Why:
- Since we re-distribute a Swagger bundle that includes all the
libraries, we should also supply the licenses associated with these
libraries.
- See https://github.com/swagger-api/swagger-ui/issues/8317
What:
- Create a directory containing the relevant OSI licenses.
- Create a list of all the libraries included in Swagger UI
and their respective licenses.
Bug: T382086
Change-Id: I30be1fee2b3ebd7352fa6255a95969e91a75d575
(cherry picked from commit ea8d04800ff074f15ab4c83b39db438bb26fa617)
Service is no longer running, so it's a default that doesn't do anything
Bug: T382987
Change-Id: I3a21c12ba689928d38e410cbe2547ab7e616ac8a
(cherry picked from commit 4a6fac8b7dadfdffe6e0e239b8a551436e147d97)
MWCryptHKDF was added ten years ago (in af66c04d39), and as far as
I can tell, it was never used anywhere. It seems unlikely that CryptHKDF
will be used in the future, at least in its current form, for several
reasons:
* PHP 7.1.2+ has hash_hkdf(), so HKDF() would not be needed.
* At the time MWCryptHKDF was created, access to a CSPRNG was dependent
on server configuration: operating system, enabled PHP extensions,
open_basedir, etc. The "clock drift" RNG used as a last resort was not
considered to be secure or fast enough for generating large amounts of
output.[1] random_bytes(), added in PHP 7, changed the situation.
* Depleting the input pool of Linux's RNG is no longer a concern; there
is no more blocking output pool for /dev/random.[2][3] In 2022, this
change and others, including some that improved performance,[4] were
backported to stable kernels as old as 4.9.[5]
* $wgAuthenticationTokenVersion obviated the primary use case of
quickly resetting the user_token field for all users, assuming all
the existing tokens are unique.
* CryptHKDF seems to perform much slower than random_bytes(), at least
on Linux, making it pointless to use given that the other reasons for
its existence no longer apply.
[1]: https://bots.wmflabs.org/logs/%23mediawiki-core/20161004.txt
[2]: https://lwn.net/Articles/808575/
[3]: https://lore.kernel.org/all/cover.1577088521.git.luto@kernel.org/
[4]: https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
[5]: https://lore.kernel.org/all/Yo3pmh9hiUFtQz77@zx2c4.com/T/
Change-Id: I29136fad826341d21728671aa30285d5551f1162
In T340552, the official PHP OpenTelemetry client was effectively
rejected for inclusion in MediaWiki due to its size. Implement a minimal
tracing library instead that eschews conformance with the OTEL client
specification in favor of simplicity, while remaining capable of
emitting trace data in OTLP format and thus retaining compatibility with
any ingestion endpoint capable of handling OTLP.
In its current state, the library supports a basic feature set that
should be sufficient for basic tracing integration:
* Span creation, inclusive span activation and automatic parent span
assignment,
* Span attributes and span kinds,
* Basic resource (process/request)-level metadata generation,
* Data export over OTLP.
Additional functionality, such as trace propagation, can then be
incrementally added to the library.
Bug: T340552
Change-Id: Ibc3910058cd7ed064cad293a3cdc091344e66b86
Replaces 'copyright' with 'copyright-footer' and 'history_copyright'
with 'copyright-footer-history' (the original still takes precedence
if set). Adds SkinCopyrightFooterMessage hook which works the same
way as SkinCopyrightFooter for the new messages. Allows disabling
the old messages by setting $wgAllowRawHtmlCopyrightMessages = false.
Co-Authored-By: Gergő Tisza <tgr.huwiki@gmail.com>
Bug: T45646
Change-Id: I5fd5607f8d43b6e934c8d4d35097cec430c56043
Why:
* The documentation for wgAutopromoteOnce gives one valid value
for the "event" but says "Where the event is either"
* There is only one accepted format for "event", so this should
be clarified in the documentation.
What:
* Improve the documentation for wgAutopromoteOnce.
Change-Id: I014c0102985152e1bb7dda3a48a5e5988f24ddbd
The discovery endpoint provides basic information about accessing the
wiki's APIs, as well as a directory of available modules.
Bug: T365753
Change-Id: I161aa68566da91867b650e13c8aadc87cd0c428c
This applies JSON Schema validation in phpunit tests where appropriate:
1) In ModuleSpecHandlerTest, the generated OpenApi specs are validated
against the OpenAPI 3 schema.
2) In RestStructureTest, module definition files are validated against
the mwapi schema.
This patch introduces a new trait to make it easy for phpunit test cases
to perform validation.
This patch also fixes some issues with the docs/rest/mwapi-1.0.json
schema and the includes/Rest/content.v1.json module definition.
Change-Id: I966cddb337c9373ed3a369496548a8d8c538ae84
Controlled by $wgParsoidSelectiveUpdateSampleRate (which defaults to off)
randomly sample 1 in N parses to collect statistics to inform the design
of Parsoid selective update:
* For both legacy parses and Parsoid, count how many times a previous
parse is in the cache when a new parse is requested. This needs to
sample the legacy parser as well as Parsoid because Parsoid is not
yet invoked from the RefreshLinksJob. We also count the relative
number of parses from the different
RevisionRenderer::getRenderedRevision() call sites to determine
which pathways might account for the most opportunities for
optimized selective update.
* For sampled parses using the Parsoid parser where a previous parse
result is available, also fetch the previous wikitext source from the
database.
Bug: T371713
Change-Id: I208aeac1b315a96bdb9669427cd03de461b914b4
wfGetUrlUtils() is also deprecated, but less so, so we can do this first
and then properly replace the individual uses with dependency injection
in local pieces of work.
Also:
* Switching Parser::getExternalLinkRel to UrlUtils::matchesDomainList
exposed a type error in media.txt where $wgNoFollowDomainExceptions
was set to a string (which is invalid) instead of an array.
Bug: T319340
Change-Id: Icb512d7241954ee155b64c57f3782b86acfd9a4c
Depending on configuration, this returns either the interface language
code of the current user or the current page language.
Bug: T4085
Change-Id: Iab7fda272ec81af88c74612727ff6bed014d4a81
WinCache is an APCu equivalent for use with Microsoft IIS, but in recent
years has been unmaintained and lacks support for PHP 8 and newer.[1]
So, remove support for it as MediaWiki will be raising the minimum
supported PHP version to 8.1.
[1] https://www.php.net/manual/en/install.windows.recommended.php
Bug: T365691
Change-Id: I4d2dc01a9119bb1f858132f0146b894750c1e86d
Some wikis treat the category list from ParserOutput as a /set/, others
as an /ordered list/. For those who don't care about the order of
categories, provide the option for wikis to sort the categories
in OutputPage.
This can also be activated with a query parameter, `&sortcat=1`, which
is useful to the Parsoid team when doing visual diff testing to avoid
false positives caused by differences in category ordering.
Bug: T373480
Change-Id: Idd14650a1898c6a49c88441ef024ce3012903bbe
Update a few tests that relied on the feature flag to ignore
the 'requireemail' preference on "User1" to instead use "User2",
who doesn't have the preference set.
Bug: T242406
Change-Id: I996d3996272d704a071d1d2094c3568247b80f98
Developers can use this to test their local version of Codex with
MediaWiki by pointing $wgCodexDevelopmentDir to their local clone of the
Codex repo, e.g. $wgCodexDevelopmentDir = '/home/yourname/git/codex';
Setting $wgCodexDevelopmentDir affects where the following things come
from:
- Codex JS/CSS files for the full library
- Codex JS/CSS files for code-split chunks, and the manifest.json file
that points to them
- Icons retrieved by CodexModule::getIcons()
- CSS-only icons imported in Less
- Design tokens imported in Less
Other changes in this patch:
- Add CodexModule::makeFilePath() to centralize the repeated path
concatenation. This makes it easier to switch out the regular path for
the dev mode path.
- Replace all uses of $IP (which is deprecated) and MW_INSTALL_PATH in
CodexModule with the BaseDirectory config setting.
- Make CodexModule::getIcons() reset its static cache if the path to the
icons file changes. Without this, it's impossible to make the unit
tests pass.
- Move the i18n messages code from the CodexModule constructor to
getMessages(). It can't be in the constructor because makeFilePath()
doesn't work there (it fails because the Config object hasn't been set
up yet).
- Add a 'mediawiki.skin.codex' import path so that we can stop
hard-coding the path to the Codex mixins file. Without this, we can't
make the Codex mixins come from the right place in development mode.
- Consider $wgCodexDevelopmentDir in setting the cache key for compiled
Less code, since changing this setting can change the output of Less
compilation (by changing design tokens, icons or mixins).
- Add unit tests for (the non-dev mode behavior of)
CodexModule::getIcons() and the i18n message key handling.
Bug: T314507
Change-Id: I11c6a81a1ba34fe10f4b1c98bf76f0db40c1ce98
We may want to change the RestSandboxSpecs setting to accommodate the
need to list all available APIs in an discovery document (T365753).
Change-Id: I09a85e8d8a3ce07562fe098f7e7749e51946b5af
The setting was introduced for the REST API (change Ic0658039a6, commit
ab06b05619) and is only checked there, but didn’t previously document
this. (Noticed while working on a new version of I41200852ee / T322944).
Change-Id: I8e197cfeb5cd41b060ed5ac25a70e9a2d523fcf9
== Motivation ==
* Reduce amount of configuration switches relating to MW Stats component,
to reduce noise for MW sysadmins and devs.
* Reduce amount of code in the legacy Statsd implementation.
== Background ==
* commit e56f7b6c63 (2015, MW 1.26): Add statsd sampling.
Refers to T106457 under T106450 ("hook usage counts"), which used it
in https://gerrit.wikimedia.org/r/226640 which was reverted shortly
after in https://gerrit.wikimedia.org/r/233045 due to too high
overhead of stats code for something as hot as hooks, regardless
of actual sampling/stats sending.
* commit b203ec5fcd (2016, MW 1.29): Make statsd sampling configurable.
Use case unknown, but it is not used today in wmf-config, and
appears to have never been set in the past either:
```
operations-mediawiki-config (master)
$ git log -p wmf-config/ | grep wgStatsdSamplingRates
24s ec=1$
```
Looking for unmerged patches, I do find an abandoned patch for
the Wikibase extension that attempted to use to instrument database
load in 2020. It was abandoned in favour of dedicated DB tooling
to inspect database queries, which offer more detail as well.
https://gerrit.wikimedia.org/r/q/message:wgStatsdSamplingRateshttps://gerrit.wikimedia.org/r/c/mediawiki/extensions/Wikibase/+/593335
== Future ==
In 10 years, we've not needed sampling anywhere even at our scale.
StatsD absorbs high traffic very well, with controlled flushing to
Graphite as backend. Prometheus exporters are similarly buffered
close to the producer with controlled scraping intervals. This
should make sampling unlikely to be needed.
We did have one experiment where sampling was attempted, which led
to the developments this commit removes. That instrumentation was
removed because the code was far too frequently called and hot that
it posed a latency problem, even before we factor in whether it
sends the metric. The overhead of the stats code itself added too
much overhead to Hook::run / HookContainer.
The new StatsFactory service class does feature per-metric sampling,
although this is similarly without use case at the moment:
https://codesearch.wmcloud.org/search/?q=%3EsetSampleRate&excludeFiles=test
New instrumentations should use StatsFactory, and if sampling were
needed in the future, it could be experimented by calling setSampleRate
on Metric objects (as part of the instrumentation, rather than in
site config, unless the feature in question makes it configurable).
That seems enough upfront investment for a theoretical future need.
Change-Id: I5f68e48d6d2c880a43f83915234d3c9f32a2d1ef
Adds an experimental configuration to allow extensions to define
OutputPipelineStages to include in the DefaultOutputPipeline.
There are a lot of open questions about this api, like ordering of
execution, but adding it @experimental will help surface the
requirements.
Bug: T370541
Needed-By: I6dc92af0611c680b6e55605a7c9ff8a3fc1dfa26
Change-Id: I64baea40a1687c7a06fbcda9efe9f9a159b0ae8d
And deprecated aliases for the the no namespaced classes.
ReplicatedBagOStuff that already is deprecated isn't moved.
Bug: T353458
Change-Id: Ie01962517e5b53e59b9721e9996d4f1ea95abb51
This permission isn't currently available in other grant, making it
impossible to use action=setpagelanguage via BotPasswords or OAuth.
This commit adds 'pagelang' to the 'editpage' grant. Note that this
doesn't automatically give any consumer with the 'editpage' grant the
'pagelang' right -- they must actually have such rights on the user
account as well (for most wikis this is sysop, translationadmin).
Bug: T368578
Bug: T365558
Change-Id: I7048c49dc0428016cd798622552c446bbb10d99f
So far, extensions can only define REST entry points by listing them
directly in extension.json. This is inconvenient and makes it impossible
to define proper modules.
Bug: T365754
Change-Id: Id35bdd55e00457ddbeaee72d0e9399bd43a0d07a
