Page MenuHomePhabricator

[Bug] Special:NewItem does not validate maximum label length
Closed, ResolvedPublic

Description

Problem:
The NewItem special page does not do the full validation when creating a new Item. There is no length limit enforced on the label, description and aliases provided via the special page. The same limits and via the API should be enforced.

Example:

Notes:

Details

Related Gerrit Patches:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 17 2016, 11:08 AM
hoo claimed this task.Oct 4 2016, 1:15 PM

This is not a problem in the API, only in the special pages. The special pages should use ChangeOps, like the API does to apply changes to the new Entity.

hoo moved this task from Proposed to Doing on the Wikidata-Sprint-2016-09-21 board.Oct 4 2016, 9:46 PM
jeblad removed a subscriber: jeblad.Aug 25 2017, 9:42 PM
thiemowmde triaged this task as Normal priority.Feb 28 2018, 6:10 PM
thiemowmde moved this task from incoming to ready to go on the Wikidata board.
thiemowmde added a project: Technical-Debt.

This is an actual bug, still relevant.

Addshore added a subscriber: Addshore.EditedJul 3 2018, 1:17 PM

The good news is is you provide a value that is too big other things get in the way of it being saved:

eg:

[Wzt4EApEEj4AAF-B9FMAAAAB] /wiki/Special:NewItem MWContentSerializationException from line 155 of /srv/mediawiki/php-master/extensions/Wikibase/lib/includes/Store/EntityContentDataCodec.php: Content too big! Entity:

Backtrace:

#0 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Content/EntityHandler.php(398): Wikibase\Lib\Store\EntityContentDataCodec->encodeEntity(Wikibase\DataModel\Entity\Item, string)
#1 /srv/mediawiki/php-master/includes/content/AbstractContent.php(155): Wikibase\Repo\Content\EntityHandler->serializeContent(Wikibase\ItemContent, string)
#2 /srv/mediawiki/php-master/includes/api/ApiStashEdit.php(367): AbstractContent->serialize(string)
#3 /srv/mediawiki/php-master/includes/api/ApiStashEdit.php(278): ApiStashEdit::getContentHash(Wikibase\ItemContent)
#4 /srv/mediawiki/php-master/includes/Storage/DerivedPageDataUpdater.php(740): ApiStashEdit::checkCache(Title, Wikibase\ItemContent, User)
#5 /srv/mediawiki/php-master/includes/page/WikiPage.php(1938): MediaWiki\Storage\DerivedPageDataUpdater->prepareContent(User, MediaWiki\Storage\RevisionSlotsUpdate, boolean)
#6 /srv/mediawiki/php-master/extensions/SpamBlacklist/includes/SpamBlacklistHooks.php(31): WikiPage->prepareContentForEdit(Wikibase\ItemContent)
#7 /srv/mediawiki/php-master/includes/Hooks.php(174): SpamBlacklistHooks::filterMergedContent(RequestContext, Wikibase\ItemContent, Status, string, User, boolean)
#8 /srv/mediawiki/php-master/includes/Hooks.php(202): Hooks::callHook(string, array, array, NULL)
#9 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Hooks/EditFilterHookRunner.php(110): Hooks::run(string, array)
#10 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/EditEntity.php(715): Wikibase\Repo\Hooks\EditFilterHookRunner->run(Wikibase\DataModel\Entity\Item, User, string)
#11 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialWikibaseRepoPage.php(186): Wikibase\EditEntity->attemptSave(Wikibase\DataModel\Entity\Item, string, integer, string)
#12 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialNewEntity.php(162): Wikibase\Repo\Specials\SpecialWikibaseRepoPage->saveEntity(Wikibase\DataModel\Entity\Item, Wikibase\Summary, string, integer)
#13 /srv/mediawiki/php-master/includes/htmlform/HTMLForm.php(662): Closure$Wikibase\Repo\Specials\SpecialNewEntity::createForm(array, OOUIHTMLForm)
#14 /srv/mediawiki/php-master/includes/htmlform/HTMLForm.php(554): HTMLForm->trySubmit()
#15 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialNewEntity.php(105): HTMLForm->tryAuthorizedSubmit()
#16 /srv/mediawiki/php-master/includes/specialpage/SpecialPage.php(565): Wikibase\Repo\Specials\SpecialNewEntity->execute(NULL)
#17 /srv/mediawiki/php-master/includes/specialpage/SpecialPageFactory.php(569): SpecialPage->run(NULL)
#18 /srv/mediawiki/php-master/includes/MediaWiki.php(288): SpecialPageFactory::executePath(Title, RequestContext)
#19 /srv/mediawiki/php-master/includes/MediaWiki.php(867): MediaWiki->performRequest()
#20 /srv/mediawiki/php-master/includes/MediaWiki.php(524): MediaWiki->main()
#21 /srv/mediawiki/php-master/index.php(42): MediaWiki->run()
#22 /srv/mediawiki/w/index.php(3): include(string)
#23 {main}
daniel added a comment.Jul 3 2018, 1:43 PM

Isn't that validation in the ChangeOp? Or is the ChangeOp not used?

Jonas removed hoo as the assignee of this task.Jul 5 2018, 9:34 AM

Change 446302 had a related patch set uploaded (by Jonas Kress (WMDE); owner: Jonas Kress (WMDE)):
[mediawiki/extensions/Wikibase@master] Fix: Special:NewItem does not validate maximum label length

https://gerrit.wikimedia.org/r/446302

Change 446302 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] Fix: Special:NewItem does not validate maximum label length

https://gerrit.wikimedia.org/r/446302

\o/

Two things:

  • The error message currently says "Must be no more than 250 characters long". Can we make that a proper sentence? "The Label must not be more than 250 characters long."? (And the same for Alias and Description.) Or if splitting it is too hard then "The input must not be more than 250 characters long."
  • Are we really checking characters? I seem to remember something else but am not entirely sure.

Are we really checking characters? I seem to remember something else but am not entirely sure.

The StringLengthValidator responsible for these checks allows to specify if it should count bytes (strlen) or characters (mb_strlen). In the current code it counts bytes for URLs (including URL values, calendar models, globes, and units), and characters for everything else.

  • The error message currently says "Must be no more than 250 characters long". Can we make that a proper sentence? "The Label must not be more than 250 characters long."? (And the same for Alias and Description.) Or if splitting it is too hard then "The input must not be more than 250 characters long."

This is the message key used in the validator that is why it also appears in our current API and UI.

I would suggest to create a new ticket to change the message also in those other places.

I have create a follow up ticket T200780: Improve 'Must be no more than x characters long' error message, so I think this one is done and can be closed.

Lydia_Pintscher closed this task as Resolved.Jul 31 2018, 3:43 PM
Lydia_Pintscher moved this task from Test (Verification) to Done on the Wikidata-Campsite board.

\o/