TemporaryAccountHandler API shouldn't return more results than $wgCheckUserMaximumRowCount
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Tchanders
	Mar 30 2023, 4:25 PM

Description

From T324602#8712185 TemporaryAccountHandler can return more results than $wgCheckUserMaximumRowCount.

What's happening?

See TemporaryAccountHandler.php:

The problem is that the query is only limited if a 'limit' parameter is supplied:

->limit( $this->getValidatedParams()['limit'] )

The 'limit' param can't be higher than $wgCheckUserMaximumRowCount:

IntegerDef::PARAM_MAX => $this->config->get( 'CheckUserMaximumRowCount' )

but if no limit is supplied, then more results than the limit may be fetched.

Details

	Subject	Repo	Branch	Lines +/-
	Check for and enforce $wgCheckUserMaximumRowCount	mediawiki/extensions/CheckUser	master	+33 -9

Customize query in gerrit

Related Objects

Mentioned In: T324602: SpecialBlock: Once a temporary account is selected, below the username field display IP addresses associated with the account
Mentioned Here: T324602: SpecialBlock: Once a temporary account is selected, below the username field display IP addresses associated with the account

Event Timeline

Tchanders created this task.Mar 30 2023, 4:25 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 30 2023, 4:25 PM

Tchanders mentioned this in T324602: SpecialBlock: Once a temporary account is selected, below the username field display IP addresses associated with the account.Mar 30 2023, 4:31 PM

Dreamy_Jazz moved this task from General / Unsorted to Patches for review on the CheckUser board.Mar 31 2023, 1:45 PM

Dreamy_Jazz moved this task from Patches for review to Temporary account IP reveal on the CheckUser board.

STran claimed this task.Apr 11 2023, 11:37 PM

STran moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 28: The Mad Hatter Hat) board.

Change 908007 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Check for and enforce $wgCheckUserMaximumRowCount

https://gerrit.wikimedia.org/r/908007

gerritbot added a project: Patch-For-Review.Apr 12 2023, 1:18 AM

STran moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 28: The Mad Hatter Hat) board.Apr 12 2023, 1:35 AM

Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 28: The Mad Hatter Hat) board.Apr 20 2023, 4:22 PM

Change 908007 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Check for and enforce $wgCheckUserMaximumRowCount

https://gerrit.wikimedia.org/r/908007

Maintenance_bot removed a project: Patch-For-Review.Apr 20 2023, 5:20 PM

@STran I'm not sure if I'm missing anything but it's ignoring the $wgCheckUserMaximumRowCount number count in Special:Block as seen in the screenshot.

UPDATE: I forgot to disable my cache, which is now working. I will continue with my testing and let you know if anything else comes up. Thanks!

Tchanders moved this task from AHaT Sprint 28: The Mad Hatter Hat to AHaT Sprint 29: The Ikseongwan on the Anti-Harassment board.Apr 25 2023, 5:57 PM

Tchanders edited projects, added Anti-Harassment (AHaT Sprint 29: The Ikseongwan); removed Anti-Harassment (AHaT Sprint 28: The Mad Hatter Hat).

Tchanders moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 29: The Ikseongwan) board.

@STran Looks like everything is good to go now. Before I move this to Done, on the last screenshot, is that the correct wording for the error message?

OS: macOS 13.3
Browsers: Chrome 112, Firefox 112, Safari 16.3
Skins: Vector 2022, 2010, Minerva, Timeless, Monobook

*Unregistered 18 temp user - 8 IP addresses

T325768_IPMasking_CheckUserMaximumRowCount1.png (675×1 px, 276 KB)

Special:Block- Local Config $wgCheckUserMaximumRowCount = 3;

http://localhost:8080/w/rest.php/checkuser/v0/temporaryaccount/*Unregistered%2018 - Local Config $wgCheckUserMaximumRowCount = 3;

http://localhost:8080/w/rest.php/checkuser/v0/temporaryaccount/*Unregistered%2018?limit=1 -?lmit<#> in URL

URL limit=4 higher than $wgCheckUserMaximumRowCount = 3; error message

Yes that should be fine. This patch didn't change that error message. Thanks!

Ok sounds good, I'll move it to Done. Thanks!

GMikesell-WMF added a comment.Apr 26 2023, 5:13 PM

This comment was removed by GMikesell-WMF.

GMikesell-WMF moved this task from QA/Testing 🐞 to Done Q2 2022-2023 on the Anti-Harassment (AHaT Sprint 29: The Ikseongwan) board.Apr 26 2023, 5:14 PM

Tchanders closed this task as Resolved.May 5 2023, 5:21 AM

ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.9; 2023-05-15).May 15 2023, 5:01 PM

	F36963065: T325768_IPMasking_CheckUserMaximumRowCount_URLError.png
	Apr 25 2023, 10:21 PM

	F36963063: T325768_IPMasking_CheckUserMaximumRowCount_URL2.png
	Apr 25 2023, 10:21 PM

	F36963061: T325768_IPMasking_CheckUserMaximumRowCount_URL.png
	Apr 25 2023, 10:21 PM

	F36963057: T325768_IPMasking_CheckUserMaximumRowCount_SpecialBlock.png
	Apr 25 2023, 10:21 PM

	F36963055: T325768_IPMasking_CheckUserMaximumRowCount1.png
	Apr 25 2023, 10:21 PM

	F36962232: T333583_IPMasking_MaxRowCount.png
	Apr 24 2023, 10:21 PM

TemporaryAccountHandler API shouldn't return more results than $wgCheckUserMaximumRowCountClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

TemporaryAccountHandler API shouldn't return more results than $wgCheckUserMaximumRowCount
Closed, ResolvedPublic
Actions