Last modified: 2012-09-19 21:00:54 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T38602, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 36602 - Debug level set too high on production wiki
Debug level set too high on production wiki
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Site requests (Other open bugs)
wmf-deployment
All All
: Unprioritized normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: shell
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-07 21:14 UTC by Jarry1250
Modified: 2012-09-19 21:00 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jarry1250 2012-05-07 21:14:14 UTC 
Rich Farmbrough reports on en.wp that he managed to get the following message recently, but with actually data rather than "[redacted]":

A database error has occurred. Did you forget to run maintenance/update.php after upgrading? See: https://www.mediawiki.org/wiki/Manual:Upgrading#Run_the_update_script Query: UPDATE `user` SET user_name = '[redacted]',user_password = '[redacted]',user_newpassword = 'redacted',user_newpass_time = '[redacted]',user_real_name = ,user_email = 'redacted',user_email_authenticated = '[redacted]',user_touched = '[redacted]',user_token = '[redacted]',user_email_token = '[redacted]',user_email_token_expires = '[redacted]' WHERE user_id = '[redacted]' Function: User::saveSettings Error: 1205 Lock wait timeout exceeded; try restarting transaction (10.0.6.48)

Clearly, this is a debug message that shouldn't be visible on a production wiki such as en.wp (regardless of the underlying problem) - either the debug level is set too high, or that message evades the privacy/debug filter.
Comment 1 Mark A. Hershberger 2012-05-08 15:43:45 UTC 
Tried, but could not reproduce this.  Still the message shouldn't show up.
Comment 2 Thehelpfulone 2012-05-08 22:49:18 UTC 
Where did you see this? Can he reproduce the error?
Comment 3 Jarry1250 2012-05-08 23:00:51 UTC 
(In reply to comment #2)
> Where did you see this? Can he reproduce the error?

It's on VPT. I've asked, no response yet.

Meanwhile, Tim Starling has said there:

> It's hard to tell what the cause of this was without knowing the URL,
> but it's possible that it was an exception message shown through api.php
> due to $wgShowExceptionDetails being set to true. It's probably not a serious
> security vulnerability, since such messages are sent with Cache-Control:
> private, but again, it's hard to be sure without having details about where
> it came from. We decided to turn off $wgShowExceptionDetails to be on the
> safe side, the reasons it was turned on are mostly no longer relevant.

So if can't repro, I think we're fine to close fixed without prejudice to reopening...?
Comment 4 Mark A. Hershberger 2012-05-09 02:19:17 UTC 
(In reply to comment #3)

> So if can't repro, I think we're fine to close fixed without prejudice to
> reopening...?

agreed
Comment 5 Jarry1250 2012-05-09 10:26:42 UTC 
Changing to "FIXED" since there does seem a semblance of a fix here, and it's just nicer on everyone if it gets closed that way.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links