Last modified: 2013-06-18 13:41:14 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19282, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 17282 - Users can be renamed to usernames forbidden on creation
Users can be renamed to usernames forbidden on creation
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Renameuser (Other open bugs)
unspecified
All All
: Normal minor (vote)
: ---
Assigned To: Nobody - You can work on this!
http://vi.wikipedia.org
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-31 16:07 UTC by Dung Nguyen
Modified: 2013-06-18 13:41 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Dung Nguyen 2009-01-31 16:07:25 UTC
At the Vietnamese Wikipedia, a user can be renamed to a username that can not be used when creating the account.  For example, a user can be renamed to an account name containing only numbers when they are prevented from doing so when creating the account.  Should the policies for account creation and renaming be the same?
Comment 1 Chad H. 2009-02-01 09:14:23 UTC
It's a simple 1-line change to RenameUser, requiring that the new username be validated as 'creatable' instead of just 'valid.' If in fact we do want to require target usernames to pass the same requirements as account creation.
Comment 2 Aaron Schulz 2009-02-24 09:57:27 UTC
Done in r47740
Comment 3 Brion Vibber 2009-03-03 22:23:13 UTC
Hrm. Surely this defeats the purpose of admins being able to override the default limitations?

This should be reverted and resolved as INVALID.
Comment 4 Mike.lifeguard 2009-03-03 22:25:18 UTC
(In reply to comment #3)
> Hrm. Surely this defeats the purpose of admins being able to override the
> default limitations?
> 
> This should be reverted and resolved as INVALID.
> 

Should probably let them know that they are in fact overriding such restrictions though.
Comment 5 Aryeh Gregor (not reading bugmail, please e-mail directly) 2009-03-03 22:28:29 UTC
(In reply to comment #3)
> Hrm. Surely this defeats the purpose of admins being able to override the
> default limitations?

It depends.  For instance, usernames with @ in them aren't creatable but are valid, and it should not be possible to rename to them, because it's only valid at all for backward compatibility (right?).  On the other hand, things like AntiSpoof should clearly not be run.  As far as I can tell by a quick glance at the code, the prohibition of '@' is the *only* difference between 'usable' and 'creatable'.
Comment 6 Dung Nguyen 2009-03-03 22:38:41 UTC
(In reply to comment #5)
>  As far as I can tell by a quick glance at
> the code, the prohibition of '@' is the *only* difference between 'usable' and
> 'creatable'.
> 

The impetus for me when filing this bug was that I was able to rename a user to "93.896" (as requested by the user).  I was not aware that one is not able to create such an account until somebody complained that that username is not creatable. 
Comment 7 Siebrand Mazeland 2012-05-22 11:12:07 UTC
Given that three years have passed since comment 3, I'm being bold and am closing this is resolved again.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links