jenkins-bot has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/354065 )
Change subject: TemplateParser: Improve cache integrity check failure scenario ...................................................................... TemplateParser: Improve cache integrity check failure scenario Previously, if the cache integrity check failed then it would emit a warning but then continue to use the code. The integrity check could genuinely fail if the secret key was changed, if the cache was truncated, or other edge case scenarios. Now TemplateParser will recompile if the cache fails the integrity check, and then update the cache with the newly compiled version. Bug: T163154 Change-Id: I9a6c8d528f84cfbabf402cfaf6468c162fab1f15 --- M includes/TemplateParser.php 1 file changed, 10 insertions(+), 8 deletions(-) Approvals: Brian Wolff: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/TemplateParser.php b/includes/TemplateParser.php index 924c347..2759ff9 100644 --- a/includes/TemplateParser.php +++ b/includes/TemplateParser.php @@ -102,19 +102,21 @@ $key = $cache->makeKey( 'template', $templateName, $fastHash ); $code = $this->forceRecompile ? null : $cache->get( $key ); + if ( $code ) { + // Verify the integrity of the cached PHP code + $keyedHash = substr( $code, 0, 64 ); + $code = substr( $code, 64 ); + if ( $keyedHash !== hash_hmac( 'sha256', $code, $secretKey ) ) { + // If the integrity check fails, don't use the cached code + // We'll update the invalid cache below + $code = null; + } + } if ( !$code ) { $code = $this->compileForEval( $fileContents, $filename ); // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code ); - } else { - // Verify the integrity of the cached PHP code - $keyedHash = substr( $code, 0, 64 ); - $code = substr( $code, 64 ); - if ( $keyedHash !== hash_hmac( 'sha256', $code, $secretKey ) ) { - // Generate a notice if integrity check fails - trigger_error( "Template failed integrity check: {$filename}" ); - } } // If there is no secret key available, don't use cache } else { -- To view, visit https://gerrit.wikimedia.org/r/354065 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I9a6c8d528f84cfbabf402cfaf6468c162fab1f15 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Legoktm <lego...@member.fsf.org> Gerrit-Reviewer: Bartosz DziewoĆski <matma....@gmail.com> Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com> Gerrit-Reviewer: Chad <ch...@wikimedia.org> Gerrit-Reviewer: Jdlrobson <jrob...@wikimedia.org> Gerrit-Reviewer: Kaldari <rkald...@wikimedia.org> Gerrit-Reviewer: Mwjames <jamesin.hongkon...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits