Page MenuHomePhabricator

Unexpected newlines in edit summaries
Closed, DeclinedPublic

Description

Consider this revision on the enwiki_p database:

>>> db = cymysql.connect(**utils.connect_info("enwiki"))
>>> db
<cymysql.connections.Connection object at 0x7fa1e1e4b890>
>>> cur = db.cursor()
>>> cur.execute("SELECT rev_comment FROM revision_userindex WHERE rev_id=295881352")
>>> list(cur)
[(b'{{logo fur\n<!-- REQUIRED -->\n|Article=Little Red Wagon Foundation\n|Use=Org\n<!-- HIGHLY RECOMMENDED -->\n|Source=http://zachtracker.com/communities/0/004/006/980/080/images/4525432850.jpg\n<!-- OVERRIDE FIELDS -->\n|Description=Logo of [[Little Red Wagon Foun',)]

For some reason it renders fine here, though.
Either way, newlines should not be allowed in edit summaries.

Event Timeline

Sigma created this task.Jul 19 2015, 6:46 AM
Sigma raised the priority of this task from to Needs Triage.
Sigma updated the task description. (Show Details)
Sigma added a subscriber: Sigma.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 19 2015, 6:46 AM
Sigma added a comment.Jul 19 2015, 6:47 AM

I'd also prefer if I could do the actual fixing-the-code part myself, if this even needs fixing.

Glaisher updated the task description. (Show Details)Jul 19 2015, 6:54 AM
Glaisher set Security to None.

For some reason it renders fine here, though.

See Linker::formatComment


I'm not sure if this actually needs fixing, but if it does, it should probably be changed in ContentHandler::getAutosummary

Which problem(s) do newlines in edit summaries create?

Legoktm triaged this task as Normal priority.Jul 19 2015, 2:55 PM
Legoktm added a subscriber: Legoktm.

Which problem(s) do newlines in edit summaries create?

Inconsistent storage in the database I guess. Consumers shouldn't need to escape newlines, we should just do that in the database.

Which problem(s) do newlines in edit summaries create?

Inconsistent storage in the database I guess. Consumers shouldn't need to escape newlines, we should just do that in the database.

Should consumers need to escape [[Category:Foo]]? Edit summaries are arbitrary user input and have to be escaped regardless. \n is just another character and the database seems to have no issue storing it. I'm not sure stripping it really solves a problem, especially as HTML and wikitext typically render newlines as spaces anyway.

matmarex closed this task as Declined.Dec 16 2016, 4:13 PM
matmarex added a subscriber: matmarex.

It is possible to have newlines in edit summaries in at least two legitimate ways: for edits via API and for uploads via Special:Upload. Even if we disallowed it for new edits, they would still exist in the old ones, and any tools would still have to be able to handle them. So I'm declining this.

matmarex renamed this task from Newlines in edit summaries to Unexpected newlines in edit summaries.Dec 16 2016, 4:13 PM