Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Introduce MediaWikiEntryPoint and ActionEntryPoint

Browse source 
This extracts the MediaWikiEntryPoint base class and ActionEntryPoint
class from the MediaWiki class. MediaWiki itself be deprecated.

The intent is to create other subclasses of MediaWikiEntryPoint for the
use by other entry points such as thumb.php or api.php. This will allow
us to share code between entry points, and make these entry points
testable by moving their implementation into a class.

Bug: T354216
Change-Id: Ib70e4e67e4cb1b65ac218c095864fb6eb43d0929
This commit is contained in:
daniel 2023-10-12 21:32:59 +02:00
parent ce211ef2a6
commit a4853b0aa5
11 changed files with 1993 additions and 1634 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
RELEASE-NOTES-1.42
View file

@ -130,6 +130,10 @@ because of Phabricator reports.
* MagicWord::load() has been marked @internal and may change in the future
without further notice.
* BagOStuff::setNewPreparedValues() now emits deprecation warnings.
* The type of the last parameter of BeforeInitializeHook::onBeforeInitialize
and MediaWikiPerformActionHook::onMediaWikiPerformAction changed from
MediaWiki to ActionEntryPoint. Relevant methods are still available on
the object.
* MediaWiki's virtualrest internal library has been removed in favor of the
HTTP library like: Guzzle, MultiHttpClient or MwHttpRequest.
* Several deprecated methods have been removed from the Content interface,
@ -309,6 +313,10 @@ because of Phabricator reports.
* Status::setMessageLocalizer is deprecated. Callers that want to control the
localization of the Status object should obtain a StatusFormatter from
the StatusFormatterFactory.
* The MediaWiki class has been deprecated. Type hints in hooks should be
changed to refer to MediaWikiEntryPoint instead. Note that extensions should
not define their own entry points and should not interfere with the state of
MediaWikiEntryPoint instances.
* Vuex has been deprecated in favor of its successor, Pinia. Though deprecated,
Vuex 4 will remain accessible for the foreseeable future. Pinia should be used
for new projects.

2
autoload.php
View file

@ -847,6 +847,7 @@ $wgAutoloadLocalClasses = [
'MediaWikiSite' => __DIR__ . '/includes/site/MediaWikiSite.php',
'MediaWikiTitleCodec' => __DIR__ . '/includes/title/MediaWikiTitleCodec.php',
'MediaWikiVersionFetcher' => __DIR__ . '/includes/composer/MediaWikiVersionFetcher.php',
'MediaWiki\\Actions\\ActionEntryPoint' => __DIR__ . '/includes/actions/ActionEntryPoint.php',
'MediaWiki\\Actions\\ActionFactory' => __DIR__ . '/includes/actions/ActionFactory.php',
'MediaWiki\\Actions\\ActionInfo' => __DIR__ . '/includes/actions/ActionInfo.php',
'MediaWiki\\Actions\\FileDeleteAction' => __DIR__ . '/includes/actions/FileDeleteAction.php',
@ -1564,6 +1565,7 @@ $wgAutoloadLocalClasses = [
'MediaWiki\\Maintenance\\OrderedStreamingForkController' => __DIR__ . '/includes/Maintenance/OrderedStreamingForkController.php',
'MediaWiki\\Maintenance\\UndoLog' => __DIR__ . '/includes/Maintenance/UndoLog.php',
'MediaWiki\\Maintenance\\Version' => __DIR__ . '/maintenance/Version.php',
'MediaWiki\\MediaWikiEntryPoint' => __DIR__ . '/includes/MediaWikiEntryPoint.php',
'MediaWiki\\MediaWikiServices' => __DIR__ . '/includes/MediaWikiServices.php',
'MediaWiki\\Message\\Converter' => __DIR__ . '/includes/Message/Converter.php',
'MediaWiki\\Message\\MessageFormatterFactory' => __DIR__ . '/includes/Message/MessageFormatterFactory.php',

16
includes/Hook/BeforeInitializeHook.php
View file

@ -2,7 +2,7 @@
namespace MediaWiki\Hook;
use MediaWiki;
use MediaWiki\Actions\ActionEntryPoint;
use MediaWiki\Output\OutputPage;
use MediaWiki\Request\WebRequest;
use MediaWiki\Title\Title;
@ -17,7 +17,7 @@ use MediaWiki\User\User;
*/
interface BeforeInitializeHook {
/**
* This hook is called before anything is initialized in MediaWiki::performRequest().
* This hook is called before anything is initialized in ActionEntryPoint::performRequest().
*
* @since 1.35
*
@ -26,10 +26,16 @@ interface BeforeInitializeHook {
* @param OutputPage $output
* @param User $user
* @param WebRequest $request
* @param MediaWiki $mediaWiki
* @param ActionEntryPoint $mediaWikiEntryPoint (changed from MediaWiki
* to MediaWikiEntryPoint in MW 1.42)
* @return bool|void True or no return value to continue or false to abort
*/
public function onBeforeInitialize( $title, $unused, $output, $user, $request,
$mediaWiki
public function onBeforeInitialize(
$title,
$unused,
$output,
$user,
$request,
$mediaWikiEntryPoint
);
}

6
includes/Hook/MediaWikiPerformActionHook.php
View file

@ -3,7 +3,7 @@
namespace MediaWiki\Hook;
use Article;
use MediaWiki;
use MediaWiki\Actions\ActionEntryPoint;
use MediaWiki\Output\OutputPage;
use MediaWiki\Request\WebRequest;
use MediaWiki\Title\Title;
@ -18,7 +18,7 @@ use MediaWiki\User\User;
*/
interface MediaWikiPerformActionHook {
/**
* Use this hook to override MediaWiki::performAction(). Use this to do
* Use this hook to override ActionEntryPoint::performAction(). Use this to do
* something completely different, after the basic globals have been set up, but
* before ordinary actions take place.
*
@ -29,7 +29,7 @@ interface MediaWikiPerformActionHook {
* @param Title $title Title on which the action will be performed
* @param User $user Context user
* @param WebRequest $request Context request
* @param MediaWiki $mediaWiki
* @param ActionEntryPoint $mediaWiki (Changed from MediaWiki in 1.42)
* @return bool|void True or no return value to continue or false to abort
*/
public function onMediaWikiPerformAction( $output, $article, $title, $user,

1296
includes/MediaWiki.php
View file

File diff suppressed because it is too large Load diff

777
includes/MediaWikiEntryPoint.php Normal file
View file

@ -0,0 +1,777 @@
<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
namespace MediaWiki;
use Exception;
use IBufferingStatsdDataFactory;
use IContextSource;
use JobQueueGroup;
use Liuggio\StatsdClient\Sender\SocketSender;
use LogicException;
use MediaWiki\Config\Config;
use MediaWiki\Config\ConfigException;
use MediaWiki\Deferred\DeferredUpdates;
use MediaWiki\Deferred\TransactionRoundDefiningUpdate;
use MediaWiki\HookContainer\ProtectedHookAccessorTrait;
use MediaWiki\Logger\LoggerFactory;
use MediaWiki\Request\WebRequest;
use MediaWiki\Request\WebResponse;
use MediaWiki\Specials\SpecialRunJobs;
use MediaWiki\WikiMap\WikiMap;
use MWExceptionHandler;
use Profiler;
use Psr\Log\LoggerInterface;
use RuntimeException;
use SamplingStatsdClient;
use Throwable;
use Wikimedia\AtEase\AtEase;
use Wikimedia\Rdbms\ChronologyProtector;
use Wikimedia\ScopedCallback;
/**
* Base class for entry point handlers.
*
* @note: This is not stable to extend by extensions, because MediaWiki does not
* allow extensions to define new entry points.
*
* @since 1.42, factored out of the previously existing MediaWiki class.
*/
abstract class MediaWikiEntryPoint {
use ProtectedHookAccessorTrait;
private IContextSource $context;
private Config $config;
/** @var int Class DEFER_* constant; how non-blocking post-response tasks should run */
private int $postSendStrategy;
/** Call fastcgi_finish_request() to make post-send updates async */
private const DEFER_FASTCGI_FINISH_REQUEST = 1;
/** Set Content-Length and call ob_end_flush()/flush() to make post-send updates async */
private const DEFER_SET_LENGTH_AND_FLUSH = 2;
/** Do not try to make post-send updates async (e.g. for CLI mode) */
private const DEFER_CLI_MODE = 3;
private bool $preparedForOutput = false;
/**
* @param IContextSource $context
*/
public function __construct( IContextSource $context ) {
$this->context = $context;
$this->config = $this->context->getConfig();
if ( MW_ENTRY_POINT === 'cli' ) {
$this->postSendStrategy = self::DEFER_CLI_MODE;
} elseif ( function_exists( 'fastcgi_finish_request' ) ) {
$this->postSendStrategy = self::DEFER_FASTCGI_FINISH_REQUEST;
} else {
$this->postSendStrategy = self::DEFER_SET_LENGTH_AND_FLUSH;
}
}
/**
* Perform any setup needed before execute() is called.
* Final wrapper function for setup().
* Will be called by doRun().
*/
final protected function setup() {
// Much of the functionality in WebStart.php and Setup.php should be moved here eventually.
// As of MW 1.41, a lot of it still wants to run in file scope.
// TODO: move define( 'MW_ENTRY_POINT' here )
// TODO: move ProfilingContext::singleton()->init( ... ) here.
$this->doSetup();
}
/**
* Perform any setup needed before execute() is called.
* Called by doRun() via doSetup().
*/
protected function doSetup() {
// no-op
}
/**
* Prepare for sending the output. Should be called by entry points before
* sending the response.
* Final wrapper function for doPrepareForOutput().
* Will be called automatically at the end of doRun(), but will do nothing if it was
* already called from execute().
*/
final protected function prepareForOutput() {
if ( $this->preparedForOutput ) {
// only do this once.
return;
}
$this->preparedForOutput = true;
$this->doPrepareForOutput();
}
/**
* Prepare for sending the output. Should be called by entry points before
* sending the response.
* Will be called automatically by run() via prepareForOutput().
* Subclasses may override this method, but should not call it directly.
*
* @note arc-lamp profiling relies on the name of this method,
* it's hard coded in the arclamp-generate-svgs script!
*/
protected function doPrepareForOutput() {
// Commit any changes in the current transaction round so that:
// a) the transaction is not rolled back after success output was already sent
// b) error output is not jumbled together with success output in the response
// TODO: split this up and pull out stuff like spreading cookie blocks
$this->commitMainTransaction();
}
/**
* Main app life cycle: Calls doSetup(), execute(),
* prepareForOutput(), and postOutputShutdown().
*/
final public function run() {
$this->setup();
try {
$this->execute();
// Prepare for flushing the output. Will do nothing if it was already called by execute().
$this->prepareForOutput();
} catch ( Throwable $e ) {
$this->handleTopLevelError( $e );
}
$this->postOutputShutdown();
}
/**
* Report a top level error.
* Subclasses in core may override this to handle errors according
* to the expected output format.
* This method is not safe to override for extensions.
*
* @param Throwable $e
*/
protected function handleTopLevelError( Throwable $e ) {
// Type errors and such: at least handle it now and clean up the LBFactory state
MWExceptionHandler::handleException( $e, MWExceptionHandler::CAUGHT_BY_ENTRYPOINT );
}
/**
* Subclasses implement the entry point's functionality by overriding this method.
* This method is not safe to override for extensions.
*/
abstract protected function execute();
/**
* If enabled, after everything specific to this request is done, occasionally run jobs
*/
protected function schedulePostSendJobs() {
$jobRunRate = $this->config->get( MainConfigNames::JobRunRate );
if (
// Post-send job running disabled
$jobRunRate <= 0 ||
// Jobs cannot run due to site read-only mode
MediaWikiServices::getInstance()->getReadOnlyMode()->isReadOnly() ||
// HTTP response body and Content-Length headers likely to not match,
// causing post-send updates to block the client when using mod_php
$this->context->getRequest()->getMethod() === 'HEAD' ||
$this->context->getRequest()->getHeader( 'If-Modified-Since' ) ||
$this->context->getRequest()->getHeader( 'If-None-Match' )
) {
return;
}
if ( $jobRunRate < 1 ) {
$max = mt_getrandmax();
if ( mt_rand( 0, $max ) > $max * $jobRunRate ) {
return; // the higher the job run rate, the less likely we return here
}
$n = 1;
} else {
$n = intval( $jobRunRate );
}
// Note that DeferredUpdates will catch and log any errors (T88312)
DeferredUpdates::addUpdate( new TransactionRoundDefiningUpdate( function () use ( $n ) {
$logger = LoggerFactory::getInstance( 'runJobs' );
if ( $this->config->get( MainConfigNames::RunJobsAsync ) ) {
// Send an HTTP request to the job RPC entry point if possible
$invokedWithSuccess = $this->triggerAsyncJobs( $n, $logger );
if ( !$invokedWithSuccess ) {
// Fall back to blocking on running the job(s)
$logger->warning( "Jobs switched to blocking; Special:RunJobs disabled" );
$this->triggerSyncJobs( $n );
}
} else {
$this->triggerSyncJobs( $n );
}
}, __METHOD__ ) );
}
/**
* This function commits all DB and session changes as needed *before* the
* client can receive a response (in case DB commit fails) and thus also before
* the response can trigger a subsequent related request by the client
*/
protected function commitMainTransaction() {
$context = $this->context;
$config = $context->getConfig();
$request = $context->getRequest();
$output = $context->getOutput();
$services = MediaWikiServices::getInstance();
$lbFactory = $services->getDBLoadBalancerFactory();
// Try to make sure that all RDBMs, session, and other storage updates complete
ignore_user_abort( true );
// Commit all RDBMs changes from the main transaction round
$lbFactory->commitPrimaryChanges(
__METHOD__,
// Abort if any transaction was too big
$config->get( MainConfigNames::MaxUserDBWriteDuration )
);
wfDebug( __METHOD__ . ': primary transaction round committed' );
// Run updates that need to block the client or affect output (this is the last chance)
DeferredUpdates::doUpdates(
$config->get( MainConfigNames::ForceDeferredUpdatesPreSend )
? DeferredUpdates::ALL
: DeferredUpdates::PRESEND
);
wfDebug( __METHOD__ . ': pre-send deferred updates completed' );
// Persist the session to avoid race conditions on subsequent requests by the client
$request->getSession()->save(); // T214471
wfDebug( __METHOD__ . ': session changes committed' );
// Subsequent requests by the client should see the DB replication positions, as written
// to ChronologyProtector during the shutdown() call below.
// Setting the cpPosIndex cookie is normally enough. However, this will not work for
// cross-wiki redirects within the same wiki farm, so set the ?cpPoxIndex in that case.
$isCrossWikiRedirect = (
$output->getRedirect() &&
$lbFactory->hasOrMadeRecentPrimaryChanges( INF ) &&
self::getUrlDomainDistance( $output->getRedirect() ) === 'remote'
);
// Persist replication positions for DBs modified by this request (at this point).
// These help provide "session consistency" for the client on their next requests.
$cpIndex = null;
$cpClientId = null;
$lbFactory->shutdown(
$lbFactory::SHUTDOWN_NORMAL,
null,
$cpIndex,
$cpClientId
);
$now = time();
$allowHeaders = !( $output->isDisabled() || headers_sent() );
if ( $cpIndex > 0 ) {
if ( $allowHeaders ) {
$expires = $now + ChronologyProtector::POSITION_COOKIE_TTL;
$options = [ 'prefix' => '' ];
$value = ChronologyProtector::makeCookieValueFromCPIndex( $cpIndex, $now, $cpClientId );
$request->response()->setCookie( 'cpPosIndex', $value, $expires, $options );
}
if ( $isCrossWikiRedirect ) {
if ( $output->getRedirect() ) {
$url = $output->getRedirect();
if ( $lbFactory->hasStreamingReplicaServers() ) {
$url = strpos( $url, '?' ) === false
? "$url?cpPosIndex=$cpIndex" : "$url&cpPosIndex=$cpIndex";
}
$output->redirect( $url );
} else {
MWExceptionHandler::logException(
new LogicException( "No redirect; cannot append cpPosIndex parameter." ),
MWExceptionHandler::CAUGHT_BY_ENTRYPOINT
);
}
}
}
if ( $allowHeaders ) {
// Set a cookie to tell all CDN edge nodes to "stick" the user to the DC that
// handles this POST request (e.g. the "primary" data center). Also have the user
// briefly bypass CDN so ChronologyProtector works for cacheable URLs.
if ( $request->wasPosted() && $lbFactory->hasOrMadeRecentPrimaryChanges() ) {
$expires = $now + max(
ChronologyProtector::POSITION_COOKIE_TTL,
$config->get( MainConfigNames::DataCenterUpdateStickTTL )
);
$options = [ 'prefix' => '' ];
$request->response()->setCookie( 'UseDC', 'master', $expires, $options );
}
// Avoid letting a few seconds of replica DB lag cause a month of stale data.
// This logic is also intimately related to the value of $wgCdnReboundPurgeDelay.
if ( $lbFactory->laggedReplicaUsed() ) {
$maxAge = $config->get( MainConfigNames::CdnMaxageLagged );
$output->lowerCdnMaxage( $maxAge );
$request->response()->header( "X-Database-Lagged: true" );
wfDebugLog( 'replication',
"Lagged DB used; CDN cache TTL limited to $maxAge seconds" );
}
// Avoid long-term cache pollution due to message cache rebuild timeouts (T133069)
if ( $services->getMessageCache()->isDisabled() ) {
$maxAge = $config->get( MainConfigNames::CdnMaxageSubstitute );
$output->lowerCdnMaxage( $maxAge );
$request->response()->header( "X-Response-Substitute: true" );
}
if ( !$output->couldBePublicCached() || $output->haveCacheVaryCookies() ) {
// Autoblocks: If this user is autoblocked (and the cookie block feature is enabled
// for autoblocks), then set a cookie to track this block.
// This has to be done on all logged-in page loads (not just upon saving edits),
// because an autoblocked editor might not edit again from the same IP address.
//
// IP blocks: For anons, if their IP is blocked (and cookie block feature is enabled
// for IP blocks), we also want to set the cookie whenever it is safe to do.
// Basically from any url that are definitely not publicly cacheable (like viewing
// EditPage), or when the HTTP response is personalised for other reasons (e.g. viewing
// articles within the same browsing session after making an edit).
$user = $context->getUser();
$services->getBlockManager()
->trackBlockWithCookie( $user, $request->response() );
}
}
}
/**
* @param string $url
* @return string Either "local", "remote" if in the farm, "external" otherwise
*/
private static function getUrlDomainDistance( $url ) {
$clusterWiki = WikiMap::getWikiFromUrl( $url );
if ( WikiMap::isCurrentWikiId( $clusterWiki ) ) {
return 'local'; // the current wiki
}
if ( $clusterWiki !== false ) {
return 'remote'; // another wiki in this cluster/farm
}
return 'external';
}
/**
* Forces the response to be sent to the client and then
* does work that can be done *after* the
* user gets the HTTP response, so they don't block on it.
*/
final protected function postOutputShutdown() {
$this->doPostOutputShutdown();
}
/**
* Forces the response to be sent to the client and then
* does work that can be done *after* the
* user gets the HTTP response, so they don't block on it.
*
* @since 1.26 (formerly on the MediaWiki class)
*
* @note arc-lamp profiling relies on the name of this method,
* it's hard coded in the arclamp-generate-svgs script!
*/
protected function doPostOutputShutdown() {
// Record backend request timing
$timing = $this->context->getTiming();
$timing->mark( 'requestShutdown' );
// Defer everything else if possible...
if ( $this->postSendStrategy === self::DEFER_FASTCGI_FINISH_REQUEST ) {
// Flush the output to the client, continue processing, and avoid further output
fastcgi_finish_request();
} elseif ( $this->postSendStrategy === self::DEFER_SET_LENGTH_AND_FLUSH ) {
// Flush the output to the client, continue processing, and avoid further output
if ( ob_get_level() ) {
// phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
@ob_end_flush();
}
// Flush the web server output buffer to the client/proxy if possible
// phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
@flush();
}
// Since the headers and output where already flushed, disable WebResponse setters
// during post-send processing to warnings and unexpected behavior (T191537)
WebResponse::disableForPostSend();
// Run post-send updates while preventing further output...
ob_start( static function () {
return ''; // do not output uncaught exceptions
} );
try {
$this->restInPeace();
} catch ( Throwable $e ) {
MWExceptionHandler::rollbackPrimaryChangesAndLog(
$e,
MWExceptionHandler::CAUGHT_BY_ENTRYPOINT
);
}
$length = ob_get_length();
if ( $length > 0 ) {
trigger_error( __METHOD__ . ": suppressed $length byte(s)", E_USER_NOTICE );
}
ob_end_clean();
}
/**
* Check if an HTTP->HTTPS redirect should be done. It may still be aborted
* by a hook, so this is not the final word.
*
* @return bool
*/
protected function shouldDoHttpRedirect() {
$request = $this->context->getRequest();
// Don't redirect if we're already on HTTPS
if ( $request->getProtocol() !== 'http' ) {
return false;
}
$force = $this->config->get( MainConfigNames::ForceHTTPS );
// Don't redirect if $wgServer is explicitly HTTP. We test for this here
// by checking whether UrlUtils::expand() is able to force HTTPS.
if (
!preg_match(
'#^https://#',
(string)MediaWikiServices::getInstance()->getUrlUtils()->expand(
$request->getRequestURL(),
PROTO_HTTPS
)
)
) {
if ( $force ) {
throw new RuntimeException( '$wgForceHTTPS is true but the server is not HTTPS' );
}
return false;
}
// Configured $wgForceHTTPS overrides the remaining conditions
if ( $force ) {
return true;
}
// Check if HTTPS is required by the session or user preferences
return $request->getSession()->shouldForceHTTPS() ||
// Check the cookie manually, for paranoia
$request->getCookie( 'forceHTTPS', '' ) ||
$this->context->getUser()->requiresHTTPS();
}
/**
* Print a response body to the current buffer (if there is one) or the server (otherwise)
*
* This method should be called after commitMainTransaction() and before postOutputShutdown()
*
* Any accompanying Content-Type header is assumed to have already been set
*
* @param string $content Response content, usually from OutputPage::output()
*/
protected function outputResponsePayload( $content ) {
// Append any visible profiling data in a manner appropriate for the Content-Type
ob_start();
try {
Profiler::instance()->logDataPageOutputOnly();
} finally {
$content .= ob_get_clean();
}
// By default, usually one output buffer is active now, either the internal PHP buffer
// started by "output_buffering" in php.ini or the buffer started by MW_SETUP_CALLBACK.
// The MW_SETUP_CALLBACK buffer has an unlimited chunk size, while the internal PHP
// buffer only has an unlimited chunk size if output_buffering="On". If the buffer was
// filled up to the chunk size with printed data, then HTTP headers will have already
// been sent. Also, if the entry point had to stream content to the client, then HTTP
// headers will have already been sent as well, regardless of chunk size.
// Disable mod_deflate compression since it interferes with the output buffer set
// by MW_SETUP_CALLBACK and can also cause the client to wait on deferred updates
if ( function_exists( 'apache_setenv' ) ) {
// phpcs:ignore Generic.PHP.NoSilencedErrors.Discouraged
@apache_setenv( 'no-gzip', '1' );
}
if (
// "Content-Length" is used to prevent clients from waiting on deferred updates
$this->postSendStrategy === self::DEFER_SET_LENGTH_AND_FLUSH &&
// The HTTP response code clearly allows for a meaningful body
in_array( http_response_code(), [ 200, 404 ], true ) &&
// The queue of (post-send) deferred updates is non-empty
DeferredUpdates::pendingUpdatesCount() &&
// Any buffered output is not spread out across multiple output buffers
ob_get_level() <= 1 &&
// It is not too late to set additional HTTP headers
!headers_sent()
) {
$response = $this->context->getRequest()->response();
$obStatus = ob_get_status();
if ( !isset( $obStatus['name'] ) ) {
// No output buffer is active
$response->header( 'Content-Length: ' . strlen( $content ) );
} elseif ( $obStatus['name'] === 'default output handler' ) {
// Internal PHP "output_buffering" output buffer (note that the internal PHP
// "zlib.output_compression" output buffer is named "zlib output compression")
$response->header( 'Content-Length: ' . ( ob_get_length() + strlen( $content ) ) );
}
// The MW_SETUP_CALLBACK output buffer ("MediaWiki\OutputHandler::handle") sets
// "Content-Length" where applicable. Other output buffer types might not set this
// header, and since they might mangle or compress the payload, it is not possible
// to determine the final payload size here.
// Tell the client to immediately end the connection as soon as the response payload
// has been read (informed by any "Content-Length" header). This prevents the client
// from waiting on deferred updates.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection
if ( ( $_SERVER['SERVER_PROTOCOL'] ?? '' ) === 'HTTP/1.1' ) {
$response->header( 'Connection: close' );
}
}
// Print the content *after* adjusting HTTP headers and disabling mod_deflate since
// calling "print" will send the output to the client if there is no output buffer or
// if the output buffer chunk size is reached
print $content;
}
/**
* Ends this task peacefully.
* Called after the response has been sent to the client.
* Subclasses in core may override this to add end-of-request code,
* but should always call the parent method.
* This method is not safe to override by extensions.
*/
protected function restInPeace() {
// Either all DB and deferred updates should happen or none.
// The latter should not be cancelled due to client disconnect.
ignore_user_abort( true );
$services = MediaWikiServices::getInstance();
$lbFactory = $services->getDBLoadBalancerFactory();
// Assure deferred updates are not in the main transaction
$lbFactory->commitPrimaryChanges( __METHOD__ );
// Loosen DB query expectations since the HTTP client is unblocked
$profiler = Profiler::instance();
$trxProfiler = $profiler->getTransactionProfiler();
$trxProfiler->redefineExpectations(
$this->context->getRequest()->hasSafeMethod()
? $this->config->get( MainConfigNames::TrxProfilerLimits )['PostSend-GET']
: $this->config->get( MainConfigNames::TrxProfilerLimits )['PostSend-POST'],
__METHOD__
);
// Do any deferred jobs; preferring to run them now if a client will not wait on them
DeferredUpdates::doUpdates();
// Handle external profiler outputs.
// Any embedded profiler outputs were already processed in outputResponsePayload().
$profiler->logData();
self::emitBufferedStatsdData(
$services->getStatsdDataFactory(),
$this->config
);
// Send metrics gathered by StatsFactory
$services->getStatsFactory()->flush();
// Commit and close up!
$lbFactory->commitPrimaryChanges( __METHOD__ );
$lbFactory->shutdown( $lbFactory::SHUTDOWN_NO_CHRONPROT );
wfDebug( "Request ended normally" );
}
/**
* Send out any buffered statsd data according to sampling rules
*
* For web requests, this is called once by MediaWiki::restInPeace(),
* which is post-send (after the response is sent to the client).
*
* For maintenance scripts, especially long-running CLI scripts, it is called
* more often, to avoid OOM, since we buffer stats (T181385), based on the
* following heuristics:
*
* - Long-running scripts that involve database writes often use transactions
* to commit chunks of work. We flush from IDatabase::setTransactionListener,
* as wired up by MWLBFactory::applyGlobalState.
*
* - Long-running scripts that involve database writes but don't need any
* transactions will still periodically wait for replication to be
* graceful to the databases. We flush from ILBFactory::setWaitForReplicationListener
* as wired up by MWLBFactory::applyGlobalState.
*
* - Any other long-running scripts will probably report progress to stdout
* in some way. We also flush from Maintenance::output().
*
* @param IBufferingStatsdDataFactory $stats
* @param Config $config
* @throws ConfigException
* @since 1.31 (formerly one the MediaWiki class)
*/
public static function emitBufferedStatsdData(
IBufferingStatsdDataFactory $stats, Config $config
) {
if ( $config->get( MainConfigNames::StatsdServer ) && $stats->hasData() ) {
try {
$statsdServer = explode( ':', $config->get( MainConfigNames::StatsdServer ), 2 );
$statsdHost = $statsdServer[0];
$statsdPort = $statsdServer[1] ?? 8125;
$statsdSender = new SocketSender( $statsdHost, $statsdPort );
$statsdClient = new SamplingStatsdClient( $statsdSender, true, false );
$statsdClient->setSamplingRates( $config->get( MainConfigNames::StatsdSamplingRates ) );
$statsdClient->send( $stats->getData() );
} catch ( Exception $e ) {
MWExceptionHandler::logException( $e, MWExceptionHandler::CAUGHT_BY_ENTRYPOINT );
}
}
// empty buffer for the next round
$stats->clearData();
}
/**
* @param int $n Number of jobs to try to run
*/
protected function triggerSyncJobs( $n ) {
$scope = Profiler::instance()->getTransactionProfiler()->silenceForScope();
$runner = MediaWikiServices::getInstance()->getJobRunner();
$runner->run( [ 'maxJobs' => $n ] );
ScopedCallback::consume( $scope );
}
/**
* @param int $n Number of jobs to try to run
* @param LoggerInterface $runJobsLogger
* @return bool Success
*/
protected function triggerAsyncJobs( $n, LoggerInterface $runJobsLogger ) {
$services = MediaWikiServices::getInstance();
// Do not send request if there are probably no jobs
$group = $services->getJobQueueGroupFactory()->makeJobQueueGroup();
if ( !$group->queuesHaveJobs( JobQueueGroup::TYPE_DEFAULT ) ) {
return true;
}
$query = [ 'title' => 'Special:RunJobs',
'tasks' => 'jobs', 'maxjobs' => $n, 'sigexpiry' => time() + 5 ];
$query['signature'] = SpecialRunJobs::getQuerySignature(
$query, $this->config->get( MainConfigNames::SecretKey ) );
$errno = $errstr = null;
$info = $services->getUrlUtils()->parse( $this->config->get( MainConfigNames::CanonicalServer ) ) ?? [];
$https = ( $info['scheme'] ?? null ) === 'https';
$host = $info['host'] ?? null;
$port = $info['port'] ?? ( $https ? 443 : 80 );
AtEase::suppressWarnings();
$sock = $host ? fsockopen(
$https ? 'tls://' . $host : $host,
$port,
$errno,
$errstr,
// If it takes more than 100ms to connect to ourselves there is a problem...
0.100
) : false;
AtEase::restoreWarnings();
$invokedWithSuccess = true;
if ( $sock ) {
$special = $services->getSpecialPageFactory()->getPage( 'RunJobs' );
$url = $special->getPageTitle()->getCanonicalURL( $query );
$req = (
"POST $url HTTP/1.1\r\n" .
"Host: $host\r\n" .
"Connection: Close\r\n" .
"Content-Length: 0\r\n\r\n"
);
$runJobsLogger->info( "Running $n job(s) via '$url'" );
// Send a cron API request to be performed in the background.
// Give up if this takes too long to send (which should be rare).
stream_set_timeout( $sock, 2 );
$bytes = fwrite( $sock, $req );
if ( $bytes !== strlen( $req ) ) {
$invokedWithSuccess = false;
$runJobsLogger->error( "Failed to start cron API (socket write error)" );
} else {
// Do not wait for the response (the script should handle client aborts).
// Make sure that we don't close before that script reaches ignore_user_abort().
$start = microtime( true );
$status = fgets( $sock );
$sec = microtime( true ) - $start;
if ( !preg_match( '#^HTTP/\d\.\d 202 #', $status ) ) {
$invokedWithSuccess = false;
$runJobsLogger->error( "Failed to start cron API: received '$status' ($sec)" );
}
}
fclose( $sock );
} else {
$invokedWithSuccess = false;
$runJobsLogger->error( "Failed to start cron API (socket error $errno): $errstr" );
}
return $invokedWithSuccess;
}
/**
* Returns the main service container.
*
* This is intended as a stepping stone for migration.
* Ideally, individual service objects should be injected
* via the constructor.
*
* @return MediaWikiServices
*/
protected function getServiceContainer(): MediaWikiServices {
return MediaWikiServices::getInstance();
}
protected function getContext(): IContextSource {
return $this->context;
}
protected function getRequest(): WebRequest {
return $this->context->getRequest();
}
protected function getResponse(): WebResponse {
return $this->getRequest()->response();
}
protected function getConfig( string $key ) {
return $this->config->get( $key );
}
}

750
includes/actions/ActionEntryPoint.php Normal file
View file

@ -0,0 +1,750 @@
<?php
namespace MediaWiki\Actions;
use Action;
use Article;
use BadTitleError;
use ErrorPageError;
use HTMLFileCache;
use HttpError;
use MediaWiki\Logger\LoggerFactory;
use MediaWiki\MainConfigNames;
use MediaWiki\MediaWikiEntryPoint;
use MediaWiki\MediaWikiServices;
use MediaWiki\Output\OutputPage;
use MediaWiki\Permissions\PermissionStatus;
use MediaWiki\Profiler\ProfilingContext;
use MediaWiki\Request\DerivativeRequest;
use MediaWiki\Request\WebRequest;
use MediaWiki\SpecialPage\RedirectSpecialPage;
use MediaWiki\SpecialPage\SpecialPage;
use MediaWiki\Title\MalformedTitleException;
use MediaWiki\Title\Title;
use MediaWiki\User\User;
use MWExceptionRenderer;
use PermissionsError;
use Profiler;
use RequestContext;
use Throwable;
use UnexpectedValueException;
use ViewAction;
use WikiFilePage;
use Wikimedia\Rdbms\DBConnectionError;
/**
* Implementation of the main entry point, for web browser navigations, usually via an
* Action or SpecialPage subclass.
*
* @see /index.php The main web entry point.
* @internal
*/
class ActionEntryPoint extends MediaWikiEntryPoint {
public function __construct( RequestContext $context ) {
parent::__construct( $context );
}
/**
* Overwritten to narrow the return type to RequestContext
* @return RequestContext
*/
protected function getContext(): RequestContext {
/** @var RequestContext $context */
$context = parent::getContext();
// @phan-suppress-next-line PhanTypeMismatchReturnSuperType see $context in the constructor
return $context;
}
protected function getOutput(): OutputPage {
return $this->getContext()->getOutput();
}
protected function getUser(): User {
return $this->getContext()->getUser();
}
protected function handleTopLevelError( Throwable $e ) {
$context = $this->getContext();
$action = $context->getRequest()->getRawVal( 'action', 'view' );
if (
$e instanceof DBConnectionError &&
$context->hasTitle() &&
$context->getTitle()->canExist() &&
in_array( $action, [ 'view', 'history' ], true ) &&
HTMLFileCache::useFileCache( $context, HTMLFileCache::MODE_OUTAGE )
) {
// Try to use any (even stale) file during outages...
$cache = new HTMLFileCache( $context->getTitle(), $action );
if ( $cache->isCached() ) {
$cache->loadFromFileCache( $context, HTMLFileCache::MODE_OUTAGE );
print MWExceptionRenderer::getHTML( $e );
exit;
}
}
parent::handleTopLevelError( $e );
}
/**
* Determine and send the response headers and body for this web request
*/
protected function execute() {
global $wgTitle;
// Get title from request parameters,
// is set on the fly by parseTitle the first time.
$title = $this->getTitle();
$wgTitle = $title;
$request = $this->getContext()->getRequest();
// Set DB query expectations for this HTTP request
$trxLimits = $this->getConfig( MainConfigNames::TrxProfilerLimits );
$trxProfiler = Profiler::instance()->getTransactionProfiler();
$trxProfiler->setLogger( LoggerFactory::getInstance( 'rdbms' ) );
$statsFactory = MediaWikiServices::getInstance()->getStatsdDataFactory();
$trxProfiler->setStatsdDataFactory( $statsFactory );
$trxProfiler->setRequestMethod( $request->getMethod() );
if ( $request->hasSafeMethod() ) {
$trxProfiler->setExpectations( $trxLimits['GET'], __METHOD__ );
} else {
$trxProfiler->setExpectations( $trxLimits['POST'], __METHOD__ );
}
if ( $this->maybeDoHttpsRedirect() ) {
return;
}
$context = $this->getContext();
$output = $context->getOutput();
// NOTE: HTMLFileCache::useFileCache() is not used in WMF production but is
// here to provide third-party wikis with a way to enable caching for
// "view" and "history" actions. It's triggered by the use of $wgUseFileCache
// when set to true in LocalSettings.php.
if ( $title->canExist() && HTMLFileCache::useFileCache( $context ) ) {
// getAction() may trigger DB queries, so avoid eagerly initializing it if possible.
// This reduces the cost of requests that exit early due to tryNormaliseRedirect()
// or a MediaWikiPerformAction / BeforeInitialize hook handler.
$action = $this->getAction();
// Try low-level file cache hit
$cache = new HTMLFileCache( $title, $action );
if ( $cache->isCacheGood( /* Assume up to date */ ) ) {
// Check incoming headers to see if client has this cached
$timestamp = $cache->cacheTimestamp();
if ( !$output->checkLastModified( $timestamp ) ) {
$cache->loadFromFileCache( $context );
}
// Do any stats increment/watchlist stuff, assuming user is viewing the
// latest revision (which should always be the case for file cache)
$context->getWikiPage()->doViewUpdates( $context->getAuthority() );
// Tell OutputPage that output is taken care of
$output->disable();
return;
}
}
try {
// Actually do the work of the request and build up any output
$this->performRequest();
} catch ( ErrorPageError $e ) {
// TODO: Should ErrorPageError::report accept a OutputPage parameter?
$e->report( ErrorPageError::STAGE_OUTPUT );
$output->considerCacheSettingsFinal();
// T64091: while exceptions are convenient to bubble up GUI errors,
// they are not internal application faults. As with normal requests, this
// should commit, print the output, do deferred updates, jobs, and profiling.
}
$this->prepareForOutput();
// Ask OutputPage/Skin to stage the output (HTTP response body and headers).
// Flush the output to the client unless an exception occurred.
// Note that the OutputPage object in $context may have been replaced,
// so better fetch it again here.
$output = $context->getOutput();
$this->outputResponsePayload( $output->output( true ) );
}
/**
* If the stars are suitably aligned, do an HTTP->HTTPS redirect
*
* Note: Do this after $wgTitle is setup, otherwise the hooks run from
* isRegistered() will do all sorts of weird stuff.
*
* @return bool True if the redirect was done. Handling of the request
* should be aborted. False if no redirect was done.
*/
protected function maybeDoHttpsRedirect() {
if ( !$this->shouldDoHttpRedirect() ) {
return false;
}
$context = $this->getContext();
$request = $context->getRequest();
$oldUrl = $request->getFullRequestURL();
$redirUrl = preg_replace( '#^http://#', 'https://', $oldUrl );
if ( $request->wasPosted() ) {
// This is weird and we'd hope it almost never happens. This
// means that a POST came in via HTTP and policy requires us
// redirecting to HTTPS. It's likely such a request is going
// to fail due to post data being lost, but let's try anyway
// and just log the instance.
// @todo FIXME: See if we could issue a 307 or 308 here, need
// to see how clients (automated & browser) behave when we do
wfDebugLog( 'RedirectedPosts', "Redirected from HTTP to HTTPS: $oldUrl" );
}
// Setup dummy Title, otherwise OutputPage::redirect will fail
$title = Title::newFromText( 'REDIR', NS_MAIN );
$context->setTitle( $title );
// Since we only do this redir to change proto, always send a vary header
$output = $context->getOutput();
$output->addVaryHeader( 'X-Forwarded-Proto' );
$output->redirect( $redirUrl );
$output->output();
return true;
}
protected function doPrepareForOutput() {
parent::doPrepareForOutput();
// If needed, push a deferred update to run jobs after the output is sent
$this->schedulePostSendJobs();
}
protected function schedulePostSendJobs() {
// Recursion guard for $wgRunJobsAsync
if ( $this->getTitle()->isSpecial( 'RunJobs' ) ) {
return;
}
parent::schedulePostSendJobs();
}
/**
* Parse the request to get the Title object
*
* @throws MalformedTitleException If a title has been provided by the user, but is invalid.
* @param WebRequest $request
* @return Title Title object to be $wgTitle
*/
protected function parseTitle( $request ) {
$curid = $request->getInt( 'curid' );
$title = $request->getText( 'title' );
$ret = null;
if ( $curid ) {
// URLs like this are generated by RC, because rc_title isn't always accurate
$ret = Title::newFromID( $curid );
}
if ( $ret === null ) {
$ret = Title::newFromURL( $title );
if ( $ret !== null ) {
// Alias NS_MEDIA page URLs to NS_FILE...we only use NS_MEDIA
// in wikitext links to tell Parser to make a direct file link
if ( $ret->getNamespace() === NS_MEDIA ) {
$ret = Title::makeTitle( NS_FILE, $ret->getDBkey() );
}
// Check variant links so that interwiki links don't have to worry
// about the possible different language variants
$services = $this->getServiceContainer();
$languageConverter = $services
->getLanguageConverterFactory()
->getLanguageConverter( $services->getContentLanguage() );
if ( $languageConverter->hasVariants() && !$ret->exists() ) {
$languageConverter->findVariantLink( $title, $ret );
}
}
}
// If title is not provided, always allow oldid and diff to set the title.
// If title is provided, allow oldid and diff to override the title, unless
// we are talking about a special page which might use these parameters for
// other purposes.
if ( $ret === null || !$ret->isSpecialPage() ) {
// We can have urls with just ?diff=,?oldid= or even just ?diff=
$oldid = $request->getInt( 'oldid' );
$oldid = $oldid ?: $request->getInt( 'diff' );
// Allow oldid to override a changed or missing title
if ( $oldid ) {
$revRecord = $this->getServiceContainer()
->getRevisionLookup()
->getRevisionById( $oldid );
if ( $revRecord ) {
$ret = Title::newFromLinkTarget(
$revRecord->getPageAsLinkTarget()
);
}
}
}
if ( $ret === null && $request->getCheck( 'search' ) ) {
// Compatibility with old search URLs which didn't use Special:Search
// Just check for presence here, so blank requests still
// show the search page when using ugly URLs (T10054).
$ret = SpecialPage::getTitleFor( 'Search' );
}
if ( $ret === null || !$ret->isSpecialPage() ) {
// Compatibility with old URLs for Special:RevisionDelete/Special:EditTags (T323338)
$actionName = $request->getRawVal( 'action' );
if (
$actionName === 'revisiondelete' ||
$actionName === 'historysubmit' && $request->getBool( 'revisiondelete' )
) {
$ret = SpecialPage::getTitleFor( 'Revisiondelete' );
} elseif (
$actionName === 'editchangetags' ||
$actionName === 'historysubmit' && $request->getBool( 'editchangetags' )
) {
$ret = SpecialPage::getTitleFor( 'EditTags' );
}
}
// Use the main page as default title if nothing else has been provided
if ( $ret === null
&& strval( $title ) === ''
&& !$request->getCheck( 'curid' )
&& $request->getRawVal( 'action' ) !== 'delete'
) {
$ret = Title::newMainPage();
}
if ( $ret === null || ( $ret->getDBkey() == '' && !$ret->isExternal() ) ) {
// If we get here, we definitely don't have a valid title; throw an exception.
// Try to get detailed invalid title exception first, fall back to MalformedTitleException.
Title::newFromTextThrow( $title );
throw new MalformedTitleException( 'badtitletext', $title );
}
return $ret;
}
/**
* Get the Title object that we'll be acting on, as specified in the WebRequest
* @return Title
*/
public function getTitle() {
$context = $this->getContext();
if ( !$context->hasTitle() ) {
try {
$context->setTitle( $this->parseTitle( $context->getRequest() ) );
} catch ( MalformedTitleException $ex ) {
$context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) );
}
}
return $context->getTitle();
}
/**
* Returns the name of the action that will be executed.
*
* @note This is public for the benefit of extensions that implement
* the BeforeInitialize or MediaWikiPerformAction hooks.
*
* @return string Action
*/
public function getAction(): string {
return $this->getContext()->getActionName();
}
/**
* Performs the request.
* - bad titles
* - read restriction
* - local interwiki redirects
* - redirect loop
* - special pages
* - normal pages
*
* @throws PermissionsError|BadTitleError|HttpError
* @return void
*/
protected function performRequest() {
global $wgTitle;
$context = $this->getContext();
$request = $context->getRequest();
$output = $context->getOutput();
if ( $request->getRawVal( 'printable' ) === 'yes' ) {
$output->setPrintable();
}
$user = $context->getUser();
$title = $context->getTitle();
$requestTitle = $title;
$this->getHookRunner()->onBeforeInitialize( $title, null, $output, $user, $request, $this );
// Invalid titles. T23776: The interwikis must redirect even if the page name is empty.
if ( $title === null || ( $title->getDBkey() == '' && !$title->isExternal() )
|| $title->isSpecial( 'Badtitle' )
) {
$context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) );
try {
$this->parseTitle( $request );
} catch ( MalformedTitleException $ex ) {
throw new BadTitleError( $ex );
}
throw new BadTitleError();
}
// Check user's permissions to read this page.
// We have to check here to catch special pages etc.
// We will check again in Article::view().
$permissionStatus = PermissionStatus::newEmpty();
if ( !$context->getAuthority()->authorizeRead( 'read', $title, $permissionStatus ) ) {
// T34276: allowing the skin to generate output with $wgTitle or
// $context->title set to the input title would allow anonymous users to
// determine whether a page exists, potentially leaking private data. In fact, the
// curid and oldid request parameters would allow page titles to be enumerated even
// when they are not guessable. So we reset the title to Special:Badtitle before the
// permissions error is displayed.
// The skin mostly uses $context->getTitle() these days, but some extensions
// still use $wgTitle.
$badTitle = SpecialPage::getTitleFor( 'Badtitle' );
$context->setTitle( $badTitle );
$wgTitle = $badTitle;
throw new PermissionsError( 'read', $permissionStatus );
}
// Interwiki redirects
if ( $title->isExternal() ) {
$rdfrom = $request->getVal( 'rdfrom' );
if ( $rdfrom ) {
$url = $title->getFullURL( [ 'rdfrom' => $rdfrom ] );
} else {
$query = $request->getValues();
unset( $query['title'] );
$url = $title->getFullURL( $query );
}
// Check for a redirect loop
if ( !preg_match( '/^' . preg_quote( $this->getConfig( MainConfigNames::Server ), '/' ) . '/', $url )
&& $title->isLocal()
) {
// 301 so google et al report the target as the actual url.
$output->redirect( $url, 301 );
} else {
$context->setTitle( SpecialPage::getTitleFor( 'Badtitle' ) );
try {
$this->parseTitle( $request );
} catch ( MalformedTitleException $ex ) {
throw new BadTitleError( $ex );
}
throw new BadTitleError();
}
// Handle any other redirects.
// Redirect loops, titleless URL, $wgUsePathInfo URLs, and URLs with a variant
} elseif ( !$this->tryNormaliseRedirect( $title ) ) {
// Prevent information leak via Special:MyPage et al (T109724)
$spFactory = $this->getServiceContainer()->getSpecialPageFactory();
if ( $title->isSpecialPage() ) {
$specialPage = $spFactory->getPage( $title->getDBkey() );
if ( $specialPage instanceof RedirectSpecialPage ) {
$specialPage->setContext( $context );
if ( $this->getConfig( MainConfigNames::HideIdentifiableRedirects )
&& $specialPage->personallyIdentifiableTarget()
) {
[ , $subpage ] = $spFactory->resolveAlias( $title->getDBkey() );
$target = $specialPage->getRedirect( $subpage );
// Target can also be true. We let that case fall through to normal processing.
if ( $target instanceof Title ) {
if ( $target->isExternal() ) {
// Handle interwiki redirects
$target = SpecialPage::getTitleFor(
'GoToInterwiki',
'force/' . $target->getPrefixedDBkey()
);
}
$query = $specialPage->getRedirectQuery( $subpage ) ?: [];
$derivateRequest = new DerivativeRequest( $request, $query );
$derivateRequest->setRequestURL( $request->getRequestURL() );
$context->setRequest( $derivateRequest );
// Do not varnish cache these. May vary even for anons
$output->lowerCdnMaxage( 0 );
// NOTE: This also clears any action cache.
// Action should not have been computed yet, but if it was,
// we reset it because special pages only support "view".
$context->setTitle( $target );
$wgTitle = $target;
$title = $target;
$output->addJsConfigVars( [
'wgInternalRedirectTargetUrl' => $target->getLinkURL( $query ),
] );
$output->addModules( 'mediawiki.action.view.redirect' );
// If the title is invalid, redirect but show the correct bad title error - T297407
if ( !$target->isValid() ) {
try {
$this->getServiceContainer()->getTitleParser()
->parseTitle( $target->getPrefixedText() );
} catch ( MalformedTitleException $ex ) {
throw new BadTitleError( $ex );
}
throw new BadTitleError();
}
}
}
}
}
// Special pages ($title may have changed since if statement above)
if ( $title->isSpecialPage() ) {
// Actions that need to be made when we have a special pages
$spFactory->executePath( $title, $context );
} else {
// ...otherwise treat it as an article view. The article
// may still be a wikipage redirect to another article or URL.
$article = $this->initializeArticle();
if ( is_object( $article ) ) {
$this->performAction( $article, $requestTitle );
} elseif ( is_string( $article ) ) {
$output->redirect( $article );
} else {
throw new UnexpectedValueException( "Shouldn't happen: MediaWiki::initializeArticle()"
. " returned neither an object nor a URL" );
}
}
$output->considerCacheSettingsFinal();
}
}
/**
* Handle redirects for uncanonical title requests.
*
* Handles:
* - Redirect loops.
* - No title in URL.
* - $wgUsePathInfo URLs.
* - URLs with a variant.
* - Other non-standard URLs (as long as they have no extra query parameters).
*
* Behaviour:
* - Normalise title values:
* /wiki/Foo%20Bar -> /wiki/Foo_Bar
* - Normalise empty title:
* /wiki/ -> /wiki/Main
* /w/index.php?title= -> /wiki/Main
* - Don't redirect anything with query parameters other than 'title' or 'action=view'.
*
* @param Title $title
* @return bool True if a redirect was set.
* @throws HttpError
*/
protected function tryNormaliseRedirect( Title $title ): bool {
$request = $this->getRequest();
$output = $this->getOutput();
if ( $request->getRawVal( 'action', 'view' ) != 'view'
|| $request->wasPosted()
|| ( $request->getCheck( 'title' )
&& $title->getPrefixedDBkey() == $request->getText( 'title' ) )
|| count( $request->getValueNames( [ 'action', 'title' ] ) )
|| !$this->getHookRunner()->onTestCanonicalRedirect( $request, $title, $output )
) {
return false;
}
if ( $this->getConfig( MainConfigNames::MainPageIsDomainRoot ) && $request->getRequestURL() === '/' ) {
return false;
}
$services = $this->getServiceContainer();
if ( $title->isSpecialPage() ) {
[ $name, $subpage ] = $services->getSpecialPageFactory()
->resolveAlias( $title->getDBkey() );
if ( $name ) {
$title = SpecialPage::getTitleFor( $name, $subpage );
}
}
// Redirect to canonical url, make it a 301 to allow caching
$targetUrl = (string)$services->getUrlUtils()->expand( $title->getFullURL(), PROTO_CURRENT );
if ( $targetUrl == $request->getFullRequestURL() ) {
$message = "Redirect loop detected!\n\n" .
"This means the wiki got confused about what page was " .
"requested; this sometimes happens when moving a wiki " .
"to a new server or changing the server configuration.\n\n";
if ( $this->getConfig( MainConfigNames::UsePathInfo ) ) {
$message .= "The wiki is trying to interpret the page " .
"title from the URL path portion (PATH_INFO), which " .
"sometimes fails depending on the web server. Try " .
"setting \"\$wgUsePathInfo = false;\" in your " .
"LocalSettings.php, or check that \$wgArticlePath " .
"is correct.";
} else {
$message .= "Your web server was detected as possibly not " .
"supporting URL path components (PATH_INFO) correctly; " .
"check your LocalSettings.php for a customized " .
"\$wgArticlePath setting and/or toggle \$wgUsePathInfo " .
"to true.";
}
throw new HttpError( 500, $message );
}
$output->setCdnMaxage( 1200 );
$output->redirect( $targetUrl, '301' );
return true;
}
/**
* Initialize the main Article object for "standard" actions (view, etc)
* Create an Article object for the page, following redirects if needed.
*
* @return Article|string An Article, or a string to redirect to another URL
*/
protected function initializeArticle() {
$context = $this->getContext();
$title = $context->getTitle();
$services = $this->getServiceContainer();
if ( $context->canUseWikiPage() ) {
// Optimization: Reuse the WikiPage instance from context, to avoid
// repeat fetching or computation of data already loaded.
$page = $context->getWikiPage();
} else {
// This case should not happen, but just in case.
// @TODO: remove this or use an exception
$page = $services->getWikiPageFactory()->newFromTitle( $title );
$context->setWikiPage( $page );
wfWarn( "RequestContext::canUseWikiPage() returned false" );
}
// Make GUI wrapper for the WikiPage
$article = Article::newFromWikiPage( $page, $context );
// Skip some unnecessary code if the content model doesn't support redirects
// Use the page content model rather than invoking Title::getContentModel()
// to avoid querying page data twice (T206498)
if ( !$page->getContentHandler()->supportsRedirects() ) {
return $article;
}
$request = $context->getRequest();
// Namespace might change when using redirects
// Check for redirects ...
$action = $request->getRawVal( 'action', 'view' );
$file = ( $page instanceof WikiFilePage ) ? $page->getFile() : null;
if ( ( $action == 'view' || $action == 'render' ) // ... for actions that show content
&& !$request->getCheck( 'oldid' ) // ... and are not old revisions
&& !$request->getCheck( 'diff' ) // ... and not when showing diff
&& $request->getRawVal( 'redirect' ) !== 'no' // ... unless explicitly told not to
// ... and the article is not a non-redirect image page with associated file
&& !( is_object( $file ) && $file->exists() && !$file->getRedirected() )
) {
// Give extensions a change to ignore/handle redirects as needed
$ignoreRedirect = $target = false;
$this->getHookRunner()->onInitializeArticleMaybeRedirect( $title, $request,
// @phan-suppress-next-line PhanTypeMismatchArgument Type mismatch on pass-by-ref args
$ignoreRedirect, $target, $article );
$page = $article->getPage(); // reflect any hook changes
// Follow redirects only for... redirects.
// If $target is set, then a hook wanted to redirect.
if ( !$ignoreRedirect && ( $target || $page->isRedirect() ) ) {
// Is the target already set by an extension?
$target = $target ?: $page->followRedirect();
if ( is_string( $target ) && !$this->getConfig( MainConfigNames::DisableHardRedirects ) ) {
// we'll need to redirect
return $target;
}
if ( is_object( $target ) ) {
// Rewrite environment to redirected article
$rpage = $services->getWikiPageFactory()->newFromTitle( $target );
$rpage->loadPageData();
if ( $rpage->exists() || ( is_object( $file ) && !$file->isLocal() ) ) {
$rarticle = Article::newFromWikiPage( $rpage, $context );
$rarticle->setRedirectedFrom( $title );
$article = $rarticle;
// NOTE: This also clears any action cache
$context->setTitle( $target );
$context->setWikiPage( $article->getPage() );
}
}
}
}
return $article;
}
/**
* Perform one of the "standard" actions
*
* @param Article $article
* @param Title $requestTitle The original title, before any redirects were applied
*/
protected function performAction( Article $article, Title $requestTitle ) {
$request = $this->getRequest();
$output = $this->getOutput();
$title = $this->getTitle();
$user = $this->getUser();
if ( !$this->getHookRunner()->onMediaWikiPerformAction(
$output, $article, $title, $user, $request, $this )
) {
return;
}
$t = microtime( true );
$actionName = $this->getAction();
$services = $this->getServiceContainer();
$action = $services->getActionFactory()->getAction( $actionName, $article, $this->getContext() );
if ( $action instanceof Action ) {
ProfilingContext::singleton()->init( MW_ENTRY_POINT, $actionName );
// Check read permissions
if ( $action->needsReadRights() && !$user->isAllowed( 'read' ) ) {
throw new PermissionsError( 'read' );
}
// Narrow DB query expectations for this HTTP request
if ( $request->wasPosted() && !$action->doesWrites() ) {
$trxProfiler = Profiler::instance()->getTransactionProfiler();
$trxLimits = $this->getConfig( MainConfigNames::TrxProfilerLimits );
$trxProfiler->setExpectations( $trxLimits['POST-nonwrite'], __METHOD__ );
}
// Let CDN cache things if we can purge them.
// Also unconditionally cache page views.
if ( $this->getConfig( MainConfigNames::UseCdn ) ) {
$htmlCacheUpdater = $services->getHtmlCacheUpdater();
if ( $request->matchURLForCDN( $htmlCacheUpdater->getUrls( $requestTitle ) ) ) {
$output->setCdnMaxage( $this->getConfig( MainConfigNames::CdnMaxAge ) );
} elseif ( $action instanceof ViewAction ) {
$output->setCdnMaxage( 3600 );
}
}
$action->show();
$runTime = microtime( true ) - $t;
$statAction = strtr( $actionName, '.', '_' );
$services->getStatsFactory()->getTiming( 'action_executeTiming_seconds' )
->setLabel( 'action', $statAction )
->copyToStatsdAt( 'action.' . $statAction . '.executeTiming' )
->observe( 1000 * $runTime );
return;
}
// If we've not found out which action it is by now, it's unknown
$output->setStatusCode( 404 );
$output->showErrorPage( 'nosuchaction', 'nosuchactiontext' );
}
}

2
includes/exception/ErrorPageError.php
View file

@ -82,7 +82,7 @@ class ErrorPageError extends MWException implements ILocalizedException {
$wgOut->showErrorPage( $this->title, $this->msg, $this->params );
// Allow skipping of the final output step, so that web-based page views
// from MediaWiki.php, can inspect the staged OutputPage state, and perform
// graceful shutdown via doPreOutputCommit first, just like for regular
// graceful shutdown via prepareForOutput() first, just like for regular
// output when there isn't an error page.
if ( $action === self::SEND_OUTPUT ) {
$wgOut->output();

13
index.php
View file

@ -14,6 +14,8 @@
* The main web entry point for web browser navigations, usually via an
* Action or SpecialPage subclass.
*
* @see MediaWiki\Actions\ActionEntryPoint The implementation.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
@ -30,9 +32,10 @@
* http://www.gnu.org/copyleft/gpl.html
*
* @file
* @ingroup entrypoint
*/
use MediaWiki\Actions\ActionEntryPoint;
define( 'MW_ENTRY_POINT', 'index' );
// Bail on old versions of PHP, or if composer has not been run yet to install
@ -43,9 +46,5 @@ wfEntryPointCheck( 'html', dirname( $_SERVER['SCRIPT_NAME'] ) );
require __DIR__ . '/includes/WebStart.php';
wfIndexMain();
function wfIndexMain() {
$mediaWiki = new MediaWiki();
$mediaWiki->run();
}
// Create the entry point object and call run() to handle the request.
( new ActionEntryPoint( RequestContext::getMain() ) )->run();

356
tests/phpunit/includes/MediaWikiTest.php
View file

@ -2,13 +2,7 @@
use MediaWiki\Deferred\DeferredUpdates;
use MediaWiki\MainConfigNames;
use MediaWiki\Request\FauxRequest;
use MediaWiki\Request\WebRequest;
use MediaWiki\Request\WebResponse;
use MediaWiki\SpecialPage\SpecialPage;
use MediaWiki\Title\MalformedTitleException;
use MediaWiki\Title\Title;
use Wikimedia\TestingAccessWrapper;
/**
* @group Database
@ -44,333 +38,6 @@ class MediaWikiTest extends MediaWikiIntegrationTestCase {
parent::tearDown();
}
public static function provideTryNormaliseRedirect() {
return [
[
// View: Canonical
'url' => 'http://example.org/wiki/Foo_Bar',
'query' => [],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Escaped title
'url' => 'http://example.org/wiki/Foo%20Bar',
'query' => [],
'title' => 'Foo_Bar',
'redirect' => 'http://example.org/wiki/Foo_Bar',
],
[
// View: Script path
'url' => 'http://example.org/w/index.php?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path with implicit title from page id
'url' => 'http://example.org/w/index.php?curid=123',
'query' => [ 'curid' => '123' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path with implicit title from revision id
'url' => 'http://example.org/w/index.php?oldid=123',
'query' => [ 'oldid' => '123' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path without title
'url' => 'http://example.org/w/index.php',
'query' => [],
'title' => 'Main_Page',
'redirect' => 'http://example.org/wiki/Main_Page',
],
[
// View: Script path with empty title
'url' => 'http://example.org/w/index.php?title=',
'query' => [ 'title' => '' ],
'title' => 'Main_Page',
'redirect' => 'http://example.org/wiki/Main_Page',
],
[
// View: Index with escaped title
'url' => 'http://example.org/w/index.php?title=Foo%20Bar',
'query' => [ 'title' => 'Foo Bar' ],
'title' => 'Foo_Bar',
'redirect' => 'http://example.org/wiki/Foo_Bar',
],
[
// View: Script path with escaped title
'url' => 'http://example.org/w/?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Root path with escaped title
'url' => 'http://example.org/?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Canonical with redundant query
'url' => 'http://example.org/wiki/Foo_Bar?action=view',
'query' => [ 'action' => 'view' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Edit: Canonical view url with action query
'url' => 'http://example.org/wiki/Foo_Bar?action=edit',
'query' => [ 'action' => 'edit' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Index with action query
'url' => 'http://example.org/w/index.php?title=Foo_Bar&action=view',
'query' => [ 'title' => 'Foo_Bar', 'action' => 'view' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Edit: Index with action query
'url' => 'http://example.org/w/index.php?title=Foo_Bar&action=edit',
'query' => [ 'title' => 'Foo_Bar', 'action' => 'edit' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Path with double slash prefix (T100782)
'url' => 'http://example.org//wiki/Double_slash',
'query' => [],
'title' => 'Double_slash',
'redirect' => false,
],
[
// View: Media namespace redirect (T203942)
'url' => 'http://example.org/w/index.php?title=Media:Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'File:Foo_Bar',
'redirect' => 'http://example.org/wiki/File:Foo_Bar',
],
];
}
/**
* @dataProvider provideTryNormaliseRedirect
* @covers MediaWiki::tryNormaliseRedirect
*/
public function testTryNormaliseRedirect( $url, $query, $title, $expectedRedirect = false ) {
// Set SERVER because interpolateTitle() doesn't use getRequestURL(),
// whereas tryNormaliseRedirect does(). Also, using WebRequest allows
// us to test some quirks in that class.
$_SERVER['REQUEST_URI'] = $url;
$_POST = [];
$_GET = $query;
$req = new WebRequest;
// This adds a virtual 'title' query parameter. Normally called from Setup.php
$req->interpolateTitle();
$titleObj = Title::newFromText( $title );
// Set global context since some involved code paths don't yet have context
$context = RequestContext::getMain();
$context->setRequest( $req );
$context->setTitle( $titleObj );
$mw = new MediaWiki( $context );
$method = new ReflectionMethod( $mw, 'tryNormaliseRedirect' );
$method->setAccessible( true );
$ret = $method->invoke( $mw, $titleObj );
$this->assertEquals(
$expectedRedirect !== false,
$ret,
'Return true only when redirecting'
);
$this->assertEquals(
$expectedRedirect ?: '',
$context->getOutput()->getRedirect()
);
}
public static function provideParseTitle() {
return [
// title
"No title means main page" => [
'query' => [],
'expected' => 'Main Page',
],
"Empty title also means main page" => [
'query' => wfCgiToArray( '?title=' ),
'expected' => 'Main Page',
],
"Valid title" => [
'query' => wfCgiToArray( '?title=Foo' ),
'expected' => 'Foo',
],
"Invalid title" => [
'query' => wfCgiToArray( '?title=[INVALID]' ),
'expected' => false,
],
// oldid
"Invalid 'oldid'… means main page? (we show an error elsewhere)" => [
'query' => wfCgiToArray( '?oldid=9999999' ),
'expected' => 'Main Page',
],
"Valid 'oldid'" => [
'query' => wfCgiToArray( '?oldid=1' ),
'expected' => 'Main Page',
],
"Invalid 'oldid' (contains letters that are not 'next', 'prev', 'cur')" => [
'query' => wfCgiToArray( '?oldid=abc' ),
'expected' => 'Main Page', // TODO: throw an error for this someday
],
"Invalid 'oldid' (equals zero)" => [
'query' => wfCgiToArray( '?oldid=0' ),
'expected' => 'Main Page', // TODO: throw an error for this someday
],
"Valid 'oldid' (is blank)" => [
'query' => wfCgiToArray( '?oldid=' ),
'expected' => 'Main Page',
],
// diff
"Invalid numeric 'diff'… means main page? (we show an error elsewhere)" => [
'query' => wfCgiToArray( '?diff=9999999' ),
'expected' => 'Main Page',
],
"Valid 'diff'" => [
'query' => wfCgiToArray( '?diff=1' ),
'expected' => 'Main Page',
],
"Invalid 'diff' (contains letters that are not 'next', 'prev', 'cur')" => [
'query' => wfCgiToArray( '?diff=abc' ),
'expected' => 'Main Page', // TODO: throw an error for this someday
],
"Invalid 'diff' (equals zero)" => [
'query' => wfCgiToArray( '?diff=0' ),
'expected' => 'Main Page', // TODO: throw an error for this someday
],
"Valid 'diff' (is blank)" => [
'query' => wfCgiToArray( '?diff=' ),
'expected' => 'Main Page',
],
// curid
"Invalid 'curid'" => [
'query' => wfCgiToArray( '?curid=9999999' ),
'expected' => false,
],
// search
"'search' parameter with no title provided forces Special:Search" => [
'query' => wfCgiToArray( '?search=foo' ),
'expected' => 'Special:Search',
],
// action
"No title with 'action' still means main page" => [
'query' => wfCgiToArray( '?action=history' ),
'expected' => 'Main Page',
],
"No title with 'action=delete' does not mean main page, because we want to discourage deleting it by accident :D" => [
'query' => wfCgiToArray( '?action=delete' ),
'expected' => false,
],
// multiple URI parameters
"Valid 'diff' (contains letters that are 'next', 'prev', 'cur')" => [
'query' => wfCgiToArray( '?title=Main_Page&diff=prev&oldid=1' ),
'expected' => 'Main Page',
],
"Valid 'diff' (is blank, has title)" => [
'query' => wfCgiToArray( '?title=Foo&diff=' ),
'expected' => 'Foo',
],
"Invalid 'diff' (contains letters, has title)" => [
'query' => wfCgiToArray( '?title=Main_Page&diff=abc' ),
'expected' => 'Main Page', // TODO: throw an error for this someday
],
"'action=revisiondelete' forces Special:RevisionDelete even with title" => [
'query' => wfCgiToArray( '?action=revisiondelete&title=Unused' ),
'expected' => 'Special:RevisionDelete',
],
"'action=historysubmit&revisiondelete=1' forces Special:RevisionDelete even with title" => [
'query' => wfCgiToArray( '?action=historysubmit&revisiondelete=1&title=Unused' ),
'expected' => 'Special:RevisionDelete',
],
"'action=editchangetags' forces Special:EditTags even with title" => [
'query' => wfCgiToArray( '?action=editchangetags&title=Unused' ),
'expected' => 'Special:EditTags',
],
"'action=historysubmit&editchangetags=1' forces Special:EditTags even with title" => [
'query' => wfCgiToArray( '?action=historysubmit&editchangetags=1&title=Unused' ),
'expected' => 'Special:EditTags',
],
];
}
private function doTestParseTitle( array $query, $expected ): void {
if ( $expected === false ) {
$this->expectException( MalformedTitleException::class );
}
$req = new FauxRequest( $query );
$mw = new MediaWiki();
$method = new ReflectionMethod( $mw, 'parseTitle' );
$method->setAccessible( true );
$ret = $method->invoke( $mw, $req );
$this->assertEquals(
$expected,
$ret->getPrefixedText()
);
}
/**
* @dataProvider provideParseTitle
* @covers MediaWiki::parseTitle
*/
public function testParseTitle( $query, $expected ) {
$this->doTestParseTitle( $query, $expected );
}
public static function provideParseTitleExistingPage(): array {
return [
"Valid 'oldid'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?oldid=' . $page->getRevisionRecord()->getId() ),
],
"Valid 'diff'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?diff=' . $page->getRevisionRecord()->getId() ),
],
"Valid 'curid'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?curid=' . $page->getId() ),
],
];
}
/**
* @dataProvider provideParseTitleExistingPage
* @covers MediaWiki::parseTitle
*/
public function testParseTitle__existingPage( callable $queryBuildCallback ) {
$pageTitle = 'TestParseTitle test page';
$page = $this->getExistingTestPage( $pageTitle );
$query = $queryBuildCallback( $page );
$this->doTestParseTitle( $query, $pageTitle );
}
/**
* Test a post-send job can not set cookies (T191537).
* @coversNothing
@ -420,27 +87,4 @@ class MediaWikiTest extends MediaWikiIntegrationTestCase {
$logger->getBuffer()
);
}
/**
* @covers MediaWiki::performRequest
*/
public function testInvalidRedirectingOnSpecialPageWithPersonallyIdentifiableTarget() {
$this->overrideConfigValue( MainConfigNames::HideIdentifiableRedirects, true );
$specialTitle = SpecialPage::getTitleFor( 'Mypage', 'in<valid' );
$req = new FauxRequest( [
'title' => $specialTitle->getPrefixedDbKey(),
] );
$req->setRequestURL( $specialTitle->getFullUrl() );
$context = new RequestContext();
$context->setRequest( $req );
$context->setTitle( $specialTitle );
$mw = TestingAccessWrapper::newFromObject( new MediaWiki( $context ) );
$this->expectException( BadTitleError::class );
$this->expectExceptionMessage( 'The requested page title contains invalid characters: "<".' );
$mw->performRequest();
}
}

401
tests/phpunit/includes/actions/ActionEntryPointTest.php Normal file
View file

@ -0,0 +1,401 @@
<?php
use MediaWiki\Actions\ActionEntryPoint;
use MediaWiki\MainConfigNames;
use MediaWiki\Request\FauxRequest;
use MediaWiki\Request\WebRequest;
use MediaWiki\Request\WebResponse;
use MediaWiki\SpecialPage\SpecialPage;
use MediaWiki\Title\MalformedTitleException;
use MediaWiki\Title\Title;
use Wikimedia\TestingAccessWrapper;
// phpcs:disable MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals
/**
* @group Database
* @covers MediaWiki\Actions\ActionEntryPoint
*/
class ActionEntryPointTest extends MediaWikiIntegrationTestCase {
private ?array $oldServer;
private ?array $oldGet;
private ?array $oldPost;
protected function setUp(): void {
parent::setUp();
$this->overrideConfigValues( [
MainConfigNames::Server => 'http://example.org',
MainConfigNames::ScriptPath => '/w',
MainConfigNames::Script => '/w/index.php',
MainConfigNames::ArticlePath => '/wiki/$1',
MainConfigNames::ActionPaths => [],
MainConfigNames::LanguageCode => 'en',
] );
// phpcs:disable ActionEntryPoint.Usage.SuperGlobalsUsage.SuperGlobals
$this->oldServer = $_SERVER;
$this->oldGet = $_GET;
$this->oldPost = $_POST;
}
protected function tearDown(): void {
$_SERVER = $this->oldServer;
$_GET = $this->oldGet;
$_POST = $this->oldPost;
// The ActionEntryPoint class writes to $wgTitle. Revert any writes done in this test to make
// sure that they don't leak into other tests (T341951)
$GLOBALS['wgTitle'] = null;
// Restore a scope stack that will run updates immediately
DeferredUpdates::setScopeStack( new DeferredUpdatesScopeMediaWikiStack() );
parent::tearDown();
}
/**
* @return ActionEntryPoint
*/
private function getEntryPoint(): ActionEntryPoint {
return new ActionEntryPoint( RequestContext::getMain() );
}
public static function provideTryNormaliseRedirect() {
return [
[
// View: Canonical
'url' => 'http://example.org/wiki/Foo_Bar',
'query' => [],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Escaped title
'url' => 'http://example.org/wiki/Foo%20Bar',
'query' => [],
'title' => 'Foo_Bar',
'redirect' => 'http://example.org/wiki/Foo_Bar',
],
[
// View: Script path
'url' => 'http://example.org/w/index.php?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path with implicit title from page id
'url' => 'http://example.org/w/index.php?curid=123',
'query' => [ 'curid' => '123' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path with implicit title from revision id
'url' => 'http://example.org/w/index.php?oldid=123',
'query' => [ 'oldid' => '123' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Script path without title
'url' => 'http://example.org/w/index.php',
'query' => [],
'title' => 'Main_Page',
'redirect' => 'http://example.org/wiki/Main_Page',
],
[
// View: Script path with empty title
'url' => 'http://example.org/w/index.php?title=',
'query' => [ 'title' => '' ],
'title' => 'Main_Page',
'redirect' => 'http://example.org/wiki/Main_Page',
],
[
// View: Index with escaped title
'url' => 'http://example.org/w/index.php?title=Foo%20Bar',
'query' => [ 'title' => 'Foo Bar' ],
'title' => 'Foo_Bar',
'redirect' => 'http://example.org/wiki/Foo_Bar',
],
[
// View: Script path with escaped title
'url' => 'http://example.org/w/?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Root path with escaped title
'url' => 'http://example.org/?title=Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Canonical with redundant query
'url' => 'http://example.org/wiki/Foo_Bar?action=view',
'query' => [ 'action' => 'view' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Edit: Canonical view url with action query
'url' => 'http://example.org/wiki/Foo_Bar?action=edit',
'query' => [ 'action' => 'edit' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// View: Index with action query
'url' => 'http://example.org/w/index.php?title=Foo_Bar&action=view',
'query' => [ 'title' => 'Foo_Bar', 'action' => 'view' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Edit: Index with action query
'url' => 'http://example.org/w/index.php?title=Foo_Bar&action=edit',
'query' => [ 'title' => 'Foo_Bar', 'action' => 'edit' ],
'title' => 'Foo_Bar',
'redirect' => false,
],
[
// Path with double slash prefix (T100782)
'url' => 'http://example.org//wiki/Double_slash',
'query' => [],
'title' => 'Double_slash',
'redirect' => false,
],
[
// View: Media namespace redirect (T203942)
'url' => 'http://example.org/w/index.php?title=Media:Foo_Bar',
'query' => [ 'title' => 'Foo_Bar' ],
'title' => 'File:Foo_Bar',
'redirect' => 'http://example.org/wiki/File:Foo_Bar',
],
];
}
/**
* @dataProvider provideTryNormaliseRedirect
*/
public function testTryNormaliseRedirect( $url, $query, $title, $expectedRedirect = false ) {
// Set SERVER because interpolateTitle() doesn't use getRequestURL(),
// whereas tryNormaliseRedirect does(). Also, using WebRequest allows
// us to test some quirks in that class.
$_SERVER['REQUEST_URI'] = $url;
$_POST = [];
$_GET = $query;
$req = new WebRequest;
// This adds a virtual 'title' query parameter. Normally called from Setup.php
$req->interpolateTitle();
$titleObj = Title::newFromText( $title );
// Set global context since some involved code paths don't yet have context
$context = RequestContext::getMain();
$context->setRequest( $req );
$context->setTitle( $titleObj );
$mw = new ActionEntryPoint( $context );
$method = new ReflectionMethod( $mw, 'tryNormaliseRedirect' );
$method->setAccessible( true );
$ret = $method->invoke( $mw, $titleObj );
$this->assertEquals(
$expectedRedirect !== false,
$ret,
'Return true only when redirecting'
);
$this->assertEquals(
$expectedRedirect ?: '',
$context->getOutput()->getRedirect()
);
}
public static function provideParseTitle() {
return [
"No title means main page" => [
'query' => [],
'expected' => 'Main Page',
],
"Empty title also means main page" => [
'query' => wfCgiToArray( '?title=' ),
'expected' => 'Main Page',
],
"Valid title" => [
'query' => wfCgiToArray( '?title=Foo' ),
'expected' => 'Foo',
],
"Invalid title" => [
'query' => wfCgiToArray( '?title=[INVALID]' ),
'expected' => false,
],
"Invalid 'oldid'… means main page? (we show an error elsewhere)" => [
'query' => wfCgiToArray( '?oldid=9999999' ),
'expected' => 'Main Page',
],
"Invalid 'diff'… means main page? (we show an error elsewhere)" => [
'query' => wfCgiToArray( '?diff=9999999' ),
'expected' => 'Main Page',
],
"Invalid 'curid'" => [
'query' => wfCgiToArray( '?curid=9999999' ),
'expected' => false,
],
"'search' parameter with no title provided forces Special:Search" => [
'query' => wfCgiToArray( '?search=foo' ),
'expected' => 'Special:Search',
],
"'action=revisiondelete' forces Special:RevisionDelete even with title" => [
'query' => wfCgiToArray( '?action=revisiondelete&title=Unused' ),
'expected' => 'Special:RevisionDelete',
],
"'action=historysubmit&revisiondelete=1' forces Special:RevisionDelete even with title" => [
'query' => wfCgiToArray( '?action=historysubmit&revisiondelete=1&title=Unused' ),
'expected' => 'Special:RevisionDelete',
],
"'action=editchangetags' forces Special:EditTags even with title" => [
'query' => wfCgiToArray( '?action=editchangetags&title=Unused' ),
'expected' => 'Special:EditTags',
],
"'action=historysubmit&editchangetags=1' forces Special:EditTags even with title" => [
'query' => wfCgiToArray( '?action=historysubmit&editchangetags=1&title=Unused' ),
'expected' => 'Special:EditTags',
],
"No title with 'action' still means main page" => [
'query' => wfCgiToArray( '?action=history' ),
'expected' => 'Main Page',
],
"No title with 'action=delete' does not mean main page, because we want to discourage deleting it by accident :D" => [
'query' => wfCgiToArray( '?action=delete' ),
'expected' => false,
],
];
}
private function doTestParseTitle( array $query, $expected ): void {
if ( $expected === false ) {
$this->expectException( MalformedTitleException::class );
}
$req = new FauxRequest( $query );
$mw = $this->getEntryPoint();
$method = new ReflectionMethod( $mw, 'parseTitle' );
$method->setAccessible( true );
$ret = $method->invoke( $mw, $req );
$this->assertEquals(
$expected,
$ret->getPrefixedText()
);
}
/**
* @dataProvider provideParseTitle
*/
public function testParseTitle( $query, $expected ) {
$this->doTestParseTitle( $query, $expected );
}
public static function provideParseTitleExistingPage(): array {
return [
"Valid 'oldid'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?oldid=' . $page->getRevisionRecord()->getId() ),
],
"Valid 'diff'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?diff=' . $page->getRevisionRecord()->getId() ),
],
"Valid 'curid'" => [
static fn ( WikiPage $page ): array => wfCgiToArray( '?curid=' . $page->getId() ),
],
];
}
/**
* @dataProvider provideParseTitleExistingPage
*/
public function testParseTitle__existingPage( callable $queryBuildCallback ) {
$pageTitle = 'TestParseTitle test page';
$page = $this->getExistingTestPage( $pageTitle );
$query = $queryBuildCallback( $page );
$this->doTestParseTitle( $query, $pageTitle );
}
/**
* Test a post-send update can not set cookies (T191537).
* @coversNothing
*/
public function testPostSendJobDoesNotSetCookie() {
// Prevent updates from running immediately by setting
// a plain DeferredUpdatesScopeStack which doesn't allow
// opportunistic updates.
DeferredUpdates::setScopeStack( new DeferredUpdatesScopeStack() );
$response = new WebResponse;
// A update that attempts to set a cookie
$jobHasRun = false;
DeferredUpdates::addCallableUpdate( static function () use ( $response, &$jobHasRun ) {
$jobHasRun = true;
$response->setCookie( 'JobCookie', 'yes' );
$response->header( 'Foo: baz' );
} );
$hookWasRun = false;
$this->setTemporaryHook( 'WebResponseSetCookie', static function () use ( &$hookWasRun ) {
$hookWasRun = true;
return true;
} );
$logger = new TestLogger();
$logger->setCollect( true );
$this->setLogger( 'cookie', $logger );
$this->setLogger( 'header', $logger );
$mw = TestingAccessWrapper::newFromObject( $this->getEntryPoint() );
$mw->doPostOutputShutdown();
// restInPeace() might have been registered to a callback of
// register_postsend_function() and thus can not be triggered from
// PHPUnit.
if ( $jobHasRun === false ) {
$mw->restInPeace();
}
$this->assertTrue( $jobHasRun, 'post-send job has run' );
$this->assertFalse( $hookWasRun,
'post-send job must not trigger WebResponseSetCookie hook' );
$this->assertEquals(
[
[ 'info', 'ignored post-send cookie {cookie}' ],
[ 'info', 'ignored post-send header {header}' ],
],
$logger->getBuffer()
);
}
public function testInvalidRedirectingOnSpecialPageWithPersonallyIdentifiableTarget() {
$this->overrideConfigValue( MainConfigNames::HideIdentifiableRedirects, true );
$specialTitle = SpecialPage::getTitleFor( 'Mypage', 'in<valid' );
$req = new FauxRequest( [
'title' => $specialTitle->getPrefixedDbKey(),
] );
$req->setRequestURL( $specialTitle->getFullUrl() );
$context = new RequestContext();
$context->setRequest( $req );
$context->setTitle( $specialTitle );
$mw = TestingAccessWrapper::newFromObject( new ActionEntryPoint( $context ) );
$this->expectException( BadTitleError::class );
$this->expectExceptionMessage( 'The requested page title contains invalid characters: "<".' );
$mw->performRequest();
}
}