Page MenuHomePhabricator
Create Task
Maniphest T294686

Special:Nuke isn't working at all
Closed, ResolvedPublicSecurity
Actions

Description

When trying to nuke edits of an IP in NS:1198, everything works as per normal. However, after some time page is not deleted and when attempting to nuke again, Special:Nuke shows "Page Translations:Help:Contents/24/ar has been queued for deletion." Tried in userspace as well and doesn't work. To clarify, pages can still be deleted manually, only Special:Nuke doesn't work.

Details

SubjectRepoBranchLines +/-
SECURITY: Pass required parameters to DeletePageJobmediawiki/extensions/NukeREL1_36+6 -2
SECURITY: Pass required parameters to DeletePageJobmediawiki/extensions/NukeREL1_35+6 -2
SECURITY: Pass required parameters to DeletePageJobmediawiki/extensions/NukeREL1_37+6 -2
SECURITY: Pass required parameters to DeletePageJobmediawiki/extensions/Nukemaster+6 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

Minorax created this task.Oct 30 2021, 12:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 30 2021, 12:51 PM
Minorax added a comment.Oct 30 2021, 12:52 PM

Tried on testwiki as well, doesn't work.

Minorax updated the task description. (Show Details)Oct 30 2021, 12:54 PM
Urbanecm added subscribers: Krinkle, Ladsgroup, Urbanecm.Oct 30 2021, 1:03 PM

I'm pretty certain 92c4595 is the breaking patch here (cc @Ladsgroup and @Krinkle as the author/review respectively).

Nuke extension sends a DeletePageJob, however, it does not pass the wikiPageId parameter, that's used by the job to create a WikiPage instance. Hence, the job doesn't know what to delete, and quits without actually doing anything.

Urbanecm added a comment.Oct 30 2021, 1:10 PM

T294686.patch1 KBDownload

@Ladsgroup @Krinkle Mind reviewing the patch above? Docs of DeletePageJob should be also likely changed to be more clear about required job parameters. It should also log deletion attempts that failed due to missing parameters.

Urbanecm claimed this task.Oct 30 2021, 1:11 PM
Urbanecm triaged this task as High priority.
Urbanecm added a project: MediaWiki-extensions-Nuke.
Restricted Application added a project: User-Urbanecm. · View Herald TranscriptOct 30 2021, 1:11 PM
Urbanecm renamed this task from Special:Nuke isn't working on meta to Special:Nuke isn't working at all.Oct 30 2021, 1:11 PM
Ladsgroup added a comment.Oct 30 2021, 3:07 PM

It has my virtual +2, We can test it in mwdebug if you haven't already tested them. I will be around early in Monday to help deployment of it.

Urbanecm added a comment.Oct 30 2021, 4:37 PM
In T294686#7469687, @Ladsgroup wrote:

It has my virtual +2, We can test it in mwdebug if you haven't already tested them. I will be around early in Monday to help deployment of it.

I did livetest the patch at mwdebug earlier today, so it should work at least. I'll deploy it on Monday (unless you beat me to it :)).

Urbanecm moved this task from Incoming to Security Patch To Deploy on the Security-Team board.Oct 30 2021, 4:38 PM
matmarex mentioned this in T188679: Nuke should batch the deletions.Oct 31 2021, 9:54 PM
matmarex subscribed.
Reedy merged a task: T294715: Special:Nuke queues deletion jobs, which don't appear to be executed.Nov 1 2021, 1:39 AM
Reedy added a subscriber: Zabe.
Urbanecm added a comment.Nov 1 2021, 10:18 AM
11:17 <urbanecm> !log Deploy a security patch for T294686
11:17 <+stashbot> Logged the message at https://wikitech.wikimedia.org/wiki/Server_Admin_Log

Deployed.

Urbanecm moved this task from Security Patch To Deploy to Incoming on the Security-Team board.Nov 1 2021, 10:18 AM
Urbanecm added a subscriber: sbassett.

@sbassett Over to you for the final honors :).

sbassett added a parent task: T292227: Tracking bug for MediaWiki 1.35.5/1.36.3/1.37.1.Nov 1 2021, 3:38 PM
Reedy subscribed.Nov 1 2021, 3:39 PM

The regression patch only landed in a recent WMF branch, is only in master... So this fix can go through gerrit now it's fixed in WMF production

sbassett mentioned this in T292227: Tracking bug for MediaWiki 1.35.5/1.36.3/1.37.1.Nov 1 2021, 3:51 PM
sbassett added a subscriber: Mstyles.Nov 1 2021, 3:55 PM
In T294686#7471169, @Urbanecm wrote:

@sbassett Over to you for the final honors :).

Sure, though I'll note @Mstyles is also helping out with various security-related backports as well :) Per @Reedy's note above, we're going to make this task public and push the backport to master through gerrit given how short-lived this issue has been. I've also noted this on the tracking task for the next security release (T292227#7472182).

Urbanecm changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 1 2021, 3:57 PM
Urbanecm changed the edit policy from "Custom Policy" to "All Users".
gerritbot added a comment.Nov 1 2021, 3:57 PM

Change 735999 had a related patch set uploaded (by Urbanecm; author: Urbanecm):

[mediawiki/extensions/Nuke@master] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/735999

gerritbot added a project: Patch-For-Review.Nov 1 2021, 3:57 PM
Urbanecm added a comment.Nov 1 2021, 3:59 PM

Good point. Since it totally broke an important extension, it makes sense. Uploaded to master and +2'ed myself then :).

sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Nov 1 2021, 4:00 PM
gerritbot added a comment.Nov 1 2021, 4:01 PM

Change 735999 merged by jenkins-bot:

[mediawiki/extensions/Nuke@master] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/735999

Reedy added a project: SecTeam-Processed.Nov 1 2021, 4:06 PM
Maintenance_bot removed a project: Patch-For-Review.Nov 1 2021, 4:10 PM
ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.7; 2021-11-02).Nov 1 2021, 5:00 PM
Ladsgroup closed this task as Resolved.Nov 2 2021, 9:25 AM

Given that the patch is merged on master in gerrit. I think this is done.

gerritbot added a comment.Nov 2 2021, 5:27 PM

Change 736285 had a related patch set uploaded (by Reedy; author: Urbanecm):

[mediawiki/extensions/Nuke@REL1_37] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736285

gerritbot added a project: Patch-For-Review.Nov 2 2021, 5:27 PM
gerritbot added a comment.Nov 2 2021, 5:30 PM

Change 736289 had a related patch set uploaded (by Reedy; author: Urbanecm):

[mediawiki/extensions/Nuke@REL1_36] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736289

gerritbot added a comment.Nov 2 2021, 5:31 PM

Change 736292 had a related patch set uploaded (by Reedy; author: Urbanecm):

[mediawiki/extensions/Nuke@REL1_35] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736292

gerritbot added a comment.Nov 2 2021, 5:45 PM

Change 736285 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_37] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736285

gerritbot added a comment.Nov 2 2021, 5:45 PM

Change 736292 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_35] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736292

gerritbot added a comment.Nov 2 2021, 5:46 PM

Change 736289 merged by jenkins-bot:

[mediawiki/extensions/Nuke@REL1_36] SECURITY: Pass required parameters to DeletePageJob

https://gerrit.wikimedia.org/r/736289

Zabe mentioned this in T294715: Special:Nuke queues deletion jobs, which don't appear to be executed.Dec 6 2021, 5:59 PM
Reedy removed a project: Patch-For-Review.Dec 10 2021, 7:55 PM
Reedy added a subscriber: gerritbot.Dec 13 2021, 9:40 PM
WikiChain subscribed.Dec 23 2021, 2:53 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL