Page MenuHomePhabricator
Create Task
Maniphest T274189

Remove usage of PHP serialization from WANObjectCache
Open, Needs TriagePublic
Actions

Description

Per T161647: RFC: Deprecate using php serialization inside MediaWiki, we should not rely on PHP serialization. One place where such serialization is often implicitly applied is object caching. WANObjectCache should reject all cache values that cannot be serialized to JSON.

Details

SubjectRepoBranchLines +/-
DNM: WANObjectCache: warn on non-JSONic values.mediawiki/coremaster+86 -8
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Feb 8 2021, 8:56 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 8 2021, 8:56 PM
daniel added a subtask: T264389: ProofreadPageContent must not contain User object, since it cannot be serialized safely..Feb 8 2021, 9:01 PM
daniel added a subtask: T264393: Mark user object as non-serializable.
gerritbot added a comment.Feb 9 2021, 10:06 AM

Change 662714 had a related patch set uploaded (by Daniel Kinzler; owner: Daniel Kinzler):
[mediawiki/core@master] DNM: WANObjectCache: warn on non-JSONic values.

https://gerrit.wikimedia.org/r/662714

gerritbot added a project: Patch-For-Review.Feb 9 2021, 10:06 AM
holger.knust edited projects, added Platform Engineering Roadmap Decision Making; removed Platform Engineering.Feb 9 2021, 2:19 PM
WDoranWMF moved this task from Untriaged to In Review on the Platform Engineering Roadmap Decision Making board.Feb 16 2021, 5:21 PM
daniel added a subtask: T169328: Protect against PHP code execution via memcached/unserialize.Mar 4 2021, 11:15 AM
Krinkle moved this task from General to libs/objectcache on the MediaWiki-libs-BagOStuff board.Aug 17 2021, 7:18 PM
Krinkle moved this task from libs/objectcache to General on the MediaWiki-libs-BagOStuff board.Jan 22 2022, 11:24 PM
Restricted Application added a project: Performance-Team. · View Herald TranscriptJan 22 2022, 11:24 PM
Krinkle moved this task from Inbox, needs triage to Backlog: Maintenance, non-prioritized on the Performance-Team board.Jan 24 2022, 7:35 PM
Umherirrender closed subtask T282105: WatchedItemStore should not write MapCacheLRU instances to a BagOStuff as Resolved.Feb 1 2022, 7:31 PM
Krinkle removed a project: Patch-For-Review.Apr 13 2022, 11:49 PM
Krinkle edited projects, added MediaWiki-Platform-Team; removed Performance-Team, Platform Engineering Roadmap Decision Making.Oct 18 2023, 3:10 AM
Krinkle moved this task from Inbox, needs triage to Backlog: non-prioritized on the MediaWiki-Platform-Team board.Oct 18 2023, 3:25 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL