Page MenuHomePhabricator

DatabaseUpdater: protect methods for direct database modification
Closed, ResolvedPublic

Description

Methods that directly modify the database should not be public.
So far, some methods where protected, some where public, in some
cases misleading LoadExtensionSchemaUpdates handlers to call them
directly, leading to dangerous behavior.

The following methods are affected:

  • dropTable
  • modifyTable
  • modifyField
  • runMaintenance
NOTE: this is a breaking change without deprecation. Extensions that break due to this change need to be updated, since the old behavior may lead to database corruption and data loss.

As of this writing, the following extensions erronously use one
of the affected methods:

  • Wikibase: dropTable, see T249598
  • CreateWiki: modifyTable, modifyField
  • ManageWiki: modifyTable
  • MatomoAnalytics: modifyTable
  • ArticleFeedbackv5: modifyField
  • OpenIDConnect: modifyField
  • MirahezeMagic: modifyField
  • Wikifab: modifyField

Event Timeline

daniel created this task.Apr 7 2020, 11:47 AM
Restricted Application added a project: User-RhinosF1. · View Herald TranscriptApr 7 2020, 11:47 AM
Restricted Application added a subscriber: RhinosF1. · View Herald Transcript

Change 587236 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

daniel triaged this task as High priority.Apr 7 2020, 12:00 PM
Gilles moved this task from Inbox to Radar on the Performance-Team board.Apr 7 2020, 12:10 PM
Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.
Anomie assigned this task to daniel.Apr 8 2020, 5:21 PM

Moving to "Doing" because there's a patch with unaddressed reviews.

daniel updated the task description. (Show Details)Apr 17 2020, 1:07 PM

Change 587236 merged by jenkins-bot:
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

daniel closed this task as Resolved.Apr 20 2020, 9:24 PM
RhinosF1 moved this task from Done to Miraheze-Linked on the User-RhinosF1 board.Apr 22 2020, 8:28 PM
RhinosF1 updated the task description. (Show Details)May 16 2020, 6:23 AM