Page MenuHomePhabricator
Create Task
Maniphest T50294

ApiUpload.php -- Async chunked upload fails when chunk is of file size but file is stashed
Closed, ResolvedPublic
Actions

Description

Original title:
ApiUpload.php -- Async chunked upload fails when chunk is of file size but file is stashed

Here is what I send to the server:

------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="format"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

json
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="action"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

upload
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="filename"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

' onmouseover='alert("There is a security vulnerable. Please contact the next admin if you see this in a message box.")' target='.png
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="stash"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="filesize"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

459
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="offset"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

0
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="async"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="ignorewarnings"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: attachment; name="chunk"; filename="' onmouseover='alert(-There is a security vulnerable. Please contact the next admin if you see this in a message box.-)' target='.png"
Content-Type: image/png
Content-Transfer-Encoding: binary

‰PNG

[...]
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="token"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

removed+\
------------mediawiki.commons.MwJSBot0.5308303697218709--

Which gives the following result:
{"servedby":"mw1121","error":{"code":"stashfailed","info":"Chunk assembly already in progress."}}

This is because of line 211 ff. in ApiUpload.php
which does
$this->dieUsage( "Chunk assembly already in progress.", 'stashfailed' );

At this time, the file is being added to the stash *but* the API user does not get a filekey back! Without that key, publishing the upload or querying the status is not possible.

I suggest either to refuse chunked uploads that only consist of one chunk or returning the result (Poll) from line 214 if the chunk is of the size of the whole file.

This way it will be possible to either publish the upload or it is clear that one-chunk-chunked uploads are not wanted.

Version: 1.22.0
Severity: normal

Details

Reference
bz48294

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:23 AM
bzimport added a project: MediaWiki-Action-API.
bzimport set Reference to bz48294.
Rillke created this task.May 9 2013, 2:05 PM
Anomie added a comment.May 9 2013, 10:17 PM

Note this is is only reproducible by making multiple chunked uploads in a session, although it's likely that there are other things broken even in the single-upload case.

gerritbot added a comment.May 9 2013, 10:17 PM

Related URL: https://gerrit.wikimedia.org/r/63079 (Gerrit Change Idbeab2fd0d801974b610198dcf02c81798f65a0d)

aaron added a comment.May 17 2013, 8:55 PM

Can this be closed?

Rillke added a comment.May 17 2013, 9:23 PM

Unfortunately it is not solved at Commons yet:
Still getting

{"servedby":"mw1141","error":{"code":"stashfailed","info":"Chunk assembly already in progress."}}

(on first attempt it uploaded successfully and said "poll" but when I checked status, it returned an error)

Also Gerrit Status is "Review in Progress / Need Rebase or Has Dependency". Until it is merged, it should stay open if other users run into this.

Anomie added a comment.May 20 2013, 5:11 PM

(In reply to comment #3)

Can this be closed?

No, patch is not yet merged.

gerritbot added a comment.May 29 2013, 5:43 PM

https://gerrit.wikimedia.org/r/63079 (Gerrit Change Idbeab2fd0d801974b610198dcf02c81798f65a0d) | change APPROVED and MERGED [by jenkins-bot]

Anomie added a comment.May 29 2013, 5:56 PM

Ok, now it's merged. The fix will most likely be deployed to WMF wikis with 1.22wmf6, see https://www.mediawiki.org/wiki/MediaWiki_1.22/Roadmap for the schedule.

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL