The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
Bot passwords are something like OAuth-lite, or Google's application
passwords: the bot can use API action=login to log in with the special
username and password, and will then be allowed to use the API with a
restricted set of rights.
This is intended to provide an easy migration path for legacy bots and
for bots on wikis without OAuth, since AuthManager is going to greatly
complicate non-interactive authentication. If OAuth is available, an
owner-only consumer would be a better choice.
Bug: T121113
Change-Id: Iaa4015e00edbfbfaedcc8b2d27a2d3fd25009159
Depends-On: I7e15331efb162275c4116bcae61f19d6b884cbe3
Change I2abd650c8ce83c5b725aec054 to fix bug T76254 was
inefficient upon subsequent updates, as update.php would
first add the constraint, and then remove it again.
Remove the older code responsible for adding the doomed
constraint.
Also, make the "do nothing" output message more consistent
with other messages of the same nature.
Change-Id: Id6a05c1234fbdc5849480d13fb7d6476eac52857
When a page is updated under PostgreSQL, there is code to
de-index all but the most recent version of the page. But
when a page is moved, it was accidentally de-indexing the
most recent version as well, because rev_text_id is not
incremented in that case. A simple tweak to the SQL
fixes that.
I added code to the update script to find pages
previously corrupted by this problem and reindex them.
Bug: 66650
Change-Id: I52e1bbbd8592be5e7c7383c225e6b4c19bbe5b9e
Change I1c7f3a84f10df05d6b37dccbad4c8232edf51580 causes
an existing foreign key assumption (under PostgreSQL) to be
violated upon deleting a page. This foreign key assumption does not
explicitly exist in MySQL, and is not implied via documentation. So
it was probably never needed in the first place.
Don't create the foreign key constraint in PostgreSQL, and drop it
if it already exists when running update.php.
The constraint was previously created with an implicit name, so
drop the constraint involving the specified column name (rc_cur_id),
rather than hard-coding the name of the constraint itself.
This bug probably exists under Oracle and MSSQL as well, but no attempt
was made to address it there.
Bug: T76254
Change-Id: I2abd650c8ce83c5b725aec0545fff14a927a305a
There are already version comments for the older versions, so also
adding comments for the current version to make it easier finding the
corresponding version when looking at database changes.
As suggested in Ieeb558f9523c11965cbc1941cad4f316c00c85c5
Change-Id: Idf4f52aec4eeb73ec2f830d7d7eaab84c73b6d95
* Also tweaked the query so MySQL avoids doing a page_name
index scan when it should start with the link table index
* Added population script (triggered by update.php)
* Also removed uniqueness from some indexes where it is redundant
* Renamed two confusing variables
Bug: 60618
Change-Id: Icca99b6ae0ef76cb77695faf82c615516191da36
- Added/removed spaces around parenthesis
- Added space after switch/if/foreach
- changed else if to elseif
Change-Id: I99cda543e0e077320091addd75c188cb6e3a42c2
Special page PageLanguage to set the page language of a page.
To enable the feature, set $wgPageLanguageUseDB to true
and assign the 'pagelang' user right to a user group.
Bug: 35489
Change-Id: I0f82b146fbe948f917c1c5d29f7469644d797e80
Change-Id I427c6de5a0a29b43cff755db0eb8a750db620173 increases the
probability that a null byte will attempt to be stored in the
lc_value column. PostgreSQL does not allow that byte in a text
column, so convert the column to bytea.
If the column already contains corrupted data, the upgrade routine
might fail. To prevent this, delete the contents of the table before
changing the type.
Bug: 62098
Change-Id: Ie8368bde398b2ae4d3cfc9ee7bf35874bd2ded68
Follows up I217c42656fb877ff35a36eb446a22bdaf119faac
That change introduced a syntax error during update. I have verified
that this fixes the syntax problem so that update.php runs, but have
not verified that the new functionality behaves as intended.
Also, the PostgreSQL schema changes introduced during the update
process were not present at all in a fresh install to PostgreSQL. Add
analogous changes to tables.sql.
Bug: 64807
Change-Id: I736344839ec478216402fdfe260968afbd663498
This adds the pp_sortkey column to the page_props table.
pp_sortkeys allows for top-k queries for pages, e.g.
the 100 pages with the most language links, etc. It is also
possible to query for exact values.
For now, pp_sortkey will contain pp_value's numeric value if
the value was set to a float, int or boolean.
Associated tasks:
* create a maintenance script for populating pp_sortkey. Tricky,
because when reading from the database, all values are strings.
* create an API module for querying pages by property value.
bug: 58032
Change-Id: I217c42656fb877ff35a36eb446a22bdaf119faac
The column recentchanges.rc_cur_time is no longer populated by SQL,
so PostgreSQL must be changed to allow the NULL value for it.
In MySQL, the empty string is used as a surrogate for NULL, but that
is not allowed in PostgreSQL.
Bug: 61318
Change-Id: I6733ef11152d545382bec087d992515dcf9aec0b
Add functionality to expire users' passwords:
* Adds column to the user table to keep a password expiration
* Adds $wgPasswordExpirationDays, which will force users to reset
their passwords after a set number of days. By default, this set
to false, so passwords never expire.
* Adds a default grace period of 7 days, where if the user's password
is expired, they can still login, but are encouraged to reset their
password.
* Adds hook 'LoginPasswordResetMessage' to update reset message, in
case an extension wants to vary the message on a particular reset
event.
* Adds hook 'ResetPasswordExpiration' to allow extensions to change
the expiration date when the user resets their password. E.g., if
an extension wants to vary the expiration based on the user's group.
If the user is in the grace period, they get a password reset form
added to the login successful page. If an extension prevents showing
the login successful page (like CentralAuth), it should be updated to
show a password change form during the grace period. After the grace
period, the user will not be able to login without changing their
password.
Also prevents a successful reset if the user is "changing" their
password to their existing password.
No passwords will expire by default. Sites will have to call
User->expirePassword() from their own maintenance script to trigger a
password reset for a user.
Bug: 54997
Change-Id: I92a9fc63b409b182b1d7b48781d73fc7216f8061
Fixing bug #54404 requires querying against logging.log_user_text, which
is currently unindexed. Add an index, to prevent performance from being
adversely affected by the fix.
Bug: 54432
Change-Id: I6b2af65c75bbee57377cb1ec2e75ea41a5091f80
The patch for rc_source was reverted and at the end was merged for
version 1.23 (I5412466444526986e1209d0982dd62cd5b387ad1).
Release notes was already moved with
I5113828701fde7d21c81ef3219d04202a9073f00
Change-Id: If3b41a800f4982745eb883d5c4ac270ac75ffaa9
PostgreSQL needs sequences created before nextval
is used as the default value, populating newly
created fields.
Followup to: Ib6b0fc3736d173fa4ba7b786ecfc710b2f4711bb
Bug: 15441
Bug: 39675
Bug: 56185
Change-Id: Ia21d5bddead257a33a13e3ff2ec508041843613b
One class of errors left unaddressed: Class name "WebInstaller_Language"
is not in camel caps format. I think this can be changed, too, but I
wasn't able to quickly find out where class names are being created.
Change-Id: I920b0231db1b70b68c6c8907257c288a0e112668
* New fields: ar_id, el_id. el_id is presently not used for
anything, but will help with online schema changes.
Bug: 15441
Bug: 39675
Change-Id: Ib6b0fc3736d173fa4ba7b786ecfc710b2f4711bb
No feature flag, and also not deployed on WMF wikis. Asking for schema changes by the time we branch tomorrow is just unfair
This reverts commit e478c230f6.
Change-Id: I125c30e76fa04679cc04ae7b8728ae3a61f35194
The existing field to differentiate between kinds of recentchanges rows is
the rc_type field. We want to allow extensions to insert their own custom
data into recentchanges, but we have learned via the NS_* series of constants
that requiring extensions to "register" a specific number is very error prone.
The solution, which this commit implements the first phase of, is to utilize
a new 16 byte string field rc_source. Within that field change types will be
prefixed strings such as 'mw.edit' and 'mw.new'.
This commit adds the new field and begins populating it with data. At some
point in the future the rc_type field will be dropped. While WMF wiki's will
simply wait out the 30 day recentchanges history, other wiki's have the option
of letting update.php populate rc_source, or manually applying the db change and
utilizing the PopulateRecentChangeSource maintenance script.
Change-Id: Iaddd6c446373a68d31586ed54346db7d04e13b2c
this:
CREATE TABLE profiling (
pf_count INTEGER NOT NULL DEFAULT 0,
pf_time FLOAT NOT NULL DEFAULT 0,
pf_memory FLOAT NOT NULL DEFAULT 0,
pf_name TEXT NOT NULL,
pf_server TEXT NULL
);
The current use of NUMERIC(18,10) very rapidly overflows the pf_memory column,
generating errors. Also, the NUMERIC is very much slower than float, and in
this case it has no advantages.
Bug: 55722
Change-Id: I48b00d55aaed821a4ceb9365033817a3b477d71a
And added/removed spaces around some other tokens,
like +, -, *, /, <, >, =, !
Fixed windows newline style
Change-Id: I0b9c8c408f3f6bfc0d685a074d7ec468fb848fc8
This was an experimental authentication system intoduced a couple
of years ago with a pretty narrow use-case. It's been pretty much
ignored since introduction, and makes login more complicated than
it needs to be.
I didn't drop the external_user table on the off-chance someone
out there actually has data in it, but they should use AuthPlugin
for their external authentication needs.
Change-Id: I794338dbb75961ee033d41fa44bb7aa22e54f447
The iwlinks and langlinks modules continue parameters imply ordering by
page then prefix then title. But in certain modes, the actual queries
use a different ordering, which may result in skipped or repeated
results.
This changeset fixes that. To do so, it needs to re-add an index
iwl_prefix_from_title which was mistakenly removed in 2010 (r69721). And
while it's doing that, it cleans up errors in the sqlite and postgresql
handling of the iwlinks indexes too.
Also, per Asher, make the iwl_prefix_from_title and
iwl_prefix_title_from indexes non-UNIQUE.
Change-Id: I607e8bf9183a2d8152a6127a81c83a0b5bba0c61
* Removed spaces around array index
* Removed double spaces or added spaces to begin or end of function
calls, method signature, conditions or foreachs
* Added braces to one-line ifs
* Changed multi line conditions to one line conditions
* Realigned some arrays
Change-Id: Ia04d2a99d663b07101013c2d53b3b2e872fd9cc3
