Commit graph

17 commits

Author SHA1 Message Date
Umherirrender d5781bd8a2 build: Swap deprecated @codingStandardsIgnore to phpcs:ignore
Bug: T278594
Change-Id: I33cc55782915f819ca3a05f2c6a535d73ac03e00
2021-04-04 19:06:50 +00:00
Ori Livneh 47f0194c2a Avoid calling into PHP from Lua to check if 'current' or 'empty' frames exist
On the Wikimedia cluster, 1.6% of MediaWiki wall-clock time is burnt on
calls from Lua into Scribunto_LuaSandboxCallback::frameExists()[1]. We
can optimize away many of these calls by not calling into PHP to check
if 'empty' or 'current' exist: the engine always reports that the
'empty' frame exists, and 'current' is guaranteed to have been set up
(in LuaEngine::setupCurrentFrames) prior to calling into Lua.

To help validate this, I added debug logging to the current production
branch of Scribunto[2] to see if there are any cases where
Scribunto_LuaSandboxCallback::frameExists('current') is false. As I
write this commit message, the logging code has been active for 24H and
there have not been any occurrences.

  [1]: https://performance.wikimedia.org/arclamp/svgs/daily/2021-03-16.excimer-wall.all.reversed.svgz
  [2]: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Scribunto/+/672836

Change-Id: I1902b711c9a442a5a42745a582a6a9ff988a355f
2021-03-17 18:04:09 -07:00
libraryupgrader 7e49f2396e build: Updating mediawiki/mediawiki-phan-config to 0.10.6
Change-Id: I400be95d82c6cc5d0473eaba932b34146526eff8
2020-12-30 14:30:00 +00:00
libraryupgrader b9c82f4d4a build: Updating mediawiki/mediawiki-phan-config to 0.10.2
Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.

Change-Id: I83fff3a5ff566790bc051d7bfffe7f3b124d3de7
2020-06-02 01:54:01 +00:00
Brad Jorsch 66f83331db Record vary-page-id when ID is accessed via mw.title
This triggers a needed reparse when a new page is created using a module
that accesses the page ID.

Bug: T237746
Change-Id: I5564c2e896dd2a025c5a886ca478c377fac83e74
2020-02-13 17:24:41 +00:00
libraryupgrader 3b2d40f28d build: Updating mediawiki/mediawiki-phan-config to 0.9.0
Depends-On: I9661ed8dd80cb827d7a1414c1eef952c0933a1f0
Change-Id: Ia34d9d9eade74cbb261dbfe4e39971de57cab888
2019-12-31 20:46:17 +00:00
Brad Jorsch 0ee41431c2 Don't error if someone returns a built-in function from their module
This is getting close to the point of "don't do that, just wrap the
built-in". But since it's a regression in a recent patch, let's restore
the old behavior here.

Bug: T236092
Change-Id: Ieddc23d942bc91fd0246ae14d8a4af7719e3834f
2019-10-23 08:41:40 +00:00
Brad Jorsch 1617bb3deb Return correct frame from mw.getCurrentFrame in certain edge cases
When an #invoke is passed as an argument to another #invoke,
mw.getCurrentFrame() at module scope will return the wrong frame.

On the PHP side, we need to always reset the frame when processing
an #invoke, not just when there's no frame already. I don't remember why
I82dde43e wasn't done that way, but changing it doesn't make any tests
fail and Scribunto tends to have good tests.

On the Lua side, we need to do the same. The logic wih mw.getCurrentFrame()
using a global that gets stored, modified, and reset in several places
was getting confusing, so this patch reworks the logic to inject a
globalless mw.getCurrentFrame() into each #invoke's cloned environment
instead.

Bug: T234368
Change-Id: I8cb5bc4dc14c9b448c9f267e0539daa75e72af4c
2019-10-14 02:39:13 +00:00
libraryupgrader 8deabe62d4 build: Updating dependencies
composer:
* mediawiki/mediawiki-codesniffer: 24.0.0 → 26.0.0

npm:
* set-value: 2.0.0 → 2.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* union-value: 1.0.0 → 1.0.1
  * https://npmjs.com/advisories/1012
  * CVE-2019-10747
* mixin-deep: 1.3.1 → 1.3.2
  * https://npmjs.com/advisories/1013
  * CVE-2019-10746
* lodash: 4.17.11 → 4.17.15
  * https://npmjs.com/advisories/1065
  * CVE-2019-10744

Change-Id: I8a6a2b4264a878c01d1d5a1b58ea59eb400f26a5
2019-08-03 04:53:01 +00:00
Brad Jorsch 164974c4b5 ustring: Replace UtfNormal hack with a different one
Ideally we'd just have composer.json require UtfNormal so we'd know
where it is and have an autoloader to load it for us, but that seems to
not be done in the world of MediaWiki extensions.

Previously we had been taking paths to the two data files from UtfNormal
and loading them into a stub class, but phan has started complaining
about the definition of the stub class colliding with the real UtfNormal.
So let's try loading the real UtfNormal\Validator and its data files.
Hopefully this continues to not try to pull in any other files via the
nonexistent autoloader.

Change-Id: I93baf20f0eef1892685e272793b4f99236e8c905
2019-06-11 00:09:15 +00:00
Brad Jorsch 2e79d0a719 mw.uri: Support IP-Literal syntax
RFC 3986 allows IPv6 literals (and future IP versions) by having the
"host" enclosed in brackets, like `http://[2001:db8::]`. mw.uri should
handle these appropriately.

Bug: T223267
Change-Id: I6f712b87bc376cf606c6c2ebbe80176037d6dddb
2019-05-19 07:55:29 +00:00
Brad Jorsch 18c08c23fc ustring: Match undocumented string.gsub behavior
As documented, string.gub( 'foo', '%a', '%1' ) should raise an invalid
capture index error because there is no capture with index 1 in the
pattern. But in fact it treats %1 as %0 in this situation. The ustring
library should match this behavior.

This patch also adds some tests for the behavior of gsub with table and
function replacements when the pattern does have captures.

Bug: T207623
Change-Id: Ie3e6c2eafa4a05989815c62c7037167642581751
2018-11-01 03:59:35 +00:00
Brian Wolff 961405f222 Suppress phan-taint-check false positives in make-normalization-table.php
Its a command line script, so echoing is not an XSS. It can
do malicious things if given a malicious command line argument,
but that is by design

The last remaining phan-taint-check warning is due to a bug
in the plugin.

Bug: T202380
Change-Id: I19a07f741980a7e4d5e8458395c67523d240d221
2018-08-31 11:23:04 -07:00
Brad Jorsch 32718af677 ustring: Handle invalid types in gsub
If the replacement table or function results in a value that isn't a
string or number (or nil), string.gsub raises an error. Have ustring
raise the same error.

Bug: T195326
Change-Id: Ic36f9f5d7adc0c14e7a4a94d3747335107acd8b6
2018-05-22 18:55:49 -04:00
Brad Jorsch 6be48e2f7a Update ustring data tables
normalization-data.lua is updated to Unicode 8.0.0 (libicu57).

charsets.lua is updated to match the character classes used by PCRE 8.35,
which seems to be Unicode 6.3.0.

upper.lua and lower.lua are still based on whatever ancient version of
Unicode is used by mb_strtoupper and mb_strtolower in HHVM 3.18.6.

Bug: T177498
Change-Id: I00b471176e1fd21123c22d187ff222928819e459
2018-04-16 00:09:59 -07:00
Kunal Mehta f26ecf167d Drop support for generating normalization tables with MW < 1.25
Change-Id: Id9370c2bcab06a22515c6d94bd380f7dc46e81d0
2018-04-09 08:54:22 -07:00
Kunal Mehta 1fad4da137 Move classes into includes/
Change-Id: Ida2c9cac348fe31ecf8d8c0a352e899bcbff1ebf
2018-04-09 08:54:22 -07:00