Background
TemporaryAccountHandler returns the IP addresses used by a temporary account.
A limit parameter can be passed. This means the maximum number of IP addresses that can be returned (as opposed to rows that can be read by the query).
A config, $wgCheckUserMaximumRowCount controls the maximum number of rows that can be read, for performance reasons.
The query currently takes the lowest of these two limits, and applies that as a limit on the query. The unique IPs from the resulting rows are then returned.
Instead, the config limit should be used in the query, but the parameter limit (if present) should be applied in PHP, after the unique IPs have been found from the rows returned by the query.
This should solve 2 problems with the limit handling (see also T324603#8584676):
- Number of IPs returned is sometimes less than the limit parameter. This is because there can be multiple rows for the same actor-IP-timestamp, and the limit is being applied to the number of rows read.
- A negative limit parameter causes a SQL error
Acceptance criteria
- The API only returns fewer IPs than the limit parameter if there are actually fewer IPs (or if the limit parameter is higher than $wgCheckUserMaximumRowCount)
- Passing a negative limit is handled by the API and returns an appropriate error message and code