Page MenuHomePhabricator

Use expression builder instead of raw SQL in CentralAuth
Closed, ResolvedPublic

Description

Now that T210206: Deprecate raw SQL conditions for IDatabase methods (select, insert, etc.) is done, this extension should migrate away from building and passing around raw SQL to expression builders.

It improves readability and security of the code and is more aligned with industry practices easing onboarding.

For more information check T210206 and T350075.

Calls to Database::addQuotes(), ::buildLike(), ::makeList() indicate that raw SQL is being built and passed around.

Event Timeline

Change 973851 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Replace simple uses of addQuotes() with SQL expression builder

https://gerrit.wikimedia.org/r/973851

(just a drive-by patch for the boring replacements, I'll leave the interesting ones for someone else to do ;) )

Change 973851 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Replace simple uses of addQuotes() with SQL expression builder

https://gerrit.wikimedia.org/r/973851

Change 980459 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] [DNM] Try using Rector to migrate addQuotes(), makeList(), buildLike() to expression builder

https://gerrit.wikimedia.org/r/980459

@pmiazga suggested writing Rector rules for this and I know that @Ladsgroup also experimented with automating these changes, so I gave it a try in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CentralAuth/+/980459. Overall, it could be helpful, but it still requires a lot of manual fixing afterwards. Have a look at that patch for details.

Change 980492 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/core@master] TempUser\Pattern: Use SQL expression builder instead of buildLike()

https://gerrit.wikimedia.org/r/980492

Change 980494 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Use SQL expression builder instead of buildLike()

https://gerrit.wikimedia.org/r/980494

Change 980496 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/CentralAuth@master] Use SQL expression builder instead of makeList() and others

https://gerrit.wikimedia.org/r/980496

Change 980492 merged by jenkins-bot:

[mediawiki/core@master] TempUser\Pattern: Use SQL expression builder instead of buildLike()

https://gerrit.wikimedia.org/r/980492

Change 980494 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Use SQL expression builder instead of buildLike()

https://gerrit.wikimedia.org/r/980494

Change 980496 merged by jenkins-bot:

[mediawiki/extensions/CentralAuth@master] Use SQL expression builder instead of makeList() and others

https://gerrit.wikimedia.org/r/980496

Change 980459 abandoned by Bartosz Dziewoński:

[mediawiki/extensions/CentralAuth@master] [DNM] Try using Rector to migrate addQuotes(), makeList(), buildLike() to expression builder

Reason:

https://gerrit.wikimedia.org/r/980459