Page MenuHomePhabricator
Create Task
Maniphest T31525

Call to a member function isOpen() on a non-object
Closed, ResolvedPublic
Actions

Description

Upgraded to Mediawiki 1.17.0 (Debian/stable, PHP 5.3.3), ran the maintenance/update.php and MW would work fine - but only without the SimpleSecurity extension. If enabled, this happens:

PHP Fatal error:  Call to a member function isOpen() on a non-object in
../includes/db/LoadBalancer.php on line 652

LocalSettings.php

$wgSecurityUseDBHook = true;
require_once("$IP/extensions/SimpleSecurity-svn/SimpleSecurity.php");
$wgSecurityRenderInfo = false;
$wgSecurityAllowUnreadableLinks = false;
$wgPageRestrictions['Namespace:Special']['read'] = 'users';
$wgPageRestrictions['Namespace:User']['read'] = 'users';

Commenting out wgSecurityUseDBHook helped and SimpleSecurity does what it's supposed to do - I guess. I'd feel more comfortable if someone could have a look at this if it's safe to disable the hook with MW 1.17.

Thanks!

Version: unspecified
Severity: normal

Details

Reference
bz29525

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 21 2014, 11:29 PM
bzimport added a project: MediaWiki-extensions-SimpleSecurity.
bzimport set Reference to bz29525.
Ckujau created this task.Jun 22 2011, 8:37 AM
Nikerabbit added a comment.Jun 22 2011, 8:43 AM

Trunk version of the extensions seems to have a fix for this.

Ckujau added a comment.Jun 24 2011, 8:10 AM

I'm already using SimpleSecurity's trunk version (r89186), but as soon as I set $wgSecurityUseDBHook=true; this fatal PHP error is shown and I get an empty page. Unsetting $wgSecurityUseDBHook or setting to "false" makes it work again.

So maybe the documentation on WM:Extension:Simple_Security needs to be changed for MW 1.17, but I'm not sure what the (security-)implications of this missing hook are - hence this report.

Nad added a comment.Jun 24 2011, 11:21 AM

There have been changes to the LoadBalancer and LBFactory which make SimpleSecurity 4.x incompatible with versions of MediaWiki start from 1.17.

I've found a way to hook into the database for 1.17+ but it required quite major changes which I couldn't make backwards compatible with versions of MediaWiki prior to this, so I've made SimpleSecurity 5.0 which should be used for 1.17+ and 4.x for older MediaWiki versions.

SimpleSecurity 4.x is available from the OrganicDesign extensions repo at:
http://svn.organicdesign.co.nz/listing.php?repname=extensions

For more detailed info about the problem and solution see:
http://www.organicdesign.co.nz/Extension:SimpleSecurity

This is a major update so there could be further issues.

Ckujau added a comment.Jul 19 2011, 3:33 AM

Sorry for the late reply: yes, with the trunk version of SimpleSecurity (r92519) it's working now and the error message is gone. I do have another problem though, but that'll do for another bug.

One more thing: the installation on Extension:Simple_Security now says to add wgSecurityUseDBHook *after* the include_once statement for current SimpleSecurity releases. This does not work here, I still have to put it *before* include_once (resp. require_once, the documentation lists them both).

Thanks!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL