Bug
After I made the following API query on testwiki:
{ "action": "query", "format": "json", "list": "checkuser", "curequest": "userips", "cutarget": "Martin Urbanec (test) ", "cureason": "testing a bug in CU interface", "cutoken": "REDACTED" }
https://test.wikipedia.org/wiki/Special:CheckUserLog broke, it started to show a stacktrace instead:
[YDaao09kHU2l9rVxPFJzGAAAAA8] /wiki/Special:CheckUserLog Wikimedia\Assert\ParameterAssertionException: Bad value for parameter $title: invalid name 'Contributions/Martin_Urbanec_(test)_'
Backtrace:
from /srv/mediawiki/php-1.36.0-wmf.32/vendor/wikimedia/assert/src/Assert.php(72)
#0 /srv/mediawiki/php-1.36.0-wmf.32/includes/title/TitleValue.php(186): Wikimedia\Assert\Assert::parameter(boolean, string, string)
#1 /srv/mediawiki/php-1.36.0-wmf.32/includes/title/TitleValue.php(150): TitleValue::assertValidSpec(integer, string, string, string)
#2 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(125): TitleValue->__construct(integer, string, string)
#3 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(108): SpecialPage::getTitleValueFor(string, string, string)
#4 /srv/mediawiki/php-1.36.0-wmf.32/includes/Linker.php(977): SpecialPage::getTitleFor(string, string)
#5 /srv/mediawiki/php-1.36.0-wmf.32/extensions/CheckUser/src/LogPager.php(38): Linker::userToolLinks(string, string)
#6 /srv/mediawiki/php-1.36.0-wmf.32/includes/pager/IndexPager.php(611): MediaWiki\CheckUser\LogPager->formatRow(stdClass)
#7 /srv/mediawiki/php-1.36.0-wmf.32/extensions/CheckUser/src/Specials/SpecialCheckUserLog.php(93): IndexPager->getBody()
#8 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(645): MediaWiki\CheckUser\Specials\SpecialCheckUserLog->execute(NULL)
#9 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPageFactory.php(1405): SpecialPage->run(NULL)
#10 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(310): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext)
#11 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(944): MediaWiki->performRequest()
#12 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(548): MediaWiki->main()
#13 /srv/mediawiki/php-1.36.0-wmf.32/index.php(53): MediaWiki->run()
#14 /srv/mediawiki/php-1.36.0-wmf.32/index.php(46): wfIndexMain()
#15 /srv/mediawiki/w/index.php(3): require(string)
#16 {main}This issue is caused by CU API storing username with a trailing space into cu_log:
mysql:research@dbstore1004.eqiad.wmnet [testwiki]> select count(*) from cu_log where cul_target_text like "Martin Urbanec (test)" and cul_timestamp like "20210224%"; +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.001 sec) mysql:research@dbstore1004.eqiad.wmnet [testwiki]> select count(*) from cu_log where cul_target_text like "Martin Urbanec (test) " and cul_timestamp like "20210224%"; +----------+ | count(*) | +----------+ | 1 | +----------+ 1 row in set (0.001 sec) mysql:research@dbstore1004.eqiad.wmnet [testwiki]>
Special:CheckUserLog apparently can't deal with such a corner case, and fails with Wikimedia\Assert\ParameterAssertionException.
Security impact
Any checkuser can turn Special:CheckUserLog off, making it impossible to track CU usage when this bug is in place.
Notes
Despite a lot of information in the task description, and even a row in cu_log table, this can be published once fixed IMO. I intentionally broke testwiki to prove my theory, and I'm fine with publishing information about that exact check. No other private info should be here as of task creation.