Last modified: 2009-03-11 18:12:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T19877, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 17877 - No validity checks for auto-created accounts
No validity checks for auto-created accounts
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
CentralAuth (Other open bugs)
unspecified
All All
: High major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 17878 17879 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-09 05:50 UTC by Andrew "FastLizard4" Adams
Modified: 2009-03-11 18:12 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andrew "FastLizard4" Adams 2009-03-09 05:50:07 UTC 
Apparently, any username containing a : cannot be blocked by administrators.  Case in point, [[Special:Contributions/WP:ANI]] on enwiki.
Comment 1 MZMcBride 2009-03-09 05:53:05 UTC 
The user account can be renamed. And I believe this is related to namespace aliases (WP: and WT:) not colons. Summary adjusted accordingly.
Comment 2 p858snake 2009-03-09 06:15:33 UTC 
In the golbal block form you can use "#<USERIDNUMBER>" in the username field, that might also work in the local block lists as well.
Comment 3 p858snake 2009-03-09 06:16:09 UTC 
*** Bug 17878 has been marked as a duplicate of this bug. ***
Comment 4 Robert Rohde 2009-03-09 07:39:28 UTC 
See also, Bug 17879 which points out that User:WP:ANI was only created because CentralAuth allowed a name to be created that would have be forbidden if one attempted to registered it locally.

I filed that separately because at least in principle one could patch this bug without tackling the AuthPlugin issue, but I believe it probably makes more sense to disallow AuthPlugin from creating accounts that lead to this scenario.  If one does patch AuthPlugin it would be very difficult (though not strictly impossible) to arrive at this bug again.
Comment 5 Andrew Garrett 2009-03-09 08:54:13 UTC 
Modifying to a correct description of the problem
Comment 6 Andrew Garrett 2009-03-09 09:41:34 UTC 
Fixed for autologin in r48211. WORKSFORME in core login interface.
Comment 7 Robert Rohde 2009-03-11 18:12:12 UTC 
*** Bug 17879 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links