Page MenuHomePhabricator
Create Task
Maniphest T249603

DatabaseUpdater: protect methods for direct database modification
Closed, ResolvedPublic
Actions

Description

Methods that directly modify the database should not be public.
So far, some methods where protected, some where public, in some
cases misleading LoadExtensionSchemaUpdates handlers to call them
directly, leading to dangerous behavior.

The following methods are affected:

  • dropTable
  • modifyTable
  • modifyField
  • runMaintenance
NOTE: this is a breaking change without deprecation. Extensions that break due to this change need to be updated, since the old behavior may lead to database corruption and data loss.

As of this writing, the following extensions erronously use one
of the affected methods:

  • Wikibase: dropTable, see T249598
  • CreateWiki: modifyTable, modifyField
  • ManageWiki: modifyTable
  • MatomoAnalytics: modifyTable
  • ArticleFeedbackv5: modifyField
  • OpenIDConnect: modifyField
  • MirahezeMagic: modifyField
  • Wikifab: modifyField

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+40 -15DatabaseUpdater: protect direct modification methods
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Apr 7 2020, 11:47 AM
Restricted Application added a project: User-RhinosF1. · View Herald TranscriptApr 7 2020, 11:47 AM
Restricted Application added a subscriber: RhinosF1. · View Herald Transcript
gerritbot added a comment.Apr 7 2020, 11:52 AM

Change 587236 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

daniel triaged this task as High priority.Apr 7 2020, 12:00 PM
daniel moved this task from Inbox to Ready on the Core Platform Team Workboards (Clinic Duty Team) board.
Gilles moved this task from Inbox to Radar on the Performance-Team board.Apr 7 2020, 12:10 PM
Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.
Anomie assigned this task to daniel.Apr 8 2020, 5:21 PM
Anomie moved this task from Ready to Doing on the Core Platform Team Workboards (Clinic Duty Team) board.

Moving to "Doing" because there's a patch with unaddressed reviews.

daniel updated the task description. (Show Details)Apr 17 2020, 1:07 PM
gerritbot added a comment.Apr 17 2020, 1:25 PM

Change 587236 merged by jenkins-bot:
[mediawiki/core@master] DatabaseUpdater: protect direct modification methods

https://gerrit.wikimedia.org/r/587236

daniel closed this task as Resolved.Apr 20 2020, 9:24 PM
daniel moved this task from Waiting for Review to Done on the Core Platform Team Workboards (Clinic Duty Team) board.
RhinosF1 moved this task from Done to Miraheze-Linked on the User-RhinosF1 board.Apr 22 2020, 8:28 PM
RhinosF1 updated the task description. (Show Details)May 16 2020, 6:23 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL