https://bugzilla.wikimedia.org/show_bug.cgi?id=22227
Summary: SpecialListfiles.php throws a fatal abort when a spooky file File: exisits (for one reason or another) Product: MediaWiki Version: 1.16-svn Platform: All OS/Version: All Status: NEW Severity: critical Priority: Normal Component: Special pages AssignedTo: wikibugs-l@lists.wikimedia.org ReportedBy: m...@tgries.de Summary: if for one reason or another a spooky entry exists in table "image" (file with a blank name), the sort function http://server/wiki/index.php?title=Special:ListFiles&sort=img_name&limit=500 throws a FATAL ERROR as explained. This should be fixed for security reasons. I noticed a buggy behaviour of $IP/includes/specials/SpecialListfiles.php -- only under certain circumstances which require code review: IF a spooky "file" exists in the database table "image" - in my case this was a consequence from a failed/aborted file upload in a very old REL_1.4 MediaWiki from 2005 ... THEN when clicking on the page header NAME on the file list on Special:Listfiles because I wanted to change the sort order I received a reproducible Fatal error: Call to a member function getURL() on a non-object in /.../includes/specials/SpecialListfiles.php on line 138 (MediaWiki 1.15.1) Fixed this by changing line 138 from $url = $image->getURL(); to if ($value !== 0 && $value != '') $url = $image->getURL(); and found the reason: a file in the table with an empty filename (not ok) and 0 Byte (not ok), upload date (ok.), uploader name (ok.) Summary: if for one reason or another a spooky entry exists in table "image" (file with a blank name), the sort function http://server/wiki/index.php?title=Special:ListFiles&sort=img_name&limit=500 throws a FATAL ERROR as explained. This should be fixed for security reasons. P.S. I deleted the spooky file by - manually changing the emtpy filename in the database to a dummy name dummy.jpg - over-uploading a second file dummy.jpg through the wiki - deleting the file through the wiki using action=delete I intentionally assigned 1.16-svn because reviewing the SVN I found that the bug might still be present. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l