MWCryptHKDF was added ten years ago (in af66c04d39), and as far as
I can tell, it was never used anywhere. It seems unlikely that CryptHKDF
will be used in the future, at least in its current form, for several
reasons:
* PHP 7.1.2+ has hash_hkdf(), so HKDF() would not be needed.
* At the time MWCryptHKDF was created, access to a CSPRNG was dependent
on server configuration: operating system, enabled PHP extensions,
open_basedir, etc. The "clock drift" RNG used as a last resort was not
considered to be secure or fast enough for generating large amounts of
output.[1] random_bytes(), added in PHP 7, changed the situation.
* Depleting the input pool of Linux's RNG is no longer a concern; there
is no more blocking output pool for /dev/random.[2][3] In 2022, this
change and others, including some that improved performance,[4] were
backported to stable kernels as old as 4.9.[5]
* $wgAuthenticationTokenVersion obviated the primary use case of
quickly resetting the user_token field for all users, assuming all
the existing tokens are unique.
* CryptHKDF seems to perform much slower than random_bytes(), at least
on Linux, making it pointless to use given that the other reasons for
its existence no longer apply.
[1]: https://bots.wmflabs.org/logs/%23mediawiki-core/20161004.txt
[2]: https://lwn.net/Articles/808575/
[3]: https://lore.kernel.org/all/cover.1577088521.git.luto@kernel.org/
[4]: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
[5]: https://lore.kernel.org/all/Yo3pmh9hiUFtQz77@zx2c4.com/T/
Change-Id: I29136fad826341d21728671aa30285d5551f1162
Implicitly marking parameter $... as nullable is deprecated in php8.4,
the explicit nullable type must be used instead
Created with autofix from Ide15839e98a6229c22584d1c1c88c690982e1d7a
Break one long line in SpecialPage.php
Bug: T376276
Change-Id: I807257b2ba1ab2744ab74d9572c9c3d3ac2a968e
Callers should not catch an unchecked exception, so it doesn't belong
in a function signature. Unchecked exceptions indicate a coding error,
which by definition the code will not be able to handle correctly.
If any of these exceptions were supposed to be in response to an edge
case, user input, or initial conditions, then they should be changed
to a runtime error. If the exception class cannot be changed, then
the annotation should include a comment explaining its purpose and
prognosis.
Bug: T240672
Change-Id: I2e640b9737cb68090a8e1cb70067d1b74037d647
Add doc-typehints to class properties found by the PropertyDocumentation
sniff to improve the documentation.
Once the sniff is enabled it avoids that new code is missing type
declarations. This is focused on documentation and does not change code.
Improve a mixed type to string
Change-Id: Id994553eaeac181775ac782423ff53928ad45466
Unused since addition of class property in 6906724935 (r100779)
Unused since dynamic creation in 0a21e2de12 (r82783)
Change-Id: I72c7dab67ef12d229fb232311e404467260d742d
This touches various production classes and maintenance scripts.
The code should do the exact same as before. The main benefit is that
the syntax avoids any repetition.
Change-Id: I5c552125469f4d7fb5b0fe494d198951b05eb35f
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
Changes to the use statements done automatically via script
Addition of missing use statement done manually
Change-Id: Ic4d4dd61de5ab896fb6173eb579c81f164a1e4a3
In PHP 8, but not in PHP 7.4, every class with a __toString() function
implicitly implements the Stringable interface. Therefore, the
behavior of checks like "instanceof Stringable" differs between these
PHP versions when such classes are involved. Make every such class
implement the interface so that the behavior will be consistent.
The PHP 7.4 fallback for the Stringable interface is provided by
symfony/polyfill-php80.
Change-Id: I3f0330c2555c7d3bf99b654ed3c0b0303e257ea1
This patch introduces a namespace declaration for the
Wikimedia\FileBackend to FileBackend and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Id897687b1d679fd7d179e3a32e617aae10ebff33
This patch introduces a namespace declaration for the
MediaWiki\Json to FormatJson and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: I5e1311e4eb7a878a7db319b725ae262f40671c32
This cases cannot benefit from the SelectQueryBuilder as each argument
get processed by hooks with fix signature or coming from abstract
functions providing the arguments separate.
Bug: T344971
Change-Id: I6490caae3984efaae81bd2583220a7dd1c3b371d
Fix the real issues found by this sniff, and convert the remaining
false positive ignores to per-line ignores so that any more real issues
won't be added.
Change-Id: I18e75d59df327e2d93a3a487c115e92b9f268722
On my Windows machine, I was getting the following Phan warning:
includes\utils\GitInfo.php:159 UnusedPluginSuppression
Plugin BuiltinSuppressionPlugin suppresses issue
PhanPluginDuplicateArrayKey on this line but this
suppression is unused or suppressed elsewhere
Indeed, this isn't a PhanPluginDuplicateArrayKey issue on Windows,
since DIRECTORY_SEPARATOR is `\`; but it is a legitimate warning
on other systems where DIRECTORY_SEPARATOR is `/`.
Refactor the code slightly so as to not create an array with
potentially duplicate keys.
Change-Id: I4be38aa9fefde26d58139d74a85359961229baec
* Switch out raw Exceptions, mostly for InvalidArgumentExceptions.
* Fake exceptions triggered to give Monolog a backtrace are for
some reason "traditionally" RuntimeExceptions, instead, so we
continue to use that pattern in remaining locations.
* Just entirely give up on PostgresResultWrapper's resource vs. object mess.
* Drop now-unneeded false positive hits.
Change-Id: Id183ab60994cd9c6dc80401d4ce4de0ddf2b3da0
This makes the code quit a bit more readable, I believe.
strpos is especially confusing because it can return false when a
string doesn't contain the needle, as well as 0 when the string
starts with the needle. This is sometimes used as a feature (i.e. to
check if a string contains the needle, but doesn't start with it),
but that's not the case here.
A slightly more complicated change is made in TitleTest. But this is
only in a test and should verify itself when the test still succeeds.
Change-Id: I355ad1dc8e1725ae7a1eb652ec047ce7ff589cdf
Some less trivial cases. Also update variable names.
This doesn't really change anything, but I hope it helps promote
getConnectionProvider() as the common way to do this.
Follow-up to 8604c384f6.
Change-Id: I6657d783375fac5c7fa856b884ff1fb09285e94c
Helps bot operators adhere to the principle of least privileges.
Grants can now be restricted to allow editing (and other write
operations) for upto 25 listed pages. The page IDs are persisted within
the bp_restrictions field of bot_passwords table, and in the session
metadata.
This restriction is checked only as part of expensive checks in
PermissionManager, since they are not applicable for UI actions.
Bug: T349957
Change-Id: I3d228eb97664d040a160c5b742d9176fdfae9a43
Earlier, loadDataFromRequest() returned MWRestrictions object only in
case of valid input, and the original string if invalid. Now, an
MWRestrictions object is returned in all cases, on which we now have a
validity field. This also de-duplicates the check to find the invalid IP
address(es).
Bug: T349957
Change-Id: Iadb762b572cf0e7d2b92dbc4912804a3ddb48e74
* Avoid calling the SpecialPage code directly in e.g. an API module.
* Remove unused method "getGitCurrentBranch" on internal class
without deprecation.
* Mark "getGitHeadSha1" as hard-deprecation first, as there are
(unfortunately) two direct callers in Codesearch.
* Reduce indirection of non-configurable $IP and $wgBaseDirectory
variables in favour of MW_INSTALL_PATH or GitInfo::repo().
* Move potentially duplicate brief and ingroup from file doc
to class doc. See also
<https://gerrit.wikimedia.org/r/q/message:ingroup+owner:Krinkle>
Add example of LocalSettings.php use case, based on the
original 36b1172147 (I2a76662bb4) commit message.
* Remove use of AtEase (T253461).
* Fix potential Windows bug where only backslash was replaced, since
that is the canonical path separator, but for this use case, regular
slash should (also) be substituted since most contexts on Windows
nowadays support that as well, e.g. \foo/bar and \foo\bar are
equivalent on Windows.
Change-Id: Ib2c89461edc358404544e4236a7a2dc5699b8d4e
Instead of replacing 1 character at a time the functions used here
can replace sequences of any length. This can dramatically reduce the
function call overhead.
Also make use of the `fn ()` syntax because we can.
Change-Id: I2dbc2271aa7847d9b687703f837cb0d850596ef0
This hack was originally added to wfParseUrl
as a fix for T10324 specifically for LinkFilter,
however according to the RFC 3986 this is wrong.
RFC defines that in URLs the authority component
must start with //, so in urls without //, e.g. news:
or mailto: there is no authority component, and thus
no host component, everything after : is actually a path,
so default PHP parse_url is correct.
RFC even has an example:
> For example, the URI <mailto:fred@example.com>
has a path of "fred@example.com".
It's fairly ugly to just copy-paste the hack
into LinkFilter, but I didn't find an easy and
elegant way to rewrite it without making any
changes to the link indexes values stored in the DB.
See https://datatracker.ietf.org/doc/html/rfc3986
Co-Authored-by: 沈澄心 <dringsim@qq.com>
Change-Id: I3dd04495db9c7a66f62c3914c0eff06754b7d560
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
Follows-up 472a914c63 (I706ef8a50aafb51), which moved various
functions here en-mass, but these two don't require any state.
The warnings about parse_url() in UrlUtils.php have been obsolete
since about PHP 5.4, when it started to support protocol-relative
URLs, non-slash protocols like "mailto", and deal with spaces/newlines
correctly (https://3v4l.org/YWUkl).
Rather than complicate many components that would otherwise remain
stateless and unit-testable, fix these to once again be the static
functions they were.
For impact, see upto PS17 of change I5117eab95f57297eb02bed.
Bug: T227900
Change-Id: Ifb3f720fc429b107348644c98eb9cd8e1113a42a
