Page MenuHomePhabricator
Create Task
Maniphest T132852

Hash character and trailing characters are ignored in username in users API
Closed, ResolvedPublic
Actions

Description

Usernames containing a hash (#) are cut off before the hash by the users API.

Test: https://www.mediawiki.org/wiki/Special:ApiSandbox#action=query&format=json&list=users&ususers=Rand%23om

As a result, typing such names in the username field on the signup page will not result in any immediate warning; the user will only see an error on submit.

Details

SubjectRepoBranchLines +/-
Reject usernames with # as user-type API parametersmediawiki/coremaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Tgr created this task.Apr 16 2016, 4:55 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 16 2016, 4:55 PM
Tgr added a comment.Apr 16 2016, 5:39 PM

The API uses Title::makeTitleSafe for parameter sanitization. Usernames starting with a valid namespace name or interwiki prefix result in a similar error. Account creation actually succeeds for such names, but the prefix gets stripped (that's T94656).

gerritbot subscribed.Apr 16 2016, 5:49 PM

Change 283777 had a related patch set uploaded (by Gergő Tisza):
Reject usernames with # as user-type API parameters

https://gerrit.wikimedia.org/r/283777

gerritbot added a project: Patch-For-Review.Apr 16 2016, 5:49 PM
Anomie moved this task from Unsorted to Needs Review on the MediaWiki-Action-API board.Apr 18 2016, 2:22 PM
gerritbot added a comment.Apr 18 2016, 3:17 PM

Change 283777 merged by jenkins-bot:
Reject usernames with # as user-type API parameters

https://gerrit.wikimedia.org/r/283777

Anomie closed this task as Resolved.Apr 18 2016, 3:23 PM
Anomie assigned this task to Tgr.
ReleaseTaggerBot added projects: MW-1.27-release (WMF-deploy-2016-04-26_(1.27.0-wmf.22)), MW-1.27-release-notes.Apr 20 2016, 12:02 AM
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptApr 20 2016, 12:02 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits