use Wikimedia\ScopedCallback;
use Wikimedia\Rdbms\DBReplicationWaitError;
-// Hide compatibility functions from Doxygen
-/// @cond
-/**
- * Compatibility functions
- *
- * We support PHP 5.5.9 and up.
- * Re-implementations of newer functions or functions in non-standard
- * PHP extensions may be included here.
- */
-
-// hash_equals function only exists in PHP >= 5.6.0
-// https://secure.php.net/hash_equals
-if ( !function_exists( 'hash_equals' ) ) {
- /**
- * Check whether a user-provided string is equal to a fixed-length secret string
- * without revealing bytes of the secret string through timing differences.
- *
- * The usual way to compare strings (PHP's === operator or the underlying memcmp()
- * function in C) is to compare corresponding bytes and stop at the first difference,
- * which would take longer for a partial match than for a complete mismatch. This
- * is not secure when one of the strings (e.g. an HMAC or token) must remain secret
- * and the other may come from an attacker. Statistical analysis of timing measurements
- * over many requests may allow the attacker to guess the string's bytes one at a time
- * (and check his guesses) even if the timing differences are extremely small.
- *
- * When making such a security-sensitive comparison, it is essential that the sequence
- * in which instructions are executed and memory locations are accessed not depend on
- * the secret string's value. HOWEVER, for simplicity, we do not attempt to minimize
- * the inevitable leakage of the string's length. That is generally known anyway as
- * a chararacteristic of the hash function used to compute the secret value.
- *
- * Longer explanation: http://www.emerose.com/timing-attacks-explained
- *
- * @codeCoverageIgnore
- * @param string $known_string Fixed-length secret string to compare against
- * @param string $user_string User-provided string
- * @return bool True if the strings are the same, false otherwise
- */
- function hash_equals( $known_string, $user_string ) {
- // Strict type checking as in PHP's native implementation
- if ( !is_string( $known_string ) ) {
- trigger_error( 'hash_equals(): Expected known_string to be a string, ' .
- gettype( $known_string ) . ' given', E_USER_WARNING );
-
- return false;
- }
-
- if ( !is_string( $user_string ) ) {
- trigger_error( 'hash_equals(): Expected user_string to be a string, ' .
- gettype( $user_string ) . ' given', E_USER_WARNING );
-
- return false;
- }
-
- $known_string_len = strlen( $known_string );
- if ( $known_string_len !== strlen( $user_string ) ) {
- return false;
- }
-
- $result = 0;
- for ( $i = 0; $i < $known_string_len; $i++ ) {
- $result |= ord( $known_string[$i] ) ^ ord( $user_string[$i] );
- }
-
- return ( $result === 0 );
- }
-}
-/// @endcond
-
/**
* Load an extension
*
*
* @todo Need to integrate this into wfExpandUrl (see T34168)
*
+ * @since 1.19
+ *
* @param string $urlPath URL path, potentially containing dot-segments
* @return string URL path with all dot-segments removed
*/
if ( $cache !== null ) {
return $cache;
}
- # Check for raw action using $_GET not $wgRequest, since the latter might not be initialised yet
+ // Check for raw action using $_GET not $wgRequest, since the latter might not be initialised yet
+ // phpcs:ignore MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals
if ( ( isset( $_GET['action'] ) && $_GET['action'] == 'raw' )
|| (
isset( $_SERVER['SCRIPT_NAME'] )
* If $wgShowHostnames is true, the script will also set 'wgHostname' to the
* hostname of the server handling the request.
*
- * @return string
+ * @param string $nonce Value from OutputPage::getCSPNonce
+ * @return string|WrappedString HTML
*/
-function wfReportTime() {
+function wfReportTime( $nonce = null ) {
global $wgShowHostnames;
$elapsed = ( microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'] );
if ( $wgShowHostnames ) {
$reportVars['wgHostname'] = wfHostname();
}
- return Skin::makeVariablesScript( $reportVars );
+ return Skin::makeVariablesScript( $reportVars, $nonce );
}
/**
return call_user_func_array( Shell::class . '::escape', $args );
}
-/**
- * Check if wfShellExec() is effectively disabled via php.ini config
- *
- * @return bool|string False or 'disabled'
- * @since 1.22
- * @deprecated since 1.30 use MediaWiki\Shell::isDisabled()
- */
-function wfShellExecDisabled() {
- wfDeprecated( __FUNCTION__, '1.30' );
- return Shell::isDisabled() ? 'disabled' : false;
-}
-
/**
* Execute a shell command, with time and memory limits mirrored from the PHP
* configuration if supported.
->limits( $limits )
->includeStderr( $includeStderr )
->profileMethod( $profileMethod )
+ // For b/c
+ ->restrict( Shell::RESTRICT_NONE )
->execute();
} catch ( ProcOpenError $ex ) {
$retval = -1;
[ 'duplicateStderr' => true, 'profileMethod' => wfGetCaller() ] );
}
-/**
- * Formerly set the locale for locale-sensitive operations
- *
- * This is now done in Setup.php.
- *
- * @deprecated since 1.30, no longer needed
- * @see $wgShellLocale
- */
-function wfInitShellLocale() {
- wfDeprecated( __FUNCTION__, '1.30' );
-}
-
/**
* Generate a shell-escaped command line string to run a MediaWiki cli script.
* Note that $parameters should be a flat array and an option with an argument
* should consist of two consecutive items in the array (do not use "--option value").
*
+ * @deprecated since 1.31, use Shell::makeScriptCommand()
+ *
* @param string $script MediaWiki cli script path
* @param array $parameters Arguments and options to the script
* @param array $options Associative array of options:
* @throws MWException
*/
function wfUsePHP( $req_ver ) {
+ wfDeprecated( __FUNCTION__, '1.30' );
$php_ver = PHP_VERSION;
if ( version_compare( $php_ver, (string)$req_ver, '<' ) ) {
return false;
}
+/**
+ * @since 1.32
+ * @param string[] $data Array with string keys/values to export
+ * @param string $header
+ * @return string PHP code
+ */
+function wfMakeStaticArrayFile( array $data, $header = 'Automatically generated' ) {
+ $format = "\t%s => %s,\n";
+ $code = "<?php\n"
+ . "// " . implode( "\n// ", explode( "\n", $header ) ) . "\n"
+ . "return [\n";
+ foreach ( $data as $key => $value ) {
+ $code .= sprintf(
+ $format,
+ var_export( $key, true ),
+ var_export( $value, true )
+ );
+ }
+ $code .= "];\n";
+ return $code;
+}
+
/**
* Make a cache key for the local wiki.
*
$ifWritesSince = null, $wiki = false, $cluster = false, $timeout = null
) {
if ( $timeout === null ) {
- $timeout = wfIsCLI() ? 86400 : 10;
+ $timeout = wfIsCLI() ? 60 : 10;
}
if ( $cluster === '*' ) {
* @param int $seconds
*/
function wfCountDown( $seconds ) {
+ wfDeprecated( __FUNCTION__, '1.31' );
for ( $i = $seconds; $i >= 0; $i-- ) {
if ( $i != $seconds ) {
echo str_repeat( "\x08", strlen( $i + 1 ) );
* @param string $format The format string (See php's docs)
* @param string $data A binary string of binary data
* @param int|bool $length The minimum length of $data or false. This is to
- * prevent reading beyond the end of $data. false to disable the check.
+ * prevent reading beyond the end of $data. false to disable the check.
*
* Also be careful when using this function to read unsigned 32 bit integer
* because php might make it negative.