Page MenuHomePhabricator

MediaWiki CI tests should run with allow_url_fopen set to false
Open, NormalPublic

Description

Code using "data://" URLs requires allow_url_fopen to be enabled, which is not required (and not very good in general for the production setup).

Can we make sure we run tests with this disabled?

I catched

https://gerrit.wikimedia.org/r/#/c/4155/14/tests/phpunit/maintenance/fetchTextTest.php (line 69)

and https://phabricator.wikimedia.org/T116701 today.

Event Timeline

saper created this task.Oct 26 2015, 11:56 PM
saper updated the task description. (Show Details)
saper raised the priority of this task from to Normal.
saper added subscribers: saper, hashar.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 26 2015, 11:56 PM
saper set Security to None.

You probably want to disable it explicitly in tests/phpunit/MediaWikiTestCase.php setUp() method.

Haven't tested the effect though.

saper updated the task description. (Show Details)Oct 27 2015, 5:57 PM
saper added a comment.Oct 27 2015, 6:16 PM

@hashar bad news, allow_url_fopen is settable only in the system-wide php.ini file:

http://php.net/manual/en/filesystem.configuration.php

On the Jenkins slaves, the php.ini should be the same as the one used on Wikimedia production.

Seems we can pass the setting via PHP -d. Using 5.3.29:

$ php -a
Interactive shell

php > var_dump( ini_get('allow_url_fopen') );
string(1) "1"

php > var_dump( ini_set('allow_url_fopen', 0) );
bool(false)

php > var_dump( ini_get('allow_url_fopen') );
string(1) "1"

So yeah we can not use ini_set. But:

$ php -a -d allow_url_fopen=0
Interactive shell

php > var_dump( ini_get('allow_url_fopen') );
string(1) "0"
php >

One possibility would be to have an addition ini files to be populated via puppet under /etc/php5/cli/conf.d/. But then it will apply to any php runs.

Maybe we can craft a specific ini file that would be in integration/jenkins.git under /etcthen update the various wrapping scripts we have in /bin to refer to it.

So we would update the various /bin/mw-run-phpunit* scripts to refer to it:

php -c /srv/deployment/integration/slave-scripts/etc/php-mw-ci.ini \
    ... rest of stuff ...
Krinkle moved this task from Inbox to PHPUnit on the MediaWiki-Core-Testing board.Jul 7 2017, 5:20 AM