[[Special:MyPage]] should not discard URL parameters
Closed, ResolvedPublic


I was trying to use the URL
when reporting another bug, but I noticed that the "&debug=1" is discarded after the page redirects to my real page. This also happens with other parameters as well:

It seems that only the "action" is always kept.

Version: 1.19
Severity: enhancement

bzimport added a subscriber: Unknown Object (MLST).
bzimport set Reference to bz35060.
He7d3r created this task.Via LegacyMar 8 2012, 11:19 AM
duplicatebug added a comment.Via ConduitMar 9 2012, 8:44 PM

SpecialMypage in SpecialPage.php has a list "mAllowedRedirectParams", which contains action, but not debug. When adding, please add it also to some of the other RedirectSpecialPage like MyTalk or so.

bzimport added a comment.Via ConduitMar 9 2012, 9:35 PM

beau wrote:

redirect=no would be handy too

He7d3r added a comment.Via ConduitMar 16 2012, 12:08 PM

For the record,
works fine.

This is probably something easy to fix. Adding appropriate keyword.

Dcoetzee added a comment.Via ConduitApr 5 2012, 3:02 AM

I ran into this problem with this URL:


It keeps the action and section params but discards preloadtitle, which would be useful in this case. I'm going to patch mAllowedRedirectParams on my server.

Dcoetzee added a comment.Via ConduitApr 5 2012, 4:06 AM

Created attachment 10379
Adds redirect params to Special:MyPage and MyTalk

Upon reviewing this further, I can imagine plausible use cases for a whole lot of parameters not currently included in mAllowedRedirectParams:

Current value:
$this->mAllowedRedirectParams = array( 'action' , 'preload' , 'editintro',

'section', 'oldid', 'diff', 'dir',
'ctype', 'maxage', 'smaxage' );

Parameters listed in http://www.mediawiki.org/wiki/Manual:Parameters_to_index.php that might be useful:

useskin, uselang, printable: to alter the appearance of the resulting page

redirect: allows viewing one's user page/user talk page even if it is a redirect

rdfrom: allows redirecting to one's user page/user talk page from an external wiki with correct "Redirected from..." notice

limit, offset: Useful for linking to history of one's own user page or user talk page. For example, this would be a link to "the last edit to your user talk page in the year 2010":


feed: Would allow linking to the current user's RSS feed for their user talk page:


preloadtitle: Came up in an actual use case for me, as mentioned above.

summary: Could be used to provide a default edit summary for a preloaded edit to one's own user page or talk page.

preview: Allows showing/hiding preview on first edit regardless of user preference, useful for preloaded edits where you know preview wouldn't be useful.

internaledit, externaledit, mode: Would allow forcing the use of the internal/external editor, e.g. to force the internal editor for short/simple preloaded edits.

redlink: Affects the message the user sees if their talk page/user talk page does not currently exist. Avoids confusion for newbies with no user pages over why they got a "permission error" following this link:


stable: When the FlaggedRevisions extension is installed, allows the link to determine whether the user sees the stable or draft version of their user page/user talk page.

debug: Not mentioned on the page, but needed by one of the commenting users.

I've attached a patch against MW 1.18.2 which enables all of these in mAllowedRedirectParams for both the user and user talk page, attached. Used a static function to share the list, which is kind of ugly, there's probably a better way. Needs review from a dev to make sure these rationales make sense and there are no security issues I'm unaware of, etc.

Attached: 35060.patch

bzimport added a comment.Via ConduitApr 6 2012, 8:50 PM

sumanah wrote:

Thanks for the patch, Derrick. Just so you know, you can get developer access easily


and then submit the patch right into our Git source control system:


Platonides added a comment.Via ConduitApr 6 2012, 8:53 PM

Hello Dcoetze!
Bad news: Your attachment is empty.
Good news: An empty patch doesn't add any security hole :)

Dcoetzee added a comment.Via ConduitApr 6 2012, 9:20 PM

@Platonides: I tried clicking "Details" on the attachment and I could see my patch, I'm pretty sure it's there, unless I put it in the wrong place or something?

@Sumana: I'm glad to hear they're accepting patches through Git now and will be sure to apply, thanks!

Dcoetzee added a comment.Via ConduitApr 16 2012, 11:09 PM

I've now pushed this patch (slightly modified) to Gerrit at:


MaxSem added a comment.Via ConduitApr 19 2012, 3:23 PM

Removing patch keyword as things have moved into Gerrit.

bzimport added a comment.Via ConduitApr 19 2012, 3:25 PM

sumanah wrote:

There's still a patch, it's just that it's in Gerrit (and in this case it's been reviewed). :)

Dcoetzee added a comment.Via ConduitJul 19 2012, 7:18 PM

Final patch with docs is in Gerrit now, sorry for the delay, and thank you to Hashar for helping out. Waiting for final approval.

duplicatebug added a comment.Via ConduitSep 16 2012, 7:48 AM

successfully merged

Add Comment