mgaughan/mw-lifecycle-analysis
1
0
Fork 0
Code
7c587413aa
mw-lifecycle-analysis/121325_work/012926_possibly_relevant_sample.csv
Matthew Gaughan 7c587413aa updating with more clearly labeled possible ones
2026-01-29 20:32:14 -08:00

130 KiB
Raw Blame History

1authored_datecommit_dateauthor_nameauthor_emailmessagecase
22013-10-04 23:08:13+02:002013-10-04 21:10:24Bartosz Dziewońskimatma.rex@gmail.comAdd .mw-editsection-like class, behavior same as .mw-editsection The styling is neat and can be used for other purposes on-wiki (examples include the {{Documentation}} template on the English Wikipedia and the index of biographies at the Polish Wikipedia at [[Wikipedia:Indeks biografii]]). Since .mw-editsection is often used by scripts enhancing the links (including VisualEditor and many gadgets) using it for other things might cause unexpected behavior. Existing uses can now be easily swapped for .mw-editsection-like. Change-Id: Ic390c3047e5e6fd3a351d0ec1ca94ebef9367f6d c1
32013-07-18 02:47:55+02:002013-07-26 00:08:23Timo Tijhofkrinklemail@gmail.commediawiki.page.ready: Use wikipage.content instead of domready Restructure mediawiki.page.ready to add to the "wikipage.content" hook instead of using document-ready. Except for parts that aren't inside the wikipage content. Portlet links are outside content entirely and should run only once from document-ready still. Inputs with placeholders can be both inside and outside (inside with e.g. InputBox extension, outside in e.g. search bar of skin) so it needs to be in both. The one in document-ready needs to exclude ones in content to avoid applying the placeholder polyfill twice. This also opens up the doors for extensions and gadgets to reliably both fire and add to this hook: - Code can fire this hook when rendering a new DOM (such as LivePreview, VisualEditor, ..). - Code can add to this hook to enhance page content and have it properly re-run when there is a new DOM (e.g. gadgets like Navigation popups, Reference Tooltips, ..). Also added release notes for 2e97025. Bug: 30713 Bug: 33399 Bug: 51565 Change-Id: Icb0eda9edf2aeb3d612ff1d9bfea4859d33e1fbb c1
42013-07-23 17:28:47-07:002013-07-24 00:31:27Roan Kattouwroan.kattouw@gmail.comAdd a hook to Title::getEditNotices() so extensions can add them FlaggedRevs will have to use this to expose its edit notices to VisualEditor. Also add an $oldid parameter so edit notices can be generated based on the revision ID being edited. Change-Id: Ie44a01ebfa7002fa3a89f081e0f831442666ac03 c1
52013-07-24 01:15:12+02:002013-07-23 23:38:42Timo Tijhofkrinklemail@gmail.commediawiki.notification: Make notification area sticky to window Whenever the user scrolls beyond the natural offset (possibly customised by the skin, e.g. in Vector it accounts for the tabs and search bar, in Monobook it is relative to the content area, etc.) we switch from absolute to fixed position. Changed the 1em top/right padding to be actual padding instead of part of the offset, as otherwise `window.scrollTop > offset.top` would trigger too late and thus cause it to "jump" back about 13px (1em) whenever we switch (the scroll logic depends on the floating-mode offset being 0). Now it seemlessly switches between the two area modes. Based on logic in VisualEditor for the sticky editor toolbar. Using a class instead of an ID for the area element as otherwise all selectors would require being like "#area.area-floating" to work from the skin. This should've been the case from the beginning (using IDs in CSS is almost always bad). Falls back to absolute position in IE6, where 'fixed' is not supported (and would use positon 'static' otherwise which would be a problem). Cleaned up useless 'null' value for $area variable. Bug: 50870 Change-Id: Icb7cd68f48443c1770e3585c8567fea2ac16dad8 c1
62013-06-21 13:32:10+01:002013-07-15 10:26:02Ed Sandersesanders@wikimedia.orgAllow postEdit hook to be triggered asynchronously This is required by VisualEditor as it doesn't do a page reload after a save. So we need it to keep listening even if the initial config and cookie data doesn't show an edit was just made. * Allow the message to be overriden, as VE uses its own. * Using jQuery instead of direct DOM interaction with `div` (and renamed to $div accordingly). * Moved click handler from postedit-close to postedit-container. Bug: 39632 Change-Id: I778b18bc051c51de355e122d8d4517b5a651ed4c c1
72013-05-30 11:10:46-07:002013-05-31 21:25:49Ori Livnehori@wikimedia.orgMigrate Extension:PostEdit interface to core As requested by the VisualEditor team, this change migrates the post-edit confirmation notice from Extension:PostEdit to core. This entails porting the 'postedit-confirmation' en/qqq message from the extension's i18n file (the message key remains the same) to the appropriate message files and augmenting mediawiki.action.view.postEdit.js to not only signal post-edit state but also act on it by displaying the confirmation. Bug: 48276 Change-Id: I01cfc0630c3a505af82922844b5e70c1d61f3c1d c1
82013-04-03 21:17:08+02:002013-04-03 21:46:11Timo Tijhofttijhof@wikimedia.orgTest: Assert that modules loaded correctly. Since mw.loader catches any uncaught exceptions that modules throw at run time, it is hard for QUnit and/or the browser (e.g. PhantomJS) to know about a failure because there is no assert failure and no uncaught exception (window.onerror). VisualEditor's init module, for example, has a problem (bug 45175) that sometimes causes an error, causing none of the tests to run, yet the QUnit run would finish successful with simply none of the VE tests included in the results. Bug: 44299 Change-Id: Ib6e2b8d1be3e38fd9f1b948407c62da550fce0b4 c1
92013-03-21 19:45:17+01:002013-03-25 13:58:23Timo Tijhofttijhof@wikimedia.orgJSDuck: Cover more of external.js and implement @source Taken from VisualEditor repo (authored by myself under MIT). Hereby released under GPL as well. Change-Id: I4dc1a0e5c618e0a20ae6f308b4ecf266d041e22c c1
102012-12-05 08:37:48+01:002012-12-16 22:13:04Timo Tijhofttijhof@wikimedia.orgResourceLoader: Move safeFilemtime() to ResourceLoaderModule. This is a useful method not just for inside and sub classes of ResourceLoaderFileModule (i.e. it could've been useful in VisualEditor's ResourceLoaderModule class as well) Also moved up getTargets() to be in the right section (looking at the file as a whole). Change-Id: If696ffbdc5aa7f0a51603bcf9d52adab38b9c686 c1
112012-11-30 12:18:43-08:002012-11-30 20:18:43Trevor Parscaltparscal@wikimedia.orgRefactor edit notice rendering so that it's not baked into EditPage * Move edit notice rendering to Title class * Use new getEditNotices method in EditPage This opens the door for alternative editors (such as the VisualEditor) to use the same notice systems already in use. Change-Id: Ib0e40714f5433f4d75c54a3c3d60b1590fded7f1 c1
122013-11-23 00:32:59-05:002013-11-30 18:29:54Mark A. Hershbergermah@everybody.orgRestore Signupstart and Signupend messages for account creation This was removed during the redesign of the login process in I50f25583, but I found that 5-10% of non-wmf wiki sites used this message to display notices, previously. We should keep this around or at the very least provide advance notice for people. Bug: 56455 Change-Id: I79423c1a05f0359c902d1940c3ffcd5e509dcf97 c1
132013-11-22 16:09:07+00:002013-11-22 16:09:07MarkAHershbergermhershberger@wikimedia.orgMerge "Fix login with temporary password with $wgSecureLogin = true"c1
142013-11-22 10:32:18+01:002013-11-22 14:46:55Alexandre Emsenhuberialex.wiki@gmail.comFix login with temporary password with $wgSecureLogin = true The problem is that FauxRequest sets the protocol to http by default, thus triggering the redirect when executing Special:UserLogin in the background to log the user in after having reset his password. DerivativeRequest is now used instead of FauxRequest so that the protocol is correctly forwarded, and the redirect will not be triggered. Bug: 57289 Change-Id: I252351ff7d446283c9d1ab5f79b5cdbce71b76e0 c1
152013-11-08 21:00:00+01:002013-11-19 20:57:29Bartosz Dziewońskimatma.rex@gmail.comRemove 'prefsnologin' message, don't use 'watchnologin' where inappropriate There is no reason why the default can't be used instead. No other special pages requiring login have special messages for the title, as far as I know. Left one use of 'watchnologin' in WatchAction alone, since it also uses another special message there. This message is also currently used by the MobileFrontend extension. Change-Id: I7878ed3692358cee1f5785b34ab48a0cc83c05bc c1
162013-10-12 19:00:23+02:002013-11-19 11:03:49Bartosz Dziewońskimatma.rex@gmail.comConsistently handle anonymous users on logged-in-only special pages Added new helper function SpecialPage#requireLogin() to check if the current user is logged in and, if not, format an error message linking to Special:Userlogin and throw UserNotLoggedIn exception, to be handled by OutputPage later. Reused old error messages. Not all use the new parameter and they're very inconsistent, but this is a matter for another patch. Used it on 7 special pages. I don't think there are any other ones which specifically require having an account, instead of just some rights usually associated with logged-in users. * SpecialChangeEmail * SpecialChangePassword: It allows anonymous users under specific circumstances, but is logged-in-only in general. * SpecialConfirmemail * SpecialEditWatchlist * SpecialPreferences * SpecialResetTokens: It was missing the check, added it. * SpecialWatchlist Change-Id: I43ceaddb370d09784021b3fc2d5d1ff6616fef1f c1
172013-10-30 19:10:51+00:002013-10-30 19:10:51Tony Thomas01tonythomas@gmail.comRenamed "Your name" to "Your username" to match with the Media wiki login page Bug: 56235 Change-Id: Id7d303932b3ddf74308e2d9f3b54e08c6b1df5eb c1
182013-10-16 18:24:12+02:002013-10-16 16:28:38Bartosz Dziewońskimatma.rex@gmail.comReindent UsercreateTemplate and UserloginTemplate A perceptive reviewer will note several issues with this code, including at least one outright bug. I intend to fix them in subsequent commit; I tried to avoid any non-whitespace changes here to make it at all possible to review this. This file has several lines longer than the phpcs limit of 100 characters, and several cases of the <?php } ?> pattern phpcs complains about. I don't think it makes sense to enforce these rules here; the code would IMO become less readable. Change-Id: I95ab0f644fd5963878018f483f22e650867b5135 c1
192013-10-16 10:29:39-04:002013-10-16 15:26:29Brad Jorschbjorsch@wikimedia.orgInclude miscellaneous query parameters in $wgSecureLogin redirect The redirect from http to https should include any extra query parameters, such as the ones for "campaigns". But we still want to override returnto and returntoquery (in case they were changed in ::load(), e.g. lines 139140), and we omit any 'title' parameter that may have been passed. Bug: 55761 Change-Id: Icc8b4132e8682d782b0c049631328b94745eb355 c1
202013-10-11 13:42:10-06:002013-10-15 15:38:52Bryan Davisbd808@wikimedia.orgAdd configurable delay between purgeChangedPages batches UDP flooding is possible when purging large numbers of files. This change adds a command line switch to the purgeChangedPages.php maintenance script to insert an artificial delay between purge batches. The intent is to allow the network time to process the batch that was just sent before flooding with a second batch. `--sleep-per-batch` can be used in combination with `--batch-size` to manage network and to some extent query load. A suggested starting point would be to use `--sleep-per-batch=500` in concert with the default batch size of 100 to target a maximum rate of 200 packets/second. Bug: 55632 Change-Id: Ibfc54b1767f145098465404a2b23cd92852e41fd c1
212013-10-08 13:11:54-07:002013-10-08 21:15:29Mark Holmquistmtraceur@member.fsf.orgQuick refactor of the http logic in ForeignAPIRepo Automatic caching, will enable slightly smaller patches elsewhere. Resetting after failing at a rebase. Change-Id: I6849107a3af773687a31155b23a2d7b4d7a60645 c1
222013-08-24 22:37:58+02:002013-10-06 19:00:26MatmaRexmatma.rex@gmail.comSpecial:UserLogin UI improvements when user is logged in * Show a warning about being already logged in above login form * Show a button pointing to signup form with suitable explanation Also changed some internal template stuff (s/createAnother/loggedin/). Bug: 53306 Change-Id: I1672ee09330c231110c4db310a645d1382cc0b59 c1
232013-10-05 10:14:24+02:002013-10-05 09:16:14Federico Levafedericoleva@tiscali.itUse a more standard "Forgot your password?" in userlogin-resetpassword-link <https://translatewiki.net/wiki/Thread:Support/About_MediaWiki:Userlogin-resetpassword-link> Change-Id: I24ad148dd8b316ec1dc4de0b501eeeedb1940c0d c1
242013-10-02 13:46:30-04:002013-10-02 20:01:42Brad Jorschbjorsch@wikimedia.orgAllow AbortLogin hook to override error messages The AbortLogin hook has a $msg argument that allows for specifying a MediaWiki message to display to the user. But this message is only used when the hook is aborted with LoginForm::ABORTED. There's no reason not to use this same parameter for the other possible failure constants. Note this is a slight change in behavior for the hook, as previously the $msg parameter would be coming in as "login-abort-generic" unless an earlier hook altered it, while now it will be null. Change-Id: Ib03a1aed9dfb566a027c31c015aa30619174a6c2 c1
252013-09-27 13:39:50-07:002013-09-30 17:16:15csteippcsteipp@wikimedia.orgRedirect to https for signup Redirect to https for most user, since they will be sending their password with their signup request. GeoIP prevention of the redirect is still respected. Bug: 53651 Change-Id: I12646fcd268c78fd446c6dbf2ba201eee3846444 c1
262013-09-25 15:42:02-07:002013-09-25 22:42:02csteippcsteipp@wikimedia.orgVary on forceHTTPS cookie Varnish seems to be returning the cached version of pages for users after they have logged in over https, but access an http page. This seems to occure because only the forceHTTPS cookie is sent on the request, but varnish doesn't vary the cache based on that cookie. Bug: 54513 Change-Id: Ia97ed80622191669ee5ca37af809d307bbdb61ae c1
272013-08-29 09:45:30-07:002013-09-03 22:04:47Brad Jorschbjorsch@wikimedia.orgSECURITY: Prevent tokens in jsonp mode Add checks to token-returning functions to prevent returning tokens in jsonp mode. This affects action=tokens, action=login, action=createaccount, and action=query&list=deletedrevs. Also, remove the "gettoken" parameter to action=block and action=unblock, which has been deprecated since 1.20. Bug: 49090 Change-Id: Ibeaa5c72d8084585092b15935a3f5709104bf7f7 c1
282013-07-27 19:10:04+02:002013-09-01 09:48:15Nemo bisfedericoleva@tiscali.itMake morenotlisted more grammar-friendly It's nice to be able to have different translations compared to moredotdotdot, but normally "More not listed..." is not worth the grammatical hassles and is not one-size-fits-all. <https://translatewiki.net/wiki/Thread:Support/MediaWiki:Morenotlisted_too_general> Change-Id: Ica649d7630106143204c3495c544025439bb1921 c1
292013-08-19 15:34:33+02:002013-09-01 09:39:59Nemo bisfedericoleva@tiscali.itUse login-throttled properly everywhere Actually proper usage would probably be to split the messages. Followup to Id385be840f340476fbe7a818ff1d05154fe86d68; spotted by Shirayuki. https://translatewiki.net/wiki/Thread:Support/About_MediaWiki:Login-throttled/en Change-Id: I565971a90fc383327a51d717a80013cb7a3e9c9b c1
302013-08-30 17:00:03-07:002013-08-31 00:00:03csteippcsteipp@wikimedia.orgAlso redirect if prefixed https cookie is preset After we switch to not using prefixes, still respect prefixed cookies for users who are currently logged in. Bug: 53538 Change-Id: I950e36e10420209fca28c41c438c363a3f332c14 c1
312013-08-28 10:57:57-07:002013-08-28 18:57:57Chad Horohoechadh@wikimedia.orgAdd help message to prefershttps The preference requires logging back in again to set the new cookies. Change-Id: I2602205eec752c927ac6df81545e69f5c9e70ee4 c1
322013-08-20 13:29:23-07:002013-08-27 15:22:05Brian Wolffbawolff+wn@gmail.comMake thumb.php give http redirects if given a file redirect See bug 22390 for some of the background. Basically there's two reasons why we want this: * Hotlinkers to commons. We don't want to break their links when we move a file (Wikimedia blog is a prominent hotlinker) * Cached entires. On wikis using commons files, a file move doesn't trigger HTMLCacheUpdate jobs for the downstream wiki (it only triggers it on commons). This means that these pages will still use the old version of the html (with img tags that have the old url) until the next edit or purge action. But these urls won't work as soon as the file is moved. I'm pretty confident that redirects will work at this point in the thumb stack, as the redirects for long file names work fine (provided no thumb exists in swift with the wrong name). Change-Id: I40350121cf902f66fcbd3cf788335a988fa7ee33 c1
332013-08-21 20:42:32-07:002013-08-24 18:04:23csteippcsteipp@wikimedia.orgSetup cookies security based on user preference Use the user pref instead of the login form checkbox for setting up cookie security on login. The preferences menu is still broken (always shows checked, even if preference has been turned off), but this will log the user in (over https), and then redirect them back to http if they have selected to not use https. Likewise, if they have the default preference to use https, they get the forceHTTPS cookie and other cookies secure. Change-Id: I08f67b35f355ef193ae86cb9cca3799e247ead4e c1
342013-08-23 12:34:06-07:002013-08-23 19:34:06Chad Horohoechadh@wikimedia.orgOnly show prefershttps if IP can use HTTPS Change-Id: I7493a329d35fad3f17aac2df935f4f9306828884 c1
352013-08-09 19:31:08+02:002013-08-23 00:48:33MatmaRexmatma.rex@gmail.comRemove inconsistent font-family declarations Removed explicit uses of Helvetica Neue, Helvetica and Arial from mediawiki.ui (currently used in om account creation and login interface) and post-edit notifications. The browser is allowed to use its default font instead. Bug: 44394 Change-Id: I01eec72853b24d530d8733352a68d0a26967488f c1
362013-08-23 00:49:01+01:002013-08-22 23:49:01Reedyreedy@wikimedia.orgFatal error: Call to a member function formatDuration() on a non-object in SpecialUserlogin.php on line 818 Bug: 53246 Change-Id: Ie2b23cefe569b31c2da67e16077d4557c6247bc9 c1
372013-08-21 14:34:47+02:002013-08-21 12:34:47Platonidesplatonides@gmail.comForce a space between password label and reset link. userlogin-yourpassword and userlogin-resetpassword-link appeared concatenated if the css wasn't available: "PasswordReset your password" Change-Id: I59049a3f1f912c45da89b1441661c3b725e1459b c1
382013-08-21 11:39:45+10:002013-08-21 03:43:46Tim Starlingtstarling@wikimedia.orgCore support for disabling HTTPS based on GeoIP * Introduce a hook allowing automatic redirects to HTTPS to be disabled on the basis of client IP address. * Make User::requiresHTTPS() return false if the client IP is blacklisted as such. * On login, make the "stick HTTPS" option default to false if the client IP address is blacklisted as such. * Do not redirect anonymous requests to HTTPS. * If $wgSecureLogin is enabled, link to the HTTPS login page *via* the HTTP redirect, so that there is no need to vary the cache of anonymous page view HTML on client IP address. Change-Id: Iaa9dd2108431b8c35e05db4bfe78a629018a003c c1
392013-08-19 10:31:38-07:002013-08-20 00:13:56Chad Horohoechadh@wikimedia.orgRemove padlock icon from login link Change-Id: I021f7a92b84e73502328d8186dc7ca1e1946ca0d c1
402013-02-01 12:25:53-05:002013-08-19 23:57:04Tyler Anthony Romeotylerromeo@gmail.comChange secure login to use a user preference Removed the wpStickHTTPS checkbox from the login form, and instead just use the user's preferences along with whether they came from HTTPS or not to determine if they should stay in HTTPS. Bug: 29898 Bug: 52283 Change-Id: I69e9cb23b8d700e821b8a961c672958e4e19e4f8 c1
412013-08-11 11:48:59+02:002013-08-18 08:01:31Nemo bisfedericoleva@tiscali.itIn login-throttled, specify how long you have to wait before logging in Throttle time will be enough to give an idea of the time to wait. The actual time seems to be the time since the first of the last n attempts in time t as per $wgPasswordAttemptThrottle, but it does not seem too bad if the user gets a new full pool of allowed attempts. Bug: 46965 Change-Id: Id385be840f340476fbe7a818ff1d05154fe86d68 c1
422012-12-22 20:12:09+00:002013-08-13 14:45:37Alex Monkkrenair@gmail.comTweak login/account creation for logged in users * Don't show the "Don't have an account? [Join <sitename>]" box to logged-in users. * Use different message for "Real name" (disabled on WMF wikis) when creating another's account. Also document showCreateOrLoginLink() and set its visibility. Bug: 43172 Change-Id: I1b0bb6b78cbc5d37ef9f380a4bdf0f65d021a57f c1
432013-08-07 12:21:22-04:002013-08-07 23:18:46Brad Jorschbjorsch@wikimedia.orgAdd wfResetSessionID() The code for changing the session id cookie from Special:Userlogin is also needed in CentralAuth. So let's factor it out to avoid code duplication. Change-Id: I777f76ee8e2b953a1e972327bedc28e0ab1acf0d c1
442013-08-06 16:04:15-04:002013-08-07 21:43:06Brad Jorschbjorsch@wikimedia.orgImprove WebResponse::setcookie Various bits of code are not using this because it doesn't support various use cases, e.g. session cookies, httpOnly, custom paths, etc. Refactor it to add all those options. Also add a hook so extensions can override the setting of the cookie. Change-Id: Ia0c424a48d9455a8574d91631cde0f00c9882288 c1
452013-06-06 00:55:18-03:002013-08-07 19:05:07Brian Wolffbawolff+wn@gmail.comHave separate timeouts for upload by url ($wgCopyUpload[Async]Timeout) Add $wgCopyUploadTimeout and $wgCopyUploadAsyncTimeout to control the timeout for the http request used to fetch the file during upload by url. People reasonably may want to make this higher than $wgHTTPTimeout for the case where very large files are being downloaded. Also add the ability for callers of UploadFromUrl::fetchFile to override the timeout as they please (and set any other HTTP opts). This patch was inspired by conversation with dan-nl about gwtoolset. Change-Id: Ia85a97434c14adcdaafc0802cbe0530bfa57a435 c1
462013-08-05 20:15:49+02:002013-08-05 18:44:53addshoreaddshorewiki@gmail.comAllow different users to login in Api tests Change-Id: I6f79416e4580ed8bf57836b78aa7027ea8f0d280 c1
472013-07-24 01:15:12+02:002013-07-23 23:38:42Timo Tijhofkrinklemail@gmail.commediawiki.notification: Make notification area sticky to window Whenever the user scrolls beyond the natural offset (possibly customised by the skin, e.g. in Vector it accounts for the tabs and search bar, in Monobook it is relative to the content area, etc.) we switch from absolute to fixed position. Changed the 1em top/right padding to be actual padding instead of part of the offset, as otherwise `window.scrollTop > offset.top` would trigger too late and thus cause it to "jump" back about 13px (1em) whenever we switch (the scroll logic depends on the floating-mode offset being 0). Now it seemlessly switches between the two area modes. Based on logic in VisualEditor for the sticky editor toolbar. Using a class instead of an ID for the area element as otherwise all selectors would require being like "#area.area-floating" to work from the skin. This should've been the case from the beginning (using IDs in CSS is almost always bad). Falls back to absolute position in IE6, where 'fixed' is not supported (and would use positon 'static' otherwise which would be a problem). Cleaned up useless 'null' value for $area variable. Bug: 50870 Change-Id: Icb7cd68f48443c1770e3585c8567fea2ac16dad8 c1
482013-07-06 13:29:13+00:002013-07-06 13:29:13TheDJhartman.wiki@gmail.comMerge "SpecialUserlogin: fix typo in comment"c1
492013-06-30 22:46:45+02:002013-07-01 23:35:02MatmaRexmatma.rex@gmail.comSpecialUserlogin: fix typo in comment Change-Id: Ia67e2b0b87ca09aaa1ad285867ccd3f4a95a6026c1
502013-04-23 11:57:31+01:002013-06-30 21:30:27Reedyreedy@wikimedia.orgLossless PNG compression... Change-Id: I392f050e8ba1b5b1d28bc958a124cb237d8ea4b6 c1
512013-06-20 22:13:18-04:002013-06-27 19:30:31Matthew Flaschenmflaschen@wikimedia.orgPreserve returnto when upload requires logging in Changes link text to loginreqlink message since OutputPage->showPermissionsErrorPage passes that in. Change-Id: Iebde4398cdb74eb2fcc441601f074c93a7ad6073 c1
522013-06-19 22:25:40-07:002013-06-20 05:25:40S Pagespage@wikimedia.orgRestore messages of old login and signup forms The change 44840d15929d8ecfc1d7c31d6f7e86d873ac15a2 "Only new vertical format login and signup forms" removed some messages no longer used in core, but 'userlogin' is used by extensions including MobileFrontend This restores the messages but marks them as unused in core and deprecated. Change-Id: I82c4fc37481a4a0dea1e839238188f6555e3c60d c1
532013-06-04 22:20:00-07:002013-06-18 06:29:50S Pagespage@wikimedia.orgOnly new vertical format login and signup forms * The "VForm" templates replace existing templates. * Remove useNew switch logic and $wgUseVForm{UserLogin,CreateAccount}. * The CSS and JS files for forms lose the .vform qualifier, except for the CSS for styling vform elements. * Merge tiny mediawiki.special.userLogin.signup.js into createAccount.js. * Remove replaced and obsolete messages (see https://www.mediawiki.org/wiki/Account_creation_user_experience/Strings for details), and remove mention of "new" forms and useNew from MessagesQqq.php. Bug: 46333 Change-Id: I50f25583c3aa9a4a263fb40f50256f92c18ddb4d c1
542013-05-12 15:26:49+00:002013-06-11 01:02:13Niklas Laxströmniklas.laxstrom@gmail.commediawiki.api: Implement login method Change-Id: I1113a076ff66e20ece1db9380969e7a7b5a68f1a c1
552013-03-18 17:46:39-04:002013-06-04 22:27:46Tyler Anthony Romeotylerromeo@gmail.comAdded SSL verification to PHPHttpRequest. PHP's stream context options support SSL server verification as well a CN matching and provision of CA info. Added options to the stream context so that the $sslVerifyHost, $sslVerifyCert, and $caInfo parameters now work in non-CURL environments. Change-Id: Iab2bda1ebcf20b625b019c91ae6352b5405dcc01 c1
562013-05-29 15:06:39-07:002013-05-29 22:22:11S Pagespage@wikimedia.orgDarker labels in new login and create acct forms Bug: 47777 Change-Id: I01dd960d673a37d519ae8805db1fbbcb5a4306c9 c1
572013-05-13 17:33:13-04:002013-05-13 21:33:13Matthew Flaschenmflaschen@wikimedia.orgFix Qqq link for userlogin-resetpassword-link * ResetPassword redirects to ChangePassword, which doesn't work logged out * PasswordReset is the actual "forgot my password". Change-Id: I4b9a7c3fe80feb8d2a8e4fe3be1238d2cc55d348 c1
582013-05-09 16:55:07-07:002013-05-11 06:57:15S Pagespage@wikimedia.orgMessage changes for new login form Shorter "Reset your password" (new key userlogin-resetpassword-link). Shorter "Use secure connection" (existing key userlogin-signwithsecure). Better explanations. Change-Id: Ia8e4219b200c25a61cbbade36841bb2c45cc9704 c1
592013-05-02 22:47:40+00:002013-05-02 22:47:40Ori.livnehori@wikimedia.orgMerge "Message tweaks to new login and create acct forms"c1
602013-04-26 22:00:55-07:002013-05-01 03:06:58S Pagespage@wikimedia.orgMessage tweaks to new login and create acct forms * "Keep me logged in" (bug 47694) * "[Create my account]" submit button (bug 47700) * "Why you are creating another account" placeholder (bug 31888) Bug: 47694 Bug: 47700 Bug: 31888 Change-Id: I7cfa4bb36368277a934144c1724ec437c426eacf c1
612013-04-05 21:57:03-04:002013-04-23 22:56:02Matthew Flaschenmflaschen@wikimedia.orgCreate account form with vertical form appearance Similar to the login form (change 55847), this presents a compact vertically-stacked form, if a global variable is set or if you add ?useNew=1 to the query string. The redesigned create account form also: * Removes the remember me checkbox (see bugzilla 47267) * Displays some wiki statistics in a benefits column. * Repositions the FancyCaptcha image if present using JavaScript (see bugzilla 47372). * Sets the template skin as in change 59577. Bug: 44628 Bug: 47267 Change-Id: I9b03d519af43de147bff0ac509a1154f67cd3a0a c1
622013-04-16 20:51:18-07:002013-04-17 06:13:56Ori Livnehori@wikimedia.orgSet 'skin' template parameter rather than override parent method BaseTemplate's getSkin() method is perfectly adequate if you simply set a skin value where it expects it. Doing so obviates the need to reimplement getSkin() in UserloginTemplateVForm and UsercreateTemplateVForm. Change-Id: Icd22de2218fc96cb67c11d0c1763b607743fe3b6 c1
632013-03-04 19:13:39-08:002013-04-11 22:26:45S Pagespage@wikimedia.orgRevised design of Special:Userlogin If a global variable is set or if you add ?useNew=1 to the query string, Special:Userlogin loads a different login template (UserloginVForm.php) with the new Vertical Form appearance and different messaging. Otherwise the current unchanged template renders so that wikis can cut over to the new look when ready (with messages and links). Once they do so, the variable and flag will be retired. The new template applies mw-ui-vform and mw-ui-button styles defined in a new 'mediawiki.ui' CSS module in core to create a compact vertical form. The mw-ui styles specify a Helvetica font stack (that we tested in the Account creation experiment) in the form area, but NOT if the user is using some other skin than Vector. The CSS code is developed using Sass. The patch includes the Sass scss files, along with a Makefile that uses their Compass build configuration (config.rb). The redesigned Special:Userlogin also: * Displays a "secure login" link if HTTPS is available. * Loads additional CSS for its form features (e.g. more attractive errorbox, "Join wiki" messaging). * Defines new "userlogin-xx" messages; many are the same as existing messages but without ':' on the end. * Uses a distinct title for Login instead of generic "Log in / Create account". * Removes the [mailmypassword] code branch from its login template as it is never executed. Bug: 44628 Change-Id: I489042c50aa060c90ca18b05097dbe25c4ae6395 c1
642013-02-18 20:43:03+01:002013-04-10 08:04:16jeroendedauwjeroendedauw@gmail.comRemove dependency on ORMTable from ORMRow IORMRow implementing objects take a IORMTable object in their constructor. The later is a hard to construct service object while the former ideally should just be a simple wrapper around a database row. This means IORMRow objects are tightly coupled with IORMTable objects, which makes them inflexible and makes various things such as testing logic contained in them needlessly difficult. This commit gets rid of this nonsense by allowing for construction of ORMRow objects without providing an ORMTable. All methods dependent on the table field have been deprecated. Most of these methods have a new alternative in ORMTable. For instance, saving an ORMRow can now be done by passing an instance of ORMRow to the updateRow method of an ORMTable instance, rather then calling save on the ORMRow instance. Backwards compatibility has been retained except for the fields passed in the constructor no longer undergoing magical unserialization if it looks like this is needed. I do not expect this will affect any existing code though. Change-Id: I86368821fc2cd0729df5342b8572eb470c0f77a0 c1
652013-02-22 10:36:55+01:002013-04-09 21:49:27Pau Ginerpau.giner@gmail.comAdd SVG version of user icon in Vector personal portlet An SVG version of the user icon is provided only for browsers supporting SVG. To ensure browser compatibility, the SVG version is provided in a two-layer background where the first layer is a transparent gradient. The fact that browsers supporting CSS gradients are a strict subset of those supporting SVG guarantees an appropriate fallback. Embedding is used to avoid extra http requests. Bug: 35341 Change-Id: I914da0649459744ccca9e1a78e9f48fe66e1a77f c1
662013-03-20 15:48:28-04:002013-04-04 14:09:34Chad Horohoechadh@wikimedia.orgRemove ExternalUser authentication code This was an experimental authentication system intoduced a couple of years ago with a pretty narrow use-case. It's been pretty much ignored since introduction, and makes login more complicated than it needs to be. I didn't drop the external_user table on the off-chance someone out there actually has data in it, but they should use AuthPlugin for their external authentication needs. Change-Id: I794338dbb75961ee033d41fa44bb7aa22e54f447 c1
672013-03-28 12:54:11+01:002013-04-01 15:43:28Siebrand Mazelands.mazeland@xs4all.nlReduced indentation levels, broke long lines. Reversed login a two cases to get there. Also updated PHPDoc, removed an unneeded comment and removed superfluous newlines. Change-Id: Ica5f7d24171e2eaeccc0743f8800e18cf2de8006 c1
682013-03-09 06:57:07-04:002013-03-27 11:41:20Brian Wolffbawolff+wn@gmail.comSet lang in api createaccount regardless of $wgLoginLanguageSelector $wgLoginLanguageSelector is related to how the interface of special:userlogin works. It doesn't make sense to listen to it in the api module Also throw error if invalid lang code is specified (for sanity) Change-Id: Ibf72fd5a318cadc450b3b579757ee8145864a27a c1
692013-03-19 19:52:13+00:002013-03-19 20:10:19Matmarexmatma.rex@gmail.comRevert "Change login/createaccount forms to new appearance" The code did not go through a proper review process, and - quite simply - it is unacceptable by core standards (or by any standards, to be honest). * It "[u]ses JavaScript to munge the create account CAPTCHA", to quote the commit message * It is littered with TODOs and FIXMEs, as well as messages from one coder to the other and commented-out code * It modifies some HTTPS-related logic for no obvious reason (it's not documented or even mentioned *at all* in a otherwise front-end changeset) * It happily disregards code conventions (trailing spaces, #-comments, CSS formatting) * It includes different CSS font-family rules that the entire rest of software uses for display, creating design inconsistency * It hardcodes links in the format "/wiki/XXX" * It hardcodes English-language link hrefs This reverts commit 92bb00d35688e72ebeea75ed55a6db981cfb71e5 Conflicts: languages/messages/MessagesEn.php Change-Id: I00d72fe157e697d5cf926e75bcea5db0bee153e5 c1
702013-03-04 19:13:39-08:002013-03-19 04:12:03S Pagespage@wikimedia.orgChange login/createaccount forms to new appearance If a global variable is set or if you add ?useAgora=1 to the query string, Special:Userlogin loads a different login or create account template (Userlogin-/UsercreateAgora.php) with an Agora look and different messaging. Otherwise the current form is unchanged so that wikis can cut over to the new look when desired. These new templates apply mw-ui-formlist and mw-ui-button styles defined in a new 'mediawiki.ui' CSS module in core (copied from Extension:Agora). In useAgora mode, Special:Userlogin also: * Adds new modules with some additional CSS for new form features ("Join wiki", benefits of creating an account). * Defines new "userlogin/usercreate-xx" messages, many are the same as existing messages but without ':' on the end. * Uses a distinct title for each mode instead of generic "Log in / Create account". * Uses JavaScript to munge the create account CAPTCHA. * Outputs checkboxes using UserloginTemplateAgora::labelledCheck() * Displays a benefits column of wiki edits/users/contributor numbers. TODO: - Restyle/reposition language selector - Munge CAPTCHA in PHP not JavaScript, i18n of new CAPTCHA messages. - Identify the subset of Agora appropriate for non-Vector skins and create mediawiki.ui.default.css from that. Patch set 18: Agora styles now in core. Bug: 44628 Change-Id: I859edab4fc4fa9fe35fdef15fc429ae19a95305d c1
712013-03-18 18:46:26+00:002013-03-18 18:47:05Yuvipandayuvipanda@gmail.comMerge "(Bug 45775) Adjusted the margin of "userloginForm""c1
722013-03-13 23:38:31+05:302013-03-18 18:36:19rahul21rahul14m93@gmail.com(Bug 45775) Adjusted the margin of "userloginForm" Change-Id: Ibede75a3f4e998d1972cacf1f5840882d39550ee c1
732013-03-15 15:15:17-07:002013-03-15 22:15:17Ryan Lanerlane@wikimedia.orgAdd id for domain list on user create form The user login form already has this id for the domain list, so I'm adding it for the create form as well. Change-Id: I1eec31c461a5c76565acf1e0bbfa07f367591678 c1
742013-02-27 17:58:52-08:002013-02-28 02:03:44Tim Starlingtstarling@wikimedia.orgPreserve caller expectations for behaviour of sslVerifyHost (bug 42441) The previous patch unnecessarily broke backwards compatibility in the Http::request() API, following cURL's broken conventions for sslVerifyHost instead of the boolean interpretation expected by all existing callers. This change reverts that one, and fixes the bug in another way. See Ia6535f10. Also don't bother wrapping the $this->sslVerifyHost access with isset() since it's always set. Change-Id: Ia4e1689249b6ac515b859ea2eca1dcff3e63098c c1
752013-02-13 06:22:54+00:002013-02-13 06:22:54Krinklettijhof@wikimedia.orgMerge "Revert "phpcs: Convert var to public in SpecialUserlogin.php""c1
762013-02-13 06:19:24+00:002013-02-13 06:19:24Krinklettijhof@wikimedia.orgRevert "phpcs: Convert var to public in SpecialUserlogin.php" This reverts commit 343382e4b783d528d7b1a3153681463c4c6a4597 Change-Id: I5609ab996a178d58a532d6a0bfc3d952d0629c1c c1
772013-02-11 19:23:37-08:002013-02-12 03:23:37S Pagespage@wikimedia.orgAvoid Jenkins' CodeSniffer warnings for Userlogin Change property declarations from "var" to "public". This eliminates the 46 | ERROR | The var keyword must not be used to declare a property warnings from Jenkins CI, e.g. https://integration.mediawiki.org/ci/job/mediawiki-core-phpcs-HEAD/1565/console http://php.net/manual/en/language.oop5.properties.php says "If you declare a property using var instead of one of public, protected, or private, then PHP 5 will treat the property as if it had been declared as public." , so this should be a no-op. Change-Id: I754ccea018f95421bfe3f7b04e3ab3a6d9b407e3 c1
782013-02-08 14:07:40+01:002013-02-08 13:07:40Alexandre Emsenhuberialex.wiki@gmail.comCorrect check whether the e-mail field was filled in Special:Userlogin/signup Use a strict comparison with '' instead of empty(), otherwise this allows user to give "0" as an e-mail address. Also use strval() if in any case null or something like that would be passed. Change-Id: Ide7d35c52a04d05b43ae9fd37f7586bb4a67d4ed c1
792012-12-16 19:18:24+08:002013-01-12 08:19:32Liangentliangent@gmail.com(bug 22457) More natural flow for the "By e-mail" feature This feature is on Special:Userlogin/signup to allow a random new password to be sent to expected account owner on assisted signup. It uses JavaScript to hide the password & retype password fields when a logged-in user creates an account (for someone else) and checks the by e-mail feature. Change-Id: I7bf57eef64fea19a8237f997019e0b2bfdf401b3 c1
802012-10-08 00:21:08-04:002012-12-14 01:45:16Tyler Anthony Romeotylerromeo@gmail.com(bug 40679) Set $wgSecureLogin to false for $wgServers with schemes. When $wgServer has a scheme, force $wgSecureLogin to false in order to stop infinite redirects when trying to go to the login page. Change-Id: I5792eb1a54c7b6279aad0531cedf9f7b4bf94e6e c1
812012-12-07 14:54:20-05:002012-12-12 18:20:53Tyler Anthony Romeotylerromeo@gmail.com(bug 42832) Fixed cookie security when not wpStickHTTPS. When a user goes to a secure login page, but does not want to stick to HTTPS, reset the session so that all session cookies are not secure otherwise the session won't be setup on HTTP. Change-Id: I54ba02b723442f6d8b585f0f86a572b56be06596 c1
822012-11-29 14:02:18-08:002012-11-29 22:18:31csteippcsteipp@wikimedia.org(bug 40995) Refresh SessionId on login SpecialUserlogin updated to refresh the user's session_id on each successful login. Change-Id: I1bd76f2c199b515f570e18669ca2138668bf847e c1
832012-10-24 01:18:08+02:002012-11-20 13:45:11Marius Hochhoo@online.de(bug 36053) Login returnto doesn't work if title isn't in the URI Returnto after login didn't work if title wasn't given as URI parameter. I'm using $this->getTitle() to find it out, in case the user got read rights (per code comment above my change). Change-Id: I14d92581ce790355404d3c184fa6542a24f7a130 c1
842012-11-19 17:33:31+01:002012-11-19 16:33:48Timo Tijhofttijhof@wikimedia.orgCleanup: Fix yoda and indentation in SpecialUserlogin.php Change-Id: I0bde21a8da679350559779132dbd7b1ba85116d1 c1
852012-11-13 23:32:27+00:002012-11-13 23:32:27Anomiebjorsch@wikimedia.orgMerge "Separated validation login in SpecialBlock."c1
862012-11-03 00:56:24-04:002012-11-03 20:51:07Tyler Anthony Romeotylerromeo@gmail.comSeparated validation login in SpecialBlock. Separated SpecialBlock::validateTargetField so that it can be used without needing an HTMLForm. Now there is a function SpecialBlock::validateTarget that does the actual validation. Change-Id: I70d854b95e864b249c8a1862bda3b6cbef4f682d c1
872012-10-21 22:43:45+02:002012-10-21 20:43:45mrblueskymrbluesky@wikipedia.beCorrecting system message linksearch-text The introduction on Special:LinkSearch is not correct: when no protocol is specified, http is used. To search for links with another protocol, the protocol has to specified. Change-Id: Iaaebc3770c3463e59784df0fd601e08c835a2e23 c1
882012-09-27 20:24:19+02:002012-10-13 16:03:08Federico Levafedericoleva@tiscali.itSI standards for time units * Use "min" rather than "m". * Add normal spaces to avoid hassles, no wrapping here anyway. <https://translatewiki.net/wiki/Thread:Support/Abbreviation_for_'minute'> Change-Id: I07f7aff41a831c88b82d6ddc53914372d6aec023 c1
892012-10-09 17:37:25+00:002012-10-09 17:37:25CSteippcsteipp@wikimedia.orgMerge "(bug 40789) Fixed $wgSecureLogin after-login redirect."c1
902012-10-09 09:45:03+11:002012-10-08 23:20:45Tim Starlingtstarling@wikimedia.org(bug 16020) Fix race condition in User::addToDatabase() Fix the DB error which comes from User::addToDatabase() if it is called when the user already exists. This is the most common DB error we log at WMF in normal operation, perhaps because of double clicks on the "create account" button, or perhaps due to CentralAuth autocreation when multiple pages on another wiki are opened in the browser simultaneously, as the bug reporter suggests. See the doc comment for the interface rationale. Patched Special:Userlogin to be aware of the new return value. Most extension callers will continue to work, I will patch a couple that need it in subsequent commits. Change-Id: I1f6ef5e6319bfe692fb82a3fa50dc66c9fde8f15 c1
912012-10-07 10:17:31-04:002012-10-07 14:17:31Tyler Anthony Romeotylerromeo@gmail.com(bug 40789) Fixed $wgSecureLogin after-login redirect. Check for $wgSecureLogin accidentally redirected users to HTTPS when $wgSecureLogin was off. This fixes the conditional statement so that when secure login is off original functionality is preserved. Change-Id: Ida8a2de849e2ad208129b272936ebc5806a16d71 c1
922012-10-06 20:08:20+00:002012-10-06 20:08:20Siebrandsiebrand@wikimedia.orgMerge "(bug 23222) The "login again" link on Special:Userlogout now has returnto parameter"c1
932012-10-06 14:50:28+02:002012-10-06 13:05:31Alexandre Emsenhuberialex.wiki@gmail.com(bug 23222) The "login again" link on Special:Userlogout now has returnto parameter It is much more user-firendly for user that logout and then click the "login again" to have the "Return to" links pointing to the page they were before logging out. Based on patch by Ilmari Karonen. Change-Id: Ia63d7743b9a02ee81eb76cdd34da375a66589059 c1
942012-09-27 19:01:49+02:002012-10-04 19:39:38MatmaRexmatma.rex@gmail.comCologneBlue rewrite: don't display login/out links in sidebar They do not belong to "My pages". Instead, display them properly in syslinks, respecting $wgUseCombinedLoginLink and creating them via usual means. Change-Id: I8e2cc25e41e46a471b98e0d18336c753b8645d0e c1
952012-09-29 12:36:33+02:002012-10-03 23:15:38umherirrenderumherirrender_de.wp@web.de(bug 32951) Do not register absolute internal externals Setting $wgRegisterInternalExternals = false for proto server should not store the http/https links in externallinks table Also fix detection of own links for links with query or anchor or nothing new also detected: //localhost //localhost?query //localhost#anchor already detected: //localhost/path Change-Id: Idd03d309cc3b71728a8cbea460efa12b10348d64c1
962012-09-27 14:34:11-04:002012-09-27 18:34:11Tyler Anthony Romeotylerromeo@gmail.com(bug 40541) Fixed $wgSecureLogin functionality. * Added parameter to login link so that wpStickHTTPS is set to true by default when the user is coming from HTTPS. * Added redirect in Special:Userlogin so that when $wgSecureLogin is enabled it automatically redirects to HTTPS. * Adjusted User::setCookies() to add a parameter for forcing secure/insecure cookies, and then added the appropriate argument to Special:Userlogin so that cookies are set appropriately. Change-Id: I17ac68014840daa47bfd4768e978e9ff2edb00db c1
972012-09-27 00:25:52+00:002012-09-27 00:25:52Demonchadh@wikimedia.orgMerge "(bug 33471) compare detectProtocol to 'https'"c1
982012-09-26 17:20:15-07:002012-09-27 00:20:15csteippcsteipp@wikimedia.org(bug 33471) compare detectProtocol to 'https' Extra ':' was added to the comparison string in gerrit change I6adc7e3e Change-Id: I3ff7274f6aa006b5cb9dcc3d2c44721f25a0fc8f c1
992012-09-17 11:10:30-07:002012-09-21 22:47:59csteippcsteipp@wikimedia.org(bug 29898) Set cookie to force HTTPS from HTTP Sets a cookie on user login (removed on logout) if wpStickHTTPS was checked, which causes the browser to get a redirect if they visit the HTTP version of the site. Change-Id: I60f44a1062a93d15198edae6674bb3310a148b2d c1
1002012-09-12 17:43:48+00:002012-09-12 17:43:48Reedyreedy@wikimedia.orgMerge "Fix fatal error in rcprop=loginfo"c1
1012012-09-12 03:36:12+00:002012-09-12 03:36:12Reedyreedy@wikimedia.orgMerge "Link to mediawiki.org using https from doxygen first page, not http"c1
1022012-09-11 21:43:29+02:002012-09-11 19:43:29Alexandre Emsenhuberialex.wiki@gmail.comLink to mediawiki.org using https from doxygen first page, not http Change-Id: I13fe244e6122930731f144f97f27126339065481 c1
1032012-09-10 13:15:59-07:002012-09-10 23:44:43Catroperoan.kattouw@gmail.comFix fatal error in rcprop=loginfo There was a recentchanges row on enwiki whose rc_params looked like array('4::tags'=>array('db-g11')), and the tag name wasn't set recursively so the inner array didn't get a tag name. This still generates invalid XML of course, because <4::tags> isn't a valid tag, but at least it doesn't fatal any more. RAWR XML GRUMBLE Change-Id: Ibb775df4bd010bdce5632914f789230d8626c9e7 c1
1042012-08-23 20:34:35+00:002012-08-23 20:34:35Demonchadh@wikimedia.orgMerge "Fix separated login link so that create account and login are always next to each other."c1
1052012-07-29 16:06:37+02:002012-08-19 09:48:11Derk-Jan Hartmanhartman@videolan.orgAdd lang and hreflang attributes to the language links of the login page. - Adding these attribues should make them easier to interpret for VoiceOver and other assitive technologies. - This assumes that people will enter the name of the language in the target language to MediaWiki:loginlanguagelinks, which is a convention but not a requirement of course. However I think making the bet that people actually do that is safe enough. - Switch the name of the old attr variable to query, which better reflects what it is supposed to be used for. Change-Id: I0cdae9f1e539b9b9c2b99ea1db1ba62bbbb0bdc5 c1
1062012-08-15 16:44:41-04:002012-08-16 14:48:07Tyler Anthony Romeotylerromeo@gmail.com(bug 32774) Added config options and flags for SSL and compression in DB. Added configuration options ($wgDBssl, $wgDBcompress) and related connection flags (DBO_SSL, DBO_COMPRESS) to allow SSL/TLS and compression on database connections. The flags are only observed if the functionality is supported for that type of database (e.g., SQLite will ignore both flags as neither are supported). Currently, only MySQL and PgSQL have support for at least one of these flags in their PHP extensions. MySQL supports both flags and PgSQL supports the SSL flag only. Change-Id: I7b4d3ba82ccab0eed4a19e3b4e7bc0b4eb881262 Signed-off-by: Tyler Anthony Romeo <tylerromeo@gmail.com> c1
1072012-08-15 13:56:23-07:002012-08-15 20:58:41Daniel Friesenpub-github@nadir-seen-fire.comFix separated login link so that create account and login are always next to each other. Change-Id: Iea0b325f66987a3a2de2c0935998e75f834d5786 c1
1082012-08-12 00:28:58+01:002012-08-11 23:28:58Reedyreedy@wikimedia.orgUpdate message specialpages-group-login to match other similar messages Swap signup for create account Change-Id: I3b90729a345946b48c1fc30e1d3bdd4a192f5283 c1
1092012-06-22 12:37:47+02:002012-06-26 14:03:42Antoine Mussohashar@free.fr(bug 37627) generic exception for not logged in users We have various place in MediaWiki core and in extensions which are showing anonymous user a very standard error page about them not being logged in. Each developer ends up writing its own because we do not provide a generic error, that is what this patch does. This UserNotLoggedIn exception, when called, will show the usual ErrorPage with a default title and default reason text. That makes it as easy to use as doing: if( $user->isAnon() ) { throw new UserNotLoggedIn(); } One can override the default reason by passing a message key as the first parameter: if( $user->isAnon() ) { throw new UserNotLoggedIn( 'nologin-reason-text' ); } In that case, the page title will still be the default 'Not Logged In.' Change-Id: Id81272995627bf0f5bbef785230a8e6e4e8582ca c1
1102012-06-22 21:39:47+00:002012-06-22 21:39:47Catroperoan.kattouw@gmail.comMerge "API: Reset token cache on login, so API tests work"c1
1112012-06-22 22:37:26+02:002012-06-22 21:34:59danieldaniel.kinzler@wikimedia.deAPI: Reset token cache on login, so API tests work Previously, logging in several times during a phpunit run would change the session token, but keep the edit token, leasing to "bad token" failures for all but the first login. Change-Id: Iad49c990c5661d55cd907b8441addb74eb0ef694 c1
1122012-06-07 22:37:17+00:002012-06-07 22:37:18Aaron Schulzaschulz@wikimedia.orgMerge "Userlogin: Do not add a language link if it's the currently used language"c1
1132012-06-07 20:59:57+00:002012-06-07 20:59:57Aaron Schulzaschulz@wikimedia.orgMerge "Change order of login/create account"c1
1142012-06-07 17:25:38+02:002012-06-07 15:29:41robinrobinp.1273@gmail.comUserlogin: Do not add a language link if it's the currently used language (Just display the language name without a link) Change-Id: I604d2905d73faf5b2242fdbf943262ae22e58a2c c1
1152012-06-06 19:48:27+02:002012-06-06 17:49:36umherirrenderumherirrender_de.wp@web.deChange order of login/create account With this the position of the login link in the right corner is not changed with $wgUseCombindedLoginLink = false; Gerrit has also first "register" and than "log in" in the corner. Change-Id: I8d1000cf53ab792b3f69438004e5ae181acba645 c1
1162012-06-06 17:03:27+00:002012-06-06 17:03:27Catroperoan.kattouw@gmail.comMerge "Increased uselessly low $wgBlockCIDRLimit default for IPv6."c1
1172012-06-05 17:01:43-07:002012-06-06 00:01:43Aaronaschulz@wikimedia.orgIncreased uselessly low $wgBlockCIDRLimit default for IPv6. Change-Id: I5abc83981912f304c4034a32063ba09bcf6aa1b1 c1
1182012-04-13 22:37:33+02:002012-04-19 16:25:45Platonidesplatonides@gmail.com(bug 35961) Hash comparison should always be strict. If your salted password end up being completely numeric when represented in hexadecimal (less than 1 password per 10 millions), it is also possible to login by providing another password that only matches the first 9 bytes (instead of the full 16 ones) if it turns out to also be completely numeric with your assigned salt (which is completely unknown). The odds of finding an equivalent password with such characteristics, over a double md5 with an unknown salt, are really low. Even if the attacker broke into the servers and robbed the salts, making use of this property would require a preimage attack of a partial md5 (2^18) with the output of another md5 hash, for which a full preimage would still be needed. Breaking the hashes using conventional attacks would be easier, so this is not a critical update. Change-Id: I8d1153fb91ca6507bd1df91e9953561f74f12ef6 c1
1192012-04-07 18:52:02+02:002012-04-07 16:52:02lupolupo.bugzilla@gmail.com(bug 35658) make mw.Uri handle uris w/o protocol or host Includes testcase. mw.Uri already supplied the protocol if it was missing and document.location was set. Newly it also supplies the host (and port) from document.location if that is set. That enables handling of root-relative URls like "/some/path". Changeset 2/3: rename test file from mediaWiki.Uri.test.js to mediawiki.Uri.test.js. Changeset 4: fix jasmine tests. Test for 'http:/foo.com' is now expected to succeed, not throw an exception. The second test for 'foo.com/bar/baz' in strict mode is correct; that's parsed in strict mode as a truly relative path. Change-Id: Ibc4386ba40cffea9d30417ec2720114f6819ae1c c1
1202012-04-05 19:00:04+00:002012-04-05 19:00:04Aaron Schulzaschulz@wikimedia.orgMerge "Making https svnroot point to https viewvc, not https viewvc to https viewvc, as that wouldn't replace anything"c1
1212012-04-05 19:29:50+01:002012-04-05 18:30:17Reedyreedy@wikimedia.orgMaking https svnroot point to https viewvc, not https viewvc to https viewvc, as that wouldn't replace anything Change-Id: Ibd7fe17e82c222c97010e468cec09ddc9aab0120 c1
1222012-03-29 13:13:23+00:002012-04-04 18:00:31Daniel Kinzlerdaniel.kinzler@wikimedia.detrigger http error when non-text content is requested using action=raw c1
1232012-03-23 21:23:38+00:002012-03-23 21:23:39Hasharhashar@free.frMerge "http->https"c1
1242012-03-23 22:05:08+01:002012-03-23 21:05:08Raimond Spekkingraimond.spekking@gmail.comhttp->https Change-Id: I300f05ea4eb273bfa57192e58075bb027c6a02c8 c1
1252012-03-20 05:17:40+00:002012-03-20 05:17:40Daniel Friesendantman@users.mediawiki.orgCommit the cryptrand project worked on in git: - MWCryptRand: A new api for generating cryptographic randomness for security tokens. Uses whatever cryptographic source is available and if not falls back to using random state and clock drift. - wfRandomString - A simple non-cryptographic pesudo-random string generation function to replace wfGenerateToken which was written pretending to be secure when it's really not. - Core updates to use MWCryptRand in various places: -- user_token generation (to do this we stop generating user_token implicitly and only generate it when needed to avoid depleting the system's entropy pool by reading random data we'll never use) -- email confirmation token generation -- password salt generation -- temporary password generation -- Generation of the automatic watchlist token -- login and create user tokens -- session ids when php's entropy sources are not set -- the installer when generating wgSecretKey and the upgrade key c1
1262012-03-07 02:43:46+00:002012-03-07 02:43:46Krinklekrinkle@users.mediawiki.org[jquery.textSelection.test] disable caretTest per bug 34820 * Right now it's causing testswarm clients to have to this test 3 times, and if until bug 34820 is fixed there is no point in clogging up testswarm with it, making all IE columns uselessly red and making it harder to detect an actual regression c1
1272012-02-28 00:14:33+00:002012-02-28 00:14:33Tim Starlingtstarling@users.mediawiki.orgFix exception from list=recentchanges rcprop=loginfo: update for new log system c1
1282012-02-20 00:42:24+00:002012-02-20 00:42:24Daniel Friesendantman@users.mediawiki.orgFollowup r111891; Update the test to also make sure things like http-equiv and rel=stylesheet don't link through. And update the sanitizer code so that bad <link> and <meta> tags show in proper plaintext when tidy is enabled just like they do when not. c1
1292012-02-11 23:46:37+00:002012-02-11 23:46:37Thomas Grieswikinaut@users.mediawiki.orgAashish's fix for bug33997 (SpecialPasswordReset does not always has the correct returnto= page on the login / create account portlet and returns to SpecialPasswortReset instead to Main page ) c1
1302012-02-07 08:07:28+00:002012-02-07 08:07:28Daniel Friesendantman@users.mediawiki.org(bug 34237) Regenerate an empty user_token and save to the database when we try to set the user's cookies for login. This allows the entire user_token column to be regenerated after a leak by running `UPDATE user SET user_token = NULL;` and letting the user_tokens be regenerated as users try to log back in. c1
1312012-01-27 21:16:47+00:002012-01-27 21:16:47Sam Reedreedy@users.mediawiki.orgYay, https c1
1322012-01-02 14:38:19+00:002012-01-02 14:38:19Chad Horohoedemon@users.mediawiki.orgRevert r107042 (bug 32219, make InstantCommons protocol-relative) and do it properly + release notes. apibase is used for fetching content from the server as well as determining description pages, so should use a full-qualified protocol when the site's in https. c1
1332011-12-22 23:12:44+00:002011-12-22 23:12:44Brion Vibberbrion@users.mediawiki.orgAdd comments explaining that the funky multiple Location headers stuff is a CURL artifact, and that the code will need updating if bug 29232 is done (high-level handling of http redirects) Followup r94881, r106948. c1
1342011-12-14 00:38:21+00:002011-12-14 00:38:21Brion Vibberbrion@users.mediawiki.orgAdd BeforePageRedirect hook to OutputPage, allowing extensions to override redirect output. This is needed by MobileFrontend to normalize some redirects to the mobile site, such as on login. c1
1352011-12-13 23:54:27+00:002011-12-13 23:54:27Brion Vibberbrion@users.mediawiki.orgUpdate mediawiki & viewvc links on Special:Version to https c1
1362011-12-07 23:54:51+00:002011-12-07 23:54:51Jeroen De Dauwjeroendedauw@users.mediawiki.orgadd since tag; please do this if you add new public methods, it avoids bugs and hassle for other people c1
1372011-11-26 18:05:51+00:002011-11-26 18:05:51Raimond Spekkingraymond@users.mediawiki.orgMore protocol relative links, reported by OsamaK@translatewiki.net (openid.net supports HTTPS) https://translatewiki.net/wiki/Thread:Support/About_MediaWiki:Openidlogininstructions/ar c1
1382011-11-24 08:41:57+00:002011-11-24 08:41:57Daniel Friesendantman@users.mediawiki.orgModify maintenance/dev/ router code to fix the bug where post data gets discarded and you can't login inside the dev environment. c1
1392011-11-19 17:04:13+00:002011-11-19 17:04:13Antoine Mussohashar@users.mediawiki.orgBug 32397 - #userlogin is too narrow Patch by A. D. Bergi c1
1402011-11-16 23:55:40+00:002011-11-16 23:55:40Brian Wolffbawolff@users.mediawiki.orgrevert r103396 (breaks unit tests) - In lots of these places $u is undefined (for example, of a user doesn't specify a name, we havn't created a user object yet at the time of that check). Probably need to do something like create a second hook for loginAuditUserTotallyFailed or something. c1
1412011-11-14 10:34:23+00:002011-11-14 10:34:23Sam Reedreedy@users.mediawiki.orgFollowup r102910 Make the link to the MW page https only c1
1422011-11-14 09:13:58+00:002011-11-14 09:13:58Roan Kattouwcatrope@users.mediawiki.org(bug 29854) Store protocol-relative links twice in the externallinks table, one with http: in el_index and once with https: . Modified patch by Brad Jorsch c1
1432011-11-13 21:42:57+00:002011-11-13 21:42:57Sam Reedreedy@users.mediawiki.orgBug 32379 - DatabaseError.php is hardcoding http Also tidy up a couple of returns (per others in method, and/or parents) c1
1442011-11-11 03:40:13+00:002011-11-11 03:40:13Daniel Friesendantman@users.mediawiki.orgUpdate xcache url since the old url redirects to the lighttpd redmine homepage instead of anything related to xcache. c1
1452011-11-05 19:51:05+00:002011-11-05 19:51:05Alexandre Emsenhuberialex@users.mediawiki.org* Made OuputPage::showPermissionsErrorPage() show a different messages for 'read', 'edit', 'create' and 'upload' actions to saying "You need to log in to do this action" when 1) The user is not logged in 2) The only error is a permissions error (no block or something else) and 3) The error can simply be avoided by logging in * This replaces OuputPage::loginToUse() functionnality, made it simply throw a PermissionsEror exception and updated all calls in core * Same for the check in SpecialUpload::execute(), EditPage::userNotLoggedInPage() and EditPage::noCreatePermission() * Throw the same exception in EditPage::attemptSave() whether the user is logged in or not and let OuputPage::showPermissionsErrorPage() decide which message to display * Replaced call to deprecated OutputPage::blockedPage() in SpecialUpload * Displayed messages are the same as now, except the title is always "loginreqtitle" * 'nocreatetitle' and 'uploadnologin' messages are still used by extensions, so I kept them, but the message 'whitelistedittitle' is not used anymore and has been removed c1
1462011-10-24 09:32:33+00:002011-10-24 09:32:33Antoine Mussohashar@users.mediawiki.orgtest {{SERVERNAME}} with relative URLS bug 31176 mentionned an issue with {{SERVERNAME}} returning the full URL instead of servername when using relative URLs (//localhost). The fix was made by r98193. This patch test three different URL protocols (http, https & relative) and check we return the expected 'localhost'. c1
1472011-10-18 14:08:48+00:002011-10-18 14:08:48Alexandre Emsenhuberialex@users.mediawiki.org* Use local context instead of global variables * Pass the context between Special:Userlogin and Special:ChangePassword when calling the other one c1
1482011-10-03 10:27:23+00:002011-10-03 10:27:23Roan Kattouwcatrope@users.mediawiki.org(bug 31320) CentralAuth uses http URLs for autologin images when logging in over https. Renamed WikiReference::getUrl() to getCanonicalUrl() (but kept the old name as a back compat alias), and added getFullUrl() which returns a URL built using $wgServer rather than $wgCanonicalServer, which means it'll be protocol-relative if the wiki is configured for that. c1
1492011-10-02 20:58:15+00:002011-10-02 20:58:15Roan Kattouwcatrope@users.mediawiki.orgFollowup r98707, r98713: check for blankness, not nonexistence. Since r98713 the -https message always exists, so the check was broken c1
1502011-10-02 20:02:35+00:002011-10-02 20:02:35Roan Kattouwcatrope@users.mediawiki.org(bug 31293) If Special:Userlogin is loaded over HTTPS, display MediaWiki:loginend-https instead of MediaWiki:loginend, if it exists c1
1512011-10-02 16:50:52+00:002011-10-02 16:50:52Derk-Jan Hartmanhartman@users.mediawiki.orgPort r51457 from monobook to modern, simple and Vector. See also Bug 18207 Takes care of disappearing symbol when clicking extiw links, and triggering the external link and https lock icon on internal links. c1
1522011-09-27 19:21:53+00:002011-09-27 19:21:53Roan Kattouwcatrope@users.mediawiki.org(bug 31191) Followup to r90934: do this in the successful login code path too. The bug didn't surface in most cases because the user is redirected immediately after a successful login, except when CentralAuth stops that from happening. c1
1532011-09-20 15:33:17+00:002011-09-20 15:33:17Roan Kattouwcatrope@users.mediawiki.orgFollowup r97623: some fixes for RTL in IE70Fixes.css: * Remove useless .rtl #bodyContent a.external rule, already handled by CSSJanus * Flip the div#column-content div#content hack in RTL mode so the content area doesn't end prematurely on the left * Fix display of the user icon next to the login link or user name * External link icons are still broken in IE7+RTL, but they were already broken in 1.17 and are also broken in Vector c1
1542011-09-14 17:48:10+00:002011-09-14 17:48:10Ian Bakerraindrift@users.mediawiki.orgSwitched from prepending http for protocol-relative $wgUploadStashScalerBaseUrl to wfExpandUrl() Followup to r96934 c1
1552011-09-07 03:25:11+00:002011-09-07 03:25:11Daniel Friesendantman@users.mediawiki.orgMove the vector styles for the user login form into commonContent.css The vector styles are very generic and fit well as the common style. With a minor tweak to MonoBook (which actually partially fixes a bug in the signup form on Wikipedia) this style fits in perfectly without conflicting with MonoBook's styles. c1
1562015-08-29 01:16:54+02:002015-09-08 14:43:06Timo Tijhofkrinklemail@gmail.comresourceloader: Don't create empty objects for every module For modules without one or more of 'scripts', 'styles', 'messages' and 'templates'; don't needlessly create empty placeholder objects. Except for 'scripts', these were already handled conditionally. Bug: T105162 Change-Id: Ic1b3b09474e0b50b438b111a4f62368ceab4e732 c1
1572015-07-01 01:44:12-06:002015-09-04 22:42:32Brian Wolffbawolff+wn@gmail.comUse system default location for cafile when using php fopen. Up to 5.5, PHP does not accept any certificates if cafile/capath is not set. (From 5.6 it uses the system default CA budle, which is going to be a better choice than anything we can guess.) So try to guess the location of the system default CA bundle. Won't work on windows, but that's a lost cause anyway because PHP (pre-5.6) can't handle the windows CA file format. Bug: T75203 Change-Id: I07736c150fe0783e09d297395ed25adf335edbd3 c1
1582015-07-01 02:15:39-06:002015-08-30 01:47:50Brian Wolffbawolff+wn@gmail.comWorkaround fopen lack of SubjectAltName support for instantCommons Hacky work around, where on php < 5.6.0 where SubjectAltName is not supported, if a request to commons.wikimedia.org fails, retry the request but telling php fopen wrapper to treat it as if it came from en.wikipedia.org for validation purposes, since as of c02fab71422a that's what the common name of the cert will be. In the ideal world, everyone would just have curl installed. I know this is super hacky, but I'd really like instant commons to work out of the box even without curl installed. Note: I'm basing the php 5.6 part on documentation, I have not tested this with a copy of that version of php. Bug: T75199 Change-Id: Ibde59be61a5b3d7cd5397ba352dce9be11e1b06f c1
1592015-08-07 02:16:48+00:002015-08-07 15:37:38Gergő Tiszagtisza@wikimedia.orgLog human-readable login status Bug: T91701 Change-Id: Ia73fcc21321990befb1d866f76102b24d67adbfa c1
1602015-04-21 08:33:40+00:002015-07-28 22:31:07Gergő Tiszagtisza@wikimedia.orgTrack key authentication metrics Logs a 'login' event for logins via Special:UserLogin and API action=login. Does not log for implicit login after account creation and for autologin (e.g. based on an active CentralAuth global login). Logs an 'accountcreation' event for account creation via Special:UserLogin/signup and API action=createaccount. Does not log for autocreation. Both successful and unsuccessful attempts are logged, except for failures that throw exceptions (internal errors + some permission errors). Bug: T91701 Change-Id: I101b11d05400b073065da10f1e537412309d9102 c1
1612015-07-08 07:39:52+00:002015-07-28 22:24:00Gergő Tiszatgr.huwiki@gmail.comLog errors in Http::request() Instead of silently discarding errors in server-side HTTP requests, log them to a 'http' channel. Make ForeignAPIFile::httpGet() (which sort of reimplements Http::get()) log to the same channel, for consistency. Bug: T103043 Change-Id: Ibf552e22adc7fde4a751f92e92dad6ceba2f335c c1
1622015-07-24 07:05:57-06:002015-07-24 13:11:11Brian Wolffbawolff+wn@gmail.comThe http-invalid-url message has a parameter, so send it Currently was outputting raw $1 to user. Change-Id: If1d10270f4d446c4d1703457903034e8356c1503 c1
1632015-07-07 18:51:27+02:002015-07-16 15:28:00Florianflorian.schmidt.welzow@t-online.deAllow extensions to add a banner to UserLogin and CreateAccount special pages Some extensions, e.g. MobileFrontend, customize the UserLogin and UserCreate special pages. This change adds the possibility to add some HTML after the warning and/or error messages are printed to the output. This will be used in MobileFrontend to get rid of the own userlogin template. Bug: T87261 Change-Id: Ia81f7c52f08e8dcc73ac751432560c4077d4bd39 c1
1642015-07-13 23:07:02+00:002015-07-13 23:07:02Legoktmlegoktm.wikipedia@gmail.comRevert "Add 'AuthPluginStrict' log to identify users who are unable to authenticate" Does not work as it will also log failed login attempts due to a wrong password. This reverts commit 9a97a7530f2a637cbb95603cfa4e0b51da753207. Change-Id: I6abd19da4e6939315a7fe6f7debe5227b68d38a7 c1
1652015-06-28 20:03:00+02:002015-06-28 18:03:00umherirrenderumherirrender_de.wp@web.deLog http error in ForeignAPIRepo::httpGet This makes at least the "SSL certificate problem: unable to get local issuer certificate" visible. Change-Id: Icf0658b5e9f7ac9c58f98291345442f8e405435f c1
1662015-06-25 23:09:52-07:002015-06-26 07:32:36Aaron Schulzaschulz@wikimedia.orgdatabase: Make LoadBalancer not yield DB objects that hopelessly lost the connection * This is useful if the first slave picked went down and others can be used, especially in longer running scripts. * A possible improvement to this would be to eventually allow retries by removing the bad handles from the load balancer, since isOpen() will never change from false. This would only be useful for very very long running CLI scripts and is probably an edge case for now. Change-Id: Iecfc4004b4b2289907a4645b431de19198790d6c c1
1672014-06-21 15:01:52+01:002015-06-23 23:31:20Sam Smithgit@samsmith.ioConfigure logged in session length independently * Add the $wgExtendedLoginCookies configuration variable, which defines the set of login cookies that can have their lifetime configured independently * Add the $wgExtendedLoginCookieExpiration configuration variable, which dictates when the extended lifetime login cookies expire * Default $wgExtendedLoginCookieExpiration to null so that the current behaviour is unaffected Bug: T68699 Change-Id: I0cc24524e4d7d9d1d21c9fa8a28c7c76b677b96c c1
1682015-06-02 18:27:23+01:002015-06-18 20:39:38Timo Tijhofkrinklemail@gmail.comresourceloader: Enable module content version for data modules This greatly simplifies logic required to compute module versions. It also makes it significantly less error-prone. Since f37cee996e, we support hashes as versions (instead of timestamps). This means we can build a hash of the content directly, instead of compiling a large array with all values that may influence the module content somehow. Benefits: * Remove all methods and logic related to querying database and disk for timestamps, revision numbers, definition summaries, cache epochs, and more. * No longer needlessly invalidate cache as a result of no-op changes to implementation datails. Due to inclusion of absolute file paths in the definition summary, cache was always invalidated when moving wikis to newer MediaWiki branches; even if the module observed no actual changes. * When changes are reverted within a certain period of time, old caches can now be re-used. The module would produce the same version hash as before. Previously when a change was deployed and then reverted, all web clients (even those that never saw the bad version) would have re-fetch modules because the version increased. Updated unit tests to account for the change in version. New default version of empty test modules is: "mvgTPvXh". For the record, this comes from the base64 encoding of the SHA1 digest of the JSON serialised form of the module content: > $str = '{"scripts":"","styles":{"css":[]},"messagesBlob":"{}"}'; > echo base64_encode(sha1($str, true)); > FEb3+VuiUm/fOMfod1bjw/te+AQ= Enabled content versioning for the data modules in MediaWiki core: * EditToolbarModule * JqueryMsgModule * LanguageDataModule * LanguageNamesModule * SpecialCharacterDataModule * UserCSSPrefsModule * UserDefaultsModule * UserOptionsModule The FileModule and base class explicitly disable it for now and keep their current behaviour of using the definition summary. We may remove it later, but that requires more performance testing first. Explicitly disable it in the WikiModule class to avoid breakage when the default changes. Ref T98087. Change-Id: I782df43c50dfcfb7d7592f744e13a3a0430b0dc6 c1
1692015-06-17 21:48:51+02:002015-06-17 19:48:51umherirrenderumherirrender_de.wp@web.deRemove unused global from SpecialUserlogin.php Change-Id: Idbdc8829d84e7dcce6b396bca8f90d9cf7864e45 c1
1702015-03-28 18:01:27-07:002015-06-16 15:29:06Aaron Schulzaschulz@wikimedia.orgMade User generally use DB_SLAVE by default * By default, users will load from the slave unless the thread did a recent DB write. This is to handle changes within a request. * ChronologyProtector should avoid staleness in common cases, and the CAS check on user_touched is a final barrier to block stale user object updates. * Note that passwords are not cached, so they hit the DB when ever needed. Passwords now load from slaves when possible, instead of the master. * This should get the code closer to handling user login and logged in users when the master is down. * Fixed loadFromId() when READ_LOCKING is used. * Also addressed TODO comment in load(). Bug: T92357 Change-Id: I0a8bdab720c19fe3fc2381799ae2e90ff09bb4cf c1
1712015-05-31 16:30:01+01:002015-06-14 02:27:17Timo Tijhofkrinklemail@gmail.comspecials: Simplify return logic of various SpecialUserlogin methods * Handle exceptional case before common case in makeLanguageSelector by using early returns. Better reflects the intended effect of the exception by making it harder to accidentally run code after the 'else' statement. Change-Id: I710a94adf22bc4e6dc539e12c69e4ba96bf1068c c1
1722015-06-13 18:29:15+01:002015-06-13 18:23:23Alex Monkkrenair@gmail.comHTTPS-ify links to Wikimedia's sites in MW core source See https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/ Ignoring SVN stuff because svn.wikimedia.org's SSL certificate has expired, and ignoring wgSharedUploadPath because T25122 wants to get rid of it. Also a couple of BZ -> phab changes Change-Id: I02fd23ac6c30a4a4c718e57d4dedbc693dd653c0 c1
1732015-05-25 03:00:33-07:002015-05-27 15:51:59Tyler Ciprianitcipriani@wikimedia.orgAdd login error browser test Change-Id: I19a7f708825d5f11859d8ea70db4cdde752df26c c1
1742015-04-06 10:40:15+02:002015-04-06 15:13:03Gilles Dubucgdubuc@wikimedia.orgTrack request method in dbperformance.log This will allow us to avoid needlessly investigating master requests that only happen on POST (which is already what we want for multi-DC). Bug: T92357 Change-Id: Ia7437d00f5b89a8e318d85659d60e2f9f9f26149 c1
1752015-03-31 19:01:15+01:002015-03-31 18:28:44Timo Tijhofkrinklemail@gmail.comresourceloader: De-duplicate $files in ResourceLoaderFileModule::getModifiedTime() lessc::allParsedFiles() always includes the main file we already know about. As such needlessly causing it to be queried multiple times. Change-Id: Icd2c11d93d6491664fcf58a18bfe6e2932689774 c1
1762015-03-26 10:59:30-07:002015-03-26 17:59:30Aaron Schulzaschulz@wikimedia.orgChanged user login logic to use less expensive touch() method Change-Id: I5143c381e870d65a1c5bf4cf28ec4abe1bbf3bfe c1
1772015-02-11 04:13:54+00:002015-02-11 04:21:36Timo Tijhofkrinklemail@gmail.commediawiki.api.login: Include second HTTP request in abort() Change-Id: I52e81781b2caf330ddb920b3ce842903808b7df3 c1
1782015-02-11 04:08:49+00:002015-02-11 04:10:54Timo Tijhofkrinklemail@gmail.commediawiki.api.login: Chain then() instead of Deferred wrapping No need to wrap a promise and manually forwarding fail(). Using "then()" does this by default. Remove redundant 'data.login' assertion. API errors are already handled at this point. Handle login error before success to allow a clean function exit. Change-Id: I032226b1e2b362c61eb2c6de0c7f5ebe2ed25b7e c1
1792015-01-14 02:32:36+05:302015-01-20 13:54:26Sumit Asthanaasthana.sumit23@gmail.comTemplates:Captcha position modified,extend functionality added to QuickTemplate The ConfirmEdit extension presently inserts captcha in the header of Usercreate and Userlogin templates. The js,if enabled places the captcha before submit button. A separate 'extrafields' placeholder for captcha is added just before submit button in Usercreate.php so that captcha position remains consistent, even if js is disabled. An extend method added to QuickTemplate to append any data to existing field, rather than setting it with fresh data. Particular use for 'extrafields' in Usercreate and Userlogin. Bug: T85192 Change-Id: I82c68814e79cbc5aa250a308862c59fcbb6fd527 c1
1802015-01-16 14:39:00-08:002015-01-16 22:39:00jdlrobsonjdlrobson@gmail.comStop using mw-ui-big on login form buttons This is inconsistent with mobile and is one of the blockers from us using this form rather than our own on a mobile device. Also mw-ui-big is a terrible class name and we should be deprecating its usage. Change-Id: I56e93429431690cf1b9ef043620b36148e3b4a7a c1
1812015-01-15 10:30:14-08:002015-01-15 18:46:01Bartosz Dziewońskimatma.rex@gmail.comUserlogin.php: Tweaks and corrections * Correct nesting of the block generating "Forgot your password?" link it would be mistakenly only generated if the user could create an account. * Use ->escaped() rather than ->parse() for 'userlogin-resetpassword-link', as it is used inside a link and allowing wikitext could lead to undesirable side-effects. * Remove unused $extraAttrs variable. * Remove pointless 'size' => '20' for some fields (they are displayed full-width using CSS). * Remove pointless .mw-ui-block class, as its styles are always used for buttons in a VForm. * Prettify code for hidden fields generation. Change-Id: If749620bf2eaf58f815cae559383e1a1c842b870 c1
1822014-12-04 15:39:50+01:002014-12-31 17:40:59Derk-Jan Hartmanhartman.wiki@gmail.comOnly return CORS headers in the response as required - Split out responses of preflight and actual CORS requests - If the request is not CORS valid, don't set the CORS response headers Note that invalid CORS requests should not actually throw error responses, the client should simply not handle the response because the response does not have the right headers (it's a client side policy error not an http error). We do throw a 403 for a mismatch with the queryparam, but since that is 'outside' of the spec, that might be appropriate. Bug: T76701 Change-Id: Ib296c68babe5c0b380268ee7793b3d6d35b9c3e3 c1
1832014-12-22 15:53:39-08:002014-12-23 21:42:56jdlrobsonjdlrobson@gmail.comConsolidate mobile and desktop designs for login form * Stop sign up button from being a button * Move password reset to bottom of form Bug: T85189 Change-Id: I175e9f515d962f9078845f25f9b96079819444c6 c1
1842014-12-12 21:14:36+01:002014-12-12 20:14:36umherirrenderumherirrender_de.wp@web.dePass config to UsercreateTemplate/UserloginTemplate Avoids: QuickTemplate::__construct was called with no Config instance passed to it Change-Id: Ibfa1885dbe5609f1458dc3022dd367eb17b614b1 c1
1852014-08-02 13:29:57+02:002014-12-12 02:38:43Sergio Santorosantoro.srg@gmail.comFix case insensitive string comparison for http header names As of RFC 2616 sec 4.2, http header names are case insensitive. Change-Id: Ib72df2572f5a9c825c5b3ad7735126f3687aad79 c1
1862014-12-03 23:37:56-08:002014-12-05 19:36:45Ori Livnehori@wikimedia.orgOptimize how user options are delivered to the client We currently embed the full set of user options in a <script> tag in the HTML output of every page. This is grossly inefficient, because the full set of options is usually largely made up of site defaults which the user hasn't customized. So instead of doing that, let's emit the default options using one ResourceLoader module and then apply the user's customizations on top. This has the effect of slightly increasing the total bytes of JavaScript code (because options that the user has customized will be emitted twice: once with their default value in the user.defaults module, and then again with the customized value in user.options). But this is more than offset by the fact that the bulk of user options code (~4 kB uncompressed on enwiki) becomes cacheable across requests. Bonus round: * Varnish gets to cache 4 kB fewer per page. * Changes to the default options don't take 30 days to propagate. Change-Id: I5a7e258d2d69159381bf5cc363227088b8fd6019 c1
1872014-10-05 18:19:14-05:002014-11-19 15:18:04Stephen Lianggithub@stephenliang.pwIf a user logs in while not on https, then the user should be sent back to the non-secure website. Bug: 71716 Change-Id: I7c24b779e5f4b01bd400a1833e12932f7b01f848 c1
1882014-11-19 00:11:04+00:002014-11-19 00:13:51Timo Tijhofkrinklemail@gmail.comOmit 'window.' when accessing browsing location The location object is a global, just like document. Using it via 'window' needlessly adds complexity and, for example, makes it harder to catch typos in static analysis. Also standardise on location.href in place of the many different variants, like: location = location.href = location.assign() = And each with 'window', 'document' and without host object. Change-Id: I77510294d8b5bd4b8a1b08e06817762a7839d43d c1
1892014-10-09 23:46:12-07:002014-11-07 22:50:33Kunal Mehtalegoktm@gmail.comMake allowing site-wide styles on restricted special pages a config option This mostly reverts commit 614d7e5c274d927f99bfc52ac3a1e6c7e5902408. Many wikis use MediaWiki:Common.css and associated pages to create a custom "theme" for their wiki, which would no longer load on login or preference pages, creating an inconsistent UI. This re-adds the difference in module origin for different types (styles, scripts, etc.), and now OutputPage::disallowUserJs() checks the value of the "AllowSiteCSSOnRestrictedPages" config setting to determine whether to allow site-wide CSS styles or not. By default this feature is disabled to be secure by default. Bug: 71621 Change-Id: I1bf4dd1845b6952c3985e179fbea48181ffb8907 c1
1902014-11-01 17:09:58+01:002014-11-03 20:28:18Florianschmidtwelzowflorian.schmidt.welzow@t-online.deUserLogin: Allow extensions to add valid error messages Add hook LoginFormValidErrorMessages to allow extensions, to add own valid error messages to redirect to the login form. Bug: 71769 Change-Id: I9e996a88e3972f09946726060916a21124de049c c1
1912014-10-30 13:30:45-04:002014-10-30 17:32:49Brad Jorschbjorsch@wikimedia.orgAPI: Fix simplified continuation module skipping The simplified continuation includes a continuation parameter to indicate when the prop/list/meta modules are complete, so it can skip executing them. But if someone submitted a malformed value for 'continue', it might decide that the generator was complete but still try to uselessly execute the prop modules. Bug: 72764 Change-Id: I6af24e5d4f30e64782fb7dd1c2211ebdd4ec2317 c1
1922014-10-23 22:19:19-07:002014-10-24 05:19:19Aaron Schulzaschulz@wikimedia.orgTweaked some of the default LockManager ttls Change-Id: Ic2c58ef02dc686f38840fe974a9d2858cd15c019 c1
1932014-10-11 16:41:51-07:002014-10-11 23:44:39Kunal Mehtalegoktm@gmail.comFix session failure errors when trying to create an account wpCreateaccount was no longer being passed in the POST request, so the special page thought a login attempt was occurring rather than an account creation attempt, so it checked against the wrong token, resulting in session failure errors. Bug: 71862 Change-Id: I9519cb264be9f587ef4354ba1fd03962a52755a2 c1
1942014-10-03 15:07:06-07:002014-10-03 22:12:41Prateek Saxenaprtksxna@gmail.comHtml: Use https for @see url of buttonAttributes() Follows up I61bb3c358f755ed9f2153d94b744c1a9da02c456. Change-Id: I46be4249bdfde1b801e798e732617077f71f983d c1
1952014-09-19 17:10:40+02:002014-09-22 14:02:00Bartosz Dziewońskimatma.rex@gmail.comAllow logged-in users to view and use the login form again The fix for bug 15484 (d0439af8) has introduced the behavior of automatically redirecting users who view the login form when already logged in to the requested 'returnto' location. If it was not given, users were redirected to main page instead. However, that has annoyed people who often switch between several accounts and have grown accustomed to the old behavior of being able to log in while logged in. Given that there are no conflicts between these two features, let's just restore the old behavior when Special:UserLogin is visited directly (no 'returnto' location given). This reverts 5dfc57eb which removed then-dead code for showing login form to logged-in users and tweaks an if() condition. Bug: 70855 Change-Id: I7e40c13a6ca566b4d66d943c006af9edb6941ee9c1
1962014-09-20 23:20:56+00:002014-09-20 23:20:56Mormegilmormegil@centrum.czFix special case at Special:MediaStatistics When a percentage was equal to 100 %, makePercentPretty determined it should have zero decimal places, and the resulting string "100" had "trailing 0's" removed, resulting in a completely wrong "1". We might either check if the number contains the decimal dot prior to trimming, or spare the hassle for the special case completely. Change-Id: I15ac5caa275d72909adba27b6b88824a830bd574 c1
1972014-09-17 21:39:03+02:002014-09-17 19:39:03Bartosz Dziewońskimatma.rex@gmail.comMove assets/ to resources/assets/ While it's "semantically" incorrect (these files are not ResourceLoader resources), putting them in that subdirectory is a lot less hassle than introducing a new toplevel directory. Follow-up to 2b4b9a3f. Discussion that resulted in the toplevel assets/ took place on I6268d663 (now abandoned). Change-Id: Iedbfd802457fe35803899e3479540177760ec30b c1
1982014-08-15 14:11:26-07:002014-09-17 01:42:27Jeff Janesjeff.janes@gmail.comPHPUnit: Add Database tags Several unit tests access the database, but did not declare themselves in the Database @group. This causes "make databaseless" to fail needlessly. Add the missing tags. tests/phpunit/includes/LinkerTest.php tests/phpunit/includes/actions/ActionTest.php tests/phpunit/includes/specials/ImageListPagerTest.php tests/phpunit/includes/specials/SpecialMIMESearchTest.php tests/phpunit/includes/title/MediaWikiPageLinkRendererTest.php Other than ActionTest.php, these also are problematic in 1.23 Change-Id: I7c1c957e2194c13e48b7ba68d7529e5d89901875 c1
1992014-09-17 09:53:42+09:002014-09-17 00:53:42shirayukishirayuking@gmail.comi18n: replace "login" by "log in" Spotted by Fito https://translatewiki.net/wiki/Thread:Support/About_MediaWiki:Prefsnologintext2/es Change-Id: I87d2d4d7f6d5863f91e1072a6a1bb6f201371b6d c1
2002014-09-12 23:11:13-04:002014-09-13 03:11:52Matthew Flaschenmflaschen@wikimedia.orgAdd margin below CAPTCHA box (and above submit) for signup and login Only applies if the CAPTCHA box is shown, which is if ConfirmEdit is installed. Bug: 68788 Change-Id: I8fa5f9e0b0394594bb59b1c3f62077e5e7428525 c1
2012014-08-03 15:44:23-07:002014-09-05 02:07:38withoutanamedrevitchi@gmail.comRemove unused system messages "loginstart", "loginend" and "loginend-https" Change-Id: Ib55492fb0e61f364bdc2a599d926e78ba98fe698 c1
2022014-08-28 12:46:09-07:002014-09-04 22:31:41csteippcsteipp@wikimedia.orgAllow extensions to indicate a username doesn't exist Provide a way for extensions to nicely handle when a username doesn't exist, during the login process. This only is obviously only for the case when we know why it doesn't exist (it was renamed, deleted, etc.) See I06b9b6322e408868f516aeabd61c6580f304e009 for CentralAuth use case. Bug: 67995 Change-Id: If48d59afa63ace68c147eca952f1d4f43acc105f c1
2032014-08-28 11:04:57-07:002014-08-28 18:04:57csteippcsteipp@wikimedia.orgLoad password information when expiring Call loadPasswords when expiring the user's password, otherwise the change is overwritten with the previous value. This lets you do: $u = User::newFromName( 'User' ); $u->expirePassword(); And the user will have to reset their password on the next login. Change-Id: I47325dde1ce14280088efdc90ce7887b45e0dc6a c1
2042014-08-25 22:48:58+02:002014-08-25 20:48:58Bartosz Dziewońskimatma.rex@gmail.comRemove dead code for showing login form to logged-in users Since d0439af8, trying to view the login form while logged-in just redirects to the 'returnto' address (or the main page), so this code is unreachable. Change-Id: I9ab8ab83172063d8facc491042832513d27f876b c1
2052014-07-15 14:48:09-04:002014-08-07 17:38:16Tyler Romeotylerromeo@gmail.comMake UserNotLoggedIn redirect to login page For pages like Special:Watchlist that throw a UserNotLoggedIn exception when the user is anonymous, this patch makes the page redirect to the login page automatically. This is instead of the current behavior of showing a link to the login page that the user must click. (Also, Special:Userlogin has existing functionality that will redirect the user back once they are logged in.) Bug: 15484 Change-Id: Idd9325374cb5dc13c4c057f45f88a33bdff523a9 c1
2062014-07-24 14:59:46-07:002014-07-28 19:42:28jdlrobsonjdlrobson@gmail.comAdd mw-ui-input to mediawiki ui Upstream component from Flow Adds mw-ui-input component Update existing (and undocumented) usage in core of mw-ui-input to use Flow focus style Updated usage of mw-ui-input in Special:Search and Special:Userlogin Packaged in mediawiki.ui.inputs to allow developers to use inputs separately to other mediawiki ui components. Change-Id: Ida765b97e6574bdc8fbba88a08ec98ec12f3dc95 c1
2072014-07-23 11:09:33-07:002014-07-23 20:04:23jdlrobsonjdlrobson@gmail.comMake sure buttons font-size is relative to its container Tested in Monobook, Vector, mobile, core login form Change-Id: Id6b14b78fef91abc7b766150a01d0f32aeebf006 c1
2082014-07-15 23:12:27+00:002014-07-15 23:13:17Bartosz Dziewońskimatma.rex@gmail.comRevert "Make UserNotLoggedIn redirect to login page" Lots of small issues that could be very annoying: * Usability regression: the user is not informed *why* they were redirected to the login screen. Not even a generic "You must log in to complete this action". * When testing this on my watchlist, after logging in I am now redirected to http://localhost/wiki/index.php?title=Watchlist&title=Special%3AWatchlist (the title is repeated twice and one of them is incorrect). This worked correctly before. * SpecialPage::requireLogin() needs documentation and code updates. * A whole ton of messages used in these prompts is now unused. * Probably needs release notes. I don't have the time to fix up myself right now, and a WMF branch cut is looming. Let's just try this again later. This reverts commit e0af129cbdb7421b4d9d7858cc63125e12f35a4a. Bug: 15484 Change-Id: I728e477cf6e10b90846ee0b2d9e5087bc3a0af3ec1
2092014-07-15 14:48:09-04:002014-07-15 18:48:09Tyler Romeotylerromeo@gmail.comMake UserNotLoggedIn redirect to login page For pages like Special:Watchlist that throw a UserNotLoggedIn exception when the user is anonymous, this patch makes the page redirect to the login page automatically. This is instead of the current behavior of showing a link to the login page that the user must click. (Also, Special:Userlogin has existing functionality that will redirect the user back once they are logged in.) Bug: 15484 Change-Id: Ic7e1d5a8984e1b42c8f2ebceff094106a3ed1efa c1
2102014-07-10 22:32:18+10:002014-07-14 03:23:29This, that and the otherat.light@live.com.auDisplay MediaWiki:Loginprompt on the login page This reinstates functionality removed in 44840d1. There is no longer a default message, and must be created on wikis locally. Bug: 66574 Change-Id: Ife39fe868b46ef054101c2db2e4e901380998c0e Co-Authored-By: Dan Poltawski <dan@moodle.com>c1
2112014-07-02 08:37:10-07:002014-07-02 15:37:32Cmcmahoncmcmahon@wikimedia.orgQA: need login tags for Jenkins build Change-Id: I6663c6f6f59d692a9825ff8b462b30e1b2214ae0 c1
2122014-07-02 15:50:58+02:002014-07-02 13:50:58Željko Filipinzeljko.filipin@gmail.comFixed EmptyPass error message mediawiki_api Ruby gem needs user password, but it is only set if the scenario has @login Cucumber tag. The entire error message: EmptyPass (MediawikiApi::LoginError) For the entire stack trace see 1: https://integration.wikimedia.org/ci/view/BrowserTests/job/browsertests- Core-en.wikipedia.beta.wmflabs.org-linux-firefox-sauce/14/consoleFull Change-Id: Ib5c297d9bfc1ca953d3aec27208fb99143fec011 c1
2132014-05-10 11:26:15+02:002014-07-01 11:15:20Alexandre Emsenhubermediawiki@emsenhuber.chImprove Database related documentation a bit - $wgDBport is also for MSSQL - "type" key of $wgDBservers is not only "mysql" and "postgres" - Note that $wgDBssl, $wgDBcompress and $wgDebugDumpSql only work in certain cases and mention how to emulate them otherwise Change-Id: Id863da8c87308d06e0070877ac0af26d03be4faf c1
2142014-06-30 16:56:46-07:002014-06-30 23:57:36Cmcmahoncmcmahon@wikimedia.orgQA: porting login test from /qa/browsertests Tested in local bare wiki, beta hewiki and enwiki Change-Id: Icf060de7697cb43d9a8d28c036d4efcbdfd64720 c1
2152014-05-28 16:55:40-07:002014-06-25 20:25:45csteippcsteipp@wikimedia.orgSECURITY: Prevent external resources in SVG files On bug 65724, it was discovered that a user could upload SVG images with embedded <image> elements that pulled in the resource via http. This could allow an attacker to track all viewers of an SVG by having the image embed another image hosted on their own server. While testing the patch, I also identified 3 more element namespaces that have been used on commons and seem harmless, so I added those to the whitelist. Change-Id: Iaaabc3a60c0ec4e6e426a8680d7a2cef5d469d29 c1
2162014-06-25 19:54:15+02:002014-06-25 17:54:15umherirrenderumherirrender_de.wp@web.deRemove DatabaseMysqlBase::getLagFromProcesslist() (deprecated 1.19) Change-Id: I7dfdd943abf1c94a35e2401f92208c19683dc200 c1
2172014-06-17 21:16:46+02:002014-06-19 14:12:01Timo Tijhofkrinklemail@gmail.commediawiki.page.image.pagination: Clean up, optimise and fix various bugs Follows-up 427b0e1, 5e77f39. * Remove comment stating the obvious (initialize variable). * Unset 'xhr' variable in the success handler. This allows it to be freed from memory, and prevents us from uselessly trying to abort an already finished request. * Rename 'xhr' to 'jqXhr' as it is not an xhr. * Use the Promise of jQuery.ajax instead of the long-deprecated callback option 'success'. * Rephrase comment stating that jQuery.load is used (which is not true). * Don't re-query 'table.multipageimage' multiple times. Instead query it from the document once and cache it. * Remove useless 'window.history' check. This is not a new global in HTML5. The 'history' global, infamous from history.go() and history.back(), has been a part of the web for a very long time. We can safely depend on them, just as we depend on 'location', 'navigator' and 'document'. * Add an identifier to the history pop-state to prevent an exception when dealing with the state object of another application. Lots of gadgets use the History API these days (as well as extensions like VisualEditor and MultimediaViewer). * Don't store the location.href inside the pop state data. This is not needed because it is already stored by the browser natively. A history event contains a url, page title and custom data stored as JSON. There is no need to store the url again in the custom data. * Despite the width/height transferring from the old content to the spinner container, the scroll position still jumped because it wasn't accounting for margin, padding and border. Use outerHeight() instead of height(). * Avoid using the DOM to store and retrieve information. Use application state instead of a DOM query to know whether we have a spinner already. This increases performance but also avoids false positives where (unlikely) other similar elements and/or spinners from a different script are on the page. * Properly replace the entire table contents() instead of just dropping the <tr> straight into the emptied <table>. This way the script makes no assumptions about whether there is a caption/thead/tbody or multiple rows etc. Plus it saves another recursive DOM query (the one for "tr"). And fixes a potential bug if there are nested tables (since it was doing a recursive query). Change-Id: I8b64a0860b73a5dcd8051b5e7a1fcb65107228a6c1
2182014-06-03 11:15:36-07:002014-06-09 18:32:26csteippcsteipp@wikimedia.orgAdd HKDF as a fast, random number source This adds an RFC 5869 compatible library for quickly generating cryptographically secure random keys/numbers. An attacker should be unable to predict the next number generated, as long as the secret key (set to wgSecretKey if not explicitly defined for a wiki) remains secret. In my testing, this is generating random numbers about 7x faster than MWCryptRand for 32 hex characters, and shouldn't drain openssl's entropy source. This will hopefully speed up maintenance tasks that require secure random numbers, such as resetting login token, and wrapping user's passwords in a new format. Change-Id: I437d9aec0122a0533b0d8723fe8a8624898af909 c1
2192014-05-21 03:18:32+02:002014-06-07 08:13:36Timo Tijhofkrinklemail@gmail.comjquery.suggestions: Support caching results to save http requests When typing the same thing multiple times, or when pressing backspace (thus reverting to an earlier known value), or otherwise ending up with the same value, we can re-use the data we already used. Doesn't happen in the basic case of typing one thing without mistakes and selecting a results, but happens more than one might think. People are often impatient, or even use the suggestions as their search results and based on that might try something else and then go back (e.g. try "Foo", find a good result but not ideal, try "Bar", even worse, go back to "Foo", select "Foo thing"). During this, requests for "B", "Ba", "F", "Fo" and "Foo" would be fired more than once (B-Ba when backspacing, F-Fo-Foo when typing it the second time, or simply using ctrl-Z a couple times). By default cache disabled (individual users of this plugin have to opt-in). When enabled it defaults to an expiry of 1 minute. Also: * Cleaned up computing of $textbox.val(), it was being computed several times in a synchronous block. * Simplified bool cast from foo ? true : false, to !!foo. Bug: 65581 Change-Id: Ib10c65f6ab31773b7f517b2f9c3cc7c7b93c6d39c1
2202014-06-05 14:06:25+00:002014-06-05 14:06:25Niklas Laxströmniklas.laxstrom@gmail.comCleanup message file documentation * Interface strings are now elsewhere * MessagesQQQ no longer exists * Prefer https for translatewiki.net Change-Id: I76652ea94cca80441cd5d978029e4707ee41c4fd c1
2212014-05-09 23:14:28+00:002014-05-09 23:14:28Brion VIBBERbrion@wikimedia.orgMerge "SpecialUserlogin: Error out when attempting to create a username with a '#'"c1
2222014-05-10 00:44:05+02:002014-05-09 22:44:05Bartosz Dziewońskimatma.rex@gmail.comSpecialUserlogin: Error out when attempting to create a username with a '#' "Best practices"? Ain't never heard of it. Bug: 64960 Change-Id: I88c479cea2bc9d2eab882e0ee8ebcbe2d1dd125e c1
2232014-05-02 11:29:07-07:002014-05-02 22:11:02csteippcsteipp@wikimedia.orgMaintain remember me state on password change Fix regression from https://gerrit.wikimedia.org/r/#/c/94614/ Ensure that when users login with "remember me" selected, they get a new remember me token after changing their password. Change-Id: Ibbf0d823bd5ef5304bf6ad1b67966d18dfb3580c c1
2242014-05-02 10:09:40-04:002014-05-02 14:09:40Brad Jorschbjorsch@wikimedia.orgFix API login after I7c957e1e Prior to change I7c957e1e, API logins were done as if the "keep me logged in" checkbox was checked. That change altered this for no apparent reason. Bug: 64727 Change-Id: I7fcca2a1eabcac3b2c232cd05d9989af85cc3ed0 c1
2252014-04-29 14:39:05-07:002014-04-29 21:39:05Aaron Schulzaschulz@wikimedia.orgTweaked wfThumbIsStandard() to recognize handler-specific default parameters * Now thumbnails with default lossy/lossless values will still count as "standard", for example. This makes use of the file media handler. Change-Id: Ia69301dfbf85bb26a17f8eee0939d690021343ec c1
2262014-04-28 14:59:22+03:002014-04-28 12:09:38Amir E. Aharoniamir.aharoni@mail.huji.ac.ilMake the link in printfooter explicitly ltr Without this, in RTL wikis the "http" appears in the middle of the URL. To test, set $wgLanguageCode = "he"; create an article called "ספר", view it in print mode and note the URL at the bottom. Change-Id: I1c0194c5cbd186e953eb0fc49184caa66c436ad1 c1
2272014-04-21 16:00:08-07:002014-04-22 04:17:26swallingswalling@wikimedia.orgRemove unnecessary h2 element on create account We added these headings during the last account creation and login form redesign but on recollection I'm not sure they're needed. The messages are pretty much redundant with the h1 heading, and now h2 elements have a margin-top of 1em it adds too much whitespace. Change-Id: Ice5e8bf23cc00bf00835e7dc26acc33182654ec5 c1
2282014-04-18 21:48:02+02:002014-04-21 19:48:04Bartosz Dziewońskimatma.rex@gmail.comExpand the protocol for proto-relative links when printing Things like "User's Guide (//meta.wikimedia.org/wiki/Help:Contents)" (on the default main page) don't look like the expected behavior to me, and I think regular users expect links to start with either "www" or "http". Let's assume HTTPS for these and prepend the protocol to the URL. Change-Id: If48f61de26a37eddbb134b824186706c08dabb72 c1
2292014-04-17 05:45:21+02:002014-04-17 03:55:43Timo Tijhofkrinklemail@gmail.comgrunt: Update watch file patterns * ".jscs.json" doesn't exist anymore (was renamed to ".jscsrc"). * ".csslintrc" doesn't exist. * Use "jscs.all" instead of jshint.all as the latter doesn't have the jshintignore pattern applied (no need to monitor the deep node_modules/ directory structure with lots of file stats) * Add "jsonlint.all". Change-Id: Ie9d681b7c4a6424c069f258774be46d44f6386e9 c1
2302013-11-10 20:08:34+05:302014-04-16 07:19:44tonythomas0101tonythomas@gmail.comRemoved 'Remember my login' preference Removed 'Remember my login' from Preferences, as it was unwanted. It adds to the complexity of the user preferences Bug: 52342 Co-Author: Tyler Romeo <tylerromeo@gmail.com> Change-Id: I7c957e1e1aaecf47f7c47bc063b5d3b364644afc c1
2312014-04-03 09:17:09-07:002014-04-07 19:21:21James D. Forresterjforrester@wikimedia.orgSplit /resources into /resources/lib and /resources/src Currently, MediaWiki has a mess of resources, some but not all of which are upstream libraries. This means that occasionally people will attempt to make local modifications of the libraries by accident, or deliberately but do not flag it, making dependency management a challenge (and fixing upstream-related bugs a headache). Instead, we now split the /resources directory into a /resources/lib directory for those items which are used purely as intact upstream libraries, and a /resources/src directroy for those which are either local libraries written for MediaWiki and mastered here, or downstream forks of upstream libraries which require particular care and attention when being upgraded. Also, some incidental files which are not to be loaded as part of a module have been moved to better locations. Upstream libaries * jquery resources/jquery/jquery.js * jquery.appear resources/jquery/jquery.appear.js * jquery.async resources/jquery/jquery.async.js * jquery.chosen resources/jquery.chosen/* * jquery.cookie resources/jquery/jquery.cookie.js * jquery.form resources/jquery/jquery.form.js * jquery.fullscreen.js resources/jquery/jquery.fullscreen.js * jquery.hoverIntent resources/jquery/jquery.hoverIntent.js * jquery.json resources/jquery/jquery.json.js * jquery.mockjax resources/jquery/jquery.mockjax.js * jquery.qunit resources/jquery/jquery.qunit.css resources/jquery/jquery.qunit.js * jquery.jStorage resources/jquery/jquery.jStorage.js * jquery.throttle-debounce resources/jquery/jquery.ba-throttle-debounce.js * jquery.validate resources/jquery/jquery.validate.js * jquery.xmldom resources/jquery/jquery.xmldom.js * moment resources/moment/* * OOjs resource/oojs/* * OOjs UI resources/oojs-ui/* * jquery.ui.* resources/jquery.ui/* resources/jquery.ui/themes/default moved to resources/lib/jquery.ui/themes/ resources/jquery.ui/themes/vector moved to resources/src/jquery.ui-themes/ * jquery.effects.* resources/jquery.effects/* * sinon resources/sinonjs/* Upstream libraries forked for MediaWiki * jquery.color resources/jquery/jquery.color.js * jquery.tipsy resources/jquery.tipsy/* Local libraries * jquery.arrowSteps resources/jquery/jquery.arrowSteps.css resources/jquery/jquery.arrowSteps.js resources/jquery/images/jquery.arrowSteps.divider-ltr.png resources/jquery/images/jquery.arrowSteps.divider-rtl.png resources/jquery/images/jquery.arrowSteps.head-ltr.png resources/jquery/images/jquery.arrowSteps.head-rtl.png resources/jquery/images/jquery.arrowSteps.tail-ltr.png resources/jquery/images/jquery.arrowSteps.tail-rtl.png * jquery.autoEllipsis resources/jquery/jquery.autoEllipsis.js * jquery.badge resources/jquery/jquery.badge.css resources/jquery/jquery.badge.js * jquery.byteLength resources/jquery/jquery.byteLength.js * jquery.byteLimit resources/jquery/jquery.byteLimit.js * jquery.checkboxShiftClick resources/jquery/jquery.checkboxShiftClick.js * jquery.client resources/jquery/jquery.client.js * jquery.colorUtil resources/jquery/jquery.colorUtil.js * jquery.delayedBind resources/jquery/jquery.delayedBind.js * jquery.expandableField resources/jquery/jquery.expandableField.js * jquery.farbtastic resources/jquery/jquery.farbtastic.css resources/jquery/jquery.farbtastic.js resources/jquery/images/marker.png resources/jquery/images/mask.png resources/jquery/images/wheel.png * jquery.footHovzer resources/jquery/jquery.footHovzer.css resources/jquery/jquery.footHovzer.js * jquery.getAttrs resources/jquery/jquery.getAttrs.js * jquery.hidpi resources/jquery/jquery.hidpi.js * jquery.highlightText resources/jquery/jquery.highlightText.js * jquery.localize resources/jquery/jquery.localize.js * jquery.makeCollapsible resources/jquery/jquery.makeCollapsible.css resources/jquery/jquery.makeCollapsible.js * jquery.mw-jump resources/jquery/jquery.mw-jump.js * jquery.mwExtension resources/jquery/jquery.mwExtension.js * jquery.placeholder resources/jquery/jquery.placeholder.js * jquery.spinner resources/jquery/jquery.spinner.css resources/jquery/jquery.spinner.js resources/jquery/images/spinner-large.gif resources/jquery/images/spinner.gif * jquery.suggestions resources/jquery/jquery.suggestions.css resources/jquery/jquery.suggestions.js * jquery.tabIndex resources/jquery/jquery.tabIndex.js * jquery.tablesorter resources/jquery/jquery.tablesorter.css resources/jquery/jquery.tablesorter.js resources/jquery/images/sort_both.gif resources/jquery/images/sort_down.gif resources/jquery/images/sort_none.gif resources/jquery/images/sort_up.gif * jquery.textSelection resources/jquery/jquery.textSelection.js * jquery.qunit.completenessTest resources/jquery/jquery.qunit.completenessTest.js * mediawiki resources/mediawiki/mediawiki.js resources/mediawiki/mediawiki.log.js * mediawiki.api resources/mediawiki.api/mediawiki.api.js * mediawiki.api.category resources/mediawiki.api/mediawiki.api.category.js * mediawiki.api.edit resources/mediawiki.api/mediawiki.api.edit.js * mediawiki.api.login resources/mediawiki.api/mediawiki.api.login.js * mediawiki.api.parse resources/mediawiki.api/mediawiki.api.parse.js * mediawiki.api.watch resources/mediawiki.api/mediawiki.api.watch.js * mediawiki.debug resources/mediawiki/mediawiki.debug.js resources/mediawiki/mediawiki.debug.less resources/mediawiki/mediawiki.debug.profile.css resources/mediawiki/mediawiki.debug.profile.js * mediawiki.debug.init resources/mediawiki/mediawiki.debug.init.js * mediawiki.feedback resources/mediawiki/mediawiki.feedback.css resources/mediawiki/mediawiki.feedback.js resources/mediawiki/mediawiki.feedback.spinner.gif * mediawiki.hidpi resources/mediawiki/mediawiki.hidpi.js * mediawiki.hlist resources/mediawiki/mediawiki.hlist.css resources/mediawiki/mediawiki.hlist.js * mediawiki.htmlform resources/mediawiki/mediawiki.htmlform.js * mediawiki.icon resources/mediawiki/mediawiki.icon.less resources/mediawiki/images/arrow-collapsed-ltr.png resources/mediawiki/images/arrow-collapsed-ltr.svg resources/mediawiki/images/arrow-collapsed-rtl.png resources/mediawiki/images/arrow-collapsed-rtl.svg resources/mediawiki/images/arrow-expanded.png resources/mediawiki/images/arrow-expanded.svg * mediawiki.inspect resources/mediawiki/mediawiki.inspect.js * mediawiki.notification resources/mediawiki/mediawiki.notification.css resources/mediawiki/mediawiki.notification.hideForPrint.css resources/mediawiki/mediawiki.notification.js * mediawiki.notify resources/mediawiki/mediawiki.notify.js * mediawiki.searchSuggest resources/mediawiki/mediawiki.searchSuggest.css resources/mediawiki/mediawiki.searchSuggest.js * mediawiki.Title resources/mediawiki/mediawiki.Title.js * mediawiki.toc resources/mediawiki/mediawiki.toc.js * mediawiki.Uri resources/mediawiki/mediawiki.Uri.js * mediawiki.user resources/mediawiki/mediawiki.user.js * mediawiki.util resources/mediawiki/mediawiki.util.js * mediawiki.action.edit resources/mediawiki.action/mediawiki.action.edit.js * mediawiki.action.edit.styles resources/mediawiki.action/mediawiki.action.edit.styles.css * mediawiki.action.edit.collapsibleFooter resources/mediawiki.action/mediawiki.action.edit.collapsibleFooter.css resources/mediawiki.action/mediawiki.action.edit.collapsibleFooter.js * mediawiki.action.edit.preview resources/mediawiki.action/mediawiki.action.edit.preview.js * mediawiki.action.history resources/mediawiki.action/mediawiki.action.history.js * mediawiki.action.history.diff resources/mediawiki.action/mediawiki.action.history.diff.css * mediawiki.action.view.dblClickEdit resources/mediawiki.action/mediawiki.action.view.dblClickEdit.js * mediawiki.action.view.metadata resources/mediawiki.action/mediawiki.action.view.metadata.js * mediawiki.action.view.postEdit resources/mediawiki.action/mediawiki.action.view.postEdit.css resources/mediawiki.action/mediawiki.action.view.postEdit.js resources/mediawiki.action/images/green-checkmark.png * mediawiki.action.view.redirectToFragment resources/mediawiki.action/mediawiki.action.view.redirectToFragment.js * mediawiki.action.view.rightClickEdit resources/mediawiki.action/mediawiki.action.view.rightClickEdit.js * mediawiki.action.edit.editWarning resources/mediawiki.action/mediawiki.action.edit.editWarning.js * mediawiki.action.watch.ajax No files associated with this resource. * mediawiki.language resources/mediawiki.language/mediawiki.language.js resources/mediawiki.language/mediawiki.language.numbers.js resources/mediawiki.language/languages/bs.js resources/mediawiki.language/languages/dsb.js resources/mediawiki.language/languages/fi.js resources/mediawiki.language/languages/ga.js resources/mediawiki.language/languages/he.js resources/mediawiki.language/languages/hsb.js resources/mediawiki.language/languages/hu.js resources/mediawiki.language/languages/hy.js resources/mediawiki.language/languages/la.js resources/mediawiki.language/languages/os.js resources/mediawiki.language/languages/ru.js resources/mediawiki.language/languages/sl.js resources/mediawiki.language/languages/uk.js * mediawiki.cldr resources/mediawiki.language/mediawiki.cldr.js * mediawiki.libs.pluralruleparser Possibly should be moved to /lib resources/mediawiki.libs/CLDRPluralRuleParser.js * mediawiki.language.init resources/mediawiki.language/mediawiki.language.init.js * mediawiki.jqueryMsg resources/mediawiki/mediawiki.jqueryMsg.js resources/mediawiki/mediawiki.jqueryMsg.peg * mediawiki.language.months resources/mediawiki.language/mediawiki.language.months.js * mediawiki.libs.jpegmeta resources/mediawiki.libs/mediawiki.libs.jpegmeta.js * mediawiki.page.gallery resources/mediawiki.page/mediawiki.page.gallery.js * mediawiki.page.ready resources/mediawiki.page/mediawiki.page.ready.js * mediawiki.page.startup resources/mediawiki.page/mediawiki.page.startup.js * mediawiki.page.patrol.ajax resources/mediawiki.page/mediawiki.page.patrol.ajax.js * mediawiki.page.watch.ajax resources/mediawiki.page/mediawiki.page.watch.ajax.js * mediawiki.page.image.pagination resources/mediawiki.page/mediawiki.page.image.pagination.js * mediawiki.special resources/mediawiki.special/mediawiki.special.css resources/mediawiki.special/mediawiki.special.js * mediawiki.special.block resources/mediawiki.special/mediawiki.special.block.css resources/mediawiki.special/mediawiki.special.block.js * mediawiki.special.changeemail resources/mediawiki.special/mediawiki.special.changeemail.css resources/mediawiki.special/mediawiki.special.changeemail.js * mediawiki.special.changeslist resources/mediawiki.special/mediawiki.special.changeslist.css * mediawiki.special.changeslist.legend resources/mediawiki.special/mediawiki.special.changeslist.legend.css * mediawiki.special.changeslist.legend.js resources/mediawiki.special/mediawiki.special.changeslist.legend.js * mediawiki.special.changeslist.enhanced resources/mediawiki.special/mediawiki.special.changeslist.enhanced.css * mediawiki.special.movePage resources/mediawiki.special/mediawiki.special.movePage.js * mediawiki.special.pagesWithProp resources/mediawiki.special/mediawiki.special.pagesWithProp.css * mediawiki.special.preferences resources/mediawiki.special/mediawiki.special.preferences.css resources/mediawiki.special/mediawiki.special.preferences.js * mediawiki.special.recentchanges resources/mediawiki.special/mediawiki.special.recentchanges.js * mediawiki.special.search resources/mediawiki.special/mediawiki.special.search.css resources/mediawiki.special/mediawiki.special.search.js * mediawiki.special.undelete resources/mediawiki.special/mediawiki.special.undelete.js * mediawiki.special.upload resources/mediawiki.special/mediawiki.special.upload.js * mediawiki.special.userlogin.common.styles resources/mediawiki.special/mediawiki.special.userlogin.common.css resources/mediawiki.special/images/icon-lock.png * mediawiki.special.userlogin.signup.styles resources/mediawiki.special/mediawiki.special.userlogin.signup.css resources/mediawiki.special/images/icon-edits.png resources/mediawiki.special/images/icon-pages.png resources/mediawiki.special/images/icon-contributors.png * mediawiki.special.userlogin.login.styles resources/mediawiki.special/mediawiki.special.userlogin.login.css resources/mediawiki.special/images/glyph-people-large.png * mediawiki.special.userlogin.common.js resources/mediawiki.special/mediawiki.special.userlogin.common.js * mediawiki.special.userlogin.signup.js resources/mediawiki.special/mediawiki.special.userlogin.signup.js * mediawiki.special.javaScriptTest resources/mediawiki.special/mediawiki.special.javaScriptTest.js * mediawiki.special.version resources/mediawiki.special/mediawiki.special.version.css * mediawiki.ui resources/mediawiki.ui/default.less resources/mediawiki.ui/vector.less resources/mediawiki.ui/components/utilities.less resources/mediawiki.ui/components/default/forms.less resources/mediawiki.ui/components/vector/containers.less resources/mediawiki.ui/components/vector/forms.less resources/mediawiki.ui/mixins/effects.less resources/mediawiki.ui/mixins/forms.less resources/mediawiki.ui/mixins/type.less resources/mediawiki.ui/mixins/utilities.less resources/mediawiki.ui/settings/colors.less resources/mediawiki.ui/settings/typography.less resources/mediawiki.ui/styleguide.md * mediawiki.ui.button resources/mediawiki.ui/components/default/buttons.less resources/mediawiki.ui/components/vector/buttons.less Legacy modules, untouched: * mediawiki.legacy.ajax * mediawiki.legacy.commonPrint * mediawiki.legacy.config * mediawiki.legacy.protect * mediawiki.legacy.shared * mediawiki.legacy.oldshared * mediawiki.legacy.upload * mediawiki.legacy.wikibits Miscellaneous files moved elsewhere * A currently-failing (unused?) script attempting to build some kss style documentation. Previously in the root of the resources directory, now moved to a new folder, /docs/kss. Makefile README.txt package.json scripts/nodecheck.sh styleguide-template/index.html styleguide-template/public/kss.less styleguide-template/public/less.js * ResourceLoader startup JS code was also moved to /src resources/startup.js * mediawiki.mixins, hard-coded to be loaded by ResourceLoader, also moved to /src resources/mediawiki.less/mediawiki.mixins.animation.less resources/mediawiki.less/mediawiki.mixins.less resources/mediawiki.less/mediawiki.mixins.rotation.less * jquery.cycle.all.js appears not to be refered to (?!): (added in 2f1f0abc6b) resources/jquery/jquery.cycle.all.js Change-Id: Id5ead1453412e763bdb3763084e43694517088fd c1
2322014-04-04 14:05:28+05:302014-04-06 01:07:46konarakkonarak.11@gmail.comWatchAction: Add 'returnto' and 'returntoquery' to the login link Bug: 60594 Change-Id: Ic8c0ea5b203c63f9273992cb70bfb06c0d461311c1
2332014-04-03 18:50:54-07:002014-04-04 20:13:08Timo Tijhofkrinklemail@gmail.comresourceloader: Don't add superfluous line breaks and semicolons The logic was there but didn't work in practice because, just like this code does itself, code doesn't usually end in ';'. Instead it ends in ";\n" (trailing line break at end of file), or even two line breaks (in case of concatenated scripts where ResourceLoaderFileModule adds another line break). This saves off a few bytes that were uselessly added in the load.php output, like: ... }( jQuery ) ); ; /** ... After this: }( jQuery ) ); /** The logic to add ;\n is still there, but the logic to not add it when there already wasn't working (added in I3e8227ddb). Change-Id: Ie055b37b3419ac6dca6349daf745bc48850fff3ec1
2342014-03-10 12:26:17-07:002014-03-27 20:46:13csteippcsteipp@wikimedia.orgSECURITY: Add CSRF token on Special:ChangePassword Use a login token when logged out user is using Special:ChangePassword (should only happen when a user is forced to reset their password to complete the login process). Logged in users are not logged in as an effect of resetting their password, and for them, the edit token check should be sufficient. Bug: 62497 Change-Id: I08afed3e1aeeb8c97d24fe9858a3ba2c03e92adf c1
2352014-03-25 08:25:39+00:002014-03-25 08:25:39Fomafixfomafix@googlemail.comRemove unused style for #loginend and #signupend loginend in skins/common/commonContent.css was added in https://gerrit.wikimedia.org/r/53614 and is now unused. clear:both for #loginend and #signupend in skins/monobook/main.css is not necessary because there are no floating elements above. Change-Id: Ic472f43f1d1a7ab4b7abb9f19067574f12ce6a6b c1
2362014-03-07 17:14:24-08:002014-03-18 20:46:44csteippcsteipp@wikimedia.orgAllow login with passwords not meeting complexity requirements As part of https://www.mediawiki.org/wiki/Requests_for_comment/Passwords This patch: * Allows users to login with a password that does not meet the requirements of User::isValidPassword(), including the minimum password length. * Adds a configuration flag that specifies if users should be sent to the change password form when they login with a password that doesn't meet the requirements of User::isValidPassword(). To test the UX as it will be on WMF wikis, set $wgMinimalPasswordLength=6 in your LocalSettings.php. Change-Id: Ib7b72005fea1c69073c0a33a68c0a0df0d6528d2 c1
2372013-09-07 09:38:06+02:002014-03-18 00:26:38Federico Levafedericoleva@tiscali.itLink to existing login help page by default from helplogin-url Detailed rationale discussed on bugzilla, bug 53888 and parent, where consensus on the design was gained. Using https link per Brion et al. in comments and bug 54835, with new keys for the messages in order to avoid any conflict with existing messages. (The translations of the removed messages will be automatically removed by localisation updates.) https://www.mediawiki.org/wiki/Help:Logging_in was improved by Lloffiwr and now also marked for translation. The link is ready for future translations thanks to the use of the standard Special:MyLanguage, hence the message is made ignored to allow customisations only locally. Bug: 53888 Change-Id: I8cefafbcd3bd1d6a03cec7cf1d0efdf607fec21dc1
2382013-11-22 20:36:17+01:002014-03-15 21:09:41Alexandre Emsenhuberialex.wiki@gmail.comOnly put returnto parameter if needed on the from-http redirect in Special:Userlogin The default value of the $mReturnTo and $mReturnToQuery member variables is '', even if they were not passed. This means that they would always be present in the redirected URL when accessing Special:Userlogin from HTTP and HTTPS is available. Now the special case '' is changed to null so that they don't appear anymore if not needed. Change-Id: I49a085feaa49d4b2954ff280db241234d2d46258 c1
2392014-03-12 19:12:10+01:002014-03-12 18:13:48Siebrand Mazelandsiebrand@kitano.nlPrevent "Log in" being used in two different contexts Spotted by Lloffiwr and reported at https://translatewiki.net/wiki/Thread:Support/MediaWiki:Pt-login/en Change-Id: Ibfbe4abfbb29860c05ebaac83e2220f373940a59c1
2402014-03-06 21:19:15+01:002014-03-06 20:20:29addshoreaddshorewiki@gmail.comRevert "Add getMessage tests with Short and Long Contexts" Looking at the getMessage function the long and short contexts should be strings not bools. I was misslead by the defaults thus these tests aren't actually testing much and should be removed to avoid misslead more people! This reverts commit cd9711ea350e9367829702eddc0adad8c9d88afb. Change-Id: I889d42f720bf678a3543860893d0fedfca757dce c1
2412014-03-03 02:25:43-05:002014-03-04 05:33:07Kevin Israelpleasestand@live.comi18n: Use int: in message "resetpass-expired-soft" Spotted by Siddhartha Ghai https://translatewiki.net/wiki/Thread:Support/About_MediaWiki:Resetpass-expired-soft/en Also replaced "to login" with "to log in" in message "resetpass-expired". Follows-up 01c8c421f8bc. Change-Id: I8fc039ab1867a5bc5a0ade94daad49d9d85edd98 c1
2422014-02-25 02:31:07+01:002014-02-25 01:45:07Bartosz Dziewońskimatma.rex@gmail.comSpecialUserlogin: Normalize username before passing to User::newFromName That method does some rather strict checking which is not desired here. Bug: 29621 Change-Id: I983e3f528491817f9f31f71a92d8d2946ce5941d c1
2432013-12-11 02:34:38+02:002014-02-23 14:37:03Alex Ivanovalexivanov97@gmail.comAdd personal tools messages for messages login, userlogout, createaccount Add personal tools messages for: * login -- pt-login * userlogout -- pt-userlogout * createaccount -- pt-createaccount Those messages shouldn't be used as personal tools messages. Bug: 52861 Change-Id: I8fb229b15c4736945db46672b42a26fd7dafb5f6 c1
2442013-10-09 11:09:28-07:002014-02-20 17:41:51csteippcsteipp@wikimedia.orgPassword Expiration Add functionality to expire users' passwords: * Adds column to the user table to keep a password expiration * Adds $wgPasswordExpirationDays, which will force users to reset their passwords after a set number of days. By default, this set to false, so passwords never expire. * Adds a default grace period of 7 days, where if the user's password is expired, they can still login, but are encouraged to reset their password. * Adds hook 'LoginPasswordResetMessage' to update reset message, in case an extension wants to vary the message on a particular reset event. * Adds hook 'ResetPasswordExpiration' to allow extensions to change the expiration date when the user resets their password. E.g., if an extension wants to vary the expiration based on the user's group. If the user is in the grace period, they get a password reset form added to the login successful page. If an extension prevents showing the login successful page (like CentralAuth), it should be updated to show a password change form during the grace period. After the grace period, the user will not be able to login without changing their password. Also prevents a successful reset if the user is "changing" their password to their existing password. No passwords will expire by default. Sites will have to call User->expirePassword() from their own maintenance script to trigger a password reset for a user. Bug: 54997 Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061 c1
2452013-05-25 13:25:31+01:002014-01-28 02:04:22Waldir Pimentawaldir@email.comskin: Remove the id "anonlogin" and merge pt-anonlogin with pt-login This was used as an alternative id for the login link in the personal tools at the top right for ShowIPinHeader context. This seems to have been inherited since the days of the PHPTal-based skins (at least git-blame shows their presence back in Brion's rewrite of the skin in november 2004). I've asked several maintainers about this and nobody could figure out why it would need a different id. After all, whenever the user sees the login link it means they are using the wiki as an anonymous user. My best guess is that this was meant to allow the ability to style the login differently when the (anonymous) user has already made an edit (or if we init a session for other reasons). This is also what toggles the anon userlinks are shown (i.e. the links to the IP userpage and talkpage), but I see no evidence of this, and in any case it would be better to change the class of the whole personal tools div instead of changing the IDs. Change-Id: Ib3445934853db5361c3c6fecfe75623b0b921400 c1
2462013-12-05 23:24:27+05:302014-01-24 20:59:44tonythomas0101tonythomas@gmail.comRemove preference "Show table of contents (for pages with more ...)" The table of contents box is auto-inserted, can trivially be hidden or exposed on a per-page basis with __MAGICWORDS__, includes a sticky [show|hide] link, and can be easily hidden with site-wide CSS as necessary. It needlessly adds complexity and user interface clutter. Bug: 52813 Change-Id: If2139317dae4aa980b373c73d7b81dac627b5af8 c1
2472014-01-20 05:55:06+00:002014-01-20 15:51:08Douglas Gardnerdouglas@chippy.chRemove `login-throttled` system message reuse Replaced calls to the `login-throttled` system message to new, separate system messages for [[Special:ChangeEmail]] and [[Special:ChangePassword]] in order to minimise message reuse. * [[Special:ChangeEmail]] now uses `changeemail-throttled` instead of `login-throttled`. * [[Special:ChangePassword]] now uses `changepassword-throttled` instead of `login-throttled`. Follow-up to I565971a90fc383327a51d717a80013cb7a3e9c9b. Bug: 53655 Change-Id: Icc7ad829b381514627dca16cde62ccf0831967b6 c1
2482014-01-09 13:38:55-08:002014-01-09 21:46:29Aaron Schulzaschulz@wikimedia.orgFixed http_build_query warnings on PHP < 5.4 * bug: 59880 Change-Id: I2eae4bed17a72b58ac33f3538dd7d16f4356a3a0 c1
2492013-10-23 15:32:13+00:002014-01-03 09:01:42Tyler Anthony Romeotylerromeo@gmail.comFixed stream wrapper in PhpHttpRequest Issue introduced when SSL verification was added to PHPHttpRequest. For HTTP and HTTPS stream, PHP expects "http" as the steam context name, regardless of SSL. Change-Id: I12c5d3d9aded6e704ebabe85b86e556fd0e99479 Follows-Up: 1c927b1df2a (Iab2bda1ebc) Bug: 56047 c1
2502013-12-24 17:28:01+01:002013-12-25 01:42:00Bartosz Dziewońskimatma.rex@gmail.comRemove old styles for #userlogin and #userloginForm Only removed rules which either (and I could verify that): * Are completely overridden by styles for the special pages * No longer match any elements Change-Id: I79268a4fc74d62b88773538e3c5817e12f70f263 c1
2512013-12-24 17:14:52+01:002013-12-24 19:56:16Bartosz Dziewońskimatma.rex@gmail.comRemove grey background from login/createaccount form on Monobook It's some holdover from the early ages and looks really ugly with the new styles. Bug: 47698 Change-Id: I2e97fc1b4c8970cf279f0cff38b54ddd4c5b36dd c1
2522013-12-02 20:29:03+01:002013-12-22 00:48:45Bartosz Dziewońskimatma.rex@gmail.comRefactor RL modules related to Special:Userlogin * Removed duplicated code * Moved generic styles to mediawiki.ui * Made sure scripts only run when they're needed * Cleaned up formatting * Cleaned up module and file naming Change-Id: I90a2331182d4d66f0584083b30b90ac6471c3aaf c1
2532013-11-08 21:17:27+01:002013-12-10 12:20:26Bartosz Dziewońskimatma.rex@gmail.comCanonicalize text and update docs of messages using 'loginreqlink' Since 'loginreqlink' is being used as a part of patchwork messages we should try to keep the grammar the same in all of its uses. "You have to log in" / "You must log in" / "Please log in" were all used with various frequencies; I changed (hopefully) all uses to "Please log in". Two messages receiving 'loginreqlink' as a parameter do not currently use it: 'changeemail-no-info' and 'resetpass-no-info'. This is intentional, as they are less "positive" than the rest and thus should not link to the login form. Updated and cross-referenced qqq of 'loginreqlink' and messages using it. Change-Id: Ie245486051d6fbc72a596ba825bfd5d9e3a163bf c1
2542013-12-05 23:58:26-05:002013-12-06 07:46:45Kevin Israelpleasestand@live.comRemove 3 unused movepage messages Follows-up r4134 (751a0a35f26b): * movedto Follows-up r24618 (877d2bac2f0b): * movenologin Follows-up r35213 (c75649cf5a10): * talkexists Change-Id: I1db90a202f3cb0d93cecd10f6e60874d5478e50a c1
2552013-11-23 00:32:59-05:002013-11-30 18:29:54Mark A. Hershbergermah@everybody.orgRestore Signupstart and Signupend messages for account creation This was removed during the redesign of the login process in I50f25583, but I found that 5-10% of non-wmf wiki sites used this message to display notices, previously. We should keep this around or at the very least provide advance notice for people. Bug: 56455 Change-Id: I79423c1a05f0359c902d1940c3ffcd5e509dcf97 c1