Error
MediaWiki version: 1.36.0-wmf.11
Instances of User are not serializable!
Impact
Serializing user objects can drag along large amounts of data. Deserialized user objects may contain stale data. This is the case especially for the following member fields of User:
- mRequest A WebRequest that would be invalid and misleading when deserialized during a later request.
- mBlock, mBlockedFromCreateAccount, $mGlobalBlock:AbstractBlock instances that may be inaccurate at a later time.
Notes
One referer: https://fr.wikisource.org/w/index.php?title=Page:Revue_des_Deux_Mondes_-_1833_-_tome_4.djvu/362&action=edit
It seems that there are at least two things that cause User to be serialized:
- ProofreadPage's PageContent gets serialized by PageEditStash. It contains a PageLevel, which contains a User object. This could be replaced with a UserIdentityValue, at least for serialization. PageContent actually already has special code for handing the User object when serializing to JSON for storage. This just isn't used when it's serialized via PHP's native serialization for caching. We could consider using proper content serialization in PageEditStash. Filed as T264389.
- FeaturedFeedChannel gets serialized by FeatureFeeds for caching. It contains a User object, which is used to construct ParserOptions in the getFeedItem() method. The solution here would be to pass a User option (or ParserOptiosn) to getFeedItem() as a parameter. Filed as T264391.