[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Avoid high edit stash TTLs when a user signature was used

[Aaron Schulz (Code Review)]

Aaron Schulz has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/363753 )

Change subject: Avoid high edit stash TTLs when a user signature was used
......................................................................

Avoid high edit stash TTLs when a user signature was used

This adds a new ParserOuput user-signature tracking flag.

Bug: T84843
Change-Id: I77de05849c15e17ee2b9b31b34172f4b6a49a38e
---
M includes/api/ApiStashEdit.php
M includes/parser/Parser.php
2 files changed, 17 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/53/363753/1

diff --git a/includes/api/ApiStashEdit.php b/includes/api/ApiStashEdit.php
index c7a00c6..d03fca8 100644
--- a/includes/api/ApiStashEdit.php
+++ b/includes/api/ApiStashEdit.php
@@ -44,6 +44,7 @@
 
        const PRESUME_FRESH_TTL_SEC = 30;
        const MAX_CACHE_TTL = 300; // 5 minutes
+       const MAX_SIGNATURE_TTL = 60;
 
        public function execute() {
                $user = $this->getUser();
@@ -391,6 +392,12 @@
                // Put an upper limit on the TTL for sanity to avoid extreme 
template/file staleness.
                $since = time() - wfTimestamp( TS_UNIX, 
$parserOutput->getTimestamp() );
                $ttl = min( $parserOutput->getCacheExpiry() - $since, 
self::MAX_CACHE_TTL );
+
+               // Avoid extremely stale user signature timestamps (T84843)
+               if ( $parserOutput->getFlag( 'user-signature' ) ) {
+                       $ttl = min( $ttl, self::MAX_SIGNATURE_TTL );
+               }
+
                if ( $ttl <= 0 ) {
                        return [ null, 0, 'no_ttl' ];
                }
diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php
index 9ea65e0..4a78ff8 100644
--- a/includes/parser/Parser.php
+++ b/includes/parser/Parser.php
@@ -4502,12 +4502,16 @@
                # which may corrupt this parser instance via its 
wfMessage()->text() call-
 
                # Signatures
-               $sigText = $this->getUserSig( $user );
-               $text = strtr( $text, [
-                       '~~~~~' => $d,
-                       '~~~~' => "$sigText $d",
-                       '~~~' => $sigText
-               ] );
+               if ( strpos( $text, '~~~' ) !== false ) {
+                       $sigText = $this->getUserSig( $user );
+                       $text = strtr( $text, [
+                               '~~~~~' => $d,
+                               '~~~~' => "$sigText $d",
+                               '~~~' => $sigText
+                       ] );
+                       # The main two signature forms used above are 
time-sensitive
+                       $this->mOutput->setFlag( 'user-signature' );
+               }
 
                # Context links ("pipe tricks"): [[|name]] and [[name 
(context)|]]
                $tc = '[' . Title::legalChars() . ']';

-- 
To view, visit https://gerrit.wikimedia.org/r/363753
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I77de05849c15e17ee2b9b31b34172f4b6a49a38e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits