Context Navigation

← Previous Ticket
Next Ticket →

Ticket #826 (closed defect: fixed)

Opened 4 years ago

Last modified 15 months ago

Enforcing max. length of edit note

Reported by:	toringe	Owned by:	DotMG
Priority:	normal	Milestone:	1.3.1
Component:	handlers	Version:	1.1.6.5
Severity:	minor	Keywords:	note, trunk-ported
Cc:

Description (last modified by DarTar) (diff)

Before 1.1.6.6 the maximum length of a page edit summary was not enforced in the form using maxlength. This did not cause major issues because the field was correctly truncated when storing a revision in the database.

The original reporter of this ticket experienced a major problem with edit notes. However, this does not appear to be a Wikka bug but a version-specific MySQL issue. See this discussion for further information and suggested workaround: http://bugs.mysql.com/bug.php?id=18908. [1268] should help avoid issues of this kind.

The two input fields for notes in the edit.php file have a "size" attribute, but that doesn't prevent the user from typing more than 50 chars into the fields. (As defined by MAX_EDIT_NOTE_LENGTH)

If the user types a bit more than 50 chars in the note, then this results in: Query failed: SQL statement (Data too long for column 'note' at row 1)

This bug is worse than it seems: The page is also completely removed and most of the history is gone. This can be avoided by clicking on the back button in your browser and click on "store" again. Without a note, or a shorter note of course.

If you're using the wiki as a public wiki, then this can be abused by people who wants to wreck it, as the history is gone.

I've added an easy workaround to my own wiki: After the type="text" I've added maxlength="'.MAX_EDIT_NOTE_LENGTH.'" on both the input fields for notes. But I don't know if that takes care of the entire problem.

Preview:

if ($this->config['require_edit_note'] != 2) //check if edit_notes are enabled
		{
			$preview_buttons .= '<input size="'.MAX_EDIT_NOTE_LENGTH.'" type="text" maxlength="'.MAX_EDIT_NOTE_LENGTH.'" name="note" value="'.$this->hsc_secure($note).'" '.$highlight_note.'/>'.LABEL_EDIT_NOTE.'<br />'."\n";
		}

Store:

if ($this->config['require_edit_note'] != 2) //check if edit_notes are enabled
		{
			$output .= '<input size="'.MAX_EDIT_NOTE_LENGTH.'" type="text" maxlength="'.MAX_EDIT_NOTE_LENGTH.'" name="note" value="'.$this->hsc_secure($note).'" '.$highlight_note.'/> '.LABEL_EDIT_NOTE.'<br />'."\n";
		}

Change History

Changed 3 years ago by toringe

We are testing now as we speak. The server administrator is trying to alter the MySQL configuration and test without the maxlenght property. So far it still crashing. Just had to test if it's the case for brand new pages too, and yes it is:

Query failed: insert into missions_pages set tag = 'TestPage', time = now(), owner = 'TorInge', user = 'TorInge', note = '1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890', latest = 'Y', body = 'Testpage' (Data too long for column 'note' at row 1)

Changed 3 years ago by DarTar

I just tested your query in MySQL on an unmodified Wikka table, everything works as expected (row stored with truncated string). Can you try to do the same (run a direct query in the DB) and report the result? Thanks.

mysql> \u wikka
Database changed
mysql> insert into 1165test_pages set tag = 'TestPage', time = now(), owner = 'TorInge', user = 'TorInge', note = '1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890 1234567890', latest = 'Y', body = 'Testpage';
Query OK, 1 row affected, 1 warning (0.00 sec)

mysql> SHOW WARNINGS;
+---------+------+-------------------------------------------+
| Level   | Code | Message                                   |
+---------+------+-------------------------------------------+
| Warning | 1265 | Data truncated for column 'note' at row 1 | 
+---------+------+-------------------------------------------+
1 row in set (0.00 sec)

Note: See TracTickets for help on using tickets.

Download in other formats:

Context Navigation

Ticket #826 (closed defect: fixed)

Enforcing max. length of edit note

Description (last modified by DarTar) (diff)

Change History

Changed 4 years ago by BrianKoontz

Changed 4 years ago by TormodHaugen

Changed 4 years ago by toringe

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by DarTar

Changed 3 years ago by DarTar

Changed 3 years ago by DarTar

Changed 3 years ago by toringe

Changed 3 years ago by DarTar

Changed 3 years ago by DarTar

Changed 3 years ago by toringe

Changed 3 years ago by DarTar

Changed 3 years ago by DarTar

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 3 years ago by BrianKoontz

Changed 2 years ago by DotMG

Changed 2 years ago by DotMG

Changed 2 years ago by DotMG

Changed 2 years ago by DotMG

Changed 2 years ago by BrianKoontz

Changed 2 years ago by BrianKoontz

Changed 15 months ago by BrianKoontz

Download in other formats: