Page MenuHomePhabricator
Create Task
Maniphest T249603

DatabaseUpdater: protect methods for direct database modification
Closed, ResolvedPublic
Actions

Description

Methods that directly modify the database should not be public.
So far, some methods where protected, some where public, in some
cases misleading LoadExtensionSchemaUpdates handlers to call them
directly, leading to dangerous behavior.

The following methods are affected:

  • dropTable
  • modifyTable
  • modifyField
  • runMaintenance
NOTE: this is a breaking change without deprecation. Extensions that break due to this change need to be updated, since the old behavior may lead to database corruption and data loss.

As of this writing, the following extensions erronously use one
of the affected methods:

  • Wikibase: dropTable, see T249598
  • CreateWiki: modifyTable, modifyField
  • ManageWiki: modifyTable
  • MatomoAnalytics: modifyTable
  • ArticleFeedbackv5: modifyField
  • OpenIDConnect: modifyField
  • MirahezeMagic: modifyField
  • Wikifab: modifyField

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+40 -15DatabaseUpdater: protect direct modification methods
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Apr 7 2020, 11:47 AM
Restricted Application added a project: User-RhinosF1. · View Herald TranscriptApr 7 2020, 11:47 AM
Restricted Application added a subscriber: RhinosF1. · View Herald Transcript
daniel added a subtask: T249598: Wikibase schema updaters must not modify database directly.Apr 7 2020, 11:48 AM
RhinosF1 moved this task from Radar to Miraheze-Related Issues (not reported there) on the User-RhinosF1 board.Apr 7 2020, 11:49 AM

Will downstream now

kostajh awarded a token.Apr 7 2020, 11:50 AM
gerritbot added a comment.Apr 7 2020, 11:52 AM

Change 587236 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

gerritbot added a project: Patch-For-Review.Apr 7 2020, 11:52 AM
RhinosF1 moved this task from Miraheze-Related Issues (not reported there) to Miraheze-Linked on the User-RhinosF1 board.Apr 7 2020, 11:55 AM

https://phabricator.miraheze.org/T5393

daniel triaged this task as High priority.Apr 7 2020, 12:00 PM
daniel moved this task from Inbox to Ready (WIP:5) on the Platform Team Workboards (Clinic Duty Team) board.
Gilles moved this task from Inbox to Radar on the Performance-Team board.Apr 7 2020, 12:10 PM
Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.
Anomie assigned this task to daniel.Apr 8 2020, 5:21 PM
Anomie moved this task from Ready (WIP:5) to Doing(WIP:5) on the Platform Team Workboards (Clinic Duty Team) board.

Moving to "Doing" because there's a patch with unaddressed reviews.

daniel moved this task from Doing(WIP:5) to Waiting for Review on the Platform Team Workboards (Clinic Duty Team) board.Apr 15 2020, 4:46 PM
daniel updated the task description. (Show Details)Apr 17 2020, 1:07 PM
gerritbot added a comment.Apr 17 2020, 1:25 PM

Change 587236 merged by jenkins-bot:
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.30; 2020-04-28).Apr 17 2020, 2:00 PM
Maintenance_bot removed a project: Patch-For-Review.Apr 17 2020, 2:10 PM
daniel closed this task as Resolved.Apr 20 2020, 9:24 PM
daniel moved this task from Waiting for Review to Done on the Platform Team Workboards (Clinic Duty Team) board.
Maintenance_bot moved this task from Miraheze-Linked to Done on the User-RhinosF1 board.Apr 20 2020, 10:15 PM
RhinosF1 moved this task from Done to Miraheze-Linked on the User-RhinosF1 board.Apr 22 2020, 8:28 PM
Maintenance_bot moved this task from Miraheze-Linked to Done on the User-RhinosF1 board.Apr 22 2020, 9:15 PM
RhinosF1 updated the task description. (Show Details)May 16 2020, 6:23 AM
Addshore closed subtask T249598: Wikibase schema updaters must not modify database directly as Resolved.Jul 6 2020, 9:06 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:40 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL