get_debug_type() does the same thing but better (spelling type names
in the same way as in type declarations, and including names of
object classes and resource types). It was added in PHP 8, but the
symfony/polyfill-php80 package provides it while we still support 7.4.
Also remove uses of get_class() and get_resource_type() where the new
method already provides the same information.
For reference:
https://www.php.net/manual/en/function.get-debug-type.phphttps://www.php.net/manual/en/function.gettype.php
To keep this safe and simple to review, I'm only changing cases where
the type is immediately used in an exception message.
Change-Id: I325efcddcb58be63b1592b9c20ac0845393c15e2
This reverts commit 890558f1fa.
This restores Id584208d9b67d877606a0add1d71c9b1784cdb1b with some fixes.
Bug: T323786
Bug: T352742
Change-Id: Ib31c451ddd75b06c95a544c8a3d2a64b32264126
This is only enabled in development mode for now.
It's intended as a baseline for further development,
the feature is not ready for production.
Bug: T323786
Change-Id: Id584208d9b67d877606a0add1d71c9b1784cdb1b
Co-authored-by: Atieno <pnjira@wikimedia.org>
Introduced in I5e04824d6fa6a4c36ce489850bb0ed7b4ac588f9 but was
never used. Also, it's private so we can removed without deprecation.
Change-Id: If7bf34879765aa7d49bfe1055e2478bf0473cdfc
When a LocalizedHttpException is created with a DataMessageValue,
show the error code to clients (named 'errorKey' to avoid confusion
with the HTTP error code) so it's easier for them to gather
debugging data, have specific handling for certain errors etc.
For plain MessageValue, use the message key for lack of a better
option.
This is roughly identical to how error handling in the Action API
works.
Also tighten up HttpException's $errorData / getData() parameter
to be strictly an array - it doesn't make any sense to pass null
for data. Technically this is a B/C break but passing null is an
exceedingly unlikely usage pattern, and there is no instance of
it in codesearch.
Change-Id: I3626febed6a0402361a461d96942a863fa230ed0
This reverts parts of I8520d8cb16 and Ib941c22d6b7e.
The documentation of ShowExceptionDetails, as well as all other
uses of it (e.g. MWExeceptionRenderer for index.php, API, and
ResourceLoader) take it to mean to hide both exception message and
details.
This is why MWExceptionHandler didn't have, and didn't need,
the added complexity of this as a parameter as this method
simply wouldn't be called at all in that case.
* Rename the method added in I8520d8cb16 to match the one
in MWExceptionRenderer.
* Update REST handling to now print any exception details
when it is true.
* Remove the now-unused code introduced in Ib941c22d6b7e.
Change-Id: I1a9920dea0bafe315a20489efbe46ea9b55b0f74
So far, $wgLogExceptionBacktrace was used to control backtraces in JSON error responses,
which should control stack traces in logs, not in information sent to
the client. With this patch $wgShowExceptionDetails is used to control
whether backtraces are sent to the client.
Change-Id: I8520d8cb16546f472ed135ffd76be2ec99fde3ff
In PHP 8.1 the default $flags argument to htmlspecialchars() has changed
from ENT_COMPAT to ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401. This
breaks some tests.
I changed all the calls that break unit tests, and some others
based on a quick code review. A lot of callers just use the default for
convenience, and were already over-quoting, so the default should still
be good enough for them.
Change-Id: Ie9fbeae6f0417c6cf29dceaf429243a135f9fecb
ResponseFactory::createFromException already had support for arbitrary
exceptions, but Router was so far only using it for HttpExceptions,
leaving other kinds of exceptions uncaught.
In addition to catching all exceptions and generating an appropriate
JSON response for them, this patch introduces the ErrorReporter
interface, with an MWErrorReporter implementation which calls
MWExceptionHandler::rollbackMasterChangesAndLog(). This is how uncaught
errors are handled for requests coming in via api.php, so it seems
appropriate to use the same approach for requests coming in via
rest.php.
Bug: T285984
Change-Id: I0605a7693821ef58fac80ab67f51a742556a37fd
Most of the time this is due to garbage user input, and MediaWiki's
normal handling of user input strings is to normalize them, not to
throw.
There are some hypothetical cases where a developer might want to see an
exception, rather than passing garbage to the client and letting the
client fail, but normalization is a defensible policy and works within
the existing interfaces.
Bug: T289597
Change-Id: Ida5ee72c10d1c3499b5b17594c5675db7cd38335
Allow a greater variety of status codes to be handled by
HttpException, including 204 and 304 ("no content" and "not modified")
as well as 301, 302, 303, 304, and 307 (redirects, via a new
RedirectException subclass). This allows for a greater variety of
"exceptional conditions" to be handled by throwing, avoiding the need
for checking error codes all the way up a deeply nested call stack.
For cases which still aren't covered, we allow wrapping a full
Response object as an exception. This allows the same basic exception
mechanism to be used, even if sometimes you need a custom status code
or custom headers.
See I800a3fe5160a9d7fc3fddbb445ec61cc5390b14f for a sample use case
from the Parsoid REST handler implementation.
Bug: T260959
Change-Id: I5a00ba8fbc90aa266a6d77f15e8e398be5463ff4
PHP 7.0 makes many error conditions throw instances of the new Error class
which does not extend the known Exception.
The Throwable interface provides a concise and type-safe way of handling
either, e.g. for logging purposes, but HHVM did not support it, requiring
tedious fallback checks.
This commit replaces occurrences of Exception in code paths equally
covered by Throwable, like Exception|Throwable parameter and return types
(also nullable), instanceof guards, duplicated `catch` blocks, as well as
related comments and documentation blocks, with the exception of $previous
parameter descriptions consistent with the manual at
https://www.php.net/manual/en/exception.construct.php
Proper type declarations have been added or reinstated where possible.
Change-Id: I5d3920d3cc66936a350314e2f19c4f6faeffd7c0
* Add ResponseFactory::createLocalizedHttpError(), which generates a
JSON response body from a MessageValue
* ResponseFactory::__construct() accepts an array of TextFormatter
objects. For ease of testing, the array may be empty. The integrated
ResponseFactory has a TextFormatter for English, and one for
$wgContLang if that is different.
* Use createLocalizedHttpError() to show helpful error messages for
errors generated by Router.
Change-Id: I897a0aee42227916c568333ab384966f1b87f599
Parameter validation is based on parameter definitions like those in the
Action API, using the new ParamValidator library. Handlers should use
the provided Handler methods to access parameters rather than fetching
them directly from the RequestInterface.
Body validation allows the handler to have the (non-form-data) body of a
request parsed and validated. The only validator included in this patch
ignores the body entirely; future patches may implement validation for
JSON bodies based on JSON schemas, or the like.
Bug: T223239
Change-Id: I3c37ea2b432840514b6bff90007c8403989225d5
Needed to match existing Parsoid behavior.
Also fixes redirect factory methods mistaking claiming to support
relative URLs. Most clients accept a relative URL in the Location
header, but the spec requires an absolute one, so better say that.
Change-Id: I03f5e776f7629eff6440698655277d8cd01e4a15
* Factor out json_encode() call into ResponseFactory::encodeJson().
* Add createJson() and standardize on JSON for 4xx and 5xx responses
* Add methods for redirect generation, providing an HTML link in the
body as recommended by RFC 7231
Most of the code was written by Gergő Tisza. The differences compared to
I747e34faecbcd are:
* Remove JsonResponse.
* Swap parameter order of createJson() reflecting the fact that the
value is now usually provided.
* Remove unnecessary ResponseFactory::setStatus()
* Don't do ['code' => 'http500'] by default, use httpCode and httpReason
to provide that information
* In createFromReturnValue(), don't wrap numerically-indexed arrays.
* Added tests.
Bug: T223240
Change-Id: Ie185b2bd43690633f1ccbe6328a0518e43a9f2f9
Add some of the basic REST API class hierarchies:
* EntryPoint
* Router
* Request
* Response
* Handler
The actual entry point file rest.php has been moved to a separate
commit, so this is just an unused library and service.
Bug: T221177
Change-Id: Ifca6bcb8a304e8e8b7f52b79c607bdcebf805cd1
