X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2FGlobalFunctions.php;h=7667a9e52a88652351af5289279ca8affa319fd5;hp=1d61996f79759ee24a09d73beca30a01d3207f60;hb=aec80a1fb774715e43430ab583c190b79e468fce;hpb=e626f8266eca6729e16fdac9e616c1e441d3013d diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index 1d61996f79..7667a9e52a 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -32,75 +32,6 @@ use MediaWiki\Shell\Shell; use Wikimedia\ScopedCallback; use Wikimedia\Rdbms\DBReplicationWaitError; -// Hide compatibility functions from Doxygen -/// @cond -/** - * Compatibility functions - * - * We support PHP 5.5.9 and up. - * Re-implementations of newer functions or functions in non-standard - * PHP extensions may be included here. - */ - -// hash_equals function only exists in PHP >= 5.6.0 -// https://secure.php.net/hash_equals -if ( !function_exists( 'hash_equals' ) ) { - /** - * Check whether a user-provided string is equal to a fixed-length secret string - * without revealing bytes of the secret string through timing differences. - * - * The usual way to compare strings (PHP's === operator or the underlying memcmp() - * function in C) is to compare corresponding bytes and stop at the first difference, - * which would take longer for a partial match than for a complete mismatch. This - * is not secure when one of the strings (e.g. an HMAC or token) must remain secret - * and the other may come from an attacker. Statistical analysis of timing measurements - * over many requests may allow the attacker to guess the string's bytes one at a time - * (and check his guesses) even if the timing differences are extremely small. - * - * When making such a security-sensitive comparison, it is essential that the sequence - * in which instructions are executed and memory locations are accessed not depend on - * the secret string's value. HOWEVER, for simplicity, we do not attempt to minimize - * the inevitable leakage of the string's length. That is generally known anyway as - * a chararacteristic of the hash function used to compute the secret value. - * - * Longer explanation: http://www.emerose.com/timing-attacks-explained - * - * @codeCoverageIgnore - * @param string $known_string Fixed-length secret string to compare against - * @param string $user_string User-provided string - * @return bool True if the strings are the same, false otherwise - */ - function hash_equals( $known_string, $user_string ) { - // Strict type checking as in PHP's native implementation - if ( !is_string( $known_string ) ) { - trigger_error( 'hash_equals(): Expected known_string to be a string, ' . - gettype( $known_string ) . ' given', E_USER_WARNING ); - - return false; - } - - if ( !is_string( $user_string ) ) { - trigger_error( 'hash_equals(): Expected user_string to be a string, ' . - gettype( $user_string ) . ' given', E_USER_WARNING ); - - return false; - } - - $known_string_len = strlen( $known_string ); - if ( $known_string_len !== strlen( $user_string ) ) { - return false; - } - - $result = 0; - for ( $i = 0; $i < $known_string_len; $i++ ) { - $result |= ord( $known_string[$i] ) ^ ord( $user_string[$i] ); - } - - return ( $result === 0 ); - } -} -/// @endcond - /** * Load an extension * @@ -1050,7 +981,7 @@ function wfMatchesDomainList( $url, $domains ) { */ function wfDebug( $text, $dest = 'all', array $context = [] ) { global $wgDebugRawPage, $wgDebugLogPrefix; - global $wgDebugTimestamps, $wgRequestTime; + global $wgDebugTimestamps; if ( !$wgDebugRawPage && wfIsDebugRawPage() ) { return; @@ -1061,7 +992,7 @@ function wfDebug( $text, $dest = 'all', array $context = [] ) { if ( $wgDebugTimestamps ) { $context['seconds_elapsed'] = sprintf( '%6.4f', - microtime( true ) - $wgRequestTime + microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'] ); $context['memory_used'] = sprintf( '%5.1fM', @@ -1514,9 +1445,11 @@ function wfHostname() { * @return string */ function wfReportTime() { - global $wgRequestTime, $wgShowHostnames; + global $wgShowHostnames; - $responseTime = round( ( microtime( true ) - $wgRequestTime ) * 1000 ); + $elapsed = ( microtime( true ) - $_SERVER['REQUEST_TIME_FLOAT'] ); + // seconds to milliseconds + $responseTime = round( $elapsed * 1000 ); $reportVars = [ 'wgBackendResponseTime' => $responseTime ]; if ( $wgShowHostnames ) { $reportVars['wgHostname'] = wfHostname(); @@ -1843,7 +1776,7 @@ function wfHttpError( $code, $label, $desc ) { function wfResetOutputBuffers( $resetGzipEncoding = true ) { if ( $resetGzipEncoding ) { // Suppress Content-Encoding and Content-Length - // headers from 1.10+s wfOutputHandler + // headers from OutputHandler::handle. global $wgDisableOutputCompression; $wgDisableOutputCompression = true; } @@ -2325,6 +2258,8 @@ function wfShellExec( $cmd, &$retval = null, $environ = [], ->limits( $limits ) ->includeStderr( $includeStderr ) ->profileMethod( $profileMethod ) + // For b/c + ->restrict( Shell::RESTRICT_NONE ) ->execute(); } catch ( ProcOpenError $ex ) { $retval = -1; @@ -2375,6 +2310,8 @@ function wfInitShellLocale() { * Note that $parameters should be a flat array and an option with an argument * should consist of two consecutive items in the array (do not use "--option value"). * + * @deprecated since 1.31, use Shell::makeScriptCommand() + * * @param string $script MediaWiki cli script path * @param array $parameters Arguments and options to the script * @param array $options Associative array of options: @@ -3017,7 +2954,7 @@ function wfWaitForSlaves( $ifWritesSince = null, $wiki = false, $cluster = false, $timeout = null ) { if ( $timeout === null ) { - $timeout = wfIsCLI() ? 86400 : 10; + $timeout = wfIsCLI() ? 60 : 10; } if ( $cluster === '*' ) {