Improve support for non-alphanumeric characters in the interface for downloading User data
Closed, ResolvedPublic2 Estimated Story PointsBUG REPORT
Actions

Assigned To

Authored By

	dom_walden
	Feb 24 2021, 1:54 PM

Description

What is the problem?

If the user's username has certain characters, the Special:CentralAuth link does not always work correctly.

Examples:

Username Foo+="$%^*()-&'~. The " character appears to cause problems. The URL goes to https://meta.wikimedia.org/wiki/Special:CentralAuth?target=Foo+=

Username Bar+=$%^*()-&'~. The link goes to https://meta.wikimedia.org/wiki/Special:CentralAuth?target=Bar+=$%^*()-&%27~ which shows error There is no global account for "Bar =$%^*()-".

These are extreme examples I grant, but apparently legit (i.e. not blocked) usernames with these characters do exist in the wild (e.g. https://en.wikipedia.org/wiki/Special:ListUsers?username=%2B+%2B&group=&wpsubmit=&wpFormIdentifier=mw-listusers-form&limit=500, https://en.wikipedia.org/wiki/Special:ListUsers?username=%22+...Nella+sua+meravigliosa+Luce+%22&group=&wpsubmit=&wpFormIdentifier=mw-listusers-form&limit=500).

Steps to reproduce problem

Login to a wiki with a user whose username contains a ", + and/or &
Go to Special:Preferences
Click the link which says other Wikimedia projects where you have contributed

Expected behavior: Takes you to the Special:CentralAuth page for your user
Observed behavior: The Special:CentralAuth page is for the wrong user

Details

	Subject	Repo	Branch	Lines +/-
	URL encode the username passed to prefs-user-downloaddata-help-message	mediawiki/core	master	+1 -1

Customize query in gerrit

Related Objects

Mentioned In: T272412: Create interface for downloading User data
Mentioned Here: rMW6d388dfebe2e: Merge "Extend iwlinks.iwl_prefix to VARBINARY(32) on MySQL"
rMWa23841de0324: Localisation updates from https://translatewiki.net.

Event Timeline

dom_walden created this task.Feb 24 2021, 1:54 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 24 2021, 1:54 PM

dom_walden mentioned this in T272412: Create interface for downloading User data.Feb 24 2021, 1:54 PM

Niharika moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.Feb 24 2021, 2:13 PM

ARamirez_WMF set the point value for this task to 2.Feb 24 2021, 5:20 PM

ARamirez_WMF moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.

Niharika moved this task from Cards ready for development to The Letter Song on the Anti-Harassment board.Feb 24 2021, 6:50 PM

Niharika edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.

DLynch claimed this task.Feb 24 2021, 7:35 PM

DLynch moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.

Change 666726 had a related patch set uploaded (by DLynch; owner: DLynch):
[mediawiki/core@master] URL encode the username passed to prefs-user-downloaddata-help-message

https://gerrit.wikimedia.org/r/666726

gerritbot added a project: Patch-For-Review.Feb 24 2021, 7:44 PM

DLynch moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Feb 24 2021, 7:45 PM

STran moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Feb 24 2021, 8:55 PM

Change 666726 merged by jenkins-bot:
[mediawiki/core@master] URL encode the username passed to prefs-user-downloaddata-help-message

https://gerrit.wikimedia.org/r/666726

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.33; 2021-03-02).Feb 24 2021, 10:00 PM

Maintenance_bot removed a project: Patch-For-Review.Feb 24 2021, 10:10 PM

I cannot reproduce the bug with the usernames in the description, nor with a few others (see below).

For each username, I checked the HTML on the Special:Preferences was not malformed (like in the screenshot) and the CentralAuth link was correct (i.e. the CentralAuth user it displayed information for was the correct user).

Usernames tried:

Foo+="$%^*()-&'~ (from description)
Bar+=$%^*()-&'~ (from description)
Drw456!"$%&'()*+,-.=?\^ `~' (all ascii punctuation characters mediawiki considers valid)
äÂÉìÙ¨ÓÜÒãöíÝëßÜ³ßëÛÂÓâÉÈß²äèúöòÂ¸ÀþÚ¸ÿÜ¯ºÔÈïòÊíïÝ (characters outside ascii range)
Fooɇ𝕃 (high unicode range - takes more than 2 bytes to encode them)
Drw ‎‏‗․‥…  ‪‫‬‭‮ ‼‾⁇⁈⁉
- (sample of unicode punctuation characters we apparently support)

Test environments:

https://en.wikipedia.beta.wmflabs.org MediaWiki 1.36.0-alpha (a23841d) 07:37, 25 February 2021
local vagrant MediaWiki 1.36.0-alpha (6d388df)

Thanks @dom_walden.

Improve support for non-alphanumeric characters in the interface for downloading User dataClosed, ResolvedPublic2 Estimated Story PointsBUG REPORTActions