X-Git-Url: https://git.heureux-cyclage.org/index.php?a=blobdiff_plain;f=includes%2FMediaWiki.php;h=11afa75977f67a4b638d1c05899593c26be0cd28;hb=a73c5b7395a07d490f7052fd3b2491ebd656b190;hp=c4ea536436e556ea4e3effbdc183867a7f3fb2ef;hpb=1d489846c1691d2ba93220e09891c990543dabb1;p=lhc%2Fweb%2Fwiklou.git diff --git a/includes/MediaWiki.php b/includes/MediaWiki.php index c4ea536436..11afa75977 100644 --- a/includes/MediaWiki.php +++ b/includes/MediaWiki.php @@ -36,6 +36,11 @@ class MediaWiki { */ private $config; + /** + * @var String Cache what action this request is + */ + private $action; + /** * @param IContextSource|null $context */ @@ -141,13 +146,11 @@ class MediaWiki { * @return string Action */ public function getAction() { - static $action = null; - - if ( $action === null ) { - $action = Action::getActionName( $this->context ); + if ( $this->action === null ) { + $this->action = Action::getActionName( $this->context ); } - return $action; + return $this->action; } /** @@ -241,8 +244,37 @@ class MediaWiki { // Handle any other redirects. // Redirect loops, titleless URL, $wgUsePathInfo URLs, and URLs with a variant } elseif ( !$this->tryNormaliseRedirect( $title ) ) { + // Prevent information leak via Special:MyPage et al (T109724) + if ( $title->isSpecialPage() ) { + $specialPage = SpecialPageFactory::getPage( $title->getDBKey() ); + if ( $specialPage instanceof RedirectSpecialPage + && $this->config->get( 'HideIdentifiableRedirects' ) + && $specialPage->personallyIdentifiableTarget() + ) { + list( , $subpage ) = SpecialPageFactory::resolveAlias( $title->getDBKey() ); + $target = $specialPage->getRedirect( $subpage ); + // target can also be true. We let that case fall through to normal processing. + if ( $target instanceof Title ) { + $query = $specialPage->getRedirectQuery() ?: array(); + $request = new DerivativeRequest( $this->context->getRequest(), $query ); + $request->setRequestURL( $this->context->getRequest()->getRequestURL() ); + $this->context->setRequest( $request ); + // Do not varnish cache these. May vary even for anons + $this->context->getOutput()->lowerCdnMaxage( 0 ); + $this->context->setTitle( $target ); + $wgTitle = $target; + // Reset action type cache. (Special pages have only view) + $this->action = null; + $title = $target; + $output->addJsConfigVars( array( + 'wgInternalRedirectTargetUrl' => $target->getFullURL( $query ), + ) ); + $output->addModules( 'mediawiki.action.view.redirect' ); + } + } + } - // Special pages + // Special pages ($title may have changed since if statement above) if ( NS_SPECIAL == $title->getNamespace() ) { // Actions that need to be made when we have a special pages SpecialPageFactory::executePath( $title, $this->context ); @@ -308,7 +340,7 @@ class MediaWiki { $targetUrl = wfExpandUrl( $title->getFullURL(), PROTO_CURRENT ); if ( $targetUrl != $request->getFullRequestURL() ) { - $output->setSquidMaxage( 1200 ); + $output->setCdnMaxage( 1200 ); $output->redirect( $targetUrl, '301' ); return true; } @@ -443,15 +475,15 @@ class MediaWiki { $action = Action::factory( $act, $page, $this->context ); if ( $action instanceof Action ) { - # Let Squid cache things if we can purge them. + # Let CDN cache things if we can purge them. if ( $this->config->get( 'UseSquid' ) && in_array( - // Use PROTO_INTERNAL because that's what getSquidURLs() uses + // Use PROTO_INTERNAL because that's what getCdnUrls() uses wfExpandUrl( $request->getRequestURL(), PROTO_INTERNAL ), - $requestTitle->getSquidURLs() + $requestTitle->getCdnUrls() ) ) { - $output->setSquidMaxage( $this->config->get( 'SquidMaxage' ) ); + $output->setCdnMaxage( $this->config->get( 'SquidMaxage' ) ); } $action->show(); @@ -516,13 +548,13 @@ class MediaWiki { if ( $limit > 0 && $time > $limit ) { throw new DBTransactionError( $db, - wfMessage( 'transaction-duration-limit-exceeded', $time, $limit )->plain() + wfMessage( 'transaction-duration-limit-exceeded', $time, $limit )->text() ); } } ); } ); // Commit all changes - $factory->commitMasterChanges(); + $factory->commitMasterChanges( __METHOD__ ); // Record ChronologyProtector positions $factory->shutdown(); wfDebug( __METHOD__ . ': all transactions committed' ); @@ -618,14 +650,10 @@ class MediaWiki { $trxProfiler = Profiler::instance()->getTransactionProfiler(); $trxProfiler->setLogger( LoggerFactory::getInstance( 'DBPerformance' ) ); - // Aside from rollback, master queries should not happen on GET requests. - // Periodic or "in passing" updates on GET should use the job queue. - if ( !$request->wasPosted() - && in_array( $action, array( 'view', 'edit', 'history' ) ) - ) { - $trxProfiler->setExpectations( $wgTrxProfilerLimits['GET'], __METHOD__ ); - } else { + if ( $request->wasPosted() ) { $trxProfiler->setExpectations( $wgTrxProfilerLimits['POST'], __METHOD__ ); + } else { + $trxProfiler->setExpectations( $wgTrxProfilerLimits['GET'], __METHOD__ ); } // If the user has forceHTTPS set to true, or if the user @@ -636,8 +664,10 @@ class MediaWiki { if ( $request->getProtocol() == 'http' && ( + $request->getSession()->shouldForceHTTPS() || + // Check the cookie manually, for paranoia $request->getCookie( 'forceHTTPS', '' ) || - // check for prefixed version for currently logged in users + // check for prefixed version that was used for a time in older MW versions $request->getCookie( 'forceHTTPS' ) || // Avoid checking the user and groups unless it's enabled. ( @@ -713,7 +743,7 @@ class MediaWiki { */ public function restInPeace( $mode = 'fast' ) { // Assure deferred updates are not in the main transaction - wfGetLBFactory()->commitMasterChanges(); + wfGetLBFactory()->commitMasterChanges( __METHOD__ ); // Ignore things like master queries/connections on GET requests // as long as they are in deferred updates (which catch errors). @@ -736,7 +766,7 @@ class MediaWiki { // Commit and close up! $factory = wfGetLBFactory(); - $factory->commitMasterChanges(); + $factory->commitMasterChanges( __METHOD__ ); $factory->shutdown( LBFactory::SHUTDOWN_NO_CHRONPROT ); wfDebug( "Request ended normally\n" );