When trying to nuke edits of an IP in NS:1198, everything works as per normal. However, after some time page is not deleted and when attempting to nuke again, Special:Nuke shows "Page Translations:Help:Contents/24/ar has been queued for deletion." Tried in userspace as well and doesn't work. To clarify, pages can still be deleted manually, only Special:Nuke doesn't work.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Reedy | T292226 Release MediaWiki 1.35.5/1.36.3/1.37.1 | |||
Resolved | Reedy | T292227 Tracking bug for MediaWiki 1.35.5/1.36.3/1.37.1 | |||
Resolved | Security | Urbanecm | T294686 Special:Nuke isn't working at all |
Event Timeline
I'm pretty certain 92c4595 is the breaking patch here (cc @Ladsgroup and @Krinkle as the author/review respectively).
Nuke extension sends a DeletePageJob, however, it does not pass the wikiPageId parameter, that's used by the job to create a WikiPage instance. Hence, the job doesn't know what to delete, and quits without actually doing anything.
@Ladsgroup @Krinkle Mind reviewing the patch above? Docs of DeletePageJob should be also likely changed to be more clear about required job parameters. It should also log deletion attempts that failed due to missing parameters.
It has my virtual +2, We can test it in mwdebug if you haven't already tested them. I will be around early in Monday to help deployment of it.
I did livetest the patch at mwdebug earlier today, so it should work at least. I'll deploy it on Monday (unless you beat me to it :)).
11:17 <urbanecm> !log Deploy a security patch for T294686 11:17 <+stashbot> Logged the message at https://wikitech.wikimedia.org/wiki/Server_Admin_Log
Deployed.
The regression patch only landed in a recent WMF branch, is only in master... So this fix can go through gerrit now it's fixed in WMF production
Sure, though I'll note @Mstyles is also helping out with various security-related backports as well :) Per @Reedy's note above, we're going to make this task public and push the backport to master through gerrit given how short-lived this issue has been. I've also noted this on the tracking task for the next security release (T292227#7472182).
Change 735999 had a related patch set uploaded (by Urbanecm; author: Urbanecm):
[mediawiki/extensions/Nuke@master] SECURITY: Pass required parameters to DeletePageJob
Good point. Since it totally broke an important extension, it makes sense. Uploaded to master and +2'ed myself then :).
Change 735999 merged by jenkins-bot:
[mediawiki/extensions/Nuke@master] SECURITY: Pass required parameters to DeletePageJob
Change 736285 had a related patch set uploaded (by Reedy; author: Urbanecm):
[mediawiki/extensions/Nuke@REL1_37] SECURITY: Pass required parameters to DeletePageJob
Change 736289 had a related patch set uploaded (by Reedy; author: Urbanecm):
[mediawiki/extensions/Nuke@REL1_36] SECURITY: Pass required parameters to DeletePageJob
Change 736292 had a related patch set uploaded (by Reedy; author: Urbanecm):
[mediawiki/extensions/Nuke@REL1_35] SECURITY: Pass required parameters to DeletePageJob
Change 736285 merged by jenkins-bot:
[mediawiki/extensions/Nuke@REL1_37] SECURITY: Pass required parameters to DeletePageJob
Change 736292 merged by jenkins-bot:
[mediawiki/extensions/Nuke@REL1_35] SECURITY: Pass required parameters to DeletePageJob
Change 736289 merged by jenkins-bot:
[mediawiki/extensions/Nuke@REL1_36] SECURITY: Pass required parameters to DeletePageJob