The plugin checks and flags potential security issues (XSS, SQLi, etc.)
using static analysis.
See <https://www.mediawiki.org/wiki/Phan-taint-check-plugin> for more
details.
Change-Id: Ief36c5b7c3fc61950e52044fde7feeed9fe28831
Extensions may be using these tags and not want
these styles (especially the border).
Bug: T203474
Change-Id: I03a22cf6377002f968cabdcce9354e73354fb6b8
When handling special cases that are logically distinct from
the function's main branch, it improves code quality (through
readability and maintainability) to place those first and with
an early return.
The has the benefit of the main return statement being easy to
find at the end of the function. (Not early and/or in a block).
It also means when working on the code, there is generally a
less complexity and fewer nesting levels, given that most code
is in the main branch. This makes is easier and quicker to verify
that code does what it should, as well as making it easy to
extend in the future. When considering to add code to end of a
function's main scope, it should relate to the function's main
branch by default, not a special case. For example, a getName()
method should not end with a top-level statement 'return false'
(unless it is a stub). Rather, one would expect it to end with
`return name`.
Change-Id: I1f3088f2409c82dd3bf757fc8fa27dc97ae2767b
Not calling an explicit output format defaults to ->escaped(), which often
leads to double escaping.
Spotted by the phan-taint-check-plugin.
Change-Id: Ie527768bea670808e63cfc8cbff64015ae29d4a3
This adds a client side error logger that will store errors
in EventLogging. We will use it to get a sense of the number
of errors inside mobile.
To enable make use of the new configuration variable
wgMinervaErrorLogSamplingRate = 1
Notes:
* the optional `meta` field will not be utilised by the generic
error handler.
* URI length is not trimmed for title. We will consider whether we need
to make any adjustments to the schema values during roll out.
** For stack trace, we limit the length by removing errorUrl (which is logged
separately)
Testing:
Add throw new Error('asasasa'); anywhere in your code and make
sure the code executes. It should trigger an Error event provided
that configuration has been updated.
Bug: T202026
Change-Id: I07f01b4c025b2e5e4cbf88ec05e7c536442c62cc
"multiple issues" templates as one issue.
When logging the `issuesSeverity` and `sectionNumbers` field,
any issues that are part of a "multiple issues" template only send
one value.
Adds an `isMultiple` property to IssueSummary to determine which
issues are part of a multiple-issues template.
Bug: T203050
Change-Id: I7d55dfead72439df4accadcdc8623a080e1321c2
The value of `sectionNumbers` should be the section number of each issue
Not the number of the sections that have issues.
Bug: T203050
Change-Id: I6fd55c35b9e2ce35894259f36d1a50fb5dca5e43
MobileFrontend no longer uses z-index:5 for the toobar,
the default z-index:2 is sufficient for the overlays to
appear on top.
Lowering this value allows toolbars to appears on top of
local overlays, such as deactivated selections.
Bug: T202990
Change-Id: I55ff6971249427c12c090018fcd4d4e5d0ec85d1
Adds logging for the sectionNumbers field in the PageIssues schema.
Additional changes:
* createBanner now requires section number to be a string - this ensures
consistency with how these are used.
* fix a bug which meant createBanner was being called with undefined
section number (due to table of contents)
* Fix some indents in some JSDoc blocks
* Change parameter in function signature from mixed type (int or string)
to explicit string
* update schema number
Depends-On: Ia2696b86c6855d7b46a3f668585377d106d7af23
Bug: T202098
Change-Id: I20511a77258ea245f3d6fe93ade238e5df397a71
An event only needs to send this field when overriding the
default. This line is thus unnecessary.
Change-Id: Ia1dfcac5dd25f36f5f4169daf6535fd66aedf754
Previously, the main edit icon in the page actions was handled indirectly
by changing the URL and then routing the edit via detecting the hash
fragment has changed. On the other hand section edit links were hijacked
via a click handler. The latter is better as it doesn't modify the DOM,
which allows the editor to override the JavaScript behaviour. It's also
preferable as it doesn't interfere with EventLogging - this subtle difference
was supressing edits to the Edit and PageIssues schema.
Bug: T202786
Change-Id: I4175bc6f0ddda28397d185502d1839716d051c56
Previously, the image overlay would always be loaded asynchronously.
Given clicking left/right opens a new mediaviewer this left a jarring
white flash. By loading the image overlay synchronously after the first
has been loaded, we avoid this flash.
Note, the task does propose preloading and animating the images
but this is a much bigger change and deemed out of scope for this
particular task.
Additional change:
* Use a shared mw.Api instance for ImageOverlay and PageGateway
Bug: T197110
Change-Id: I28d06b34cdea4fedcd7fb754572191e904ecc81a
When unable to edit, the edit icon at the top of the page serves
as the indicator that this is the case. In case of section edits
we hide them.
Bug: T197497
Change-Id: I23f196602ad64051426baf5090f0a6d6be941de8
Setting width to auto on the ambox itself will ensure section
issues are not pushed below infoboxes, while ensuring that due
to the tbody width 100% rule that they will take up full screen
where possible.
Bug: T202512
Change-Id: I2dd82f18f80012bd95ca271b97a163de918110c5
This patch updates the various usages of $.Deferred for loading
overlays in routes to be ES6 Promise compatible
Bug: T188937
Change-Id: I3fc24bf3471a99e7671d1191bdd46cb741286ee1
Move page issue overlay specific code out of cleanuptemplates and into
PageIssueOverlay to clarify what code is specific to the page issues
modal screen and what's specific to the page itself.
Bug: T191528
Change-Id: I95821ccda84306ddd5d22b57ffbae8d13ca44408
Kunal Mehta
jenkins-bot
Ed Sanders
Timo Tijhof
libraryupgrader
Translation updater bot
jdlrobson
Jan Drewniak
Zoranzoki21
Stephen Niedzielski