Page MenuHomePhabricator
Create Task
Maniphest T26997

Article::doEdit() can have fatal side effect
Closed, ResolvedPublic
Actions

Description

Sometimes the wrong article is edited, because Article::doEdit() has side effect. I tracked it down doEdit > prepareTextForEdit > getContent -> loadContent which calls getOldID() which calls request parameters, and after that calls fetchContent which updates mTitle.

This is seen at least in 1.16.0, probably happens in trunk too.

Version: 1.16.x
Severity: major

Details

Reference
bz24997

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 11:10 PM
bzimport added a project: MediaWiki-Page-editing.
bzimport set Reference to bz24997.
bzimport added a subscriber: Unknown Object (MLST).
Nikerabbit created this task.Aug 31 2010, 12:45 PM
Nikerabbit added a comment.Aug 31 2010, 12:48 PM

Translate extension is using the jobqueue to update articles. They construct their own article object and call doEdit on it.

Catrope added a comment.Sep 12 2010, 3:23 PM

The real issue here is the fact that Article::getOldID() accesses the request parameters (evil) and allows them to override mTitle (very evil).

Platonides added a comment.Sep 12 2010, 9:39 PM

So... fixed as r72846?

Nikerabbit added a comment.Sep 13 2010, 5:47 AM

Nope, it's just one caller which was hit by this bug.

Nikerabbit added a comment.Oct 29 2012, 3:11 PM

Looks like this has been resolved. Nothing is calling Article::loadContent (deprecated in favor of Article::fetchContent (deprecated in favor of Article::fetchContentObject))

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL