Page MenuHomePhabricator
Create Task
Maniphest T270708

Use getAllowedParams to define the types of user allowed in ApiQueryGlobalUserInfo guiuser param
Closed, ResolvedPublic
Actions

Description

ApiQueryGlobalUserInfo::execute returns an error if the guiuser param is an IP address or range:

$username = User::getCanonicalName( $params['user'] );
if ( $username === false ) {
	$this->dieWithError( [ 'apierror-invaliduser', wfEscapeWikiText( $params['user'] ) ] );
}

...since User::getCanonicalName called this way returns false if passed an IP address.

This is not enforced via getAllowedParams, meaning that the normal invalid param error is not encountered, and the documentation incorrectly states that and IP address or CIDR is valid.

Details

SubjectRepoBranchLines +/-
ApiQueryGlobalUserInfo: Specify allowed types for the user parammediawiki/extensions/CentralAuthmaster+6 -0
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Dec 22 2020, 3:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 22 2020, 3:16 PM
gerritbot added a comment.Dec 22 2020, 3:23 PM

Change 651541 had a related patch set uploaded (by Tchanders; owner: Tchanders):
[mediawiki/extensions/CentralAuth@master] ApiQueryGlobalUserInfo: Specify allowed types for the user param

https://gerrit.wikimedia.org/r/651541

gerritbot added a project: Patch-For-Review.Dec 22 2020, 3:23 PM
Reedy renamed this task from User getAllowedParams to define the types of user allowed in ApiQueryGlobalUserInfo guiuser param to Use getAllowedParams to define the types of user allowed in ApiQueryGlobalUserInfo guiuser param.Dec 22 2020, 3:35 PM
Tchanders updated the task description. (Show Details)Dec 22 2020, 4:43 PM
Tchanders mentioned this in T270338: Technical investigation into adding on-wiki info to IPInfo [8H].Dec 22 2020, 6:49 PM
Reedy updated the task description. (Show Details)Dec 23 2020, 3:34 AM
Urbanecm closed this task as Resolved.Dec 28 2020, 11:52 AM
gerritbot added a comment.Dec 28 2020, 11:53 AM

Change 651541 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] ApiQueryGlobalUserInfo: Specify allowed types for the user param

https://gerrit.wikimedia.org/r/651541

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.25; 2021-01-05).Dec 28 2020, 12:00 PM
Maintenance_bot removed a project: Patch-For-Review.Dec 28 2020, 12:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL