Page MenuHomePhabricator

DatabaseUpdater: protect methods for direct database modification
Closed, ResolvedPublic

Description

Methods that directly modify the database should not be public.
So far, some methods where protected, some where public, in some
cases misleading LoadExtensionSchemaUpdates handlers to call them
directly, leading to dangerous behavior.

The following methods are affected:

  • dropTable
  • modifyTable
  • modifyField
  • runMaintenance
NOTE: this is a breaking change without deprecation. Extensions that break due to this change need to be updated, since the old behavior may lead to database corruption and data loss.

As of this writing, the following extensions erronously use one
of the affected methods:

  • Wikibase: dropTable, see T249598
  • CreateWiki: modifyTable, modifyField
  • ManageWiki: modifyTable
  • MatomoAnalytics: modifyTable
  • ArticleFeedbackv5: modifyField
  • OpenIDConnect: modifyField
  • MirahezeMagic: modifyField
  • Wikifab: modifyField

Event Timeline

Restricted Application added a subscriber: RhinosF1. · View Herald Transcript

Change 587236 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

Moving to "Doing" because there's a patch with unaddressed reviews.

Change 587236 merged by jenkins-bot:
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236