Page MenuHomePhabricator
Create Task
Maniphest T226456

"PHP Warning: preg_match() expects parameter 2 to be string" from Special:FundraiserLandingPage
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Error

Request URL: donatewiki /w/index.php?title=Special:LandingPage&country=CN& … &vars[]=x& …
Request ID: XRE3bQpAMEoAAD6Z5ZEAAAAG

message
PHP Warning: preg_match() expects parameter 2 to be string, array given
trace
#0 /srv/mediawiki/php-1.34.0-wmf.10/extensions/FundraiserLandingPage/includes/specials/FundraiserLandingPage.php(113): MWExceptionHandler::handleError(integer, string, string, integer, array, array)
#1 /srv/mediawiki/php-1.34.0-wmf.10/extensions/FundraiserLandingPage/includes/specials/FundraiserLandingPage.php(79): FundraiserLandingPage::fundraiserLandingPageMakeSafe(array)
#2 /srv/mediawiki/php-1.34.0-wmf.10/includes/specialpage/SpecialPage.php(571): FundraiserLandingPage->execute(NULL)
#3 /srv/mediawiki/php-1.34.0-wmf.10/includes/specialpage/SpecialPageFactory.php(575): SpecialPage->run(NULL)
#4 /srv/mediawiki/php-1.34.0-wmf.10/includes/MediaWiki.php(288): MediaWiki\Special\SpecialPageFactory->executePath(Title, RequestContext)
#5 /srv/mediawiki/php-1.34.0-wmf.10/includes/MediaWiki.php(865): MediaWiki->performRequest()
#6 /srv/mediawiki/php-1.34.0-wmf.10/includes/MediaWiki.php(515): MediaWiki->main()
#7 /srv/mediawiki/php-1.34.0-wmf.10/index.php(42): MediaWiki->run()
#8 /srv/mediawiki/w/index.php(3): include(string)

Notes

The code is taking arbitrary query parameters and turning them into wikitext template invocation parameters.

The code has a blacklist of parameters it does not allow to be passed. For the remaining ones, a regular expression is used as additional filter. However, the preg_match function itself is passed with invalid parameters sometimes (the second parameter is arbitrary user input and can be an array instead of a string, given that PHP supports natively to pass arrays as query string parameters).

In this case the function emits a warning, which the code does not expect or handle.

Impact

It looks like in this case preg_match decides that the pattern doesn't match, and does not string-cast. The outcome is that the parameter is ignored, which coincidentally is probably what you would want the code to do anyway.

If that is indeed the desirable outcome, it should be coded that way. E.g. by rejecting non-string parameters or by suppressing the warning from preg_match().

Details

SubjectRepoBranchLines +/-
Fix production warnings on bad inputmediawiki/extensions/FundraiserLandingPagemaster+9 -4
Customize query in gerrit

Event Timeline

Krinkle created this task.Jun 24 2019, 10:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 24 2019, 10:42 PM
Krinkle moved this task from Untriaged to Older on the Wikimedia-production-error board.Jun 24 2019, 10:44 PM
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:06 PM
Krinkle added a comment.Mar 24 2020, 9:30 PM

Still reproducible.

Krinkle added a project: donate.wikimedia.org.Mar 24 2020, 9:31 PM
Pcoombe added a project: Fundraising-Backlog.May 26 2020, 10:33 AM
DStrine moved this task from Triage to Q3 2021-2022 on the Fundraising-Backlog board.Jun 9 2020, 1:51 AM
hashar subscribed.May 20 2021, 7:26 PM

It is still there :)

from /srv/mediawiki/php-1.37.0-wmf.6/extensions/FundraiserLandingPage/includes/specials/FundraiserLandingPage.php(117)
#0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
#1 /srv/mediawiki/php-1.37.0-wmf.6/extensions/FundraiserLandingPage/includes/specials/FundraiserLandingPage.php(117): preg_match(string, array, NULL)
#2 /srv/mediawiki/php-1.37.0-wmf.6/extensions/FundraiserLandingPage/includes/specials/FundraiserLandingPage.php(83): FundraiserLandingPage::fundraiserLandingPageMakeSafe(array)
#3 /srv/mediawiki/php-1.37.0-wmf.6/includes/specialpage/SpecialPage.php(646): FundraiserLandingPage->execute(NULL)
#4 /srv/mediawiki/php-1.37.0-wmf.6/includes/specialpage/SpecialPageFactory.php(1390): SpecialPage->run(NULL)
#5 /srv/mediawiki/php-1.37.0-wmf.6/includes/MediaWiki.php(314): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, RequestContext)
#6 /srv/mediawiki/php-1.37.0-wmf.6/includes/MediaWiki.php(917): MediaWiki->performRequest()
#7 /srv/mediawiki/php-1.37.0-wmf.6/includes/MediaWiki.php(551): MediaWiki->main()
#8 /srv/mediawiki/php-1.37.0-wmf.6/index.php(53): MediaWiki->run()
#9 /srv/mediawiki/php-1.37.0-wmf.6/index.php(46): wfIndexMain()
#10 /srv/mediawiki/w/index.php(3): require(string)
#11 {main}
gerritbot added a comment.May 20 2021, 9:07 PM

Change 693215 had a related patch set uploaded (by Ejegg; author: Ejegg):

[mediawiki/extensions/FundraiserLandingPage@master] Fix production warnings on bad input

https://gerrit.wikimedia.org/r/693215

gerritbot added a project: Patch-For-Review.May 20 2021, 9:07 PM
gerritbot added a comment.May 20 2021, 9:50 PM

Change 693215 merged by jenkins-bot:

[mediawiki/extensions/FundraiserLandingPage@master] Fix production warnings on bad input

https://gerrit.wikimedia.org/r/693215

ReleaseTaggerBot added a project: MW-1.37-notes (1.37.0-wmf.7; 2021-05-25).May 20 2021, 10:00 PM
Maintenance_bot removed a project: Patch-For-Review.May 20 2021, 10:10 PM
Ejegg closed this task as Resolved.Nov 11 2021, 3:56 AM
Ejegg claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL