Page MenuHomePhabricator

Fix data inconsistency in cu_log: Remove trailing spaces
Open, LowPublicSecurity

Description

NOTE: This is a follow-up to T275669.

Before fixing T275669: Checkuser stores users to cu_log with trailing spaces, allowing all CUs to turn off Special:CheckuserLog at will, checkuser stored certain kind of entries with a trailing space.

On loginwiki, there are ~150 such entries, see P14470. There are two entries at testwiki I used to reproduce this case, and ~50 such cases in enwiki.

Even this doesn't happen at many wikis, we should fix this data incosistency either way.

Event Timeline

Urbanecm triaged this task as Low priority.
Urbanecm added a project: CheckUser.

Posting here to backup my work. Will push to gerrit once the other issue is published.

Posting here to backup my work. Will push to gerrit once the other issue is published.

Updated.

+1 to the updated patch above, I assume that'll go through gerrit once T275669 is public (which I plan to do today, along with the backports). Do we have any idea what other projects this might need to be run on besides loginwiki, testwiki and enwiki?

+1 to the updated patch above, I assume that'll go through gerrit once T275669 is public (which I plan to do today, along with the backports). Do we have any idea what other projects this might need to be run on besides loginwiki, testwiki and enwiki?

I will run it on all wikis, just to be certain. Given the low number of entries on loginwiki and enwiki, I don't think it's going to be a major issue on other wikis. I can add a query to detect whether there are any broken entries, to prevent going it through everything.

And yes, it will go through gerrit. This is private just to not reveal the vulnerability before it is officially published.

I can add a query to detect whether there are any broken entries, to prevent going it through everything.

Likely not a big deal given the paucity of actual examples. It might be nice though if doDBUpdates() outputted the affected rows of the update in addition to the batch size, just to have a good idea of the total number.

Aklapper renamed this task from Fix data incosistency in cu_log: Remove trailing spaces to Fix data inconsistency in cu_log: Remove trailing spaces.Feb 25 2021, 5:46 PM
Urbanecm changed the visibility from "Custom Policy" to "Public (No Login Required)".Feb 25 2021, 10:20 PM
Urbanecm changed the edit policy from "Custom Policy" to "All Users".