Make action=checktoken give a warning if token ends in " \" (e.g. Url encoding mistake)
Closed, ResolvedPublic
Actions

Description

I was being really stupid today, and forgot to urlencode '+' when using checktoken module. It'd be cool for people making that stupid mistake, if the api module gave a warning if the proposed token ends in a space followed by a \.

The output when done properly should look something like this:

{
    "warnings": {
        "checktoken": {
            "*": "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL."
        }
    },
    "checktoken": {
        "result": "invalid"
    }
}

Details

Related Gerrit Patches:

mediawiki/core : master	Added warning for improper ending of a token
mediawiki/core : master	Fix token match warning for token ending improperly
mediawiki/core : master	Fix token match warning for token ending improperly
mediawiki/core : master	ix token match warning for token ending improperly
mediawiki/core : master	Fix token match warning for token ending improperly

Related Objects

Mentioned In: T148123: Create a notification-based reminder system

Event Timeline

Bawolff created this task.Dec 23 2015, 9:07 AM

Bawolff raised the priority of this task from to Needs Triage.

Bawolff updated the task description. (Show Details)

Bawolff added projects: MediaWiki-API, good first task.

Bawolff added a subscriber: Bawolff.

Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 23 2015, 9:07 AM

Somewhat more usefully, check if the proposed token ends with urldecode( User::EDIT_TOKEN_SUFFIX ) instead of hard-coding ' \'.

Anomie moved this task from Unsorted to Needs Code on the MediaWiki-API board.Dec 28 2015, 2:57 PM

Iseewhatyoudidthere added a subscriber: Iseewhatyoudidthere.Dec 31 2015, 11:13 PM

somethingsea claimed this task.Jan 5 2016, 10:12 PM

somethingsea set Security to None.

Hi. I'm taking this on as my first task as a new MediaWiki developer.

@somethingsea: Welcome and thanks for working on this! If you need any help, don't hesitate to ask!

@somethingsea: How is it going? Any news here?

I would like to work on this bug? As there are no patches submitted yet, is it possible for me to assign the task to myself and submit a patch?

If @somethingsea doesn't reply soon, feel free to unlick the cookie by assigning it to yourself.

jayvdb removed somethingsea as the assignee of this task.May 27 2016, 6:03 PM

jayvdb added a subscriber: somethingsea.

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 27 2016, 6:03 PM

I will mentor this in Google Code-In 2016.

Georggi199 added a subscriber: Georggi199.Nov 2 2016, 7:03 AM

TameeshB added a subscriber: TameeshB.Nov 2 2016, 4:59 PM

haloxwiz added a subscriber: haloxwiz.Nov 6 2016, 2:34 AM

Change 320072 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

gerritbot added a project: Patch-For-Review.Nov 6 2016, 4:37 AM

Change 320072 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

Change 320073 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

Change 320075 had a related patch set uploaded (by Harish halo):
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

Change 320073 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

Change 320075 abandoned by Harish halo:
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

Change 320076 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

Change 320102 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320102

Change 320103 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320103

Change 320076 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

Raspberrypy mentioned this in T148123: Create a notification-based reminder system.Nov 7 2016, 7:15 AM

Unicornisaurous moved this task from Proposed tasks to Imported in GCI Site on the Google-Code-In-2016 board.Nov 26 2016, 8:18 PM

Aklapper removed a project: Patch-For-Review.Nov 27 2016, 11:42 PM

I've claimed this task on GCI.

Change 323896 had a related patch set uploaded (by Georggi199):
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

gerritbot added a project: Patch-For-Review.Nov 28 2016, 8:24 PM

Since this has been posted for GCI and none of the three attempts so far have come close to being correct, I added some detail to the task description as to what the output will look like if this task is done correctly.

Also, a hint: You'll want to look at the ApiBase class documentation, particularly the section for "Warning and error reporting" methods.

Change 323896 merged by jenkins-bot:
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

Unicornisaurous closed this task as Resolved.Nov 30 2016, 2:47 PM

ReleaseTaggerBot added projects: MW-1.29-release-notes, MW-1.29-release (WMF-deploy-2016-12-06_(1.29.0-wmf.5)).Nov 30 2016, 3:00 PM

Make action=checktoken give a warning if token ends in " \" (e.g. Url encoding mistake)Closed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Make action=checktoken give a warning if token ends in " \" (e.g. Url encoding mistake)
Closed, ResolvedPublic
Actions