Page MenuHomePhabricator

Hash character and trailing characters are ignored in username in users API
Closed, ResolvedPublic


Usernames containing a hash (#) are cut off before the hash by the users API.


As a result, typing such names in the username field on the signup page will not result in any immediate warning; the user will only see an error on submit.

Event Timeline

The API uses Title::makeTitleSafe for parameter sanitization. Usernames starting with a valid namespace name or interwiki prefix result in a similar error. Account creation actually succeeds for such names, but the prefix gets stripped (that's T94656).

Change 283777 had a related patch set uploaded (by Gergő Tisza):
Reject usernames with # as user-type API parameters

Change 283777 merged by jenkins-bot:
Reject usernames with # as user-type API parameters

Anomie assigned this task to Tgr.