Page MenuHomePhorge
Create Task
Maniphest T15699

Inaccessible task: "Matched token key "3Z" while processing remarkup block, but this token does not exist in the token map."
Open, Needs TriagePublic
Actions

Description

Upstreaming from https://phabricator.wikimedia.org/T353995 - small corner case, might get declined.

  1. Phorge at 2d997c3f107efe78707404e6e7787f9eb1df54f4, PHP 8.2.14
  2. Create task T1
  3. In MariaDB, UPDATE maniphest_task SET description = (UNHEX("606060642001335A2C606060")) WHERE id = 1; (note: 01 is not rendered by most browsers, see screenshot below)
  4. Go to task T1 in web browser

EXCEPTION: (Exception) Matched token key "3Z" while processing remarkup block, but this token does not exist in the token map.

[2023-12-24 07:19:48] EXCEPTION: (Exception) Matched token key "T1" while processing remarkup block, but this token does not exist in the token map. at [<phorge>/src/infrastructure/markup/PhutilRemarkupBlockStorage.php:116]
arcanist(head=master, ref.master=e46025f7a914), phorge(head=master, ref.master=2d997c3f107e)
  #0 <#2> PhutilRemarkupBlockStorage::restore(PhutilSafeHTML, integer) called at [<phorge>/src/infrastructure/markup/remarkup/PhutilRemarkupEngine.php:369]
  #1 <#2> PhutilRemarkupEngine::restoreText(PhutilSafeHTML) called at [<phorge>/src/infrastructure/markup/remarkup/PhutilRemarkupEngine.php:365]
  #2 <#2> PhutilRemarkupEngine::postprocessText(array) called at [<phorge>/src/infrastructure/markup/PhabricatorMarkupEngine.php:164]
  #3 <#2> PhabricatorMarkupEngine::execute() called at [<phorge>/src/infrastructure/markup/PhabricatorMarkupEngine.php:111]
  #4 <#2> PhabricatorMarkupEngine::process() called at [<phorge>/src/infrastructure/markup/PhabricatorMarkupEngine.php:75]
  #5 <#2> PhabricatorMarkupEngine::renderOneObject(PhabricatorMarkupOneOff, string, PhabricatorUser, ManiphestTask) called at [<phorge>/src/infrastructure/markup/view/PHUIRemarkupView.php:86]
  #6 <#2> PHUIRemarkupView::render() called at [<phorge>/src/view/AphrontView.php:222]
  #7 <#2> AphrontView::producePhutilSafeHTML() called at [<phorge>/src/infrastructure/markup/render.php:115]
  #8 <#2> phutil_escape_html(PHUIRemarkupView) called at [<phorge>/src/infrastructure/markup/render.php:97]
  #9 <#2> phutil_tag(string, array, PHUIRemarkupView) called at [<phorge>/src/applications/maniphest/controller/ManiphestTaskDetailController.php:417]
  #10 <#2> ManiphestTaskDetailController::buildDescriptionView(ManiphestTask) called at [<phorge>/src/applications/maniphest/controller/ManiphestTaskDetailController.php:69]
  #11 <#2> ManiphestTaskDetailController::handleRequest(AphrontRequest) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:284]
  #12 phlog(Exception) called at [<phorge>/src/aphront/handler/PhabricatorDefaultRequestExceptionHandler.php:41]
  #13 PhabricatorDefaultRequestExceptionHandler::handleRequestThrowable(AphrontRequest, Exception) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:751]
  #14 AphrontApplicationConfiguration::handleThrowable(Exception) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:296]
  #15 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phorge>/src/aphront/configuration/AphrontApplicationConfiguration.php:203]
  #16 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phorge>/webroot/index.php:35]

Ideally this was more robust. I do not know how this very data got into our downstream Phab/Phorge DB; it's not important data.

Also, in case Phorge mangles displaying interesting characters in this very task, here is a screenshot of me filing this very task:

Screenshot from 2023-12-24 08-23-39.png (845×1 px, 187 KB)

Event Timeline

aklapper created this task.Dec 24 2023, 07:26
Herald added subscribers: Cigaryno, Matthew, chris, tobiaswiese. · View Herald TranscriptDec 24 2023, 07:26
aklapper updated the task description. (Show Details)Dec 24 2023, 07:27
avivey subscribed.Dec 24 2023, 10:31

probably "low", but might be interesting to investigate.

I'm guessing that the remarkup rule identified something (\01T1) as a monogram, and internally both didn't find it (because it's not a real monogram) and didn't remove it from the list (because bug?), and then crashed.

I expect you could get the bad data into the system using conduit, in which case this could cause a strange (and weak?) DOS attack.

If you still have the original task, you might be able to get more info by querying transaction.search or maniphest.gettasktransactions - which won't run via the remarkup pipeline. At least you'll be able to find the offending user...

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0