Page MenuHomePhabricator
Create Task
Maniphest T315128

email-blacklist not honored if changing email
Closed, ResolvedPublicBUG REPORT
Actions

Description

  1. Use .* as the filter for mediawiki:email-blacklist
  2. Use \bvalidemail\.com\b for mediawiki:email-whitelist
  3. create account with validemail.com
  4. change email to something other than validemail.com

What happens?:
Users can register account with an allowed email and then change it to a blocked email address.

What should have happened instead?:
The checks should also happen when user changes email.

Software version (skip for WMF-hosted wikis like Wikipedia):
MW1.38.2

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Add Check for changing emailmediawiki/extensions/SpamBlacklistmaster+21 -1
Create UserCanChangeEmail Hookmediawiki/coremaster+50 -1
Customize query in gerrit

Related Objects

Event Timeline

Skunark created this task.Aug 13 2022, 5:54 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 13 2022, 5:54 AM
Lens0021 subscribed.May 24 2024, 3:56 PM
gerritbot added a comment.May 25 2024, 2:37 AM

Change #1035844 had a related patch set uploaded (by Lens0021; author: Lens0021):

[mediawiki/core@master] Create UserCanChangeEmail Hook

https://gerrit.wikimedia.org/r/1035844

gerritbot added a project: Patch-For-Review.May 25 2024, 2:37 AM
gerritbot added a comment.May 25 2024, 3:40 AM

Change #1035845 had a related patch set uploaded (by Lens0021; author: Lens0021):

[mediawiki/extensions/SpamBlacklist@master] Add Check for changing email

https://gerrit.wikimedia.org/r/1035845

Lens0021 claimed this task.Sep 23 2024, 11:44 PM
TheresNoTime subscribed.Sep 24 2024, 3:59 PM
Krinkle subscribed.Sep 24 2024, 10:06 PM

See also: T224921: Code Stewardship Review: SpamBlacklist.

This might be of interest to the Trust and Safety Product Team, tagging as such, but please feel free to untag if this should be owned elsewhere.

Krinkle added a project: Trust and Safety Product Team.Sep 24 2024, 10:07 PM
Dreamy_Jazz removed a project: Trust and Safety Product Team.Sep 24 2024, 10:24 PM
Dreamy_Jazz subscribed.

I don't know if we should claim this extension, but I don't think we currently have the capacity to deal with SpamBlacklist due to the Temporary accounts work.

Dreamy_Jazz updated the task description. (Show Details)Sep 24 2024, 10:28 PM
gerritbot added a comment.Oct 20 2025, 2:35 PM

Change #1035844 merged by jenkins-bot:

[mediawiki/core@master] Create UserCanChangeEmail Hook

https://gerrit.wikimedia.org/r/1035844

ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.24; 2025-10-21).Oct 20 2025, 3:00 PM
gerritbot added a comment.Nov 6 2025, 12:07 AM

Change #1035845 merged by jenkins-bot:

[mediawiki/extensions/SpamBlacklist@master] Add Check for changing email

https://gerrit.wikimedia.org/r/1035845

Maintenance_bot removed a project: Patch-For-Review.Nov 6 2025, 12:30 AM
ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.2; 2025-11-12).Nov 6 2025, 1:01 AM
Pppery subscribed.Jan 5 2026, 2:43 AM

Anything left to do here?

Aklapper closed this task as Resolved.Mon, Feb 9, 11:37 AM

No reply; assuming this is done. Please reopen if there is more work to do.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits