* Use ->parse() instead of ->text() for wikitext messages that were
being treated as HTML
* Explicitly specify ->parse() if no output format was set
* Document that wfThumbError() takes HTML
Bug: T76686
Change-Id: Id6e7548b2e081cfda7803772ed0395a15feb1f84
- use tab as indent instead of spaces
- Added space after closures "function"
- Added spaces around string_concat
- Added newline inside empty blocks
- Removed four spaces after comma
Change-Id: I4425b0c6a69b36f40acfea6511b8950cf09ce2b2
Follows-up 5ca94d2d26.
In thumb.php an undefined variable ($width) was used, triggering
fatal errors while processing requests that were passing thumbnail
width with px (pixel) suffix.
Change-Id: I2dc4f4d2979f8225d2a6211ec50cdc79438539a9
Otherwise if there is a broken file, and somebody fixes the file,
it could take an hour before thumbs are generated again. This
might confuse the user, and they may revert back to the broken
version thinking their fix didn't work.
Originally reported by Fae on wiki.
Change-Id: I024702391e5f7ccf10a406a29485601f64069405
Depends on Ic62984e0f4a761642b2bdd1bfa362301ed94c284
and If40e223c328ddd15310d13f2a49000bf6e08200e
Bug: 65691
Change-Id: Ic737673b5a31974d866b9bf5afa4b4036baa03bb
A large percentage (40-50%) of the 500s that are emitted in production
are for a single URL,
https://commons.wikimedia.org/w/thumb.php?f=Crystal_Clear_action_viewmag.png&width=21px
The reason this fails is because thumb.php expects width to be "21", not
"21px", and it currently tries to fetch (and generate) the "21pxpx"
thumb size, which is obviously an invalid size. (an invalid size
shouldn't result in a 5xx but rather to a 4xx. though; that's a separate
bug that needs to be fixed).
This URL is embedded by a gadget, Gadget-searchbox-js, that is copied in
a lot of our wikis, including a big one, frwiki. mwgrep reveals that
there are a bunch of other URLs in various Gadgets that have width
values with "px" in them, so this presumably worked at some point in the
past.
While we could in theory fix all those URLs in these dozens of gadgets
across wikis to not suffix width with "px", this sounds like a herculean
effort and we're probably better off adding this compatibility branch to
thumb.php that strips the "px" suffix, if existent.
Change-Id: I3a00c9634b1c6af49fb8503cc3ff4cafdaff6b43
* Generally, either the height or width is used for each description page
link when using $wgImageLimits. This depends on the $wgImageLimits values
and the file dimensions. Description page links should better pass the
wfThumbIsStandard() method now, and thus have weaker rate-limiting.
Change-Id: Id1c3b0fc57f8ed3c14929a1a1661842a069b805d
* Now thumbnails with default lossy/lossless values will still count as "standard",
for example. This makes use of the file media handler.
Change-Id: Ia69301dfbf85bb26a17f8eee0939d690021343ec
* This can limit how many workers work on a given file at once,
regardless of which specific thumbnail parameters are requested.
* Also added a BagOStuff::incrWithInit() method per DRY.
* Tweaked the register_shutdown_function() callback to avoid
File/MediaTransformOutput references, since they may involve
TempFSFile objects.
Change-Id: Ic01461cb974ab23b179ac3b60cf6de12e36360f6
* Specifically check isDeleted() instead of relying on the file
being moved to the deleted zone alone.
* Made img_auth.php skip some unnecessary checks for public wikis.
Also made it set the private cache control headers only if needed.
Change-Id: If82589acd53c02943d5f3bbafd29381fd63f8f68
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Change-Id: I8c9f30128b46086064326708a4878228ba459447
This parameter triggers Content-Disposition: Attachment which
makes the browser download the image instead of displaying it.
This is needed by Media Viewer to allow users to click a button in
order to download an image at a given resolution or the original.
Change-Id: I470a24a09139ac65588312104995e34d97a89b0f
This should fix most of the "No width specified" exceptions. I guess
most of this code will be rewritten to fix bug 56926, superseding this
patch, but I thought this might be a useful stopgap.
Bug: 56924
Change-Id: I5bcaaafc81e1e2a8a33819fa64790d5509dc6aa6
Return type of $handler->parseParamString() wasn't evaluated,
instead $handler value was compared again
Bug: 55437
Change-Id: Iedb940d9f1ad4d137b9732e7e624e55d05bc2c96
Only added if $wgShowHostnames is on. Adding the host name as a
header makes it much easier when debugging with command line tools,
since one often throws away the response body. This still keeps
the host name in an html comment in the response body as well,
like it was previously.
Change-Id: I9d15bd5e2abb4e7a8d3fe2a17fc546a1c5f3b70f
Use MediaHandler::parseParamString to parse the parameter string
of a thumbnail. This seems to make much more sense given the
design of the Handler class. Also mark ExtractThumbParameters hook
as deprecated.
This should be reviewed by someone familar with the 404 thumbnailing
infrastructure. I'm unclear if there was a reason for why it wasn't
using MediaHandler::parseParamString in the first place.
Bug: 49629
Change-Id: I43a0e7d6f0e45536e4e24b72140157791f5f027f
See bug 22390 for some of the background. Basically there's two
reasons why we want this:
* Hotlinkers to commons. We don't want to break their links when
we move a file (Wikimedia blog is a prominent hotlinker)
* Cached entires. On wikis using commons files, a file move doesn't
trigger HTMLCacheUpdate jobs for the downstream wiki (it only
triggers it on commons). This means that these pages will still
use the old version of the html (with img tags that have the old
url) until the next edit or purge action. But these urls won't
work as soon as the file is moved.
I'm pretty confident that redirects will work at this point
in the thumb stack, as the redirects for long file names work
fine (provided no thumb exists in swift with the wrong name).
Change-Id: I40350121cf902f66fcbd3cf788335a988fa7ee33
Squiz.WhiteSpace.LanguageConstructSpacing:
Language constructs must be followed by a single space;
expected "require_once expression" but found
"require_once(expression)"
It is a keyword (e.g. like `new`, `return` and `print`). As
such the parentheses don't make sense.
Per our code conventions, we use a space after keywords like
these. We appeared to have an unwritten exception for `require`
that doesn't make sense. About 60% of require/include usage
was missing the space and/or had superfluous parentheses.
It is as silly as print("foo") or return("foo"), it works
because keywords have no significance for whitespace between
it and the expression that follows, and since experessions can
be wrapped in parentheses for clarity (e.g. when doing string
concatenation or mathematical operations) the parenthesis
before and after basiclaly just ignored.
Change-Id: I2df2f80b8123714bea7e0771bf94b51ad5bb4b87
hphpc has been superseded by hhvm, so support for hphpc is no longer
needed.
* Continue to use Preprocessor_Hash under HipHop since it is still
faster under hhvm
* Keep $wgCompiledFiles for now, so that wikihiero doesn't give an error
before Ic9d1e795 is merged
* Migrate the run-server script and associated configuration file to
hhvm. Enable EnableStaticContentFromDisk since it doesn't seem
ridiculously inefficient at first glance. Run from $IP rather than
$IP/.. since hhvm is apparently not picky about sourcing files from
outside of the current directory.
Change-Id: Ic3e769f1fbad4f7ad26dd819406796fee48c6b45
* Using $_REQUEST is bad since cookie data is also in there.
* Also made a few tiny code cleanups.
Change-Id: Ib7064b95a2788484d05cf457034fe1d5be298bc4
* Made thumb_handler.php "just work" in a way similar to img_auth.
It no longer needs any "handlerUrl" setting to be set.
Change-Id: I557ba1f94db3cef0f21f5c0e2b60d8e381ea3f96
ExtractThumbParameters might be able to extract more params but still
match the local regexp. To be able to extract all params, check
ExtractThumbParameters first and only fallback to regexp.
Change-Id: I26efdec1af5fb2bd5e3cc503f36692d12668b2e2
This basically makes the 'rel404' param for temp thumbanils not
start with "/temp" anymore so that they don't count as bogus.
Change-Id: I88c2c50b5372c7b95108d26ba16ddcd91fdb1154
Revert 94f623363b. Apparently all
ReverseChronologicalPager subclasses were broken by the unexplained
interface change in wfArrayToCgi(): changing the interpretation of
null array values from "omit this key" to "include this key with no
value". The function has always been called with the former
interpretation, that's why the special case was in there.
Also reverted dependent changes 4b517fa and part of 3d97704.
Change-Id: I41dadbde5d0e0e4c54cc76bfc13c263c15c73828
We can now do this since we finally switched to PHP 5.3 for MW 1.20 and get rid of the silly dirname(__FILE__) stuff :)
Change-Id: Id9b2c9cd2e678197aa81c78adced5d1d31ff57b1
* Made wfThumbHandle404() handle full REQUEST_URI urls.
* Made wfExtractThumbParams() handle protocal relative zone urls.
* Added FileRepo::getZoneHandlerUrl() and site zone configuration to simplify wmf rewrite rules.
* Renamed some variables to be less misleading.
Change-Id: Ic3e23c2a623c1241ee22a9811aee073fb07aa68c
* Added FileRepo::getTempRepo() to get a temporary repo similiar to the one used in wmf1.19 thumb.php.
* Merged and cleaned up wmf1.19 code into thumb.php to handle temp files and thumbnails.
Change 1: prevent FileRepo::getTempRepo() from being called on the result of FileRepo::getTempRepo().
Change 2: made FileRepo::getTempRepo() account for cases when the 'directory' param is not the empty string.
Change 3:
* Tweaked TempFileRepo to override getTempRepo() to enforce restriction.
* Added FileRepo::getTempHashPath() and used in thumb.php to get the correct path.
Change-Id: I2937b5ffb3ec9a7e2741b42bc28dc76833053fcd
* Moved original URL fetching code and parameter extraction code to thumb.php
* Made use of local repo URL and hash settings to avoid extra config code
* This makes it easy to add hooks for extensions/config to alter behavoir (ExtractThumbParameters hook added)
* Added FileRepo::getHashLevels()
* Thumb handler can now also work without cURL
* Combined related config vars into array config vars
* Folded $thgThumb404File into $thgThumbCallbacks
* Avoided some global pollution
* Added the ability to compile extensions. The build process is bootstrapped by running MediaWiki in interpreted mode. Extension setup file inclusions are slightly modified in a way that makes them register themselves for compilation. Then the same LocalSettings.php uses the compiled extension setup file when the compiled binary runs.
* Tested with Cite and ParserFunctions. The code which lets you have an extensions directory in a place other than $IP/../extensions is untested.
* Simplified WebStart.php slightly by using a custom $_SERVER variable to mark compiled mode. It will break if you don't use the supplied server.conf, but that will break a lot of things so don't do that.
* Fixed the core web entry points to include WebStart.php in compiled mode instead of interpreted.
* Made the build directory configurable. This is mostly so that I can grep the source tree without seeing loads of generated C++.
* In server.conf, added a rewrite rule allowing a /wiki/$1 article path.
* Removed server.conf log file location "/dev/stdout", breaks when you switch user
* Disable static content cache, breaks horribly when you set SourceRoot to a directory containing 7GB of files.
* Rewrote the run-server script in PHP, mostly to support the configurable build directory feature.
* Added an option to the run-server script to allow running in interpreted (hphpi) mode.
This appears to make thumb.php more permissive than it's indended and could lead to littering false-positive thumbnails around the server when used to implement 404 handlers as designed.
This is a global search and replace of NS_IMAGE and NS_IMAGE_TALK with NS_FILE and NS_FILE_TALK respectively in all core files, excluding those already updated in step 1 (r44004).
Doxygen documentation update:
* Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group.
* Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file.
* Removed some empty comments
* Removed some ?>
Added following groups:
* ExternalStorage
* JobQueue
* MaintenanceLanguage
One more thing: there are still a lot of warnings when generating the doc.
* Return 404 response code for missing source file and bad title
* Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory.
* Refactor
* Added support for configuration of an arbitrary number of commons-style file repositories.
* Split Image.php into filerepo/File.php and filerepo/LocalFile.php
* Renamed Image::getImagePath() to File::getPath()
* Added initial support for timestamp-based file fetching (OldLocalFile), to be expanded upon by aaron.
* Changed the interface for Image/File object creation: use wfFindFile() or wfLocalFile() depending on semantics
* ImageGallery::add() now accepts a title object as the first parameter
* Moved file handling operations on upload from SpecialUpload to File
* Removed path-related functions from ImageFunctions.php. Removed static path accessors from File.
* Added a Content-Disposition header to thumb.php output
* Improved thumb.php error handling
* Updated the unit test suite to kind of partially work with modern computers. RunTests.php doesn't work just yet. Fixed an actual regression that the test suite detected -- moved some defines to Defines.php where they will be loaded consistently.
* Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally.
* Fixed interaction of page parameter to ImagePage with the HTML file cache
* Improved error reporting for image thumbnailing
* Fixed MIME type for SVG files, will be silently changed from image/svg to image/svg+xml after loading from the database.
* Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump instead.
* Fixed odd behaviour in ImagePage on DjVu thumbnailing errors
* Improved error reporting for image thumbnailing
* Added sharpening option for ImageMagick thumbnailing
* Removed Image::selectPage(), added page parameters to getWidth() and getHeight(), deprecated Image::renderThumb() and Image::getThumbnail()
* Changed default contents of img_metadata to empty string instead of a:0:{}
* Moved responsibility for respecting $wgGenerateThumbnailOnParse from the UI to Image.php
to forestall additional UTF-7-autodetect XSS issues. Probably not an
issue on Apache 2.0+, but most servers send only 'text/html' by default
when the script didn't specify more details.
This fixes an issue with the Ajax interface error message on MSIE when
$wgUseAjax is enabled (not default configuration); this UTF-7 variant
on a previously fixed attack vector was discovered by Moshe BA from BugSec:
http://www.bugsec.com/articles.php?Security=24
* Trackback responses now specify XML content type
The ob_start() section should preferably be removed from older
LocalSettings.php files.
* Give Content-Length header for HTTP/1.0 clients.
* Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not.
This can be done either by:
* Using explicit full paths, using the $IP global for the installation directory full path, and then working down the tree from there.
* Using explicit full paths, using the "dirname(__FILE__)" directive to get a full directory path for the includer file.
* Occasionally removing the line altogether, and then for some files the inclusion is handled by the autoloader.
For example, if the "extensions/wikihiero/wh_main.php" file does an include or require on "wh_list.php", then PHP does the following:
* tries to open "wiki/wh_list.php", and fails.
* tries to open "wiki/includes/wh_list.php", and fails.
* tries to open "wiki/languages/wh_list.php", and fails.
* tries to open "wiki/extensions/wikihiero/wh_list.php", and succeeds.
So in this example, the first 3 calls can be prevented if PHP is told where the file is.
Testing Method: On a Linux box, run these commands to attach strace to all the apache2 processes, and log their system calls to a temporary file, then generate some activity, and then stop the strace:
-----------------------------------
rm /tmp/strace-log.txt
strace -tt -o /tmp/strace-log.txt -p `pidof apache2 | sed 's/ / -p /g'` &
php maintenance/fuzz-tester.php --keep-passed-tests --include-binary --max-runtime=3 > /tmp/strace-tests.txt
killall -9 strace
grep "No such file or directory" /tmp/strace-log.txt | sort -u
-----------------------------------
Any failed file stats will be marked with: "-1 ENOENT (No such file or directory)".
Also:
* Strict Standards: Undefined offset: 230 in includes/normal/UtfNormal.php on line 637
* Strict Standards: iconv() [<a href='function.iconv'>function.iconv</a>]: Detected an illegal character in input string in languages/Language.php on line 776
[Note: Partial only - despite adding "//IGNORE", it still seems to be possible with some
messed- up binary input to cause PHP 5.1.2's iconv() function to squeal like a stuck pig].
* Update one $fname variable (method belongs to HistoryBlobStub class).
