When submitting a ReportIncident report with a JSON object as the reportedUser property, I can get a 500 error.
Steps to replicate the issue
- Install the ReportIncident extension
- Log into an account that has a confirmed email address
- Open a user talk page that exists
- Open DevTools and then the network tab
- Click on the Report link in the Tools menu
- Navigate to the second step
- Fill out the form and submit it
- Find the POST request for submitting the form and copy it as fetch
- Go to the browser console and paste the fetch command
- Modify the command to change the reportedUser property to have the value of {"test": "1234"} (and escape the " character if necessary). An example of what this should look like is below:
await fetch("http://localhost:8080/w/rest.php/reportincident/v0/report", { "credentials": "include", "headers": { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0", "Accept": "application/json, text/javascript, */*; q=0.01", "Accept-Language": "en-GB,en;q=0.5", "Content-Type": "application/json", "X-Requested-With": "XMLHttpRequest", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Pragma": "no-cache", "Cache-Control": "no-cache" }, "referrer": "http://localhost:8080/wiki/User_talk:Dreamyjazz", "body": "{\"reportedUser\":{\"test\": \"1234\"},\"details\":\"aaa\",\"behaviors\":[\"threats-or-violence\"],\"revisionId\":1}", "method": "POST", "mode": "cors" });
What happens
A 500 server error is returned with the following:
{"message":"Error: exception of type TypeError: MediaWiki\\User\\UserNameUtils::isIP(): Argument #1 ($name) must be of type string, array given, called in /var/www/html/w/extensions/ReportIncident/src/Api/Rest/Handler/ReportHandler.php on line 192","exception":{"id":"7a4d263887f7f24aa08fd435","type":"TypeError","file":"/var/www/html/w/includes/user/UserNameUtils.php","line":333,"message":"MediaWiki\\User\\UserNameUtils::isIP(): Argument #1 ($name) must be of type string, array given, called in /var/www/html/w/extensions/ReportIncident/src/Api/Rest/Handler/ReportHandler.php on line 192","code":0,"url":"/w/rest.php/reportincident/v0/report","caught_by":"other","backtrace":[{"file":"/var/www/html/w/extensions/ReportIncident/src/Api/Rest/Handler/ReportHandler.php","line":192,"function":"isIP","class":"MediaWiki\\User\\UserNameUtils","type":"->"},{"file":"/var/www/html/w/extensions/ReportIncident/src/Api/Rest/Handler/ReportHandler.php","line":80,"function":"getIncidentReportObjectFromValidatedBody","class":"MediaWiki\\Extension\\ReportIncident\\Api\\Rest\\Handler\\ReportHandler","type":"->"},{"file":"/var/www/html/w/includes/Rest/SimpleHandler.php","line":38,"function":"run","class":"MediaWiki\\Extension\\ReportIncident\\Api\\Rest\\Handler\\ReportHandler","type":"->"},{"file":"/var/www/html/w/includes/Rest/Router.php","line":536,"function":"execute","class":"MediaWiki\\Rest\\SimpleHandler","type":"->"},{"file":"/var/www/html/w/includes/Rest/Router.php","line":441,"function":"executeHandler","class":"MediaWiki\\Rest\\Router","type":"->"},{"file":"/var/www/html/w/includes/Rest/EntryPoint.php","line":195,"function":"execute","class":"MediaWiki\\Rest\\Router","type":"->"},{"file":"/var/www/html/w/includes/Rest/EntryPoint.php","line":135,"function":"execute","class":"MediaWiki\\Rest\\EntryPoint","type":"->"},{"file":"/var/www/html/w/rest.php","line":31,"function":"main","class":"MediaWiki\\Rest\\EntryPoint","type":"::"}]},"httpCode":500,"httpReason":"Internal Server Error"}
What should have happened instead
A 4XX error should have been returned as the error was due to the submitted data and not the fault of the server.
Software version
MediaWiki 1.42.0-alpha (8d06e10) 13:54, 31 October 2023. ReportIncident – (15aab01) 14:40, 31 October 2023
