Last modified: 2014-09-05 13:01:11 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T71453, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 69453 - TimedMediaHandler making bad action=raw requests
TimedMediaHandler making bad action=raw requests
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
TimedMediaHandler (Other open bugs)
unspecified
All All
: High major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-08-13 01:32 UTC by Kunal Mehta (Legoktm)
Modified: 2014-09-05 13:01 UTC (History)
9 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kunal Mehta (Legoktm) 2014-08-13 01:32:46 UTC 
In the CentralAuth bug 39996 debug logs we're seeing requests coming through with $_SERVER['REQUEST_URI'] set to /wiki/:South+Africa+National+Anthem.ogg.af.srt?action=raw&ctype=text/x-srt

Problems here:

1. Namespace is missing
2. Using + instead of _
3. Passing ctype=text/x-srt doesn't work. RawAction has a whitelist and converts it to text/x-wiki AFAIS
4. Visiting that URL in my browser throws a "Invalid file extension found in the path info or query string." Even with proper namespace (<https://commons.wikimedia.org/wiki/TimedText:South_Africa_National_Anthem.ogg.af.srt?action=raw&ctype=text/x-srt>), I still see the same error.
Comment 1 Gerrit Notification Bot 2014-08-14 20:58:36 UTC 
Change 154144 had a related patch set uploaded by Brian Wolff:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154144
Comment 2 Bawolff (Brian Wolff) 2014-08-14 21:06:45 UTC 
(In reply to Gerrit Notification Bot from comment #1)
> Change 154144 had a related patch set uploaded by Brian Wolff:
> Fix horribly broken way TMH was generating <track> urls
> 
> https://gerrit.wikimedia.org/r/154144

That only covers the bad encoding, not the wrong namespace.

-----

Wrong namespace appears to be because TMH tries to override the api with a different DB object (which is super insane), but the api still works with the local instances namespace list, so TimedText is getting translated to whatever namespace 102 is on the local wiki. On mw.org it uses the extension namespace (!)
Comment 3 Gerrit Notification Bot 2014-08-14 21:14:33 UTC 
Change 154144 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154144
Comment 4 Gerrit Notification Bot 2014-08-14 21:17:26 UTC 
Change 154150 had a related patch set uploaded by Legoktm:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154150
Comment 5 Gerrit Notification Bot 2014-08-14 21:17:43 UTC 
Change 154151 had a related patch set uploaded by Legoktm:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154151
Comment 6 Gerrit Notification Bot 2014-08-14 23:35:04 UTC 
Change 154151 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154151
Comment 7 Gerrit Notification Bot 2014-08-14 23:35:13 UTC 
Change 154150 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154150
Comment 8 Kunal Mehta (Legoktm) 2014-08-15 00:28:14 UTC 
First part was backported, so the action=raw requests with bad namespaces now return 404s instead of 403s, which means MediaWiki should at least clean up any unfinished transactions.
Comment 9 Kunal Mehta (Legoktm) 2014-09-05 13:01:11 UTC 
I looked at the logs again today, and there's at least one new broken account since bawolff's patch was deployed.

The log entries we have for it are:

centralauth-bug39996.log-20140827.gz:[ts] mw1164 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.en.srt?action=raw&ctype=text/x-srt
centralauth-bug39996.log-20140827.gz:[ts] mw1208 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /w/api.php?callback=jQuery1111[...]&action=parse&page=TimedText%3ACiting_sources_tutorial%2C_part_1.ogv.en.srt&smaxage=3600&maxage=3600&format=json&_=[some number]
centralauth-bug39996.log-20140827.gz:[ts] mw1149 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.zh-hant.srt?action=raw&ctype=text/x-srt
centralauth-bug39996.log-20140827.gz:[ts] mw1097 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.or.srt?action=raw&ctype=text/x-srt

I removed the timestamps, but they were all the exact same second.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links