Page MenuHomePhabricator

Cannot edit subpages on third-party wiki, probably due to percent-encoding of URIs
Open, NormalPublic

Description

User:Prh47bridge reports at https://www.mediawiki.org/wiki/Topic:Ufpmahlnfqo7jgbw that it is not possible to edit subpages at their wiki. URLs containing Page%2FSubpage and Page/Subpage seem to be treated differently (and neither of them seem to be entirely correct).

There is much more information, including potentially useful information from logs, in the origianl post at mw.org.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 9 2018, 4:45 PM
mobrovac triaged this task as Normal priority.Aug 9 2018, 5:26 PM
mobrovac added a project: Services (next).
mobrovac added a subscriber: mobrovac.

The symptoms described by the user seems to suggest there is a problem in the Apache config of the site. Asked them to paste their configs here.

Apache config is below. I've taken out a few directory names but left the name of my site. Looking at it, I'm wondering if the problem is the order of the directives. Note that adding nocanon to ProxyPass was an attempt to fix the problem. It doesn't seem to have made any difference.

DocumentRoot /.../festipedia
ServerName www.festipedia.org.uk
ServerAlias *.festipedia.org.uk festipedia.org.uk festipedia.uk *.festipedia.uk

Alias /awstatsclasses/ /usr/share/java/awstats/
Alias /awstats-icon/ /usr/share/awstats/icon/
ScriptAlias /awstats/ /usr/lib/cgi-bin/

Alias /cacti "/usr/share/cacti/site"

Alias /wiki "/.../festipedia/w/index.php"

  1. This is to permit URL access to stuff needed for awstats.

<Directory /usr/share/awstats/icon>
Options None
AllowOverride None
Require all granted
</Directory>

<Directory /usr/share/java/awstats>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>

And the same again for Cacti

<Directory "/usr/share/cacti/site">
Options None
AllowOverride None
Require all granted
</Directory>

<Directory "/.../festipedia">
Require all granted

RewriteEngine On
RewriteBase /

SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

Redirect / to Main Page

RewriteRule ^/*$ %{DOCUMENT_ROOT}/w/index.php [L]

require non-empty HOST header

RewriteCond %{HTTP_HOST} !^$

require case-insensitive HOST to be www.festipedia.org.uk

RewriteCond %{HTTP_HOST} !^www.festipedia.org.uk$ [NC]

301 redirect everything to correct www.festipedia.org.uk

RewriteRule ^(.*)$ https://www.festipedia.org.uk/$1 [R=301,L]

Redirect /statistics to /awstats/awstats.pl

RewriteRule ^statistics/?$ https://www.festipedia.org.uk/awstats/awstats.pl [R=301,L]
</Directory>

<Directory "/home/frheritage/www/festipedia/images">

Plug an XSS vulnerability for old IE clients

RewriteCond %{QUERY_STRING} \.[^\\/:*?\x22<>|%]+(#|\?|$) [nocase]
RewriteRule . - [forbidden]
</Directory>

Expose the REST API at /api/rest_v1

ProxyPass /api/rest_v1/ http://localhost:7231/www.festipedia.org.uk/v1/ nocanon

CustomLog /var/log/apache2/festipedia.access.log "combined"
LogLevel emerg

SSLEngine on
SSLProtocol all
SSLCertificateFile /.../certs/festipedia.crt
SSLCertificateKeyFile /.../certs/newprivate.key
SSLCACertificateFile /.../intermediate.crt

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Deskana renamed this task from Cannot edit subpages, probably due to percent-encoding of URIs to Cannot edit subpages on third-party wiki, probably due to percent-encoding of URIs.Mar 19 2019, 10:57 AM
JTannerWMF moved this task from To Triage to Freezer on the VisualEditor board.Mar 27 2019, 6:14 PM
WDoranWMF closed this task as Declined.Jul 17 2019, 8:34 PM
WDoranWMF added a subscriber: WDoranWMF.

Please reopen if this is still occurring.

Prh47bridge reopened this task as Open.Jul 17 2019, 9:07 PM

No-one has suggested any fixes and the issue is still occurring on my site.