Last modified: 2014-04-11 19:17:19 UTC
The details of the AbuseLog show a field "Time email address was confirmed". In my opinion is this critical, because the time of emailconfirm is private data and not visible at any other place. Please give only a field, if the user has confirmed or not, this information is visible by Special:EmailUser, so there is no problem. Thanks.
I'm not sure that it's private, personally identifiable data, but it still might have been a bad idea to disclose it, it's a good secondary verification point for manual password resets. Since it's been released for months, it's now dead as a secondary verification point anyway, so I'm not sure how "private" it is.
Sticking Brion on CC to see what he thinks.
Is this fixed? I see that the email timestamp can still be used as filter variable, but not that it can be directly seen.
old log entries still shows it, but newer one not. No idea why, maybe the value is no longer stored at a detail, but that can also means, that is no longer usable on a filter, but that would be another bug.
It's not fixed. I reproduced the bug locally by creating a filter which uses "user_emailconfirm". Because the value gets only lazy_loaded it's normally not set and thus not exported and stored in the db. Speculatively it's enough if any active filter uses emailconfirm to get it stored by any other filter. aside: the details (var-dump) of an edit are stored for me as serialized php-array in mw's "text"-table, not in a AF-table itself.
newly added lazy-loading sounds like a good reason, why it is not set on newer logs, but on old logs. It is intended to use the text table (or external stores, when set)