Turn this into a doc group, and let the descriptions come
directly from the files in question. This makes the list easier
to maintain, and alsom means that the overview page becomes
discoverable whenever one is looking at the entry point file
as well. Previously the doc page pointed to the entry points,
but not the other way around. This is also fixed.
Bug: T244294
Change-Id: I891c5a37e17592edc1136d7367949927121c8bc8
* Deprecate WebRequest::checkUrlExtension() and have it always return
true. This reverts the security fixes made for T30235.
* Remove IEUrlExtension. This is a helper for checkUrlExtension() which
is not used in any extensions.
* Remove CSS sanitization code which is specific to IE6. This reverts
the changes made to fix T57332, and related followups. I confirmed
that the relevant test cases do not result in XSS on IE8.
* Remove related tests.
Bug: T232563
Change-Id: I7318ea4a63210252ebc64968691d4f62d79a63e9
Set appropriate headers and flush the output as needed to avoid blocking
the client on post-send updates for the stock apache2 server scenario.
Several cases have bits of header logic to avoid delay:
a) basic GET/POST requests that succeed (e.g. HTTP 2XX)
b) requests that fail with errors (e.g. HTTP 500)
c) If-Modified-Since requests (e.g. HTTP 304)
d) HEAD requests
This last two still block on deferred updates, so schedulePostSendJobs()
does not trigger on them as a form of mitigation. Slow deferred updates
should only trigger on POST anyway (inline and redirect responses are
OK), so this should not be much of a problem.
Deprecate triggerJobs() and implement post-send job runs as a deferred.
This makes it easy to check for the existence of post-send updates by
calling DeferredUpdates::pendingUpdatesCount() after the pre-send stage.
Also, avoid running jobs on requests that had exceptions. Relatedly,
remove $mode option from restInPeace() and doPostOutputShutdown()
Only one caller was using the non-default options.
Bug: T206283
Change-Id: I2dd2b71f1ced0f4ef8b16ff41ffb23bb5b4c7028
Define the global constant MW_REST_API in rest.php, by analogy with
MW_API. Also generalize this by adding MW_ENTRY_POINT, which contains
the entry script name, "cli" or "unknown". This allows tests such as
if ( MW_ENTRY_POINT !== 'index' )
which is probably what is really intended by defined('MW_API') in many
cases.
Change-Id: I24099f4cdd170de17afd6e1bbad67c9b204071fc
Make it Profiler.php's responsibility to enforce this, based on the
existing signal from ProfilerOutput::logsToOutput().
The ProfilerOutputText class should not have to double-check this
a second time.
Long-term, I'd like even this check in Profiler::logDataPageOutputOnly
to be removed, because really the external caller of that should
know whether it is safe to output stuff or not rather than stashing
its own state inside Profiler::$allowOutput and then implicitly
reading it back out again later on. But, that's for another time.
Also:
* Remove use of deprecated Profiler::setTemplated while at it.
* Make 'visible' parameter explicit, as for other parameters.
Change-Id: Iaa3fc4ea25a059b90235d769db60c04b8f152f05
It also removes some code duplication which is nice.
This unlocks various future changes, including:
* Making the `$config` parameter mandatory for the ResourceLoader class
constructor, which currently falls back to global state.
This should be deprecated and removed.
* Making it possible to instantiate the ResourceLoader class
without all the default MW modules being registered from
global state. E.g. move MW module registration from main class
constructor to ServiceWiring, and remove the 'EmptyResourceLoader'
class hack from unit tests, and use regular 'new ResourceLoader'
instead.
* Making ResourceLoader a standalone library (some day),
e.g. allowing it to be instantiated from a basic PHP script,
in a way that is still useful and perhaps able to serve
(most) RL modules without MW itself.
Bug: T32956
Change-Id: I4939f296c705b268e9cf8de635e923a739410470
This was already disabled in 2016 with 98c6743413 by calling
setRequestInfo() to override the default 'ChronologyProtection' value
from Setup.php.
This stopped working since 4ccb228bde which made
getDBLoadBalancerFactory (in ServiceWiring) obtains a LoadBalancer
from MWLBFactory::setSchemaAliases, and requestInfo is not
re-evaluated after that.
Bug: T192611
Change-Id: I68748e8f15bcd7bfa8d7921964788e2798682e05
For load.php requests, Xenon in Wikimedia production measures that half
the time for wfGetLB() is spent in ChronologyProtector::initPositions,
and its query to Memcached.
Change-Id: I24f90897e56fd679c6bd1acf764722ed58e51c67
Attempts to use session data via this endpoint will now cause exceptions
to be thrown.
Bug: T127233
Change-Id: Id83eda9564314bb4e11368aa395127f349b2cff4
This makes it easier to fetch messages without having to manually
call inLanguage() on each wfMessage() call, which is currently
causing some code forget this and use plain wfMessage() which
defaults to MediaWiki user language from session.
I've considered setting $wgLang or RequestContext::getMain(),
but that's still bad since modules get passed a context in their
methods and shouldn't be using global context either.
The warnings provided by MW_NO_SESSION are exactly what we want.
Change-Id: I1288fa5622d9f82d21bb66c8eb6518b90e7cddb4
The following entry points already didn't have it:
* opensearch.php
* thumb.php
* thumb_handlers.php
Now removed from api.php and load.php as well. The check was broken
because these entry points use the 'use' keyword for PHP namespaces,
which results in a syntax error on PHP < 5.3.
The check remains in index.php, mw-config/index.php, and
Maintenance (for e.g. install.php).
Bug: T112942
Change-Id: I9026d69ddfb3e02612256b4a9df525c432bb33c6
* Added doPreOutputCommit() and doPostOutputShutdown(),
which most entry points just using the later
* Also fixed problem where text profiling did not show up
* Avoid calling triggerJobs() in the file streaming
entry points
Bug: T100127
Bug: T100085
Change-Id: Ibc7e768fd483389a01847f08cdeba4058c853d3f
This way, if someone tries to install MediaWiki via
either web installer or install.php maintenance script,
after obtaining from git, they get some useful information
on what to do.
Put the checks alongside the php version check, as
stuff installed via composer (mustache / lightncandy)
is used for NoLocalSettings.php and install.php
attempts to use logging stuff.
Also tried to make PHPVersionError look slightly nicer,
with some <h2> elements and more padding for the <p>
elements.
and centralized this code in one place, as much as possible,
for improved ease of maintenance.
Bug: T90438
Bug: T88951
Change-Id: Iae4eb42c4266dbe9213c5de8a96fccfbeaa9acb0
Follows-up I1343872de7, Ia533aedf63 and I2df2f80b81.
Also updated usage in text in documentation and the
installer LocalSettingsGenerator.
Most of them were handled by this regex:
- find: (require|include|require_once|include_once)\s*\(\s*(.+?)\s*\)\s*;$
- replace: $1 $2;
Change-Id: I6b38aad9a5149c9c43ce18bd8edbab14b8ce43fa
hphpc has been superseded by hhvm, so support for hphpc is no longer
needed.
* Continue to use Preprocessor_Hash under HipHop since it is still
faster under hhvm
* Keep $wgCompiledFiles for now, so that wikihiero doesn't give an error
before Ic9d1e795 is merged
* Migrate the run-server script and associated configuration file to
hhvm. Enable EnableStaticContentFromDisk since it doesn't seem
ridiculously inefficient at first glance. Run from $IP rather than
$IP/.. since hhvm is apparently not picky about sourcing files from
outside of the current directory.
Change-Id: Ic3e769f1fbad4f7ad26dd819406796fee48c6b45
Remove a trailing whitespace added by me in dirname( __FILE__ )
clean up and add some comments to the PHP version checks (they
can't use __DIR__ as they have to run in older PHP versions.
Change-Id: I6a7e8cb7dbf384d91dda4d0ecbef7ce588bc3073
We can now do this since we finally switched to PHP 5.3 for MW 1.20 and get rid of the silly dirname(__FILE__) stuff :)
Change-Id: Id9b2c9cd2e678197aa81c78adced5d1d31ff57b1
The only two usages left since r91590 are php version checks for index/load/api.php, and $wgAPIEnabled check in api.php. Consolidate all of the "bailing for invalid version" into PHPVersionError.php. Leaving $wgAPIEnabled as the only user was silly, so just echo and die like wfDie() would've done
* Added the ability to compile extensions. The build process is bootstrapped by running MediaWiki in interpreted mode. Extension setup file inclusions are slightly modified in a way that makes them register themselves for compilation. Then the same LocalSettings.php uses the compiled extension setup file when the compiled binary runs.
* Tested with Cite and ParserFunctions. The code which lets you have an extensions directory in a place other than $IP/../extensions is untested.
* Simplified WebStart.php slightly by using a custom $_SERVER variable to mark compiled mode. It will break if you don't use the supplied server.conf, but that will break a lot of things so don't do that.
* Fixed the core web entry points to include WebStart.php in compiled mode instead of interpreted.
* Made the build directory configurable. This is mostly so that I can grep the source tree without seeing loads of generated C++.
* In server.conf, added a rewrite rule allowing a /wiki/$1 article path.
* Removed server.conf log file location "/dev/stdout", breaks when you switch user
* Disable static content cache, breaks horribly when you set SourceRoot to a directory containing 7GB of files.
* Rewrote the run-server script in PHP, mostly to support the configurable build directory feature.
* Added an option to the run-server script to allow running in interpreted (hphpi) mode.
* Fix parsing of the three major entry points (index.php, api.php, load.php) back to PHP 4.4.9. We don't care what happens if you actually try to run these files on old versions, but the entry files need to parse correctly.
* consign /includes/templates/PHP4.php and /includes/templates/NoLocalSettings.php to the fiery pit of hell where they belong.
* Prevent loading of any other files for PHP < 5. WebStart.php was rendered unparseable in PHP 4 by the introduction of try/catch blocks in r85327.
* Die outright with a pretty error message on PHP < 5.2.3 as well as PHP 4. All versions of PHP below that throw parse errors of various sorts.
* Reimplement wfDie() to provide an entry-point-dependent die-with-readable-error-message function (for instance, we want a pretty human-readable page in index.php, something wrapped in CSS/JS /*...*/ comment block in load.php, etc).
* Standardise the appearance of the catastrophic errors thrown at the top of the stack with the ones lower down (exception-within-exception, etc). There isn't really a way to do this without duplication, AFAICT.
