Page MenuHomePhabricator
Create Task
Maniphest T2875

Recursive categories lead to server timeouts and can be exploited for DoS
Closed, ResolvedPublic
Actions

Description

Author: bugzillas+padREMOVETHISdu

Description:
As pointed out by [[test:User:Chris 73]] in [[test:]] and [[test:Bug reports]],
if a category page contains another category which is an ancestor of the former
category, there is an infinite loop when loading any of the categories in the
cycle formed by the categories as well as any page belonging to any of these
categories.

This is presumed to be due to the display of the "infinite" category hierarchy
in the page being loaded. The edit links of the categories and pages in those
categories work, though. Or else, this would've caused a denial of service as
everyone (except developers. of course) would be prevented from viewing or
editing the pages concerned.

Version: unspecified
Severity: blocker
URL: http://test.wikipedia.org/wiki/Template_testing

Details

Reference
bz875

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Unbreak Now!.Nov 21 2014, 7:04 PM
bzimport added projects: MediaWiki-Categories, TestMe.
bzimport set Reference to bz875.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Nov 13 2004, 10:45 PM
bzimport added a comment.Nov 13 2004, 11:07 PM

0paddu wrote:

Armed with enough bots (i.e. different logins/IPs), it could be possible to
really do a DoS since server time is wasted in the infinite loop and reverting
may not be able to cope with the bots. The DB could be made readonly and all
that, but still that's DoS as I understand. Hence making severity blocker and
marking as blocking bug 202 (in accordance with [[en:Wikipedia:Be bold]] :).

BTW shouldn't there be some way to report security-related bugs "private"ly or
some such thing?

bzimport added a comment.Nov 14 2004, 12:55 PM

bugzillas+padREMOVETHISdu wrote:

http://test.wikipedia.org/wiki/Category:Loop1?action=raw&ctype=text/css hangs
but
http://test.wikipedia.org/w/index.php?title=Category:Loop1&action=raw&ctype=text/css
works.

bzimport added a comment.Nov 14 2004, 1:11 PM

bugzillas+padREMOVETHISdu wrote:

*** Bug 817 has been marked as a duplicate of this bug. ***

bzimport added a comment.Nov 14 2004, 1:20 PM

bugzillas+padREMOVETHISdu wrote:

Copied from bug 817 comment 1:

[[test:WikiHiero]] refers to [[test:Category:Ancient Egypt]] which refers to
[[test:Category:Abcd%C8]] which refers to [[test:Category:Ancient Egypt]] which
triggers bug 875 which is why [[test:WikiHiero]] is inaccessible.

[[test:Template testing]] transcludes [[test:WikiHiero]] using {{:WikiHiero}}
which is why that page is also inaccessible.

bzimport added a comment.Dec 19 2004, 1:19 PM

bugzillas+padREMOVETHISdu wrote:

Hey this seems to have been resolved (try the URL for this bug)! Why's no one
making any noise about this?

hashar added a comment.Jan 10 2005, 4:37 AM

I believe Tim Starling fixed it. Need to be checked.

bzimport added a comment.Feb 17 2005, 4:19 PM

zigger wrote:

I can't reproduce this either, having tried 1.3.10, 1.4beta6+ and HEAD on a
local wiki, as test.wikipedia.org isn't available. Marking as fixed based also
on comments 5 & 6 above.

bzimport added a comment.Nov 30 2011, 4:03 PM

sumanah_panixcom wrote:

content hidden as private in Bugzilla

Luke081515 removed a subscriber: wikibugs-l-list.Jan 28 2016, 6:05 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL