Improve maintainability of update-keys.sql by moving the list from an
SQL file to a PHP array in the same file as the updates it is disabling.
It was apparently an SQL file for the convenience of third parties
wishing to install MediaWiki by manually sourcing tables.sql. Support
this use case by adding an option to update.php which inserts the update
keys. Users should source tables-generated.sql and then run
update.php --initial
The array is the same for each DB type, but it's correct for it to have
the same scope as getCoreUpdateList(). Factoring out common parts of
getCoreUpdateList() and this new array is a separate project.
Bug: T167924
Change-Id: I404ee29aadcc2f3f24f78d1111090395129cd021
Why:
* Maintenance scripts in core have bolierplate code that is
added before and after the class to allow directly running
the maintenance script.
* Running the maintenance script directly has been deprecated
since 1.40, so this boilerplate code is only to support a now
deprecated method of running maintenance scripts.
* This code cannot also be marked as covered, due to PHPUnit
not recognising code coverage for files.
* Therefore, it is best to ignore this boilerplate code in code
coverage reports as it cannot be marked as covered and also
is for deprecated code.
What:
* Wrap the boilerplate code (requiring Maintenance.php and then
later defining the maintenance script class and running if the
maintenance script was called directly) with @codeCoverageIgnore
comments.
* Some files use a different boilerplate code, however, these
should also be marked as ignored for coverage for the same
reason that coverage is not properly reported for files.
Bug: T371167
Change-Id: I32f5c6362dfb354149a48ce9c28da9a7fc494f7c
This environment variable is already checked in TestSetup.php for
PHPUnit runs by Quibble, when the job is running for a patch to
the mediawiki/vendor repository.
Right now, Quibble sets this var, but then has to separately pass
`--skip-external-dependencies` to update.php as well.
Remove the need for that by supporting the same environment variable
so that Quibble can set it once for that run, and naturally applies
by any commands where it makes sense.
Bug: T370380
Change-Id: Iad7c8d4be9e81af0a0de11019a98804b232efa8b
Allow Maintenance::error() and Maintenance::fatalError() to take
StatusValue objects. They now print each error message from the
status on a separate line, in English, ignoring on-wiki message
overrides, as wikitext but after parser function expansion.
Thoughts on the previously commonly used methods:
- $status->getMessage( false, false, 'en' )->text()
Almost the same as the new output, but it allows on-wiki message
overrides, and if there is more than one error, it prefixes each
line with a '*' (like a wikitext list).
- $status->getMessage( false, false, 'en' )->plain()
- $status->getWikiText( false, false, 'en' )
As above, but these forms do not expand parser functions
such as {{GENDER:}}.
- print_r( $status->getErrorsArray(), true )
- print_r( $status->getErrors(), true )
These forms output the message keys instead of the message text,
which is not very human-readable.
The error messages are now always printed using error() rather
than output(), which means they go to STDERR rather than STDOUT
and they're printed even with the --quiet flag.
Change-Id: I5b8e7c7ed2a896a1029f58857a478d3f1b4b0589
This commit replaces some of the uses of getErrorsArray(),
getWarningsArray(), getErrorsByType(), and getErrors().
In many cases the code becomes shorter and clearer.
Follow-up to Ibc4ce11594cf36ce7b2495d2636ee080d3443b04.
Change-Id: Id0ebeac26ae62231edb48458dbd2e13ddcbd0a9e
* Change `$services->getDBLoadBalancerFactory()->waitForReplication()`
to `$this->waitForReplication()`
* Change various complicated expressions to `$this->getReplicaDB()`
and `$this->getPrimaryDB()`
* Remove unused variables
Change-Id: Ia857be54938a32bb6288dcdf695a35cd38761c3c
And start using them instead of wfGetDB(), LB/LBF connection methods or
worse, $this->getDB().
$this->getDB() reuses the database object regardless of whether you're
calling a replica or primary, leading to returning a replica on a
primary and other way around.
Bug: T330641
Change-Id: I9e2cf85ca277022284fc26b9f37db57bd12aaa81
Maintenance class provides a method for getting a fresh reference
of the MW services container instance. Let's make use of these in
maintenance scripts now that we have it.
NOTE: There are still some static methods like in refreshLinks.php
that makes use of services that we can't use this method for now.
Change-Id: Idba744057577896fc97c9ecf4724db27542bf01c
It always passed as the checked MySql version 5.7 is always higher as a
MariaDB version.
Distinct also the error message on type.
Bug: T237898
Change-Id: Ie4853e90a7c8ea655feff2b7bd6402d587c08d50
Use str_starts_with, str_ends_with or string offset where appropriate.
This fixes a bug in MimeAnalyzer where the "UTF-16LE" header could not
be identified because of wrong constant. This is the exact type of bug
that the new functions can avoid.
Change-Id: I9f30881e7e895f011db29cf5dcbe43bc4f341062
PHP 7.3 and later require PCRE2 version 10.30 or later. The original
PCRE library is no longer supported, so it is no longer necessary to
check for old versions of it.
The check for Unicode support is also useless. As mentioned in the doc
comment, it does not run early enough in the installation process. (And
unlike the original PCRE, PCRE2 cannot be compiled with UTF-8 support
but without Unicode property support.)
That leaves one remaining PCRE check in the installer, which was added
not long ago in eaa534b189 and clearly is applicable to PCRE2. I
changed the error message to refer specifically to the "PCRE2 library",
as well as to the "--enable-newline-is-any" configure option (rather
than a value that is less likely to appear in package and port build
scripts and that had already been changed for PCRE2).
The --skip-compat-checks option is removed from update.php; the script
no longer performs checks beyond those performed by PHPVersionCheck. It
is possible to run environment checks manually from the command line
using install.php --env-checks.
Change-Id: Iab9a28451cfc9dd28fe3394cc24a7dd7cea3fd7e
While accessing a SettingsBuilder instance via global state should not
be encouraged, we still need it sometimes. So use a static getter
instead of a global variable. That way, we can emit deprecation warnings
when we have proper alternatives available.
Change-Id: I0013bdab474710fd521532dd2653b3789e2ede34
This allows config variables to be declared obsolete. Obsolete config
will be omitted from the schema, defaults, name constants, etc. The
purpose of keeping a declaration of obsolete config around is to allow
the updater to warn admins that they are using a config variable that no
longer has any effect, and provide them with a remedy.
The idea is that support for deprecated config can be removed after one
release per the stable interface policy, but the declaration of
obsolete config should be kept for as long as we support updates,
that is, at least two LTS releases.
See https://www.mediawiki.org/wiki/Topic:X4bh4nf3pe2ho5jj for
discussion.
Change-Id: Ia7a00742ea7a5311e820a6a43b11135a3f2a825f
Per official policy, updates from versions older than two TLS releases
are not supported.
Finding the implicit marker is a bit tricky. The user might try to
upgrade from a really old version that doesn't have tag_summary table
and mistakenly think it's new and allow upgrade. So turning the check
logic into a boolean AND where it must be new enough to have
change_tag_def table AND new enough not to have tag_summary table.
Change-Id: I5ff9630a6539a587a47930847e108ac53757106f
Per official policy, updates from versions older than two TLS releases
are not supported.
We can drop more versions, given that 1.39 is LTS but to ease the
review, let's drop one release per patch
Change-Id: I84bd1d3dbe777909e30710fff5bcb655af9a4261
This adds functionality to SettingsBuilder for collecting warnings to be
logged later, when the logging mechanism has been set up.
This also adds a validation step to update.php that aborts the update
if any warnings have been registered in SettingsBuilder, or the settings
fail to validate against the settings schema.
Change-Id: I387905289fb93591f79b96bf4c6cb5ec692b2aff
The policy allows this and since 1.39 is going to be the next LTS
release, I think it is fine to do this now.
Change-Id: If426e0ee349252ccc0ba9c4222c7d6865ab57fa2
Since the branch cut has happened, we can bump and get rid of legacy
cruft. According to the policy we can go up to 1.31 but let's keep it
that way to avoid major distruptions.
Change-Id: I9d697445a3bb5047726c8b2a7f808edb8403cdda
One exception message contained a trailing dot/space, which I removed
as well, following I935835316c0.
A very small number of exceptions and output() calls contained trailing
space, which I removed for consistency.
Change-Id: I16f48c1a051c452bbef699eb9b7476d83f8821d8
This patch removes the '--nopurge' option which allows disallowing
the purge. The db caches will now be cleared unconditionally if the
update script is run.
The option description is already not quite accurate because of
more cache clearing logic that was incrementally added later without
updating the description.
Bug: T271062
Change-Id: I1d8cad057bc58dfb4042f146023f08417e491b78
Many files were in the autoloader despite having potentially harmful
file-scope code.
* Exclude all CommandLineInc maintenance scripts from the autoloader.
* Introduce "NO_AUTOLOAD" tag which excludes the file containing it
from the autoloader. Use it on CommandLineInc.php and a few
suspicious-looking files without classes in case they are refactored
to add classes in the future.
* Add a test which parses all non-PSR4 class files and confirms that
they do not contain dangerous file-scope code. It's slow (15s) but
its results were enlightening.
* Several maintenance scripts define constants in the file scope,
intending to modify the behaviour of MediaWiki. Either move the
define() to a later setup function, or protect with NO_AUTOLOAD.
* Use require_once consistently with Maintenance.php and
doMaintenance.php, per the original convention which is supposed to
allow one maintenance script to use the class of another maintenance
script. Using require breaks autoloading of these maintenance class
files.
* When Maintenance.php is included, check if MediaWiki has already
started, and if so, return early. Revert the fix for T250003 which
is incompatible with this safety measure. Hopefully it was superseded
by splitting out the class file.
* In runScript.php add a redundant PHP_SAPI check since it does some
things in file-scope code before any other check will be run.
* Change the if(false) class_alias(...) to something more hackish and
more compatible with the new test.
* Some site-related scripts found Maintenance.php in a non-standard way.
Use the standard way.
* fileOpPerfTest.php called error_reporting(). Probably debugging code
left in; removed.
* Moved mediawiki.compress.7z registration from the class file to the
caller.
Change-Id: I1b1be90343a5ab678df6f1b1bdd03319dcf6537f
It caused a 20% latency regression by unconditionally parsing extension.json
files on every single load instead of using the existing caching
infrastructure. There are further problems with the use of parsing/loading
extension.json files in a method that is incompatible with the existing
architecture.
This primarily reverts commit 46eabe275c.
Also needed to revert 16381261ae and 7c72347ec1.
Bug: T258664
Change-Id: I34a783c3f0df0447876a26441bb2d12e02368871
Decouple Installer services
Implement injection class Autoloader and i18n messages from extension.json
Implement extension selector by type
Add i18n message key `version-database`
Extensions for testing:
- https://github.com/MWStake/PerconaDB - real Percona extension
- https://github.com/killev/mediawiki-dbext2 - fake extension for test
Bug: T226857, T255151
Change-Id: I9ec8a18ad19283f6be67ac000110ac370afc0815
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
We're now requiring PHPUnit 8.5+, which is not vulnerable. In theory,
this should guarantee that the vulnerable file is absent.
However, I'm not opposed to holding for a MW version or two.
Referencing original bug for completeness:
Bug: T180231
Change-Id: Ibfe28e22abab0fe3bb655bdef1f237a4d42b0bb2
This bug was fixed over 10 years ago and is impossible to encounter
on modern libxml versions. While libxml versions might vary slightly
for the same PHP version depending on how it's built, this gives a
general idea:
https://3v4l.org/Tk27c
Change-Id: I669abb3543180e6edd090297fcfcb811aa833b57
The following function are set to public in the parent class and cannot
have another visibility in subclasses
Maintenance::__construct
Maintenance::execute
Maintenance::getDbType
Maintenance::validateParamsAndArgs
Maintenance::setDB
Change-Id: I0cd6514642d479aca20f1221bf673b0713c21631
