A crude solution for the acquireTarget() race condition. Use SQL
GET_LOCK() to lock the target from the acquireTarget() call until the
transaction is committed.
Add FOR UPDATE to the acquireTarget() SELECT, otherwise it just sees the
snapshot version of the row and inserts a new row anyway.
Add a test which reliably failed prior to the change.
Reword the ipb-block-not-found message. This is normal for simultaneous
blocks of the same target. Don't contact us. In the API, remap it to
"alreadyblocked".
Bug: T389028
Change-Id: I1fa35bf08d456a93930194786f77df389217ba61
(cherry picked from commit 2b65587e4d92e7f27661e8821b14f74ade939cfa)
Implicitly marking parameter $... as nullable is deprecated in php8.4,
the explicit nullable type must be used instead
Created with autofix from Ide15839e98a6229c22584d1c1c88c690982e1d7a
Break one long line in SpecialPage.php
Bug: T376276
Change-Id: I807257b2ba1ab2744ab74d9572c9c3d3ac2a968e
Use SessionManager::invalidateSessionsForUser() rather then just
resetting the user token when logging out a user who is blocked
on a $wgBlockDisablesLogin wiki, so they are properly logged out
even when an authentication extension like CentralAuth is active.
Doesn't entirely fix the todo in that that it will invalidate
sessions for the local user with the same name as the blocked
user, and if that's a cross-wiki user there's still no guarantee
it is the same user. But in practice it's unlikely not to be.
Change-Id: Ic48814fcfeb71ca0736bac5f133ff407cf494021
A constant is not a variable. The type is hard-coded via the value
and can never change. While the extra @var probably doesn't hurt much,
it's redundant and error-prone and can't provide any additional
information.
Change-Id: Iee1f36a1905d9b9c6b26d0684b7848571f0c1733
Why:
* A hook is needed which is called when User::spreadAnyEditBlock
is called, so that extensions which provide alternative blocking
mechanisims (such as the GlobalBlocking extension) can spread
their blocks when local blocks are spread.
What:
* Add SpreadAnyEditBlockHook which is called from User
::spreadAnyEditBlock when it is called except when the user is
not registered.
** The hook is called even if the user is not locally blocked
* The return value of User::spreadAnyEditBlock is modified to
return true if either a local block or alternative blocking
mechanism spread blocks.
* Update UserTest to test this new behaviour.
Bug: T374857
Change-Id: Id302a6362d6177c89da9cdf4e677b3822ecb85f1
Callers should not catch an unchecked exception, so it doesn't belong
in a function signature. Unchecked exceptions indicate a coding error,
which by definition the code will not be able to handle correctly.
If any of these exceptions were supposed to be in response to an edge
case, user input, or initial conditions, then they should be changed
to a runtime error. If the exception class cannot be changed, then
the annotation should include a comment explaining its purpose and
prognosis.
Bug: T240672
Change-Id: I2e640b9737cb68090a8e1cb70067d1b74037d647
Mostly used find-and-replace:
Find:
/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?)[\s\*]+/\s*(private|protected|public) (\$[a-z]\w+;\n)((?=\s*/\*[\*\s]+@var (I?[A-Z](\w+)(?:Interface)?))\n|)
Replace with:
\3 \1 \4
More could be done, but to keep this patch reasonably sized, I only
changed the most obvious and unambiguously correct cases.
In some cases, I also removed redundant doc comments on the
constructor, and re-ordered the properties to match the constructor.
Change-Id: I819ed771c915293663856c577a481d607b76ed80
Avoid the call to internal constructor of AndExpressionGroup and
OrExpressionGroup by creating a factory function similiar as the
IReadableDatabase::expr function for Expression objects.
This is also a replacement for calls to ISQLPlatform::makeList with
LIST_AND or LIST_OR argument to reduce passing sql as string to the
query builders.
Created two functions to allow the return type to be set for both
expression group to allow further calls of ->and() or ->or() on the
returned object.
Depending on the length of the array argument to makeList() it is
sometimes hard to see if the list gets converted to AND or OR, having
the operator in the function name makes it easier to read, so two
functions are helpful in this case as well.
Bug: T358961
Change-Id: Ica29689cbd0b111b099bb09b20845f85ae4c3376
In PHP 8, but not in PHP 7.4, every class with a __toString() function
implicitly implements the Stringable interface. Therefore, the
behavior of checks like "instanceof Stringable" differs between these
PHP versions when such classes are involved. Make every such class
implement the interface so that the behavior will be consistent.
The PHP 7.4 fallback for the Stringable interface is provided by
symfony/polyfill-php80.
Change-Id: I3f0330c2555c7d3bf99b654ed3c0b0303e257ea1
* Deprecate and stop using $wgBlockTargetMigrationStage. Remove
block_target migration code.
* Make the $schema parameters to DatabaseBlockStore methods default to
SCHEMA_BLOCK. Avoid passing these parameters where possible.
* Remove cleanupBlocks.php
* Deprecate DatabaseBlock static methods which try to present the old
schema for b/c.
Bug: T362133
Change-Id: I845bad8cc09a4528fef46a6f9d490ebdec881d99
In the new schema, getRangeCond() with a specified range of say
1.2.0.0/16 would match blocks of narrower range with the same start,
e.g. 1.2.0.0/24, because a match of bt_ip_hex was sufficient, but that
is the same as the start of the range.
So, when searching for single IP blocks, add a condition requiring
bt_range_start IS NULL.
This affects the bkip parameter to ApiQueryBlocks and searches from
Special:BlockList.
Add regression test.
Change-Id: Ie3943befb8a02cc4939624f7bad48ae50056cd7d
With the new schema and sql_mode=ONLY_FULL_GROUP_BY, we get an error
from LocalIdLookup::lookupCentralIds() due to user_name not being in the
GROUP BY.
So, just use a subquery, identical to the one used by getExpression().
Change-Id: If22561b5ce5762a33fc8aa13ee9406990c8ae8ce
This is using SelectQueryBuilder::queryInfo to interact with legacy code
In the long term this needs refactor to get a SelectQueryBuilder from
the class instead of a query info array.
Bug: T344971
Depends-On: I5dff80a2819bba4e923654ef31816a54269354b3
Change-Id: Ibf44e7de30e71fe8dd6447f77dfd0bf726be0a9b
Fix the real issues found by this sniff, and convert the remaining
false positive ignores to per-line ignores so that any more real issues
won't be added.
Change-Id: I18e75d59df327e2d93a3a487c115e92b9f268722
A non-typehinted argument could be a raw sql string ending in the sql
statement, using typehint makes sure this is an safe integer
Change-Id: I2c1eef4dd2a05b9bb1329b79749502a242804687
The RandomPage alias was dropped in an earlier commit, so
group the release note entry in with these.
Change-Id: I207d7463ced1a1bb8b8ac749eba175fc0037a217
* Add a comment explaining why we need table aliases in HideUserUtils
subqueries.
* Use the table aliases consistently in inner field references. While
this does not appear to be strictly necessary, since unprefixed fields
refer to the inner query by default, it helps to improve the clarity
of the code.
Change-Id: Id68684ea12060a259dc87e66edd63b925da2c3b1
There's no index on bt_user_text alone, only one that is prefixed with
bt_ip_hex. So include a condition on bt_ip_hex when searching for blocks
by username.
Bug: T360165
Change-Id: I99ed17ed66449ab7c3f76c98d90f91a75fbd8fd5
On en.wikipedia.org, MariaDB chooses to materialize the subquery,
copying about 810,000 rows to a temporary table.
So, use a dependent scalar subquery, which is not eligible for this
"optimisation".
Bug: T360163
Change-Id: I7819a6870871687ea96f92dfd3f8fe581b54cc24
When updating an autoblock due to a reblock, use the correct reason
message instead of the parent block reason.
If the reblock causes the parent block to expire before the autoblock,
adjust the autoblock expiry time downwards.
Adapt testUpdateBlock() to be a regression test for these two bugs.
Bug: T351173
Change-Id: I19843e4971106250cf9644ef68d68d6e33c6e3ab
User "0", page "0" and edit summary "0" are all valid.
Treating them as empty may cause subtle inconsistencies.
Change-Id: I90a92bfb972cca840e5d8060dac3f116a22990db
When searching for an existing block_target row to use for a new block
of an IP address, include bt_auto in the conditions. Otherwise, if there
is an existing autoblock, the new block will fail due to a mismatch of
bt_count, leaking information about the private IP address.
Bug: T357366
Change-Id: If873ca590aadd29ab0b9d672a99438d70c4292d9
The block ID is exposed in various places and must be consistent between
the two schemas.
Bug: T357366
Change-Id: I5b104242341ebcfec8f33a904c771d61d236dca2
This should act identical to before, apart for support of expiry before
unix epoch. This shouldn't be a real world use-case, rather the check
for a negative expiry was for PHP 5 support when -1 was returned instead
of false.
Bug: T248196
Change-Id: I803c99f20844a4ccf151b454e75f7d4d128f429c
The array spread operator is documented to behave identical to
array_merge. The syntax is just much shorter and easier to read in
situations like this, in my opinion.
Change-Id: I3b016e896e552af53d87d5e72436dc4e29070ce1
The idea is that all formatters that need the user language or
other request specific context should be instantiated by
FormatterFactory.
Change-Id: I8334cc89dcf0f293298b82e004116be50a90f0d1
