Page MenuHomePhabricator

Edits attributed to
Closed, DeclinedPublic


On my MW 1.30 wiki, which is public but doesn't allow anonymous contributions nor uninvited registration, we noticed an edit attributed to the local IP address The article in which the change took place was newly created, and the style of the change and the summary suggest they were done by the same user who created the article and was working on it in successive edits.

Upon inspecting the contributions of I noticed that al of them were automatic tasks; vocabulary imports and automatic page creations by [[mw:Extension:AutoCreatePage]]

Is it possible that an edit by a user be attributed to under any circumstances?

Event Timeline

It certainly happens due to other bugs

Does the extension have a setting to tell it to use a user?

You might be better discussing this over at as it's likely it's a bug with the extension itself as it doesn't seem to do anything to actually determine which user to make the edits as, but is done by the trigger of a parserfunction...

Its fairly common bug when things do stuff via the job queue or cli, without using RequestContext::importScopedSession()

The incident was not particular to that extension.
It happened with several regular edits by several reasons.
I don't know if this is related to the fact the editors sessions have been expiring so rapidly and frequently.
But thanks for the explanation.

This is not a security issue per-se. Making this bug public and moving out of Security

Bawolff renamed this task from Edit attributed to to Edits made by extension AutoCreatePage attributed to 9 2018, 9:20 PM
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".
Bawolff removed a project: acl*security.

The actions attributed to were not only the result of extension AutoCreatepage's work.
Some of them were human edits that took place at around the same time. See the log

ahmad renamed this task from Edits made by extension AutoCreatePage attributed to to Edits attributed to 9 2018, 10:52 PM

Can you give steps to reliably reproduce human editors being attributed to the wrong user? Its unlikely we would be able to fix it unless we can reliably reproduce the issue.

I see your point of course.
Unfortunately I cannot reproduce this now as it seems to me more complex than what I can do at this time. I will keep monitoring for this behaviour, and add to this ticket later on. Reopening it, if necessary.

Unfortunately closing this report as no further information has been provided.

@ahmad: After you have provided the information asked for and if this still happens, please set the status of this report back to "Open" via the Add Action...Change Status dropdown. Thanks!