diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php
index 9fdd48a777..e6709c718b 100644
--- a/includes/MediaWiki.php
+++ b/includes/MediaWiki.php
@@ -792,8 +792,8 @@ class MediaWiki {
 		}
 
 		if ( $this->maybeDoHttpsRedirect() ) {
-				return;
-			}
+			return;
+		}
 
 		if ( $title->canExist() && HTMLFileCache::useFileCache( $this->context ) ) {
 			// Try low-level file cache hit
diff --git a/includes/WebResponse.php b/includes/WebResponse.php
index 46cb844fcb..445822cab1 100644
--- a/includes/WebResponse.php
+++ b/includes/WebResponse.php
@@ -177,12 +177,12 @@ class WebResponse {
 				'cookie' => $prefixedName,
 				'data' => [
 					'name' => $prefixedName,
-				'value' => (string)$value,
-				'expire' => (int)$expire,
-				'path' => (string)$options['path'],
-				'domain' => (string)$options['domain'],
-				'secure' => (bool)$options['secure'],
-				'httpOnly' => (bool)$options['httpOnly'],
+					'value' => (string)$value,
+					'expire' => (int)$expire,
+					'path' => (string)$options['path'],
+					'domain' => (string)$options['domain'],
+					'secure' => (bool)$options['secure'],
+					'httpOnly' => (bool)$options['httpOnly'],
 					'sameSite' => (string)$options['sameSite']
 				],
 				'exception' => new RuntimeException( 'Ignored post-send cookie' ),
@@ -206,33 +206,33 @@ class WebResponse {
 			'secure' => (bool)$options['secure'],
 			'httponly' => (bool)$options['httpOnly'],
 			'samesite' => (string)$options['sameSite'],
-			];
+		];
 
-			// Per RFC 6265, key is name + domain + path
+		// Per RFC 6265, key is name + domain + path
 		$key = "{$prefixedName}\n{$setOptions['domain']}\n{$setOptions['path']}";
 
-			// If this cookie name was in the request, fake an entry in
-			// self::$setCookies for it so the deleting check works right.
+		// If this cookie name was in the request, fake an entry in
+		// self::$setCookies for it so the deleting check works right.
 		if ( isset( $_COOKIE[$prefixedName] ) && !array_key_exists( $key, self::$setCookies ) ) {
-				self::$setCookies[$key] = [];
-			}
+			self::$setCookies[$key] = [];
+		}
 
-			// PHP deletes if value is the empty string; also, a past expiry is deleting
+		// PHP deletes if value is the empty string; also, a past expiry is deleting
 		$deleting = ( $value === '' || $setOptions['expires'] > 0 && $setOptions['expires'] <= time() );
 
 		$logDesc = "$func: \"$prefixedName\", \"$value\", \"" .
 			implode( '", "', $setOptions ) . '"';
 		$optionsForDeduplication = [ $func, $prefixedName, $value, $setOptions ];
 
-			if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false
+		if ( $deleting && !isset( self::$setCookies[$key] ) ) { // isset( null ) is false
 			wfDebugLog( 'cookie', "already deleted $logDesc" );
 			return;
-			} elseif ( !$deleting && isset( self::$setCookies[$key] ) &&
+		} elseif ( !$deleting && isset( self::$setCookies[$key] ) &&
 			self::$setCookies[$key] === $optionsForDeduplication
-			) {
+		) {
 			wfDebugLog( 'cookie', "already set $logDesc" );
 			return;
-			}
+		}
 
 		wfDebugLog( 'cookie', $logDesc );
 		if ( $func === 'setrawcookie' ) {
diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 98b541e522..02ef2b8b81 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -1541,9 +1541,9 @@ class ApiMain extends ApiBase {
 		if ( $request->getProtocol() === 'http' &&
 			(
 				$this->getConfig()->get( 'ForceHTTPS' ) ||
-			$request->getSession()->shouldForceHTTPS() ||
-			( $this->getUser()->isLoggedIn() &&
-				$this->getUser()->requiresHTTPS() )
+				$request->getSession()->shouldForceHTTPS() ||
+				( $this->getUser()->isLoggedIn() &&
+					$this->getUser()->requiresHTTPS() )
 			)
 		) {
 			$this->addDeprecation( 'apiwarn-deprecation-httpsexpected', 'https-expected' );
diff --git a/includes/session/CookieSessionProvider.php b/includes/session/CookieSessionProvider.php
index 69bd9372e7..4ea7b8581a 100644
--- a/includes/session/CookieSessionProvider.php
+++ b/includes/session/CookieSessionProvider.php
@@ -356,7 +356,7 @@ class CookieSessionProvider extends SessionProvider {
 		if ( $this->useCrossSiteCookies ) {
 			$value = $request->getCrossSiteCookie( $key, $prefix, $default );
 		} else {
-		$value = $request->getCookie( $key, $prefix, $default );
+			$value = $request->getCookie( $key, $prefix, $default );
 		}
 		if ( $value === 'deleted' ) {
 			// PHP uses this value when deleting cookies. A legitimate cookie will never have
diff --git a/includes/session/ImmutableSessionProviderWithCookie.php b/includes/session/ImmutableSessionProviderWithCookie.php
index 1e1752511b..72c0559d0a 100644
--- a/includes/session/ImmutableSessionProviderWithCookie.php
+++ b/includes/session/ImmutableSessionProviderWithCookie.php
@@ -115,8 +115,8 @@ abstract class ImmutableSessionProviderWithCookie extends SessionProvider {
 		if ( $session->shouldForceHTTPS() || $session->getUser()->requiresHTTPS() ) {
 			// Send a cookie unless $wgForceHTTPS is set (T256095)
 			if ( !$this->config->get( 'ForceHTTPS' ) ) {
-			$response->setCookie( 'forceHTTPS', 'true', null,
-				[ 'prefix' => '', 'secure' => false ] + $options );
+				$response->setCookie( 'forceHTTPS', 'true', null,
+					[ 'prefix' => '', 'secure' => false ] + $options );
 			}
 			$options['secure'] = true;
 		}
diff --git a/includes/shell/Command.php b/includes/shell/Command.php
index 4ddb7df38d..61f9b9c068 100644
--- a/includes/shell/Command.php
+++ b/includes/shell/Command.php
@@ -400,7 +400,7 @@ class Command {
 			// This solves some shell parsing issues, see T207248
 			$proc = proc_open( $cmd, $desc, $pipes, null, null, [ 'bypass_shell' => true ] );
 		} else {
-		$proc = proc_open( $cmd, $desc, $pipes );
+			$proc = proc_open( $cmd, $desc, $pipes );
 		}
 
 		if ( !$proc ) {
diff --git a/includes/user/User.php b/includes/user/User.php
index 01fc6e910e..0bd7c1536b 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -2160,16 +2160,16 @@ class User implements IDBAccessObject, UserIdentity {
 		} else {
 			// Check for group-specific limits
 			// If more than one group applies, use the highest allowance (if higher than the default)
-		foreach ( $this->getGroups() as $group ) {
-			if ( isset( $limits[$group] ) ) {
-				if ( $userLimit === false
-					|| $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
-				) {
-					$userLimit = $limits[$group];
+			foreach ( $this->getGroups() as $group ) {
+				if ( isset( $limits[$group] ) ) {
+					if ( $userLimit === false
+						|| $limits[$group][0] / $limits[$group][1] > $userLimit[0] / $userLimit[1]
+					) {
+						$userLimit = $limits[$group];
+					}
 				}
 			}
 		}
-		}
 
 		// Set the user limit key
 		if ( $userLimit !== false ) {
@@ -2224,12 +2224,12 @@ class User implements IDBAccessObject, UserIdentity {
 					// phan is confused because &can-bypass's value is a bool, so it assumes
 					// that $userLimit is also a bool here.
 					// @phan-suppress-next-line PhanTypeInvalidExpressionArrayDestructuring
-			list( $max, $period ) = $limit;
+					list( $max, $period ) = $limit;
 
 					$expiry = $now + (int)$period;
 					$count = 0;
 
-			// Already pinged?
+					// Already pinged?
 					if ( $data ) {
 						// NOTE: in order to investigate T246991, we write the expiry time
 						//       into the payload, along with the count.
@@ -2252,13 +2252,13 @@ class User implements IDBAccessObject, UserIdentity {
 									'expiry' => MWTimestamp::convert( TS_DB, $storedExpiry ),
 								]
 							);
-				} else {
+						} else {
 							// NOTE: We'll keep the original expiry when bumping counters,
 							//       resulting in a kind of fixed-window throttle.
 							$expiry = min( $storedExpiry, $now + (int)$period );
 							$count = $storedCount;
-				}
-				}
+						}
+					}
 
 					// Limit exceeded!
 					if ( $count >= $max ) {
@@ -2278,12 +2278,12 @@ class User implements IDBAccessObject, UserIdentity {
 						}
 
 						$triggered = true;
-			}
+					}
 
 					$count += $incrBy;
 					$data = "$count|$expiry";
 					return $data;
-			}
+				}
 			);
 		}
 
@@ -2532,7 +2532,7 @@ class User implements IDBAccessObject, UserIdentity {
 			$migration = MediaWikiServices::getInstance()->getActorMigration();
 			$this->mActorId = $migration->getNewActorId( $dbw, $this );
 
-				$this->invalidateCache();
+			$this->invalidateCache();
 			$this->setItemLoaded( 'actor' );
 		}
 
diff --git a/maintenance/dumpCategoriesAsRdf.php b/maintenance/dumpCategoriesAsRdf.php
index 454ac6dd26..7b7c9b5def 100644
--- a/maintenance/dumpCategoriesAsRdf.php
+++ b/maintenance/dumpCategoriesAsRdf.php
@@ -157,8 +157,8 @@ class DumpCategoriesAsRdf extends Maintenance {
 					(int)$row->cat_subcats
 				);
 				if ( $row->page_id ) {
-				$pages[$row->page_id] = $row->page_title;
-			}
+					$pages[$row->page_id] = $row->page_title;
+				}
 			}
 
 			foreach ( $this->getCategoryLinksIterator( $dbr, array_keys( $pages ) ) as $row ) {
diff --git a/tests/phpunit/includes/session/CookieSessionProviderTest.php b/tests/phpunit/includes/session/CookieSessionProviderTest.php
index 1a32845fdc..87be58ef85 100644
--- a/tests/phpunit/includes/session/CookieSessionProviderTest.php
+++ b/tests/phpunit/includes/session/CookieSessionProviderTest.php
@@ -456,7 +456,7 @@ class CookieSessionProviderTest extends MediaWikiTestCase {
 		if ( $forceHTTPS ) {
 			$this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
 		} else {
-		$this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
+			$this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
 		}
 		$this->assertSame( [], $backend->getData() );
 
@@ -473,7 +473,7 @@ class CookieSessionProviderTest extends MediaWikiTestCase {
 		if ( $forceHTTPS ) {
 			$this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
 		} else {
-		$this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
+			$this->assertSame( '', $request->response()->getCookie( 'forceHTTPS' ) );
 		}
 		$this->assertSame( [], $backend->getData() );
 
@@ -491,7 +491,7 @@ class CookieSessionProviderTest extends MediaWikiTestCase {
 		if ( $forceHTTPS ) {
 			$this->assertSame( null, $request->response()->getCookie( 'forceHTTPS' ) );
 		} else {
-		$this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
+			$this->assertSame( 'true', $request->response()->getCookie( 'forceHTTPS' ) );
 		}
 		$this->assertSame( [], $backend->getData() );
 	}
diff --git a/tests/phpunit/includes/shell/CommandTest.php b/tests/phpunit/includes/shell/CommandTest.php
index 8f1ba7a939..08a583cdac 100644
--- a/tests/phpunit/includes/shell/CommandTest.php
+++ b/tests/phpunit/includes/shell/CommandTest.php
@@ -115,8 +115,8 @@ class CommandTest extends PHPUnit\Framework\TestCase {
 		if ( wfIsWindows() ) {
 			$this->assertEquals( '"echo" "a" "b" c d', $command->command );
 		} else {
-		$this->assertEquals( "'echo' 'a' 'b' c d", $command->command );
-	}
+			$this->assertEquals( "'echo' 'a' 'b' c d", $command->command );
+		}
 	}
 
 	public function testT69870() {
diff --git a/tests/phpunit/includes/shell/ShellTest.php b/tests/phpunit/includes/shell/ShellTest.php
index 934f32ec6a..6c1c14e8d7 100644
--- a/tests/phpunit/includes/shell/ShellTest.php
+++ b/tests/phpunit/includes/shell/ShellTest.php
@@ -49,10 +49,10 @@ class ShellTest extends MediaWikiTestCase {
 	public function testMakeScriptCommand(
 		$expected,
 		$expectedWin,
-										   $script,
-										   $parameters,
-										   $options = [],
-										   $hook = null
+		$script,
+		$parameters,
+		$options = [],
+		$hook = null
 	) {
 		// Running tests under Vagrant involves MWMultiVersion that uses the below hook
 		$this->setMwGlobals( 'wgHooks', [] );
@@ -72,7 +72,7 @@ class ShellTest extends MediaWikiTestCase {
 		if ( wfIsWindows() ) {
 			$this->assertEquals( $expectedWin, $wrapper->command );
 		} else {
-		$this->assertEquals( $expected, $wrapper->command );
+			$this->assertEquals( $expected, $wrapper->command );
 		}
 		$this->assertSame( 0, $wrapper->restrictions & Shell::NO_LOCALSETTINGS );
 	}