Page MenuHomePhabricator

PHP notice from Language.php on bad input to Special:Undelete
Closed, ResolvedPublic

Description

Author: nickpj

Description:

Command:

curl --silent --include \
-F 'target'='Fred'\
-F 'timestamp'='{{66666665555555}}'\

'192.168.0.64/wiki/index.php?title=Special:Undelete' | head -20

HTML output includes:

<br />
<b>Notice</b>: Undefined offset: 65 in
<b>/var/www/hosts/mediawiki/phase3/languages/Language.php</b> on line

<b>479</b><br />


Version: 1.8.x
Severity: normal

Details

Reference
bz6617

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:16 PM
bzimport set Reference to bz6617.
bzimport added a subscriber: Unknown Object (MLST).

nickpj wrote:

Forgot to add this is with "error_reporting (E_ALL);". Also user has access to
Special:Undelete.

We use WebRequest::getText to get the timestamp, it is then
used as a key in an array of messages.

Maybe we could use a getTimestamp method. Seems harmless.

nickpj wrote:

Patch to add getTimestamp() method to WebRequest, and have SpecialUndelete call that.

Also includes a minimal fix for a minor PHP notice in includes/Revision.php
that was only visible after applying the above (PHP output was "<b>Notice</b>:
Undefined property: Revision::$mTextRow in
<b>/var/www/hosts/mediawiki/phase3/includes/Revision.php</b> on line
<b>704</b><br />").

Attached:

It should just use getVal() and normalize through wfTimestamp().