Issues in WikibaseClient.default.php (master) - Issues in master - wikimedia/mediawiki-extensions-Wikibase - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1401)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

client/config/WikibaseClient.default.php (3 issues)

Labels

Unused Code 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

use MediaWiki\MediaWikiServices;
use Wikibase\Client\Usage\EntityUsage;
use Wikibase\Client\WikibaseClient;
use Wikibase\Lib\SettingsArray;
use Wikibase\Lib\WikibaseSettings;

// manually load EntityUsage so we can use its constants below –
// extension.json AutoloadNamespaces has not been processed yet
require_once __DIR__ . '/../includes/Usage/EntityUsage.php';

/**
 * This file assigns the default values to all Wikibase Client settings.
 *
 * This file is NOT an entry point the Wikibase Client extension. Use WikibaseClient.php.
 * It should furthermore not be included from outside the extension.
 *
 * @license GPL-2.0-or-later
 * @author Daniel Kinzler
 */

return call_user_func( function() {
	global $wgLanguageCode;

	$defaults = [
		'namespaces' => [], // by default, include all namespaces; deprecated as of 0.4
		'excludeNamespaces' => [],
		// @todo would be great to just get this from the sites stuff
		// but we will need to make sure the caching works good enough
		'siteLocalID' => $wgLanguageCode,
		'languageLinkSiteGroup' => null,
		'injectRecentChanges' => true,
		'showExternalRecentChanges' => true,
		'sendEchoNotification' => false,
		'echoIcon' => false,
		'allowDataTransclusion' => true,
		'referencedEntityIdAccessLimit' => 3,
		'referencedEntityIdMaxDepth' => 4,
		'referencedEntityIdMaxReferencedEntityVisits' => 50,
		'pageSchemaNamespaces' => [],
		'allowLocalShortDesc' => false,
		'forceLocalShortDesc' => false,
		'propagateChangesToRepo' => true,
		'propertyOrderUrl' => null,
		// List of additional CSS class names for site links that have badges,
		// e.g. [ 'Q101' => 'badge-goodarticle' ]
		'badgeClassNames' => [],
		// Allow accessing data from other items in the parser functions and via Lua
		'allowArbitraryDataAccess' => true,
		// Maximum number of full entities that can be accessed on a page. This does
		// not include convenience functions like mw.wikibase.label that use TermLookup
		// instead of loading a full entity.
		'entityAccessLimit' => 250,
		// Allow accessing data in the user's language rather than the content language
		// in the parser functions and via Lua.
		// Allows users to split the ParserCache by user language.
		'allowDataAccessInUserLanguage' => false,

		/**
		 * Prefix to use for cache keys that should be shared among a Wikibase Repo instance and all
		 * its clients. This is for things like caching entity blobs in memcached.
		 *
		 * The default here assumes Wikibase Repo + Client installed together on the same wiki. For
		 * a multiwiki / wikifarm setup, to configure shared caches between clients and repo, this
		 * needs to be set to the same value in both client and repo wiki settings.
		 *
		 * For Wikidata production, we set it to 'wikibase-shared/wikidata_1_25wmf24-wikidatawiki',
		 * which is 'wikibase_shared/' + deployment branch name + '-' + repo database name, and have
		 * it set in both $wgWBClientSettings and $wgWBRepoSettings.
		 */
		'sharedCacheKeyPrefix' => 'wikibase_shared/' . $GLOBALS['wgDBname'],
		'sharedCacheKeyGroup' => $GLOBALS['wgDBname'],

		/**
		 * The duration of the object cache, in seconds.
		 *
		 * As with sharedCacheKeyPrefix, this is both client and repo setting. On a multiwiki setup,
		 * this should be set to the same value in both the repo and clients. Also note that the
		 * setting value in $wgWBClientSettings overrides the one here.
		 */
		'sharedCacheDuration' => 60 * 60,

		/**
		 * List of data types (by data type id) not enabled on the wiki.
		 * This setting is intended to aid with deployment of new data types
		 * or on new Wikibase installs without items and properties yet.
		 *
		 * This setting should be consistent with the corresponding setting on the repo.
		 *
		 * WARNING: Disabling a data type after it is in use is dangerous
		 * and might break items.
		 */
		'disabledDataTypes' => [],

		'disabledUsageAspects' => [],

		'fineGrainedLuaTracking' => true,

		// The type of object cache to use. Use CACHE_XXX constants.
		// This is both a repo and client setting, and should be set to the same value in
		// repo and clients for multiwiki setups.
		'sharedCacheType' => $GLOBALS['wgMainCacheType'],

		// Batch size for UpdateHtmlCacheJob
		'purgeCacheBatchSize' => function ( SettingsArray $settings ) {
			$mainConfig = MediaWikiServices::getInstance()->getMainConfig();
			return $settings->hasSetting( 'wikiPageUpdaterDbBatchSize' )
				? $settings->getSetting( 'wikiPageUpdaterDbBatchSize' )
				: $mainConfig->get( 'UpdateRowsPerJob' );
		},

		// Batch size for InjectRCRecordsJob
		'recentChangesBatchSize' => function ( SettingsArray $settings ) {
			$mainConfig = MediaWikiServices::getInstance()->getMainConfig();
			return $settings->hasSetting( 'wikiPageUpdaterDbBatchSize' )
				? $settings->getSetting( 'wikiPageUpdaterDbBatchSize' )
				: $mainConfig->get( 'UpdateRowsPerJob' );
		},

		'useKartographerGlobeCoordinateFormatter' => false,
		'useKartographerMaplinkInWikitext' => false,
		'trackLuaFunctionCallsPerSiteGroup' => false,
		'trackLuaFunctionCallsPerWiki' => false,
		'itemAndPropertySourceName' => 'local',
		'entitySources' => [],

		'dataBridgeEnabled' => false, # if true, the next setting must also be specified
		# 'dataBridgeHrefRegExp' => '^http://localhost/index\.php/(Item:(Q[1-9][0-9]*)).*#(P[1-9][0-9]*)$',
		'dataBridgeIssueReportingLink' =>
		'https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?title=Wikidata+Bridge+error&description=<body>&tags=Wikidata-Bridge',

		// IDs of some well-known properties used to format references
		'wellKnownReferencePropertyIds' => [
			// (note: keys are not arbitrary, the software knows exactly these and no others)
			'referenceUrl' => null,
			'title' => null,
			'statedIn' => null,
			'author' => null,
			'publisher' => null,
			'publicationDate' => null,
			'retrievedDate' => null,
		],

		'termFallbackCacheVersion' => null,

		// enable implicit usage on the description of a page in its content language (T191831)
		'enableImplicitDescriptionUsage' => false,
	];

	// Some defaults depend on information not available at this time.
	// Especially, if the repository may be active on the local wiki, and
	// we need to adjust some defaults accordingly.
	// We use Closures to calculate such settings on the fly, the first time they
	// are used. See SettingsArray::setSetting() for details.

	//NOTE: when this is executed, the repo extension may not have been initialized yet.
	//      We need to defer the check and do it inside the closures.
	//      We use the pseudo-setting thisWikiIsTheRepo to store this information.
	//      thisWikiIsTheRepo should really never be overwritten, except for testing.

	$defaults['thisWikiIsTheRepo'] = function ( SettingsArray $settings ) {

		// determine whether the repo extension is present
		return WikibaseSettings::isRepoEnabled();
	};

	$defaults['repositories'] = function ( SettingsArray $settings ) {
		// XXX: Default to having Items in the main namespace, and properties in NS 120.
		// That is the live setup at wikidata.org, it is NOT consistent with the example settings!
		// FIXME: throw an exception, instead of making assumptions that may brak the site in strange ways!
		$entityNamespaces = [
			'item' => 0,
			'property' => 120
		];
		if ( $settings->getSetting( 'thisWikiIsTheRepo' ) ) {
			$entityNamespaces = WikibaseSettings::getRepoSettings()->getSetting( 'entityNamespaces' );
		}

		return [
			'' => [
				// Use false (meaning the local wiki's database) if this wiki is the repo,
				// otherwise default to null (meaning we can't access the repo's DB directly).
				'repoDatabase' => $settings->getSetting( 'thisWikiIsTheRepo' ) ? false : null,
				'baseUri' => $settings->getSetting( 'repoUrl' ) . '/entity/',
				'entityNamespaces' => $entityNamespaces,
				'prefixMapping' => [ '' => '' ],
			]
		];
	};

	$defaults['repoSiteName'] = function ( SettingsArray $settings ) {
		// This uses $wgSitename if this wiki is the repo.  Otherwise, set this to
		// either an i18n message key and the message will be used, if it exists.
		// If repo site name does not need translation, then set this as a string.
		return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgSitename'] : 'Wikidata';
	};

	$defaults['repoUrl'] = function ( SettingsArray $settings ) {
		// use $wgServer if this wiki is the repo, otherwise default to wikidata.org
		return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgServer'] : '//www.wikidata.org';
	};

	$defaults['repoArticlePath'] = function ( SettingsArray $settings ) {
		// use $wgArticlePath if this wiki is the repo, otherwise default to /wiki/$1
		return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgArticlePath'] : '/wiki/$1';
	};

	$defaults['repoScriptPath'] = function ( SettingsArray $settings ) {
		// use $wgScriptPath if this wiki is the repo, otherwise default to /w
		return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgScriptPath'] : '/w';
	};

	$defaults['repoNamespaces'] = function ( SettingsArray $settings ) {
		if ( $settings->getSetting( 'thisWikiIsTheRepo' ) ) {
			// if this is the repo wiki, look up the namespace names based on the entityNamespaces setting
			$namespaceNames = array_map(
				[ MWNamespace::class, 'getCanonicalName' ],
				WikibaseSettings::getRepoSettings()->getSetting( 'entityNamespaces' )
			);
			return $namespaceNames;
		} else {
			// XXX: Default to having Items in the main namespace, and properties in the 'Property' namespace.
			// That is the live setup at wikidata.org, it is NOT consistent with the example settings!
			// FIXME: throw an exception, instead of making assumptions that may brak the site in strange ways!
			return [
				'item' => '',
				'property' => 'Property'
			];
		}
	};

	$defaults['changesDatabase'] = function ( SettingsArray $settings ) {
		// Per default, the database for tracking changes is the local repo's database.
		// Note that the value for the repoDatabase setting may be calculated dynamically,
		// see above in 'repositories' setting.
		if ( $settings->hasSetting( 'repoDatabase' ) ) {
			return $settings->getSetting( 'repoDatabase' );
		}
		$repositorySettings = $settings->getSetting( 'repositories' );
		return $repositorySettings['']['repoDatabase'];
	};

	$defaults['siteGlobalID'] = function ( SettingsArray $settings ) {

		// The database name is a sane default for the site ID.
		// On Wikimedia sites, this is always correct.
		return $GLOBALS['wgDBname'];
	};

	$defaults['repoSiteId'] = function( SettingsArray $settings ) {
		// If repoDatabase is set, then default is same as repoDatabase
		// otherwise, defaults to siteGlobalID
		if ( $settings->hasSetting( 'repoDatabase' ) ) {
			$repoDatabase = $settings->getSetting( 'repoDatabase' );
		} else {
			$repositorySettings = $settings->getSetting( 'repositories' );
			$repoDatabase = $repositorySettings['']['repoDatabase'];
		}

		return ( $repoDatabase === false )
			? $settings->getSetting( 'siteGlobalID' )
			: $repoDatabase;
	};

	$defaults['siteGroup'] = function ( SettingsArray $settings ) {

		// by default lookup from SiteLookup, can override with setting for performance reasons
		return null;
	};

	$defaults['otherProjectsLinks'] = function ( SettingsArray $settings ) {
		$otherProjectsSitesProvider = WikibaseClient::getDefaultInstance()->getOtherProjectsSitesProvider();
		return $otherProjectsSitesProvider->getOtherProjectsSiteIds( $settings->getSetting( 'siteLinkGroups' ) );
	};

	// Base URL of geo shape storage frontend. Used primarily to build links to the geo shapes. Will
	// be concatenated with the page title, so should end with "/" or "title=". Special characters
	// (e.g. space, percent, etc.) should NOT be encoded.
	$defaults['geoShapeStorageBaseUrl'] = 'https://commons.wikimedia.org/wiki/';

	// Base URL of tabular data storage frontend. Used primarily to build links to the tabular data
	// pages. Will be concatenated with the page title, so should end with "/" or "title=". Special
	// characters (e.g. space, percent, etc.) should NOT be encoded.
	$defaults['tabularDataStorageBaseUrl'] = 'https://commons.wikimedia.org/wiki/';

	// Namespace id for entity schema data type
	$defaults['entitySchemaNamespace'] = 640;

	// Disabled entity access
	$defaults['disabledAccessEntityTypes'] = [];

	// The limit to issue a warning when number of entities used in a page hit that
	$defaults['entityUsagePerPageLimit'] = 100;

	// The limit to turn the usage into a general one when there is too many modifiers
	$defaults['entityUsageModifierLimits'] = [
		EntityUsage::DESCRIPTION_USAGE => 30,
		EntityUsage::LABEL_USAGE => 30,
		EntityUsage::STATEMENT_USAGE => 10
	];

	// Batch size for adding entity usage records
	$defaults['addEntityUsagesBatchSize'] = 500;

	return $defaults;
} );


1			<?php
2
3			use MediaWiki\MediaWikiServices;
4			use Wikibase\Client\Usage\EntityUsage;
5			use Wikibase\Client\WikibaseClient;
6			use Wikibase\Lib\SettingsArray;
7			use Wikibase\Lib\WikibaseSettings;
8
9			// manually load EntityUsage so we can use its constants below –
10			// extension.json AutoloadNamespaces has not been processed yet
11			require_once __DIR__ . '/../includes/Usage/EntityUsage.php';
12
13			/**
14			* This file assigns the default values to all Wikibase Client settings.
15			*
16			* This file is NOT an entry point the Wikibase Client extension. Use WikibaseClient.php.
17			* It should furthermore not be included from outside the extension.
18			*
19			* @license GPL-2.0-or-later
20			* @author Daniel Kinzler
21			*/
22
23			return call_user_func( function() {
24			global $wgLanguageCode;
25
26			$defaults = [
27			'namespaces' => [], // by default, include all namespaces; deprecated as of 0.4
28			'excludeNamespaces' => [],
29			// @todo would be great to just get this from the sites stuff
30			// but we will need to make sure the caching works good enough
31			'siteLocalID' => $wgLanguageCode,
32			'languageLinkSiteGroup' => null,
33			'injectRecentChanges' => true,
34			'showExternalRecentChanges' => true,
35			'sendEchoNotification' => false,
36			'echoIcon' => false,
37			'allowDataTransclusion' => true,
38			'referencedEntityIdAccessLimit' => 3,
39			'referencedEntityIdMaxDepth' => 4,
40			'referencedEntityIdMaxReferencedEntityVisits' => 50,
41			'pageSchemaNamespaces' => [],
42			'allowLocalShortDesc' => false,
43			'forceLocalShortDesc' => false,
44			'propagateChangesToRepo' => true,
45			'propertyOrderUrl' => null,
46			// List of additional CSS class names for site links that have badges,
47			// e.g. [ 'Q101' => 'badge-goodarticle' ]
48			'badgeClassNames' => [],
49			// Allow accessing data from other items in the parser functions and via Lua
50			'allowArbitraryDataAccess' => true,
51			// Maximum number of full entities that can be accessed on a page. This does
52			// not include convenience functions like mw.wikibase.label that use TermLookup
53			// instead of loading a full entity.
54			'entityAccessLimit' => 250,
55			// Allow accessing data in the user's language rather than the content language
56			// in the parser functions and via Lua.
57			// Allows users to split the ParserCache by user language.
58			'allowDataAccessInUserLanguage' => false,
59
60			/**
61			* Prefix to use for cache keys that should be shared among a Wikibase Repo instance and all
62			* its clients. This is for things like caching entity blobs in memcached.
63			*
64			* The default here assumes Wikibase Repo + Client installed together on the same wiki. For
65			* a multiwiki / wikifarm setup, to configure shared caches between clients and repo, this
66			* needs to be set to the same value in both client and repo wiki settings.
67			*
68			* For Wikidata production, we set it to 'wikibase-shared/wikidata_1_25wmf24-wikidatawiki',
69			* which is 'wikibase_shared/' + deployment branch name + '-' + repo database name, and have
70			* it set in both $wgWBClientSettings and $wgWBRepoSettings.
71			*/
72			'sharedCacheKeyPrefix' => 'wikibase_shared/' . $GLOBALS['wgDBname'],
73			'sharedCacheKeyGroup' => $GLOBALS['wgDBname'],
74
75			/**
76			* The duration of the object cache, in seconds.
77			*
78			* As with sharedCacheKeyPrefix, this is both client and repo setting. On a multiwiki setup,
79			* this should be set to the same value in both the repo and clients. Also note that the
80			* setting value in $wgWBClientSettings overrides the one here.
81			*/
82			'sharedCacheDuration' => 60 * 60,
83
84			/**
85			* List of data types (by data type id) not enabled on the wiki.
86			* This setting is intended to aid with deployment of new data types
87			* or on new Wikibase installs without items and properties yet.
88			*
89			* This setting should be consistent with the corresponding setting on the repo.
90			*
91			* WARNING: Disabling a data type after it is in use is dangerous
92			* and might break items.
93			*/
94			'disabledDataTypes' => [],
95
96			'disabledUsageAspects' => [],
97
98			'fineGrainedLuaTracking' => true,
99
100			// The type of object cache to use. Use CACHE_XXX constants.
101			// This is both a repo and client setting, and should be set to the same value in
102			// repo and clients for multiwiki setups.
103			'sharedCacheType' => $GLOBALS['wgMainCacheType'],
104
105			// Batch size for UpdateHtmlCacheJob
106			'purgeCacheBatchSize' => function ( SettingsArray $settings ) {
107			$mainConfig = MediaWikiServices::getInstance()->getMainConfig();
108			return $settings->hasSetting( 'wikiPageUpdaterDbBatchSize' )
109			? $settings->getSetting( 'wikiPageUpdaterDbBatchSize' )
110			: $mainConfig->get( 'UpdateRowsPerJob' );
111			},
112
113			// Batch size for InjectRCRecordsJob
114			'recentChangesBatchSize' => function ( SettingsArray $settings ) {
115			$mainConfig = MediaWikiServices::getInstance()->getMainConfig();
116			return $settings->hasSetting( 'wikiPageUpdaterDbBatchSize' )
117			? $settings->getSetting( 'wikiPageUpdaterDbBatchSize' )
118			: $mainConfig->get( 'UpdateRowsPerJob' );
119			},
120
121			'useKartographerGlobeCoordinateFormatter' => false,
122			'useKartographerMaplinkInWikitext' => false,
123			'trackLuaFunctionCallsPerSiteGroup' => false,
124			'trackLuaFunctionCallsPerWiki' => false,
125			'itemAndPropertySourceName' => 'local',
126			'entitySources' => [],
127
128			'dataBridgeEnabled' => false, # if true, the next setting must also be specified
129			# 'dataBridgeHrefRegExp' => '^http://localhost/index\.php/(Item:(Q[1-9][0-9])).#(P[1-9][0-9]*)$',
130			'dataBridgeIssueReportingLink' =>
131			'https://phabricator.wikimedia.org/maniphest/task/edit/form/1/?title=Wikidata+Bridge+error&description=<body>&tags=Wikidata-Bridge',
132
133			// IDs of some well-known properties used to format references
134			'wellKnownReferencePropertyIds' => [
135			// (note: keys are not arbitrary, the software knows exactly these and no others)
136			'referenceUrl' => null,
137			'title' => null,
138			'statedIn' => null,
139			'author' => null,
140			'publisher' => null,
141			'publicationDate' => null,
142			'retrievedDate' => null,
143			],
144
145			'termFallbackCacheVersion' => null,
146
147			// enable implicit usage on the description of a page in its content language (T191831)
148			'enableImplicitDescriptionUsage' => false,
149			];
150
151			// Some defaults depend on information not available at this time.
152			// Especially, if the repository may be active on the local wiki, and
153			// we need to adjust some defaults accordingly.
154			// We use Closures to calculate such settings on the fly, the first time they
155			// are used. See SettingsArray::setSetting() for details.
156
157			//NOTE: when this is executed, the repo extension may not have been initialized yet.
158			// We need to defer the check and do it inside the closures.
159			// We use the pseudo-setting thisWikiIsTheRepo to store this information.
160			// thisWikiIsTheRepo should really never be overwritten, except for testing.
161
162			$defaults['thisWikiIsTheRepo'] = function ( SettingsArray $settings ) {
			0 ignored issues – show Unused Code introduced 2015-11-20 22:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$settings` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
163			// determine whether the repo extension is present
164			return WikibaseSettings::isRepoEnabled();
165			};
166
167			$defaults['repositories'] = function ( SettingsArray $settings ) {
168			// XXX: Default to having Items in the main namespace, and properties in NS 120.
169			// That is the live setup at wikidata.org, it is NOT consistent with the example settings!
170			// FIXME: throw an exception, instead of making assumptions that may brak the site in strange ways!
171			$entityNamespaces = [
172			'item' => 0,
173			'property' => 120
174			];
175			if ( $settings->getSetting( 'thisWikiIsTheRepo' ) ) {
176			$entityNamespaces = WikibaseSettings::getRepoSettings()->getSetting( 'entityNamespaces' );
177			}
178
179			return [
180			'' => [
181			// Use false (meaning the local wiki's database) if this wiki is the repo,
182			// otherwise default to null (meaning we can't access the repo's DB directly).
183			'repoDatabase' => $settings->getSetting( 'thisWikiIsTheRepo' ) ? false : null,
184			'baseUri' => $settings->getSetting( 'repoUrl' ) . '/entity/',
185			'entityNamespaces' => $entityNamespaces,
186			'prefixMapping' => [ '' => '' ],
187			]
188			];
189			};
190
191			$defaults['repoSiteName'] = function ( SettingsArray $settings ) {
192			// This uses $wgSitename if this wiki is the repo. Otherwise, set this to
193			// either an i18n message key and the message will be used, if it exists.
194			// If repo site name does not need translation, then set this as a string.
195			return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgSitename'] : 'Wikidata';
196			};
197
198			$defaults['repoUrl'] = function ( SettingsArray $settings ) {
199			// use $wgServer if this wiki is the repo, otherwise default to wikidata.org
200			return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgServer'] : '//www.wikidata.org';
201			};
202
203			$defaults['repoArticlePath'] = function ( SettingsArray $settings ) {
204			// use $wgArticlePath if this wiki is the repo, otherwise default to /wiki/$1
205			return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgArticlePath'] : '/wiki/$1';
206			};
207
208			$defaults['repoScriptPath'] = function ( SettingsArray $settings ) {
209			// use $wgScriptPath if this wiki is the repo, otherwise default to /w
210			return $settings->getSetting( 'thisWikiIsTheRepo' ) ? $GLOBALS['wgScriptPath'] : '/w';
211			};
212
213			$defaults['repoNamespaces'] = function ( SettingsArray $settings ) {
214			if ( $settings->getSetting( 'thisWikiIsTheRepo' ) ) {
215			// if this is the repo wiki, look up the namespace names based on the entityNamespaces setting
216			$namespaceNames = array_map(
217			[ MWNamespace::class, 'getCanonicalName' ],
218			WikibaseSettings::getRepoSettings()->getSetting( 'entityNamespaces' )
219			);
220			return $namespaceNames;
221			} else {
222			// XXX: Default to having Items in the main namespace, and properties in the 'Property' namespace.
223			// That is the live setup at wikidata.org, it is NOT consistent with the example settings!
224			// FIXME: throw an exception, instead of making assumptions that may brak the site in strange ways!
225			return [
226			'item' => '',
227			'property' => 'Property'
228			];
229			}
230			};
231
232			$defaults['changesDatabase'] = function ( SettingsArray $settings ) {
233			// Per default, the database for tracking changes is the local repo's database.
234			// Note that the value for the repoDatabase setting may be calculated dynamically,
235			// see above in 'repositories' setting.
236			if ( $settings->hasSetting( 'repoDatabase' ) ) {
237			return $settings->getSetting( 'repoDatabase' );
238			}
239			$repositorySettings = $settings->getSetting( 'repositories' );
240			return $repositorySettings['']['repoDatabase'];
241			};
242
243			$defaults['siteGlobalID'] = function ( SettingsArray $settings ) {
			0 ignored issues – show Unused Code introduced 2015-11-20 22:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$settings` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
244			// The database name is a sane default for the site ID.
245			// On Wikimedia sites, this is always correct.
246			return $GLOBALS['wgDBname'];
247			};
248
249			$defaults['repoSiteId'] = function( SettingsArray $settings ) {
250			// If repoDatabase is set, then default is same as repoDatabase
251			// otherwise, defaults to siteGlobalID
252			if ( $settings->hasSetting( 'repoDatabase' ) ) {
253			$repoDatabase = $settings->getSetting( 'repoDatabase' );
254			} else {
255			$repositorySettings = $settings->getSetting( 'repositories' );
256			$repoDatabase = $repositorySettings['']['repoDatabase'];
257			}
258
259			return ( $repoDatabase === false )
260			? $settings->getSetting( 'siteGlobalID' )
261			: $repoDatabase;
262			};
263
264			$defaults['siteGroup'] = function ( SettingsArray $settings ) {
			0 ignored issues – show Unused Code introduced 2015-11-20 22:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$settings` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
265			// by default lookup from SiteLookup, can override with setting for performance reasons
266			return null;
267			};
268
269			$defaults['otherProjectsLinks'] = function ( SettingsArray $settings ) {
270			$otherProjectsSitesProvider = WikibaseClient::getDefaultInstance()->getOtherProjectsSitesProvider();
271			return $otherProjectsSitesProvider->getOtherProjectsSiteIds( $settings->getSetting( 'siteLinkGroups' ) );
272			};
273
274			// Base URL of geo shape storage frontend. Used primarily to build links to the geo shapes. Will
275			// be concatenated with the page title, so should end with "/" or "title=". Special characters
276			// (e.g. space, percent, etc.) should NOT be encoded.
277			$defaults['geoShapeStorageBaseUrl'] = 'https://commons.wikimedia.org/wiki/';
278
279			// Base URL of tabular data storage frontend. Used primarily to build links to the tabular data
280			// pages. Will be concatenated with the page title, so should end with "/" or "title=". Special
281			// characters (e.g. space, percent, etc.) should NOT be encoded.
282			$defaults['tabularDataStorageBaseUrl'] = 'https://commons.wikimedia.org/wiki/';
283
284			// Namespace id for entity schema data type
285			$defaults['entitySchemaNamespace'] = 640;
286
287			// Disabled entity access
288			$defaults['disabledAccessEntityTypes'] = [];
289
290			// The limit to issue a warning when number of entities used in a page hit that
291			$defaults['entityUsagePerPageLimit'] = 100;
292
293			// The limit to turn the usage into a general one when there is too many modifiers
294			$defaults['entityUsageModifierLimits'] = [
295			EntityUsage::DESCRIPTION_USAGE => 30,
296			EntityUsage::LABEL_USAGE => 30,
297			EntityUsage::STATEMENT_USAGE => 10
298			];
299
300			// Batch size for adding entity usage records
301			$defaults['addEntityUsagesBatchSize'] = 500;
302
303			return $defaults;
304			} );
305

wikimedia / mediawiki-extensions-Wikibase

Issues (1401)

Security Analysis no request data

client/config/WikibaseClient.default.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like