Remove the special case GIFAR vulnerability check from UploadBase. I
put it there because the GIFAR vulnerability was so severe that we
needed to check for it even if $wgVerifyMimeType was false. Now that
support for Java applets has been dropped from browsers, the
vulnerability is not so severe and we can wind back the paranoia.
Add a ZipDirectoryReader invocation to MimeAnalyzer, to replace some
terrible regex hacks. This allows MimeAnalyzer to detect docx files
saved by LibreOffice (T291750).
This is also the new place for the GIFAR check. Add application/java
to $wgMimeTypeExclusions so that JAR uploads are rejected.
Since ZipDirectoryReader cannot look inside the contents of files in the
package, it can't detect the subtype of Open Document files. Use the
file extension instead, like what we do for Microsoft OPC files.
Remove public method detectZipType -- no callers in code search.
Bug: T291750
Change-Id: Iff1611c7adda9c0f0ed31593bad6dfffc9c9a086
UTF-8 is a strict superset of us-ascii, so any us-ascii file is a valid
UTF-8 file. So therefore it should be a safe encoding to use as it does
not allow you to hide JavaScript, unlike with UTF-7.
Bug: T278386
Change-Id: I0e52120812e3a0bd5112fe2c240ebb2d5d00ebc7
Now largely automated:
VARS=$(grep -o "'[A-Za-z0-9_]*'" includes/MainConfigNames.php | \
tr "\n" '|' | sed "s/|$/\n/;s/'//g")
sed -i -E "s/'($VARS)'/MainConfigNames::\1/g" \
$(grep -ERIl "'($VARS)'" includes/)
Then git add -p with lots of error-prone manual checking. Then
semi-manually add all the necessary "use" lines:
vim $(grep -L 'use MediaWiki\\MainConfigNames;' \
$(git diff --cached --name-only --diff-filter=M HEAD^))
I didn't bother fixing lines that were over 100 characters unless they
were over 120 and triggered phpcs.
Bug: T305805
Change-Id: I74e0ab511abecb276717ad4276a124760a268147
Make phan stricter about null types by setting null_casts_as_any_type to
false (the default in mediawiki-phan-config)
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T242536
Bug: T301991
Change-Id: I0f295382b96fb3be8037a01c10487d9d591e7e01
The functions returning null or the class property is set explict null.
Some function should not accept null or return null.
Found by phan strict checks
Change-Id: Ie50f23249282cdb18caa332f562a3945a58d86ff
Some function already document "False on failure", but does not document
it on the used type
Found by phan strict checks
Change-Id: I12eb8bbc99179833ee3e42c1a7d1dc1443682ca6
This looks like a classic case of using object stash and the only
usecase left in production that writes to objectcache table blocking
maint work on it.
Bug: T272512
Change-Id: I11d0990c9d38f1404e44cd0e572524f9ca43f2fe
As part of our wider work on modernising and making more welcoming the
language we use within and around MediaWiki, now is a good time for us
to rename these configuration variables:
- $wgFileBlacklist is now $wgProhibitedFileExtensions
- $wgMimeTypeBlacklist is now $wgMimeTypeExclusions
- $wgEnableUserEmailBlacklist is now $wgEnableUserEmailMuteList
- $wgShortPagesNamespaceBlacklist is now $wgShortPagesNamespaceExclusions
Bug: T277987
Depends-On: I91e065c58fda144a722a41cf532e717f962d7a64
Change-Id: I558a8b20d67d48edccce0d065aec2d22992e9dda
The non-strict conditions in if/while are true/false without the check.
In some situation the true/false is removed, because it is known to be a
bool (by is_bool check or type hint)
Change-Id: I5ca4c4771af25d2e785e82732df204a73653886e
array_fill_keys() was introduced in PHP 5.2.0 and works like
array_flip() except that it does only one thing (copying keys) instead
of two things (copying keys and values). That makes it faster and more
obvious.
When array_flip() calls were paired, I left them as is, because that
pattern is too cute. I couldn't kill something so cute.
Sometimes it was hard to figure out whether the values in array_flip()
result were used. That's the point of this change. If you use
array_fill_keys(), the intention is obvious.
Change-Id: If8d340a8bc816a15afec37e64f00106ae45e10ed
We started to call Authority argument $performer everywhere,
and $performer->getPerformer() doesn't look that good.
Change-Id: Id2cf3f27b18340314e4ed1ea9931ad9404b4df6f
I've check via codesearch the methods with changed
signatures are not overridden by extensions. There's
no way really to deprecate anything properly here.
Change-Id: Id79d2d2cb05c5df21b64b5443a62a3b16e684262
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
While trying to understand T273249, I followed all code
paths and found one that can result in mFinalExtension being
null: when a file is stashed, it gets a temporary name
without an extension.
This patch fixes a bunch of usages where this null might
cause type errors.
Bug: T273249
Change-Id: Ie8bd84d4637aec5a65ae8b220d9266d36873acc0
As of PHP 8, fopen() throws ValueError if the path is null.
For now, keep the same behaviour as on PHP 7, which is that
MimeAnalyzer::doGuessMimeType sees fopen() return false (as
if the path was valid but doesn't exist or is not readable)
and falls back to unknown/unknown, which UploadBase ignored.
Bug: T272328
Change-Id: I5056eba2e3fd59d7971971a32b3de36f1a018603
This includes fixing some mistakes, as well as removing
redundant text that doesn't add new information, either because
it literally repeats what the code already says, or is actually
duplicated.
Change-Id: I3a8dd8ce57192deda8916cc444c87d7ab1a36515
This introduces an ApiWatchlistTrait that refactors out common code
across APIs that allow you to watch pages. Some methods have been
migrated from ApiBase and changed completely, but codesearch suggests
they aren't being used outside the API modules in this patch.
Bug: T248512
Bug: T248514
Change-Id: Ia18627b9824dca81f44f0571e8420d89b7626cf6
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: Ie32c1b11b3d16ddfc0c83a757327d449ff80b2e4
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: I5ffbb91882ecce2019ab644839eab5e8fb8a1c5f
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: If560596f5e1e0a3da91afc36e656e7c27f040968
A terminating line break has not been required in wfDebug() since 2014,
however no migration was done. Some of these line breaks found their way
into LoggerInterface::debug() calls, where they mess up the formatting
of the debug log.
So, remove terminating line breaks from wfDebug() and
LoggerInterface::debug() calls.
Also:
* Fix the stripping of leading line breaks from the log header emitted
by Setup.php. This feature, accidentally broken in 2014, allows
requests to be distinguished in the log file.
* Avoid using the global variable $self.
* Move the logging of the client IP back to Setup.php. It was moved to
WebRequest in the hopes that it would not always be needed, however
$wgRequest->getIP() is now called unconditionally a few lines up in
Setup.php. This means that it is put in its proper place after the
"start request" message.
* Wrap the log header code in a closure so that variables like $name do
not leak into global scope.
* In Linker.php, remove a few instances of an unnecessary second
parameter to wfDebug().
Change-Id: I96651d3044a95b9d210b51cb8368edc76bebbb9e
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
* Update the two "processing_instruction_handler" and
"external_dtd_handler" callbacks to use a syntax for the callback
that doesn't stuff the class name in a string, but actually
references the class.
* We don't need call_user_func() in modern PHP7 any more.
* Add and update a few type hints in UploadBase to make the code
easier explorable.
Change-Id: I0ab3cfbe4f0bf15b1da4ab10fd9ffc1986d968d0
