https://www.mediawiki.org/wiki/Extension:Scribunto says that master
requires 1.25+, so let's remove checks for stuff that was added before
that.
* PPFrame::getTTL() was in 1.24.
* PPFrame::setTTL() was in 1.24.
* PPFrame::isVolatile() was in 1.24.
* Parser::fetchCurrentRevisionOfTitle() was in 1.24.
* ObjectCache::getLocalServerInstance() was added in 1.27, so restore the call to ObjectCache::newAccelerator() as BC.
This also removes BC with the php-luasandbox extension older than 1.6, which
was released before MediaWiki 1.22.
Bug: T148012
Change-Id: I36e37f3b65d0f167e1d28b00e0842d9721feee31
The following continue to be ignored:
* Generic.Arrays.DisallowLongArraySyntax.Found, because I'm not sure
Scribunto is ready to abandon old version support in master.
* MediaWiki.ControlStructures.AssignmentInControlStructures.AssignmentInControlStructures,
because it's overly strict for its purpose.
Squiz.Classes.ValidClassName.NotCamelCaps isn't ignored globally, we
just ignore it explicitly every place it's needed.
Change-Id: I307668da6ef7b3e23da19b1fd1e08914239b99b3
These binaries were compiled from a manually lua-5.1.5 source tree.
Linux binaries were built by Anomie. Mac OS X and Windows by dpatrick.
Bug: T72541
Change-Id: I6af0f042c491785cce26afc186a148c83c4f3414
Marius found a race condition in the handling of SIGXCPU: the pipes
would close, causing the read/write to complete, before the status of
the process changed, so the status would randomly be "running" for a few
milliseconds after proc_get_status() was called.
So: terminate the process unconditionally after an I/O error. Get the
exit status from proc_close(), since that's the only way to get the
status of a terminated process while simultaneously waiting for it to
exit. Also fix signal identification as in unmerged patch I57cdf8aa.
Change-Id: I252ec046e82063a868c1094e81705cb5e847db92
This is apparently unofficially deprecated, and we can do things a bit
more straightforwardly by using ParserOutput::addJsConfigVars() to
communicate the error messages to the JS.
This also takes the opportunity to move "ext.scribunto", which is mostly
about errors, to "ext.scribunto.errors".
Bug: T75618
Change-Id: I1577dab2dab1bd79cb127879de141fdbb8963aeb
There are like a billion things missing in the inline documentation
of this extension. Wow. This is what I can do for now.
Change-Id: I019c24d13cf5cb22dde4d710b86ef8f976e1ec96
People have been complaining that they can't find the log data anywhere.
The new parser limit report seems a good place to show this information.
Change-Id: If2abf27f7779d92ff7c7a1f32b2a54a5de521678
Clean up trailing whitespace from all of our code, and add comments
indicating that apparently unused variables are ScopedCallbacks.
Change-Id: I8e5997797cc7b1c64c5351ec112a18f30edc8fef
LuaStandalone only uses 2 functions from mw.lua, so move them to their own
file to avoid running the whole thing twice.
Change-Id: Ia4d58f44be17f7a71666dbe750e66d9d90cb5c2f
The LuaStandalone interpreter needs to keep a mapping from integers
returned to PHP to the corresponding function. But if it never releases
these functions when PHP no longer has any reference to them, it can
result in Lua running out of memory if a module with a large number of
functions is invoked many times in one page.
The fix here is to track which function ids are referenced from PHP, and
periodically send the list to Lua so it can remove any that are no
longer used from its cache.
This also takes care of another issue where having multiple interpreter
instances and passing function objects from one into another could call
the wrong function in Lua.
Bug: 51886
Change-Id: I4f15841051f7748d1d6df24080949e5cbd88f217
Change Ie065c7b5 added an option to show profiling data at the bottom of
preview pages, and with it new hooks to gather and format this data in a
more structured way than is possible with ParserLimitReport. This change
adds support for the new hooks.
Depends-On: I7799616a602d90e1b8d3f0ece35811ca387bade7
Change-Id: Idffd2d78f9a0217c99c07cbbfc844d6daf0172f7
PHP can't handle having arrays/objects or functions as keys in its
arrays, so make sure we don't try to pass them from Lua. Booleans aren't
really well-handled either, so let's disallow them too.
Also, add tests for proper stringification of floats and infinities when
those are used as keys.
Note this behavior change is needed to match the change in LuaSandbox
for fixing bug 54527, but isn't itself a security issue.
Change-Id: I1e2951bbe8cb78358650ad377bf7119fcac4485d
The binaries currently provided were compiled against glibc 2.11+, so
people using CentOS 5 (which has glibc 2.5) are not able to use them.
The binaries in this patch were compiled in VMs installed with CentOS
5.9, and so should work for more people; at a glance, it looks like
glibc 2.3 or later will probably work now.
Bug: 51333
Change-Id: Iac1f2373bbc0bbca8783c82c09eff51ffd5e3761
If the user is on a webhost that has proc_open listed in PHP's
disable_functions directive, we should give a better error message.
Until we no longer support PHP below 5.4, we should do the same for
safe_mode. And since we're doing that, we may as well report any other
warnings if proc_open fails, too.
In addition, this cleans up error handling in
Scribunto_LuaEngine::load() so it doesn't pretend the interpreter is
loaded if getInterpreter() throws an exception. Otherwise other code
winds up with PHP fatal errors trying to access a null value.
Bug: 50706
Change-Id: I2887b722e089fd7a526aa7dcab9c80deb343d8ac
If the interpreter exits before the end of the page, then the call to
Scribunto_LuaStandaloneEngine::getLimitReport() throws an uncaught
exception when it tries to access the interpreter. Catch it.
Change-Id: I7ce4f09b1b2206f13ab0f422de35e0b69a3b24d5
On Windows for LuaStandalone, the lua executable's standard output is a
text-mode file handle, even if the pipe is opened from PHP with the
binary flag. Which means that when Lua returns a "\n", it gets silently
rewritten to "\r\n" and the unserialization fails.
So, change the protocol for Lua→PHP messages to encode \r and \n (and \
itself, as the escape character) to avoid this issue.
Bug: 46294
Change-Id: I73b5f44e8aa0334f5fd03013dc027d1a57318349
Use the SoftwareInfo hook to add the versions of LuaSandbox and Lua to
Special:Version.
Bug: 39655
Change-Id: I912197efee0211066677c4d46e638fb546a410c6
Currently, the time taken to parse the arguments passed to a Lua
function from #invoke will be counted against Lua's 10-second limit.
This is counterintuitive, and can remove incentive for users to convert
templates to Lua since they may have to convert a whole stack at once.
Note this requires change I11881232 to mediawiki/php/luasandbox to
actually have any effect.
Bug: 45684
Change-Id: I773950e4c399b8a1cfa6d1cde781a069d286b3bd
Adds a base class for libraries with some utility functions in PHP, and a
Lua library with utility functions for use from Lua.
Change-Id: I3d67b1de8bc50488fe3a722e4e2de5849285d127
In Lua, a table entry with a nil value is the same as a table entry that
doesn't exist. So when serializing for transfer to PHP, these keys will
be skipped. For a table as an associative array this isn't much of a
problem, but for a table as a list it means we have missing indexes.
Some of Lua's functions for handling "lists" (i.e. tables with numeric
keys) also have a problem when the list contains nils.
To work around these issues when passing argument lists and return value
lists, pass the number of elements along with the sparse list. On the
PHP end we can use this to fill in the missing nulls, and on the Lua
end we can pass this count to unpack() to avoid the problems on the Lua
side.
Change-Id: I858e3905a06e377693301da2b8bc534808f00e3e
Built-in modules (e.g. the upcoming ustring) should be able to extend
the string metatable, but user modules (and the debug console) should
not be able to.
But currently built-in modules cannot extend the string metatable in
LuaStandalone, while in LuaSandbox the string metatable can be extended
in the console. Fix this and add unit tests.
Change-Id: I15f5598fed318f2fe26b08ec47e16053dddc13c4
Currently, the only way for PHP to pass a function to Lua is to pass
back a function that it received from Lua. This means, for example, that
PHP cannot implement a Lua iterator function except by registering a
library holding the function or by using loadString.
This changeset adds Scribunto_LuaInterpreter::wrapPhpFunction (and
implements it for both LuaSandbox and LuaStandalone), which takes a PHP
callable and returns a Lua function wrapping it.
Note that fallback code is included so this does not depend on
I2e552799.
Change-Id: Ic0a98eec7cc17ef4b1acee032c0f42d617b998d2
There's no reason LuaStandalone cannot handle NaN and Inf.
Also, add some unit tests to check this.
Change-Id: I8570242a792e212489ad24dfc04fb1f2940190a5
* string.format() truncates the string at a null character, causing a
deadlock when Lua attempts to send null characters to PHP. Use
concatenation instead.
* Added test.
* Fixed an error reporting issue in the console, which I happened to
notice at the same time as the above bug.
Change-Id: I2e6061a04512557492bffbd04bc09ca3bc1d80d6
* Implemented the new parser interface based on a frame object, as
described in the design document and wikitech-l.
* Added parser tests for the new interface.
* Removed {{script:}} parser function
* Allow named parameters to {{#invoke:}}
* Don't trim the return value
* If a function invoked by #invoke returns multiple values, concatenate
them into a single string.
* If there is an error during parse, show the error message as an HTML
comment as well as via JavaScript. This makes parser test construction
easier, and probably makes debugging easier also.
* Rename mw_internal to mw_php to clarify its role. It is now strictly a
private Lua -> PHP interface function table.
* Protect mw.setup() against multiple invocation.
* Fixed a bug in Scribunto_LuaStandaloneInterpreter::receiveMessage():
large packets caused fread() to return with less than the requested
amount of data, which previously caused an exception. It's necessary
to check for EOF and to repeat the read to get all data. The receive
function on the Lua side does not suffer from this problem.
* In the standalone engine, fixed a bug in the interpretation of null
return values from PHP callbacks. This should return no values to Lua.
* Updated the Lua unit tests to account for the fact that functions are
now forced to return strings.
* Updated the getfenv and setfenv tests to account for the extra stack
level introduced by mw.executeFunction().
Change-Id: If8fdecdfc91ebe7bd4b1dae8489ccbdeb6bbf5ce
* Use LuaSandbox::getPeakMemoryUsage() from r115086
* Fixed the debug.traceback function from da06273e, was nil
Change-Id: Iae4b195ffe25a522d4c37f9c8341e1d6ea3ae106
* Added error backtrace collection to MWServer:handleCall()
* When there is an error on parse, show a short and simple inline error
message to the user, which when clicked, expands to a full error with
HTML-formatted backtrace.
* When an error is encountered during module validation, have the code
editor jump directly to the line. Requires r115011.
* Expose the code location of most errors to Scribunto, by parsing the
standard error message format.
* During module validation, abbreviate the error location if the error
is in the same module.
* Do not execute the module during validation, just parse it. Execution
does not really work without an active parse operation in progress.
It already caused a fatal error if you called require() from the main
chunk, and problems would have become more visible as more
parser-related APIs were added.
* LuaSandbox does not yet provide backtraces, but this is planned.
Change-Id: Id9f6564a41b310792b3fe3ebb527cbf8f8771bd1
* Added tests for the engine classes.
* Added some tests that run under Lua.
* In the chunk names, fixed truncation of module names at 60 bytes
by using an "=" prefix instead of @.
* Fixed a bug in mw.clone() which was causing the metatable to be set on
the source table instead of the destination.
* Put restricted setfenv/getfenv in the cloned environment rather than
the base environment, they work better that way.
* In setfenv(), check for getfenv() == nil, since that's what our own
restricted getfenv returns.
* Fixed getfenv() handling of numeric arguments: add one where
appropriate.
Change-Id: I2b356fd65a3fcb348c4e99a3a4267408fb995739
Package library:
* Added a simulation of the Lua 5.1 package library.
* Removed mw.import(), replaced it with a package loader. Packages can be
retrieved from the wiki, using require('Module:Foo'), or from files
distributed with Scribunto, using require('foo'). The "Module:" prefix allows
for source compatibility with existing Lua code.
* Added a couple of libraries from LuaForge: luabit and stringtools.
* Made fetchModuleFromParser() return null on error instead of throwing an
exception, to more easily support the desired behaviour of the package loader,
which needs to return null on error.
* Renamed mw.setupEnvironment() to mw.setup() since it is setting up things
other than the environment now.
* In MWServer:handleRegisterLibrary(), remove the feature which interprets dots
in library names, since LuaSandbox doesn't support this.
Improved module isolation and related refactoring:
* Expose restricted versions of getfenv() and setfenv() to user Lua code.
Requires luasandbox r114952.
* Don't cache the export list returned by module execution for later function
calls. This breaks isolation of #invoke calls, since the local variables are
persistent.
* Removed ScribuntoFunctionBase and its children, since it doesn't really have
a purpose if it can't cache anything. Instead, invoke functions using a module
method called invoke().
* Removed Module::initialize(), replaced it with a validate() function. This is
a more elegant interface and works better with the new module caching scheme.
* Use a Status object for the return value of Engine::validate() instead of an
array. Use the formatting facilities of the Status class.
Other:
* Removed "too many returns" error, doesn't fit in with Lua conventions.
* Use the standalone engine by default, so that the extension will work without
configuration for more people.
* Added an accessor for $engine->interpreter
* Fix mw.clone() to correctly clone metatables
* If the standalone interpreter exits due to an error, there are some contexts
where the initial error will be caught and ignored, and the user will see the
error from checkValid() instead. In this case, rethrow the original error for
a more informative message.
* Load mw.lua into the initial standalone environment, to reduce code
duplication between mw.lua and MWServer.lua.
* Fixed a bug in Scribunto_LuaStandaloneInterpreter::handleCall() for functions
that return no results.
* Fixed a bug in encodeLuaVar() for strings with "\r". Added test case.
* In MWServer.lua, don't call error() for internal errors, instead just print
the error and exit. This avoids a protocol violation when an error is
encountered from within handleCall().
* Added lots of documentation. Lua doc comments are in LuaDoc format.
Change-Id: Ie2fd572c362bedf02f45d3fa5352a5280e034740
* Added unit tests for the two Lua interpreter classes
* Fixed a bug in checkType()
* Have Scribunto_LuaSandboxInterpreter throw an exception on construct
when the extension doesn't exist, to match the standalone behaviour.
* In Scribunto_LuaSandboxInterpreter, removed debugging statements
accidentally left in.
* Convert LuaSandboxTimeoutError to the appropriate common error
message.
* Moved the option munging from the sandbox engine to the interpreter,
so that the interpreter can be unit tested separately.
* Use /bin/sh instead of bash for lua_ulimit.sh, since dash is smaller
and still supports ulimit.
* Use exec to run the lua binary, so that the vsize of the shell doesn't
add to the memory limit.
* Added a quit function to the standalone interpreter. Unused at present.
* Don't add a comma after the last element of a table in a Lua
expression.
* Make the SIGXCPU detection work: proc_open() runs the command via a
shell, which reports signals in the child via the exit status, so
proc_get_status() will never return a valid termsig element.
* In MWServer:call(), fixed a bug causing the return values to be
wrapped in an array.
* Fixed a misunderstanding of what select() does.
* In MWServer:getStatus(), fixed indexes so that vsize will be correct.
Removed RSS, since it wasn't used anyway and turns out to be measured
in multiples of the page size, and I couldn't be bothered trying to
fetch that from getconf. Return the PID and vsize as numbers rather
than strings.
* Added a simple table dump feature to MWServer:debug().
* Fixed brackets in MWServer:tostring().
* Added missing Linux 32-bit binary.
Change-Id: Ibf5f4656b1c0a9f81287d363184c3fe9d2abdafd
* Introduced a Lua implementation based on shelling out to a standard Lua binary.
* Bundled several Lua binaries for common platforms. I haven't added a 32-bit Linux binary yet, but that will come.
* Refactored the existing Lua class, bringing out functionality common to all Lua implementations into a set of common base classes.
* Moved the bulk of the implementation-specific functionality into a set of "interpreter" classes.
* Renamed LuaSandboxEngine to Scribunto_LuaSandboxEngine
* Don't create an engine object unconditionally when the ParserLimitReport hook is called.
* Implemented isolation of module global variable namespaces. This means that separate {{#invoke}} calls can't pass data to each other -- this was a desired feature in planning since it allows more flexibility in wikitext parser design. Isolation for mw.import() means that modules cannot accidentally create global variables which affect other modules -- exports are solely via the return value.
Change-Id: I3fa35651fe5b1fbfd85adeadc220b1ea31cd6f0b
