Page MenuHomePhabricator
Create Task
Maniphest T122280

Make action=checktoken give a warning if token ends in " \" (e.g. Url encoding mistake)
Closed, ResolvedPublic
Actions

Description

I was being really stupid today, and forgot to urlencode '+' when using checktoken module. It'd be cool for people making that stupid mistake, if the api module gave a warning if the proposed token ends in a space followed by a \.

The output when done properly should look something like this:

{
    "warnings": {
        "checktoken": {
            "*": "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL."
        }
    },
    "checktoken": {
        "result": "invalid"
    }
}

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+10 -1Added warning for improper ending of a token
mediawiki/coremaster+1 -1Fix token match warning for token ending improperly
mediawiki/coremaster+3 -1Fix token match warning for token ending improperly
mediawiki/coremaster+1 -1ix token match warning for token ending improperly
mediawiki/coremaster+1 -0Fix token match warning for token ending improperly
Customize query in gerrit

Related Objects

Event Timeline

Bawolff created this task.Dec 23 2015, 9:07 AM
Bawolff raised the priority of this task from to Needs Triage.
Bawolff updated the task description. (Show Details)
Bawolff added projects: MediaWiki-API, good first task.
Bawolff added a subscriber: Bawolff.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 23 2015, 9:07 AM
Anomie added a subscriber: Anomie.Dec 28 2015, 2:57 PM

Somewhat more usefully, check if the proposed token ends with urldecode( User::EDIT_TOKEN_SUFFIX ) instead of hard-coding ' \'.

Anomie moved this task from Unsorted to Needs Code on the MediaWiki-API board.Dec 28 2015, 2:57 PM
Iseewhatyoudidthere added a subscriber: Iseewhatyoudidthere.Dec 31 2015, 11:13 PM
somethingsea claimed this task.Jan 5 2016, 10:12 PM
somethingsea set Security to None.
somethingsea added a comment.Jan 5 2016, 10:14 PM

Hi. I'm taking this on as my first task as a new MediaWiki developer.

Aklapper added a comment.Jan 7 2016, 5:10 PM

@somethingsea: Welcome and thanks for working on this! If you need any help, don't hesitate to ask!

Aklapper added a comment.Feb 16 2016, 3:18 PM

@somethingsea: How is it going? Any news here?

Haritha28 added a subscriber: Haritha28.Mar 8 2016, 1:10 PM

I would like to work on this bug? As there are no patches submitted yet, is it possible for me to assign the task to myself and submit a patch?

Anomie added a comment.Mar 8 2016, 3:07 PM

If @somethingsea doesn't reply soon, feel free to unlick the cookie by assigning it to yourself.

jayvdb removed somethingsea as the assignee of this task.May 27 2016, 6:03 PM
jayvdb added a subscriber: somethingsea.
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 27 2016, 6:03 PM
Unicornisaurous added a project: Google-Code-In-2016.Nov 1 2016, 11:56 PM
Unicornisaurous added a subscriber: Unicornisaurous.

I will mentor this in Google Code-In 2016.

Georggi199 added a subscriber: Georggi199.Nov 2 2016, 7:03 AM
TameeshB added a subscriber: TameeshB.Nov 2 2016, 4:59 PM
haloxwiz added a subscriber: haloxwiz.Nov 6 2016, 2:34 AM
gerritbot added a subscriber: gerritbot.Nov 6 2016, 4:37 AM

Change 320072 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

gerritbot added a project: Patch-For-Review.Nov 6 2016, 4:37 AM
gerritbot added a comment.Nov 6 2016, 4:49 AM

Change 320072 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

gerritbot added a comment.Nov 6 2016, 4:54 AM

Change 320073 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

gerritbot added a comment.Nov 6 2016, 5:00 AM

Change 320075 had a related patch set uploaded (by Harish halo):
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

gerritbot added a comment.Nov 6 2016, 5:00 AM

Change 320073 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

gerritbot added a comment.Nov 6 2016, 5:03 AM

Change 320075 abandoned by Harish halo:
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

gerritbot added a comment.Nov 6 2016, 5:04 AM

Change 320076 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

gerritbot added a comment.Nov 6 2016, 4:35 PM

Change 320102 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320102

gerritbot added a comment.Nov 6 2016, 4:58 PM

Change 320103 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320103

gerritbot added a comment.Nov 7 2016, 5:11 AM

Change 320076 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

Raspberrypy mentioned this in T148123: Create a notification-based reminder system.Nov 7 2016, 7:15 AM
Unicornisaurous moved this task from Proposed tasks to Imported in GCI Site on the Google-Code-In-2016 board.Nov 26 2016, 8:18 PM
Aklapper removed a project: Patch-For-Review.Nov 27 2016, 11:42 PM
Georggi199 claimed this task.Nov 28 2016, 6:27 PM

I've claimed this task on GCI.

gerritbot added a comment.Nov 28 2016, 8:24 PM

Change 323896 had a related patch set uploaded (by Georggi199):
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

gerritbot added a project: Patch-For-Review.Nov 28 2016, 8:24 PM
Anomie updated the task description. (Show Details)Nov 28 2016, 8:41 PM

Since this has been posted for GCI and none of the three attempts so far have come close to being correct, I added some detail to the task description as to what the output will look like if this task is done correctly.

Anomie added a comment.Nov 28 2016, 8:47 PM

Also, a hint: You'll want to look at the ApiBase class documentation, particularly the section for "Warning and error reporting" methods.

gerritbot added a comment.Nov 30 2016, 2:43 PM

Change 323896 merged by jenkins-bot:
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

Unicornisaurous closed this task as Resolved.Nov 30 2016, 2:47 PM
ReleaseTaggerBot added projects: MW-1.29-release-notes, MW-1.29-release (WMF-deploy-2016-12-06_(1.29.0-wmf.5)).Nov 30 2016, 3:00 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL