* This better handles delayed/lost cache purges by
having lower TTLs for entries that often changes.
* Use this for foreign upload description page caches,
we purges are never received from the source wiki.
* Also use this for User and LocalFile cache TTLs.
* Also move the Database::getCacheSetOptions() call in
User *before* doing the queries, which is preferred.
* Fixed some IDEA errors too, like the undeclared
mApiBase field.
Change-Id: I70f8ebb29ac853c2a530d9eedb9e7facc1b7b710
Nothing else calls this, and it really shouldn't be used except for
determining if a request should be proxied.
While we're here, actually support HTTPS.
Change-Id: I5edf47f75ebb7c1705d0c406ee7d19425f348eb4
PHP (and other programming languages) are vulnerable to an exploit
when making external requests via a proxy when a client provides a
Proxy header. See https://httpoxy.org/ for more information.
MediaWiki now requires $wgHTTPProxy to be set when attempting to
use a proxy for requests and can no longer rely on http_proxy
environment variables. As it exists, this code is inherently unsafe
on case-insensitive platforms (eg: Windows) and hard to be sure of
for other platforms.
All users using a proxy for MediaWiki and *not* setting $wgHTTPProxy
are advised to do so immediately to mitigate this problem. This will
be required as of the next security release.
All extensions maintained in Git/Gerrit appear to be Doing The Right
Thing and not trying to use getenv('http_proxy') directly. This would
be a bad thing to start doing. Call Http::getProxy() if you need to
manually get a proxy from MW for external requests.
Bug: T140658
Change-Id: I122583ad98d867c5855c3e2f955fe47787668589
Status::getWikiText is used for internal logging, api error messages and
maintenance scripts. All this places are usually in english, so pass an
english language to getWikiText.
Change-Id: I3010fca8eb5740a3a851c55a8b12e171714c78f7
MediaWiki currently uses two sources for proxy configuration:
* the $wgHTTPProxy global configuration variable
* the http_proxy environment variable
The HTTP proxy adress to use is a valuable information for
extensions handling directly HTTP requests instead of use
helper classes provided by the core to construct them.
This change offers an Http::getProxy() utility method to get
the configuration, regardless of the source.
Bug: T117954
Change-Id: I5df31845df71f05ac581f532cc9bd7a1fea25583
The feature no longer exists starting in PHP 5.4.0, and MediaWiki
now only supports PHP 5.5.9 or newer.
Change-Id: I3f2d1b564c50f0a28ec1ec0abd7d1b242e26953b
CURL has a "feature" where passing array( 'foo' => '@bar' )
in CURLOPT_POSTFIELDS results in the contents of the file named "bar"
being POSTed. This makes it impossible to POST the literal string "@bar",
because array( 'foo' => '%40bar' ) gets double-encoded to foo=%2540bar.
Disable this "feature" by setting CURLOPT_SAFE_UPLOAD to true,
if available. According to the PHP manual, this option became
available in 5.5 and started defaulting to true in 5.6.
However, we support versions as low as 5.3, and this option
doesn't exist at all in 5.6.99-hhvm, which we run in production.
For versions where this option is not available (pre-5.5 versions
and HHVM), serialize POSTFIELDS arrays to strings. This works
around the issue because the '@' "feature" only works
for arrays, not strings, as of PHP 5.2. (We don't support pre-5.2
versions, and I've verified 5.6.99-hhvm behaves this way as well.)
Bug: T118032
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Change-Id: I3f996e2eb87c7bd3b94ca9d3cc14a3e12f34f241
Before this change, the information that is written
to the log for requests with a non 200 return status
is not very helpful. A variable $errors is created,
but never used.
This patch writes the $errors and the request body
to the log.
Change-Id: If62ec801d59b2343890f4238e5a534d034d934ad
Work around PHP's crappy stream error handling to extract the
OpenSSL message that gives actually useful information.
Change-Id: I9eba0f90935e25e2d07995f6181fa90b7d52ea55
Up to 5.5, PHP does not accept any certificates if cafile/capath
is not set. (From 5.6 it uses the system default CA budle, which is
going to be a better choice than anything we can guess.) So try
to guess the location of the system default CA bundle.
Won't work on windows, but that's a lost cause anyway because PHP
(pre-5.6) can't handle the windows CA file format.
Bug: T75203
Change-Id: I07736c150fe0783e09d297395ed25adf335edbd3
Hacky work around, where on php < 5.6.0 where SubjectAltName is not
supported, if a request to commons.wikimedia.org fails, retry the
request but telling php fopen wrapper to treat it as if it came
from en.wikipedia.org for validation purposes, since as of
c02fab71422a that's what the common name of the cert will be.
In the ideal world, everyone would just have curl installed.
I know this is super hacky, but I'd really like instant commons to
work out of the box even without curl installed.
Note: I'm basing the php 5.6 part on documentation, I have not tested
this with a copy of that version of php.
Bug: T75199
Change-Id: Ibde59be61a5b3d7cd5397ba352dce9be11e1b06f
Instead of silently discarding errors in server-side HTTP requests,
log them to a 'http' channel.
Make ForeignAPIFile::httpGet() (which sort of reimplements Http::get())
log to the same channel, for consistency.
Bug: T103043
Change-Id: Ibf552e22adc7fde4a751f92e92dad6ceba2f335c
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
Http::get/set/request() now all take a new $caller parameter
which is like $fname in databases. Pass it __METHOD__ so all
of your external requests can be grouped together in profiling.
Change-Id: Ibad219452903a9678378044595cff1231bf605d8
It is inconsistent with request() and post() and there's a couple
of mistaken usages in core and extensions that think they have the
same signature.
Change-Id: I834278639a3648edec7bcb57db7bb61f456d2a92
As of PHP 5.6.0, this is now allowed provided that libcurl is version
7.19.4 or newer (to not follow redirects to file:// URLs, which would
circumvent the open_basedir restriction).
https://bugs.php.net/bug.php?id=65646fba290c061
Change-Id: I1233dca563a185d12923736d8d397a3acf87a71e
Xhprof generates this data now. Custom profiling of various
sub-function units are kept.
Calls to profiler represented about 3% of page execution
time on Special:BlankPage (1.5% in/out); after this change
it's down to about 0.98% of page execution time.
Change-Id: Id9a1dc9d8f80bbd52e42226b724a1e1213d07af7
The former is independent of the remaining of the SiteConfiguration
class, and as thus makes more sense to be defined as an explicit
configuration setting rather that being hidden in $wgConf.
Change-Id: I25204d37c5cfffb6953fe53e14316dc3df5b5b10
This works around <https://github.com/facebook/hhvm/issues/3702>.
We don't actually use the constant, so checking the library version
should suffice.
Bug: 70570
Change-Id: I732d8f7eb2908bae10100594f693cf7a63f8b5b1
- Swap "$variable type" to "type $variable"
- Added missing types
- Fixed spacing inside docs
- Makes beginning of @param/@return/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: I783e4dbfe5f6f98b32b9a03ccf6439e13e132bcc
- Removed spaces after not operator (!)
- Removed spaces inside array index
- use tab as indent instead of spaces
- Add newline at end of file
- Removed spaces after casts
Change-Id: I9ba17c4385fcb43d38998d45f89cf42952bc791b
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Also added some missing @param.
Change-Id: I0056b4a8df243cfc0c5f25378de48f7a35170aca
It was introduced in 5d210b50 but no callers have ever been updated
so this always falls back on $wgTitle (which is usually wrong). It
only works on cURL, and is marginally useful at best.
Change-Id: Ic498108af9f466cefbd0072f94f0efa4055cd169
Issue introduced when SSL verification was added to PHPHttpRequest.
For HTTP and HTTPS stream, PHP expects "http" as the steam context
name, regardless of SSL.
Change-Id: I12c5d3d9aded6e704ebabe85b86e556fd0e99479
Follows-Up: 1c927b1df2 (Iab2bda1ebc)
Bug: 56047
Follows-up 58f71c7e9e, which assumed that the CURLOPT_CONNECTTIMEOUT_MS
constant was defined.
Bug: 58178
Change-Id: Id31a3ec56e4c7cac7d3edb2653c87be467d1a471
- Place commas correct
- Moved comments
- Add space after if/foreach/catch
- Reformat some conditions
- Removed trailing spaces/tabs
Change-Id: I40ccda72c418c4a33fcd675773cb08d971510cdb
