Before it's too late, let's boil the oceans
and just do it. This patch assumes that old code
calling wfShellExec() doesn't know about restrictions
so it doesn't restrict anything. New code, however,
needs to specify its restrictions or deal with defaults.
Change-Id: I58963901087202d4a405bcdb6bd12758bb6b0ff7
* Convert OutputHandler.php from global functions to a class.
- wfOutputHandler → OutputHandler::handle
(no alias, no usage outside core)
- wfGzipHandler → OutputHandler::handleGzip
(private, no usage outside class)
- wfRequestExtension → OutputHandler::findUriExtension
(private, no usage outside class)
- wfMangleFlashPolicy → OutputHandler::mangleFlashPolicy
(private, no usage outside class)
- wfDoContentLength → OutputHandler::emitContentLength
(private, no usage outside class)
- wfHtmlValidationHandler → OutputHandler::validateAllHtml
(private, no usage outside class)
* Add the class to autoload.php for exposure outside WebStart.
Specifically, for use in ApiFormatPhpTest. This also removes the
need to manually load the class because this code runs after
Setup.php loads AutoLoader.php.
Bug: T189966
Change-Id: I27a41ec0ae0ee30aeb313a616323b967605c4055
* Use $_SERVER['REQUEST_TIME_FLOAT'] unconditionally in WebRequest.php
and libs/Timing.php. WebStart.php was doing this already without issue.
The key existst since PHP 5.4, for both Web and CLI (we require 5.5).
* In wfDebug() and wfReportTime(), use $_SERVER['REQUEST_TIME_FLOAT'] instead.
* In ApiFormatBase and MWDebug, use WebRequest::getElapsedTime() instead.
* In Maintenance.php, remove setting of $wgRequestTime.
* In rebuildFileCache.php, update mocking to $_SERVER['REQUEST_TIME_FLOAT']
so that we avoid re-introducing bug T24852.
Change-Id: I1b647da2862f815029caa533b592ec8a05b33806
These comments do not add anything. I argue they are worse than having
no comments, because I have to read them first to understand they
actually don't explain anything. Removing them makes room for actual
improvements in the future (if needed).
Change-Id: Iee70aad681b3385e9af282d5581c10addbb91ac4
phpdbg is a gdb-style debugger for PHP that is run from the command
line. However, it has a different PHP_SAPI value, so it was impossible
to run maintenance scripts with it (until now).
To avoid having to check both PHP_SAPI values in a bunch of places,
introduce wfIsCLI() to easily check whether running from the
command-line or not.
We're (CI team) interested in generating code coverage with phpdbg
instead of xdebug, hence this patch.
Bug: T184043
Change-Id: Id1f994ca146d7858cd8bb6ab6cdbb7718ff524fb
'bypassCache' was renamed in I9f79e5942ced4ae13ba4de0b4c62908cc746e777
to 'latest' but the cache bypass code was not updated.
Also fix an unrelated phpdoc error.
Change-Id: I141b97300853c60092363a90af063c3fd4941d27
This helps to avoid OOMs from buffer build-ups in the statsd
factory object. This piggy-backs on to the same checks used
for deferred update runs. In addition, the output() method
checks if the data size is getting large and emits if needed.
Bug: T181385
Change-Id: I598be98a5770f8358975815e51380c4b8f63a79e
This patch extends the global wfMerge function to also return the
result of the first merge attempt that detects merge conflicts.
The additional output explicitly names the conflicting lines and
could help when solving edit conflicts.
Bug: T151320
Change-Id: I97acebdc87b31779200c7fde4dd4449cd1ee8ead
There is code in several places in extensions which converts
setting or parameter string (such as "true", "yes", "false", "no")
to boolean. Since we already have the code that does in global
functions in wfStringToBool(), it makes sense to expose this code
and reuse it.
Change-Id: I88d98b012ff4bf14fd64a05a9135a6e75cf2d4e7
Even if people use these (deprecated) functions in the earliest hooks or in
LocalSettings.php, it will keep working because GlobalFunctions is loaded
between DefaultSettings.php and LocalSettings.php.
The only places affected would be files in core: AutoLoader.php, Defines.php,
and DefaultSettings.php, which don't use these functions.
Change-Id: If4c0e8cbe1ea918283df22d72f792a3806569216
Deprecated since 1.25, very few callers. Having to grep for 2
ways of calling a hook is harmful not only because it wastes developers'
time, but also because it makes it possible to forget to search for the
old way, resulting in mistakes. Better get rid of this.
Change-Id: Iab28bd5758475b780c2016847881757d64973862
It's deprecated in PHP 7.2, may as well replace it now.
I note that, contrary to claims at
https://wiki.php.net/rfc/deprecations_php_7_2#each, none of our uses
were trivially replaceable with foreach.
* wfArrayDiff2_cmp() is processing two arrays by value in parallel.
* MagicWordArray::parseMatch() is doing something funky with the data
structure returned by preg_match().
* HashRing was using it like "nextKey()", replaced with calls to key()
and next().
* FormatMetadata and IndexPager were both using it as a shorter way to
get both key() and current() for the first element in the array. I
suppose a foreach(){ break; } would do the same, but that's confusing.
Bug: T174354
Change-Id: I36169a04c764fdf1bfd6603395111c6fe0aae5eb
This function has gotten so unwieldy that a helper was
introduced. Instead, here's this class that makes
shelling out easier and more readable.
Example usage:
$result = Shell::command( 'shell command' )
->environment( [ 'ENVIRONMENT_VARIABLE' => 'VALUE' ] )
->limits( [ 'time' => 300 ] )
->execute();
$exitCode = $result->getExitCode();
$output = $result->getStdout();
This is a minimal change, so lots of stuff remains
unrefactored - I'd rather limit the scope of this commit.
A future improvement could be an ability to get stderr
separately from stdout.
Caveat: execution errors (proc_open is disabled/returned error) now
throw errors instead of returning a status code. wfShellExec() still
emulates this behavior though.
Competing commit: I7dccb2b67a4173a8a89b035e444fbda9102e4d0f
<legoktm> MaxSem: so you should continue working on your patch and I'll
probably refactor on top of it later after its merged :P
Change-Id: I8ac9858b80d7908cf7e7981d7e19d0fc9c2265c0
For some varargs a variable name is added with suffix ,... as seen for
many other varargs
Some @param are swapped, because there are in the wrong order
Enable Sniff MediaWiki.Commenting.FunctionComment.ParamNameNoMatch
Change-Id: I60fec6025bce824d5c67563ab7b65ad6cd628ad8
Users with the hideuser right have an extra checkmark on Special:Block
to hide user, however this functionality can only be used on registered
users (not IPs) and only if a block is set to never expire. With this js
enhancement, hide the "hideuser" checkbox and label if the block time is
not set to infinite (either as selected from the dropdown or written
into the "other" input box).
Attribution to meta.wikimedia.org/wiki/User:Margott who uploaded a
draft for this patch on the task a while ago.
Bug: T133036
Change-Id: Ia8c3e25d923e1df57d5afd69e9de3d6f2543f628
ParserCache is already a singleton, making it a good candidate for a
service. $parserMemc is an odd global (it lacks the "wg" prefix) and is
ripe for deprecation.
The following are now deprecated:
* $parserMemc global
* ParserCache::singleton()
* wfGetParserCacheStorage()
A ParserCache::getCacheStorage() method was added for cases where direct
access to the underlying BagOStuff object is necessary.
Usage of $parserMemc will emit deprecation warnings through the
DeprecatedGlobal class mechanism. All usage in core was migrated.
Also take this opportunity to inject the $wgCacheEpoch global value into
ParserCache. This will require an update to the FlaggedRevs extension.
Change-Id: I2ac7afff0d8522214329248c3d1cdccd0f72bbd4
We have several types of change lists (old RC/watchlist/related
changes, enhanced RC/watchlist, history) with slightly different
HTML, each with their own idiosyncracies. JavaScript code trying
to identify lines by log ID / revision ID has to jump through all
kinds of hoops to work with that.
To simplify the lives of frontend / gadget maintainers and provide
something approaching an API for these pages, we now expose the basic
attributes of each change line (revision ID for edits, log type/action
and ID for log events) as data attributes.
The OldChangesListRecentChangesLine, EnhancedChangesListModifyLineData,
EnhancedChangesListModifyBlockLineData, PageHistoryLine,
ContributionsLineEnding and DeletedContributionsLineEnding hooks
are updated accordingly. New hooks (LogEventsListLineEnding and
NewPagesLineEnding) are added for the change list pages which did
not yet have them.
Change-Id: I6dd006d0b1b0fd35c0020f0f9eea9113eca30b35
While most of MediaWiki ignores the shell's/C library's locale setting,
there are some things other than shell execs that use it (e.g. the
luasandbox PHP extension).
To provide a consistent environment, set the locale in Setup.php instead
of letting it be changed mid-request depending on whether something else
happened to have called certain functions.
Bug: T107128
Change-Id: I02943803d26d5b1b3ac00ef9216f69cdfa149585
The following changes are added:
- Created MediawikiStatsdDataFactory interface
- Added hasData() method to see if there are any data to send
- Added getData() method to fetch data
- Made service infrastructure use MediawikiStatsdDataFactory interface
- Made wfLogProfilingData() use MediawikiStatsdDataFactory interface
- Added capability to enable/disable buffering collector
Bug: T166354
Change-Id: I2874175647e987996a9a399829b3319674471aaa
* Move @deprecated tags out of the header so the documentation comment
still has a summary
* makeKey() and co. are part of BagOStuff, not ObjectCache
Follows up 1e5961dbf6.
Change-Id: I168ce97597f288f6345a404354d68371e57522d3
For a while now these functions have called makeKey/makeGlobalKey() on
the default ObjectCache instances, and callers should now use those
functions directly instead.
There are other advantages to doing so, like in cases where the
ObjectCache instance being used has a different makeKey implementation
(e.g. memcache) than the default configured cache.
Change-Id: I9abf6badbf3ba800e591d2503b714433d5faf1e3
Introduce a service to represent wfReadOnly() and friends.
It's necessary to have two service instances, one for wfReadOnly() and
one for wfConfiguredReadOnlyReason(), to avoid a circular dependency,
since LoadBalancer needs the configured reason during construction, but
wfReadOnly() needs to query the currently active load balancer.
Not having a cache of the configuration makes it possible to dynamically
change the configuration. Ideally things would not change the
configuration, and I removed such instances in core, but to support
extensions, I added a test ensuring that the configuration can be changed.
Change-Id: I9bbee946c10742526d3423208efd68cb3cc5a7ee
I was bored. What? Don't look at me that way.
I mostly targetted mixed tabs and spaces, but others were not spared.
Note that some of the whitespace changes are inside HTML output,
extended regexps or SQL snippets.
Change-Id: Ie206cc946459f6befcfc2d520e35ad3ea3c0f1e0
Install the backtrace collector very early, so that we can get the
backtrace even if headers were sent from LocalSettings.php.
Bug: T157392
Change-Id: I9bc732b34481c95afb5362e135a87bd4302498e2
* Verified none of these constants depend on each other.
* Move them to the top of Defines.php for consistency.
Change-Id: I19c77e706d69bff513e4abafd0300207de0dbb1d
The old code was similar to Message::params(), but Message::params()
was unable to handle "special" parameters and received an overhaul
in 7f2663f, yet wfMessage remained broken. To avoid duplication,
wfMessage shall call Message::params() to correctly handle these
parameters.
CategoryMembershipChange::getChangeMessageText and its caller has
been updated so as not to take advantage of this bug.
Bug: T153747
Change-Id: I6667acf7e71c9db07fefc9fbb741c160e15823ff
If iiprop=badfile is set, expose the wfIsBadImage() status as a boolean.
