What is the problem?
When using the Report Incident form, the form asks for a username that you want to report. However the API requests a user ID and the frontend sends the text in the username field (without validation) to the API. As the form asks for a username (and not an ID) this means the username will be converted to an integer.
Steps to reproduce problem
- Install ReportIncident
- Open a user talk page and open the network tab in inspect element
- Click the "Report" button
- Click the "Proceed to file a report" button
- Open DevTools and click on the network tab
- Fill in the form, specifying a username in Username you would like to report as asked for
Expected behaviour: The API request body specifies a username as the reportedUserID property.
Observed behaviour: The API request body should specify an ID or specify that the property is actually the username
Environment
Wiki(s): ReportIncident (ee99199) 07:09, 19 September 2023