These .htaccess files are intended to prohibit all web access. But if
the user sets "Satisfy Any" on a parent directory, in conjunction with
any permissive require directive like "Require all granted", access will
be allowed despite "Require all denied" in .htaccess.
So, override Satisfy so that the "Require all denied" will reliably take
effect.
Note that "Satisfy All" is the default. This only affects non-default
installations.
Change-Id: Ia5862fb69e439b7ea2ed7af011e1ebf8f1b1f6d6
(cherry picked from commit a50d2e69f8ce9e5720b05615d04c35cc9008b6ae)
When scripting, folks generally check the exit code of a program to be
zero if it is successful, and non-zero if it isn't. Since importImages
can be used in third-party scripts to automate wiki imports, it is
paramount that import failures are detected.
However, since it doesn't exit with a failure code (i.e. a non-zero
exit code) when a file fails to import or when there are no files
found, it is much more difficult to detect import failures.
Therefore, we exit with a non-zero return code to make import failures
much more easier to detect for scripts.
Bug: T388296
Change-Id: I5d9ede123355d63267793133287253a86faecda5
(cherry picked from commit 5a7c5491775ebf97f60fc7067d3d41c609358534)
Correct the join conditions used to find the current edit count for
a batch of users. Follows up b98f33c where the incorrect join order and
conditions were introduced as part of migration to QueryBuilder syntax.
Change-Id: I1841bb074b0f2be31e60a3cce3d62eb1b5999ad0
(cherry picked from commit 834891e01afa19cc1ecd973c04a453a9abb2d484)
This reverts commit 4563e41f20.
Reason for revert: The expected DatabaseSqlite is not directly used here, it is still DBConnRef and the patch does not work as is.
Bug: T386891
Change-Id: I83b1e299b698c004dcacb9aa90901dfe28097403
(cherry picked from commit 7fdc51ed4d27ba6211215c6198b7e448de799cde)
Why:
- TextPassDumper may spawn PHP subprocesses via proc_open() when invoked
with --spawn.
- The script uses pclose() to try and close these, which is incorrect,
because the resource returned by proc_open() should be closed via
proc_close().[1]
- This causes a TypeError on PHP 8.1 and newer.
What:
- Use proc_close() to close the resource instead of pclose().
Test Plan:
- Run `php maintenance/dumpBackup.php --current --stub | php maintenance/dumpTextPass.php --spawn`
on a local test wiki using PHP 8.1 or newer. It should succeed.
[1] https://www.php.net/manual/en/function.proc-open.php
Bug: T382484
Change-Id: I66cd733cdbc1b8bc1470c14851a0700401c36d1e
(cherry picked from commit 8b9c3ab08eddc86032166f5b9dc208e51c2aaebb)
- Make si_page primary key
- Allow si_title to be larger
- Switch from utf8 to utf8mb4
- Remove default of empty string for titles
Sqlite is not migrated, as it has it's own overrides
Postgres is migrated, but is not in actual use
This is mostly from I273e3a7715abf97d2889904642c7c375e76de4f6
Bug: T249976
Bug: T231827
Change-Id: I12adff3e6ca6a9986ff207bef16272195c3a6a48
(cherry picked from commit a2ba7ee14d6b38a5e89bcc63c3bd0ca8b5107702)
This does not include use of MediaWiki\Maintenance\Maintenance,
assuming the maintenance scripts going into the same namespace
Change-Id: I488f95b537ce86eb5e463be7bce3653610dd13d9
Implicitly marking parameter $... as nullable is deprecated in php8.4,
the explicit nullable type must be used instead
Created with autofix from Ide15839e98a6229c22584d1c1c88c690982e1d7a
Break one long line in SpecialPage.php
Bug: T376276
Change-Id: I807257b2ba1ab2744ab74d9572c9c3d3ac2a968e
Why:
* Maintenance scripts in core have low test coverage
* This can cause issues such as the findDeprecated.php maintenance
script not working, as described in T374832
* Testing the broken script after fixing it will avoid the script
breaking again.
What:
* Fix the findDeprecated.php maintenance script to actually
show when code is hard-deprecated.
* Modify the script to allow mocking of the MediaWiki install
path in PHPUnit tests
* Create FindDeprecatedTest which tests that the script produces
an expected output, without being specific about how the
code finds the methods (to allow the method to be changed
as discussed in T243403)
** To do this, create a folder in the data folder for the PHPUnit
tests that has a mock file structure allowing the test to
use a fixed list of soft and hard deprecated methods.
Bug: T374832
Bug: T371167
Change-Id: Ic4933cef95ef1af7fa3939625ac1747106c71230
A constant is not a variable. The type is hard-coded via the value
and can never change. While the extra @var probably doesn't hurt much,
it's redundant and error-prone and can't provide any additional
information.
Change-Id: Iee1f36a1905d9b9c6b26d0684b7848571f0c1733
Why:
* Maintenance scripts in core are mostly untested
* Increasing this test coverage, especially for more critical
scripts, will help avoid bugs and regressions.
What:
* Add tests for renameUsersMatchingPattern.php
* Expand tests for renameUser.php
* Add TestSelectQueryBuilder::assertFieldValues, which is used
to assert against the result of ::fetchFieldValues.
Bug: T371167
Change-Id: I0470c53df7f31ae4891c33aeb5ba6e308bdcdac6
For a private function the $fname does not need to be optional,
it should be easy to pass it always.
Change-Id: Ifcddcd2479ae6f8bbf68210441c61ee7a45e1489
Remove unused $db parameter and make the $cluster required. Update
the checkStorage.php callers to provide the cluster.
Use the getTable() method in trackBlobs.php to avoid duplication.
Mark this method as @internal to the class and /storage scripts.
Change-Id: I888040a536a60e22e780900a59e4c34b6c468cdf
The variables on the converter are not usable outside of the class,
so making the public ones also private.
Change-Id: I6087dcdac761916359009548beb5210671a32ee5
Why:
* Maintenance scripts in core have low test coverage.
* Testing scripts which are not overly complex should create
less complex tests that easily raise test coverage.
What:
* Create a test for both exportSites.php and importSites.php which
checks that the XML file produced by exportSites.php can be
parsed and produces the same sites table config as was exported.
Bug: T371167
Change-Id: I3eb1b86803ee2413e624f9ffe699a60161103758
In order to replace the /api/rest_v1/page/title/{title} endpoints, we
need to have something in MediaWiki that generates a compatible
responser. The v1/page/{title}/bare and v1/revision/{id}/bare endpoints
are functionally equivalent, so the easiest approach seemed to be to
add a compatibility mode to them. The compatibility mode is triggered
using the x-restbase-compat header, which can be set via the gateway
when routing the request from /api/rest_v1/page/title/.
Bug: T374136
Change-Id: I4af7ff5325660ae30faebb24753b9dc1c3acb2b3
Add doc-typehints to class properties found by the PropertyDocumentation
sniff to improve the documentation.
Once the sniff is enabled it avoids that new code is missing type
declarations. This is focused on documentation and does not change code.
Change-Id: I7dec01892a987a87b1b79374a1c28f97d055e8fa
Why:
* Maintenance::runChild was renamed to ::createChild in
af4117bbdd
* The ::runChild method was left as a deprecated alias and the
stable to override annotation was removed.
* Following I96628f5e2bd847a1cf621b3f52015659cc1c170b, no WMF
deployed code overrides the ::runChild method and
therefore overriding the method can be marked as
hard-deprecated.
What:
* Use MWDebug::detectDeprecatedOverride to mark overriding
Maintenance::runChild as hard deprecated.
Depends-On: I96628f5e2bd847a1cf621b3f52015659cc1c170b
Bug: T374730
Change-Id: I2a3163c0853c3312cef5bee74771bed9eda74146
Why:
* The logging table on en.wikipedia.org contains an entry from
2005 which is an unblock of an autoblock. However, the log_title
contains the namespace, which makes the code that looks for
logs which target an autoblock fail (because it checks for the
first character being '#').
* Fixing the log_title to remove the 'User:' prefix from rows which
are autoblocks (i.e. searching for log_titles which start with
'User:#') should address the exceptions seen on Special:Log for
these rows.
** The search can be limited to rows which have the 'unblock'
log_action, as this has only been seen for this type of log.
What:
* Create fixAutoblockLogTitles.php which searches for the entries
and then updates the log_title value to no longer include the
'User:' prefix
** The queries to search are split, such that the expensive LIKE
query is performed on batches of row IDs. If the LIKE query is
applied directly to all rows in the table, the query takes 30s
to run on WMF production.
* Add this maintenance script to update.php. It will be run once
as the class extends LoggedUpdateMaintenance.
* Test the newly added maintenance script to ensure it works.
Bug: T373929
Change-Id: Ia62db56eda456bb764303b5f4b5a29be8f2d8fff
