Page MenuHomePhabricator

Delete API request does not handle correctly empty "reason" param.
Closed, ResolvedPublic

Description

The API delete feature does not work like awaited with an empty "reason" parameter.
The bug is reproducible with the SVN r44509.

What I do:

  • Call the delete API function with following parameters: 'action' => 'delete', 'title' => $my_image.ext, 'token' => $my_valid_edit_token, 'format' => 'xml'

What I get:

  • the HTTP response looks like following: <?xml version="1.0"?><api><error code="internal_api_error_DBQueryError" info="Database query error">

    #0 /var/www/mirror/fr/includes/db/Database.php(591): Database-&gt;reportQueryError('Column 'log_com...', 1048, 'INSERT INTO l...', 'LogPage::saveCo...', false) #1 /var/www/mirror/fr/includes/db/Database.php(1311): Database-&gt;query('INSERT INTO l...', 'LogPage::saveCo...') #2 /var/www/mirror/fr/includes/LogPage.php(73): Database-&gt;insert('logging', Array, 'LogPage::saveCo...') #3 /var/www/mirror/fr/includes/LogPage.php(316): LogPage-&gt;saveContent() #4 /var/www/mirror/fr/includes/Article.php(2475): LogPage-&gt;addEntry('delete', Object(Title), NULL, Array) #5 /var/www/mirror/fr/includes/FileDeleteForm.php(112): Article-&gt;doDeleteArticle(NULL, false, '3') #6 /var/www/mirror/fr/includes/api/ApiDelete.php(165): FileDeleteForm::doDelete(Object(Title), Object(LocalFile), NULL, NULL, false) #7 /var/www/mirror/fr/includes/api/ApiDelete.php(76): ApiDelete::deleteFile('74b91b5b5aec710...', Object(Title), NULL, NULL, false) #8 /var/www/mirror/fr/includes/api/ApiMain.php(427): ApiDelete-&gt;execute() #9 /var/www/mirror/fr/includes/api/ApiMain.php(260): ApiMain-&gt;executeAction() #10 /var/www/mirror/fr/includes/api/ApiMain.php(244): ApiMain-&gt;executeActionWithErrorHandling() #11 /var/www/mirror/fr/api.php(77): ApiMain-&gt;execute() #12 {main}

    </error></api>
  • The image is deleted but it is impossible to restore it.

What I want:

  • No API error
  • A "restorable" image

Remarks:

  • If I give a non-empty string reason, it works like I want.
  • I suppose the code does not work correctly with an non-empty string reason and is not able to insert a log entry in the old images table or something like that, and for this reason the image is forever lost (in the DB).

Version: 1.14.x
Severity: major

Details

Reference
bz16626

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:26 PM
bzimport set Reference to bz16626.

herd wrote:

(In reply to comment #0)

  • The image is deleted but it is impossible to restore it.

Tested on test.wikipedia. The image is deleted and there is no log entry, But I am able to undelete it. -> http://test.wikipedia.org/w/index.php?title=Special:Log&page=File%3ATourist.jpg

#0 /home/wikipedia/common/php-1.5/includes/db/Database.php(591): Database->reportQueryError('Column 'log_com...', 1048, 'INSERT INTO `l...', 'LogPage::saveCo...', false)
#1 /home/wikipedia/common/php-1.5/includes/db/Database.php(1311): Database->query('INSERT INTO `l...', 'LogPage::saveCo...')
#2 /home/wikipedia/common/php-1.5/includes/LogPage.php(73): Database->insert('logging', Array, 'LogPage::saveCo...')
#3 /home/wikipedia/common/php-1.5/includes/LogPage.php(316): LogPage->saveContent()
#4 /home/wikipedia/common/php-1.5/includes/Article.php(2475): LogPage->addEntry('delete', Object(Title), NULL, Array)
#5 /home/wikipedia/common/php-1.5/includes/FileDeleteForm.php(112): Article->doDeleteArticle(NULL, false, '12057')
#6 /home/wikipedia/common/php-1.5/includes/api/ApiDelete.php(165): FileDeleteForm::doDelete(Object(Title), Object(LocalFile), NULL, NULL, false)
#7 /home/wikipedia/common/php-1.5/includes/api/ApiDelete.php(76): ApiDelete::deleteFile('eb85ee36f6b67be...', Object(Title), NULL, NULL, false)
#8 /home/wikipedia/common/php-1.5/includes/api/ApiMain.php(427): ApiDelete->execute()
#9 /home/wikipedia/common/php-1.5/includes/api/ApiMain.php(260): ApiMain->executeAction()
#10 /home/wikipedia/common/php-1.5/includes/api/ApiMain.php(244): ApiMain->executeActionWithErrorHandling()
#11 /home/wikipedia/common/php-1.5/api.php(77): ApiMain->execute()
#12 /usr/local/apache/common-local/live-1.5/api.php(3): require('/home/wikipedia...')
#13 {main}

matthew.britton wrote:

If files can be deleted without leaving a log entry, then this is a serious problem. An administrator with bad intentions could delete a large number of files without anyone knowing it was them.