2017-09-18 00:43:34 [Wb8WtgpAEKkAAHa3o@0AAABD] mw1214 zhwiki 1.30.0-wmf.18 exception ERROR: [Wb8WtgpAEKkAAHa3o@0AAABD] /w/index.php?title=File:S1940316.jpg&action=delete Wikimedia\Rdbms\DBQueryError from line 1149 of /srv/mediawiki/php-1.30.0-wmf.18/includes/libs/rdbms/database/Database.php: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: SELECT 'deleted' AS `fa_storage_group`, (CASE WHEN img_sha1 = '' THEN '' ELSE CONCAT(img_sha1,'.jpg') END) AS `fa_storage_key`,'138' AS `fa_deleted_user`,'20170918004334' AS `fa_deleted_timestamp`,0 AS `fa_deleted`,img_name AS `fa_name`,NULL AS `fa_archive_name`,img_size AS `fa_size`,img_width AS `fa_width`,img_height AS `fa_height`,img_metadata AS `fa_metadata`,img_bits AS `fa_bits`,img_media_type AS `fa_media_type`,img_major_mime AS `fa_major_mime`,img_minor_mime AS `fa_minor_mime`,img_user AS `fa_user`,img_user_text AS `fa_user_text`,img_timestamp AS `fa_timestamp`,img_sha1 AS `fa_sha1`,'[[WP:CSD#F6|F6]]: 沒有被條目使用的[[WP:合理使用|非自由版权]]檔案会在提交5日后刪除;*</strong>致管理员:根据[[Wikipedia:非自由内容使用准则|非自由内容使用准则]],请于\'\'\'2017年9月18日\'\'\'后… AS `fa_deleted_reason`,img_description AS `fa_description` FROM `image` WHERE img_name = 'S1940316.jpg' FOR UPDATE Function: LocalFileDeleteBatch::doDBInserts Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '.jpg' FOR UPDATE' at line 1 (10.64.0.206) {"exception_id":"Wb8WtgpAEKkAAHa3o@0AAABD","exception_url":"/w/index.php?title=File:S1940316.jpg&action=delete","caught_by":"mwe_handler"} [Exception Wikimedia\Rdbms\DBQueryError] (/srv/mediawiki/php-1.30.0-wmf.18/includes/libs/rdbms/database/Database.php:1149) A database query error has occurred. Did you forget to run your application's database schema updater after upgrading? Query: SELECT 'deleted' AS `fa_storage_group`, (CASE WHEN img_sha1 = '' THEN '' ELSE CONCAT(img_sha1,'.jpg') END) AS `fa_storage_key`,'138' AS `fa_deleted_user`,'20170918004334' AS `fa_deleted_timestamp`,0 AS `fa_deleted`,img_name AS `fa_name`,NULL AS `fa_archive_name`,img_size AS `fa_size`,img_width AS `fa_width`,img_height AS `fa_height`,img_metadata AS `fa_metadata`,img_bits AS `fa_bits`,img_media_type AS `fa_media_type`,img_major_mime AS `fa_major_mime`,img_minor_mime AS `fa_minor_mime`,img_user AS `fa_user`,img_user_text AS `fa_user_text`,img_timestamp AS `fa_timestamp`,img_sha1 AS `fa_sha1`,'[[WP:CSD#F6|F6]]: 沒有被條目使用的[[WP:合理使用|非自由版权]]檔案会在提交5日后刪除;*</strong>致管理员:根据[[Wikipedia:非自由内容使用准则|非自由内容使用准则]],请于\'\'\'2017年9月18日\'\'\'后… AS `fa_deleted_reason`,img_description AS `fa_description` FROM `image` WHERE img_name = 'S1940316.jpg' FOR UPDATE Function: LocalFileDeleteBatch::doDBInserts Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '.jpg' FOR UPDATE' at line 1 (10.64.0.206) #0 /srv/mediawiki/php-1.30.0-wmf.18/includes/libs/rdbms/database/Database.php(979): Wikimedia\Rdbms\Database->reportQueryError(string, integer, string, string, boolean) #1 /srv/mediawiki/php-1.30.0-wmf.18/includes/libs/rdbms/database/Database.php(1343): Wikimedia\Rdbms\Database->query(string, string) #2 /srv/mediawiki/php-1.30.0-wmf.18/includes/libs/rdbms/database/Database.php(2402): Wikimedia\Rdbms\Database->select(array, string, array, string, array, array) #3 /srv/mediawiki/php-1.30.0-wmf.18/includes/filerepo/file/LocalFile.php(2389): Wikimedia\Rdbms\Database->insertSelect(string, array, array, array, string, array, array, array) #4 /srv/mediawiki/php-1.30.0-wmf.18/includes/filerepo/file/LocalFile.php(2515): LocalFileDeleteBatch->doDBInserts() #5 /srv/mediawiki/php-1.30.0-wmf.18/includes/filerepo/file/LocalFile.php(1813): LocalFileDeleteBatch->execute() #6 /srv/mediawiki/php-1.30.0-wmf.18/includes/FileDeleteForm.php(201): LocalFile->delete(string, boolean, User) #7 /srv/mediawiki/php-1.30.0-wmf.18/includes/FileDeleteForm.php(119): FileDeleteForm::doDelete(Title, LocalFile, string, string, boolean, User) #8 /srv/mediawiki/php-1.30.0-wmf.18/includes/page/ImagePage.php(985): FileDeleteForm->execute() #9 /srv/mediawiki/php-1.30.0-wmf.18/includes/actions/DeleteAction.php(46): ImagePage->delete() #10 /srv/mediawiki/php-1.30.0-wmf.18/includes/MediaWiki.php(499): DeleteAction->show() #11 /srv/mediawiki/php-1.30.0-wmf.18/includes/MediaWiki.php(293): MediaWiki->performAction(ImagePage, Title) #12 /srv/mediawiki/php-1.30.0-wmf.18/includes/MediaWiki.php(848): MediaWiki->performRequest() #13 /srv/mediawiki/php-1.30.0-wmf.18/includes/MediaWiki.php(523): MediaWiki->main() #14 /srv/mediawiki/php-1.30.0-wmf.18/index.php(43): MediaWiki->run() #15 /srv/mediawiki/w/index.php(3): include(string) #16 {main}
Description
Related Objects
Event Timeline
@Shizhao: Please post text as text so it can be searched for. Please do not post text as images. Thanks.
Just FYI:
- 数据库错误 is Databaseerror
- 出现数据库查询错误。这可能表示软件中存在漏洞。 is Databaseerror-text
- Text in red box ([Wb8WtgpAEKkAAHa3o@0AAABD] 2017-09-18 00:43:44: 类型“Wikimedia\Rdbms\DBQueryError”的致命错误) is derived from Internalerror-fatal-exception
Problem seems to be:
if ( $this->stage <= MIGRATION_WRITE_BOTH ) { $fields[$this->key] = $this->lang->truncate( $comment->text, 255 ); }
...LocalFile already used addQuotes(), and this can remove the ending quote character.
That's not the real problem. The problem is that the different behavior of IDatabase->insertSelect()'s $varMap versus ->insert()'s $a wasn't noticed, so the code was incorrectly quoting the value passed to CommentStore->insert() (from the original pre-CommentStore code) rather than quoting the returned literal fields for passing into IDatabase->insertSelect().
@aaron Just an FYI, in future, use the "Protect as security issue" on the right hand side to make an open non security bug into a security one. Otherwise, the correct visibility isn't applied
Is T176185 related? /me don't have access...
Edit: Never mind, I found it closed as a duplicate of this one.
Well, I'd say both together at least. I merely mentioned that line since it's were the escaping breaks, not since it's necessarily incorrect itself.