Page MenuHomeMiraheze

Cargo: Error: unclosed string literal.
Closed, InvalidPublic

Description

In T6985#138392, @Lakelimbo informed us about an exception when visiting https://pokemundo.miraheze.org/wiki/Especial:CargoTables/Moves.

[f6d0183b5631733d162ccac7] /wiki/Especial:CargoTables/Moves   MWException from line 404 of /srv/mediawiki/w/extensions/Cargo/includes/CargoUtils.php: Error: unclosed string literal.
/srv/mediawiki/w/extensions/Cargo/includes/CargoSQLQuery.php:545, 
/srv/mediawiki/w/extensions/Cargo/includes/CargoSQLQuery.php:691, 
/srv/mediawiki/w/extensions/Cargo/includes/specials/CargoTables.php:185, 
/srv/mediawiki/w/includes/specialpage/SpecialPage.php:600, 
/srv/mediawiki/w/includes/specialpage/SpecialPageFactory.php:635, 
/srv/mediawiki/w/includes/MediaWiki.php:307, 
/srv/mediawiki/w/includes/MediaWiki.php:940, 
/srv/mediawiki/w/includes/MediaWiki.php:543, 
/srv/mediawiki/w/index.php:53, 
/srv/mediawiki/w/index.php:46

Event Timeline

Southparkfan triaged this task as Normal priority.Mar 19 2021, 20:34
Southparkfan created this task.

Exception is generated at https://github.com/wikimedia/mediawiki-extensions-Cargo/blob/a619875ea82539bfbf525b8813036876e5cf39b4/includes/CargoUtils.php#L408
$string is string(11) "King's_Rock"
King's_Rock is a column in the cargo__Moves table:

stdClass Object
(
    [Field] => King's_Rock
    [Type] => tinyint(1)
    [Null] => YES
    [Key] => MUL
    [Default] =>
    [Extra] =>
)
21:46:14 <+SPF|Cloud> renaming the column to Kings_Rock or similar will fix the issue
21:48:18 <+SPF|Cloud> and https://mariadb.com/kb/en/identifier-names/#quoted says that the single quote (should have called them 'quotes' instead of 'apostrophes', I guess) is a valid character in a column name
21:49:18 <+SPF|Cloud> the extension is at fault here ;)

Sounds Upstream.

Agreed. There are multiple issues here:

  • Unclosed literals (with a single quote) are not a problem in column names, the check is too strict here
  • If the bug above won't be fixed, then the extension lacks basic input validation upon creating a table
TheNino renamed this task from Cargo: Error: unclosed string literal. to Extension:ShortDescription.Mar 19 2021, 23:20
TheNino updated the task description. (Show Details)
Unknown Object (User) renamed this task from Extension:ShortDescription to Cargo: Error: unclosed string literal..Mar 19 2021, 23:54
Unknown Object (User) updated the task description. (Show Details)
Unknown Object (User) added a subscriber: TheNino.Mar 20 2021, 04:15

@TheNino: Please do not replace/repurpose other's tasks. Thank you!

Unknown Object (User) moved this task from Backlog to Short Term on the MediaWiki (SRE) board.Mar 21 2021, 19:49
Unknown Object (User) moved this task from Unsorted to Short Term on the Universal Omega board.
Unknown Object (User) added a comment.Mar 22 2021, 15:14

If no objections, I'll go ahead and report this upstream and close this task, as I don't think there is really much we can do in the matter.

Reception123 claimed this task.
Reception123 added a project: Upstream.

Upstream task created: https://phabricator.wikimedia.org/T278181.

Closing the task on our side as there's nothing we can do except wait for upstream to fix it.

Unknown Object (User) changed the task status from Resolved to Invalid.Mar 22 2021, 23:50

Upstream = invalid in the past