127.0.0.1 in CheckUser log: Editing APIs should never use FauxRequest
Open, NormalPublic

Description

Using FauxRequest with APIs that change something (like action="edit") causes this action to be logged without User Agent and with 127.0.0.1 as the IP address.

Maybe FauxRequest should have also FauxUserAgent to help track this down?

Example fix for WikiLove is in r112758.


Version: 1.19
Severity: minor
URL: https://meta.wikimedia.org/wiki/Special:Contributions/127.0.0.1
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=43603

Details

Reference
bz34838
bzimport raised the priority of this task from to Normal.
bzimport set Reference to bz34838.
bzimport added a subscriber: Unknown Object (MLST).
saper created this task.Mar 1 2012, 3:52 AM
saper added a comment.Mar 1 2012, 4:27 AM

Fixed for MoodBar in r112770

saper added a comment.Mar 1 2012, 5:34 AM

Fixed for Extension:Collection in r112775

hashar added a comment.Mar 1 2012, 9:37 AM

Can we make it so that ApiMain throw an exception when ever we try to use FauxRequest ? Cause that will happen again.

(In reply to comment #3)

Can we make it so that ApiMain throw an exception when ever we try to use
FauxRequest ? Cause that will happen again.

This is a documented[1] and useful feature. Using API from PHP instead of WikiPage::doEdit() is indeed weird and should be forbidden. I can support the FauxRequest prohibition only for write modules.


[1] https://www.mediawiki.org/wiki/API:Calling_internally

john wrote:

(In reply to comment #3)

Can we make it so that ApiMain throw an exception when ever we try to use
FauxRequest ? Cause that will happen again.

The reason why it supports FauxRequest is for backwards compatibility.

MaxSem added a comment.May 3 2012, 3:17 PM

Eh, $wgRequest?

Is there anything here that still needs to be done?

(In reply to comment #7)

Eh, $wgRequest?

I removed the references to it and used $this->getRequest() instead.

saper added a comment.Nov 5 2013, 6:21 PM

Thanks legoktm, now docs look pretty much okay.

I know that Special:Translate causes 127.0.0.1 in the CheckUser Log, but not sure about the current status.

What about converting this bug into some kind of tracking bug, to be updated and particular bugs filed against core/extensions whenever this happens? (CC bugmeister)

Anomie moved this task from Unsorted to Non-Code on the MediaWiki-API board.Feb 20 2015, 4:45 PM
Meno25 removed a subscriber: Meno25.Jan 17 2017, 4:36 PM