In wfDebugBacktrace() and wfShellExecDisabled(), use function_exists()
instead of getting the value of the disable_functions INI setting,
then splitting it into a list of functions, then checking that list
for the function to be called.
Also removed the check for Zend Optimizer, an old PHP extension that
does not work with PHP 5.3.
Change-Id: I04f0e026f8a6e0414f08d5302aff6c084a1d19a7
gute on irc just mentioned how his BusyBox server identifies as
linux but doesn't have bash installed. Additionally I see no
reason to limit limit.sh to linux, if for example somebody has
installed bash on a different *nix.
Change-Id: I51677295ab6bbc58fc5152106cf2c4c32bd1b0ea
Two classes (User and SpecialRunJobs) currently contain string
equality checks that purport to be timing-attack resistant.
Reduce code duplication by adding and using a fallback for the
hash_equals() function from PHP 5.6 (currently in beta), in a way
addressing the comment "@todo: make a common method for this".
Change-Id: Iece006ec0216edb3fc5fbef7cc6ec00a6d182775
* Fix: wfDebugMem no longer reports kibibytes as kilobytes
* Usability: wfDebugMem now uses unit symbols (e.g. KiB)
Change-Id: I1ab8aa3ccdb0fdea307913ada4ed42964d7fe960
Introduces wgHttpsPort configuration variable and makes use of it when
appropriate in wfExpandUrl()
Bug: 65184
Change-Id: I325ee0ff7be16de2a964fb7d8654b88cbd5fe239
This adds a new generic library class IPSet, which precomputes
a reasonably-efficient data structure from the input list of
addresses and CIDR net/mask specs for fast runtime matching,
and then uses it to check trusted XFF-setters.
See also: 32b4f19f173fc5cff1029eedee63a39a2d72dd3a
Bug: 57021
Change-Id: Ia3b12fb90c3e7e492374a128943b014481cc2730
We've had the logic for stripping the outer <p/> element in three
separate places. The version in OutputPage was missing the '$' at the
end of the regex, that was most likely a mistake caused by the
duplication.
Also, extend the logic in order not to generate invalid HTML if the
input contains more than one <p/> tag. Added tests for this and the
previous behaviour.
https://www.mail-archive.com/mediawiki-api@lists.wikimedia.org/msg03188.html
Change-Id: I6bb3597898324556df912a23a7ffc9ff250b8f58
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in capital.
Change-Id: If8c0cf4627fc62ff288d33658e327ae80548f5c5
Variants included 'in <version>', 'as of <version>' and just the
version number.
Some @deprecated annotations do not have the version number at all,
I want to hunt them down separately.
Change-Id: I8208c6097098f4735d4f51bc42254675f1f27f6d
This patch replaces:
<!-- Served by mw1069 in 0.976 secs. -->
With:
<script>mw.config.set({"wgBackendResponseTime":976,"wgHostname":"mw1069"});</script>
In the default HTML output of MediaWiki.
While the latter is a nearly twice as long, it is almost as readable for human
beings, while being substantially easy to get via JavaScript.
To get the values from the comment, you have to do something like:
var comments, comment, hostname, duration;
comments = $.grep( document.body.childNodes, function ( el ) {
return el.nodeType === 8
} );
comment = comments.length
? comments.pop().nodeValue.match( /(\S+) in ([\d.]+)/ ).slice( 1 )
: [ null, null ];
hostname = comment[0];
respTime = parseFloat( comment[1] );
On the other hand, to get the values from the JavaScript code, you can simply:
var hostname = mw.config.get( 'wgHostname' );
var respTime = mw.config.get( 'wgBackendResponseTime' );
I believe that the ability to parse the number easily via JavaScript will make
it easier to include with other client-side measurements as part of reports on
site performance as experienced by users.
Change-Id: I895cd03f0968815484ff8cda4b23cc602ac555f0
And deprecate $wgProfileOnly in the same time.
This has the advantage of allowing profiler output to be separated
from the main debug log file; or even be completely disabled while
keeping the other debugging messages.
Also updated the checks in wfLogProfilingData() to detect the cases
where the output would not be sent anywhere to not execute the
last part of the method which would be useless otherwise.
Backward compatibility with installations having $wgProfileOnly
set to true is kept by moving the log file from $wgDebugLogFile
to $wgDebugLogGroups['profileoutput'] in Setup.php in that case.
Change-Id: I7b35195e527dfa7978b710126ed4599e75dab46b
I mainly fixed PHPDoc comments that are highlighted by PHPStorm
as being wrong or incomplete.
* Fixed some wrong inline documentations, e.g. wrong @return types.
* Used the style suggested by the Doxygen and phpDocumentor
documentations: @param type [$optional,...]
* Doxygen and phpDocumentor suggest the order: @param type $var
* Avoid unclear "varargs" and "mixed" if possible.
* Lowercased "array" and such, they are no classes.
Change-Id: Iff16e05fed6652cefec29e3d254807f52d84c9ab
Since Iffba121a99 (00b7f76) with the removal of wfHttpOnlySafe(),
session cookie's parameters are based only on configuration
settings, so there is no point to spam the "cookie" log group
with predicitible values.
Change-Id: I8b1cdea929cefc32dd8b01c2ecbf2d76bb64189f
I found two calls to wfLogDBError() that do not add a new line
at the end of the message. So instead of adding them to that
entries, I changed wfLogDBError() to automatically put it on
icoming messages; as for wfDebugLog().
Change-Id: Id014b5827a0aeef6873ebf08d78f0a3d7581d63b
This hack was added in r34083 / 6b16f44108 to support IE for Mac.
That browser is no longer supported, and no additional user-agent
strings have been added in WMF configuration.
Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e
- The parameter is now a string, making is more understandable than
boolean values
- It takes the same values in both wfDebug() and wfDebugLog() (except
for 'private' which is only used in the latter)
- This adds a new possibility to wfDebugLog() to log the message either
on the specific log or the general one, but not to the debug toolbar
- Old boolean values are still recognised for backward compatibility
- Also send the messages passed to wfDebugLog() to the debug toolbar
when they are written to a specific log and not restricted to logs
- Updated the calls of and wfDebug() and wfDebugLog() with the last
parameter to change it into a string
- Renamed MWDebug::sendWarning() to MWDebug::sendMessage() and added
$group parameter to it; will not break anything since that method
is marked as private
- Changed the call to wfDebug() from MWDebug::sendMessage() to use
wfDebugLog() with 'log' as thrid parameter, so that those messages
can be logged separately from the main log and they don't show up
a second time on the "debug log" tab of the debug toolbar
Change-Id: I1be09d4c1d3408ed5b26a5db02691c17c0ec0926
Some uses remained in Gerrit extensions, and patches have been submitted
to replace the usages. See below for details.
* in_string (deprecated in 1.21)
* wfGenerateToken (deprecated in 1.20) (had 2 uses)
* wfStreamFile (deprecated in 1.19) (had 1 use)
* wfUILang (deprecated in 1.18)
Change-Id: Ic67a968da8f37daf44503b98d00710eb99180805
Kept wfGetIP() for now because it is still in use in the SecurePoll
extension and in WMF configuration.
Change-Id: Id412e37743f89bb67eb329a2f475f8496cf7b006
The Line continuation Coding conventions prefers the closing parenthesis
on the same line than the beginning curly braces. This is done for ifs
and functions.
Also move some boolean operator from the end of a line to the beginning
and changed some indentation to make the condition hopefully better
readable.
Change-Id: Id0437b06bde86eb5a75bc59eefa19e7edb624426
- Removed double spaces
- Added space after if/switch/foreach
- Removed space on elseif
- Added space around parentheses
- Added newline at end of file
- Removed space before semicolon at end of line
Change-Id: Id40b87e04786c6111e6686d7f7eea1e588bdf37d
The use of static server detection outside of its intended use case
(i.e. at the start of DefaultSettings.php), for example in r93258, was
an architectural error. Every other bit of information about the web
request in non-setup code comes from non-static methods of WebRequest,
which allows the request object to be meaningfully replaced or
subclassed. The situation became increasingly ridiculous as more
callers of WebRequest::detectProtocol() were introduced. Two of the
callers were calling it non-statically! I suppose they had the right
idea, in a way.
Using a non-static call allows caching, which is a nice additional
benefit.
WebRequest::detectProtocolAndStdPort() was introduced in r93258 as part of
the introduction of WebRequest::detectProtocol(). It was basically
useless. Grep indicates there was only one caller in core and WMF
deployed extensions, and it is patched here.
Change-Id: Ia0a61e98fbff7a46ceaeebcb02236e5eac3df0e1
Adds release notes and fixes two inaccurate comments added in Ib0ece5d5d
("Configurable log sampling via $wgDebugLogGroups").
Change-Id: I224a0319b7432300d3cb6f4d14e61ea9d36ee228
Make it possible to configure a log-group-specific sampling factor by allowing
$wgDebugLogGroups values to be associative arrays with 'destination' & 'sample'
keys.
The immediate use-case I have in mind is the memcached log, which is too
verbose to enable in production. We could sample on the receiving end, but
doing so would not help MediaWiki, which would still be on the hook for
processing and dispatching every single record.
Idea was vetted by Dr. Manhattan:
<TimStarling> I think you could have each element in $wgDebugLogGroups be an
associative array
<TimStarling> e.g. array( 'sample' => 1000, 'target' => "$host:$port")
<TimStarling> that would allow for more features to be added to it in
future
Change-Id: Ib0ece5d5d9c2aadef13b77ac38995b0e47ac086f
