Page MenuHomePhabricator

ApiQueryRevisions.php: PHP Notice: A non well formed numeric value encountered
Closed, ResolvedPublicPRODUCTION ERROR

Description

Error message
[XWevYgpAIDwAAKiy4PYAAACP] /w/api.php?action=query&prop=revisions&rvlimit=1acunNZw604YIA&rvprop=timestamp|user|comment&rvuser=MediaWiki%20default&titles=Main%20Page   ErrorException from line 391 of /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiQueryRevisions.php: PHP Notice: A non well formed numeric value encountered
Impact

171 hits in wmf.19, 11 hits in wmf.17.

Notes

Not seen before wmf.17.

Details

Request ID
XWevYgpAIDwAAKiy4PYAAACP
Request URL
lrc.wikipedia.org/w/api.php?action=query&prop=revisions&rvlimit=1acunNZw604YIA&rvprop=timestamp|user|comment&rvuser=MediaWiki%20default&titles=Main%20Page
Stack Trace
#0 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiQueryRevisions.php(391): MWExceptionHandler::handleError(integer, string, string, integer, array)
#1 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiQueryRevisionsBase.php(59): ApiQueryRevisions->run()
#2 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiQuery.php(250): ApiQueryRevisionsBase->execute()
#3 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiMain.php(1589): ApiQuery->execute()
#4 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiMain.php(533): ApiMain->executeAction()
#5 /srv/mediawiki/php-1.34.0-wmf.19/includes/api/ApiMain.php(504): ApiMain->executeActionWithErrorHandling()
#6 /srv/mediawiki/php-1.34.0-wmf.19/api.php(86): ApiMain->execute()
#7 /srv/mediawiki/w/api.php(3): require(string)
#8 {main}

Event Timeline

matmarex subscribed.

It looks like we don't convert the rvlimit parameter to a number. This is because ApiQueryRevisions calls extractRequestParams() with parseLimit=false, which disables all validation for this parameter. The documentation says it only affects "Whether to parse the 'max' value for limit types", and I think the code should be changed to do that.

Other code that might be affected (I didn't review it, just searched for the function calls):

includes/api/ApiQueryAllDeletedRevisions.php:
   51: 		$params = $this->extractRequestParams( false );

includes/api/ApiQueryAllRevisions.php:
   46: 		$params = $this->extractRequestParams( false );

includes/api/ApiQueryBacklinks.php:
  328: 		$this->params = $this->extractRequestParams( false );

includes/api/ApiQueryDeletedRevisions.php:
   59: 		$params = $this->extractRequestParams( false );

includes/api/ApiQueryDeletedrevs.php:
   48: 		$params = $this->extractRequestParams( false );

includes/api/ApiQueryRevisions.php:
   90: 		$params = $this->extractRequestParams( false );

extensions/FlaggedRevs/api/FlaggedRevsApiHooks.php:
   17: 		$params = $module->extractRequestParams( false );

Also, I couldn't reproduce the error locally – is this message only emitted by specific PHP versions, or do I need to configure something?

Change 533562 had a related patch set uploaded (by Bartosz Dziewoński; owner: Bartosz Dziewoński):
[mediawiki/core@master] ApiBase: Always validate that 'limit' is numeric

https://gerrit.wikimedia.org/r/533562

This would also be fixed by gerrit:434718 once I get that finished.

Also, I couldn't reproduce the error locally – is this message only emitted by specific PHP versions, or do I need to configure something?

PHP 7.1+, it looks like.

Change 533562 merged by jenkins-bot:
[mediawiki/core@master] ApiBase: Always validate that 'limit' is numeric

https://gerrit.wikimedia.org/r/533562

Anomie assigned this task to matmarex.