Page MenuHomePhabricator
Create Task
Maniphest T40894

Bad escaping of characters in Titleblacklist-forbidden-new-account when triggered
Closed, ResolvedPublic
Actions

Description

When trying to create an account on ruwiktionary, I got the following message:

Login error
<<p>The user name "Jdforrester (WMF)" has been banned from creation. It matches the following blacklist entry: <code>.*\(.+\)$ <newaccountonly> # Участник:%username%_(сексуалист)</code> </p>>

Looking at [[MediaWiki:Titleblacklist-forbidden-new-account]] it looks fine, so presumably either the <code> is triggering something odd, or Titleblacklist is calling it wrongly?

Version: master
Severity: minor
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=44718

Details

Reference
bz38894

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
InvalidNoneT40638 [DO NOT USE] Interface messages needing rewording or documentation and other issues with existing messages [superseded by #Voice_&_Tone]
ResolvedNoneT40894 Bad escaping of characters in Titleblacklist-forbidden-new-account when triggered
· · ·

Event Timeline

bzimport raised the priority of this task from to High.Nov 22 2014, 12:47 AM
bzimport added a project: TitleBlacklist.
bzimport set Reference to bz38894.
bzimport added a subscriber: Unknown Object (MLST).
Jdforrester-WMF created this task.Jul 31 2012, 9:38 PM
Jdforrester-WMF added a comment.Jul 31 2012, 9:39 PM

Of course, I meant https://translatewiki.net/wiki/MediaWiki:Titleblacklist-forbidden-new-account/en rather than the enwiki issue. :-)

Catrope added a comment.Jul 31 2012, 9:57 PM

https://gerrit.wikimedia.org/r/17132 (already deployed as a live hack) seems to fix this.

Catrope added a comment.Jul 31 2012, 10:16 PM

Not actually fixed.

This is because CentralAuth uses the same hook function for AbortNewAccount and AbortAutoAccount. This is a problem because AbortNewAccount expects the returned error to be an HTML string, while AbortAutoAccount expects it to be a message key. The hook outputs an HTML string to both, which causes the latter to interpret the HTML string as a message key, which obviously fails terribly. What's even worse is that docs/hooks.txt claims that both hooks take a message key. Ugh.

The message key approach is inflexible, though, because TitleBlacklist needs to pass parameters to the message (like the rule that triggered the block), so I think a reasonable way to fix this would be to allow the hook to return either a string or a Message object.

Aklapper added a comment.Jan 18 2013, 6:24 PM
  • Bug 44120 has been marked as a duplicate of this bug. ***
Aklapper added a comment.Jan 18 2013, 6:24 PM
  • Bug 42228 has been marked as a duplicate of this bug. ***
Matthewrbowker added a comment.Mar 16 2013, 6:02 AM

Created attachment 11943
Image of the error on the English Wikipedia

Just experienced this on the English Wikipedia. Screenshot attached.

Attached:

Screen_Shot_2013-03-15_at_11.35.02_PM_rev.jpg (970×1 px, 811 KB)

Jdforrester-WMF added a comment.May 5 2013, 5:00 PM

Not actually being worked on by Roan; de-assigning. Do we need to create a separate bug for the need for core to be altered?

Mattflaschen-WMF added a comment.May 20 2013, 11:52 PM

(In reply to comment #3)

The message key approach is inflexible, though, because TitleBlacklist needs
to pass parameters to the message (like the rule that triggered the block), so I
think a reasonable way to fix this would be to allow the hook to return
either a string or a Message object.

And if it returns a string, it will be treated as a message key?

gerritbot added a comment.May 21 2013, 12:42 AM

Related URL: https://gerrit.wikimedia.org/r/64645 (Gerrit Change I0d728a9645644fe95a7a7c680f568b8206e202a4)

MZMcBride added a comment.May 21 2013, 2:51 AM

(In reply to comment #9)

Related URL: https://gerrit.wikimedia.org/r/64645 (Gerrit Change
I0d728a9645644fe95a7a7c680f568b8206e202a4)

This is not accessible for me. Perhaps it's marked as a draft?

bzimport added a comment.May 21 2013, 3:04 AM

swalling wrote:

(In reply to comment #10)

(In reply to comment #9)

Related URL: https://gerrit.wikimedia.org/r/64645 (Gerrit Change
I0d728a9645644fe95a7a7c680f568b8206e202a4)

This is not accessible for me. Perhaps it's marked as a draft?

Yeah it is.

Parent5446 added a comment.Aug 2 2013, 6:45 PM
  • This bug has been marked as a duplicate of bug 44718 ***
gerritbot added a comment.Mar 20 2014, 7:18 AM

Change 64645 abandoned by Krinkle:
(Bug 38894) Abort{New,Auto}Account: error may be Message or HTML.

Reason:
Abandoning for now.

https://gerrit.wikimedia.org/r/64645

Aklapper added a project: Voice & Tone.May 24 2021, 9:36 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL