https://bugzilla.wikimedia.org/show_bug.cgi?id=48294
Web browser: ---
Bug ID: 48294
Summary: ApiUpload.php -- Async chunked upload fails when chunk
is of file size but file is stashed
Product: MediaWiki
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: API
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Classification: Unclassified
Mobile Platform: ---
Original title:
ApiUpload.php -- Async chunked upload fails when chunk is of file size but file
is stashed
Here is what I send to the server:
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="format"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
json
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="action"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
upload
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="filename"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
' onmouseover='alert("There is a security vulnerable. Please contact the next
admin if you see this in a message box.")' target='.png
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="stash"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="filesize"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
459
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="offset"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
0
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="async"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="ignorewarnings"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
1
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: attachment; name="chunk"; filename="'
onmouseover='alert(-There is a security vulnerable. Please contact the next
admin if you see this in a message box.-)' target='.png"
Content-Type: image/png
Content-Transfer-Encoding: binary
PNG
[...]
------------mediawiki.commons.MwJSBot0.5308303697218709
Content-Disposition: form-data; name="token"
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
removed+\
------------mediawiki.commons.MwJSBot0.5308303697218709--
Which gives the following result:
{"servedby":"mw1121","error":{"code":"stashfailed","info":"Chunk assembly
already in progress."}}
This is because of line 211 ff. in ApiUpload.php
which does
$this->dieUsage( "Chunk assembly already in progress.", 'stashfailed' );
At this time, the file is being added to the stash *but* the API user does not
get a filekey back! Without that key, publishing the upload or querying the
status is not possible.
I suggest either to refuse chunked uploads that only consist of one chunk or
returning the result (Poll) from line 214 if the chunk is of the size of the
whole file.
This way it will be possible to either publish the upload or it is clear that
one-chunk-chunked uploads are not wanted.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
