Page MenuHomePhabricator
Create Task
Maniphest T293293

ReverseChronologicalPager::checkdate warns "PHP Notice: A non well formed numeric value encountered"
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

Error
normalized_message
[{reqId}] {exception_url}   PHP Notice: A non well formed numeric value encountered
exception.trace
from /srv/mediawiki/php-1.38.0-wmf.3/includes/pager/ReverseChronologicalPager.php(148)
#0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
#1 /srv/mediawiki/php-1.38.0-wmf.3/includes/pager/ReverseChronologicalPager.php(148): checkdate(string, integer, integer)
#2 /srv/mediawiki/php-1.38.0-wmf.3/includes/specials/pagers/ContribsPager.php(926): ReverseChronologicalPager::getOffsetDate(integer, string)
#3 /srv/mediawiki/php-1.38.0-wmf.3/includes/specials/SpecialContributions.php(243): ContribsPager::processDateFilter(array)
#4 /srv/mediawiki/php-1.38.0-wmf.3/includes/specialpage/SpecialPage.php(647): SpecialContributions->execute(NULL)
#5 /srv/mediawiki/php-1.38.0-wmf.3/includes/specialpage/SpecialPageFactory.php(1375): SpecialPage->run(NULL)
#6 /srv/mediawiki/php-1.38.0-wmf.3/includes/MediaWiki.php(314): MediaWiki\SpecialPage\SpecialPageFactory->executePath(string, RequestContext)
#7 /srv/mediawiki/php-1.38.0-wmf.3/includes/MediaWiki.php(925): MediaWiki->performRequest()
#8 /srv/mediawiki/php-1.38.0-wmf.3/includes/MediaWiki.php(559): MediaWiki->main()
#9 /srv/mediawiki/php-1.38.0-wmf.3/index.php(53): MediaWiki->run()
#10 /srv/mediawiki/php-1.38.0-wmf.3/index.php(46): wfIndexMain()
#11 /srv/mediawiki/w/index.php(3): require(string)
#12 {main}
Impact
Notes

Not sure which area is causing this. The contributions page does list and format comments, so maybe further fallout from the CommentFormatter. Tentatively tagging as such.

Details

Request URL
https://it.wikipedia.org/w/index.php?contribs=*&limit=*&month=*&namespace=*&tagfilter=*&target=*&title=*&year=*
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Special:Contributions - verify early year and month are intsmediawiki/coremaster+45 -2
Customize query in gerrit

Related Objects

Event Timeline

Krinkle created this task.Oct 13 2021, 6:23 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 13 2021, 6:23 PM
Krinkle added a subscriber: tstarling.Oct 13 2021, 6:24 PM

Might be a regression from T292791: Oldest revisions not listed in the correct order /cc @tstarling.

ArielGlenn subscribed.Oct 14 2021, 6:16 AM

There were around 35 of these errors, all around 11 hours ago. Is this really UBN or can we lower the priority?

Zabe subscribed.Oct 14 2021, 3:12 PM
Krinkle lowered the priority of this task from Unbreak Now! to Medium.Oct 15 2021, 7:37 PM

Sorry, I didn't make it UBN. Someone changed the task creation form to do this by default.

Krinkle moved this task from Untriaged to Oct 2021 on the Wikimedia-production-error board.Oct 27 2021, 6:38 PM
Pchelolo subscribed.Nov 2 2021, 1:27 AM

If we look at the URLs in logstash we can see something like /w/index.php?contribs=user&limit=50&month=1&namespace=&tagfilter=&target=127.0.0.1&title=Special:Contributions&year=3cCnJTIY'%20OR%20486=(SELECT%20486%20FROM%20PG_SLEEP(12)) - the 'year' parameter is garbage, someone is trying to do a little SQL injection here.

I guess we should just get use WebRequest::getIntOrNull instead of WebRequest::getVal for the 'year' and 'month' parameters

gerritbot added a comment.Nov 2 2021, 1:52 AM

Change 736100 had a related patch set uploaded (by Ppchelko; author: Ppchelko):

[mediawiki/core@master] Special:Contributions - verify early year and month are ints

https://gerrit.wikimedia.org/r/736100

gerritbot added a project: Patch-For-Review.Nov 2 2021, 1:52 AM
gerritbot added a comment.Nov 2 2021, 8:51 AM

Change 736100 merged by jenkins-bot:

[mediawiki/core@master] Special:Contributions - verify early year and month are ints

https://gerrit.wikimedia.org/r/736100

ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.9; 2021-11-16).Nov 2 2021, 9:00 AM
Maintenance_bot removed a project: Patch-For-Review.Nov 2 2021, 9:10 AM
Umherirrender closed this task as Resolved.Jan 27 2022, 8:56 PM
Krinkle assigned this task to Pchelolo.Mar 30 2022, 9:47 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits