Page MenuHomePhabricator
Create Task
Maniphest T323187

Disallow cloning of RequestContext objects
Closed, ResolvedPublic
Actions

Description

This came up in T323153, briefly discussed with @aaron and @tstarling during a collab hour.

As analyzed by @Umherirrender we have no bundled/deployed code that does this currently, and even across all Codesearch-indexed repos there was only 1 instance of a third party repo doing. It seems clearly a mistake and the alternative is easy once known, namely to use a DerivativeContext instead. Given the ease of alternatives, the only risk is re-introduction through not knowing among newer contributors and code reviewers missing it, and more specifically that we rely solely on code review to catch it when automatic detection is so easy.

Given that cost-benefit, it seems worthwhile to simply plug this hole and then it's naturally avoided/discovered.

Details

SubjectRepoBranchLines +/-
context: Disallow cloning RequestContext object and throw an errormediawiki/coremaster+16 -0
Customize query in gerrit

Related Objects

Event Timeline

Krinkle created this task.Nov 16 2022, 1:44 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 16 2022, 1:44 AM
Krinkle triaged this task as Low priority.Nov 16 2022, 1:45 AM
Krinkle added a project: good first task.
Krinkle added a project: Performance-Team (Radar).

Flagging as easy task and putting on our radar to make sure I see it activate to offer guidance/review.

Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Nov 16 2022, 1:45 AM
Collins claimed this task.Jan 28 2023, 9:11 PM
gerritbot added a comment.Feb 3 2023, 5:20 PM

Change 886391 had a related patch set uploaded (by Wandji collins; author: Wandji collins):

[mediawiki/core@master] Disallow cloning RequestContext object and through an error.

https://gerrit.wikimedia.org/r/886391

gerritbot added a project: Patch-For-Review.Feb 3 2023, 5:20 PM
Umherirrender unsubscribed.Mar 13 2023, 7:54 PM
Krinkle removed a project: Performance-Team (Radar).Aug 18 2023, 7:50 PM
Krinkle unsubscribed.
gerritbot added a comment.Sep 14 2023, 10:25 PM

Change 886391 merged by jenkins-bot:

[mediawiki/core@master] context: Disallow cloning RequestContext object and throw an error

https://gerrit.wikimedia.org/r/886391

Maintenance_bot removed a project: Patch-For-Review.Sep 14 2023, 10:30 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.27; 2023-09-19).Sep 14 2023, 11:00 PM
Ammarpad mentioned this in T346995: LogicException viewing diffs between deleted revisions: "RequestContext should not be cloned, use DerivativeContext instead.".Sep 21 2023, 9:16 AM
Lucas_Werkmeister_WMDE added subscribers: Umherirrender, Lucas_Werkmeister_WMDE.Sep 21 2023, 10:31 AM

As analyzed by @Umherirrender we have no bundled/deployed code that does this currently, and even across all Codesearch-indexed repos there was only 1 instance of a third party repo doing.

Apparently this analysis (T323153#8398142) was too restrictive; a codesearch with a more lenient regex readily finds the code in SpecialUndelete.php that caused T346995 (though hindsight makes it easier to write the right regex, of course). Alternatively, hard deprecating rather than immediately throwing a LogicException would also have avoided breaking production over this.

brennen merged a task: T347074: LogicException: RequestContext should not be cloned, use DerivativeContext instead..Sep 21 2023, 4:13 PM
brennen added subscribers: brennen, Krinkle.
Krinkle closed this task as Resolved.Sep 23 2023, 4:43 AM
Krinkle edited projects, added MediaWiki-Platform-Team; removed MW-1.41-notes (1.41.0-wmf.27; 2023-09-19).
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL