Page MenuHomePhabricator

Error 1055: 'wikidb.mw_flow_tree_revision.tree_orig_user_ip' isn't in GROUP BY
Closed, DeclinedPublic

Description

[4126bf212989950746d4a880] /w/index.php?title=Special:Nuke&target=Reedy Wikimedia\Rdbms\DBQueryError: A database query error has occurred. Did you forget to run your application's database schema updater after upgrading or after adding a new extension?

Please see https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Upgrading and https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:How_to_debug for more information.

Error 1055: 'wikidb.mw_flow_tree_revision.tree_orig_user_ip' isn't in GROUP BY
Function: Flow\Hooks::onNukeGetNewPages
Query: SELECT MAX(r.rev_id) AS `revId`,tree_orig_user_ip AS `userIp`,tree_orig_user_id AS `userId` FROM `mw_flow_revision` `r` JOIN `mw_flow_tree_revision` ON ((r.rev_type_id=tree_rev_descendant_id)) JOIN `mw_flow_workflow` ON ((r.rev_type_id=workflow_id)) WHERE tree_parent_id IS NULL AND r.rev_type = 'post' AND workflow_wiki = 'wikidb-mw_' AND (workflow_id > ' ����\0\0\0\0\0') AND tree_orig_user_id = 1 GROUP BY r.rev_type_id

Backtrace:

from /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/Database.php(1558)
#0 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/Database.php(1542): Wikimedia\Rdbms\Database->getQueryException()
#1 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/Database.php(1516): Wikimedia\Rdbms\Database->getQueryExceptionAndLog()
#2 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/Database.php(892): Wikimedia\Rdbms\Database->reportQueryError()
#3 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/Database.php(1648): Wikimedia\Rdbms\Database->query()
#4 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/DBConnRef.php(119): Wikimedia\Rdbms\Database->select()
#5 /var/www/wiki/mediawiki/core/includes/libs/rdbms/database/DBConnRef.php(338): Wikimedia\Rdbms\DBConnRef->__call()
#6 /var/www/wiki/mediawiki/extensions/Flow/includes/Hooks.php(1837): Wikimedia\Rdbms\DBConnRef->select()
#7 /var/www/wiki/mediawiki/core/includes/HookContainer/HookContainer.php(338): Flow\Hooks::onNukeGetNewPages()
#8 /var/www/wiki/mediawiki/core/includes/HookContainer/HookContainer.php(137): MediaWiki\HookContainer\HookContainer->callLegacyHook()
#9 /var/www/wiki/mediawiki/extensions/Nuke/includes/Hooks/NukeHookRunner.php(46): MediaWiki\HookContainer\HookContainer->run()
#10 /var/www/wiki/mediawiki/extensions/Nuke/includes/SpecialNuke.php(356): MediaWiki\Extension\Nuke\Hooks\NukeHookRunner->onNukeGetNewPages()
#11 /var/www/wiki/mediawiki/extensions/Nuke/includes/SpecialNuke.php(166): MediaWiki\Extension\Nuke\SpecialNuke->getNewPages()
#12 /var/www/wiki/mediawiki/extensions/Nuke/includes/SpecialNuke.php(97): MediaWiki\Extension\Nuke\SpecialNuke->listForm()
#13 /var/www/wiki/mediawiki/core/includes/specialpage/SpecialPage.php(700): MediaWiki\Extension\Nuke\SpecialNuke->execute()
#14 /var/www/wiki/mediawiki/core/includes/specialpage/SpecialPageFactory.php(1451): SpecialPage->run()
#15 /var/www/wiki/mediawiki/core/includes/MediaWiki.php(316): MediaWiki\SpecialPage\SpecialPageFactory->executePath()
#16 /var/www/wiki/mediawiki/core/includes/MediaWiki.php(904): MediaWiki->performRequest()
#17 /var/www/wiki/mediawiki/core/includes/MediaWiki.php(562): MediaWiki->main()
#18 /var/www/wiki/mediawiki/core/index.php(50): MediaWiki->run()
#19 /var/www/wiki/mediawiki/core/index.php(46): wfIndexMain()
#20 {main}

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
kostajh added subscribers: Tgr, kostajh.

Moving to main team board, unless this is something you think we need to deal with urgently @Tgr.

The stack trace suggests this breaks Special:Nuke functionality, probably meaning if a vandal makes any Flow edit, Nuke cannot be used to automatically revert their edits, so this is a low-level vulnerability IMO and should be fixed within a reasonable amount of time. And it's probably an easy fix, we just need to add a bunch of fields to the GROUP BY.

kostajh moved this task from Needs Discussion to Triaged on the Growth-Team board.
kostajh added a subscriber: DMburugu.

The stack trace suggests this breaks Special:Nuke functionality, probably meaning if a vandal makes any Flow edit, Nuke cannot be used to automatically revert their edits, so this is a low-level vulnerability IMO and should be fixed within a reasonable amount of time. And it's probably an easy fix, we just need to add a bunch of fields to the GROUP BY.

Adding to our Growth maintenance epic, and @DMburugu could help decide when we want to work on this.

I just installed Flow locally and tested this for an account with both Flow edits and page creations. The flow 'page creations' do not display in the list, but no error is generated and other pages can be deleted as expected.

Declining per above. Please feel free to re-open if this is still an issue.