Page MenuHomePhabricator

PHP fatal error about undefined method when I view a certain page
Closed, ResolvedPublic

Description

http://meta.wikimedia.beta.wmflabs.org/wiki/Special:OAuthManageConsumers/proposed/1a31f6085491372db93394ed6cbff4c4
Call to undefined method Message::toJson()

frontend/specialpages/SpecialMWOAuthManageConsumers.php:                                        'default' => $cmr->get( 'restrictions' )->toJson( true ),

But MWOAuthDAOAccessControl::get can return a Message instead of MWRestrictions (?) in case of access failure
See details in T125938

Event Timeline

Krenair raised the priority of this task from to Needs Triage.
Krenair updated the task description. (Show Details)
Krenair added a subscriber: Krenair.
Halfak added a subscriber: Halfak.

Full error message is Fatal error: Call to undefined method Message::toJson() in /srv/mediawiki/php-1.27.0-wmf.12/extensions/OAuth/frontend/specialpages/SpecialMWOAuthManageConsumers.php on line 337 (and there is no stack trace - @bd808 did something in fatal logging break?)

This is apparently by design - if the user does not have permission, the DAO object returns a message. The idea would be that the user just sees a "this field is private" message without the higher-level code having to worry about access control, but the DAO framework also allows non-string return types via MWOAuthDAO::decodeRow and the two features don't go well together.

Did some grepping and SpecialMWOAuthManageConsumers.php#337 seems to be the only place that can trigger errors currently. Only grants and restrictions are decoded into an object, grants are always visible to a user that passed the special page's own permission check, and this is the only place where restrictions are queried from a consumer wrapped in MWOAuthDAOAccessControl, so it's easy to add a check there. That said, this is a problem with the design and it will be easy to introduce similar bugs in the future.

Change 268859 had a related patch set uploaded (by Gergő Tisza):
Handle error message in SpecialMWOAuthManageConsumers

https://gerrit.wikimedia.org/r/268859

Change 268860 had a related patch set uploaded (by Gergő Tisza):
Fix rights in oauth role

https://gerrit.wikimedia.org/r/268860

Change 268859 merged by jenkins-bot:
Handle error message in SpecialMWOAuthManageConsumers

https://gerrit.wikimedia.org/r/268859

Krenair assigned this task to Tgr.

Change 268860 merged by jenkins-bot:
Fix rights in oauth role

https://gerrit.wikimedia.org/r/268860

Change 269333 had a related patch set uploaded (by Gergő Tisza):
Handle error message in SpecialMWOAuthManageConsumers

https://gerrit.wikimedia.org/r/269333

Change 269333 merged by jenkins-bot:
Handle error message in SpecialMWOAuthManageConsumers

https://gerrit.wikimedia.org/r/269333