Page MenuHomePhabricator

Make action=checktoken give a warning if token ends in " \" (e.g. Url encoding mistake)
Closed, ResolvedPublic

Description

I was being really stupid today, and forgot to urlencode '+' when using checktoken module. It'd be cool for people making that stupid mistake, if the api module gave a warning if the proposed token ends in a space followed by a \.


The output when done properly should look something like this:

{
    "warnings": {
        "checktoken": {
            "*": "Check that symbols such as \"+\" in the token are properly percent-encoded in the URL."
        }
    },
    "checktoken": {
        "result": "invalid"
    }
}

Event Timeline

Bawolff created this task.Dec 23 2015, 9:07 AM
Bawolff raised the priority of this task from to Needs Triage.
Bawolff updated the task description. (Show Details)
Bawolff added a subscriber: Bawolff.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 23 2015, 9:07 AM
Anomie added a subscriber: Anomie.Dec 28 2015, 2:57 PM

Somewhat more usefully, check if the proposed token ends with urldecode( User::EDIT_TOKEN_SUFFIX ) instead of hard-coding ' \'.

Anomie moved this task from Unsorted to Needs Code on the MediaWiki-API board.Dec 28 2015, 2:57 PM
somethingsea set Security to None.

Hi. I'm taking this on as my first task as a new MediaWiki developer.

@somethingsea: Welcome and thanks for working on this! If you need any help, don't hesitate to ask!

@somethingsea: How is it going? Any news here?

I would like to work on this bug? As there are no patches submitted yet, is it possible for me to assign the task to myself and submit a patch?

Anomie added a comment.Mar 8 2016, 3:07 PM

If @somethingsea doesn't reply soon, feel free to unlick the cookie by assigning it to yourself.

jayvdb removed somethingsea as the assignee of this task.May 27 2016, 6:03 PM
jayvdb added a subscriber: somethingsea.
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 27 2016, 6:03 PM
Unicornisaurous added a subscriber: Unicornisaurous.

I will mentor this in Google Code-In 2016.

Change 320072 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

Change 320072 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320072

Change 320073 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

Change 320075 had a related patch set uploaded (by Harish halo):
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

Change 320073 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320073

Change 320075 abandoned by Harish halo:
ix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320075

Change 320076 had a related patch set uploaded (by Harish halo):
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

Change 320102 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320102

Change 320103 had a related patch set uploaded (by Raspberrypy20):
Bug : T122280

https://gerrit.wikimedia.org/r/320103

Change 320076 abandoned by Harish halo:
Fix token match warning for token ending improperly

https://gerrit.wikimedia.org/r/320076

I've claimed this task on GCI.

Change 323896 had a related patch set uploaded (by Georggi199):
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

Anomie updated the task description. (Show Details)Nov 28 2016, 8:41 PM

Since this has been posted for GCI and none of the three attempts so far have come close to being correct, I added some detail to the task description as to what the output will look like if this task is done correctly.

Also, a hint: You'll want to look at the ApiBase class documentation, particularly the section for "Warning and error reporting" methods.

Change 323896 merged by jenkins-bot:
Added warning for improper ending of a token

https://gerrit.wikimedia.org/r/323896

Unicornisaurous closed this task as Resolved.Nov 30 2016, 2:47 PM