Since the branch cut has happened, we can bump and get rid of legacy
cruft. According to the policy we can go up to 1.31 but let's keep it
that way to avoid major distruptions.
Change-Id: I9d697445a3bb5047726c8b2a7f808edb8403cdda
One exception message contained a trailing dot/space, which I removed
as well, following I935835316c0.
A very small number of exceptions and output() calls contained trailing
space, which I removed for consistency.
Change-Id: I16f48c1a051c452bbef699eb9b7476d83f8821d8
This patch removes the '--nopurge' option which allows disallowing
the purge. The db caches will now be cleared unconditionally if the
update script is run.
The option description is already not quite accurate because of
more cache clearing logic that was incrementally added later without
updating the description.
Bug: T271062
Change-Id: I1d8cad057bc58dfb4042f146023f08417e491b78
Many files were in the autoloader despite having potentially harmful
file-scope code.
* Exclude all CommandLineInc maintenance scripts from the autoloader.
* Introduce "NO_AUTOLOAD" tag which excludes the file containing it
from the autoloader. Use it on CommandLineInc.php and a few
suspicious-looking files without classes in case they are refactored
to add classes in the future.
* Add a test which parses all non-PSR4 class files and confirms that
they do not contain dangerous file-scope code. It's slow (15s) but
its results were enlightening.
* Several maintenance scripts define constants in the file scope,
intending to modify the behaviour of MediaWiki. Either move the
define() to a later setup function, or protect with NO_AUTOLOAD.
* Use require_once consistently with Maintenance.php and
doMaintenance.php, per the original convention which is supposed to
allow one maintenance script to use the class of another maintenance
script. Using require breaks autoloading of these maintenance class
files.
* When Maintenance.php is included, check if MediaWiki has already
started, and if so, return early. Revert the fix for T250003 which
is incompatible with this safety measure. Hopefully it was superseded
by splitting out the class file.
* In runScript.php add a redundant PHP_SAPI check since it does some
things in file-scope code before any other check will be run.
* Change the if(false) class_alias(...) to something more hackish and
more compatible with the new test.
* Some site-related scripts found Maintenance.php in a non-standard way.
Use the standard way.
* fileOpPerfTest.php called error_reporting(). Probably debugging code
left in; removed.
* Moved mediawiki.compress.7z registration from the class file to the
caller.
Change-Id: I1b1be90343a5ab678df6f1b1bdd03319dcf6537f
It caused a 20% latency regression by unconditionally parsing extension.json
files on every single load instead of using the existing caching
infrastructure. There are further problems with the use of parsing/loading
extension.json files in a method that is incompatible with the existing
architecture.
This primarily reverts commit 46eabe275c.
Also needed to revert 16381261ae and 7c72347ec1.
Bug: T258664
Change-Id: I34a783c3f0df0447876a26441bb2d12e02368871
Decouple Installer services
Implement injection class Autoloader and i18n messages from extension.json
Implement extension selector by type
Add i18n message key `version-database`
Extensions for testing:
- https://github.com/MWStake/PerconaDB - real Percona extension
- https://github.com/killev/mediawiki-dbext2 - fake extension for test
Bug: T226857, T255151
Change-Id: I9ec8a18ad19283f6be67ac000110ac370afc0815
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
We're now requiring PHPUnit 8.5+, which is not vulnerable. In theory,
this should guarantee that the vulnerable file is absent.
However, I'm not opposed to holding for a MW version or two.
Referencing original bug for completeness:
Bug: T180231
Change-Id: Ibfe28e22abab0fe3bb655bdef1f237a4d42b0bb2
This bug was fixed over 10 years ago and is impossible to encounter
on modern libxml versions. While libxml versions might vary slightly
for the same PHP version depending on how it's built, this gives a
general idea:
https://3v4l.org/Tk27c
Change-Id: I669abb3543180e6edd090297fcfcb811aa833b57
The following function are set to public in the parent class and cannot
have another visibility in subclasses
Maintenance::__construct
Maintenance::execute
Maintenance::getDbType
Maintenance::validateParamsAndArgs
Maintenance::setDB
Change-Id: I0cd6514642d479aca20f1221bf673b0713c21631
Gerrit change 522014 (merged as b8b2514) mostly corrected this
issue, but one line was missed. Fixing that now.
Bug: T213893
Change-Id: I0a57f5902f1af2619fe47f7ee53695d3fd03adaf
A change to update.php used the null coalesce (??) operator.
While this is normally fine, the code in question executes
before the PHP version check, and causes an unfriendly PHP
error rather than the intended helpful error. Use the older-style
isset() call instead, so that the PHP version check will get
a chance to execute.
Bug: T213893
Change-Id: I22e4a24bed9e0b29e08afc7b9468e7bfd81d7d57
The nice thing about explode() is that the resulting array is
guaranteed to contain at least one element. The array can not be
empty.
In some of these cases it might be possible to use strstr() instead,
but that returns an empty string when the needle character is not
found. explode() returns the original string in this case.
Change-Id: I6ad1f3273defeaf36e2305fd871eaaf9d3c1e134
T110209 caused maintenance scripts to fail on unknown parameters,
which is normally desirable. However, some extensions (notably
SemanticMediaWiki) need to support additional params and had no
way to add them to the list of expected parameters. It will
now be possible them to update.php via a new hook:
MaintenanceUpdateAddParams.
Bug: T213893
Change-Id: Ia40949ccb2f32090f21e0f3f7e5b9c4aef322330
Clean up use of @codingStandardsIgnore
- @codingStandardsIgnoreFile -> phpcs:ignoreFile
- @codingStandardsIgnoreLine -> phpcs:ignore
- @codingStandardsIgnoreStart -> phpcs:disable
- @codingStandardsIgnoreEnd -> phpcs:enable
For phpcs:disable always the necessary sniffs are provided.
Some start/end pairs are changed to line ignore
Change-Id: I92ef235849bcc349c69e53504e664a155dd162c8
Deprecate the second argument to Maintenance::error() in favor of a new
Maintenance::fatalError() method. This is intended to make it easier to
review flow control in maintenance scripts.
Change-Id: I75699008638f7e99b11210c7bb9e2e131fca7c9e
If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.
Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
If MediaWiki has increased the minimum database server version that is
required, check it when running update.php to ensure it is still
compatible. Previously this was only checked during the installer.
Bug: T162044
Change-Id: I47092c9557f4706a4dcb3a23150647e68af4317f
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
This includes renaming fixBug20757.php to fixT22757.php for similar consistency.
Change-Id: If81a590d658fbd82c20c54ac47dfdc8856745ca3
Maintenance::error() will not cause the script to exit unless the
$die argument, when cast as an integer, is greater than 0. Since
the default value is 0, specify a different one, as in the other
calls from within the same function.
Follows-up 943563062f.
Change-Id: I3af72b1cd87c63d7f57436866633e86c272e904f
In the age when we require PHP 5.5, pretending that mbstring emulation
is not slow and silly is silly.
Bug: T129435
Change-Id: Ic8235c9da9a926df63ec7388900c44eab454eebe
* testCompression.php: Called $wgLang, but didn't set it.
It just assumed it was English. Use a local variable instead.
* update.php: Set $wgLang to English. Set main RequestContext as well.
* transstat.php: Rename $wgLanguages to $languages for less confusion.
It's just a local instance of language.inc's Languages class.
Change-Id: I67865f4d8710946001f7586ab0a17e125366b184
