Last modified: 2009-02-28 19:18:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T14217, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 12217 - "/dmirror/http/en.wikipedia.org/w/" added to article text


Summary:	"/dmirror/http/en.wikipedia.org/w/" added to article text

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	General/Unknown (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Normal enhancement (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-12-06 03:59 UTC by Cacycle
Modified:	2009-02-28 19:18 UTC (History)
CC List:	4 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Cacycle 2007-12-06 03:59:16 UTC

The article text

"| location"

has been changed to

"| location = /dmirror/http/en.wikipedia.org/w/"

for several anonymous edits.

Here are example diffs:

http://en.wikipedia.org/w/index.php?title=Laver_%28seaweed%29&diff=prev&oldid=168033887
http://en.wikipedia.org/w/index.php?title=Food_safety&diff=prev&oldid=175864761
http://en.wikipedia.org/w/index.php?title=Insect_repellent&diff=176082104&oldid=173443750 (multiple edits)

Comment 1 Jesse (Pathoschild) 2007-12-06 04:04:47 UTC

This appears to be a poorly coded web proxy, not a problem with MediaWiki. Please report it at [[Wikipedia:WikiProject_on_open_proxies]].

Comment 2 Cacycle 2007-12-06 04:11:13 UTC

Done: http://en.wikipedia.org/wiki/Wikipedia_talk:WikiProject_on_open_proxies#Proxy_breaking_articles.3F

Comment 3 Ilmari Karonen 2007-12-10 23:08:35 UTC

It _is_ a MediaWiki issue insofar as we _could_ be blocking such edits, but aren't. We used to have a problem with "backslashing proxies" that incorrectly passed any submitted data through the PHP addslashes() function, leading to "Joe's" first becoming "Joe\'s", then, if edited again, "Joe\\\'s", etc. However, I fixed that one with a simple hack: the edit token, which the browser must return correctly for the edit to be accepted, now contains a backslash.

In principle, we could eliminate (almost) all such errors by including the article text twice in the edit form, once normally and once in a hidden field, and checking that the version in the hidden field gets returned intact. Of course, this would double the amount of data that would need to be transmitted in each direction, which could be an issue for large pages. (It might also break some existing bots if the new hidden field was mandatory, but we could avoid that by leaving it optional.) Also, one case which it wouldn't fix would be when the mangled text was entirely original, such as when starting a new page or section (with "section=new"). I can think of ways to work around that latter issue using JavaScript (URL-encode or base64-encode the text and submit it for comparison), but that's yet another layer of complexity...

One benefit from such a general fix would be that we'd also catch broken user agents that mangle Unicode characters. Come to think of it, I might consider adding one or two Unicode characters to the edit token just for this. However, adding "location=test" to the edit token feels somehow excessive...

Comment 4 Niklas Laxström 2009-02-28 19:18:48 UTC

There should be other methods to catch these by now.

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links