Commit graph

29 commits

Author SHA1 Message Date
Brad Jorsch 708d87c181 Prevent passing information between #invokes using math.random
It's possible to pass information between multiple #invokes on a page by
having the first call math.randomseed with one of a set of known seeds
and then having the second examine the output from math.random to
determine which of those known seeds was used.

Prevent that by calling math.randomseed( 1 ) when invoking (see the bug
for details on why that seed). But avoid doing so if e.g. a
frame:expandTemplate() call results in a recursive invoke.

Bug: 62291
Change-Id: Id01cb63eca52ced29bf4efebc38beb9f159b7b0e
2014-04-01 13:46:09 -04:00
Brad Jorsch 0763e22292 Expose PPFrame::getTitle to Lua
This field already exists in PHP with exactly the content requested in
bug 47089, so we may as well expose it on the frame object.

Bug: 47089
Change-Id: I672820589f6ebc7c4daad29b5eb156733a5bc5cc
2013-12-10 04:26:03 +00:00
Brad Jorsch d4331f0c96 Add mw.isSubsting()
It's already possible to detect whether the current template is being
substituted via ParserFunctions (see [[en:Template:Ifsubst]]), and a
similar trick works with frame:preprocess. So we may as well provide the
flag directly.

Bug: 47828
Change-Id: Id06d27c6283ee589a8830b78c04e56978e0ac6da
2013-10-31 22:05:00 -04:00
Brad Jorsch 18f858314a Fix frame:extensionTag when not passed args
Bug: 55436
Change-Id: I82b638e89be1d57c941cc4534dc44944a7389740
2013-10-07 14:43:05 -04:00
Brad Jorsch d9ba200571 Add mw.logObject
People have requested a method to log a table as something more detailed
than just "table", to be able to inspect values while debugging.

Bug: 48173
Change-Id: Ia58cab834e87842927a2a13d153ee32473f74086
2013-07-26 05:15:20 +00:00
Brad Jorsch 3622f82bd1 (bug 47300) Fix sandboxing with require
Two related issues:
* The package module was inheriting the loaders from the outer sandbox,
  so loaded modules were being loaded into the outer sandbox's
  environment.
* mw.loadData was using the outer sandbox's require(), so again loaded
  modules were being loaded into the outer sandbox's environment.

Bug: 47300
Change-Id: I48d8dd4784c9a890e3abb6389f96f38e1420dbbb
2013-04-24 06:19:44 +00:00
Brad Jorsch 581b2306af Remove mw.getLogBuffer and others from public interface
One of the design goals of Scribunto is that each #invoke should be
independent. Creative use of mw.log and mw.getLogBuffer can get around
this, passing information from one #invoke to the next.

This patch takes the simple solution of removing mw.getLogBuffer from
modules' environments. For good measure, it also removes
mw.clearLogBuffer and mw.executeModule.

Some minor cleanup of the console code is also included.

Change-Id: I30d73928bade4a6bdd7c00ffcd58a3858ff55698
2013-04-14 23:59:07 +00:00
Brad Jorsch 541e61a1c4 (bug 41769) Add frame:callParserFunction() and frame::extensionTag()
Requires change I339b882010dedd714e7965e25ad650ed8b8cd48f to
mediawiki/core.

Bug: 41769
Change-Id: I0138836654b0e34c5c23daaedcdf5d4f9d1c7ab2
2013-03-18 13:46:26 -04:00
Brad Jorsch b6ea64f132 Make mw.getCurrentFrame() work in console, add frame:newChild()
It would be helpful for debugging if a frame object could be gotten in
the console. To that end, add an empty frame when running in the console
and allow it to be returned by mw.getCurrentFrame().

It would also be helpful to be able to create frames with arbitrary
arguments, again for testing. Fortunately support for creating child
frames with arbitrary arguments already exists in core, so we can just
use it.

And for good measure, be sure to restore the $engine->currentFrames
array even if the Lua code throws an exception.

Change-Id: I1dc8602d63af75424f267c42a3743fabbc1827f7
2013-03-12 14:42:36 +11:00
Brad Jorsch 00d4b711ed Add mw.loadData, for static data loading
People sometimes want to load large tables of constant data from a
module. Using require(), this has to be reparsed every time, which can
be slow.

mw.loadData() will load the just data once, and return a table with a
metatable cleverly designed to give read-only access to the loaded data.

Change-Id: Icec192bdbe6cfca7902fd5cb5d0e217bd8399637
2013-02-21 23:03:53 +00:00
Brad Jorsch 1efe182e40 Hide mw.makeProtectedEnvFuncs from modules
Allowing a module to call mw.makeProtectedEnvFuncs() lets it bypass the
allowEnvFuncs setting. It can also be used to manipulate the global
tables that other modules' sandboxes will be copied from.

And for paranoia's sake, let's tighten up what setfenv is allowed to
set. This requires changing a unit test, because it is no longer
sane to do something like

 env.setfenv, env.getfenv = mw.makeProtectedEnvFuncs( { [env] = true }, {} )

Nothing real does this, it was only in the unit test.

Change-Id: I8e0d83bb0980ee869af3ac4413afd211717ca92f
2013-02-14 16:49:15 -05:00
Tim Starling ce062407ab Fix further non-local effects of library registration
Fixed several accidental leaks to the global namespace due to missing
"local" declaration. Removed extension of the string table by mw.uri,
same justification as I5d0ddb70.

Change-Id: Iba1bf8e651d4ce05812e4a9a7a074cb6679297a0
2013-02-13 15:40:18 +11:00
Brad Jorsch d6116fa6ba Make pairs and ipairs work with frame.args
Using the 5.2 compatability added in I37efc59a, we can now make
pairs( frame.args ) work.

Change-Id: Iefdca8805b08ea222251f28514b2c92182a7feb3
2013-02-12 06:41:33 +00:00
Brad Jorsch 8b27dc742d Add incrementExpensiveFunctionCount() methods
To allow Lua libraries to mark functions as expensive, add an
incrementExpensiveFunctionCount() method to Scribunto_LuaEngine that
will call the corresponding Parser method and throw an error if the
limit is exceeded.

Also allow libraries to do the same thing from Lua by calling
mw.incrementExpensiveFunctionCount().

Change-Id: I56fded32b1077eff3980371e9abc9b3b7581f7b5
2013-02-01 15:55:16 -05:00
Brad Jorsch 4c69b1350e Lua library support functions
Adds a base class for libraries with some utility functions in PHP, and a
Lua library with utility functions for use from Lua.

Change-Id: I3d67b1de8bc50488fe3a722e4e2de5849285d127
2013-01-31 12:40:39 -05:00
Brad Jorsch 0a8a07de2f Fix package.loaded and other cleanups
The listing of the standard modules in package.loaded seems to have been
removed to avoid leaking information to loaded modules. However, since
the *entire* environment is cloned, *including* package.loaded itself,
this does not seem to actually be a problem. But for good measure, also
add a unit test to verify that the version of the standard module tables
referenced from package.loaded is the same as that in _G.

This change also cleans up some unused local variables and an unused
local function from the package module.

Change-Id: I7ec8227b3273059e8f65ad735c215bfd0c623e64
2013-01-30 17:24:09 +00:00
Brad Jorsch dd5241273b Support __pairs and __ipairs
Lua 5.2 introduces a nice feature where a metatable can override the
standard behavior of the pairs() and ipairs() functions. That would be
very useful in allowing a more standard syntax for our frame.args, and
it's very easy to do both in C and in Lua.

Change-Id: I37efc59a0c8876ee16184807e15fafbc07e2d288
2013-01-24 15:46:33 -05:00
Brad Jorsch af0f1926f4 Fix mw.allToString( nil )
This should return "nil", not the empty string.

Change-Id: I6363e5ca8c1966e45eec9d05fb583fb4f98a92b5
2013-01-09 05:56:55 +00:00
Brad Jorsch 8c2300e320 Make loader available to console, interface modules
The package module is loaded into the "base" environment but not
correctly initialized, so interface modules and the console cannot
actually load anything.

Change-Id: I92a47d318ccadd7361edb1ac3b0e4bb304ff8a9c
2013-01-09 05:47:06 +00:00
Brad Jorsch 9a5dc931f5 Allow mw.log and console to handle multiple values
In the debug console, "=unpack( { 1, 2, 3 } )" prints only "1". And
similarly, "mw.log( 1, 2, 3 )" logs only "1". Since Lua uses multiple
return values extensively, this is not particularly helpful.

Following the lead of the lua command-line client, change these to
output multiple values by converting each one using tostring() and then
concatenating them with tab as a separator.

Change-Id: I791d4c92415fc722bbd7c62d0f5f88752d31fe07
2012-12-21 10:26:38 -05:00
Tim Starling aacca08815 Add mw.getCurrentFrame()
Provide a convenient means to access the current frame so that the
parameter passed to module functions won't need to be conventionally
stored in a global variable.

Change-Id: I0254d86a1094866a3ce4899e4021d0b33367bb35
2012-09-06 14:54:26 +10:00
Tim Starling b5c36bad59 Debug console module
* Added a debug console to the edit page, allowing unsaved modules to be
  tested.
* Removed the "preview" button from the edit page.
* Only show the "ignore code errors" checkbox on module edit pages, not
  all edit pages.
* Added Lua function mw.log() for sending messages to the debug log.

Change-Id: Ia51f439e573a1deb5b83f94ddd1a86792d5569c1
2012-07-14 14:35:55 +10:00
Tim Starling c45034b250 Give a helpful error message if frame methods are called incorrectly
Change-Id: Iae1ed064eb540122c89f0e93f20e76569ec3d1fe
2012-07-03 13:02:03 +10:00
Tim Starling 441943bd9b Do not allow access to setfenv() and getfenv() by default
Optionally remove setfenv and getfenv from the global environment in
which user code runs. This will improve the forwards-compatibility of
user code with Lua 5.2.

Porting to Lua 5.2 would still be a daunting project, of questionable
value, but at least only the internal code would need updating, and not
thousands of on-wiki modules. Compared to the environment changes, the
rest of the Lua 5.2 changes are relatively easy to simulate for
backwards compatibility.

Removed module() from the package module, since it depends on setfenv().
The native version of it is deprecated in Lua 5.2 for that reason.

Change-Id: I978903ca98943ac941833da13fe5027949f6b429
2012-05-31 15:02:04 +02:00
Tim Starling 6bc11ff615 New parser interface
* Implemented the new parser interface based on a frame object, as
  described in the design document and wikitech-l.
* Added parser tests for the new interface.
* Removed {{script:}} parser function
* Allow named parameters to {{#invoke:}}
* Don't trim the return value
* If a function invoked by #invoke returns multiple values, concatenate
  them into a single string.
* If there is an error during parse, show the error message as an HTML
  comment as well as via JavaScript. This makes parser test construction
  easier, and probably makes debugging easier also.
* Rename mw_internal to mw_php to clarify its role. It is now strictly a
  private Lua -> PHP interface function table.
* Protect mw.setup() against multiple invocation.
* Fixed a bug in Scribunto_LuaStandaloneInterpreter::receiveMessage():
  large packets caused fread() to return with less than the requested
  amount of data, which previously caused an exception. It's necessary
  to check for EOF and to repeat the read to get all data. The receive
  function on the Lua side does not suffer from this problem.
* In the standalone engine, fixed a bug in the interpretation of null
  return values from PHP callbacks. This should return no values to Lua.
* Updated the Lua unit tests to account for the fact that functions are
  now forced to return strings.
* Updated the getfenv and setfenv tests to account for the extra stack
  level introduced by mw.executeFunction().

Change-Id: If8fdecdfc91ebe7bd4b1dae8489ccbdeb6bbf5ce
2012-05-22 14:18:49 +10:00
Tim Starling 41b93dd7e1 Fixed setfenv() across a tail call
Fixed the issue noticed during testing of da06273e, and which resulted
in satest.setfenv1() being disabled. It's not possible to protect
environments by iterating through every stack level, calling getfenv()
at each one, because if any of the stack levels is a tail call, an error
is raised.

Such a tail call was introduced in da06273e, which is why the test broke.

Instead, just protect the actual specified environments, not their
callers. The callers will have to protect themselves.

Change-Id: If39104010ff2663c1bae5105cc8d37e276532100
2012-04-24 12:33:06 +10:00
tstarling b68cae904a More tests and some related bug fixes
* Added tests for the engine classes.
* Added some tests that run under Lua.
* In the chunk names, fixed truncation of module names at 60 bytes
  by using an "=" prefix instead of @.
* Fixed a bug in mw.clone() which was causing the metatable to be set on
  the source table instead of the destination.
* Put restricted setfenv/getfenv in the cloned environment rather than
  the base environment, they work better that way.
* In setfenv(), check for getfenv() == nil, since that's what our own
  restricted getfenv returns.
* Fixed getfenv() handling of numeric arguments: add one where
  appropriate.

Change-Id: I2b356fd65a3fcb348c4e99a3a4267408fb995739
2012-04-19 17:48:20 +10:00
tstarling cebe775ee8 Added more Lua environment features
Package library:

* Added a simulation of the Lua 5.1 package library.
* Removed mw.import(), replaced it with a package loader. Packages can be
  retrieved from the wiki, using require('Module:Foo'), or from files
  distributed with Scribunto, using require('foo'). The "Module:" prefix allows
  for source compatibility with existing Lua code.
* Added a couple of libraries from LuaForge: luabit and stringtools.
* Made fetchModuleFromParser() return null on error instead of throwing an
  exception, to more easily support the desired behaviour of the package loader,
  which needs to return null on error.
* Renamed mw.setupEnvironment() to mw.setup() since it is setting up things
  other than the environment now.
* In MWServer:handleRegisterLibrary(), remove the feature which interprets dots
  in library names, since LuaSandbox doesn't support this.

Improved module isolation and related refactoring:

* Expose restricted versions of getfenv() and setfenv() to user Lua code.
  Requires luasandbox r114952.
* Don't cache the export list returned by module execution for later function
  calls. This breaks isolation of #invoke calls, since the local variables are
  persistent.
* Removed ScribuntoFunctionBase and its children, since it doesn't really have
  a purpose if it can't cache anything. Instead, invoke functions using a module
  method called invoke().
* Removed Module::initialize(), replaced it with a validate() function. This is
  a more elegant interface and works better with the new module caching scheme.
* Use a Status object for the return value of Engine::validate() instead of an
  array. Use the formatting facilities of the Status class.

Other:

* Removed "too many returns" error, doesn't fit in with Lua conventions.
* Use the standalone engine by default, so that the extension will work without
  configuration for more people.
* Added an accessor for $engine->interpreter
* Fix mw.clone() to correctly clone metatables
* If the standalone interpreter exits due to an error, there are some contexts
  where the initial error will be caught and ignored, and the user will see the
  error from checkValid() instead. In this case, rethrow the original error for
  a more informative message.
* Load mw.lua into the initial standalone environment, to reduce code
  duplication between mw.lua and MWServer.lua.
* Fixed a bug in Scribunto_LuaStandaloneInterpreter::handleCall() for functions
  that return no results.
* Fixed a bug in encodeLuaVar() for strings with "\r". Added test case.
* In MWServer.lua, don't call error() for internal errors, instead just print
  the error and exit. This avoids a protocol violation when an error is
  encountered from within handleCall().
* Added lots of documentation. Lua doc comments are in LuaDoc format.

Change-Id: Ie2fd572c362bedf02f45d3fa5352a5280e034740
2012-04-18 13:46:18 +10:00
tstarling 54cedd69b8 Introduced standalone interpreter, implemented module isolation
* Introduced a Lua implementation based on shelling out to a standard Lua binary.
* Bundled several Lua binaries for common platforms. I haven't added a 32-bit Linux binary yet, but that will come.
* Refactored the existing Lua class, bringing out functionality common to all Lua implementations into a set of common base classes.
* Moved the bulk of the implementation-specific functionality into a set of "interpreter" classes.
* Renamed LuaSandboxEngine to Scribunto_LuaSandboxEngine
* Don't create an engine object unconditionally when the ParserLimitReport hook is called.
* Implemented isolation of module global variable namespaces. This means that separate {{#invoke}} calls can't pass data to each other -- this was a desired feature in planning since it allows more flexibility in wikitext parser design. Isolation for mw.import() means that modules cannot accidentally create global variables which affect other modules -- exports are solely via the return value.

Change-Id: I3fa35651fe5b1fbfd85adeadc220b1ea31cd6f0b
2012-04-13 20:45:26 +10:00