Page MenuHomePhabricator
Create Task
Maniphest T71453

TimedMediaHandler making bad action=raw requests
Closed, ResolvedPublic
Actions

Description

In the CentralAuth bug 39996 debug logs we're seeing requests coming through with $_SERVER['REQUEST_URI'] set to /wiki/:South+Africa+National+Anthem.ogg.af.srt?action=raw&ctype=text/x-srt

Problems here:

  1. Namespace is missing
  2. Using + instead of _
  3. Passing ctype=text/x-srt doesn't work. RawAction has a whitelist and converts it to text/x-wiki AFAIS
  4. Visiting that URL in my browser throws a "Invalid file extension found in the path info or query string." Even with proper namespace (https://commons.wikimedia.org/wiki/TimedText:South_Africa_National_Anthem.ogg.af.srt?action=raw&ctype=text/x-srt), I still see the same error.

Version: unspecified
Severity: major
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=39996

Details

Reference
bz69453
SubjectRepoBranchLines +/-
Rewrite discovery of TimedText tracksmediawiki/extensions/TimedMediaHandlermaster+176 -143
Rewrite discovery of TimedText tracksmediawiki/extensions/TimedMediaHandlermaster+177 -143
Rewrite discovery of TimedText tracksmediawiki/extensions/TimedMediaHandlermaster+166 -142
Customize query in gerrit

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 3:42 AM
bzimport added a project: TimedMediaHandler.
bzimport set Reference to bz69453.
bzimport added a subscriber: Unknown Object (MLST).
Legoktm created this task.Aug 13 2014, 1:32 AM
gerritbot added a comment.Aug 14 2014, 8:58 PM

Change 154144 had a related patch set uploaded by Brian Wolff:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154144

Bawolff added a comment.Aug 14 2014, 9:06 PM

(In reply to Gerrit Notification Bot from comment #1)

Change 154144 had a related patch set uploaded by Brian Wolff:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154144

That only covers the bad encoding, not the wrong namespace.

Wrong namespace appears to be because TMH tries to override the api with a different DB object (which is super insane), but the api still works with the local instances namespace list, so TimedText is getting translated to whatever namespace 102 is on the local wiki. On mw.org it uses the extension namespace (!)

gerritbot added a comment.Aug 14 2014, 9:14 PM

Change 154144 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154144

gerritbot added a comment.Aug 14 2014, 9:17 PM

Change 154150 had a related patch set uploaded by Legoktm:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154150

gerritbot added a comment.Aug 14 2014, 9:17 PM

Change 154151 had a related patch set uploaded by Legoktm:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154151

gerritbot added a comment.Aug 14 2014, 11:35 PM

Change 154151 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154151

gerritbot added a comment.Aug 14 2014, 11:35 PM

Change 154150 merged by jenkins-bot:
Fix horribly broken way TMH was generating <track> urls

https://gerrit.wikimedia.org/r/154150

Legoktm added a comment.Aug 15 2014, 12:28 AM

First part was backported, so the action=raw requests with bad namespaces now return 404s instead of 403s, which means MediaWiki should at least clean up any unfinished transactions.

Legoktm added a comment.Sep 5 2014, 1:01 PM

I looked at the logs again today, and there's at least one new broken account since bawolff's patch was deployed.

The log entries we have for it are:

centralauth-bug39996.log-20140827.gz:[ts] mw1164 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.en.srt?action=raw&ctype=text/x-srt
centralauth-bug39996.log-20140827.gz:[ts] mw1208 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /w/api.php?callback=jQuery1111[...]&action=parse&page=TimedText%3ACiting_sources_tutorial%2C_part_1.ogv.en.srt&smaxage=3600&maxage=3600&format=json&_=[some number]
centralauth-bug39996.log-20140827.gz:[ts] mw1149 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.zh-hant.srt?action=raw&ctype=text/x-srt
centralauth-bug39996.log-20140827.gz:[ts] mw1097 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /wiki/:Citing+sources+tutorial,+part+1.ogv.or.srt?action=raw&ctype=text/x-srt

I removed the timestamps, but they were all the exact same second.

Gilles added a project: Multimedia.Nov 24 2014, 3:21 PM
Aklapper subscribed.Mar 9 2015, 2:27 PM

Is this still a problem, and still high priority?

Legoktm lowered the priority of this task from High to Medium.Mar 9 2015, 7:10 PM

The requests are now less broken, and no longer causing CentralAuth issues AFAIS, so lowering priority.

mw1075 commonswiki: CentralAuthHooks::attemptAddUser: creating new user (USERNAME) - from: /w/index.php?title=:Candidate%27s+song+take+2.ogg.en.srt&action=raw&ctype=text%2Fx-srt
Jdforrester-WMF moved this task from Untriaged to Backlog on the Multimedia board.Sep 4 2015, 6:35 PM
Restricted Application added a subscriber: Matanya. · View Herald TranscriptSep 4 2015, 6:35 PM
Jdforrester-WMF removed a project: Multimedia.Sep 21 2015, 4:01 PM
brion moved this task from To sort to TimedText on the TimedMediaHandler board.Oct 23 2015, 9:25 PM
TheDJ added a project: TimedMediaHandler-TimedText.Oct 26 2015, 8:35 PM
TheDJ added a subtask: T122737: Broken URL for track element on remote repositories.May 21 2016, 12:02 AM
gerritbot subscribed.May 21 2016, 12:07 AM

Change 289976 had a related patch set uploaded (by TheDJ):
[WIP] Rewrite discovery of TimedText tracks

https://gerrit.wikimedia.org/r/289976

gerritbot added a project: Patch-For-Review.May 21 2016, 12:07 AM
TheDJ moved this task from TimedText to Doing on the TimedMediaHandler board.May 23 2016, 7:41 PM
gerritbot added a comment.Oct 3 2016, 6:55 PM

Change 289976 merged by jenkins-bot:
Rewrite discovery of TimedText tracks

https://gerrit.wikimedia.org/r/289976

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-10-04_(1.28.0-wmf.21)).Oct 3 2016, 7:00 PM
gerritbot added a comment.Oct 9 2016, 11:03 AM

Change 314856 had a related patch set uploaded (by Paladox):
Rewrite discovery of TimedText tracks

https://gerrit.wikimedia.org/r/314856

gerritbot added a comment.Oct 9 2016, 3:51 PM

Change 314862 had a related patch set uploaded (by Brion VIBBER):
WIP: Rewrite discovery of TimedText tracks

https://gerrit.wikimedia.org/r/314862

gerritbot added a comment.Oct 9 2016, 4:30 PM

Change 314862 merged by jenkins-bot:
Rewrite discovery of TimedText tracks

https://gerrit.wikimedia.org/r/314862

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-10-11_(1.28.0-wmf.22)).Oct 9 2016, 5:00 PM
gerritbot added a comment.Oct 9 2016, 7:26 PM

Change 314856 abandoned by Reedy:
Rewrite discovery of TimedText tracks

Reason:
https://gerrit.wikimedia.org/r/#/c/314862/

https://gerrit.wikimedia.org/r/314856

TheDJ closed this task as Resolved.Oct 14 2016, 7:21 PM
TheDJ claimed this task.
TheDJ moved this task from Doing to Done on the TimedMediaHandler board.
TheDJ removed a project: Patch-For-Review.
TheDJ subscribed.

Well at least the urls have the right namespace now, but we still have a CORS issue, but see T122737 for that.

TheDJ closed subtask T122737: Broken URL for track element on remote repositories as Resolved.Oct 21 2016, 12:10 PM
Aklapper removed projects: MW-1.28-release (WMF-deploy-2016-10-11_(1.28.0-wmf.22)), TimedMediaHandler.Nov 7 2019, 4:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL