Bug
After I made the following API query on testwiki:
{ "action": "query", "format": "json", "list": "checkuser", "curequest": "userips", "cutarget": "Martin Urbanec (test) ", "cureason": "testing a bug in CU interface", "cutoken": "REDACTED" }
https://test.wikipedia.org/wiki/Special:CheckUserLog broke, it started to show a stacktrace instead:
[YDaao09kHU2l9rVxPFJzGAAAAA8] /wiki/Special:CheckUserLog Wikimedia\Assert\ParameterAssertionException: Bad value for parameter $title: invalid name 'Contributions/Martin_Urbanec_(test)_' Backtrace: from /srv/mediawiki/php-1.36.0-wmf.32/vendor/wikimedia/assert/src/Assert.php(72) #0 /srv/mediawiki/php-1.36.0-wmf.32/includes/title/TitleValue.php(186): Wikimedia\Assert\Assert::parameter(boolean, string, string) #1 /srv/mediawiki/php-1.36.0-wmf.32/includes/title/TitleValue.php(150): TitleValue::assertValidSpec(integer, string, string, string) #2 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(125): TitleValue->__construct(integer, string, string) #3 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(108): SpecialPage::getTitleValueFor(string, string, string) #4 /srv/mediawiki/php-1.36.0-wmf.32/includes/Linker.php(977): SpecialPage::getTitleFor(string, string) #5 /srv/mediawiki/php-1.36.0-wmf.32/extensions/CheckUser/src/LogPager.php(38): Linker::userToolLinks(string, string) #6 /srv/mediawiki/php-1.36.0-wmf.32/includes/pager/IndexPager.php(611): MediaWiki\CheckUser\LogPager->formatRow(stdClass) #7 /srv/mediawiki/php-1.36.0-wmf.32/extensions/CheckUser/src/Specials/SpecialCheckUserLog.php(93): IndexPager->getBody() #8 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPage.php(645): MediaWiki\CheckUser\Specials\SpecialCheckUserLog->execute(NULL) #9 /srv/mediawiki/php-1.36.0-wmf.32/includes/specialpage/SpecialPageFactory.php(1405): SpecialPage->run(NULL) #10 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(310): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext) #11 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(944): MediaWiki->performRequest() #12 /srv/mediawiki/php-1.36.0-wmf.32/includes/MediaWiki.php(548): MediaWiki->main() #13 /srv/mediawiki/php-1.36.0-wmf.32/index.php(53): MediaWiki->run() #14 /srv/mediawiki/php-1.36.0-wmf.32/index.php(46): wfIndexMain() #15 /srv/mediawiki/w/index.php(3): require(string) #16 {main}
This issue is caused by CU API storing username with a trailing space into cu_log:
mysql:research@dbstore1004.eqiad.wmnet [testwiki]> select count(*) from cu_log where cul_target_text like "Martin Urbanec (test)" and cul_timestamp like "20210224%"; +----------+ | count(*) | +----------+ | 0 | +----------+ 1 row in set (0.001 sec) mysql:research@dbstore1004.eqiad.wmnet [testwiki]> select count(*) from cu_log where cul_target_text like "Martin Urbanec (test) " and cul_timestamp like "20210224%"; +----------+ | count(*) | +----------+ | 1 | +----------+ 1 row in set (0.001 sec) mysql:research@dbstore1004.eqiad.wmnet [testwiki]>
Special:CheckUserLog apparently can't deal with such a corner case, and fails with Wikimedia\Assert\ParameterAssertionException.
Security impact
Any checkuser can turn Special:CheckUserLog off, making it impossible to track CU usage when this bug is in place.
Notes
Despite a lot of information in the task description, and even a row in cu_log table, this can be published once fixed IMO. I intentionally broke testwiki to prove my theory, and I'm fine with publishing information about that exact check. No other private info should be here as of task creation.