* This is useful for logic that decides what DB (master/slave) to use
based on the nature of the web request. It could also be used to
enforce clear read/write distinctions via exceptions if DB_MASTER
is misused.
* Also fixed two IDEA errors while editing this class.
Bug: T134608
Change-Id: I43f4bc06c19d823d7d1ffd9cee8bbe60563c7f82
We currently push a request id into structured logging (monolog/
logstash) to allow seeing all logs that were triggered by the same
request. This extends that to pass the id through jobs so jobs triggered
by a web request also share the same id and can be tracked together.
This web request id will follow jobs both directly created by a request,
and jobs created by those jobs.
This should give us some more visibility when debugging into what
started a particular job, and if a large number of jobs blowing up the
job queue are somehow related.
Change-Id: Iedbd031e6e9bb18fd6f7b923c8c305102255ab4b
Remove "\\" in namespacing. This is a Doxygen compatibility hack but
does not seem needed anymore, Doxygen reads namespaced class names
correctly, see e.g. https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Services_1_1ServiceContainer.html
PHP IDEs, on the other hand, were broken by the double backslash.
As an unrelated small doc fix, add parameter docs to PermissionError
constructor (parent has different arguments so the inherited
documentation is wrong).
Change-Id: I6da0f512b8c84f65fd20e90e4617108fe6a8fcd2
When MediaWiki encounters an unhandled exception, the error message it produces
includes a randomly-generated token, which allows the exception details to be
looked up in the error logs. This is useful but narrow: would it not be useful
to have the ability to retrieve all log records associated with a particular
request, rather than just exception details? (Hint: yes.)
So: introduce the notion of a request-global unique ID, retrievable via
WebRequest::getRequestId(). When MediaWiki is behind Apache + mod_unique_id
(which provides the same facility) or some other software which sets a
UNIQUE_ID envvar, the value of that envvar is used as the request ID.
Otherwise, it is a randomly-generated 24-character string.
The request ID supplants exception-specific IDs; MWExceptionHandler::getLogId()
is deprecated, accordingly. The request ID is also added as an annotation to
all Monolog-processed log records, and is exposed client-side as 'wgRequestId'.
This allows developers to associate a page view with log records even when the
page view does not result in an unhandled exception. (For the WMF, I also
intend to add it as an annotation to profiling data).
The request ID is not a tracking token; it does not persist, and it is
associated with a backend request, not with a particular user or a particular
session. Like the data in the NewPP report, the request ID is designed to be
cacheable, so that if, for example, a developer notices something weird in the
HTML, s/he can associate the output with a backend request regardless of
whether the response was served from the cache or directly from the backend.
Some prior art:
* https://httpd.apache.org/docs/2.4/mod/mod_unique_id.html
* http://api.rubyonrails.org/classes/ActionDispatch/RequestId.html
* https://github.com/dabapps/django-log-request-id
* https://packagist.org/packages/php-middleware/request-id
* https://github.com/rhyselsmore/flask-request-id
Change-Id: Iaf90c20c330e0470b9b98627a0228cadefd301d1
This change mirrors logic that has been in use on the Wikimedia
Foundation production cluster's Varnish cache system for over 2 years to
guard against accidentally caching backend responses which include
Set-Cookie headers.
Bug: T127993
Change-Id: Ic79cf6c959dd870d6458874a9bffe9e25aba4919
Clearing the cookies in this case is probably a good idea.
This also clears cookies when a non-persisted session's metadata is
dirty, for parallelism with what happens to persisted sessions.
Bug: T127436
Change-Id: I76897eaac063e5e3c3563398d0f4cb36cf93783b
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
It's not guaranteed that loadSessionFromStore() will succeed after
whatever alterations the SessionProvider might have made later in the
request.
So instead, let's make a new global object that stores the SessionId
of the persistent session that was loaded during Setup.php, if any. Then
we can check that when we need to know whether the session was
persisted.
Bug: T124468
Change-Id: I1e8e616c83b16aadd86b0a0a40826d40f6e8abe4
It's easily possible for SessionManager::getSessionById() to not be
able to load the specified session and to not be able to create an empty
one by that ID, for example if the user's token changed. So change this
from an exceptional condition to an expected one, and adjust callers to
deal with it appropriately.
Let's also make the checks for invalid data structure when loading the
session from the store delete the bogus data entirely.
At the same time, let's change the silly "$noEmpty" parameter to
"$create" and make the default behavior be not to create an empty
session.
Bug: T124126
Change-Id: I085d2026d1b366b1af9fd0e8ca3d815fd8288030
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
* The '.php5' entrypoints were deprecated in I68b1ae842, $wgScriptExtension
in I3690f78bc.
* Drop the associated ResourceLoader configuration variable, too. `mwgrep`
shows no usage in the MediaWiki namespace.
* Keep the scriptExtension configuration parameter for FileRepo for people who
would like to interoperate with older MediaWiki installations that still use
'.php5'.
Change-Id: I17c8a15484b7e82cd5970d34e688109a2aae3840
Actually override initHeaders to avoid init of the header, if no header
was set.
The tests was taken from I4c06369968e.
Follows-up 578a0c082f.
Change-Id: I86b2a9bae2f5938374fd9e5e46997c3fdfe87e39
For testing, it can be useful for a FauxRequest to actually contain
cookies. And for convenience, it's useful to allow setting headers by
passing an array rather than by making multiple calls to ->setHeader().
Change-Id: I3b84246e954aae594490927d2b0a57336af2e3a5
See https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Ignoring SVN stuff because svn.wikimedia.org's SSL certificate has expired, and
ignoring wgSharedUploadPath because T25122 wants to get rid of it.
Also a couple of BZ -> phab changes
Change-Id: I02fd23ac6c30a4a4c718e57d4dedbc693dd653c0
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
* Add a stub FauxRequest::initHeaders method. This allows FauxRequest to
use WebRequest's getHeader implemention, leading to less code duplication.
* Add an optional $flags parameter to WebRequest::getHeader. When the flag
WebRequest::GETHEADER_LIST is set, treat the header as a comma-separated
list of values (per RFC 2616 § 4.2) and return an array.
(Initial use-case: Ibb292d241's treatment of If-None-Match header.)
* Add test.
See <http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html>.
Change-Id: I2760f57adfa7b886c84044a6e9348a47ac307229
* Deprecate $wgRequestTime in favor of $_SERVER['REQUEST_TIME_FLOAT'], which is
more accurate. Because $_SERVER['REQUEST_TIME_FLOAT'] is only set for PHP
5.4+, set it to microtime( true ) in WebStart.php for back-compatibility.
* Add a 'requestTime' property to WebRequest objects, set to
$_SERVER['REQUEST_TIME_FLOAT'] for WebRequest or the instance creation time
for FauxRequest instances.
* Use that to provide WebRequest::getElapsedTime(), which gets the time since
the request was initiated.
* In wfLogProfilingData(), get the user and request objects from the context
object rather than from global scope.
Opportunistic clean-up: move the magic quotes check to WebStart.php and make
the error message more helpful.
Change-Id: I7e07e22eaf16b5141b80ad9f843285c542a127b7
This drops support for the custom utf8 normal PHP extension in favor
of the intl extension.
Bug: T90825
Change-Id: Ifbaeb2ef684217cf6187ccc4fb4d303f89608300
According to PHP documentation:
http://www.php.net/manual/en/reserved.variables.server.php
The $_SERVER['HTTPS'] is set to a non-empty value if the script was queried
through the HTTPS protocol. There is also note that for ISAPI with IIS, the
value is set to 'off' if the request was not made through the HTTPS protocol.
To follow the PHP documentation the $_SERVER['HTTPS'] == 'on' doesn't seem
to be the correct way how to detect the HTTPS protocol (there maybe e.g. '1'
instead of 'on').
Bug: 46511
Change-Id: I5675fed9b7d54711b96b25702181112ef3692f3c
All callers have been updated to provide their own getLocalUrl() calls as
appropriate, so deprecate calling appendQueryValue() and appendQueryArray()
with $onlyquery = false.
appendQuery() is now unused and deprecated as it always assumed $onlyquery = false
Change-Id: I142195c39f278165118a52143031008d9c68e01a
When $_SERVER['HTTP_X_FORWARDED_PROTO'] is set, keep the detected
protocol default port rather than using the local server port when
creating a canonical URL.
Bug: 70021
Change-Id: I2b37da5872929e1c461ff20cccf3dfe11f182a2f
WebRequest is no longer required to be a singleton for $wgRequest,
thanks to https://gerrit.wikimedia.org/r/144996
Change-Id: Ica629fd28d96f8ee77ee548b0a284abf24b1e780
- Swap "$variable type" to "type $variable"
- Added missing types
- Fixed spacing inside docs
- Makes beginning of @param/@return/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: I783e4dbfe5f6f98b32b9a03ccf6439e13e132bcc
This "feature" of PHP has been disabled by default for quite some
time, deprecated in 5.3 and removed entirely in 5.4.
See <http://www.php.net/manual/en/security.magicquotes.php> for
information on why this practice is bad and how to disable it.
For MediaWiki, the removed todo comment says it all. Doing this
messes with all of the super globals and makes embedding MediaWiki
inside another application problematic. It also increases our
memory footprint for every single request even when the data might
not be used.
Finally, it makes it possible to instantiate new WebRequest objects
pretty much whenever you want, so there's no reason for $wgRequest
to exist anymore.
Bug: 11558
Change-Id: I4bc0392276f454ceb966547c7fbd7c8190ebbc7c
This function was deprecated in 1.20 and slated for removal in 1.22;
there were supposed to be warnings given in 1.21 but there does
not seem to be any use of this function otherwise in core.
Change-Id: If70a4e2c1509bf3527d5f8960c14115ce4ab713e
* Throw an error if there is no immediate server IP, otherwise the
XFF logic is wonky.
* Refactored the loop to be a bit easier to read.
* Better handle "unknown" entries in the XFF chain.
Change-Id: I9541afa408d895c3fd337a883ecfe4ce0ba57090
This adds a new generic library class IPSet, which precomputes
a reasonably-efficient data structure from the input list of
addresses and CIDR net/mask specs for fast runtime matching,
and then uses it to check trusted XFF-setters.
See also: 32b4f19f173fc5cff1029eedee63a39a2d72dd3a
Bug: 57021
Change-Id: Ia3b12fb90c3e7e492374a128943b014481cc2730
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Change-Id: I4ca5231119f33039d91da3b57a41cd40719a576b
