Page MenuHomePhabricator

SetQualifier api module does not decode json data value properly
Closed, ResolvedPublic

Description

I get this exception stack trace as my error code when I put a prefixed id for property id in the set qualifier api module.

This needs proper error handling and such to catch this type of stuff. Bots should not be able to cause exceptions like this.

)'{"error":{"code":"internal_api_error_MWException","info":"Exception Caught: $numericId needs to be an integer","*":"\\n\\n#0 /var/www/common/wikibase-repo/extensions/Wikibase/DataModel/DataModel/Entity/EntityId.php(286): Wikibase\\\\EntityId->__construct(\'\\"\', \'\\"\')\\n#1 /var/www/common/wikibase-repo/extensions/DataValues/DataValues/includes/DataValueFactory.php(102): Wikibase\\\\EntityId::newFromArray(\'\\"mp8kSfmPw5m2\\"\')\\n#2 /var/www/common/wikibase-repo/extensions/Wikibase/DataModel/DataModel/Entity/Property.php(175): DataValues\\\\DataValueFactory->newDataValue(\'wikibase-entity...\', \'\\"mp8kSfmPw5m2\\"\')\\n#3 /var/www/common/wikibase-repo/extensions/Wikibase/DataModel/DataModel/Snak/PropertyValueSnak.php(151): Wikibase\\\\Property->newDataValue(\'\\"mp8kSfmPw5m2\\"\')\\n#4 /var/www/common/wikibase-repo/extensions/Wikibase/DataModel/DataModel/Snak/SnakFactory.php(53): Wikibase\\\\PropertyValueSnak::newFromPropertyValue(Object(Wikibase\\\\EntityId), \'\\"mp8kSfmPw5m2\\"\')\\n#5 /var/www/common/wikibase-repo/extensions/Wikibase/repo/includes/api/SetQualifier.php(262): Wikibase\\\\SnakFactory->newSnak(Object(Wikibase\\\\EntityId), \'value\', \'\\"mp8kSfmPw5m2\\"\')\\n#6 /var/www/common/wikibase-repo/extensions/Wikibase/repo/includes/api/SetQualifier.php(181): Wikibase\\\\Api\\\\SetQualifier->addQualifier(Object(Wikibase\\\\SnakList))\\n#7 /var/www/common/wikibase-repo/extensions/Wikibase/repo/includes/api/SetQualifier.php(162): Wikibase\\\\Api\\\\SetQualifier->updateQualifiers(Object(Wikibase\\\\SnakList))\\n#8 /var/www/common/wikibase-repo/extensions/Wikibase/repo/includes/api/SetQualifier.php(71): Wikibase\\\\Api\\\\SetQualifier->doSetQualifier(Object(Wikibase\\\\Item))\\n#9 /var/www/common/wikibase-repo/includes/api/ApiMain.php(840): Wikibase\\\\Api\\\\SetQualifier->execute()\\n#10 /var/www/common/wikibase-repo/includes/api/ApiMain.php(380): ApiMain->executeAction()\\n#11 /var/www/common/wikibase-repo/includes/api/ApiMain.php(351): ApiMain->executeActionWithErrorHandling()\\n#12 /var/www/common/wikibase-repo/api.php(73): ApiMain->execute()\\n#13 {main}\\n\\n"}}'


Version: master
Severity: normal

Details

Reference
bz48864

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 1:34 AM
bzimport set Reference to bz48864.
bzimport added a subscriber: Unknown Object (MLST).
aude created this task.May 27 2013, 3:42 PM
aude added a comment.May 27 2013, 4:01 PM

so, property does take a prefixed id per https://www.mediawiki.org/wiki/Extension:Wikibase/API#wbsetqualifier

I did something else wrong, gave it the wrong thing

array (

'action' => 'wbsetqualifier',
'claim' => 'q2$4554c0f4-47b2-1cd9-2db9-aa270064c9f3',
'property' => 'p2',
'value' => '"mp8kSfmPw5m2"',
'snaktype' => 'value',

)

p2 being a wikibase-item property, though I thought it was a string property on my test wiki.

aude added a comment.May 28 2013, 10:55 AM

After further investigation, the reason that I encountered this is because the data value handling in the addQualifier method of SetQualifier did not json decode my input. This is one issue.

Related to this, I think the api is also doing insufficient validation and error handling of the data values. The api user should *not* see an exception in the api error output. Any exceptions due to invalid value input should be caught and translated into a proper api error message and code.

Related URL: https://gerrit.wikimedia.org/r/65794 (Gerrit Change I6c5f02aec5d87b413f896412d1b8f26dcbb3e895)

https://gerrit.wikimedia.org/r/65794 (Gerrit Change I6c5f02aec5d87b413f896412d1b8f26dcbb3e895) | change APPROVED and MERGED [by Jeroen De Dauw]

Verified in Wikidata demo sprint 22-6