diff options
| author | Tim Starling <tstarling@wikimedia.org> | 2021-01-08 13:16:02 +1100 |
|---|---|---|
| committer | Tim Starling <tstarling@wikimedia.org> | 2021-01-11 11:59:36 +1100 |
| commit | 20d06b34bbc95bb6f886a03b964f0f3a2239ec36 (patch) | |
| tree | a7d8b74b2346c0aab2d7af83449f19e8804963f8 /autoload.php | |
| parent | 320af70270cba90deafc0993d43ae35d67623faa (diff) | |
| download | mediawikicore-20d06b34bbc95bb6f886a03b964f0f3a2239ec36.tar.gz mediawikicore-20d06b34bbc95bb6f886a03b964f0f3a2239ec36.zip | |
Safer autoloading with respect to file-scope code
Many files were in the autoloader despite having potentially harmful
file-scope code.
* Exclude all CommandLineInc maintenance scripts from the autoloader.
* Introduce "NO_AUTOLOAD" tag which excludes the file containing it
from the autoloader. Use it on CommandLineInc.php and a few
suspicious-looking files without classes in case they are refactored
to add classes in the future.
* Add a test which parses all non-PSR4 class files and confirms that
they do not contain dangerous file-scope code. It's slow (15s) but
its results were enlightening.
* Several maintenance scripts define constants in the file scope,
intending to modify the behaviour of MediaWiki. Either move the
define() to a later setup function, or protect with NO_AUTOLOAD.
* Use require_once consistently with Maintenance.php and
doMaintenance.php, per the original convention which is supposed to
allow one maintenance script to use the class of another maintenance
script. Using require breaks autoloading of these maintenance class
files.
* When Maintenance.php is included, check if MediaWiki has already
started, and if so, return early. Revert the fix for T250003 which
is incompatible with this safety measure. Hopefully it was superseded
by splitting out the class file.
* In runScript.php add a redundant PHP_SAPI check since it does some
things in file-scope code before any other check will be run.
* Change the if(false) class_alias(...) to something more hackish and
more compatible with the new test.
* Some site-related scripts found Maintenance.php in a non-standard way.
Use the standard way.
* fileOpPerfTest.php called error_reporting(). Probably debugging code
left in; removed.
* Moved mediawiki.compress.7z registration from the class file to the
caller.
Change-Id: I1b1be90343a5ab678df6f1b1bdd03319dcf6537f
Diffstat (limited to 'autoload.php')
| -rw-r--r-- | autoload.php | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/autoload.php b/autoload.php index 405727be84c3..b9c2c08a40ad 100644 --- a/autoload.php +++ b/autoload.php @@ -169,7 +169,6 @@ $wgAutoloadLocalClasses = [ 'AugmentPageProps' => __DIR__ . '/includes/search/AugmentPageProps.php', 'AuthManagerSpecialPage' => __DIR__ . '/includes/specialpage/AuthManagerSpecialPage.php', 'AutoCommitUpdate' => __DIR__ . '/includes/deferred/AutoCommitUpdate.php', - 'AutoLoader' => __DIR__ . '/includes/AutoLoader.php', 'AutoloadGenerator' => __DIR__ . '/includes/utils/AutoloadGenerator.php', 'Autopromote' => __DIR__ . '/includes/Autopromote.php', 'AvroValidator' => __DIR__ . '/includes/utils/AvroValidator.php', @@ -238,7 +237,6 @@ $wgAutoloadLocalClasses = [ 'CdnCacheUpdate' => __DIR__ . '/includes/deferred/CdnCacheUpdate.php', 'CdnPurgeJob' => __DIR__ . '/includes/jobqueue/jobs/CdnPurgeJob.php', 'CentralIdLookup' => __DIR__ . '/includes/user/CentralIdLookup.php', - 'CgzCopyTransaction' => __DIR__ . '/maintenance/storage/recompressTracked.php', 'ChangePassword' => __DIR__ . '/maintenance/changePassword.php', 'ChangeTags' => __DIR__ . '/includes/changetags/ChangeTags.php', 'ChangeTagsList' => __DIR__ . '/includes/changetags/ChangeTagsList.php', @@ -261,7 +259,6 @@ $wgAutoloadLocalClasses = [ 'CheckDependencies' => __DIR__ . '/maintenance/checkDependencies.php', 'CheckImages' => __DIR__ . '/maintenance/checkImages.php', 'CheckLess' => __DIR__ . '/maintenance/checkLess.php', - 'CheckStorage' => __DIR__ . '/maintenance/storage/checkStorage.php', 'CheckUsernames' => __DIR__ . '/maintenance/checkUsernames.php', 'ClassCollector' => __DIR__ . '/includes/utils/ClassCollector.php', 'CleanupAncientTables' => __DIR__ . '/maintenance/cleanupAncientTables.php', @@ -287,8 +284,6 @@ $wgAutoloadLocalClasses = [ 'CollapsibleFieldsetLayout' => __DIR__ . '/includes/htmlform/CollapsibleFieldsetLayout.php', 'Collation' => __DIR__ . '/includes/collation/Collation.php', 'CollationCkb' => __DIR__ . '/includes/collation/CollationCkb.php', - 'CommandLineInc' => __DIR__ . '/maintenance/CommandLineInc.php', - 'CommandLineInstaller' => __DIR__ . '/maintenance/install.php', 'CommentStore' => __DIR__ . '/includes/CommentStore.php', 'CommentStoreComment' => __DIR__ . '/includes/CommentStoreComment.php', 'CompareParserCache' => __DIR__ . '/maintenance/compareParserCache.php', @@ -1139,7 +1134,6 @@ $wgAutoloadLocalClasses = [ 'MergeHistory' => __DIR__ . '/includes/MergeHistory.php', 'MergeHistoryPager' => __DIR__ . '/includes/specials/pagers/MergeHistoryPager.php', 'MergeLogFormatter' => __DIR__ . '/includes/logging/MergeLogFormatter.php', - 'MergeMessageFileList' => __DIR__ . '/maintenance/mergeMessageFileList.php', 'MergeableUpdate' => __DIR__ . '/includes/deferred/MergeableUpdate.php', 'Message' => __DIR__ . '/includes/language/Message.php', 'MessageBlobStore' => __DIR__ . '/includes/resourceloader/MessageBlobStore.php', @@ -1215,9 +1209,6 @@ $wgAutoloadLocalClasses = [ 'PPDStack_Hash' => __DIR__ . '/includes/parser/PPDStack_Hash.php', 'PPFrame' => __DIR__ . '/includes/parser/PPFrame.php', 'PPFrame_Hash' => __DIR__ . '/includes/parser/PPFrame_Hash.php', - 'PPFuzzTest' => __DIR__ . '/maintenance/preprocessorFuzzTest.php', - 'PPFuzzTester' => __DIR__ . '/maintenance/preprocessorFuzzTest.php', - 'PPFuzzUser' => __DIR__ . '/maintenance/preprocessorFuzzTest.php', 'PPNode' => __DIR__ . '/includes/parser/PPNode.php', 'PPNode_Hash_Array' => __DIR__ . '/includes/parser/PPNode_Hash_Array.php', 'PPNode_Hash_Attr' => __DIR__ . '/includes/parser/PPNode_Hash_Attr.php', @@ -1349,7 +1340,6 @@ $wgAutoloadLocalClasses = [ 'RebuildTextIndex' => __DIR__ . '/maintenance/rebuildtextindex.php', 'RecentChange' => __DIR__ . '/includes/changes/RecentChange.php', 'RecentChangesUpdateJob' => __DIR__ . '/includes/jobqueue/jobs/RecentChangesUpdateJob.php', - 'RecompressTracked' => __DIR__ . '/maintenance/storage/recompressTracked.php', 'RecountCategories' => __DIR__ . '/maintenance/recountCategories.php', 'RedirectSpecialArticle' => __DIR__ . '/includes/specialpage/RedirectSpecialArticle.php', 'RedirectSpecialPage' => __DIR__ . '/includes/specialpage/RedirectSpecialPage.php', @@ -1685,7 +1675,6 @@ $wgAutoloadLocalClasses = [ 'TitleParser' => __DIR__ . '/includes/title/TitleParser.php', 'TitlePrefixSearch' => __DIR__ . '/includes/search/TitlePrefixSearch.php', 'TitleValue' => __DIR__ . '/includes/title/TitleValue.php', - 'TrackBlobs' => __DIR__ . '/maintenance/storage/trackBlobs.php', 'TrackingCategories' => __DIR__ . '/includes/TrackingCategories.php', 'TraditionalImageGallery' => __DIR__ . '/includes/gallery/TraditionalImageGallery.php', 'TransactionRoundAwareUpdate' => __DIR__ . '/includes/deferred/TransactionRoundAwareUpdate.php', @@ -1711,8 +1700,6 @@ $wgAutoloadLocalClasses = [ 'UpdateCollation' => __DIR__ . '/maintenance/updateCollation.php', 'UpdateDoubleWidthSearch' => __DIR__ . '/maintenance/updateDoubleWidthSearch.php', 'UpdateExtensionJsonSchema' => __DIR__ . '/maintenance/updateExtensionJsonSchema.php', - 'UpdateLogging' => __DIR__ . '/maintenance/archives/upgradeLogging.php', - 'UpdateMediaWiki' => __DIR__ . '/maintenance/update.php', 'UpdateRestrictions' => __DIR__ . '/maintenance/updateRestrictions.php', 'UpdateSearchIndex' => __DIR__ . '/maintenance/updateSearchIndex.php', 'UpdateSpecialPages' => __DIR__ . '/maintenance/updateSpecialPages.php', |