| thiemowmde | |
| Sep 17 2016, 11:08 AM |
| F24332368: image.png | |
| Jul 30 2018, 9:13 AM |
Problem:
The NewItem special page does not do the full validation when creating a new Item. There is no length limit enforced on the label, description and aliases provided via the special page. The same limits and via the API should be enforced.
Example:
Notes:
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Fix: Special:NewItem does not validate maximum label length | mediawiki/extensions/Wikibase | master | +124 -4 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T96040 Wikibase special pages (tracking) | |||
| Resolved | • Jonas | T145932 [Bug] Special:NewItem does not validate maximum label length | |||
| Open | None | T70165 [Task] Special:CreateItem should use changeops |
This is not a problem in the API, only in the special pages. The special pages should use ChangeOps, like the API does to apply changes to the new Entity.
The good news is is you provide a value that is too big other things get in the way of it being saved:
eg:
[Wzt4EApEEj4AAF-B9FMAAAAB] /wiki/Special:NewItem MWContentSerializationException from line 155 of /srv/mediawiki/php-master/extensions/Wikibase/lib/includes/Store/EntityContentDataCodec.php: Content too big! Entity:
Backtrace:
#0 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Content/EntityHandler.php(398): Wikibase\Lib\Store\EntityContentDataCodec->encodeEntity(Wikibase\DataModel\Entity\Item, string)
#1 /srv/mediawiki/php-master/includes/content/AbstractContent.php(155): Wikibase\Repo\Content\EntityHandler->serializeContent(Wikibase\ItemContent, string)
#2 /srv/mediawiki/php-master/includes/api/ApiStashEdit.php(367): AbstractContent->serialize(string)
#3 /srv/mediawiki/php-master/includes/api/ApiStashEdit.php(278): ApiStashEdit::getContentHash(Wikibase\ItemContent)
#4 /srv/mediawiki/php-master/includes/Storage/DerivedPageDataUpdater.php(740): ApiStashEdit::checkCache(Title, Wikibase\ItemContent, User)
#5 /srv/mediawiki/php-master/includes/page/WikiPage.php(1938): MediaWiki\Storage\DerivedPageDataUpdater->prepareContent(User, MediaWiki\Storage\RevisionSlotsUpdate, boolean)
#6 /srv/mediawiki/php-master/extensions/SpamBlacklist/includes/SpamBlacklistHooks.php(31): WikiPage->prepareContentForEdit(Wikibase\ItemContent)
#7 /srv/mediawiki/php-master/includes/Hooks.php(174): SpamBlacklistHooks::filterMergedContent(RequestContext, Wikibase\ItemContent, Status, string, User, boolean)
#8 /srv/mediawiki/php-master/includes/Hooks.php(202): Hooks::callHook(string, array, array, NULL)
#9 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Hooks/EditFilterHookRunner.php(110): Hooks::run(string, array)
#10 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/EditEntity.php(715): Wikibase\Repo\Hooks\EditFilterHookRunner->run(Wikibase\DataModel\Entity\Item, User, string)
#11 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialWikibaseRepoPage.php(186): Wikibase\EditEntity->attemptSave(Wikibase\DataModel\Entity\Item, string, integer, string)
#12 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialNewEntity.php(162): Wikibase\Repo\Specials\SpecialWikibaseRepoPage->saveEntity(Wikibase\DataModel\Entity\Item, Wikibase\Summary, string, integer)
#13 /srv/mediawiki/php-master/includes/htmlform/HTMLForm.php(662): Closure$Wikibase\Repo\Specials\SpecialNewEntity::createForm(array, OOUIHTMLForm)
#14 /srv/mediawiki/php-master/includes/htmlform/HTMLForm.php(554): HTMLForm->trySubmit()
#15 /srv/mediawiki/php-master/extensions/Wikibase/repo/includes/Specials/SpecialNewEntity.php(105): HTMLForm->tryAuthorizedSubmit()
#16 /srv/mediawiki/php-master/includes/specialpage/SpecialPage.php(565): Wikibase\Repo\Specials\SpecialNewEntity->execute(NULL)
#17 /srv/mediawiki/php-master/includes/specialpage/SpecialPageFactory.php(569): SpecialPage->run(NULL)
#18 /srv/mediawiki/php-master/includes/MediaWiki.php(288): SpecialPageFactory::executePath(Title, RequestContext)
#19 /srv/mediawiki/php-master/includes/MediaWiki.php(867): MediaWiki->performRequest()
#20 /srv/mediawiki/php-master/includes/MediaWiki.php(524): MediaWiki->main()
#21 /srv/mediawiki/php-master/index.php(42): MediaWiki->run()
#22 /srv/mediawiki/w/index.php(3): include(string)
#23 {main}Change 446302 had a related patch set uploaded (by Jonas Kress (WMDE); owner: Jonas Kress (WMDE)):
[mediawiki/extensions/Wikibase@master] Fix: Special:NewItem does not validate maximum label length
Change 446302 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] Fix: Special:NewItem does not validate maximum label length
\o/
Two things:
Are we really checking characters? I seem to remember something else but am not entirely sure.
The StringLengthValidator responsible for these checks allows to specify if it should count bytes (strlen) or characters (mb_strlen). In the current code it counts bytes for URLs (including URL values, calendar models, globes, and units), and characters for everything else.
This is the message key used in the validator that is why it also appears in our current API and UI.
I would suggest to create a new ticket to change the message also in those other places.
I have create a follow up ticket T200780: Improve 'Must be no more than x characters long' error message, so I think this one is done and can be closed.