This edition brought to you by:
grep -ERIn $(grep -o "'[A-Za-z0-9_]*'" includes/MainConfigNames.php | tr
"\n" '|' | sed 's/|$/\n/') includes/
I only corrected a fraction of the results provided by that command. I'm
submitting the partial patch now so it doesn't bitrot.
Bug: T305805
Change-Id: If1918c0b3d88cdf90403921e4310740e206d6962
Part 1, proof of concept. Hundreds of files left to go. These changes
brought to you in large part by vim macros.
Bug: T305805
Change-Id: I44789091e9f6394c800a11b29f22528c8dcacf71
Make phan stricter about array keys
Remaining false positive issues are suppressed.
The suppression and the setting change can only be done together
Bug: T304887
Depends-On: I3105a5fd4826f8667b5232834defc5ec93be32a1
Depends-On: Ie9610a6e83731468311edb3ed17f80fc509de385
Change-Id: I701f12ab94478c3b8e7fd82110ade74a8e6b04ef
Even all the function throws, the return type should match the interface
Found by phan strict checks
Change-Id: I43669320d7abfc5ee36602aea9ed21bf675dde96
$wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout used to default to INF,
the positive infinity float value. This value has no representation in
JSON. In order to allow default configuration values to be defined in
a JsonSchema, we allow 0 to be used to represent "no limit" instead.
Bug: T294788
Change-Id: Id1b832b46ac6984655dcf0c06d5af7d356cca800
Discussion on Ia16d8f86b1cb20 indicates that we want to go in the other
direction - MediaWiki shouldn't set X-Forwarded-Proto, rather the
reverse proxy (envoy in Wikimedia's case) should set it.
This follows-up cc241c2add.
Bug: T288848
Change-Id: Ifc5e9da9a02b45d9d1ad51c3e1389f9ac7325c86
This follows the same approach as MWHttpRequest, we inject
$wgLocalVirtualHosts, and for each request check whether it matches that
domain list, rewriting the request as necessary.
Unfortunately this requires a decent amount of code duplication because
MultiHttpClient is in includes/libs/ and can't depend on the same code
in MWHttpRequest.
Bug: T288848
Change-Id: Ia16d8f86b1cb20dde9fe487729d67d92af650cfe
Since 1.34 setting non-default HTTP engine
has been deprecated. It's time to remove
the old implementations. Only Guzzle is
now available.
Change-Id: I978b75827e69db02cbc027fe0b89a028adfc6820
$wgLocalHTTPProxy can be used to configure a reverse proxy
for requests to domains in $wgLocalVirtualHosts. The previous
implementation of using it as a proper HTTP proxy is no longer
supported and has been reverted out of REL1_37 (856da72363d1ba8bf).
It sets the hostname of the request as a "Host" header, scheme as
"X-Forwarded-Proto" and then sets the proxy's scheme, host and port as
those of the request.
Bug: T288848
Change-Id: Ibc3616f5ad925d464d937ab15461a88619c8b7a7
This helps phan to detect unreachable code and also impossible types
after the functions.
It helps phan to avoid false positives for array keys
when the keys are checked before
Bug: T240141
Change-Id: I895f70e82b3053a46cd44135b15437e6f82a07b2
Currently requests to domains listed in $wgLocalVirtualHosts bypass
use of the standard $wgHttpProxy. With WMF's migration to Kubernetes, we
limit outgoing traffic in a much stricter manner, so even internal
requests will need to go over a proxy (e.g. Envoy).
If the domain passes MWHttpRequest::isLocalURL(), then $wgLocalHTTPProxy
will be used if set, otherwise no proxy will be used (current behavior).
Bug: T288848
Change-Id: Ifd0cbab02fa8f14a82ca34ebc7ad95b2be174434
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
For example, documenting the method getUser() with "get the User
object" does not add any information that's not already there.
But I have to read the text first to understand that it doesn't
document anything that's not already obvious from the code.
Some of this is from a time when we had a PHPCS sniff that was
complaining when a line like `@param User $user` doesn't end
with some descriptive text. Some users started adding text like
`@param User $user The User` back then. Let's please remove
this.
Change-Id: I0ea8d051bc732466c73940de9259f87ffb86ce7a
Guzzle is a vendor library included with MediaWiki, and it is
sometimes useful to directly use a GuzzleHttp\Client instance.
Add a function to HttpRequestFactory for this purpose.
Bug: T263816
Change-Id: I35f4b911676c7a58dfa5a8dd0d104125188dd62c
This makes the PSR-7 interface for the MWHttpRequest available to all
consumers that want to make use of it. This is of general utility and
should not be limited to Wikibase. Also, it allows us to drop the Guzzle
dependency from Wikibase entirely.
As an alternative to moving the adapter (as is done with this patch), it
was considered to refactor MWHttpRequest to support the interface
directly. While that would come without the overhead of an additional
class, it would require adding the interface methods to an already large
class and deprecating the now redundant legacy methods. This would be an
invasive refactoring that would not only affect the classes inheriting
from MWHttpRequest, but also its consumers.
It would seem that a conceptual refactoring of that magnitude would
require a more substantial consensus among contributors (and maybe
consumers) of these classes. Moving this adapter is seen as a step in
building the case for why using standardized interfaces is a good idea
and allowing for the discussion to be grounded of incorporating an existing
adapter into a base class rather than the hypothetical discussion of
adjusting it to an so far unused interface.
Bug: T263989
Depends-On: I56ad52b561460121a8c84313cbd431dc811e2ae1
Change-Id: I2a27dead1d5f1403b8d255c5daf9ba5e7c313476
The headers passed to Guzzle via the Client constructor are termed
"conditional", meaning that headers in the Request override them. If you
set a "body" option containing a MultipartStream, it sets a default
Content-Type request header, overriding the one from the Client
constructor. So to send a multipart stream with a custom Content-Type,
it is necessary to pass headers to Guzzle in the Request object.
Change-Id: Ie7bfc548ce4211fbf3ec67e3913bbdd3482977c3
These were never meant to be part of the public interface and should not
ever have been marked with @since. They're only useful for constructing
the respective objects, which no outside users should be doing.
Change-Id: I86e01272d46fc72af32172d8a12b9180971d4613
A terminating line break has not been required in wfDebug() since 2014,
however no migration was done. Some of these line breaks found their way
into LoggerInterface::debug() calls, where they mess up the formatting
of the debug log.
So, remove terminating line breaks from wfDebug() and
LoggerInterface::debug() calls.
Also:
* Fix the stripping of leading line breaks from the log header emitted
by Setup.php. This feature, accidentally broken in 2014, allows
requests to be distinguished in the log file.
* Avoid using the global variable $self.
* Move the logging of the client IP back to Setup.php. It was moved to
WebRequest in the hopes that it would not always be needed, however
$wgRequest->getIP() is now called unconditionally a few lines up in
Setup.php. This means that it is put in its proper place after the
"start request" message.
* Wrap the log header code in a closure so that variables like $name do
not leak into global scope.
* In Linker.php, remove a few instances of an unnecessary second
parameter to wfDebug().
Change-Id: I96651d3044a95b9d210b51cb8368edc76bebbb9e
* Use createMultiClient() in CdnCacheUpdate. This will reduce the
timeout from a hard-coded 900s to a configurable 25s. This is not
used in WMF production.
* Use createMultiClient() in the VirtualRESTServiceClient service. This
should have no effect in production since the service is broken per
T175224.
* Use the new createMultiClient() in the old createMultiClient(). The
configuration is the same except that the maximum timeouts are now
respected.
Bug: T245170
Change-Id: I63139d29471bc59e9ef60032fd812a1f24644113
* Add HttpRequestFactory::createMultiClient(), which returns a
MultiHttpClient with configured defaults applied. This is similar to
the recently-deprecated Http::createMultiClient().
* Introduce $wgHTTPMaxTimeout and $wgHTTPMaxConnectTimeout which, if set
to a lower value than their defaults of infinity, will limit the
applied HTTP timeouts, whether configured or passed on a per-request
basis. This is based on the frequently correct assumption that ops know
more about timeouts than developers.
* In case developers believe, after becoming aware of this new situation,
that they actually do know more about timeouts than ops, it is possible
to override the configured maximum by passing similarly named options
to HttpRequestFactory::createMultiClient() and
HttpRequestFactory::create().
* Apply modern standards to HttpRequestFactory by injecting a logger and
all configuration parameters used by its backends.
* As in Http, the new createMultiClient() will use a MediaWiki/1.35
User-Agent and the 'http' channel for logging.
* Document that no proxy will be used for createMultiClient().
Proxy config is weird and was previously a good reason to use
MultiHttpClient over HttpRequestFactory.
* Deprecate direct construction of MWHttpRequest without a timeout
parameter
Bug: T245170
Change-Id: I8252f6c854b98059f4916d5460ea71cf4b580149
Updated Doxygen markup in several .php files triggering warnings when mwdocgen.php is executed. Removed
obsolete settings MSCGEN_PATH and TCL_SUBST from Doxyfile. The former would generate a warning in 1.8.16
while TCL support was removed in 1.8.18. Since TCL_SUBST was blank anyway, it was removed prior to getting
to .18 in production. Increased DOT_GRAPH_MAX_NODES from 50 to 200 since Doxygen complained about it being
too low for API and Maintenance.
Bug: T248706
Change-Id: I9c67f0807d1b43089d351263d4f591dee5501f36
Currently GuzzleHttpRequest is not sending any cookies.
Furthermore, Guzzle expects its own format of CookieJar,
which is not compatible with CookieJar used by MediaWiki.
Solution is to add Guzzle Middleware that would obtain Cookie header
from MediaWiki CookieJar and add it to outgoing Guzzle requests.
Note: special handling of received cookies (Set-Cookie header
from the server) is unnecessary, this is not Guzzle-specific code
and is already done in MWHttpRequest::parseCookies().
Still, adding both a test of sending cookies and receiving cookies.
Bug: T245644
Change-Id: If69840e65d5671989cf15450964da3c691fd164a
Scalar casts are still allowed (for now), because there's a huge amount
of false positives. Ditto for invalid array offsets.
Thoughts about the rest: luckily, many false positives with array offsets
have gone. Moreover, since *Internal issues are suppressed in the base
config, we can remove inline suppressions.
Unfortunately, there are a couple of new issues about array additions
with only false positives, because apparently they don't take
branches into account.
Change-Id: I5a3913c6e762f77bfdae55051a395fae95d1f841
The MWHttpRequest is implemented by the
CurlHttpRequest class and also the
GuzzleHttpRequest class. However, curl based rendering set
the CURLOPT_POST which implies that the 'Content-Type'
header defaults to 'application/x-www-form-urlencoded'.
To homgonize the functionality this patch mimics the
curl behaviour in Guzzle.
Bug: T232866
Change-Id: Id60a8de18e5f1e750a3bde23bd8b0deca4071165
This is for classes with a single undeclared property - aside from
BlockManager: I3f51fd3579514b83b567dfe20926df2f0930dc85 removed the
declaration of $permissionManager without actually removing all uses.
Change-Id: Ic2a95f77071312041be6e0633ea9b5325e98de42
This allows us to remove many suppressions for phan false positives.
Bug: T231636
Depends-On: I82a279e1f7b0fdefd3bb712e46c7d0665429d065
Change-Id: I5c251e9584a1ae9fb1577afcafb5001e0dcd41c7
