| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Change-Id: Ie92e4b2722692c64f38557bfcd3687168d245e8e
|
| |
|
|
|
|
|
|
|
|
|
| |
Use name constants instead of string literals in calls to Config::get
and ServiceOptions::get, when referring to core configuration variables.
This protects against typos and makes the decumentation and schema
declaration of the config settings discoverable.
This is the first batch, only touching files directly under /includes/
Change-Id: I7252e636c7c86d950d9257b33491af492c6dd5eb
|
| |
|
|
|
|
|
|
|
| |
php internal functions like floor/round/ceil documented to return
float, most cases the result is used as int, added casts
Found by phan strict checks
Change-Id: I92daeb0f7be8a0566fd9258f66ed3aced9a7b792
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Automatically refactors wg prefixed globals to use MediaWikiServices config using Rector. Doesn't include files that set globals or files that fail CI.
Rector Gist: https://gist.github.com/tchin25/7cc54f6d23aedef010b22e4dfbead228
* This patch uses a modified source code rector library for our specific use case and the rector will have different effects without it.
A writeup for future reference is here: https://meta.wikimedia.org/wiki/User:TChin_(WMF)/Using_Rector_On_MediaWiki
Change-Id: I1a691f01cd82e60bf41207d32501edb4b9835e37
|
| |
|
|
|
|
|
|
|
| |
This is micro-optimization of closure code to avoid binding the closure
to $this where it is not needed.
Created by I25a17fb22b6b669e817317a0f45051ae9c608208
Change-Id: I0ffc6200f6c6693d78a3151cb8cea7dce7c21653
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add $wgCookieSameSite, which controls the SameSite attribute for login
cookies. This will need to be set to "None" on WMF and other wikis
with a CentralAuth installation spanning multiple registrable domains.
* Add $wgUseSameSiteLegacyCookies, which causes a "legacy" cookie to be
sent without a SameSite attribute whenever a SameSite=None cookie is
sent. I used the prefix "ss0" since it's like SameSite version 0, and
that's shorter than "legacy". It's a prefix instead of a suffix to
avoid the need to update the VCL config which identifies cookie types
by their name suffix.
* Simplify WebRequest::getCookie() removing the unnecessary unicode
normalization. This was added by analogy with GET/POST, I don't
believe it was ever necessary for cookies.
* Add WebRequest::getCrossSiteCookie(), which implements the read side
of the legacy SameSite cookie support.
* Fix Doxygen formatting of the parameter list in
WebResponse::setCookie().
* To work around the lack of SameSite cookie support in PHP 7.2, emulate
setcookie() with header() where necessary.
Bug: T252236
Change-Id: I141ea114fea007a72a4f24bfc34dd81100854d68
|
| |
|
|
|
|
|
|
| |
Remove duplicate casts
Suppress false positives
Bug: T248438
Change-Id: I2f89664a4bcd3b39b15e7cf850adda2f0c90ae6f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate all callers of Hooks::run() to use the new
HookContainer/HookRunner system.
General principles:
* Use DI if it is already used. We're not changing the way state is
managed in this patch.
* HookContainer is always injected, not HookRunner. HookContainer
is a service, it's a more generic interface, it is the only
thing that provides isRegistered() which is needed in some cases,
and a HookRunner can be efficiently constructed from it
(confirmed by benchmark). Because HookContainer is needed
for object construction, it is also needed by all factories.
* "Ask your friendly local base class". Big hierarchies like
SpecialPage and ApiBase have getHookContainer() and getHookRunner()
methods in the base class, and classes that extend that base class
are not expected to know or care where the base class gets its
HookContainer from.
* ProtectedHookAccessorTrait provides protected getHookContainer() and
getHookRunner() methods, getting them from the global service
container. The point of this is to ease migration to DI by ensuring
that call sites ask their local friendly base class rather than
getting a HookRunner from the service container directly.
* Private $this->hookRunner. In some smaller classes where accessor
methods did not seem warranted, there is a private HookRunner property
which is accessed directly. Very rarely (two cases), there is a
protected property, for consistency with code that conventionally
assumes protected=private, but in cases where the class might actually
be overridden, a protected accessor is preferred over a protected
property.
