* 'deleteHeaders' => [],
* 'writeMethod' => 'POST',
* ],
+ * 'serialization_type' => 'JSON',
* 'extendedErrorBodyFields' => [ 'type', 'title', 'detail', 'instance' ]
* );
* $wgSessionCacheType = 'sessions';
*/
private $httpParams;
+ /**
+ * Optional serialization type to use. Allowed values: "PHP", "JSON", or "legacy".
+ * "legacy" is PHP serialization with no serialization type tagging or hmac protection.
+ * @var string
+ * @deprecated since 1.34, the "legacy" value will be removed in 1.35.
+ * Use either "PHP" or "JSON".
+ */
+ private $serializationType;
+
+ /**
+ * Optional HMAC Key for protecting the serialized blob. If omitted, or if serializationType
+ * is "legacy", then no protection is done
+ * @var string
+ */
+ private $hmacKey;
+
/**
* @var array additional body fields to log on error, if possible
*/
$this->httpParams['writeHeaders'] = $params['httpParams']['writeHeaders'] ?? [];
$this->httpParams['deleteHeaders'] = $params['httpParams']['deleteHeaders'] ?? [];
$this->extendedErrorBodyFields = $params['extendedErrorBodyFields'] ?? [];
+ $this->serializationType = $params['serialization_type'] ?? 'legacy';
+ $this->hmacKey = $params['hmac_key'] ?? '';
// The parent constructor calls setLogger() which sets the logger in $this->client
parent::__construct( $params );
return $this->handleError( "Failed to delete $key", $rcode, $rerr, $rhdrs, $rbody );
}
- public function incr( $key, $value = 1 ) {
+ public function incr( $key, $value = 1, $flags = 0 ) {
// @TODO: make this atomic
$n = $this->get( $key, self::READ_LATEST );
if ( $this->isInteger( $n ) ) { // key exists?
- $n = max( $n + intval( $value ), 0 );
+ $n = max( $n + (int)$value, 0 );
// @TODO: respect $exptime
return $this->set( $key, $n ) ? $n : false;
}
return false;
}
+ public function decr( $key, $value = 1, $flags = 0 ) {
+ return $this->incr( $key, -$value, $flags );
+ }
+
/**
* Processes the response body.
*
* @return mixed|bool the processed body, or false on error
*/
private function decodeBody( $body ) {
- $value = json_decode( $body, true );
- return ( json_last_error() === JSON_ERROR_NONE ) ? $value : false;
+ if ( $this->serializationType === 'legacy' ) {
+ $serialized = $body;
+ } else {
+ $pieces = explode( '.', $body, 3 );
+ if ( count( $pieces ) !== 3 || $pieces[0] !== $this->serializationType ) {
+ return false;
+ }
+ list( , $hmac, $serialized ) = $pieces;
+ if ( $this->hmacKey !== '' ) {
+ $checkHmac = hash_hmac( 'sha256', $serialized, $this->hmacKey, true );
+ if ( !hash_equals( $checkHmac, base64_decode( $hmac ) ) ) {
+ return false;
+ }
+ }
+ }
+
+ switch ( $this->serializationType ) {
+ case 'JSON':
+ $value = json_decode( $serialized, true );
+ return ( json_last_error() === JSON_ERROR_NONE ) ? $value : false;
+
+ case 'PHP':
+ case 'legacy':
+ return unserialize( $serialized );
+
+ default:
+ throw new \DomainException(
+ "Unknown serialization type: $this->serializationType"
+ );
+ }
}
/**
* Prepares the request body (the "value" portion of our key/value store) for transmission.
*
* @param string $body request body to prepare
- * @return string the prepared body, or an empty string on error
+ * @return string the prepared body
* @throws LogicException
*/
private function encodeBody( $body ) {
- $value = json_encode( $body );
- if ( $value === false ) {
- throw new InvalidArgumentException( __METHOD__ . ": body could not be encoded." );
+ switch ( $this->serializationType ) {
+ case 'JSON':
+ $value = json_encode( $body );
+ if ( $value === false ) {
+ throw new InvalidArgumentException( __METHOD__ . ": body could not be encoded." );
+ }
+ break;
+
+ case 'PHP':
+ case "legacy":
+ $value = serialize( $body );
+ break;
+
+ default:
+ throw new \DomainException(
+ "Unknown serialization type: $this->serializationType"
+ );
+ }
+
+ if ( $this->serializationType !== 'legacy' ) {
+ if ( $this->hmacKey !== '' ) {
+ $hmac = base64_encode(
+ hash_hmac( 'sha256', $value, $this->hmacKey, true )
+ );
+ } else {
+ $hmac = '';
+ }
+ $value = $this->serializationType . '.' . $hmac . '.' . $value;
}
+
return $value;
}