This reverts dc3bd3d721 (I385dca1d95) and re-applies d4ce0f3255 (Ib9fc34ca64).
The CI failures have been addressed.
Bug: T314008
Change-Id: I35a4f656c31b67ebb662bf6f6366f4ee846ecbda
This reverts commit d4ce0f3255.
Reason for revert: Causes unrelated test failures, ideally usages are made safe before the patch is merged.
Bug: T312838
Change-Id: I385dca1d95033961d3844e888521750443e49c95
Introduced in 3fdfef96e4 (I1e259b54dca4), and as of d7beb0e4ec
(I72ffc9f36613bf9) the debug message is no longer triggered in a
typical local install, nor in production.
Also:
* Improve detection and attribution by removing the last bit of cache
duplication in MediaWiki.php and defer to RequestContext.php.
Change-Id: Ib9fc34ca64b7c0e89a774bee9a36fa3882eb4ec3
This method is dependent on, and inherently must depend on, all of
Title, WikiPage, and WebRequest. And, like Title and WikiPage,
which also have getters in RequestContext, Action is also derived
from a query parameter that is widely recognised in almost all
web requests to index.php.
The status quo in core and extensions, is to obtain this value
via Action::getActionName(), which as a static method that bypasses
dependency injection and also has the problem of not being cached.
Caching it within ActionFactory seems hard and awkward, due to
varying by context.
In change I61d66211bd (22f9a32853) a cached wrapper method was added
internally to the Skin class. In change I8cbc4bba4d248d9 (235820d631)
another cached wrapper was added in the Gadgets extension.
This change takes this approach further by making it a stable public
method on RequestContext.
To facilitate testing and to offer basic confidence in this working
correctly, this commit also adopts the new method in two place that
are considered "safe" (Skin, and OutputPage). Both of these are
called relatively late in the PHP proccess and well after any Setup
code and overrides (such as in MediaWiki.php), during which it is
more complex to call this. I'll audit and update those in a subsequent
change.
Change-Id: I1e259b54dca48a32be5a8c6cbb8eb69aec2da115
This reverts commit ef458e8948.
Reason for revert: Causes page tabs to disappear on Special:WhatLinksHere.
Bug: T297744
Change-Id: I0ee282a9f7a5a9b2cfdc3261d800d9e27eaf977e
Code that needs to store an actor ID in the database to
represent a UserIdentity, or needs to construct a UserIdentity based on
an actor ID loaded from the database, should use the ActorNormalization
service.
Note: The getActorId() method is removed from the UserIdentity interface,
but all concrete classes continue to support it for now.
UsererIdentityValue::getActorId() is hard deprecated and should
be removed in 1.37. It always returns 0.
User::getActorId() is not deprecated at this point.
Bug: T274179
Depends-On: Id2b3ddf6a2a7cdf90f8936a69148d2cce6fde237
Change-Id: I9925906d11e47efaec3c1f48d5cb3f9896a982c1
We started to call Authority argument $performer everywhere,
and $performer->getPerformer() doesn't look that good.
Change-Id: Id2cf3f27b18340314e4ed1ea9931ad9404b4df6f
The name change happened some time ago, and I think its
about time to start using the name name!
(Done with a find and replace)
My personal motivation for doing this is that I have started
trying out vscode as an IDE for mediawiki development, and
right now it doesn't appear to handle php aliases very well
or at all.
Change-Id: I412235d91ae26e4c1c6a62e0dbb7e7cf3c5ed4a6
assertSame() is guaranteed to not do any type conversion. This can be
critical when acciden tially comparing, for example, 0 to 0.0.
Change-Id: Iffcc9bda69573623ba14af655dcd697d0fcce525
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
If a non-persisted session ID is exported, then when the session is
reloaded by RequestContext::importScopedSession() the session_start()
will wind up persisting it.
Bug: T124971
Change-Id: If03d130acca6bb98029cfa3cc520cd46f42ff15e
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
