r82102 MediaWiki - Code Review archive

Repository:MediaWiki
Revision:r82101‎ | r82102 | r82103 >
Date:03:10, 14 February 2011
Author:brion
Status:ok (Comments)
Tags:
Comment:
* (bug 26298) Throw warning instead of silently saving blank page when php-suhosin removes wpTextbox1 for being 'too long' or some such

To resolve this, edit your php.ini and raise the limits in suhosin.request.max_value_length and suhosin.post.max_value_length settings to more reasonable values.

As a helper for users hit by this, I've made a tweak on trunk in rXXXXX to check for the case of a missing wpTextbox1 field (which I can confirm when installing Suhosin and setting the suhosin.request.max_value_length absurdly low). This extends the previous behavior to check for incomplete form submissions by just checking if the edittime (a late field) is present; and also I added a message to show when it forces those previews.

So now when someone hits this sort of filter, it'll force a preview. Unfortunately that'll show a big empty box, but at least you'll know it's because something went wrong, and it won't save it silently...

Adds UI message 'edit_form_incomplete' with default English value. It's fairly generic as we can't know whether the field was filtered for length, content, or what.
Modified paths:
  • /trunk/phase3/includes/EditPage.php (modified) (history)
  • /trunk/phase3/languages/messages/MessagesEn.php (modified) (history)

Diff [purge]

Index: trunk/phase3/includes/EditPage.php
@@ -57,6 +57,7 @@
5858 var $mTokenOk = false;
5959 var $mTokenOkExceptSuffix = false;
6060 var $mTriedSave = false;
 61+ var $incompleteForm = false;
6162 var $tooBig = false;
6263 var $kblength = false;
6364 var $missingComment = false;
@@ -599,7 +600,17 @@
600601
601602 $this->scrolltop = $request->getIntOrNull( 'wpScrolltop' );
602603
603 - if ( is_null( $this->edittime ) ) {
 604+ if ($this->textbox1 === '' && $request->getVal( 'wpTextbox1' ) === null) {
 605+ // wpTextbox1 field is missing, possibly due to being "too big"
 606+ // according to some filter rules such as Suhosin's setting for
 607+ // suhosin.request.max_value_length (d'oh)
 608+ $this->incompleteForm = true;
 609+ } else {
 610+ // edittime should be one of our last fields; if it's missing,
 611+ // the submission probably broke somewhere in the middle.
 612+ $this->incompleteForm = is_null( $this->edittime );
 613+ }
 614+ if ( $this->incompleteForm ) {
604615 # If the form is incomplete, force to preview.
605616 wfDebug( __METHOD__ . ": Form data appears to be incomplete\n" );
606617 wfDebug( "POST DATA: " . var_export( $_POST, true ) . "\n" );
@@ -1921,6 +1932,8 @@
19221933 } else {
19231934 $note = wfMsg( 'session_fail_preview' );
19241935 }
 1936+ } else if ( $this->incompleteForm ) {
 1937+ $note = wfMsg( 'edit_form_incomplete' );
19251938 } else {
19261939 $note = wfMsg( 'previewnote' );
19271940 }
Index: trunk/phase3/languages/messages/MessagesEn.php
@@ -1341,6 +1341,7 @@
13421342 'token_suffix_mismatch' => "'''Your edit has been rejected because your client mangled the punctuation characters in the edit token.'''
13431343 The edit has been rejected to prevent corruption of the page text.
13441344 This sometimes happens when you are using a buggy web-based anonymous proxy service.",
 1345+'edit_form_incomplete' => "'''Some parts of the edit form did not reach the server; double-check that your edits are intact and try again.'''",
13451346 'editing' => 'Editing $1',
13461347 'editingsection' => 'Editing $1 (section)',
13471348 'editingcomment' => 'Editing $1 (new section)',

Sign-offs

UserFlagDate
Hasharinspected20:44, 25 March 2011
Hashartested20:44, 25 March 2011

Follow-up revisions

RevisionCommit summaryAuthorDate
r82105Follow-up r82102 for maintenance fileraymond07:43, 14 February 2011

Comments

#Comment by 😂 (talk | contribs)   20:51, 7 June 2011

rXXXXX? :) Otherwise ok.

#Comment by Brion VIBBER (talk | contribs)   22:29, 7 June 2011

That's what I get for copy-pasting the same text in the commit summary and the bug. ;)

Status & tagging log