Taint-check really doesn't like assigning things from $GLOBALS this way,
because it knows that stuff inside $GLOBALS can be tainted (e.g.
$GLOBALS['_GET'], $GLOBALS['_POST']), and since it cannot determine
which key is used in the assignment, it assumes that it's tainted.
As such, the new code patch generates the default values in a separate
method, whose return value is annotated as safe, so taintedness from
$GLOBALS doesn't get into $this->settings.
Also annotate getAcceptLanguage() as untainted, since the raw values
from the HTTP header are matched against a list of known codes.
Change-Id: Ifc44d3703d505962e3b07db7613b5bbf5e448320
This update is not being called in basically any wiki because it skips
when interwiki exists and that table was introduced in 1.2 (we don't
support direct upgrade from 1.26 or earlier).
The .sql file is not useful but installers use interwiki.list and that
is useful.
Bug: T272199
Bug: T273080
Change-Id: I0de40b8dc60eb07b9c7ebeb620142f3cdfe5b67b
One of the last ones left.
For MySQL/Sqlite:
- Dropping default of ar_timestamp, empty string is not a valid
timestamp.
- Changing ar_title from "varchar() binary" to varbinary
for Postgres:
- Set default for ar_namespace and ar_title
- Change datatype of ar_comment_id, ar_actor, ar_namespace
The indexes were fixed separately.
Bug: T230428
Bug: T164898
Bug: T42626
Depends-On: I83cf1cd51ac9cf933c9175cefd6e38a6914f3494
Change-Id: Ic1d13a82b27f7fa39a0f0ea9c5b7b193b007e4ab
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
This issue type was globally suppressed in
I849ac4f120fd15b483e8939d4db45c98dc351259 to make reviewer easier.
This adds inline suppressions or @suppress directives on function
docs for false positives, mostly restoring those removed in
I849ac4f120fd15b483e8939d4db45c98dc351259
Bug: T231311
Change-Id: I1b1d814bd907e9d49fcc39f777982936574fc7c6
Taint check checks for possible security issues by tracking html
escaping and more by using phan.
This slows done the phan-job a bit and requires more ram
Keep the DoubleEscaped issues out to make reviewer easier
Adds suppression for false positives
Adds taint-annotation to help taint-check
Removes suppression for code phan now understand better by the tracking
of keys in taint-check
Fix some small issues by adding int cast or htmlspecialchars calls
Bug: T216348
Bug: T268920
Change-Id: I849ac4f120fd15b483e8939d4db45c98dc351259
LoadExtensionSchemaUpdates hook handlers registered in the new
HookContainer style were not executed during install or update, due to
broken special case code which reads from ExtensionRegistry and
$wgHooks. So:
* In Installer, instead of hacking up $wgHooks, construct a special
HookContainer to be used for running LoadExtensionSchemaUpdates. Make
sure it contains new-style hooks.
* Pass the HookContainer from Installer to DatabaseInstaller via a
setter, and then have DatabaseUpdater fetch it using $this->parent.
* Refactor Installer::includeExtensions(), splitting the legacy
parts from the extension.json parts. A lot of weird things are done in
service of loading old-style registration files, which are almost
extinct at this point, so split out that code and only run it if there
is at least one legacy extension. The order in which updates are done
will change.
* The MW_EXTENSIONS_LOADED constant was previously used for global-level
communication between Installer and DatabaseUpdater. Leave it in for
now as a sanity check, but make it clear that it is redundant with the
new HookContainer injection.
* Similarly in DatabaseUpdater::loadExtensions(), construct a custom
HookContainer based on the existing LocalSettings.php.
* Use array_merge() instead of array_merge_recursive() when merging
legacy hooks.
Bug: T266681
Change-Id: I2c41ece04aed11a176559d4364cea2f3320b9574
Language objects contain references to service objects, so they need to
be be discarded when the global service container is reset by calling
MediaWikiServices::resetGlobalInstace(). The Installer class was doing
this correctly in the constructor, however, there where other calls to
resetGlobalInstace() during the installation process that did not
properly reset all language objects, which resulted in incorrect instances
of LocalisationCache being accessed.
This patch introduces the resetMediaWikiServices() method into the
Installer class which can be used to safely reset the service container
during installation.
Bug: T261081
Change-Id: I0ccab2b7fcac6942016430b1df5a1dbeb192f2f6
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: Ie32c1b11b3d16ddfc0c83a757327d449ff80b2e4
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: I5ffbb91882ecce2019ab644839eab5e8fb8a1c5f
For compliance with the new version of the table interface policy
(T255803).
This patch was created by an automated search & replace operation
on the includes/ directory.
Bug: T257789
Change-Id: If560596f5e1e0a3da91afc36e656e7c27f040968
This classes were found by surveying concrete classes derved from base
classes in core.
Bug: T247862
Change-Id: I231752aaad26e2ab3f097301e449b31e723590f0
Also improve the description a bit and explain at a high level
how this code is used, and which classes back those entry points.
Change-Id: Ia69531858e714d0b43a29a7d5b6dcc5c7edd8240
Adding optional $className parameter to provide additional
styling options.
Optional parameter $heading was introduced for MobileFrontend. Therefore
leaving inconsistent parameter order is necessary for the time being.
Bug: T232903
Change-Id: I5857b2c58a47a83156c32f086a73fe2bd48ab0c8
So other developers think that the class property name makes more
sense than the proposed name in the TODO section. In an attempt to
rename it in this patc: Ia9f0cd7d0117f67d2017e, it was rather adviced
to remove the todo and leave the class property name as-is.
Change-Id: I3336b5a6112f098e290f102caac6b04c0b50b076
New installation blocked when checking if the DB exists,
because when select DB, if it fails, it will throw an exception.
So I modify the checking logic to determine if there is an exception
thrown instead of detecting the return value.
Bug: T215566
Change-Id: I6817997434df7adc79fbc1b224b77c0daa8cc11d
This commit moves the call of the DatabaseUpdater::purgeCache
function into a try catch block which ensures
that the error will be displayed nicely.
Bug: T209341
Change-Id: I614444140e29948c41baa30dd557483b63f21a9a
With the introduction of CommentStore, selects from various table
require certain joins or column aliases for proper operation. The
upcoming actor table change, and the suggested title table change, will
add more such requirements.
Change-Id: Ic8213bff74b8350b15cd271d0ef252e63e7e79bd
If MediaWiki has increased the minimum database server version that is
required, check it when running update.php to ensure it is still
compatible. Previously this was only checked during the installer.
Bug: T162044
Change-Id: I47092c9557f4706a4dcb3a23150647e68af4317f
The used phpcs has a bug, so the version 0.9.0 could not be enforced at the moment.
Will be fixed in next version, see T167168
Changed:
- Remove duplicate newline at end of file
- Add space between function and ( for closures
- and -> &&, or -> ||
Change-Id: I4172fb08861729bccd55aecbd07e029e2638d311
It looks like there is something missing after the last statement
Also remove some other empty lines at begin of functions, ifs or loops
while at these files
Change-Id: Ib00b5cfd31ca4dcd0c32ce33754d3c80bae70641
Also add newFromConnection() methods for cleaner looking construction
since the IDatabase is fundamental and required.
Change-Id: Ife478d045cee92a30c91e9004833a557488bd512
(This is part of I6ec374ac9 wich was a re-submit of Ie98bf5af5
which got reverted by Ide7ab563)
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* integration tests (which most of the existing phpunit tests are)
In contrast to I6ec374ac9, this change does not cause singeltons
of legacy services to be reset. It is assumed that legacy services
use global state to access services and configuration, so any
change in confuguration would affect them immediately.
NOTE: the original I6ec374ac9 would cause session information to
get lost if the user session was creatsed before initialization
was complete. This was apparently triggered by the MobileFrontend
extension under some circumstances. Check with Addshore and Catrope.
Change-Id: Ie06782ffb96e675c0aa55dc26fb8f22037e8517d
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* forking processes
* integration tests (which must of the existing phpunit tests are)
Depends-On: I5d638ad415fc3840186a0beaa09ac02ea688539b
Change-Id: Ie98bf5af59208f186dba59a9e971c72ea0b63e69
