Page MenuHomePhabricator

Local block of 114.93.135.192 not expiring on betawikiversity
Closed, ResolvedPublic

Description

https://beta.wikiversity.org/wiki/Special:Contributions/114.93.135.192 says:

12:02, 19 February 2016 Crochet.david (talk | contribs) blocked 114.93.135.192 (talk) with an expiry time of 3 days (anonymous users only, account creation disabled)
10:23, 1 March 2016: MarcoAurelio (meta.wikimedia.org) globally blocked 114.93.135.192 (expires on 2 March 2016 at 17:23, anonymous only) (Cross-wiki vandalism)

3 days should have expired on Feb 22nd.

mysql:wikiadmin@db1044 [betawikiversity]> select ipb_id, ipb_expiry, ipb_by_text from ipblocks where ipb_address ="114.93.135.192";
+--------+----------------+---------------+
| ipb_id | ipb_expiry     | ipb_by_text   |
+--------+----------------+---------------+
|   3059 | 20160302104208 | Crochet.david |
|   3061 | 20160302104208 | MarcoAurelio  |
+--------+----------------+---------------+
2 rows in set (0.00 sec)

Block 3061 is an autoblock, but somehow 3059 was never purged from the database, and the expiry timestamp was updated to the expirty of 3061??

Event Timeline

Restricted Application changed the visibility from "Custom Policy" to "Custom Policy". · View Herald TranscriptMar 1 2016, 5:29 PM
Restricted Application changed the edit policy from "All Users" to "Custom Policy". · View Herald Transcript

Seems more likely that Block::updateTimestamp() did it. Which does assume that nothing happened to call Block::purgeExpired() on that wiki since Feb 22; callers are ApiQueryBlocks and 10% of calls to Block::insert().

csteipp triaged this task as High priority.Mar 8 2016, 10:18 PM

Is there anything more to do on this bug now that T128695 is fixed? I suppose we could remove expired blocks more often, but im not sure I see the point since the system must be designed to work in the face of expired blocks (unless we want to remove them on every request).

Don't think so, we should probably get T128695 backported into the security release?

Don't think so, we should probably get T128695 backported into the security release?

Has that been done?

Don't think so, we should probably get T128695 backported into the security release?

Has that been done?

No, it doesn't look like that was backported as part of the last security release. I will add it to the next.

Reedy changed the visibility from "Custom Policy" to "All Users".
Reedy changed the edit policy from "Custom Policy" to "All Users".
Reedy changed Security from Software security bug to None.Nov 1 2016, 9:30 PM
Reedy removed a project: acl*security.
Aklapper changed the visibility from "All Users" to "Public (No Login Required)".Nov 1 2016, 9:31 PM
Reedy assigned this task to demon.
Reedy added a subscriber: Reedy.

Was released in 1.26.4 and 1.23.15, Chad did the backports!