Page MenuHomePhabricator

Codex Special:Block: Exception caught: Wikimedia\Timestamp\ConvertibleTimestamp::setTimestamp: Invalid timestamp - 3155695453340502749”
Closed, ResolvedPublicBUG REPORT

Description

What is the problem?

If in the expiry input you enter a very large number you can get an exception like:

[Z45wZNLYBY1ztyb62UuKdwAAABA] Exception caught: Wikimedia\Timestamp\ConvertibleTimestamp::setTimestamp: Invalid timestamp - 360253372459734

It happens if you enter 999999999999999 hours as a custom duration. If you enter a larger number, like 9999999999999999999999999 you instead see the error Expiry time invalid.

This bug also effects OOUI Special:Block.

Steps to reproduce problem
  1. Special:Block
  2. Enter a target, click Add block or Edit
  3. In the expiration input, select the Custom duration radio
  4. In the numeric input, enter 999999999999999
  5. Submit

Expected behaviour: Either it submits correctly or you get an error of the form Expiry time invalid.
Observed behaviour: The above exception.

Environment

Operating system:
Browser:
Wiki(s):
Editor:

Screenshots

Derived Requirement

Ensure that the Special:Block page handles extremely large numeric inputs in the "Custom duration" field gracefully, either by rejecting them with a user-friendly error message (e.g., "Expiry time invalid") or by processing them correctly without throwing an exception.

Test Steps

Test Case 1: Handle Extremely Large Numeric Input in Custom Duration Field

  1. Navigate to the Special:Block page.
  2. Enter a target username in the "Block this user" field.
  3. Click "Add block" or "Edit."
  4. Select the "Custom duration" radio button.
  5. In the numeric input field, enter 999999999999999.
  6. Submit the form.
  7. AC1: Verify that the system either processes the input correctly or displays a user-friendly error message (e.g., "Expiry time invalid") without throwing an exception.

Test Case 2: Handle Extremely Large Invalid Numeric Input in Custom Duration Field

  1. Navigate to the Special:Block page.
  2. Enter a target username in the "Block this user" field.
  3. Click "Add block" or "Edit."
  4. Select the "Custom duration" radio button.
  5. In the numeric input field, enter 9999999999999999999999999.
  6. Submit the form.
  7. AC2: Verify that the system displays a user-friendly error message (e.g., "Expiry time invalid") without throwing an exception.

QA Results - Test Wiki

ACStatusDetails
1T384241#10521887
2T384241#10521887

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

If you enter a larger number, like 9999999999999999999999999 you instead see the error Expiry time invalid.

This is correct isn't it, and it's what we want for other invalid inputs?

Seems similar to T382338

I think it's not quite the same: there seems to be two things happening:

  • one when the resulting timestamp is valid but its MW_TS representation exceeds 14 characters (e.g. 99999 years is currently 1020240121044857 or 102024-01-21 04:48:57 more readably). This gets a TimestampException "The timestamp cannot be represented in the specified format"; and
  • the other when the timestamp doesn't match the TS_UNIX format because it's greater than 13 characters (e.g. 9999999999 years is currently 315569521705812630). This gets a TimestampException "Invalid timestamp".

In neither case should the API be returning an exception though! We should instead be returning a nicer "invalidtimestamp" error code.

Another one-line fix could be to add a max value to the input field — how often will someone want to block for more than e.g. 9999 hours/days/years?

{F58234883}

Change #1112869 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/core@master] SpecialBlock: Limit 'custom duration' of expiry to 1000 time units

https://gerrit.wikimedia.org/r/1112869

Change #1113247 had a related patch set uploaded (by Tim Starling; author: Tim Starling):

[mediawiki/core@master] ParamValidator: reject expiry dates that don't fit in 14 chars

https://gerrit.wikimedia.org/r/1113247

Change #1113249 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/core@master] API: Use ExpiryDef for action=block expiry parameter

https://gerrit.wikimedia.org/r/1113249

Change #1113247 merged by jenkins-bot:

[mediawiki/core@master] ParamValidator: reject expiry dates that don't fit in 14 chars

https://gerrit.wikimedia.org/r/1113247

Change #1112869 abandoned by Samwilson:

[mediawiki/core@master] SpecialBlock: Limit 'custom duration' of expiry to 1000 time units

https://gerrit.wikimedia.org/r/1112869

Change #1113249 merged by jenkins-bot:

[mediawiki/core@master] API: Use ExpiryDef for action=block expiry parameter

https://gerrit.wikimedia.org/r/1113249

@Samwilson Verified that the system either processes the input correctly or displays a user-friendly error message (e.g., Invalid value "# hours" for expiry parameter "expiry".) without throwing an exception. The highest excepted character is 999999999 (9 characters) minutes. You will get an invalid value warning if you change to any other unit of time. Also, for anything else over 10 characters, you will get a warning. Both can be seen in AC1. When entering a large character amount, as seen in AC2, it says the same thing but "1e+25" for the actual number. I will move this to Done once validated with the team. Thanks for all your work!

Test Result -Test Wiki

Status: ✅ PASS
Environment: Test Wiki
OS: macOS Sequoia 15.2
Browser: Chrome 132
Device: MBA
Emulated Device: NA

Test Artifact(s):
https://test.wikipedia.beta.wmflabs.org/wiki/Special:Block/Betatesterone

Test Steps

Test Case 1: Handle Extremely Large Numeric Input in Custom Duration Field

  1. Navigate to the Special:Block page.
  2. Enter a target username in the "Block this user" field.
  3. Click "Add block" or "Edit."
  4. Select the "Custom duration" radio button.
  5. In the numeric input field, enter 9999999999.
  6. Submit the form.
  7. AC1: Verify that the system either processes the input correctly or displays a user-friendly error message (e.g., Invalid value "# hours" for expiry parameter "expiry".) without throwing an exception.

2025-02-04_08-31-48.mp4.gif (848×1 px, 876 KB)

Test Case 2: Handle Extremely Large Invalid Numeric Input in Custom Duration Field

  1. Navigate to the Special:Block page.
  2. Enter a target username in the "Block this user" field.
  3. Click "Add block" or "Edit."
  4. Select the "Custom duration" radio button.
  5. In the numeric input field, enter 9999999999999999999999999.
  6. Submit the form.
  7. AC2: Verify that the system displays a user-friendly error message (e.g., "Invalid value "# hours" for expiry parameter "expiry".") without throwing an exception.

2025-02-04_08-35-52.mp4.gif (846×1 px, 2 MB)

GMikesell-WMF updated Other Assignee, removed: GMikesell-WMF.