* The last resort: Hooks::runner(). Mostly for static, file-scope and
global code. In a few cases it was used for objects with broken
construction schemes, out of horror or laziness.
Constructors with new required arguments:
* AuthManager
* BadFileLookup
* BlockManager
* ClassicInterwikiLookup
* ContentHandlerFactory
* ContentSecurityPolicy
* DefaultOptionsManager
* DerivedPageDataUpdater
* FullSearchResultWidget
* HtmlCacheUpdater
* LanguageFactory
* LanguageNameUtils
* LinkRenderer
* LinkRendererFactory
* LocalisationCache
* MagicWordFactory
* MessageCache
* NamespaceInfo
* PageEditStash
* PageHandlerFactory
* PageUpdater
* ParserFactory
* PermissionManager
* RevisionStore
* RevisionStoreFactory
* SearchEngineConfig
* SearchEngineFactory
* SearchFormWidget
* SearchNearMatcher
* SessionBackend
* SpecialPageFactory
* UserNameUtils
* UserOptionsManager
* WatchedItemQueryService
* WatchedItemStore
Constructors with new optional arguments:
* DefaultPreferencesFactory
* Language
* LinkHolderArray
* MovePage
* Parser
* ParserCache
* PasswordReset
* Router
setHookContainer() now required after construction:
* AuthenticationProvider
* ResourceLoaderModule
* SearchEngine
Change-Id: Id442b0dbe43aba84bd5cf801d86dedc768b082c7
|
| |
|
|
| |
Change-Id: I54d94f4369eb4fa0b0ebe892a1d6cc57b2bdb1f9
|
| |
|
|
|
|
| |
Similar to FauxRequest
Change-Id: Ia9e4e7287ade605899d935db7c9f1f017e0bcb85
|
| |
|
|
|
|
|
|
|
| |
The 'WebResponseSetCookie' hook is allowed to alter the data for the
cookie being set. We need to actually use those altered values, rather
than setting $cookie and $data earlier in the function.
Bug: T198525
Change-Id: Ia817e3dc5ce17fdcf5057ee5fcb6980baa1333d6
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When jobs are being run synchronously post-send, we don't want to allow
bugs to result in a job somehow setting cookies or headers that
interfere with those that were intended to be set in the request.
Bug: T191537
Change-Id: Ib5714a17af417797140f99e41eaacbba1bfd20f4
|
| |/
|
|
| |
Change-Id: I790b86e2e9e3e41386144637659516a4bfca1cfe
|
| |
|
|
|
|
|
|
| |
Install the backtrace collector very early, so that we can get the
backtrace even if headers were sent from LocalSettings.php.
Bug: T157392
Change-Id: I9bc732b34481c95afb5362e135a87bd4302498e2
|
| |
|
|
| |
Change-Id: Id01f4712e3dd297594e9ed2389ad411be5f553e7
|
| |
|
|
|
|
|
|
|
|
|
| |
This is to fix incorrect calls of header () with null as its third parametre
in WebResponse::header ().
Under HHVM 3.14.3 this causes warnings in error.log and breaks saving page
and user login.
Bug: T140864
Change-Id: I98291e2746e92e22672de077bccfb36ae91d2c62
|
| |
|
|
| |
Change-Id: Ibd548ea5bfe08f7fef35273c5a9c6c70c3faf60e
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Output cache-control headers that disable intermediate caching even if
OutputPage->mEnableClientCache is true when the response includes
set-cookie headers as well. This change mirrors logic that has been in
use on the Wikimedia Foundation production cluster's Varnish cache
system for over 2 years to guard against accidentally caching backend
responses which include Set-Cookie headers.
Co-Author: Max Semenik <maxsem.wiki@gmail.com>
Bug: T127993
Change-Id: I1a0d38a5b9dba754b91a7832371b3dc0df51bd5a
|
| |
|
|
|
|
|
|
|
|
| |
Per wikitech-l consensus:
https://lists.wikimedia.org/pipermail/wikitech-l/2016-February/084821.html
Notes:
* Disabled CallTimePassByReference due to false positives (T127163)
Change-Id: I2c8ce713ce6600a0bb7bf67537c87044c7a45c4b
|
| |
|
|
|
|
|
|
| |
Pass the cookie options by value to WebResponseSetCookie handlers so
that they may alter them.
Bug: T49647
Change-Id: I69ae55baa7806f14726b0b08215c0df471794b39
|
| |
|
|
|
|
|
| |
Fix typo in cookie key name introduced in I1098d05
Bug: T124641
Change-Id: Ib140aa61ba56844191304c4308052148c728bc64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no reason this should be only in CookieSessionProvider when
we're already handling deduplication in WebResponse.
Further, this fixes the bug in the existing CookieSessionProvider
implementation that a setCookie() followed by a clearCookie() wouldn't
actually clear the cookie.
This reverts commit 1ce684fcef1ee69ca0921c05081cae47f90939e5.
Bug: T124252
Change-Id: I1098d054facacd59f03ebed7c747ec9ff6bf66e7
Depends-On: I61d14bf80fa7c857dec9cffb366dc3f84dbb4faf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SessionManager is a general-purpose session management framework, rather
than the cookie-based sessions that PHP wants to provide us.
While fallback is provided for using $_SESSION and other PHP session
management functions, they should be avoided in favor of using
SessionManager directly.
For proof-of-concept extensions, see OAuth change Ib40b221 and
CentralAuth change I27ccabdb.
Bug: T111296
Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
|
| |
|
|
|
|
| |
Easier-to-read alias for setCookie(..., '', time() - 86400).
Change-Id: I0357c4a38085c4754bf6ff7e40756179d19b912d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have this nice class for unit testing cookie-setting, but the
cookie-setting method ignores all the parameters! Fix that. Also provide
accessors to check the entire set of cookie data, and the set cookies as
a whole.
While this does change the semantics of FauxRequest::getcookie() in that
the name now needs to be prefixed, no extension in Gerrit uses this
method so we should be fine.
Also clean up the case of the setCookie and getCookie methods while
we're at it. Since PHP method names are case-insensitive, this doesn't
even break compatibility with extensions.
Change-Id: Ib44a074bf9796bc0b470d557e39465792f399d30
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert existing use of WebResponse::header() for HTTP status headers
to use this new statusHeader() method.
* Extend unit test forFauxResponse.
I'm not calling HttpStatus::header directly in code. We keep the abstraction
layer of WebResponse so that responses can continue to be mocked/fauxed without
affecting the outer HTTP response.
Change-Id: I8a536e16659fa88b54cffa1457efb889efa5fcd6
|
| |
|
|
|
|
|
|
|
| |
This is a direct follow-up for the question raised in Ifab16c2.
Null is not a meaningful value in this case. As far as I can see the
only reason it was added was to make the parameter optional. Optional
array parameters are better marked with "= array()".
Change-Id: I86965d390fdb718de7fb81a9f4c48b2261c16aa9
|
| |
|
|
|
|
|
| |
Main reason to touch this file are the missing "null" types in the
documentation.
Change-Id: Ifab16c276efb3d8c4aa0a27d8d5106d4e3303794
|
| |
|
|
|
|
| |
* This avoids the overhead of an extra function call
Change-Id: I8ee996f237fd111873ab51965bded3d91e61e4dd
|
| |
|
|
|
|
|
| |
Equivalent to FauxResponse::getHeader()
Also change case of FauxResponse::getHeader.
Change-Id: I569b2ebbcd166f5d0a5a5f2dfa913a6aa49e13f4
|
| |
|
|
|
|
| |
https://en.wiktionary.org/wiki/compatability
Change-Id: I71d82ae04d4b17609a1d5a7eec4497115e64972e
|
| |
|
|
|
|
|
|
|
|
| |
- Swap "$variable type" to "type $variable"
- Added missing types
- Fixed spacing inside docs
- Makes beginning of @param/@return/@var/@throws in capital
- Changed some types to match the more common spelling
Change-Id: I783e4dbfe5f6f98b32b9a03ccf6439e13e132bcc
|
| |
|
|
|
|
|
|
| |
Swapped some "$var type" to "type $var" or added missing types
before the $var. Changed some other types to match the more common
spelling. Makes beginning of some text in captial.
Change-Id: I64e8cfe478cb0ba438f40b0631d6e9049cdab567
|
| |
|
|
|
|
|
|
| |
This hack was added in r34083 / 6b16f4410897 to support IE for Mac.
That browser is no longer supported, and no additional user-agent
strings have been added in WMF configuration.
Change-Id: Iffba121a9964e2ad387fad8827ddfd8dabcbd12e
|
| |
|
|
|
|
|
|
|
|
| |
Various bits of code are not using this because it doesn't support
various use cases, e.g. session cookies, httpOnly, custom paths, etc.
Refactor it to add all those options. Also add a hook so extensions can
override the setting of the cookie.
Change-Id: Ia0c424a48d9455a8574d91631cde0f00c9882288
|
| |
|
|
|
|
|
|
|
|
| |
When $wgCookieExpiration is set to 0, cookies should
by default expire when the browser closes. However,
MediaWiki accidentally interpreted this as the cookies
expiring 0 seconds from the request time.
Bug: 47886
Change-Id: Ib988ad18574122a56b0d11c8888c7c41d94dea6e
|
| |
|
|
|
|
|
| |
HTTP headers are case insensitive per spec, and WebRequest
treats them like that, so FauxRequest should too.
Change-Id: I4257af7a8de2792ac556c670dcc7f28e4af4cb44
|
| |
|
|
|
|
|
| |
Added spaces before if, foreach
Added some braces for one line statements
Change-Id: Ibb8dd102db045522d12ff939075ba7420d95ab6b
|
| |
|
|
|
|
|
|
|
|
|
| |
Doxygen expects parameter types to come before the
parameter name in @param tags. Used a quick regex
to switch everything around where possible. This
only fixes cases where a primitve variable (or a
primitive followed by other types) is the variable
type. Other cases will need to be fixed manually.
Change-Id: Ic59fd20856eb0489d70f3469a56ebce0efb3db13
|
| |
|
|
|
|
|
|
| |
The conditional is nominally more performant and considerably more readable
with its constituents flipped. Also adds an explanatory note. Prompted by
confusion over change Ie89507f8e98c365df9d93a7633223103b9025790.
Change-Id: I2d3db63bdbcebe0fd59c063c9f371362c9d07f91
|
| |
|
|
| |
Change-Id: I657ba9b722706d3c71a6fffa3f4b94d35d8de7c5
|
| |
|
|
| |
Change-Id: I8f976013f33c5818e4402604fe8610aa3f43b0c6
|
| |
|
| |
Change-Id: Ie7bb35871cc99237f3a655f7db22ca1f0646df5e
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* @licence -> @license
* Protects inline HTML by using double quotes, our inline comments uses
elements such as <h1> or <firstnameLastname@gmail.com>
* Commands in lowercase (@TODO -> @todo, @NOTE -> @note)
* removes @abstract and @static since doxygen detects them from PHP
code.
* various undocumented function parameters
* typos in parameters declarations
Change-Id: I62ad6fc124c355bf31acc780b9614a59cf79a421
|
| |
|
|
|
|
|
|
| |
Sets a cookie on user login (removed on logout) if wpStickHTTPS
was checked, which causes the browser to get a redirect if they
visit the HTTP version of the site.
Change-Id: I60f44a1062a93d15198edae6674bb3310a148b2d
|
| |
|
|
| |
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/110518
|
| |
|
|
|
|
|
| |
Bug 30315 - Declaration of FauxResponse::setcookie() should be compatible with that of WebResponse::setcookie()
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/94216
|
| |
|
|
|
|
|
| |
WebResponse::setcookie() so I can stop crying when I look at things like CentralAuth and CentralNotice
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/94211
|
| |
|
|
|
|
|
| |
* Made some fixes to that class and removed one unused variable
Notes:
http://mediawiki.org/wiki/Special:Code/MediaWiki/92094
|
