* Avoid deprecated method use in MediaWiki.php.
* Move LBFactory::beginMasterChanges down a bit, next
to LBFactory::commitMasterChanges.
* Rename $factory => $lbFactory.
* Remove redundant $conn->trxLevel() check.
Change-Id: I309ff3b8e3f586f0ac40b2f3be26b161993b58d2
This makes sure that jobs run one way or another.
Also made a few cleanups and improved the logging.
Change-Id: Ic2916099181ebeb5ae5143d444515db9ed13cee9
* Follow-up to 8b141886ed
* The method is now called after the setCdnMaxage() call
in performAction.
* Allow any CDN urls for the title now, check $wgDebugToolbar,
and allows caching redirects. The multi-step redirect case does
not cache however, for simplicity.
* Removed now-unused code in Article that calculated $timestamp.
Change-Id: Ic4f4e3a79d7d386c2f15ca5b11dddf5c57ff9e9f
This updates are PRESEND for reason, so users should see them
on the next page view. Otherwise, they would be POSTSEND.
Change-Id: I533de550f6dd3e4b75507c2d25b1a05f7ac1301d
* Use getCanonicalURL() to avoid links with the wrong host (e.g.
when it is virtual) and to avoid getting redirects.
* Also disable this setting when post-send execution is already
available, by default.
* Bump the socket timeout slightly.
Bug: T107290
Bug: T68485
Change-Id: I56c43193fa6583cc0c8209ff59cf20c986a799a3
This makes post-send updates subject to logging, like other
updates in POST requests. Previously, slow queries were ignored.
Bug: T137326
Change-Id: Ia08f51a10b7b1fae3350f5c5215fab234edefada
Most URL generation happens via wfExpandUrl, which honors $wgServer
(or whatever setting it is told to use): if it has an explicit
protcol, that is always used; if it is a protocol-relative URL,
the protocol is selected based on the parameters given to wfExpandUrl.
One exception is MediaWiki::main() which always uses HTTPS if the
relevant cookie or user option is set, even if the wiki does not
support it. That can lead to annoying problems on Vagrant where it
is not unusual to turn HTTPS support on and off: when that happens,
the user can get locked out of the account.
Change-Id: I06982a26cd808f2aaa26753cd3353ed82473d9e0
The former sometimes show up in the logs as they were causing
CentralAuth to use the master but the expectations treated
the request as a GET request. This makes things more
consistent.
Bug: T92357
Change-Id: I55bf3139c68f5926fe67a51cf0eb1b2ffe55d17b
* This is useful for logic that decides what DB (master/slave) to use
based on the nature of the web request. It could also be used to
enforce clear read/write distinctions via exceptions if DB_MASTER
is misused.
* Also fixed two IDEA errors while editing this class.
Bug: T134608
Change-Id: I43f4bc06c19d823d7d1ffd9cee8bbe60563c7f82
* Timeouts happen when memcached is cleared or on DC-switchover likewise
* Disable the sidebar cache when the MessageCache is disabled
* Also lower any output expiry for CDN and set a custom header
when the MessageCache is disabled
* Log when this happens to a dedicated "MessageCacheError" channel
Bug: T133069
Bug: T7092
Change-Id: I1b80e250532033c52680246279e1e8f56350ae83
Special page instance from SpecialPageFactory::getPage needs a context
set, to avoid using RequestContext::getMain in SpecialPage::getContext
Change-Id: I6e0828c6c9668c4ef10a729533190a5225b8782f
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
This sets a short lived cookie that more robustly takes on the role that the
session initiation in SubmitAction has. It can be used via Varnish VCL.
Bug: T121440
Change-Id: I6214a0bce4e8bbbecbc3f9513e7c852285b4a9db
This prevents a malicious person from using external resources on their
website to cause the victim's web browser to load
Special:MyPage -> User:Username, and then looking it up in the page hit
statistics in order to correlate IPs from the malicious person's server
log, with usernames on wiki.
This feature can be disabled with $wgHideIdentifiableRedirects.
Bug: T109724
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
Change-Id: Ia0e742dc92c77af4832174dfa24c6dcaa6ee80e9
This is a low level catch-all net for huge updates that still slip
through. Features that let users add/remove arbitrarily many rows
to lists of arbitrary size can easily result in high lag due to
strange usage patterns or deliberate attacks.
Also removed duplicate 'autochange-username' JSON key.
Bug: T95501
Change-Id: I58a91ca23cae528ef1954d2d78c8f0a90681983e
* PRESEND/POSTSEND constants can now be used in addUpdate()
and addCallableUpdate() to control when the update runs.
This is useful for updates that may report errors the client
should see or to just get a head start on queued or pubsub
based updates like CDN purges. The OutputPage::output() method
can easily take a few 100ms.
* Removed some argument b/c code from doUpdates().
* Also moved DeferrableUpdate to a separate file.
Change-Id: I9831fe890f9f68f9ad8c4f4bba6921a8f29ba666
* Make sure the API commits DBs *before* sending the
response, in case something goes south which would
make a sent response wrong.
* Make sticky DC cookies trigger with api.php too.
* Make sure UseDC cookies do not end up with a prefix.
VCL rules should not have to deal with having a DB
name as a prefix or such. This was an oversight.
Change-Id: I9e4090ab15c1c1493b0589a710184745dac9b0c1
* It now works for users without using sessions.
Sessions should not be cluttered with things
unrelated to authentication and tokens.
* Public services doing api.php requests on behalf
of a users only need to set XFF headers (as normal)
for position wait logic to trigger. They can opt out
of ChronologyProtector via a new HTTP header
"ChronologyProtection: false".
* Requests across subdomains, such as the SUL2 handshake
for CentralAuth on account creation, now have position
wait logic applied. This helps avoid anomolies were a
row just written in the last request may not be seen.
* Use merge() to avoid rolling back master positions if
the user has multiple tabs open and doing writes at once.
* $_SESSION global state is gone from ChronologyProtector.
* Cleaned up post-send LBFactory::shutdown() logic for
avoiding master position writes with an explicit flag.
* Use 'replication' debug log group in more places.
Bug: T111264
Change-Id: Ib25d05994d62b25c2f89e67b7f51009c54f4bca8
* Add `Timing`, an interface which mimics the W3C User Timing API.
It provides a canonical way to store and retrieve markers (timestamps)
and measures (timestamps + duration).
* As the initial use-case, use it to record 'requestShutdown'.
Change-Id: I36b29162ffcc091406df025463b0e2797e52f19a
* All callers are either using commit already or would be fine
using it (e.g. Maintenance scripts and JobRunner that have
no real transaction open).
Change-Id: I9f54b27619da6dac2cb63d255995aabc4ee78002
Remove empty line comments as found by the
MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.EmptyComment sniff
Change-Id: I5d694f7a7d3bc97e16300ba03c60ad17f3c912a5
