Page MenuHomePhabricator
Create Task
Maniphest T271838

Malformed URI relating to badly set cookies that cannot be decoded by $.cookie
Closed, ResolvedPublic
Actions

Description

Several hundred errors from several IPs a day
If a gadget sets an invalid cookie this creates logspam on every page view.

$.cookie.raw = true
$.cookie('test_cookie', '99%E9%80%83%E4%BA')
$.cookie.raw = false

The logspam can be stopped by setting the cookie like so:

$.cookie('test_cookie', '')

We appear to be using a forked version of the cookie library (1.3.1) but this was fixed in a later version (https://github.com/carhartl/jquery-cookie/blob/master/src/jquery.cookie.js#L41). That said the library is no longer mantained.

https://logstash.wikimedia.org/goto/15b00da66ff9d67d30f3cf63a2f0381b

Given this error can originate from a script from user input and can potentially cause a high amount of errors I think we should fix this.

Details

SubjectRepoBranchLines +/-
Catch malformed URI exceptions when decoding cookiesmediawiki/coremaster+7 -1
Customize query in gerrit

Related Objects

Event Timeline

Jdlrobson created this task.Jan 12 2021, 5:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 12 2021, 5:46 PM
gerritbot added a comment.Jan 12 2021, 5:47 PM

Change 655719 had a related patch set uploaded (by Jdlrobson; owner: Jdlrobson):
[mediawiki/core@master] Catch malformed URI exceptions when decoding cookies

https://gerrit.wikimedia.org/r/655719

gerritbot added a project: Patch-For-Review.Jan 12 2021, 5:47 PM
Jdlrobson moved this task from Backlog to mediawiki.cookie and jquery.cookie on the MediaWiki-User-Interface board.Jan 12 2021, 11:26 PM
Jdlrobson merged a task: T93187: Uncaught “URIError: malformed URI sequence” on en.wiktionary (fixed in jquery.cookie >= 1.4.0?).Jan 12 2021, 11:47 PM
Jdlrobson added subscribers: Mormegil, polybuildr, matmarex.
Jdlrobson moved this task from mediawiki.cookie and jquery.cookie to active libraries on the MediaWiki-User-Interface board.Jan 13 2021, 12:11 AM
Jdlrobson edited projects, added MediaWiki-User-Interface (active libraries); removed MediaWiki-User-Interface.
gerritbot added a comment.Jan 13 2021, 2:08 PM

Change 655719 merged by jenkins-bot:
[mediawiki/core@master] Catch malformed URI exceptions when decoding cookies

https://gerrit.wikimedia.org/r/655719

Maintenance_bot removed a project: Patch-For-Review.Jan 13 2021, 2:10 PM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.27; 2021-01-19).Jan 13 2021, 3:00 PM
matmarex closed this task as Resolved.Jan 13 2021, 3:19 PM

Presumably fixed

Krinkle moved this task from Untriaged to Jan 2021 on the Wikimedia-production-error board.Jan 27 2021, 8:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL