This makes the code more compact and more readable while doing the
same as before.
One relevant note: I'm also removing a null check for a variable
that will be used as an array index. This is fine because of the ??
operator. What actually happens is an $maxUploadSize[''] array
access, which never exists and falls back to what comes after the ??.
Change-Id: I7fc82fd179c9594ce5755327523ceec4f502d14f
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
Changes to the use statements done automatically via script
Addition of missing use statement done manually
Change-Id: Id9f3e775e143d1a17b6b96812a8230cfba14d9d3
This patch introduces a namespace declaration for the
Wikimedia\FileBackend to FileBackend and establishes a class
alias marked as deprecated since version 1.43.
Bug: T353458
Change-Id: Id897687b1d679fd7d179e3a32e617aae10ebff33
With this change, when async uploads are enabled, upload-by-url
will spawn a job and a form with a button to check the status of the
process is shown to the user.
In the process, add processing of warnings in the remote jobs spawned by
the API or the Special page. This is done by adding checks to
UploadJobTrait::verifyUpload. In order to manage warnings serialized in
the job status, a method to unserialize the result of
UploadBase::makeWarningsSerializable.
Things that we might want to fix:
* The form's UI is abysmal, we should probably use Codex
* While it's not a huge deal, I'd like to figure out why I need to
purge the page cache if I want the file to show up. And more
interestingly, why this doesn't happen when uploading via the API
Bug: T295007
Bug: T118887
Change-Id: I49181d93901f064815808380285fc4abae755341
To this end if 'async' is passed with 'url' to the api:
* Avoid downloading the file synchronously, but verify early
if the upload is allowed by adding a canFetchFile to UploadBase
overridden in UploadFromUrl
* Spawn an UploadFromUrlJob
* When checking for the status of the job, do it fetching the data in
the main stash.
Bug: T295007
Change-Id: If95ccf376cfa9fbe9b3cd058e8e334a6bdd2eb44
During a stashed upload, the SHA1 has already been calculated and
is populated based on data saved in DB. Reuse that value in
verifyPartialFile() instead of recalculating as SHA1 can take a
long time to calculate for large files.
This should improve the speed of PublishStashedFile jobs.
Bug: T200820
Change-Id: Ie2967c636b2f942921a125ef62d1a466c6035ca0
AssembleUploadChunks was calculating the SHA1 hash of the same
file 5 times in a row. Calculating SHA1 hashes can be somewhat
expensive for multi-GB files, making the job slow, possibly to
the point of a timeout. This change ensures that the SHA1 value
is kept and reused when applicable so that the job will only
calculate it once.
Bug: T200820
Change-Id: I842814c7a2b7dc6e427e040c8dd4d43e7c7cabb4
Users often complain that chunked upload is unreliable. However
it is often difficult to see what happened when it failed. Add
additional debug logging so we can better determine how often
chunked upload fails, and hopefully have a better idea what the
causes are.
This only adds logging and should not change any behaviour
Change-Id: I45b710fa57c7d05bb27a7b00a3303e78f5d2ff2a
This is used to (among other things) detect lang tags in multilingual
SVGs. Users have complained that lang tags are often missed in large
SVG files.
The cut-off is used for two things during upload:
* Run some (simple) regexes to detect <?xml header
* Use XMLReader (with entity substitution enabled!) to look for specific tags.
The first check doesn't make sense to use a configurable cut off. Change
it to look at the first 4096 bytes only. The <?xml header is required to be
the first thing in the file other than BOM, so this should be more than
sufficient. XML parsers give a fatal error if there is whitespace before
the <?xml declaration.
It seems unlikely to be problematic to use XMLReader on up to 5MB of the file,
since that is a "pull" XML parser, and won't load the entire file at once.
The code that cuts off the SVG at the 5MB mark likely uses more memory
than parsing the file does. In fact, we separately use XMLReader to do
security checks with no such cut-off, so potentially it could even make sense
to remove the cut-off entirely, since clearly parsing the full file is not
causing problems.
Bug: T270889
Change-Id: I7350918647d92c40934a7c86e906b6bfb8a40ada
Updating name & email addresses for Brooke Vibber.
Re-ran updateCredits.php as well so there are some new entries in
there as well.
There are a couple of files in resources/libs that will have to
be changed upstream to keep tests happy, I will do patches
later. :D
Change-Id: I2f2e75d3fa42e8cf6de19a8fbb615bac28efcd54
Just use the result from one call in both places.
I'm also re-arranging the code for readability. This is quite
critical here. A file name like ".htaccess" where the very first
character is a dot but no other dot follows must be considered a
filename without an extension. I hope this is more visible with
the `> 0`.
Change-Id: I24179de62c3f4443effe8a4ebd089a3f77fd84e3
Found via (?<!IDBAccessObject)::READ_
We are planning to deprecate and remove implementing IDBAccessObject
interface just to use the constants.
Bug: T354194
Change-Id: I89d442fa493b8e5332ce118e5bf13f13b8dd3477
API modules are high level request handler, lower level code should not
depend on them.
This patch solves the problem only partially, since it leaves references
to ApiUpload in AssembleUploadChunksJob and PublishStashedFileJob. These
jobs were already accessing ApiMain, so while this does not fully resolve
the problem, it reduces it.
Change-Id: I39c9e30cfb2860c573eed8a791f1a292a83cbd76
This method is now redundant since rate limit checks are implicit in
permission checks. verifyPermissions() calls authorizeWrite( 'upload' ),
which will enforce any limits on the upload action.
Change-Id: I2ab3c646b8246411df501b548f652eaf11d0bc8e
Doc comment indicates the variable is only used for new uploads,
explicit mention the false type used on reupload.
Bug: T315521
Change-Id: I47bbfdeb327b26b1575b9c649cb6b0325390c9a2
empty() only makes sense when the expression it checks is possibly
undefined, otherwise it's equivalent to a truthiness check with the
additional downside of suppressing errors when it's not wanted.
Replace it with simple truthiness checks, using strict comparison when
that seems to help with polymorphic variables.
These were caught by a bespoke phan plugin.
Change-Id: Ide262162553d2da7e5388d05e8731529c44591c1
This class is used heavily basically everywhere, moving it to Utils
wouldn't make much sense. Also with this change, we can move
StatusValue to MediaWiki\Status as well.
Bug: T321882
Depends-On: I5f89ecf27ce1471a74f31c6018806461781213c3
Change-Id: I04c1dcf5129df437589149f0f3e284974d7c98fa
Motivation:
* Avoid code duplication.
* Hopefully make it easier to read.
* Also order stuff from cheap to expensive, if possible.
Change-Id: I575e3f2027ce60a0d0885be5b9bd3e07bc035eee
Use str_starts_with, str_ends_with or string offset where appropriate.
This fixes a bug in MimeAnalyzer where the "UTF-16LE" header could not
be identified because of wrong constant. This is the exact type of bug
that the new functions can avoid.
Change-Id: I9f30881e7e895f011db29cf5dcbe43bc4f341062
The Hooks class contains deprecated functions and the whole class is
going to get removed, so remove the convenience function and inline the
code.
Bug: T335536
Change-Id: I8ef3468a64a0199996f26ef293543fcacdf2797f
* Unnecessary regex modifier. I agree with this inspection which flags
/s modifiers on regexes that don't use a dot.
* Property declared dynamically.
* Unused local variable. But it's acceptable for an unused local
variable to take the return value of a method under test, when it is
being tested for its side-effects. And it's acceptable for an unused
local variable to document unused list expansion elements, or the
nature of array keys in a foreach.
Change-Id: I067b5b45dd1138c00e7269b66d3d1385f202fe7f
These trigger PHP 8.1 warnings, though oddly this has been seen on the
REL1_40 branch but not elsewhere yet. Worth doing anyway, each of these
calls is safe to fail on '' instead.
Change-Id: I1fe18f487a5e56effc61bf053055882958603418
This supported mostly IE 6 and 7 as well as some very old Safari
versions against sniffing. Browsers later implemented
X-Content-Type-Options: nosniff which should protect against this
problem.
Bug: T309787
Change-Id: Iea61bd82033551008eb1832fe899ea28ccb23385
Inkscape has an attribute only-selected in it's namespace which
is not interpreted by browsers and should be safe upload.
Bug: T288186
Change-Id: I044f225aef813efc708eb96f588fc55733d165f3
Some minor changes to silence the IDE
- Removed some unnecessary branching
- Use strict comparison where possible
- Use self::
Change-Id: Ica98f2d02520c9537f71dfd517a397828bf68848
