Page MenuHomePhabricator

Pattern field is broken
Closed, DuplicatePublic


Apart from the usability issues, currently the pattern field is (justifiedly so) escaped to prevent SQL injection. However, the way it is does not allow any pattern characters in the pattern, only exact match, making the field pretty much useless.

Event Timeline

Verified on

Steps to reproduce:

  1. Find a new page title in (open a page, copy the title from the URL so that you have the underscores, for instance Wikimedia_Developer_Summit/2017/Room_Setup).
  2. Enter the title in the pattern field at and submit.

I. Observed: The page is found and selected for deletion.

  1. Repeat (2) with a truncated title and % wildcard (e.g. Wikimedia%).

II. Observed: the form is reloaded with an error message "there are no new pages in recent changes" and the field gets emptied.

Caused by 6bb05450766e2df4ea568adf377cbbd237c09b91 (T153988; which changed the field name from pattern to nuke-pattern, but did not update the caller.

Change 336357 had a related patch set uploaded (by Ladsgroup):
Update callers

Once this gets merged. I will backport it for SWAT.

I think you got the wrong bug here. This was reported for the pre-OOUI conversion.

Ladsgroup subscribed.

I don't have time to work on this. Specially, it's security-related and I'm too sloppy to handle such cases.