Last modified: 2008-01-16 07:16:11 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T14643, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 12643 - Non-admins can move a page with a nbsp in its title over a page without the nbsp which is a redirect to itself but with no history
Non-admins can move a page with a nbsp in its title over a page without the n...
Status: RESOLVED INVALID
Product: MediaWiki
Classification: Unclassified
Redirects (Other open bugs)
1.12.x
All All
: Normal minor (vote)
: ---
Assigned To: Nobody - You can work on this!
http://en.wikipedia.org/wiki/User:ais...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-15 17:51 UTC by ais523
Modified: 2008-01-16 07:16 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description ais523 2008-01-15 17:51:25 UTC 
This is, in theory, a security bug (allowing users to perform actions that are outside their permissions), but is actually minor because the action is so pointless. If a page whose name contains a space is a redirect to itself, and only has one entry in the history, it's possible for a non-administrator (specifically, someone without the 'delete' right) to move a page with the same name but with a non-breaking space in the title over the page with a space in the title; the software apparently confuses this with the reverse-a-redirect case where a page is moved over a redirect that points to the page being moved. The redirect-to-self is completely obliterated, leaving no deletion log entry nor deleted history. It seems unlikely that this is intended behaviour, although it is likely to be harmless.
Comment 1 Roan Kattouw 2008-01-15 19:12:39 UTC 
I daresay this is an unintended feature: pages with   in their titles shouldn't exist, nor should redirects to self.
Comment 2 Brion Vibber 2008-01-16 07:16:11 UTC 
This isn't an  -related issue at all -- you can move over *any* self-redirect with no history.

This appears to actually be on purpose... in Title::isValidMoveTarget() you'll find:

		# Does the redirect point to the source?
		# Or is it a broken self-redirect, usually caused by namespace collisions?

So... not a bug, intended behavior. :)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links