20d06b34bb
Many files were in the autoloader despite having potentially harmful file-scope code. * Exclude all CommandLineInc maintenance scripts from the autoloader. * Introduce "NO_AUTOLOAD" tag which excludes the file containing it from the autoloader. Use it on CommandLineInc.php and a few suspicious-looking files without classes in case they are refactored to add classes in the future. * Add a test which parses all non-PSR4 class files and confirms that they do not contain dangerous file-scope code. It's slow (15s) but its results were enlightening. * Several maintenance scripts define constants in the file scope, intending to modify the behaviour of MediaWiki. Either move the define() to a later setup function, or protect with NO_AUTOLOAD. * Use require_once consistently with Maintenance.php and doMaintenance.php, per the original convention which is supposed to allow one maintenance script to use the class of another maintenance script. Using require breaks autoloading of these maintenance class files. * When Maintenance.php is included, check if MediaWiki has already started, and if so, return early. Revert the fix for T250003 which is incompatible with this safety measure. Hopefully it was superseded by splitting out the class file. * In runScript.php add a redundant PHP_SAPI check since it does some things in file-scope code before any other check will be run. * Change the if(false) class_alias(...) to something more hackish and more compatible with the new test. * Some site-related scripts found Maintenance.php in a non-standard way. Use the standard way. * fileOpPerfTest.php called error_reporting(). Probably debugging code left in; removed. * Moved mediawiki.compress.7z registration from the class file to the caller. Change-Id: I1b1be90343a5ab678df6f1b1bdd03319dcf6537f |
||
|---|---|---|
| .. | ||
| AutoloadGenerator.php | ||
| AvroValidator.php | ||
| BatchRowIterator.php | ||
| BatchRowUpdate.php | ||
| BatchRowWriter.php | ||
| ClassCollector.php | ||
| ExecutableFinder.php | ||
| FileContentsHasher.php | ||
| MWCryptHKDF.php | ||
| MWCryptRand.php | ||
| MWFileProps.php | ||
| MWRestrictions.php | ||
| README | ||
| RowUpdateGenerator.php | ||
| UIDGenerator.php | ||
| ZipDirectoryReader.php | ||
| ZipDirectoryReaderError.php | ||
The classes in this directory are general utilities for use by any part of MediaWiki. They do not favour any particular user interface and are not constrained to serve any particular feature. This is similar to includes/libs, except that some dependency on the MediaWiki framework (such as the use of MWException, Status or wfDebug()) disqualifies them from use outside of MediaWiki without modification. Utilities should not use global configuration variables, rather they should rely on the caller to configure their behaviour.