This is mainly intended for use by Parsoid, but could be useful for
other API users too. The context title can be set by using the
badfilecontextitle parameter.
Also be a little more paranoid and make sure wfIsBadImage() always
returns a boolean.
Bug: T148343
Change-Id: I3432ead92b8d2a17de5243285f2760fc39b501ae
Most of these are simply changing annotations to reflect
reality. If a function can return false to indicate failure
the @return should indicate it.
Some are fixing preg_match calls, preg match returns 1, 0 or false,
but the functions all claim to return booleans.
This is far from all the incorrect return types in mediawiki, there
are around 250 detected by phan, but have to start somewhere.
Change-Id: I1bbdfee6190747bde460f8a7084212ccafe169ef
Use HTTPS instead of HTTP where the HTTP link is a redirect to the HTTPS link.
Also update some defect links.
Change-Id: Ic3a5eac910d098ed5c2a21e9f47c9b6ee06b2643
Parser tests depend upon being able to change the value of
$wgEnableMagicLinks at runtime, so skip caching the replacement patterns
while parser tests or phpunit tests are being run.
Change-Id: Ic9fe4fe898aa353bdefa2bf8207b77d2ac14887f
The ScopedCallback class was moved into a separate library. This updates
all callers to use the namespaced version, and provides a
backwards-compatibility class wrapper under the old name.
Bug: T146258
Change-Id: I2dd0a66fe2f510f26bdfef6b0a975c1beb3fd93c
Depends-On: Iea0c40bdd7776372ccf72db8f088a2abaa4d3721
Apparently it is possible for Parser::mParserOptions
to not be set in some cases. I'll try again later.
This reverts commit bda74bff6e.
Bug: T146433
Change-Id: Idb6d1b20995d5f86b712abb386ab987356c4f560
* This method is analogous to wfTimestamp(). Optimise for the common
idiom of just converting a timestamp without having the caller hold
on to any object.
* Make wfTimestamp() use this (it could already since it didn't
use any MWTimestamp methods). Use via MWTimestamp. While this is
the same as direct access, it allows future changes.
* Add tests covering this new method.
Change-Id: I7f9104f1701d92fe25d72c7943581c64e1d093fa
* Remove wf* function dependencies. This includes wfTempDir().
Callers now should specify the directory, though it will try to do
most of the wfTempDir() logic anyway if they do not.
* Update callers to inject wfTempDir() so $wgTmpDirectory is used by
TempFSFile instead of it probing to find a valid directory itself.
* Move most of the wfTempDir() logic to TempFSFile::getUsableTempDirectory().
* Remove unused getMimeType() method.
Change-Id: Idd55936b07f9448a6c90577708722b7b52b8fe66
wfEscapeWikiText() used $wgEnableMagicLinks, but that could result in an
inconsistency when something modifies the magic link related
ParserOptions.
In general, most uses of wfEscapeWikiText() are in parser functions or
when message parsing, so the Parser is a logical place for it.
A future patch will make it easy to use Parser::escapeWikitext() in
message parameters.
Change-Id: I0fd4d5c135541971b1384a20328f1302b03d715f
The magic link functionality is "old backwards-compatibility baggage"
that we probably want to get rid of eventually. The first step to doing
so would be making it configurable and allowing it to be turned off on
wikis that don't use it.
This adds each of the 3 magic link types as individual parser options,
which can be controlled by the $wgEnableMagicLinks setting.
Additionally, wfEscapeWikiText() was updated to only escape enabled
magic link types.
Bug: T47942
Change-Id: If63965f31d17da4b864510146e0018da1cae188c
This is more consistent with LoadBalancer, modern, and inclusive
of master/master mysql, NDB cluster, and MariaDB galera cluster.
The old constant is an alias now.
Change-Id: I0b37299ecb439cc446ffbe8c341365d1eef45849
* Add slash and backslash ('/' and '\') to $wgIllegalFileChars.
* Replace illegal chars before removing paths in wfStripIllegalFilenameChars().
This way users trying to upload a file with slashes in the name will
get a better filename suggestion (e.g. for 'Foo part 1/3.jpg', you
previously got '3.jpg', now you'll get 'Foo part 1-3.jpg'). Uploading
tools that don't special-case slashes will also behave better.
Change-Id: Ib78f48a5f8c92e8ab2dc773ea6789b96b3662177
No longer needed. Currently, MediaWiki supports neither PHP 5.3
nor HHVM 3.4 or lower. The minimum HHVM version stated in the
Compatibility section of the RELEASE-NOTES file is 3.6.5.
This reverts commit 8bd6f698cc.
Change-Id: I2edd25c4ce00eb324f7f6e04b2034ad28f7c6964
Enforce an upper limit of 100,000 bytes on commands executed via
wfShellExec() to avoid HHVM crash resulting from process spawned with
argument exceeding MAX_ARG_STRLEN, as defined in binfmts.h
Bug: T129506
Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
(This is part of I6ec374ac9 wich was a re-submit of Ie98bf5af5
which got reverted by Ide7ab563)
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* integration tests (which most of the existing phpunit tests are)
In contrast to I6ec374ac9, this change does not cause singeltons
of legacy services to be reset. It is assumed that legacy services
use global state to access services and configuration, so any
change in confuguration would affect them immediately.
NOTE: the original I6ec374ac9 would cause session information to
get lost if the user session was creatsed before initialization
was complete. This was apparently triggered by the MobileFrontend
extension under some circumstances. Check with Addshore and Catrope.
Change-Id: Ie06782ffb96e675c0aa55dc26fb8f22037e8517d
This change provides a mechanism to reset global service instances
in an orderly manner. There are three use cases for this:
* the installation process
* forking processes
* integration tests (which must of the existing phpunit tests are)
Depends-On: I5d638ad415fc3840186a0beaa09ac02ea688539b
Change-Id: Ie98bf5af59208f186dba59a9e971c72ea0b63e69
Remove "\\" in namespacing. This is a Doxygen compatibility hack but
does not seem needed anymore, Doxygen reads namespaced class names
correctly, see e.g. https://doc.wikimedia.org/mediawiki-core/master/php/classMediaWiki_1_1Services_1_1ServiceContainer.html
PHP IDEs, on the other hand, were broken by the double backslash.
As an unrelated small doc fix, add parameter docs to PermissionError
constructor (parent has different arguments so the inherited
documentation is wrong).
Change-Id: I6da0f512b8c84f65fd20e90e4617108fe6a8fcd2
In the age when we require PHP 5.5, pretending that mbstring emulation
is not slow and silly is silly.
Bug: T129435
Change-Id: Ic8235c9da9a926df63ec7388900c44eab454eebe
I searched for /\$(\S+) = (.+?\(.*?\);)\n.*?\$\1\[/, ignored
everything involving isset(), unset() or array assigments, then
skimmed through the remaining results and changed things where they
made sense. These changes were not automated, so please review them.
Change-Id: Ib37b4c66fc57648470f151ad412210b3629c2538
MediaWiki 1.27 only supports PHP 5.5.9 and above, therefore
it is no more necessary to check that the running PHP version
is equal to or greater than 5.4.0.
Change-Id: I819c625e173cbf2a54ef614d742fe01f70be8efc
When an entry point specifies MW_NO_SESSION, actually enforce that by
having both SessionManager and PHP's session handling (session_start()
and friends) throw exceptions.
If an entry point needs the old behavior of using PHP's default session
handling (as defined in php.ini), it should define
MW_NO_SESSION_HANDLER instead of or in addition to MW_NO_SESSION.
This also makes PHPSessionHandler be installed in CLI mode, where it
wasn't installed before.
Bug: T127233
Change-Id: I2a3db06ee8e44a044096c57a819b5fd5e51c5c5c
The feature no longer exists starting in PHP 5.4.0, and MediaWiki
now only supports PHP 5.5.9 or newer.
Change-Id: I3f2d1b564c50f0a28ec1ec0abd7d1b242e26953b
Follow up to 7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.
session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic
headers.
Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35
The plan here is to take it out of 1.27.0-wmf.12 and put it back in
1.27.0-wmf.13.
Since BotPasswords depends on SessionManager, that's getting temporarily
removed too.
This reverts the following commits:
* 6acd424e0d SessionManager: Notify AuthPlugin before calling hooks
* 4d1ad32d8a Close a loophole in CookieSessionProvider
* fcdd643a46 SessionManager: Don't save non-persisted sessions to backend storage
* 058aec4c76 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php
* b5c0c03bb7 SessionManager: Save user name to metadata even if the user doesn't exist locally
* 13f2f09a19 SECURITY: Fix User::setToken() call on User::newSystemUser
* 305bc75b27 SessionManager: Don't generate user tokens when checking the tokens
* 7c4bd85d21 RequestContext::exportSession() should only export persisted session IDs
* 296ccfd4a9 SessionManager: Save 'persisted' flag in session metadata
* 94ba53f677 Move CSRF token handling into MediaWiki\Session\Session
* 46a565d6b0 Avoid false "added in both Session and $_SESSION" when value is null
* c00d0b5d94 Log backtrace for "User::loadFromSession called before the end of Setup.php"
* 4eeff5b559 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure'
* 7491b52f70 Call session_cache_limiter() before starting a session
* 2c34aeea72 SessionManager: Abstract forceHTTPS cookie setting
* 9aa53627a5 Ignore auth cookies with value 'deleted'
* 43f904b51a SessionManager: Kill getPersistedSessionId()
* 50c5256352 SessionManager: Add SessionBackend::setProviderMetadata()
* f640d40315 SessionManager: Notify AuthPlugin when auto-creating accounts
* 70b05d1ac1 Add checks of $wgEnableBotPasswords in more places
* bfed32eb78 Do not raise a PHP warning when session write fails
* 722a7331ad Only check LoggedOut timestamp on the user loaded from session
* 4f5057b84b SessionManager: Change behavior of getSessionById()
* 66e82e614e Fix typo in [[MediaWiki:Botpasswords-editexisting/en]]
* f9fd9516d9 Add "bot passwords"
* d7716f1df0 Add missing argument for wfDebugLog
* a73c5b7395 Add SessionManager
Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
The only use of the return value of count() is, to check, if the array is empty or
not. This can be done in an easier way and a bit more performant, especially for
large arrays.
Change-Id: If119ead9230ba1783b8c853c18c379f174910e51
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
Validate the return value of sys_get_temp_dir(), and use upload_tmp_dir
if that is not writable. If nothing is writable, throw an exception.
Bug: T119934
Change-Id: I27d784f55c47277bbab1192853e2e04a9d8bd39a
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
With the great help of:
@reedy <reedy@wikimedia.org>
@MtDu <justin.d128@gmail.com>
@Unicornisaurous <crazy4sb@gmail.com>
@Victorbarbu <victorbarbu08@gmail.com>
and anyone I forgot (sorry), we did our best to find and replace any usage
of the remaining extensions, that use these functions (as you can follow in
the linked task).
Now, finally, these functions were removed from MediaWiki :)
Bug: T70750
Change-Id: Ie9e3d247bf6ab1234ff4f11383d5a4fdf7563397
Respect the "private" context variable for debug log events when passing
events from MediaWiki\Logger\LegacyLogger to MWDebug::debugMsg. Passing
debug log events marked as private to MWDebug was a regression
introduced by the PSR-3 logging system.
Restore handling of $dest argument to wfDebug which was removed in 1.25
with the PSR-3 logging conversion. The documentation for $dest = 'log'
has also been removed. This third debug log event handling option was
not implemented in the PSR-3 logging conversion in 1.25. A follow up
change will remove known usage of $dest = 'log' in core.
Bug: T122644
Change-Id: Ib1d999b8b54e584e3944b46e9163a700f11c2e72
* ApiQueryTest: One random is enough.
* FileBackendTest: More consistent and idiomatic via wfRandomString()
* MigrateFileRepoLayoutTest: Use getNewTempDirectory(). Similar to
what FileBackendTest used already.
* UploadFromUrlTestSuite: Use getNewTempDirectory().
Change-Id: I772de2134be41506d8ed08367be8c18f354bfc72
Using the new system introduced in
1c57794e37 (see T47843).
This change allows Title::getUserPermissionsErrors() to include
MessageSpecifiers instead of string message keys in its return value.
This doesn't seem to have any bad effects, and should work seamlessly as
long as callers aren't trying to do anything stupid and just pass the
value to PermissionsError or OutputPage::showPermissionsErrorPage()
or wfMessage() or some such.
If the callers *are* trying something stupid, nothing worse than
duplicated or otherwise less-than-perfect error messages (in code
which tries to handle some message keys specially) should happen.
(I fixed wfMergeErrorArrays(), but who knows what else lurks in all
this code.) Any problems should only affect new-style errors using
MessageSpecifier, though.
Since MessageSpecifiers tend to be stringable, we probably won't get
fatals, but might get incorrect checks. Should we try to log this
happening somehow?
Goes with I42a0c5b0ea7e61088dd609b764dd7d1396c60cd5 in TitleBlacklist.
Bug: T115258
Change-Id: I1334ba21a2862973a9d8ff5be2c9bec06a82698b
LBFactory inherits $wgReadOnly, the LBs inherit
any LBFactory read only mode, and Database objects
inherit any LB read-only mode.
Add some methods callers can use to check if
a DB/LB handle is read-only before trying writes.
Additionally:
* Fix 5ec1e47475 regression where readOnlyBySection
read-only mode would not affect wfReadOnly() but only
lagged-slave read-only mode for LBFactoryMulti.
* Catch errors when getLaggedSlaveMode() is called after
master connection and object is established.
* Make getLaggedSlaveMode() a no-op if there are no slaves.
* Make string/false logic for read-only consistent everywhere.
* Remove mLaggedSlaveMode "m" prefix.
Change-Id: Ice3224caae564aa5ffb41b424c23d1593229117a
This fixes a few shortcomings in the chunked uploader:
* Raises an error if offset + chunksize > filesize.
* Enforces a minimum chunk size for non-final chunks.
* Refuses additional chunks after seeing a final chunk.
* Status of a chunked upload in progress is now available with
'checkstatus'.
Bug: T91203
Bug: T91205
Change-Id: I2262db1bc8460616b069c564475d2e4148001768
This allows empty lines inside the comment as found by the
MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.EmptyComment sniff
Change-Id: Iac155bbda4a84562db2b452baeae9b8973899453
* Add a string `keyspace` member to BagOStuff instances. The default
implementation, meant for simple key/value stores, treats the key space
as a string prefix to prepend to keys. By default, its value is `local`,
but any instance created via ObjectCache::newFromParams() (or or one of
its callers) will have that default to $wgCachePrefix / wfWikiID().
* Add `makeKey` and `makeGlobalKey` methods to the base BagOStuff class.
These methods are not static to allow for BagOStuff types which require
a configured instance to know the underlying storage engine's key semantics.
* Make wfMemcKey() and wfGlobalCacheKey() delegate to these methods on the main
ObjectCache instance.
Change-Id: Ib7fc2f939be3decfa97f66af8c2431c51039905f
Doxygen doesn't quite grok PHP's use of the reverse solidus (backslash)
character as a namespace separator. The C++ based parser it uses needs
them to be escaped in comments just as if they were being used in
a literal string context in PHP.
Change-Id: I9aff9dd0fb74a95039da1091c2f247cf71fd085a
* The '.php5' entrypoints were deprecated in I68b1ae842, $wgScriptExtension
in I3690f78bc.
* Drop the associated ResourceLoader configuration variable, too. `mwgrep`
shows no usage in the MediaWiki namespace.
* Keep the scriptExtension configuration parameter for FileRepo for people who
would like to interoperate with older MediaWiki installations that still use
'.php5'.
Change-Id: I17c8a15484b7e82cd5970d34e688109a2aae3840
* This is used to set sticky DC cookies to avoid
session replication lag (which also makes sure
ChronologyProtector works)
Bug: T91816
Change-Id: I7bc2f8185a3c05cb3ca5ccc42d300eccffae48e1
* Callers end up hitting wfFindFile() anyway, so we
may as well use/prime the process cache. By trying
to call checkRedirect() manually, it actually just
caused an extra memcached query.
* 404 pages are often customized to show various
icons file from sister sites, so this was taking
up a significant portion of rendering time.
Change-Id: I7e2a1c6acf853629fcca3a8b3c2c810ebacd2acb
Changed some old bugzilla links to new phabricator links in comments,
test data and error message. This reduces the need for redirects from
old bugzilla to new phabricator from our source code.
Change-Id: Id98278e26ce31656295a23f3cadb536859c4caa5
This adds a "requires" property to extension.json, which extensions and
skins can use to indicate which versions of MediaWiki core they support.
The hacky wfUseMW() is now deprecated in favor of this.
Rather than writing our own version constraint and parser library, we
can re-use composer's, which was recently split out into a separate
library named "composer/semver" for this patch.
Any syntax accepted by composer[1] is available for usage here. Test
cases have been provided to demonstrate how versions are parsed. For now
it is recommended that people stick to expressing compatability with
stable versions (e.g. ">= 1.26").
This patch does not support requiring specific MediaWiki core WMF
branches, since those do not follow the standard semver format that
composer parses. If we are unable to parse $wgVersion, all checking will
be skipped and reported as compatible.
[1] https://getcomposer.org/doc/01-basic-usage.md#package-versions
Bug: T99084
Change-Id: I7785827216e16c596356d0ae42d6b30f3f179f10
* LocalUserCreated: Replaces AuthPlugin::initUser()
* UserGroupsChanged: Replaces AuthPlugin::updateExternalDBGroups()
** The similar UserRights hook is deprecated, mainly to get rid of the
passing of $user by reference.
* UserIsHidden: Replaces AuthPluginUser::isHidden()
* UserIsLocked: Replaces AuthPluginUser::isLocked()
* UserLoggedIn: Replaces AuthPlugin::updateUser()
Also, AuthPlugin::updateExternalDB() is deprecated in favor of the
existing UserSaveSettings hook.
Also, 'ResetSessionID' has been removed. Nothing uses it, I don't know
why I even added it in the first place.
Also, replacing the User object passed to AuthPlugin::initUser() and
AuthPlugin::updateUser() will now raise a warning.
Change-Id: If7474cfb26a29b11c2e78147069419ca3b1cba95
This seems to cause redirect loops in current Firefox instead.
This reverts commit a89a21990e.
Bug: T106793
Change-Id: I18fac8ab0f94e2df8476131b132c9866902a02c4
Similar to 7b4df0e12e,
but for apostrophe instead of tilde and for Opera
instead of Chrome.
Bug: T106793
Change-Id: Ic54390434cebcc76a6c8ab49acc164d36e0cdff6
Moved the logic of ExtensionRegistrations array_plus_2d merge method out
to it's own global function wfArrayPlus2d, so any other function in mediawiki
core and it's extensions can use this method when they need to union
a 2d array.
Change-Id: I56afdf306e399a4a1505828ed76c60c1bfd033b6
There are imho too many ObjectCache methods, $wg*Cache* variables,
CACHE_ types, and wfGet*Cache() functions to know which ones
should actually be used publicly. This should make it easier to
know which ones should be used.
The difference between them was also harder to understand with the
main documentation sections about each of these living in
conceptually different places:
- classes (WANObjectCache)
- methods (ObjectCache::getMainStashInstance)
- variables (DefaultSettings: wgMainCacheType, wgMainWANCache, wgMainStash)
Also:
* Correct wfGetCache() documentation.
* Add the missing keywords for 'public' visibility.
Change-Id: I3b05fdb8b7888bf7e3f05bdca36538f3484556b8
If something being unit tested calls wfResetOutputBuffers(), it'll break
PHPUnit's attempt to capture output in order to fail tests. In the old
version we're currently using for Jenkins it will throw a warning
"ob_end_clean(): failed to delete buffer. No buffer to delete", while in
newer versions it'll detect that its buffer was removed and fail the
test as risky instead.
The solution here is to have MediaWikiTestCase add a buffer with a known
name in setUp() (and remove it in tearDown()), and have
wfResetOutputBuffers() stop when it sees that known name on the stack.
Bug: T109843
Change-Id: I8acd91ec9dd9c6d78a5d91d96202249f571d5d83
Sometime between 5.3 and 5.6, PHP changed from considering the default
output buffer (ob_start() or ob_start( null )) as "user" to considering
it as "internal", which prevents wfResetOutputBuffers() from removing
any buffers.
What we really should do here is test directly for whether the buffer
can be deleted, using the 'del' flag in PHP 5.3 or 'flags' in PHP 5.4+.
As for HHVM, we'll need to continue falling back to testing 'type' for
now thanks to https://github.com/facebook/hhvm/issues/5563.
Bug: T109842
Change-Id: If0163257a8fb471fd594a3754a20c65274f84a4c
* Potentially long running POST requests often use multiple transactions,
talk to multiple services, or defer updates. Try to make sure they have
a chance to complete all of the work. WMF already sets ignore_user_abort()
across the board in config, but this applies it to key spots for all
installs, in addition to bumping the time limit.
* Eventually this can lower the need for high overall time limits.
Bug: T102890
Change-Id: I893ddd773064dcd63b5b24c84c6391974f4b5aee
* This should trigger more reliably than the shutdown function
callback, which is really only there for sanity to make sure
session close/write happens.
Change-Id: I9a1aa76de121ba8de33b3fa850bd223929fae404
As of 155d555b83, we now redirect variations on hex escapes
into their canonical form. This was causing '~' to be redirected
to %7E. However google chrome seems to canonicalize %7E back
into ~, causing a redirect loop.
RFC 3986 says ~ is unreserved, so not hex encoding it should be
fine. To quote: "For consistency, percent-encoded octets in the
ranges of...tilde (%7E) should not be created by URI producers"
Bug: T105265
Change-Id: I01556eee496e2fb540de8ff09c082c1fedddb5f7
strtr() is marginally faster as it runs through the string only
once. A better fit for one-for-one character translation.
The strtr() function also supports an associative array as second
parameter for entire string replacements. This, too, has the same
performance and predictable behaviour (starts with the longest key).
Whereas str_replace is for more aggressive needs where you want
multiple passes until there are no further matches.
The associative array form is arguably also easier to understand
and harder to mess up since the needle/replacement pairs are
explicitly connected instead of two separate arrays.
Also:
* Use getFormattedNsText instead of strtr( getNsText, .. ) which
reduces duplication of this fact through a more semantic intent.
Change-Id: Ie23e4210a5b6908dd79eebc8a2b931d12fe31af6
Some code paths abuse wfForeignMemcKey() for this purpose. This is semantically
incorrect and seems fragile. Also the empty second argument (for db-prefix) is
either misused or akwardly set to the empty string.
It also creates a namespace conflict between arbitrary application keys (from
the software) and any database names (from users). This commit reduces the
conflict surface down to a single key (namely, "global").
Also added unit tests to assert the implicit restrictions and
assumptions between these cache key functions are valid.
Change-Id: Ia0953b51005fe3de3b881dd1bd64c9d3c85e8c66
wfSuppressWarnings() and wfRestoreWarnings() were split out into a
separate library. All usages in core were replaced with the new
functions, and the wf* global functions are marked as deprecated.
Additionally, some uses of @ were replaced due to composer's autoloader
being loaded even earlier.
Ie1234f8c12693408de9b94bf6f84480a90bd4f8e adds the library to
mediawiki/vendor.
Bug: T100923
Change-Id: I5c35079a0a656180852be0ae6b1262d40f6534c4
Also:
* Update wfHttpError() to use uppercase DOCTYPE, to match other code
such as Html.php, wfThumbError(), HttpError.php, etc.
Change-Id: I4027e7fe1a138b03f78797b6d1bfe7bd1064d360
The warning occurs when gmp_init() tries to convert the empty string
that came from ltrim(). This is causing tests to fail under HHVM 3.6.1.
Follows-up 5957856c46.
Bug: T98882
Change-Id: Ica86c91d7897db979e09d7cfc82fb3a20b95d4ce
Also sets default paths immediately (not in Setup.php) so
they are available before extensions register.
Bug: T98319
Change-Id: I41a8aec7a3e9c576ec7344abf51f8106248ade4b
A user just logged on to the #mediawiki channel to ask for help because his
webhost disallowed php_uname(), causing wfIsWindows() to crash. Google
autocompletes 'php_uname()' to 'php_uname() has been disabled for security
reasons', so it is probably not uncommon. Consulting the PHP_OS constant
instead side-steps the problem nicely.
Change-Id: I8d63826db4fc5d142eac53717d4f9fbbf9928de9
* Previously if it was called before a DB_SLAVE connection, it would not
be set. This is fixed now.
* Also set mLaggedSlaveMode in LoadBalancer as appropriate. Before, it
was only set in the "too lagged for ChronologyProtector" case.
Change-Id: Ic4dc555cf762653f157df1795f53f3577c1e587a
Move the MWLogger PSR-3 logging related classes into the
MediaWiki\Logger namespace. Create shim classes to ease migration of
existing MWLoggerFactory usage to the namespaced classes.
Bug: T93406
Change-Id: I359cc81fbd2dcf8937742311dcc7d3dee08747b0
* Associate Profiler objects with a request context by adding a $context
property with a getter and a setter.
* Introduce ProfilerOutputStats, which writes profiling data to the stats
buffer associated with the current request context.
* Make it the Profiler class's responsibility to enforce $wgProfilerLimit.
* Deprecate $wgProfilerLimit in favor of the (more aptly named, IMO)
$wgProfiler['threshold'] config setting.
* Tidy up Profiler instance creation code in Profiler::instance().
* Add Profiler::getOutputs, which returns an array of ProfilerOutput instances
which are configured for the current profiler and whose canUse() method
returns true.
* Make ProfilerStub not log by creating a stub ProfilerStub::logData() method
which does not call the parent. Previously the parent class checked if $this
was an instance of ProfilerStub and returned early if so.
Task: T90623
Task: T85641
Change-Id: Icf644ad3435c1f30d0a49957a97b481808a3153d
* Deprecate $wgRequestTime in favor of $_SERVER['REQUEST_TIME_FLOAT'], which is
more accurate. Because $_SERVER['REQUEST_TIME_FLOAT'] is only set for PHP
5.4+, set it to microtime( true ) in WebStart.php for back-compatibility.
* Add a 'requestTime' property to WebRequest objects, set to
$_SERVER['REQUEST_TIME_FLOAT'] for WebRequest or the instance creation time
for FauxRequest instances.
* Use that to provide WebRequest::getElapsedTime(), which gets the time since
the request was initiated.
* In wfLogProfilingData(), get the user and request objects from the context
object rather than from global scope.
Opportunistic clean-up: move the magic quotes check to WebStart.php and make
the error message more helpful.
Change-Id: I7e07e22eaf16b5141b80ad9f843285c542a127b7
Right now wfLoadExtension() and related functions explicitly load
extensions immediately, bypassing the queue. This was done to be
extremely backwards-compatible with the old require_once style of
loading which does the same.
However, for a future configuration database to work, we need to be able
to reliably load extensions after configuration (LocalSettings.php) is
loaded, which is currently at the top of Setup.php. Rather than doing
this later, we should do this now to make sure the registration system
will be able to handle it.
In Wikimedia production, excentions are currently being loaded with
direct calls to:
ExtensionRegistry::getInstance()->queue(...);
so we know that this should work, but that is not a nice API for sysadmins
and developers to be entering into LocalSettings.php.
If for some reason an extension really needs to be loaded immediately,
they can still call:
ExtensionRegistry::getInstance()->loadFromQueue();
But that should be the exception, not the norm.
Change-Id: I72672e5c9541ede02d09f548c39ef6c8df0ec78a
This function is backwards:
* The stated purpose is to generate a list of differences for callers to parse,
however we already have DiffEngine that returns a list of differences that you
don't need to parse manually shooting your feet off in process.
* With improvements in PHP performance in the last 10 years, shelling out instead of using
a pure-PHP diff has a doubtful performance benefit.
* Even in configurations where it's faster on predominant diffs (which have to be huge),
shelling out has its own security implications.
This function is not used in core. The only extensons using it are Echo (which just parses
its output so would be better off with DiffEngine) and AbuseFilter, let's not add more users
by tolerating this function.
Also, add error checking while I'm at it.
Change-Id: Ia67debce39de8252312fd887ebfbe6fb89f9edc9
Refactor out 'infinity' vartiant values which used in blocking and
protecting actions. This patchset adds GlobalFunction wfIsInfinity.
Bug: T68646
Change-Id: I60cc55a5bbd43c72916a1c2ea3807457d4e33765
This patch adds a metric data service object to the IContextSource interface,
with full support for StatsD meters, gauges, counters and timing metrics, via
the liuggio/statsd-php-client, which this patch also introduces.
Usage example:
$stats = $context->getStats();
$stats->increment( 'resourceloader.cache.hits' );
$stats->timing( 'resourceloader.cache.rtt', $rtt );
The metrics are flushed to a StatsD server, which may be specified via the
'StatsdServer' configuration key. If no such configuration key exists, the
metrics are discarded.
The StatsD client supplants MediaWiki's StatCounter class. wfIncrStats()
will continue to work, but it will delegate to the StatsD data object.
Change-Id: Ie10db1c154d225971398e189737de7c560bf0f90
wfEscapeShellArg() can handle multiple params, escaping each.
This patch changes wfShellExec() to call wfEscapeShellArg() directly
instead of doing the gluing itself.
This patch also extends wfEscapeShellArg() to accept an array parameter
optionally instead of as separate args, which is often useful.
Added also unit test cases for single, multiple args, and single array args.
Change-Id: I7a0761cc2ba98c210a9eacadd12da407d933e42a
Instead of instantiating this on every single request. Removes
wfGetLangConverterCacheStorage() and $wgLangConvMemc which were
otherwise unused.
Change-Id: Ic500944a92c2a94bc649e1b492c33714d81dca00
If $wgResponsiveImages is on, include the 1.5x and 2x multipliers
in the wfThumbIsStandard() standard image size comparisons.
Change-Id: I79d866387730cdd4d7c7a976e691192b2335b7ce
Time wounds all heels. During the code review for the PSR-3 logging
introduction, several people asked me why we needed a wrapper
for Psr\Log\LoggerInterface if the point was to use the standard. At the
time I was convinced that it would be better to introduce the dependency
via a wrapper class so that we could use the wrapper to patch over any
deficiencies that we might find in the PSR-3 API. After going on to work
on a project to disentangle other MediaWiki components from internal
project dependencies I have suddenly and clearly seen the error of my
ways.
We still need a logger factory as PSR-3 does not specify
a standard mechanism for creating Psr\Log\LoggerInterface instances. My
solution is to convert MWLogger into MWLoggerFactory to retain a static
factory interface for creating PSR-3 loggers but remove the MWLogger
wrapper class itself in favor of direct exposure of
Psr\Log\LoggerInterface to the MediaWiki consumer classes.
Change-Id: Ie47467657dcf341991ada00827dca5e8eff95438
For example, if the database cannot be connected to, the language is
something other than 'en', and the l10n cache is LCStoreDB, then the
call to Language::factory() in Setup.php line 604 will do it when it's
trying to get the fallback list.
Bug: T86398
Change-Id: Ia0e9ea440dcc4c8ab7bab1f33802aeff487eb3f0
Introduces wfLoadExtension()/wfLoadSkin() which should be used in
LocalSettings.php rather than require-ing a PHP entry point.
Extensions and skins would add "extension.json" or "skin.json" files
in their root, which contains all the information typically
present in PHP entry point files (classes to autoload, special pages,
API modules, etc.) A full schema can be found at
docs/extension.schema.json, and a script to validate these to the
schema is provided. An additional script is provided to convert
typical PHP entry point files into their JSON equivalents.
The basic flow of loading an extension goes like:
* Get the ExtensionRegistry singleton instance
* ExtensionRegistry takes a filename, reads the file or tries
to get the parsed JSON from APC if possible.
* The JSON is run through a Processor instance,
which registers things with the appropriate
global settings.
* The output of the processor is cached in APC if possible.
* The extension/skin is marked as loaded in the
ExtensionRegistry and a callback function is executed
if one was specified.
For ideal performance, a batch loading method is also provided:
* The absolute path name to the JSON file is queued
in the ExtensionRegistry instance.
* When loadFromQueue() is called, it constructs a hash
unique to the members of the current queue, and sees
if the queue has been cached in APC. If not, it processes
each file individually, and combines the result of each
Processor into one giant array, which is cached in APC.
* The giant array then sets various global settings,
defines constants, and calls callbacks.
To invalidate the cached processed info, by default the mtime
of each JSON file is checked. However that can be slow if you
have a large number of extensions, so you can set $wgExtensionInfoMTime
to the mtime of one file, and `touch` it whenever you update
your extensions.
Change-Id: I7074b65d07c5c7d4e3f1fb0755d74a0b07ed4596
Xhprof generates this data now. Custom profiling of various
sub-function units are kept.
Calls to profiler represented about 3% of page execution
time on Special:BlankPage (1.5% in/out); after this change
it's down to about 0.98% of page execution time.
Change-Id: Id9a1dc9d8f80bbd52e42226b724a1e1213d07af7
When a logging service other than MWLoggerLegacySpi is used, the
behavior of wfErrorLog is not guaranteed.
Change-Id: I8543bfd556aa752665f7a3daa855d3c2f7fc8956
Notice: Undefined index: line in
/var/www/wiki/includes/GlobalFunctions.php on line 1840
Caused by fc2e6df64f, previous versions
used isset here.
Change-Id: Ie9434f09e0905346ace19909fb316d47c75e0440
* It will also no longer call getReaderIndex( false, ... ) twice
* Removed various related ampersands
Change-Id: Ia79e2007dbf84e7437f9439aa6371333aa3e1b23
* Add optional $context parameter to wfDebug, wfDebugLog, wfLogDBError
and wfErrorLog that will be passed to MWLogger.
* Add support for PSR-3 style log message parameter interpolation in
MWLoggerLegacyLogger.
* Add context information to wfLogDBError calls made from DatabaseBase,
DatabaseMysqlBase and LoadBalancer instances.
* Deprecate wfDebugTimer() which now appears to be unused.
Change-Id: Ic90d593d00a2b0b5b80ed205908cbe624042603c
Make the profiler logging output introduced in Iae11e1e a little nicer.
Stop adding the Profiler::getRawData() information and add the URL and
textual report to the default log message. When testing with a Monolog
logger and Logstash the getRawData output from the Xhprof profiler was
found to be too big to be usable. The default message output was found
to be less informative than desirable when a PSR-3 logger other than
MWLoggerLegacyLogger was used. MWLoggerLegacyLogger implements special
backwards compatible formatting for the profileoutput channel that will
not be effected by this change.
Change-Id: Id326aed4f72a3489fac30661c101ac3bb3af2530
