Page MenuHomePhabricator
Create Task
Maniphest T234239

CheckUser improvements for security patch T207094 / r539643
Closed, ResolvedPublic
Actions

Description

Per @Umherirrender's public gerrit comments, we should address the following issues related to the deployed/backported security patch for the PermanentlyPrivate bug T207094:

  1. Revision::newFromId - line 1787 - "This seems uncached, at least it is unbatched. This mixed database queries in the formatting code and may slow done the whole page"
  2. Exception - line 1807 - "There are some maintenance scripts which can lead to this situation. It is also possible that the delete or undelete is in process and finished between both queries."
  3. $rev->userCan - line 1812 - "userCan needs a user to avoid $wgUser"
  4. Linker::commentBlock - line 1815 - "There is Linker::revComment which handle these message and styling for such messages (grey + strike)"

Also, test coverage apparently decreased for this patch, so we might want to add/update tests accordingly.

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/CheckUsermaster+49 -40Batch process and format revision comments using preprocessResults
mediawiki/extensions/CheckUsermaster+115 -63Load RevisionRecord in bulk for audience check
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 ResolvedDreamy_JazzT234239 CheckUser improvements for security patch T207094 / r539643

Event Timeline

sbassett created this task.Sep 30 2019, 4:23 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 30 2019, 4:23 PM
sbassett triaged this task as Medium priority.Sep 30 2019, 5:18 PM
Niharika added a subscriber: Niharika.Sep 30 2019, 5:51 PM

@sbassett Is Security planning to take on this ticket? Anti-Harassment team is planning to work on making some improvements to checkuser starting next quarter so we could look into this.

sbassett added a comment.Sep 30 2019, 5:55 PM

@Niharika - I think this can be open to whomever has the cycles to work on it. If Anti-Harassment would like to work on these issues, that's great. To be clear - these are just some non-blocking issues that were suggested as improvements for a currently-deployed security patch.

Peachey88 updated the task description. (Show Details)Sep 30 2019, 8:34 PM
sbassett mentioned this in T233271: 503 Backend fetch failed.Oct 1 2019, 6:53 PM
Paladox added a subscriber: Paladox.Oct 1 2019, 7:00 PM
RhinosF1 added a subscriber: RhinosF1.Oct 1 2019, 8:39 PM
sbassett added a parent task: Restricted Task.Oct 8 2019, 6:35 PM
gerritbot added a comment.Oct 8 2019, 7:31 PM

Change 541606 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/extensions/CheckUser@master] Load RevisionRecord in bulk for audience check

https://gerrit.wikimedia.org/r/541606

gerritbot added a project: Patch-For-Review.Oct 8 2019, 7:31 PM
gerritbot added a comment.Mar 28 2020, 8:41 PM

Change 541606 abandoned by Umherirrender:
Load RevisionRecord in bulk for audience check

https://gerrit.wikimedia.org/r/541606

Maintenance_bot removed a project: Patch-For-Review.Mar 28 2020, 9:10 PM
Umherirrender removed a subscriber: Umherirrender.Feb 27 2021, 9:47 PM
gerritbot added a comment.Aug 21 2022, 4:22 PM

Change 824874 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Batch process and format revision comments using preprocessResults

https://gerrit.wikimedia.org/r/824874

gerritbot added a project: Patch-For-Review.Aug 21 2022, 4:22 PM
Dreamy_Jazz claimed this task.Aug 21 2022, 6:09 PM
Dreamy_Jazz moved this task from General / Unsorted to Patches for review on the CheckUser board.
Zabe added a subscriber: Zabe.Aug 22 2022, 10:16 PM
gerritbot added a comment.Aug 23 2022, 12:02 AM

Change 824874 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Batch process and format revision comments using preprocessResults

https://gerrit.wikimedia.org/r/824874

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.26; 2022-08-22).Aug 23 2022, 1:00 AM
Dreamy_Jazz closed this task as Resolved.Aug 27 2022, 7:59 PM

The associated patch has been merged and this addressed all the 4 points. Issues with a drop in coverage can be addressed in T175920.

Dreamy_Jazz moved this task from Patches for review to CheckUser on the CheckUser board.Aug 27 2022, 7:59 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL