Steps to reproduce:
- Using Chromium 74,
- Make sure you are not logged in on English Wikipedia
- Go to https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&action=analyzepage (note the action parameter)
- Click "Login to get started." which is a link to https://tools.wmflabs.org/iabot/oauthcallback.php?action=login&returnto=https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&fullauth=1
Expected outcome:
Proper URL encoding of URL parameters. Being able to log in.
Actual outcome:
Two action parameters in the URL https://tools.wmflabs.org/iabot/oauthcallback.php?action=login&returnto=https://tools.wmflabs.org/iabot/index.php?page=runbotsingle&action=analyzepage&fullauth=1 ;
Logged on: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:77:boolean false Login Blocked: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:81:boolean false Is bot: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:83:boolean false User groups: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:85:boolean false User name: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:87:boolean false CSRF Session Token: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:89:boolean false OAuth Errors encountered: /mnt/nfs/labstore-secondary-tools-project/iabot/public_html/oauthcallback.php:91:boolean false