Page MenuHomePhabricator

Run DB query in production for abuse filters using variable variables
Closed, ResolvedPublic


We want to make a breaking change in T229947. To make sure that we're not breaking anything in production (very unlikely anyway), we'd need the following query to be executed for all wikis:

SELECT af_id FROM abuse_filter WHERE af_pattern RLIKE "set(_var)?\\(\\s*([^'\"\\s]|['\"][^'\"]+['\"]\\s*[^,\\s])"

I know that the query is not good looking (mostly because of the RLIKE), but the abuse_filter table is very small.

This task is non-public because some of the affected filters may be private. I don't think this information is exploitable in any way, though, so feel free to make it public.

As for the tags, since I don't know of any clear process to get query results in production, I've copied them from T193894.

Event Timeline

Daimona updated the task description. (Show Details)
Urbanecm claimed this task.
Urbanecm added a subscriber: Urbanecm.

See P8894 for the actual data. Going to make this task public, since the fact that the request was made can definitelly be public, and the data are in restricted paste.

Urbanecm changed the visibility from "Custom Policy" to "Public (No Login Required)".Aug 10 2019, 5:07 PM

Thanks! All of the results for wikidata are false positives, due to the frequent usage of "setlabel" inside regexps. So we can say no usages in production.