It has become apparent that $_SERVER['SCRIPT_NAME'] may contain the same
thing as REQUEST_URI, for example in WMF production. PATH_INFO is not
set, so there is no way to split the URL into SCRIPT_NAME and PATH_INFO
components apart from configuration.
* Revert the fix for T34486, which added a route for SCRIPT_NAME to the
PathRouter for the benefit of img_auth.php. In T235357, the route thus
added contained $1, breaking everything.
* Remove calls to WebRequest::getPathInfo() from everywhere other than
index.php. Dynamic modification of $wgArticlePath in order to make
PathRouter work was weird and broken anyway. All that is really needed
is a suffix of REQUEST_URI, so I added a function which provides that.
* Add $wgImgAuthPath, for use as a last resort workaround for T34486.
* Avoid the use of $_SERVER['SCRIPT_NAME'] to detect the currently
running script.
* Deprecated wfGetScriptUrl(), a fairly simple wrapper for SCRIPT_NAME.
Apparently no callers in core or extensions.
Bug: T235357
Change-Id: If2b82759f3f4aecec79d6e2d88cd4330927fdeca
MediaWiki provides at least a dozen distinct ways that debug logs
can be generated, augmented and displayed, and even more ways
for profiling information can be collected. This makes it difficult
to reason about overall and isn't helping with on-boarding.
Reduce investments to only a few methods and make them great,
starting by removing possibly the least useful profiler we have
today (relative to the others we've developed since then),
which is the "relative timestamps and memory use" prepended
to wfDebug messages, which would presumably be used in conjuction
with $wgDebugComments, $wgDebugToolbar or $wgDebugLogFile of
which the latter two already includes timestamps and/or offsets.
If this is truly useful, I suggest we (unconditionally) make use
of offsets in (one of) those instead.
Originally introduced in r61582 (b1e2b87b95).
Change-Id: I09d1cb0d3f5b0b3165ed4d299b71c051b78a1918
This function appears to be incorrectly documented. An exception is only
thrown for invalid arguments.
Bug: T232140
Change-Id: Ib6870139b7dabb10546bbffdfba92c5accb583af
There were no callers to this method, outside the $messageMemc
global, which is to be deprecated with T243175. Pending its
eventual removal, its usage has been inlined as the function
was trivial anyways.
Any previous callers were migrated with the convertion of the
MessageCache to a service in 752e7dd707.
Bug: T243176
Change-Id: I79846442512f023dcdf2f1f8c425156589c0421d
Use the same as for MessageLocalizer::msg
mixed is needed, because it can also accept int or arrays from
Message:numParam and friends
Change-Id: I56df8c61c933dfa0e3458739a8d26b00be061c80
These were spotted by phan's stricter type checks. All make*Key methods
can also take integers, and that's pretty common across core and
extensions.
Language::formatNum can also take numbers (and tests cover this case);
in this case, move the cast to the top of the method, so that we're
passing a string to strtr, too.
The methods touched in this patch are the main source of false positives
in both core and extensions.
Change-Id: I6d538ce3ca7fd2d495c2bafbab7cc279da69db1c
Scalar casts are still allowed (for now), because there's a huge amount
of false positives. Ditto for invalid array offsets.
Thoughts about the rest: luckily, many false positives with array offsets
have gone. Moreover, since *Internal issues are suppressed in the base
config, we can remove inline suppressions.
Unfortunately, there are a couple of new issues about array additions
with only false positives, because apparently they don't take
branches into account.
Change-Id: I5a3913c6e762f77bfdae55051a395fae95d1f841
This is to make it behave in a more object orientied way. The
goal is to make it be easier to allow extensions to mark certain
pages as requiring a different policy (For example, CodeEditor
extension uses a blob: url with a WebWorker. We don't want to
include that on the policy of every page, but allow the extension
to mark it as required whenever needed).
This commit does not change code behaviour in any way.
Change-Id: I4bf53dabb6e6c5446cea99a64db68b300cef2fd4
This is to ensure that the CI job is working with the new version.
Note: redundant_condition_detection should have worked as expected by
this version, but unfortunately it still has false positives.
Bug: T235049
Bug: T231636
Change-Id: Idaba6584cb5b2ff19b6455c7bbec6b89619ddbff
The later distinguishes meaningful (not "mediawiki") schema names
if postgres is in use and can be used to get DB domain strings or
full wiki IDs as needed.
Change-Id: I7bd3d85e36a992fa7359127328669fe6e16b0fed
This removes the requirement that setUp() and tearDown() in the derived
class need to call the parent.
Change-Id: I9d4771c28160356ff58884e3a58fa28c8db4e8a5
Deprecated in 1.34, no callers once the mentioned below patch
is merged.
Bug: T192166
Change-Id: I1043002d794a7aecf2dac257a64b8cac2d3969b3
Depends-On: I63da562af5f60e04a81a15cd3073eeae1b222541
Set appropriate headers and flush the output as needed to avoid blocking
the client on post-send updates for the stock apache2 server scenario.
Several cases have bits of header logic to avoid delay:
a) basic GET/POST requests that succeed (e.g. HTTP 2XX)
b) requests that fail with errors (e.g. HTTP 500)
c) If-Modified-Since requests (e.g. HTTP 304)
d) HEAD requests
This last two still block on deferred updates, so schedulePostSendJobs()
does not trigger on them as a form of mitigation. Slow deferred updates
should only trigger on POST anyway (inline and redirect responses are
OK), so this should not be much of a problem.
Deprecate triggerJobs() and implement post-send job runs as a deferred.
This makes it easy to check for the existence of post-send updates by
calling DeferredUpdates::pendingUpdatesCount() after the pre-send stage.
Also, avoid running jobs on requests that had exceptions. Relatedly,
remove $mode option from restInPeace() and doPostOutputShutdown()
Only one caller was using the non-default options.
Bug: T206283
Change-Id: I2dd2b71f1ced0f4ef8b16ff41ffb23bb5b4c7028
Phan can treat scalar types as non-interchangeable with
`scalar_implicit_cast` set to false. This patch fixes some of those
issues (which are in total >1000), namely the ones with alphabetic order
< includes/actions.
Change-Id: Ib1c6573ab899088bc319b9da9ceaffc850da3dbe
These are reported by phan as PhanTypeMismatchArgumentNullableInternal
when null_casts_as_any_type is disabled.
Change-Id: I85076ee31c1bfc59a19600e84da0d915e425890a
These were discovered by setting `null_casts_as_any_type` to true in
phan, and filtering by `PhanTypeMismatchReturnNullable`. Of course there
are others, some of which are false positives, but we cannot suppress
them now (or the UnusedSuppressionPlugin will complain).
Change-Id: Ia8443e575c22f47a6d8c63038f4e7ac36815fc27
This allows us to remove many suppressions for phan false positives.
Bug: T231636
Depends-On: I82a279e1f7b0fdefd3bb712e46c7d0665429d065
Change-Id: I5c251e9584a1ae9fb1577afcafb5001e0dcd41c7
I think this probably shouldn't be directly in the MediaWiki namespace,
but I don't know where is a better place to put it.
In order to avoid gratuitous use of TitleFormatter, I changed the cache
format -- the old implementation used getPrefixedDBkey() and I switched
to an ns/dbkey pair. I also changed the cache keys to use SHA1 instead
of MD5, by Daniel's request.
The previous implementation cached the parsed blacklist for one minute
without invalidation, so it could return slightly stale results, but it
didn't retrieve the bad image list message on a cache hit. The new
implementation unconditionally retrieves the bad image list message, but
uses a hash of it in the cache key and caches for one day. The new
behavior happens to be more cleanly implementable in a service.
Bug: T200882
Bug: T139216
Change-Id: I69fed1b1f3cfc1aa149e0739780e67f6de01609d
This enforces the DB_* role checks of DBConnRef in more places.
This is a re-submission of 335066505a, which was reverted due to T228928.
Change-Id: I556627dc6486e6f6539d1d2dd5aa6f009eff341e
This reverts commit 335066505a.
The standalone parser test runner, as used by Parsoid Jenkins builds,
is (indirectly) using wfGetDB in a way that isn't supported (changing
the selected database). This needs to be fixed, but we can give it
a few days.
Change-Id: I07ff422dd56d5700e570100747aa49b7764ec80f
This enforces the DB_* role checks of DBConnRef in more places
Depends-on: I9328e709fe5d81099338a31deef24d34db22d784
Change-Id: I0d7dacee3ec4ef67dc0b0f6551ad046c74dc47dc
To avoid cases like: facddc4 and Ifaf6ab0d36bc02bd170, make sure the
value of the mediawiki version must be a string (e.g. '1.33') or a
boolean (e.g. `false`).
For some reason, typos can slip through for this value to be a float.
Let's safe guard for future cases like this.
Change-Id: I52bdf94c957bda67548a937d51649e925195f926
