Page MenuHomePhabricator
Create Task
Maniphest T217774

Structured Discussions exposes user’s IP address if logged out in other browser window/tab
Open, Needs TriagePublic
Actions

Description

If I send a Structured Discussions comment and my session became invalid in the meantime, e. g. because I logged out in another browser window or tab, then the edit will be made under my IP address, with no warning whatsoever that it would be permanently recorded in the page history. The Flow extension should use assert=user with its API calls to avoid this. (See T124451 for a similar issue in Wikibase/Wikidata.)

Related Objects

Event Timeline

Restricted Application added a project: Growth-Team. · View Herald TranscriptMar 6 2019, 2:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Lucas_Werkmeister_WMDE added a comment.Mar 6 2019, 3:00 PM

Example topic: https://www.mediawiki.org/wiki/Topic:Uvemb1qb2aqcig8k – in this case it’s okay that the IP got exposed, it’s just the WMDE office, but still

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL