Account creation through API leaks account creator's IP address
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	IAlex
	Jan 21 2013, 11:03 AM

Description

When creating an account through the API from an anonymous user, its IP address is publicly accessible the new users log as action performer. In such case, it contains entries like this:

User account TestApiCreate (Talk | contribs | block) was created by ::1 (Talk | block)

It should be instead:

User account TestApiCreate (Talk | contribs | block) was created

and the user itself should be logged as action performer.

A patch will come soon to fix this.

Version: 1.21.x
Severity: major
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=56944

Details

Reference: bz44202

Event Timeline

• bzimport raised the priority of this task from to High.Nov 22 2014, 1:30 AM

• bzimport added a project: MediaWiki-Action-API.

• bzimport set Reference to bz44202.

IAlex created this task.Jan 21 2013, 11:03 AM

Proposed fix in Gerrit change #44966.

Change merged.

Aklapper removed subscribers: • wikibugs-l-list, Anomie.Oct 16 2020, 5:41 PM

Account creation through API leaks account creator's IP addressClosed, ResolvedPublicActions

Description

Details

Event Timeline

Account creation through API leaks account creator's IP address
Closed, ResolvedPublic
Actions