Last modified: 2012-08-02 22:50:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T36231, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 34231 - Make thumb.php error or redirect for urls with bogus paths but valid file & thumb names
Make thumb.php error or redirect for urls with bogus paths but valid file & t...
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.20.x
All All
: Normal normal (vote)
: ---
Assigned To: Ben Hartshorne
: platformeng
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-06 19:36 UTC by Aaron Schulz
Modified: 2012-08-02 22:50 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aaron Schulz 2012-02-06 19:36:41 UTC 
From IRC:
[11:28]	AaronSchulz	domas: https://upload.wikimedia.org/wikipedia/commons/thumb/x/xx/Little_kitten_.jpg/799px-Little_kittenajsdhfa_.jpg
[11:28]	AaronSchulz	hehe, file deletion won't purge that I bet
[11:28]	AaronSchulz	it sends the purge URLs based on the actual relative path, not that fake one I posted with fake hash dirs
[11:29]	AaronSchulz	one could upload pr0n and hotlink to thumbs for days without them going away even if the source file was deleted

thumb.php should redirect or give an error in such cases.
Comment 1 Aaron Schulz 2012-02-09 19:45:46 UTC 
Fixed thumb.php in r111076. Since WMF still uses thumb-handler.php, the fix has no effect in that case.
Comment 2 Rob Lanphier 2012-02-10 19:37:53 UTC 
Ben, this one is now solely dependent on eliminating ms5 from the thumbnail path, so I'm assigning it to you.
Comment 3 Aaron Schulz 2012-02-10 19:47:37 UTC 
I need to make the tiff/ogg extensions use the ExtractThumbParameters hook in thumb.php as well before we can start using its 404 handling.
Comment 4 Aaron Schulz 2012-02-10 20:53:11 UTC 
(In reply to comment #3)
> I need to make the tiff/ogg extensions use the ExtractThumbParameters hook in
> thumb.php as well before we can start using its 404 handling.

Done in r111199.
Comment 5 Aaron Schulz 2012-06-22 18:48:44 UTC 
To switch over:
a) 404 handling must be enabled on the scalars to rewrite to thumb_handler.php
b) rewrite.py change to use the scalars directly on 404
c) thumb-handler.php on nginx server could eventually be disabled, though that's not required for this bug
Comment 6 Aaron Schulz 2012-08-02 22:50:05 UTC 
The new handler has been deployed already.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links