This helps phan to detect unreachable code and also impossible types
after the functions.
It helps phan to avoid false positives for array keys
when the keys are checked before
Bug: T240141
Change-Id: I895f70e82b3053a46cd44135b15437e6f82a07b2
Defining functions conditionally seems to break preloading
functionality, as the function is tried to be redeclared.
Bug: T240775
Change-Id: I7d1df9f13927f0a7af33f9ee955b0ed8dc47a359
It was suggested this header be renamed to be consistent with the
infrastructure header added in T91820. We have to explicitly
allow the REST API to use this header in the WebStart sanity check.
Bug: T91820
Bug: T259685
Followup-To: b75ac3953e
Change-Id: I0c4ec63bb26641b237c92dbd3bc5367811ca0675
I've moved the simple config expansions that don't depend on anything
else in Setup.php together, more compactly.
Change-Id: Iefb7f8ffdca70bcfbf7cbf49f7939747c5ab0d76
Turn this into a doc group, and let the descriptions come
directly from the files in question. This makes the list easier
to maintain, and alsom means that the overview page becomes
discoverable whenever one is looking at the entry point file
as well. Previously the doc page pointed to the entry points,
but not the other way around. This is also fixed.
Bug: T244294
Change-Id: I891c5a37e17592edc1136d7367949927121c8bc8
Make the code easier to reason about by not involving global state from
LBFactory, RequestContext, SessionManager, and User.
Bug: T189966
Change-Id: I88d2bf58ebd481009ce295335d730a34dbb277fb
Follows-up 26c2d03c17, 41d1fa1c3a and r11547 (c7f363f886).
Also add references to the relevant tasks about why the check
exists.
Bug: T189966
Change-Id: Ic1f0c79a1b5638bb30351a0cab55699931d1fded
This seems redundant given it is unconditionally being set
two statements later. Probably a left-over from r36353 (c6b902f180),
which did an unset() because there was another variable called
$preIP, and the original would no longer be needed.
However, we currently only use one variable ($IP) and there's no
need to unset() it before setting.
Bug: T189966
Change-Id: I17d516709beabeb80bd72b37f70ac9b666a501d4
* Convert OutputHandler.php from global functions to a class.
- wfOutputHandler → OutputHandler::handle
(no alias, no usage outside core)
- wfGzipHandler → OutputHandler::handleGzip
(private, no usage outside class)
- wfRequestExtension → OutputHandler::findUriExtension
(private, no usage outside class)
- wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy
(private, no usage outside class)
- wfDoContentLength → OutputHandler::emitContentLength
(private, no usage outside class)
- wfHtmlValidationHandler → OutputHandler::validateAllHtml
(private, no usage outside class)
* Add the class to autoload.php for exposure outside WebStart.
Specifically, for use in ApiFormatPhpTest. This also removes the
need to manually load the class because this code runs after
Setup.php loads AutoLoader.php.
Bug: T189966
Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
When installing MediaWiki in a sub directory of document root,
and including it from an /index.php file in the document root,
MediaWiki succesfully includes WebStart from index.php, but
WebStart.php fails to include Setup.php.
For example, MediaWiki installation at /var/www/mediawiki with the
following file at /var/www/index.php.
```
<?php
require __DIR__ . '/mediawiki/index.php';
```
Failure:
> Fatal error:
> require_once(): Failed opening required '/var/www/includes/Setup.php'
> (include_path='.:/usr/local/lib/php') in
> /var/www/mediawiki/includes/WebStart.php on line 97
>
> Stack trace:
> 1. {main}() /var/www/index.php:0
> 2. require() /var/www/index.php:3
> 3. require() /var/www/mediawiki/index.php:40
Bug: T153882
Change-Id: Icd8cfa580ce1c22bc3bf177570a9f4a940d2427c
Follows-up 41ea7e2fef.
The following previously happened between PreConfigSetup and Setup
and must now happen either before it, after it, or moved inside it.
* WebStart: Detect missing composer.
This must be after Autoloader/Vendor but before the first call to
wfDebugLog (or other loggers) so that we can output a more descriptive
error instead of a generic "Unknown class" fatal error.
Moving it to before Setup is too early, and after is too late.
Move it to within Setup.php and make it work in CLI mode.
* WebStart: Install header callback
Moving it to before Setup is too early, and after is too late.
Move it to within Setup.php (no-op in CLI mode).
* WebStart/Maintenance: Load LocalSetings.
Must be between PreConfigSetup and Setup.
Move to Setup.php to maintain execution order.
Utilise MW_CONFIG_File for custom handling in Maintenance.php.
* WebStart: Initialise output buffering
Utilise (new) MW_SETUP_CALLBACK hook.
* WebStart: Display NoLocalSettings.php
Utilise MW_CONFIG_CALLBACK hook.
* Maintenance: Setting $wgLocalisationCacheConf, calling Maintenance::finalSetup.
Utilise (new) MW_SETUP_CALLBACK hook.
Change-Id: I633a6ff235b4275391c48034c0525d2fbfa3fecd
Introduce PreConfigSetup.php, which is common file-scope code run before
LocalSettings.php.
I'm not maintaining autoload.ide.php since it supports closed source
software which I don't have, and it apparently needs significant work to
make it not be weird and hacky.
Change-Id: I44ac69b6b00a51d015546b9766d89d1c59749334
The doc comment did not reflect the removal of MW_NO_SETUP in
edc9edbc76, or the fact that Setup.php no longer loads
AutoLoader.php or GlobalFunctions.php.
Change-Id: I19a12fd83e369828b9e08176ddf3bfca16aae465
Install the backtrace collector very early, so that we can get the
backtrace even if headers were sent from LocalSettings.php.
Bug: T157392
Change-Id: I9bc732b34481c95afb5362e135a87bd4302498e2
It's unreasonable to expect newbies to know that "bug 12345" means "Task T14345"
except where it doesn't, so let's just standardise on the real numbers.
Change-Id: I6f59febaf8fc96e80f8cfc11f4356283f461142a
This protection is in place for a single extension, Maintenance.
Said extension is probably broken anyway and has been for quite
some time.
Plus, it doesn't even really work like it would intend, the extension
uses special pages and this is a require_once, so a subsequent
request to WebStart.php (which isn't even called by extensions)
wouldn't re-require it.
tldr: This is pointless
Change-Id: I22e7418d2b46c00d4009c370c24ac4b8bc43190a
The installer already checks for this, let's also catch the case when
someone enables this after installation.
Bug: T122807
Change-Id: Ieddbc932f482d52da1688d472f494074c81124b2
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
* Fix errors spotted by new release
* Introduce "composer fix", which uses phpcbf to automatically fix some
errors spotted by phpcs.
* Drop $PHPCS_ARGS variable that didn't work on Windows, and add -s flag
* Remove rules from phpcs.xml that are now in MW-CS ruleset.
Change-Id: I13e2155695918c918b67497ac65b85a03897095e
This ensures that, in case "composer install" has not been run,
the user will see the error message about setting up dependencies
(as opposed a plain "Class not found" error because some other
dependency was used first).
Change-Id: Ib6026123770d21cc9f8960a1de361c8178b1b044
This performs sanity check that request *is* for a non-write module.
By handling the validation, the CDN layer can simply use the presence
of this header to route POST requests to the local datacenter.
Without validation, users could cause strange traffic patterns and slow
cross-DC database writes (which can involve many RTTs).
This is useful for AJAX widgets that need to post a payload to get a
response, but that don't actually change anything in the process. They
should be able to use the local datacenter.
Bug: T91820
Change-Id: I34248ddee33033e3d1d86c3391236259d917d4a7
* WMF has has ignore_user_abort() for *all* request in configuration
for many years. This brings this to default MediaWiki for all POST
requests, which are likely to do writes. Of course, some do not,
notably parse requests and previews, since GET cannot carry the
payload. Avoiding data corruption is more important though.
Bug: T102890
Change-Id: I11c8b0d99583a682f756cef9747ec5ba9751c5e3
* Deprecate $wgRequestTime in favor of $_SERVER['REQUEST_TIME_FLOAT'], which is
more accurate. Because $_SERVER['REQUEST_TIME_FLOAT'] is only set for PHP
5.4+, set it to microtime( true ) in WebStart.php for back-compatibility.
* Add a 'requestTime' property to WebRequest objects, set to
$_SERVER['REQUEST_TIME_FLOAT'] for WebRequest or the instance creation time
for FauxRequest instances.
* Use that to provide WebRequest::getElapsedTime(), which gets the time since
the request was initiated.
* In wfLogProfilingData(), get the user and request objects from the context
object rather than from global scope.
Opportunistic clean-up: move the magic quotes check to WebStart.php and make
the error message more helpful.
Change-Id: I7e07e22eaf16b5141b80ad9f843285c542a127b7
The TemplateParser class provides a server-side interface to cachable
dynamically-compiled Mustache templates. It currently uses the
lightncandy library to do compilation (which is already included in
the vendor repo).
Also converting NoLocalSettings.php to use it as a proof-of-concept.
Bug: T379
Change-Id: I28cd13d4d1132bd386e2ae2f4f0d1dd88ad9162b
Introduces wfLoadExtension()/wfLoadSkin() which should be used in
LocalSettings.php rather than require-ing a PHP entry point.
Extensions and skins would add "extension.json" or "skin.json" files
in their root, which contains all the information typically
present in PHP entry point files (classes to autoload, special pages,
API modules, etc.) A full schema can be found at
docs/extension.schema.json, and a script to validate these to the
schema is provided. An additional script is provided to convert
typical PHP entry point files into their JSON equivalents.
The basic flow of loading an extension goes like:
* Get the ExtensionRegistry singleton instance
* ExtensionRegistry takes a filename, reads the file or tries
to get the parsed JSON from APC if possible.
* The JSON is run through a Processor instance,
which registers things with the appropriate
global settings.
* The output of the processor is cached in APC if possible.
* The extension/skin is marked as loaded in the
ExtensionRegistry and a callback function is executed
if one was specified.
For ideal performance, a batch loading method is also provided:
* The absolute path name to the JSON file is queued
in the ExtensionRegistry instance.
* When loadFromQueue() is called, it constructs a hash
unique to the members of the current queue, and sees
if the queue has been cached in APC. If not, it processes
each file individually, and combines the result of each
Processor into one giant array, which is cached in APC.
* The giant array then sets various global settings,
defines constants, and calls callbacks.
To invalidate the cached processed info, by default the mtime
of each JSON file is checked. However that can be slow if you
have a large number of extensions, so you can set $wgExtensionInfoMTime
to the mtime of one file, and `touch` it whenever you update
your extensions.
Change-Id: I7074b65d07c5c7d4e3f1fb0755d74a0b07ed4596
It may have been defined at one time, but now it's just
function overhead to check on every request.
Change-Id: I05963a0e496e0a960a4feb6877a03e67c5a6fc85
- Put Profiler, ProfileSection and TransactionProfiler in their own
files and rely on Autoloader to use them (maintenance has been
using the autoloader here for some time--we don't profile the
autoloader manually)
- This reduces overhead in WebStart/doMaintenance by only loading
three functions at profiler initialization and defers until the
first profiling call happens
- Inline callback functions in ProfilerSimpleText rather than having
public static functions.
- Small comment and code formatting changes in various touched files.
Change-Id: Idf27677c068c50b847152c523a33e7f0c33fdeeb
As of <https://github.com/facebook/hhvm/commit/0f98cab>, it is possible to
call getrusage( [ int $who = 0 ] ) with $who = 2 to request resource usage
info for the current thread (RUSAGE_THERAD), rather than the calling process
(RUSAGE_SELF). (Earlier versions of HHVM return RUSAGE_SELF data unless $who
is 1.)
PHP5 code can assume that each request is handled in a dedicated subprocess,
but the same is not true of HHVM, which is multi-threaded. Therefore, to get
resource usage data for the current request context, it is necessary to ask
for RUSAGE_THREAD rather than RUSAGE_SELF.
To do this, introduce a new global function in Profiler.php: wfGetRusage().
It is defined there and not in GlobalFunctions.php so that it can be used early
in WebStart.php.
Bug: 70227
Change-Id: Ibe9598ecdfc0f6c434f8b3c7a94f06a7b2fcca23
Good idea, but moves things about too much and will break things. Let's revisit and not break things.
This reverts commit 214931ed33.
Change-Id: I6f5026b572105cd9e7d6de12a491c7ee45ac3dbc
register_globals has been deprecated since PHP 5.3, which was released
5 years ago. There's absolutely no reason anyone should have this turned
on, and if they do, well, they probably have bigger issues than this.
Due to changes in WebStart.php, the web installer will now fail to
start, just showing an error message stating that register_globals
must be disabled beforehand.
The command-line installer will display the
"config-register-globals-error" message before exiting.
Change-Id: If951d15293c5f6aa8a92e91fefcb00f04e6c13b3
* Harmonize spacing
* Use // for comments rather than #
* Harmonize call style for 'require', 'include' etc.
* Add missing profileinfo.php5
* Use "./" for path to api.php in api.php5 (to match other php5 files).
* Move documentation related to Setup.php from index.php to WebStart.php
* Remove "Initialise common code." comment in api.php (was already remove
in most entry points)
Change-Id: I8dc4a79fd13cee49e34f250a4039b3666bd42aca
Change check in WebStart to is_readable and output a different
text on NoLocalSettings template, when the file exists.
Bug: 61094
Change-Id: I4dbdb33e468bc731fa1d6eef8e0f66e1d552d0f8
