Page MenuHomePhabricator

127.0.0.1 in CheckUser log: Editing APIs should never use FauxRequest
Open, MediumPublic

Description

Using FauxRequest with APIs that change something (like action="edit") causes this action to be logged without User Agent and with 127.0.0.1 as the IP address.

Maybe FauxRequest should have also FauxUserAgent to help track this down?

Example fix for WikiLove is in r112758.


Version: 1.19
Severity: minor
URL: https://meta.wikimedia.org/wiki/Special:Contributions/127.0.0.1
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=43603

Details

Reference
bz34838

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:14 AM
bzimport set Reference to bz34838.
bzimport added a subscriber: Unknown Object (MLST).

Fixed for MoodBar in r112770

Fixed for Extension:Collection in r112775

Can we make it so that ApiMain throw an exception when ever we try to use FauxRequest ? Cause that will happen again.

(In reply to comment #3)

Can we make it so that ApiMain throw an exception when ever we try to use
FauxRequest ? Cause that will happen again.

This is a documented[1] and useful feature. Using API from PHP instead of WikiPage::doEdit() is indeed weird and should be forbidden. I can support the FauxRequest prohibition only for write modules.


[1] https://www.mediawiki.org/wiki/API:Calling_internally

john wrote:

(In reply to comment #3)

Can we make it so that ApiMain throw an exception when ever we try to use
FauxRequest ? Cause that will happen again.

The reason why it supports FauxRequest is for backwards compatibility.

Is there anything here that still needs to be done?

(In reply to comment #7)

Eh, $wgRequest?

I removed the references to it and used $this->getRequest() instead.

Thanks legoktm, now docs look pretty much okay.

I know that Special:Translate causes 127.0.0.1 in the CheckUser Log, but not sure about the current status.

What about converting this bug into some kind of tracking bug, to be updated and particular bugs filed against core/extensions whenever this happens? (CC bugmeister)