Page MenuHomePhabricator

Validate Special:Investigate targets in CompareService
Open, LowPublic

Description

CompareService::buildUserPredicate assumes that any string that is not a valid IP address or range is a username, and adds it into the query.

Since T245499, a per-target limit is applied, so if any of the targets is an invalid or non-existent user name, the limits for the valid targets will decrease.

This should not usually be a problem, because invalid and non-existent user names will have been filtered out by the UsersMultiselectWidget. However, if the widget is ever bypassed, the CompareSerice should filter out invalid and non-existent user names before building the query.

Event Timeline

However, if the widget is ever bypassed.

@Tchanders Under what circumstances can that widget be bypassed?

@Niharika It shouldn't be bypassed in practice. This should only be a problem e.g. if we add an API, or call it directly in a test.

@Niharika It shouldn't be bypassed in practice. This should only be a problem e.g. if we add an API, or call it directly in a test.

Got it! Thanks. That helps me prioritize this.