 @@
}
 
/* we convert everything except:
-* 1. HTML markups (anything between < and >)
-* 2. HTML entities
-* 3. placeholders created by the parser
-*/
-   $marker = '|' . Parser::MARKER_PREFIX . '[\-a-zA-Z0-9]+';
+  1. HTML markups (anything between < and >)
+  2. HTML entities
+  3. placeholders created by the parser
+  IMPORTANT: Beware of failure from pcre.backtrack_limit 
(T124404).
+  Minimize use of backtracking where possible.
+   */
+   $marker = '|' . Parser::MARKER_PREFIX . '[^\x7f]++\x7f';
 
// this one is needed when the text is inside an HTML markup
-   $htmlfix = '|<[^>]+$|^[^<>]*>';
+   $htmlfix = '|<[^>\004]++(?=\004$)|^[^<>]*+>';
+
+   // Optimize for the common case where these tags have
+   // few or no children. Thus try and possesively get as much as
+   // possible, and only engage in backtracking when we hit a '<'.
 
// disable convert to variants between  tags
-   $codefix = '.+?<\/code>|';
+   $codefix = '[^<]*+(?:(?:(?!<\/code>).)[^<]*+)*+<\/code>|';
// disable conversion of 

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Do not reveal if user exists during login failure

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391450 )

Change subject: SECURITY: Do not reveal if user exists during login failure
..

SECURITY: Do not reveal if user exists during login failure

This is meant for private wikis where the list of users may
be secret. It is only meant to prevent trivial enumeration
of usernames. It is not designed to prevent enumeration
via timing attacks.

Bug: T134100
Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
---
M includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
M languages/i18n/en.json
2 files changed, 5 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/50/391450/1

diff --git a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php 
b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
index 7f93c12..86a6aae 100644
--- a/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
+++ b/includes/auth/LocalPasswordPrimaryAuthenticationProvider.php
@@ -96,7 +96,10 @@
__METHOD__
);
if ( !$row ) {
-   return AuthenticationResponse::newAbstain();
+   // Do not reveal whether its bad username or
+   // bad password to prevent username enumeration
+   // on private wikis. (T134100)
+   return $this->failResponse( $req );
}
 
$oldRow = clone $row;
diff --git a/languages/i18n/en.json b/languages/i18n/en.json
index dc5d97d..5083bed 100644
--- a/languages/i18n/en.json
+++ b/languages/i18n/en.json
@@ -467,7 +467,7 @@
"nosuchusershort": "There is no user by the name \"$1\".\nCheck your 
spelling.",
"nouserspecified": "You have to specify a username.",
"login-userblocked": "This user is blocked. Login not allowed.",
-   "wrongpassword": "Incorrect password entered.\nPlease try again.",
+   "wrongpassword": "Incorrect username or password entered.\nPlease try 
again.",
"wrongpasswordempty": "Password entered was blank.\nPlease try again.",
"passwordtooshort": "Passwords must be at least {{PLURAL:$1|1 
character|$1 characters}}.",
"passwordtoolong": "Passwords cannot be longer than {{PLURAL:$1|1 
character|$1 characters}}.",

-- 
To view, visit https://gerrit.wikimedia.org/r/391450
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7afaa955a4b393ef00b11e420709bd62b84fbc71
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Escape internal error message

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391447 )

Change subject: SECURITY: Escape internal error message
..

SECURITY: Escape internal error message

This message contains the request url, which is semi-user controlled.
Most browsers percent escape < and > so its probably not exploitable
(curl is an exception here), but nonetheless its not good.

Bug: T178451
Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
---
M includes/exception/MWException.php
M includes/exception/MWExceptionRenderer.php
2 files changed, 18 insertions(+), 15 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/47/391447/1

diff --git a/includes/exception/MWException.php 
b/includes/exception/MWException.php
index c633431..6d95919 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -103,13 +103,15 @@
$logId = WebRequest::getRequestId();
$type = static::class;
return Html::errorBox(
-   '[' . $logId . '] ' .
-   gmdate( 'Y-m-d H:i:s' ) . ": " .
-   $this->msg( "internalerror-fatal-exception",
-   "Fatal exception of type $1",
-   $type,
-   $logId,
-   MWExceptionHandler::getURL( $this )
+   htmlspecialchars(
+   '[' . $logId . '] ' .
+   gmdate( 'Y-m-d H:i:s' ) . ": " .
+   $this->msg( "internalerror-fatal-exception",
+   "Fatal exception of type $1",
+   $type,
+   $logId,
+   MWExceptionHandler::getURL( $this )
+   )
) ) .
"";
}
 

-- 
To view, visit https://gerrit.wikimedia.org/r/391447
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I19358471ddf1b28377aad8e0fb54797c817bb6f6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Ensure Message::rawParams can't lead to XSS

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391451 )

Change subject: SECURITY: Ensure Message::rawParams can't lead to XSS
..

SECURITY: Ensure Message::rawParams can't lead to XSS

If you used wfMessage( 'foo' )->rawParams( 'bar"baz' )
there's a possibility of leading to xss, if the foo
message has a $1 in an attribute, as the quote characters
may end the attribute.

To prevent that, we convert $1 to $'"1 for after parameters,
so if any of them end up in attributes, the attribute escaping
will break the parameter name, preventing substitution.

This would of course break if someone intentionally inserted
a raw parameter into an attribute, but that's silly and I
don't think we should allow that.

This is similar to the parser strip marker issue.

Bug: T176247
Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
---
M includes/Message.php
1 file changed, 20 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/51/391451/1

diff --git a/includes/Message.php b/includes/Message.php
index 2a55d0e..3b2f3cc 100644
--- a/includes/Message.php
+++ b/includes/Message.php
@@ -1123,11 +1123,29 @@
 * @return string
 */
protected function replaceParameters( $message, $type = 'before', 
$format ) {
+   // A temporary marker for $1 parameters that is only valid
+   // in non-attribute contexts. However if the entire message is 
escaped
+   // then we don't want to use it because it will be mangled in 
all contexts
+   // and its unnessary as ->escaped() messages aren't html.
+   $marker = $format === self::FORMAT_ESCAPED ? '$' : '$\'"';
$replacementKeys = [];
foreach ( $this->parameters as $n => $param ) {
list( $paramType, $value ) = $this->extractParam( 
$param, $format );
-   if ( $type === $paramType ) {
-   $replacementKeys['$' . ( $n + 1 )] = $value;
+   if ( $type === 'before' ) {
+   if ( $paramType === 'before' ) {
+   $replacementKeys['$' . ( $n + 1 )] = 
$value;
+   } else /* $paramType === 'after' */ {
+   // To protect against XSS from 
replacing parameters
+   // inside html attributes, we convert 
$1 to $'"1.
+   // In the event that one of the 
parameters ends up
+   // in an attribute, either the ' or the 
" will be
+   // escaped, breaking the replacement 
and avoiding XSS.
+   $replacementKeys['$' . ( $n + 1 )] = 
$marker . ( $n + 1 );
+   }
+   } else {
+   if ( $paramType === 'after' ) {
+   $replacementKeys[$marker . ( $n + 1 )] 
= $value;
+   }
}
}
$message = strtr( $message, $replacementKeys );

-- 
To view, visit https://gerrit.wikimedia.org/r/391451
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: If83aec01b20e414f9c92be894f145d7df2974866
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Brian Wolff 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: Add throttling for BotPasswords authentication att...

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391448 )

Change subject: SECURITY: Add throttling for BotPasswords authentication 
attempts
..

SECURITY: Add throttling for BotPasswords authentication attempts

ApiLogin which will currently always try an AuthManager login which will
by default throttle via ThrottlePreAuthenticationProvider, but this only
happens after the BotPassword is checked so it's still possible to keep
trying to break the bot password.

There's a potential odd-behavior mode here: if the main account username
and password looks like a BotPasswords username and password, a
successful main account login will increment the BotPasswords throttle
for the user and not reset it after the successful main account login.
That seems such an odd edge case I say let's not worry about it.

Bug: T165846
Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
---
M includes/api/ApiLogin.php
M includes/user/BotPassword.php
2 files changed, 19 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/48/391448/1

diff --git a/includes/api/ApiLogin.php b/includes/api/ApiLogin.php
index aa7e25e..9636789 100644
--- a/includes/api/ApiLogin.php
+++ b/includes/api/ApiLogin.php
@@ -134,7 +134,7 @@
$session = $status->getValue();
$authRes = 'Success';
$loginType = 'BotPassword';
-   } elseif ( !$botLoginData[2] ) {
+   } elseif ( !$botLoginData[2] || $status->hasMessage( 
'login-throttled' ) ) {
$authRes = 'Failed';
$message = $status->getMessage();
LoggerFactory::getInstance( 'authentication' 
)->info(
diff --git a/includes/user/BotPassword.php b/includes/user/BotPassword.php
index 25625e7..b898d8a 100644
--- a/includes/user/BotPassword.php
+++ b/includes/user/BotPassword.php
@@ -437,7 +437,7 @@
 * @return Status On success, the good status's value is the new 
Session object
 */
public static function login( $username, $password, WebRequest $request 
) {
-   global $wgEnableBotPasswords;
+   global $wgEnableBotPasswords, $wgPasswordAttemptThrottle;
 
if ( !$wgEnableBotPasswords ) {
return Status::newFatal( 'botpasswords-disabled' );
@@ -462,6 +462,20 @@
return Status::newFatal( 'nosuchuser', $name );
}
 
+   // Throttle
+   $throttle = null;
+   if ( !empty( $wgPasswordAttemptThrottle ) ) {
+   $throttle = new MediaWiki\Auth\Throttler( 
$wgPasswordAttemptThrottle, [
+   'type' => 'botpassword',
+   'cache' => 
ObjectCache::getLocalClusterInstance(),
+   ] );
+   $result = $throttle->increase( $user->getName(), 
$request->getIP(), __METHOD__ );
+   if ( $result ) {
+   $msg = wfMessage( 'login-throttled' 
)->durationParams( $result['wait'] );
+   return Status::newFatal( $msg );
+   }
+   }
+
// Get the bot password
$bp = self::newFromUser( $user, $appId );
if ( !$bp ) {
@@ -480,6 +494,9 @@
}
 
// Ok! Create the session.
+   if ( $throttle ) {
+   $throttle->clear( $user->getName(), $request->getIP() );
+   }
return Status::newGood( $provider->newSessionForRequest( $user, 
$bp, $request ) );
}
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/391448
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie60f0e05c2a94722b91bc3a80c80346e28b443f4
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Anomie 
Gerrit-Reviewer: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...SmashPig[master]: Update phpunit in composer.lock

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391457 )

Change subject: Update phpunit in composer.lock
..


Update phpunit in composer.lock

Change-Id: I266055c9cf639c7acc44c403d4d265ad201e2c63
---
M composer.lock
1 file changed, 5 insertions(+), 5 deletions(-)

Approvals:
  jenkins-bot: Verified
  Ejegg: Looks good to me, approved



diff --git a/composer.lock b/composer.lock
index 04a9bc7..da5cb72 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1453,16 +1453,16 @@
 },
 {
 "name": "phpunit/phpunit",
-"version": "4.8.31",
+"version": "4.8.36",
 "source": {
 "type": "git",
 "url": "https://github.com/sebastianbergmann/phpunit.git;,
-"reference": "98b2b39a520766bec663ff5b7ff1b729db9dbfe3"
+"reference": "46023de9a91eec7dfb06cc56cb4e260017298517"
 },
 "dist": {
 "type": "zip",
-"url": 
"https://api.github.com/repos/sebastianbergmann/phpunit/zipball/98b2b39a520766bec663ff5b7ff1b729db9dbfe3;,
-"reference": "98b2b39a520766bec663ff5b7ff1b729db9dbfe3",
+"url": 
"https://api.github.com/repos/sebastianbergmann/phpunit/zipball/46023de9a91eec7dfb06cc56cb4e260017298517;,
+"reference": "46023de9a91eec7dfb06cc56cb4e260017298517",
 "shasum": ""
 },
 "require": {
@@ -1521,7 +1521,7 @@
 "testing",
 "xunit"
 ],
-"time": "2016-12-09T02:45:31+00:00"
+"time": "2017-06-21T08:07:12+00:00"
 },
 {
 "name": "phpunit/phpunit-mock-objects",

-- 
To view, visit https://gerrit.wikimedia.org/r/391457
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I266055c9cf639c7acc44c403d4d265ad201e2c63
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/SmashPig
Gerrit-Branch: master
Gerrit-Owner: Ejegg 
Gerrit-Reviewer: Ejegg 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_27]: Add missing ComposerVendorHtaccessCreator class to autoload.php

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391463 )

Change subject: Add missing ComposerVendorHtaccessCreator class to autoload.php
..

Add missing ComposerVendorHtaccessCreator class to autoload.php

Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M autoload.php
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/63/391463/1

diff --git a/autoload.php b/autoload.php
index dbba50d..2089c57 100644
--- a/autoload.php
+++ b/autoload.php
@@ -261,6 +261,7 @@
'ComposerJson' => __DIR__ . '/includes/libs/composer/ComposerJson.php',
'ComposerLock' => __DIR__ . '/includes/libs/composer/ComposerLock.php',
'ComposerPackageModifier' => __DIR__ . 
'/includes/composer/ComposerPackageModifier.php',
+   'ComposerVendorHtaccessCreator' => __DIR__ . 
'/includes/composer/ComposerVendorHtaccessCreator.php',
'ComposerVersionNormalizer' => __DIR__ . 
'/includes/composer/ComposerVersionNormalizer.php',
'CompressOld' => __DIR__ . '/maintenance/storage/compressOld.php',
'ConcatenatedGzipHistoryBlob' => __DIR__ . '/includes/HistoryBlob.php',

-- 
To view, visit https://gerrit.wikimedia.org/r/391463
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_27
Gerrit-Owner: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_29]: Add missing ComposerVendorHtaccessCreator class to autoload.php

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391464 )

Change subject: Add missing ComposerVendorHtaccessCreator class to autoload.php
..

Add missing ComposerVendorHtaccessCreator class to autoload.php

Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M autoload.php
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/64/391464/1

diff --git a/autoload.php b/autoload.php
index 446ff16..4ced1e2 100644
--- a/autoload.php
+++ b/autoload.php
@@ -281,6 +281,7 @@
'ComposerJson' => __DIR__ . '/includes/libs/composer/ComposerJson.php',
'ComposerLock' => __DIR__ . '/includes/libs/composer/ComposerLock.php',
'ComposerPackageModifier' => __DIR__ . 
'/includes/composer/ComposerPackageModifier.php',
+   'ComposerVendorHtaccessCreator' => __DIR__ . 
'/includes/composer/ComposerVendorHtaccessCreator.php',
'ComposerVersionNormalizer' => __DIR__ . 
'/includes/composer/ComposerVersionNormalizer.php',
'CompressOld' => __DIR__ . '/maintenance/storage/compressOld.php',
'ConcatenatedGzipHistoryBlob' => __DIR__ . '/includes/HistoryBlob.php',

-- 
To view, visit https://gerrit.wikimedia.org/r/391464
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_29
Gerrit-Owner: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[REL1_30]: Add missing ComposerVendorHtaccessCreator class to autoload.php

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391465 )

Change subject: Add missing ComposerVendorHtaccessCreator class to autoload.php
..

Add missing ComposerVendorHtaccessCreator class to autoload.php

Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Follow-up: I2cf6541750c90b5708d7cf5f81b914ae2d9d46d1
---
M autoload.php
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/65/391465/1

diff --git a/autoload.php b/autoload.php
index 89d22b0..75c9b55 100644
--- a/autoload.php
+++ b/autoload.php
@@ -285,6 +285,7 @@
'ComposerJson' => __DIR__ . '/includes/libs/composer/ComposerJson.php',
'ComposerLock' => __DIR__ . '/includes/libs/composer/ComposerLock.php',
'ComposerPackageModifier' => __DIR__ . 
'/includes/composer/ComposerPackageModifier.php',
+   'ComposerVendorHtaccessCreator' => __DIR__ . 
'/includes/composer/ComposerVendorHtaccessCreator.php',
'ComposerVersionNormalizer' => __DIR__ . 
'/includes/composer/ComposerVersionNormalizer.php',
'CompressOld' => __DIR__ . '/maintenance/storage/compressOld.php',
'ConcatenatedGzipHistoryBlob' => __DIR__ . '/includes/HistoryBlob.php',

-- 
To view, visit https://gerrit.wikimedia.org/r/391465
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia70324acf3db2df50c6629d705c2c4728c38
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_30
Gerrit-Owner: Reedy 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] marvin[master]: WIP: use Webpack for server production builds

[Niedzielski (Code Review)]

Niedzielski has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391467 )

Change subject: WIP: use Webpack for server production builds
..

WIP: use Webpack for server production builds

Bug: T177235
Change-Id: I04fa8f52dfd19da9b6a9f90a59daa559353a8efe
---
M docs/setting-a-staging-server.md
M package-lock.json
M package.json
M src/server/index.tsx
D src/server/types/ignore-styles.d.ts
M webpack.config.ts
6 files changed, 83 insertions(+), 118 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/marvin refs/changes/67/391467/1

diff --git a/docs/setting-a-staging-server.md b/docs/setting-a-staging-server.md
index dd92f23..6429f14 100644
--- a/docs/setting-a-staging-server.md
+++ b/docs/setting-a-staging-server.md
@@ -165,7 +165,7 @@
 cp -R node_modules/ /home/marvin/dist/node_modules
 
 echo "Running new server version"
-NODE_ENV=production node /home/marvin/dist/server/index.js &
+node /home/marvin/dist &
 ```
 
 And make it executable
@@ -183,7 +183,7 @@
 added 115 packages in 12.848s
 
 > marvin@0.0.0 build /home/marvin/sources
-> NODE_ENV=production npm-run-all --silent clean --parallel server:build 
'client:build -- -p'
+> NODE_ENV=production webpack
 
 Removing previously started server processes
 Copying new tarball
diff --git a/package-lock.json b/package-lock.json
index 523d7a9..8106353 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -145,6 +145,15 @@
 "@types/uglify-js": "2.6.29"
   }
 },
+"@types/webpack-node-externals": {
+  "version": "1.6.0",
+  "resolved": 
"https://registry.npmjs.org/@types/webpack-node-externals/-/webpack-node-externals-1.6.0.tgz;,
+  "integrity": 
"sha512-9O3qTR4rDvHIUtKw1Uy95W3r7Ipac7E/obKwdiqdhqTbCuaAyyTpPOA7LFceqxB1TXs2NbFWxorbCkqmb5eFlw==",
+  "dev": true,
+  "requires": {
+"@types/webpack": "3.0.9"
+  }
+},
 "abbrev": {
   "version": "1.1.0",
   "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.0.tgz;,
@@ -1214,20 +1223,6 @@
 "mkdirp": "0.5.1",
 "rimraf": "2.6.2",
 "run-queue": "1.0.3"
-  }
-},
-"copyfiles": {
-  "version": "1.2.0",
-  "resolved": "https://registry.npmjs.org/copyfiles/-/copyfiles-1.2.0.tgz;,
-  "integrity": "sha1-qNo6xBqiIgrim9PFi2mEKU8sWTw=",
-  "dev": true,
-  "requires": {
-"glob": "7.1.2",
-"ltcdr": "2.2.1",
-"minimatch": "3.0.4",
-"mkdirp": "0.5.1",
-"noms": "0.0.0",
-"through2": "2.0.3"
   }
 },
 "core-util-is": {
@@ -3035,6 +3030,12 @@
   "integrity": "sha1-SMptcvbGo68Aqa1K5odr44ieKwk=",
   "dev": true
 },
+"ignore-loader": {
+  "version": "0.1.2",
+  "resolved": 
"https://registry.npmjs.org/ignore-loader/-/ignore-loader-0.1.2.tgz;,
+  "integrity": "sha1-2B8kA3bQuk8Nd4lyw60lh0EXpGM=",
+  "dev": true
+},
 "ignore-styles": {
   "version": "5.0.1",
   "resolved": 
"https://registry.npmjs.org/ignore-styles/-/ignore-styles-5.0.1.tgz;,
@@ -3944,12 +3945,6 @@
 "yallist": "2.1.2"
   }
 },
-"ltcdr": {
-  "version": "2.2.1",
-  "resolved": "https://registry.npmjs.org/ltcdr/-/ltcdr-2.2.1.tgz;,
-  "integrity": "sha1-Wrh60dTB2rjowIu/A37gwZAih88=",
-  "dev": true
-},
 "macaddress": {
   "version": "0.2.8",
   "resolved": 
"https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz;,
@@ -4479,42 +4474,6 @@
 "touch": "3.1.0",
 "undefsafe": "0.0.3",
 "update-notifier": "2.3.0"
-  }
-},
-"noms": {
-  "version": "0.0.0",
-  "resolved": "https://registry.npmjs.org/noms/-/noms-0.0.0.tgz;,
-  "integrity": "sha1-2o69nzr51nYJGbJ9nNyAkqczKFk=",
-  "dev": true,
-  "requires": {
-"inherits": "2.0.3",
-"readable-stream": "1.0.34"
-  },
-  "dependencies": {
-"isarray": {
-  "version": "0.0.1",
-  "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz;,
-  "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
-  "dev": true
-},
-"readable-stream": {
-  "version": "1.0.34",
-  "resolved": 
"https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz;,
-  "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-  "dev": true,
-  "requires": {
-"core-util-is": "1.0.2",
-"inherits": "2.0.3",
-"isarray": "0.0.1",
-"string_decoder": "0.10.31"
-  }
-},
-"string_decoder": {
-  "version": "0.10.31",
-  "resolved": 
"https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz;,
-  "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=",
-  "dev": true
-}
   }
 },
 "nopt": {
@@ -7778,6 +7737,12 @@
 }
   }
 },
+"webpack-node-externals": {
+  "version": 

[MediaWiki-commits] [Gerrit] operations/mediawiki-config[master]: search.wikimedia.org: Add robots.txt, tell them to stay away

[jenkins-bot (Code Review)]

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391470 )

Change subject: search.wikimedia.org: Add robots.txt, tell them to stay away
..


search.wikimedia.org: Add robots.txt, tell them to stay away

Change-Id: I4154f5cc3d7565c3f1edc92cc760c579d6da9610
---
A docroot/search.wikimedia.org/robots.txt
1 file changed, 2 insertions(+), 0 deletions(-)

Approvals:
  Chad: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/docroot/search.wikimedia.org/robots.txt 
b/docroot/search.wikimedia.org/robots.txt
new file mode 100644
index 000..1f53798
--- /dev/null
+++ b/docroot/search.wikimedia.org/robots.txt
@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /

-- 
To view, visit https://gerrit.wikimedia.org/r/391470
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4154f5cc3d7565c3f1edc92cc760c579d6da9610
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Chad 
Gerrit-Reviewer: Chad 
Gerrit-Reviewer: Urbanecm 
Gerrit-Reviewer: Zoranzoki21 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...mobileapps[master]: Media: stop filtering by size + mime type

[Mholloway (Code Review)]

Mholloway has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391358 )

Change subject: Media: stop filtering by size + mime type
..

Media: stop filtering by size + mime type

We'll be going in the direction of leaving these in but marking them up
with the necessary info for clients to decide if and how to use them.

Bug: T177430
Change-Id: Ie79c2b9b422ecd3607808f103b2821a211093a84
---
M lib/media.js
1 file changed, 3 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/mobileapps 
refs/changes/58/391358/1

diff --git a/lib/media.js b/lib/media.js
index 506be2a..049bace 100644
--- a/lib/media.js
+++ b/lib/media.js
@@ -5,7 +5,6 @@
 const Title = require('mediawiki-title').Title;
 
 const MAX_ITEM_COUNT = 500;
-const MIN_IMAGE_SIZE = 64;
 const MAX_IMAGE_WIDTH = 1280;
 
 
@@ -59,18 +58,11 @@
 });
 }
 
-function filterTitles(items) {
+function getTitles(items) {
 // Reject gallery items if they're too small.
 // Also reject SVG and PNG items by default, because they're likely to be
 // logos and/or presentational images.
-return items.filter((item) => {
-const imageInfo = item.imageinfo && Array.isArray(item.imageinfo) && 
item.imageinfo[0];
-return imageInfo
-&& imageInfo.width >= MIN_IMAGE_SIZE
-&& imageInfo.height >= MIN_IMAGE_SIZE
-&& !imageInfo.mime.includes('svg')
-&& !imageInfo.mime.includes('png');
-}).map((item) => {
+return items.map((item) => {
 return item.title;
 });
 }
@@ -103,7 +95,7 @@
 prop: 'videoinfo',
 viprop: 'url|dimensions|mime|extmetadata|derivatives',
 viurlwidth: MAX_IMAGE_WIDTH,
-titles: filterTitles(response.body.query.pages).join('|'),
+titles: getTitles(response.body.query.pages).join('|'),
 continue: ''
 };
 return api.mwApiGet(app, req.params.domain, query).then((response) => {

-- 
To view, visit https://gerrit.wikimedia.org/r/391358
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie79c2b9b422ecd3607808f103b2821a211093a84
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/mobileapps
Gerrit-Branch: master
Gerrit-Owner: Mholloway 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...mobileapps[master]: WIP: Get media items directly from Parsoid HTML

[Mholloway (Code Review)]

Mholloway has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391359 )

Change subject: WIP: Get media items directly from Parsoid HTML
..

WIP: Get media items directly from Parsoid HTML

Saves a MediaWiki API call.

Problem: /page/html doesn't appear to automatically handle redirects...

Change-Id: Iaaefc337730b494e5e639deea16dfd9968a02b8a
---
M lib/media.js
M routes/media.js
M test/lib/media/media-test.js
3 files changed, 45 insertions(+), 61 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/mobileapps 
refs/changes/59/391359/1

diff --git a/lib/media.js b/lib/media.js
index 049bace..af9e33a 100644
--- a/lib/media.js
+++ b/lib/media.js
@@ -1,10 +1,8 @@
 'use strict';
 
-const domino = require('domino');
 const api = require('./api-util');
 const Title = require('mediawiki-title').Title;
 
-const MAX_ITEM_COUNT = 500;
 const MAX_IMAGE_WIDTH = 1280;
 
 
@@ -14,21 +12,12 @@
 
 /**
  * Sort an array of media items in place by their order of appearance in an 
HTML document.
- * @param {!string} html a raw HTML document
- * @param {!Array} media an array of media items as returned by 
gallery.collectionPromise
+ * @param {!Array} titles a list of File page titles for media items
+ * @param {!Array} items an array of media metadata items as returned by 
getMetadata
  * @param {!Object} si a site info object as returned by mwapi.getSiteInfo
  */
-function sort(html, media, si) {
-const doc = domino.createDocument(html);
-const images = doc.querySelectorAll('img,video');
-const titles = [];
-// TODO: handle Mathoid-rendered math images
-images.forEach((img) => {
-if (img.hasAttribute('resource')) {
-titles.push(img.getAttribute('resource').replace(/^\.\//, ''));
-}
-});
-media.items.sort((a, b) => {
+function sort(titles, items, si) {
+items.sort((a, b) => {
 return titles.indexOf(dbKey(a.title, si)) - 
titles.indexOf(dbKey(b.title, si));
 });
 }
@@ -58,55 +47,29 @@
 });
 }
 
-function getTitles(items) {
-// Reject gallery items if they're too small.
-// Also reject SVG and PNG items by default, because they're likely to be
-// logos and/or presentational images.
-return items.map((item) => {
-return item.title;
-});
-}
-
 /**
  * Gets the gallery content from MW API
  * TODO: ensure that all media items are correctly accounted for on very large 
articles
  */
-function collectionPromise(app, req) {
+function getMetadata(app, req, titles) {
 const query = {
 action: 'query',
 format: 'json',
 formatversion: 2,
-titles: req.params.title,
-continue: '',
-prop: 'imageinfo',
-iiprop: 'dimensions|mime',
-generator: 'images',
-gimlimit: MAX_ITEM_COUNT,
-redirects: true
+prop: 'videoinfo',
+viprop: 'url|dimensions|mime|extmetadata|derivatives',
+viurlwidth: MAX_IMAGE_WIDTH,
+titles: titles.join('|'),
+continue: ''
 };
 return api.mwApiGet(app, req.params.domain, query).then((response) => {
-if (!response.body.query || !response.body.query.pages) {
-return { items: [] };
-}
-const query = {
-action: 'query',
-format: 'json',
-formatversion: 2,
-prop: 'videoinfo',
-viprop: 'url|dimensions|mime|extmetadata|derivatives',
-viurlwidth: MAX_IMAGE_WIDTH,
-titles: getTitles(response.body.query.pages).join('|'),
-continue: ''
-};
-return api.mwApiGet(app, req.params.domain, query).then((response) => {
-const pages = response.body.query && response.body.query.pages;
-const items = pages ? makeResults(pages) : [];
-return { items };
-});
+const pages = response.body.query && response.body.query.pages;
+const items = pages ? makeResults(pages) : [];
+return { items };
 });
 }
 
 module.exports = {
 sort,
-collectionPromise
+getMetadata
 };
diff --git a/routes/media.js b/routes/media.js
index 7275d50..c60ece7 100644
--- a/routes/media.js
+++ b/routes/media.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const BBPromise = require('bluebird');
+const domino = require('domino');
 const mUtil = require('../lib/mobile-util');
 const parsoid = require('../lib/parsoid-access');
 const sUtil = require('../lib/util');
@@ -16,17 +17,31 @@
  */
 router.get('/media/:title', (req, res) => {
 return BBPromise.props({
-page: parsoid.pageHtmlPromise(app, req),
-media: media.collectionPromise(app, req),
+html: parsoid.getParsoidHtml(app, req),
+// media: media.collectionPromise(app, req),
 siteinfo: mwapi.getSiteInfo(app, req)
 }).then((response) => {
-if (response.media.items && response.media.items.length > 1) {
-

[MediaWiki-commits] [Gerrit] mediawiki...FundraisingEmailUnsubscribe[master]: Disallow web access to /vendor

[Ejegg (Code Review)]

Ejegg has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391373 )

Change subject: Disallow web access to /vendor
..

Disallow web access to /vendor

Bug: T180237
Change-Id: Icea1d552079666b64cf7c66aa8c9ef5db7503234
---
A vendor/.htaccess
1 file changed, 1 insertion(+), 0 deletions(-)


  git pull 
ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/FundraisingEmailUnsubscribe
 refs/changes/73/391373/1

diff --git a/vendor/.htaccess b/vendor/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/vendor/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391373
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Icea1d552079666b64cf7c66aa8c9ef5db7503234
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/FundraisingEmailUnsubscribe
Gerrit-Branch: master
Gerrit-Owner: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikimedia...vendor[master]: Deny web access to /vendor

[Ejegg (Code Review)]

Ejegg has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/391364 )

Change subject: Deny web access to /vendor
..


Deny web access to /vendor

Change-Id: I8300b6165d1690e3598b9423dc2eb2d700833197
---
A .htaccess
1 file changed, 1 insertion(+), 0 deletions(-)

Approvals:
  Ejegg: Verified; Looks good to me, approved



diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391364
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I8300b6165d1690e3598b9423dc2eb2d700833197
Gerrit-PatchSet: 1
Gerrit-Project: wikimedia/fundraising/SmashPig/vendor
Gerrit-Branch: master
Gerrit-Owner: Ejegg 
Gerrit-Reviewer: Ejegg 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vendor[REL1_30]: Add .htaccess to disallow web access

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391427 )

Change subject: Add .htaccess to disallow web access
..

Add .htaccess to disallow web access

The /vendor directory does not need to be web accessible, and to reduce
attack surface, should not be web accessible.

Bug: T180237
Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
(cherry picked from commit b65773308574b344ea9ad3ffa2598d63fca4d313)
---
M .gitignore
A .htaccess
2 files changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vendor 
refs/changes/27/391427/1

diff --git a/.gitignore b/.gitignore
index 9d96ec6..c3d5b76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,5 +34,4 @@
 .settings
 /static*
 /tags
-/.htaccess
 /.htpasswd
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391427
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vendor
Gerrit-Branch: REL1_30
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/vendor[master]: Add .htaccess to disallow web access

[Reedy (Code Review)]

Reedy has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/391428 )

Change subject: Add .htaccess to disallow web access
..

Add .htaccess to disallow web access

The /vendor directory does not need to be web accessible, and to reduce
attack surface, should not be web accessible.

Bug: T180237
Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
(cherry picked from commit 77b6619a845993b5221dd2ff8b9fa1005fd06b04)
---
M .gitignore
A .htaccess
2 files changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/vendor 
refs/changes/28/391428/1

diff --git a/.gitignore b/.gitignore
index 9d96ec6..c3d5b76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,5 +34,4 @@
 .settings
 /static*
 /tags
-/.htaccess
 /.htpasswd
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all

-- 
To view, visit https://gerrit.wikimedia.org/r/391428
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I855212e10d6ff75d9778d275e0815a8ff19f1da7
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vendor
Gerrit-Branch: master
Gerrit-Owner: Reedy 
Gerrit-Reviewer: Legoktm 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits