Page MenuHomePhabricator
Create Task
Maniphest T105626

AntiSpoof extension gives incorrect results when a requested username contains some special characters
Closed, ResolvedPublic
Actions

Description

Sometimes when a requested username contains some special characters (?) the AntiSpoof extension gives a nonsense result.

I've seen this happened at least few times.
And for the record, the requested username had nothing similar with the "username" mentioned by the extension below.

The chosen username is similar to existing usernames: ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !!, ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !", ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !$, ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !%, ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !&

Sometimes Antispoof shows strange propositions which don't correspond to the wanted username. Everytime it shows ! ! ! ! !-based propositions.

Example:
Jeffxxx is requesting a rename to 134235629345692348.
https://meta.wikimedia.org/wiki/Special:GlobalRenameQueue/request/34454
Links on The chosen username is similar to existing usernames (globalrenamequeue-request-antispoof-conflicts message): 1, 2, 3..

{F8679640}

Details

SubjectRepoBranchLines +/-
Do not lookup conflicts for non-legal user namesmediawiki/extensions/AntiSpoofmaster+7 -0
Customize query in gerrit

Related Objects

Event Timeline

Stryn created this task.Jul 12 2015, 12:28 PM
Stryn raised the priority of this task from to Needs Triage.
Stryn updated the task description. (Show Details)
Stryn added projects: AntiSpoof, GlobalRename.
Stryn subscribed.
Restricted Application added a project: MediaWiki-extensions-CentralAuth. · View Herald TranscriptJul 12 2015, 12:28 PM
Restricted Application added subscribers: Steinsplitter, Aklapper. · View Herald Transcript
Glaisher subscribed.Jul 12 2015, 12:35 PM

Could you provide with an example of such a username where this has occurred?

Stryn added a comment.Jul 12 2015, 12:51 PM
In T105626#1448073, @Glaisher wrote:

Could you provide with an example of such a username where this has occurred?

Currently open request https://meta.wikimedia.org/wiki/Special:GlobalRenameQueue/request/16067
Requested username: ー¥----

Stryn added a comment.Jul 12 2015, 1:01 PM

Ok, I did some testing, and it seems that you get this nonsense string when the requested username is something like "- - - -" or ". . . ."

Stryn added a comment.Jul 12 2015, 8:03 PM

Applies also for random number series like 4643643743743.

Aklapper triaged this task as Low priority.Jul 16 2015, 2:03 PM
Glaisher added a comment.Jul 18 2015, 6:02 PM

Looks like mNormalized is null for this type of usernames in SpoofUser. So in the conflict checking query for usernames like this, it looks for rows where su_normalized is null. Since su_normalized is also null for non-legal usernames, it returns usernames that are not related. Perhaps we shouldn't show any conflicts for non-legal usernames at all?

Steinsplitter added a comment.Jul 24 2015, 12:26 PM

It is allowed to rename such accounts or not?

In both cases (yes or no) the warning needs a fix.

Glaisher added a comment.Jul 24 2015, 12:38 PM
In T105626#1478922, @Steinsplitter wrote:

It is allowed to rename such accounts or not?

I don't think it would be disallowed but I would advise against doing such renames because it would cause addition of more entries where AntiSpoof will not work properly.

Glaisher added a comment.Sep 28 2015, 12:35 PM

I think we should show another warning message when it's null discouraging to perform the rename. That is probably better than not showing the warning at all. Does that sound fine?

Stryn added a comment.Feb 27 2016, 2:39 PM

Still getting these nonsense "similar usernames".

Glaisher added a comment.Mar 1 2016, 3:41 PM

Can we agree on a proper solution so that this can be fixed?

MarcoAurelio moved this task from Backlog to GlobalRename on the MediaWiki-extensions-CentralAuth board.Dec 18 2016, 10:36 PM
Stryn merged a task: T170078: On GlobalRenameQueue, Antispoof shows strange propositions.Jul 9 2017, 3:25 PM
Stryn added a subscriber: Framawiki.
Framawiki updated the task description. (Show Details)Jul 9 2017, 3:32 PM

Up !

Framawiki updated the task description. (Show Details)Jul 9 2017, 3:34 PM
TerraCodes subscribed.Jul 17 2017, 1:25 AM
gerritbot added a comment.Sep 10 2023, 5:35 PM

Change 956085 had a related patch set uploaded (by Umherirrender; author: Umherirrender):

[mediawiki/extensions/AntiSpoof@master] Do not lookup conflicts for non-legal user names

https://gerrit.wikimedia.org/r/956085

Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptSep 10 2023, 5:35 PM
gerritbot added a project: Patch-For-Review.Sep 10 2023, 5:35 PM
Umherirrender claimed this task.Sep 10 2023, 5:35 PM
pmiazga moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.Sep 11 2023, 1:55 PM
gerritbot added a comment.Sep 12 2023, 12:17 AM

Change 956085 merged by jenkins-bot:

[mediawiki/extensions/AntiSpoof@master] Do not lookup conflicts for non-legal user names

https://gerrit.wikimedia.org/r/956085

matmarex closed this task as Resolved.Sep 12 2023, 12:20 AM
Maintenance_bot removed a project: Patch-For-Review.Sep 12 2023, 12:30 AM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.26; 2023-09-12).Sep 12 2023, 1:00 AM
matmarex subscribed.Sep 12 2023, 1:11 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL