Page MenuHomePhabricator
Create Task
Maniphest T8892

Database error + PHP Undefined index notice on trackback.php on bad input + E_ALL
Closed, ResolvedPublic
Actions

Description

Author: nickpj

Description:

CURL command:

curl --silent --include \
-F 'url'='title'\
-F 'blog_name'='80'\
-F 'article'='Main Page'\
-F 'excerpt'='"'\

'localhost/wiki/trackback.php'

LocalSettings.php includes this:

$wgUseTrackbacks = true;
error_reporting (E_ALL);

$wgShowSQLErrors = true;

(i.e. stricter error reporting, trackbacks usage enabled, and show details of
failed SQL queries).

HTML output contains:

<br />
<b>Notice</b>: Undefined index: title in
<b>/var/www/hosts/mediawiki/phase3/trackback.php</b> on line <b>46</b><br />
<html>

<head>
<title>Database error</title>
</head>
<body>
<h1><img src='/wiki/skins/common/images/wiki.png'

style='float:left;margin-right:1em' alt=''>Database error</h1>

A database query syntax error has occurred.

This may indicate a bug in the software.
The last attempted database query was:
<blockquote><tt>INSERT INTO trackbacks
(tb_page,tb_title,tb_url,tb_ex,tb_name) VALUES
('1',NULL,'title','&amp;#0000034;','80')</tt></blockquote>
from within function "<tt>Database::insert</tt>".
MySQL returned error "<tt>1048: Column 'tb_title' cannot be null

(localhost)</tt>".</body></html>

Version: 1.8.x
Severity: minor

Details

Reference
bz6892

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:21 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz6892.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Aug 1 2006, 7:37 AM
bzimport added a comment.Aug 28 2006, 9:54 AM

kaikkd wrote:

*** Bug 6891 has been marked as a duplicate of this bug. ***

bzimport added a comment.Aug 28 2006, 9:58 AM

kaikkd wrote:

I expect replace "(untitled)" with wfMsg().

Index: trackback.php

  • trackback.php (rev. 16138)

+++ trackback.php (copied)
@@ -43,8 +43,8 @@

$dbw =& wfGetDB(DB_MASTER);

-$tbtitle = $_POST['title'];
-$tbex = $_POST['excerpt'];
+$tbtitle = isset($_POST['title']) ? $_POST['title'] : "(untitled)";
+$tbex = isset($_POST['excerpt']) ? $_POST['excerpt'] : "";
$tburl = $_POST['url'];
$tbname = $_POST['blog_name'];
$tbarticle = $_REQUEST['article'];
$tbname = $_POST['blog_name'];
$tbarticle = $_REQUEST['article'];

brion added a comment.Mar 22 2008, 12:09 AM

Fixed in r32318

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL