It's deprecated in PHP 7.2, may as well replace it now.
I note that, contrary to claims at
https://wiki.php.net/rfc/deprecations_php_7_2#each, none of our uses
were trivially replaceable with foreach.
* wfArrayDiff2_cmp() is processing two arrays by value in parallel.
* MagicWordArray::parseMatch() is doing something funky with the data
structure returned by preg_match().
* HashRing was using it like "nextKey()", replaced with calls to key()
and next().
* FormatMetadata and IndexPager were both using it as a shorter way to
get both key() and current() for the first element in the array. I
suppose a foreach(){ break; } would do the same, but that's confusing.
Bug: T174354
Change-Id: I36169a04c764fdf1bfd6603395111c6fe0aae5eb
This function has gotten so unwieldy that a helper was
introduced. Instead, here's this class that makes
shelling out easier and more readable.
Example usage:
$result = Shell::command( 'shell command' )
->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] )
->limits( [ 'time' => 300 ] )
->execute();
$exitCode = $result->getExitCode();
$output = $result->getStdout();
This is a minimal change, so lots of stuff remains
unrefactored - I'd rather limit the scope of this commit.
A future improvement could be an ability to get stderr
separately from stdout.
Caveat: execution errors (proc_open is disabled/returned error) now
throw errors instead of returning a status code. wfShellExec() still
emulates this behavior though.
Competing commit: I7dccb2b67a4173a8a89b035e444fbda9102e4d0f
<legoktm> MaxSem: so you should continue working on your patch and I'll
probably refactor on top of it later after its merged :P
Change-Id: I8ac9858b80d7908cf7e7981d7e19d0fc9c2265c0
For some varargs a variable name is added with suffix ,... as seen for
many other varargs
Some @param are swapped, because there are in the wrong order
Enable Sniff MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
Change-Id: I60fec6025bce824d5c67563ab7b65ad6cd628ad8
Users with the hideuser right have an extra checkmark on Special:Block
to hide user, however this functionality can only be used on registered
users (not IPs) and only if a block is set to never expire. With this js
enhancement, hide the "hideuser" checkbox and label if the block time is
not set to infinite (either as selected from the dropdown or written
into the "other" input box).
Attribution to meta.wikimedia.org/wiki/User:Margott who uploaded a
draft for this patch on the task a while ago.
Bug: T133036
Change-Id: Ia8c3e25d923e1df57d5afd69e9de3d6f2543f628
ParserCache is already a singleton, making it a good candidate for a
service. $parserMemc is an odd global (it lacks the "wg" prefix) and is
ripe for deprecation.
The following are now deprecated:
* $parserMemc global
* ParserCache::singleton()
* wfGetParserCacheStorage()
A ParserCache::getCacheStorage() method was added for cases where direct
access to the underlying BagOStuff object is necessary.
Usage of $parserMemc will emit deprecation warnings through the
DeprecatedGlobal class mechanism. All usage in core was migrated.
Also take this opportunity to inject the $wgCacheEpoch global value into
ParserCache. This will require an update to the FlaggedRevs extension.
Change-Id: I2ac7afff0d8522214329248c3d1cdccd0f72bbd4
We have several types of change lists (old RC/watchlist/related
changes, enhanced RC/watchlist, history) with slightly different
HTML, each with their own idiosyncracies. JavaScript code trying
to identify lines by log ID / revision ID has to jump through all
kinds of hoops to work with that.
To simplify the lives of frontend / gadget maintainers and provide
something approaching an API for these pages, we now expose the basic
attributes of each change line (revision ID for edits, log type/action
and ID for log events) as data attributes.
The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
EnhancedChangesListModifyBlockLineData, PageHistoryLine,
ContributionsLineEnding and DeletedContributionsLineEnding hooks
are updated accordingly. New hooks (LogEventsListLineEnding and
NewPagesLineEnding) are added for the change list pages which did
not yet have them.
Change-Id: I6dd006d0b1b0fd35c0020f0f9eea9113eca30b35
While most of MediaWiki ignores the shell's/C library's locale setting,
there are some things other than shell execs that use it (e.g. the
luasandbox PHP extension).
To provide a consistent environment, set the locale in Setup.php instead
of letting it be changed mid-request depending on whether something else
happened to have called certain functions.
Bug: T107128
Change-Id: I02943803d26d5b1b3ac00ef9216f69cdfa149585
The following changes are added:
- Created MediawikiStatsdDataFactory interface
- Added hasData() method to see if there are any data to send
- Added getData() method to fetch data
- Made service infrastructure use MediawikiStatsdDataFactory interface
- Made wfLogProfilingData() use MediawikiStatsdDataFactory interface
- Added capability to enable/disable buffering collector
Bug: T166354
Change-Id: I2874175647e987996a9a399829b3319674471aaa
* Move @deprecated tags out of the header so the documentation comment
still has a summary
* makeKey() and co. are part of BagOStuff, not ObjectCache
Follows up 1e5961dbf6.
Change-Id: I168ce97597f288f6345a404354d68371e57522d3
For a while now these functions have called makeKey/makeGlobalKey() on
the default ObjectCache instances, and callers should now use those
functions directly instead.
There are other advantages to doing so, like in cases where the
ObjectCache instance being used has a different makeKey implementation
(e.g. memcache) than the default configured cache.
Change-Id: I9abf6badbf3ba800e591d2503b714433d5faf1e3
Introduce a service to represent wfReadOnly() and friends.
It's necessary to have two service instances, one for wfReadOnly() and
one for wfConfiguredReadOnlyReason(), to avoid a circular dependency,
since LoadBalancer needs the configured reason during construction, but
wfReadOnly() needs to query the currently active load balancer.
Not having a cache of the configuration makes it possible to dynamically
change the configuration. Ideally things would not change the
configuration, and I removed such instances in core, but to support
extensions, I added a test ensuring that the configuration can be changed.
Change-Id: I9bbee946c10742526d3423208efd68cb3cc5a7ee
I was bored. What? Don't look at me that way.
I mostly targetted mixed tabs and spaces, but others were not spared.
Note that some of the whitespace changes are inside HTML output,
extended regexps or SQL snippets.
Change-Id: Ie206cc946459f6befcfc2d520e35ad3ea3c0f1e0
Install the backtrace collector very early, so that we can get the
backtrace even if headers were sent from LocalSettings.php.
Bug: T157392
Change-Id: I9bc732b34481c95afb5362e135a87bd4302498e2
* Verified none of these constants depend on each other.
* Move them to the top of Defines.php for consistency.
Change-Id: I19c77e706d69bff513e4abafd0300207de0dbb1d
The old code was similar to Message::params(), but Message::params()
was unable to handle "special" parameters and received an overhaul
in 7f2663f, yet wfMessage remained broken. To avoid duplication,
wfMessage shall call Message::params() to correctly handle these
parameters.
CategoryMembershipChange::getChangeMessageText and its caller has
been updated so as not to take advantage of this bug.
Bug: T153747
Change-Id: I6667acf7e71c9db07fefc9fbb741c160e15823ff
If iiprop=badfile is set, expose the wfIsBadImage() status as a boolean.
This is mainly intended for use by Parsoid, but could be useful for
other API users too. The context title can be set by using the
badfilecontextitle parameter.
Also be a little more paranoid and make sure wfIsBadImage() always
returns a boolean.
Bug: T148343
Change-Id: I3432ead92b8d2a17de5243285f2760fc39b501ae
Most of these are simply changing annotations to reflect
reality. If a function can return false to indicate failure
the @return should indicate it.
Some are fixing preg_match calls, preg match returns 1, 0 or false,
but the functions all claim to return booleans.
This is far from all the incorrect return types in mediawiki, there
are around 250 detected by phan, but have to start somewhere.
Change-Id: I1bbdfee6190747bde460f8a7084212ccafe169ef
Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.
Also update some defect links.
Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
Parser tests depend upon being able to change the value of
$wgEnableMagicLinks at runtime, so skip caching the replacement patterns
while parser tests or phpunit tests are being run.
Change-Id: Ic9fe4fe898aa353bdefa2bf8207b77d2ac14887f
The ScopedCallback class was moved into a separate library. This updates
all callers to use the namespaced version, and provides a
backwards-compatibility class wrapper under the old name.
Bug: T146258
Change-Id: I2dd0a66fe2f510f26bdfef6b0a975c1beb3fd93c
Depends-On: Iea0c40bdd7776372ccf72db8f088a2abaa4d3721
Apparently it is possible for Parser::mParserOptions
to not be set in some cases. I'll try again later.
This reverts commit bda74bff6e.
Bug: T146433
Change-Id: Idb6d1b20995d5f86b712abb386ab987356c4f560
* This method is analogous to wfTimestamp(). Optimise for the common
idiom of just converting a timestamp without having the caller hold
on to any object.
* Make wfTimestamp() use this (it could already since it didn't
use any MWTimestamp methods). Use via MWTimestamp. While this is
the same as direct access, it allows future changes.
* Add tests covering this new method.
Change-Id: I7f9104f1701d92fe25d72c7943581c64e1d093fa
* Remove wf* function dependencies. This includes wfTempDir().
Callers now should specify the directory, though it will try to do
most of the wfTempDir() logic anyway if they do not.
* Update callers to inject wfTempDir() so $wgTmpDirectory is used by
TempFSFile instead of it probing to find a valid directory itself.
* Move most of the wfTempDir() logic to TempFSFile::getUsableTempDirectory().
* Remove unused getMimeType() method.
Change-Id: Idd55936b07f9448a6c90577708722b7b52b8fe66
wfEscapeWikiText() used $wgEnableMagicLinks, but that could result in an
inconsistency when something modifies the magic link related
ParserOptions.
In general, most uses of wfEscapeWikiText() are in parser functions or
when message parsing, so the Parser is a logical place for it.
A future patch will make it easy to use Parser::escapeWikitext() in
message parameters.
Change-Id: I0fd4d5c135541971b1384a20328f1302b03d715f
The magic link functionality is "old backwards-compatibility baggage"
that we probably want to get rid of eventually. The first step to doing
so would be making it configurable and allowing it to be turned off on
wikis that don't use it.
This adds each of the 3 magic link types as individual parser options,
which can be controlled by the $wgEnableMagicLinks setting.
Additionally, wfEscapeWikiText() was updated to only escape enabled
magic link types.
Bug: T47942
Change-Id: If63965f31d17da4b864510146e0018da1cae188c
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
* Add slash and backslash ('/' and '\') to $wgIllegalFileChars.
* Replace illegal chars before removing paths in wfStripIllegalFilenameChars().
This way users trying to upload a file with slashes in the name will
get a better filename suggestion (e.g. for 'Foo part 1/3.jpg', you
previously got '3.jpg', now you'll get 'Foo part 1-3.jpg'). Uploading
tools that don't special-case slashes will also behave better.
Change-Id: Ib78f48a5f8c92e8ab2dc773ea6789b96b3662177
No longer needed. Currently, MediaWiki supports neither PHP 5.3
nor HHVM 3.4 or lower. The minimum HHVM version stated in the
Compatibility section of the RELEASE-NOTES file is 3.6.5.
This reverts commit 8bd6f698cc.
Change-Id: I2edd25c4ce00eb324f7f6e04b2034ad28f7c6964
Enforce an upper limit of 100,000 bytes on commands executed via
wfShellExec() to avoid HHVM crash resulting from process spawned with
argument exceeding MAX_ARG_STRLEN, as defined in binfmts.h
Bug: T129506
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
(This is part of I6ec374ac9 wich was a re-submit of Ie98bf5af5
which got reverted by Ide7ab563)
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* integration tests (which most of the existing phpunit tests are)
In contrast to I6ec374ac9, this change does not cause singeltons
of legacy services to be reset. It is assumed that legacy services
use global state to access services and configuration, so any
change in confuguration would affect them immediately.
NOTE: the original I6ec374ac9 would cause session information to
get lost if the user session was creatsed before initialization
was complete. This was apparently triggered by the MobileFrontend
extension under some circumstances. Check with Addshore and Catrope.
Change-Id: Ie06782ffb96e675c0aa55dc26fb8f22037e8517d
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* forking processes
* integration tests (which must of the existing phpunit tests are)
Depends-On: I5d638ad415fc3840186a0beaa09ac02ea688539b
Change-Id: Ie98bf5af59208f186dba59a9e971c72ea0b63e69
Remove "\\" in namespacing. This is a Doxygen compatibility hack but
does not seem needed anymore, Doxygen reads namespaced class names
correctly, see e.g. https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Services_1_1ServiceContainer.html
PHP IDEs, on the other hand, were broken by the double backslash.
As an unrelated small doc fix, add parameter docs to PermissionError
constructor (parent has different arguments so the inherited
documentation is wrong).
Change-Id: I6da0f512b8c84f65fd20e90e4617108fe6a8fcd2
In the age when we require PHP 5.5, pretending that mbstring emulation
is not slow and silly is silly.
Bug: T129435
Change-Id: Ic8235c9da9a926df63ec7388900c44eab454eebe
I searched for /\$(\S+) = (.+?\(.*?\);)\n.*?\$\1\[/, ignored
everything involving isset(), unset() or array assigments, then
skimmed through the remaining results and changed things where they
made sense. These changes were not automated, so please review them.
Change-Id: Ib37b4c66fc57648470f151ad412210b3629c2538
MediaWiki 1.27 only supports PHP 5.5.9 and above, therefore
it is no more necessary to check that the running PHP version
is equal to or greater than 5.4.0.
Change-Id: I819c625e173cbf2a54ef614d742fe01f70be8efc
When an entry point specifies MW_NO_SESSION, actually enforce that by
having both SessionManager and PHP's session handling (session_start()
and friends) throw exceptions.
If an entry point needs the old behavior of using PHP's default session
handling (as defined in php.ini), it should define
MW_NO_SESSION_HANDLER instead of or in addition to MW_NO_SESSION.
This also makes PHPSessionHandler be installed in CLI mode, where it
wasn't installed before.
Bug: T127233
Change-Id: I2a3db06ee8e44a044096c57a819b5fd5e51c5c5c
The feature no longer exists starting in PHP 5.4.0, and MediaWiki
now only supports PHP 5.5.9 or newer.
Change-Id: I3f2d1b564c50f0a28ec1ec0abd7d1b242e26953b
Follow up to 7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.
session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic
headers.
Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
The only use of the return value of count() is, to check, if the array is empty or
not. This can be done in an easier way and a bit more performant, especially for
large arrays.
Change-Id: If119ead9230ba1783b8c853c18c379f174910e51
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
