Page MenuHomePhabricator
Create Task
Maniphest T322781

Using Skin objects in PreferencesGetLayout is unsafe when the hook runs in the resource loader
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):
From @Krinkle's review of our change that added the hook runner to the loader https://gerrit.wikimedia.org/r/c/mediawiki/core/+/851178/8#message-180f0802cf4776f04f6cc1551ba8d44e0f51b9e2

Add the following three lines to your LocalSettings.php file:

 $wgHooks['PreferencesGetLayout'][] = function ( &$useMobileLayout, $skin ) {
	$skin->isResponsive();
 };

What happens?:

fatal error.

BadMethodCallException: Sessions are disabled for load entry point
Backtrace:
#3 /w/includes/user/User.php(438): User->loadFromSession()
…
#10 /w/includes/skins/Skin.php(300): UserOptionsLookup->getBoolOption()
#12 /w/LocalSettings.php(29): SkinVector->isResponsive()
…
#16 /w/resources/Resources.php(2302): HookRunner->onPreferencesGetLayout()
…
#30 /w/load.php(39): wfLoadMain()

What should have happened instead?:
mediawiki running without going kablooey

Solutions (notes here focus on loader code):
Our callback in the loader currently does this:

$skinName = $context->getSkin();
$skinFactory = MediaWikiServices::getInstance()->getSkinFactory();
$skin = $skinFactory->makeSkin( $skinName );
Hooks::runner()->onPreferencesGetLayout( $useMobileLayout, $skin );

@Krinkle's suggestion:

I suggest changing the (new) PreferencesGetLayout hook to pass a string instead. It hasn't made it into a stable release yet so this should be easy to do still and ensures callers can never call into unsafe methods in the future which would be a train blocker waiting to happen as it may work in testing under certain conditions.

Mod tools initial idea:
We could pass an array containing the skin name (required) and then optionally Skin->isResponsive() and Skin->getOptions() as available. @Scardenasmolinar and I talked about this and were thinking of something like the following in the loader:

Hooks::runner()->onPreferencesGetLayout(
	$useMobileLayout, 
	[
	'name' => $context->getSkin(),
  	'responsive' => null,
  	'options' => null,
	]
);

or

Hooks::runner()->onPreferencesGetLayout(
	$useMobileLayout, 
	[ 'name' => $context->getSkin() ]
);

Having looked through the existing art, I also see that plenty of hooks have optional parameters that can have null passed in, eg.
@param string|null
I think the best practice would be for us to take this flat approach and simply pass in null values when the hook gets run in the loader. eg.

Hooks::runner()->onPreferencesGetLayout(
	$useMobileLayout,
	$context->getSkin(),
	null,
	null
);

Details

SubjectRepoBranchLines +/-
HookRunner - Change PreferencesGetLayoutHook paramsmediawiki/skins/MinervaNeuemaster+5 -3
Customize query in gerrit

Event Timeline

jsn.sherman created this task.Nov 9 2022, 7:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 9 2022, 7:16 PM
jsn.sherman assigned this task to Scardenasmolinar.Nov 9 2022, 7:17 PM
Scardenasmolinar moved this task from Ready to In Progress on the Moderator-Tools-Team (Kanban) board.Nov 14 2022, 6:44 PM
gerritbot added a comment.Nov 15 2022, 10:56 PM

Change 857084 had a related patch set uploaded (by Scardenasmolinar; author: Scardenasmolinar):

[mediawiki/core@master] HookRunner - Change PreferencesGetLayoutHook params

https://gerrit.wikimedia.org/r/857084

gerritbot added a project: Patch-For-Review.Nov 15 2022, 10:56 PM

Change 857085 had a related patch set uploaded (by Scardenasmolinar; author: Scardenasmolinar):

[mediawiki/skins/MinervaNeue@master] HookRunner - Change PreferencesGetLayoutHook params

https://gerrit.wikimedia.org/r/857085

Scardenasmolinar moved this task from In Progress to Code review on the Moderator-Tools-Team (Kanban) board.Nov 16 2022, 6:15 PM
jsn.sherman moved this task from Code review to Reviewed (waiting for changes) on the Moderator-Tools-Team (Kanban) board.Nov 16 2022, 6:56 PM
Scardenasmolinar moved this task from Reviewed (waiting for changes) to Code review on the Moderator-Tools-Team (Kanban) board.Nov 17 2022, 2:39 AM
PatchDemoBot added a comment.Nov 21 2022, 12:59 PM

Test wiki created on Patch demo by JSherman (WMF) using patch(es) linked to this task:
https://patchdemo.wmflabs.org/wikis/052cd8359d/w

gerritbot added a comment.Nov 21 2022, 1:17 PM

Change 857085 merged by jenkins-bot:

[mediawiki/skins/MinervaNeue@master] HookRunner - Change PreferencesGetLayoutHook params

https://gerrit.wikimedia.org/r/857085

jsn.sherman added a comment.Nov 21 2022, 1:23 PM

@Scardenasmolinar this isn't exactly waiting for changes, but the core patch is waiting for comment.

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.12; 2022-11-28).Nov 21 2022, 2:01 PM
jsn.sherman moved this task from Code review to Reviewed (waiting for changes) on the Moderator-Tools-Team (Kanban) board.Nov 21 2022, 7:02 PM
jsn.sherman moved this task from Reviewed (waiting for changes) to Done on the Moderator-Tools-Team (Kanban) board.Nov 22 2022, 1:12 AM
Scardenasmolinar added a comment.Nov 22 2022, 2:32 AM

I have also updated the MediaWiki documentation to reflect the changes made by these patches.

Samwalton9-WMF closed this task as Resolved.Dec 6 2022, 3:07 PM
PatchDemoBot added a comment.Jun 30 2023, 2:03 PM

Test wiki on Patch demo by JSherman (WMF) using patch(es) linked to this task was deleted:

https://patchdemo.wmflabs.org/wikis/052cd8359d/w/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL