Hi Everyone,
I'm working on a Mediawiki 1.34 to 1.35 migration. The migration is mostly complete. I'm having trouble connecting to the wiki after a restart. https://www.cryptopp.com/wiki/ results in:
Fatal error: Interface 'MediaWiki\Hook\TestCanonicalRedirectHook' not found in /var/www/html/w/includes/HookContainer/HookRunner.php on line 22
This is a new issue for us. We did not experience it in previous versions of Mediawiki. I think the problem may be caused by this in our maintenance script (https://github.com/weidai11/website/blob/master/mediawiki/update-wiki.sh#L61):
# Remove all test frameworks in production. IFS= find "$WIKI_DIR" -iname 'test*' -print | while read -r dir do rm -rf "$dir" 2>/dev/null done
We don't want the additional attack surface on a production server. Would someone please advise how to remove the unwanted testing gear?
Jeff
That's not a development "test", rather it's a function interface that should be kept.
On Tue, Dec 15, 2020 at 6:50 PM Jeffrey Walton noloader@gmail.com wrote:
Hi Everyone,
I'm working on a Mediawiki 1.34 to 1.35 migration. The migration is mostly complete. I'm having trouble connecting to the wiki after a restart. https://www.cryptopp.com/wiki/ results in:
Fatal error: Interface 'MediaWiki\Hook\TestCanonicalRedirectHook' notfound in /var/www/html/w/includes/HookContainer/HookRunner.php on line 22
This is a new issue for us. We did not experience it in previous versions of Mediawiki. I think the problem may be caused by this in our maintenance script ( https://github.com/weidai11/website/blob/master/mediawiki/update-wiki.sh#L61 ):
# Remove all test frameworks in production. IFS= find "$WIKI_DIR" -iname 'test*' -print | while read -r dir do rm -rf "$dir" 2>/dev/null doneWe don't want the additional attack surface on a production server. Would someone please advise how to remove the unwanted testing gear?
Jeff
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Tue, Dec 15, 2020 at 7:02 PM John phoenixoverride@gmail.com wrote:
That's not a development "test", rather it's a function interface that should be kept.
Thanks.
Would you happen to know the file or directory name of the offender? I don't seem to have a directory called "TestCanonicalRedirectHook". "HookRunner.php" will not trigger the removal.
cd /tmp wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz tar -xzf mediawiki-1.35.0.tar.gz cd mediawiki-1.35.0 find . -iname 'TestCanonicalRedirectHook' <no output>
Jeff
there should be a file located at /includes/Hook/TestCanonicalRedirectHook.php
https://github.com/wikimedia/mediawiki/blob/master/includes/Hook/TestCanonic...
On Tue, Dec 15, 2020 at 7:21 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:02 PM John phoenixoverride@gmail.com wrote:
That's not a development "test", rather it's a function interface that
should be kept.
Thanks.
Would you happen to know the file or directory name of the offender? I don't seem to have a directory called "TestCanonicalRedirectHook". "HookRunner.php" will not trigger the removal.
cd /tmp wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz tar -xzf mediawiki-1.35.0.tar.gz cd mediawiki-1.35.0 find . -iname 'TestCanonicalRedirectHook'
<no output>
Jeff
On Tue, Dec 15, 2020 at 7:27 PM John phoenixoverride@gmail.com wrote:
there should be a file located at /includes/Hook/TestCanonicalRedirectHook.php
https://github.com/wikimedia/mediawiki/blob/master/includes/Hook/TestCanonic...
Perfect, thank you very much.
Jeff
On Tue, Dec 15, 2020 at 7:21 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:02 PM John phoenixoverride@gmail.com wrote:
That's not a development "test", rather it's a function interface that should be kept.
On Tue, Dec 15, 2020 at 7:57 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:27 PM John phoenixoverride@gmail.com wrote:
there should be a file located at /includes/Hook/TestCanonicalRedirectHook.php
https://github.com/wikimedia/mediawiki/blob/master/includes/Hook/TestCanonic...
Perfect, thank you very much.
John, I have to ask...
Why was it not called RegisterCanonicalRedirect? Where did Test come from?
/** * This is a hook handler interface, see docs/Hooks.md. * Use the hook name "TestCanonicalRedirect" to register handlers implementing this interface. * * @stable to implement * @ingroup Hooks */
Based on the comment, it seems like a better name and it avoids masquerading as a Test component.
Jeff
Think you might need to review how you define a "test component" That hook was added in 2011, That particular file was auto created in April of this year as (guessing here) part of a cleanup/code refactoring. Just because it has the word test doesnt make it a unit test or similar. In this case mediawiki is testing if an extension wants to abort/modify a redirect request before its completed. Taking such a narrow, heavy handed approach as you are is a BAD THING™. The standard mediawiki release tarballs are designed for a production environment and are fairly secure as is. Blindly deleting source files based on file names is a fast way to crash a server. Mediawiki is run on several of the highest profile websites, which use that code to create the releases....
On Tue, Dec 15, 2020 at 8:42 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:57 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:27 PM John phoenixoverride@gmail.com wrote:
there should be a file located at
/includes/Hook/TestCanonicalRedirectHook.php
https://github.com/wikimedia/mediawiki/blob/master/includes/Hook/TestCanonic...
Perfect, thank you very much.
John, I have to ask...
Why was it not called RegisterCanonicalRedirect? Where did Test come from?
/**
- This is a hook handler interface, see docs/Hooks.md.
- Use the hook name "TestCanonicalRedirect" to register handlers
implementing this interface.
- @stable to implement
- @ingroup Hooks
*/
Based on the comment, it seems like a better name and it avoids masquerading as a Test component.
Jeff
Because the hook is called from within an if statement that checks whether or not a canonical redirect should be performned. A "test" is also another name for an "if" statement.
Additionally hook names cannot be changed and this hook is super old. -- Brian
On Tuesday, December 15, 2020, Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:57 PM Jeffrey Walton noloader@gmail.com wrote:
On Tue, Dec 15, 2020 at 7:27 PM John phoenixoverride@gmail.com wrote:
there should be a file located at /includes/Hook/
TestCanonicalRedirectHook.php
https://github.com/wikimedia/mediawiki/blob/master/includes/Hook/
TestCanonicalRedirectHook.php
Perfect, thank you very much.
John, I have to ask...
Why was it not called RegisterCanonicalRedirect? Where did Test come from?
/**
- This is a hook handler interface, see docs/Hooks.md.
- Use the hook name "TestCanonicalRedirect" to register handlers
implementing this interface.
- @stable to implement
- @ingroup Hooks
*/
Based on the comment, it seems like a better name and it avoids masquerading as a Test component.
Jeff
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
Hi,
On 12/15/20 3:49 PM, Jeffrey Walton wrote:
This is a new issue for us. We did not experience it in previous versions of Mediawiki. I think the problem may be caused by this in our maintenance script (https://github.com/weidai11/website/blob/master/mediawiki/update-wiki.sh#L61):
# Remove all test frameworks in production. IFS= find "$WIKI_DIR" -iname 'test*' -print | while read -r dir do rm -rf "$dir" 2>/dev/null doneWe don't want the additional attack surface on a production server. Would someone please advise how to remove the unwanted testing gear?
In addition to what John said, blindly deleting files based on their name probably isn't going to work out so well. For the most part, all test-related files should be limited to the tests/ directory, which can safely be removed. There will be some other stuff lying around like qunit.js, but I don't think it's worth trying to delete everything that isn't absolutely required.
-- Legoktm
Yeah, it's not test code, it's a real hook: https://www.mediawiki.org/wiki/Manual:Hooks/TestCanonicalRedirect
In general I would recommend against deleting random files from the source code ;) , it's likely to cause errors. You might instead want to disallow the web server from reading the test files, using .htaccess rules or something.
If you want to keep your current (scary) approach, then try changing your 'find' command to only find directories, by adding '-type d' to the arguments.
mediawiki-l@lists.wikimedia.org