User "Catrope" posted a comment on MediaWiki.r92200. Full URL: https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Special:Code/MediaWiki/92200#c20802 Commit summary:
fixed a condition where re-uploading a file that's already stashed causes breakage. This mirrors the previous session-based behavior as closely as possible. Comment: The database logic is still vulnerable to race conditions: if a key is held by A but has expired, B and C can try to take it over at the same time. Both will be allowed to, both will execute a <code>REPLACE</code> query, and one will win. You can prevent this by using <code>FOR UPDATE</code> in your <code>SELECT</code>. My personal preference for ensuring such things atomically is an <code>INSERT IGNORE</code> followed by a conditional <code>UPDATE</code> which includes the user and age criteria in the <code>WHERE</code>, but it seems to me that <code>SELECT FOR UPDATE</code> will work fine here, and locking is not a concern here because you're only locking a single row, if that: in the vast majority of cases you'll select and lock zero rows. _______________________________________________ MediaWiki-CodeReview mailing list mediawiki-coderev...@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview