Page MenuHomePhabricator

PHP undefined offset on bad input to Special:Revisiondelete
Closed, ResolvedPublic

Description

Author: nickpj

Description:
CURL example:
curl --silent --include -F 'target'='x'
'192.168.0.64/wiki/index.php?title=Special:Revisiondelete'

or as URL:
http://192.168.0.64/wiki/index.php?title=Special:Revisiondelete&target=XXXXXXXYZ

HTML output (with E_ALL errors):

<br />
<b>Notice</b>: Undefined offset: 0 in
<b>/var/www/hosts/mediawiki/phase3/includes/SpecialRevisiondelete.php</b> on
line <b>61</b><br />
<br />
<b>Notice</b>: Undefined variable: rev in
<b>/var/www/hosts/mediawiki/phase3/includes/SpecialRevisiondelete.php</b> on
line <b>94</b><br />
<br />
<b>Fatal error</b>: Call to a member function isDeleted() on a non-object in
<b>/var/www/hosts/mediawiki/phase3/includes/SpecialRevisiondelete.php</b> on

line <b>94</b><br />


Version: 1.8.x
Severity: minor

Details

Reference
bz6886

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 9:20 PM
bzimport set Reference to bz6886.
bzimport added a subscriber: Unknown Object (MLST).

wclark wrote:

These errors occur because $this->revisions is null rather than being an array.
One fix would be to add a check for null at line 60 in RevisionDeleteForm::show
in includes/SpecialRevisiondelete.php... except that I don't know if the
function should immediately return or should output some friendly message. I'll
need to configure my local mediawiki so that I can test this myself to see what
would be most appropriate.

rotemliss wrote:

Fixed in r16454.