0001-SECURITY-Don-t-use-messages-in-WikiPageConfig-error-.patch
Tgr (Gergő Tisza)
Actions

Authored By

	Tgr
	Jul 19 2022, 5:56 AM

Size

1 KB

Referenced Files

None

Subscribers

None

0001-SECURITY-Don-t-use-messages-in-WikiPageConfig-error-.patch
View Options

	From addfa71d665b928a924abccb5fd87711710dd93f Mon Sep 17 00:00:00 2001
	From: =?UTF-8?q?Gerg=C5=91=20Tisza?= <tgr.huwiki@gmail.com>
	Date: Mon, 18 Jul 2022 20:32:27 -0700
	Subject: [PATCH] [SECURITY] Don't use messages in WikiPageConfig error handler

	Avoid use of i18n message parsing in error logging. It's hard to
	control when configuration loading happens, it might be invoked
	early in the request lifecycle when some needed dependencies are
	not set up yet.

	Bug: T313205
	Change-Id: I9b3766a71ee403b3a72c8af995e70c3017abe12e
	---
	includes/Config/WikiPageConfig.php \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git includes/Config/WikiPageConfig.php includes/Config/WikiPageConfig.php
	index 0e041cd8..fa3a5131 100644
	--- includes/Config/WikiPageConfig.php
	+++ includes/Config/WikiPageConfig.php
	@@ -97,7 +97,7 @@ class WikiPageConfig implements Config, IDBAccessObject {
	$this->logger->error(
	__METHOD__ . ' failed to load config from wiki: {error}',
	[
	- 'error' => \Status::wrap( $res )->getWikiText( false, false, 'en' ),
	+ 'error' => (string)$res,
	'impact' => 'Config stored in MediaWiki:GrowthExperimentsConfig.json ' .
	'is ignored, using sane fallbacks instead'
	]
	--
	2.25.1

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 9588022
Default Alt Text: 0001-SECURITY-Don-t-use-messages-in-WikiPageConfig-error-.patch (1 KB)