Ori.livneh has uploaded a new change for review.
https://gerrit.wikimedia.org/r/183165
Change subject: Password-protect `forceprofile` magic URL parameter
......................................................................
Password-protect `forceprofile` magic URL parameter
Make `forceprofile` a little less easy to abuse by requiring that its value be
a password, instead of any value at all.
Change-Id: I09290e20c1f000dcc38f762d7895054cdc59de40
---
M wmf-config/StartProfiler.php
1 file changed, 7 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config
refs/changes/65/183165/1
diff --git a/wmf-config/StartProfiler.php b/wmf-config/StartProfiler.php
index 0a8f446..3aee04b 100644
--- a/wmf-config/StartProfiler.php
+++ b/wmf-config/StartProfiler.php
@@ -6,8 +6,13 @@
// globals.
if ( ini_get( 'hhvm.stats.enable_hot_profiler' ) ) {
- // Single-request profiling, via 'forceprofile=1' (web) or
'--profiler=text' (CLI).
- if ( isset( $_REQUEST['forceprofile'] ) || PHP_SAPI === 'cli' ) {
+ // One-off request profiling, via the 'forceprofile' URL parameter
+ // (for web requests) or '--profiler=text' arg (for CLI scripts).
+ if ( PHP_SAPI === 'cli' || (
+ isset( $_REQUEST['forceprofile'] )
+ && isset( $wmgForceProfilePassword )
+ && $_REQUEST['forceprofile'] === $wmgForceProfilePassword
+ ) ) {
$wgProfiler = array(
'class' => 'ProfilerXhprof',
'flags' => XHPROF_FLAGS_NO_BUILTINS,
--
To view, visit https://gerrit.wikimedia.org/r/183165
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I09290e20c1f000dcc38f762d7895054cdc59de40
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Ori.livneh <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
