Last modified: 2012-08-04 20:49:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T18487, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 16487 - UserManagement: Anonymous Account not create-/delete-/edit able , but it is visbile in user list
UserManagement: Anonymous Account not create-/delete-/edit able , but it is v...
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
1.13.x
All All
: Normal major (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: postgres
  Show dependency treegraph
 
Reported: 2008-11-28 17:51 UTC by sacher
Modified: 2012-08-04 20:49 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Patch that hides User:Anonymous on the user list. (1.47 KB, patch)
2009-05-09 01:11 UTC, Karun
Details

Description sacher 2008-11-28 17:51:29 UTC
There is this user account "User:Anonymous" in the list of users after installation?
Which functionality does this user account have?

Both renaming users name and viewing settings was not possible.
I would not like to have an account there that is a sort of backdoor.

Steps to reproduce:

    * Showing all users, the user:Anonymous appears.
    * Visiting the user's page there is no link for user contributions.
    * Renaming this user says: Der Benutzername „“ ist ungültig.
    * Changing rights is not possible because it is said the user did not exist.
    * Creating a new accout with this name causes an 

"Error: Warning: pg_query() [function.pg-query]: Query failed: ERROR: duplicate key violates unique constraint "mwuser_user_name_key" in /var/www/www.gfi.cx/wiki-gfi/includes/db/DatabasePostgres.php on line 552"

Please see detailed debugging information below.

Thanx in advance. Cheers

Server:

MediaWiki  	1.13.2
PHP 	5.2.0-8+etch13 (apache2handler)
PostgreSQL 	PostgreSQL 8.1.13 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 20061115 (Debian 4.1.1-21)
Plugins: EditUser (Version 1.5.1) , Renameuser (Version r41963)

Error Message:

A database error has occurred Query: INSERT INTO mwuser (user_id,user_name,user_password,user_newpassword,user_newpass_time,user_email, user_email_authenticated,user_real_name,user_options, user_token,user_registration,user_editcount) VALUES ('9','Anonymous',,,'2008-11-28 13:08:53 GMT',,NULL,,'quickbar=1 underline=2 cols=80 rows=25 searchlimit=20 contextlines=5 contextchars=50 disablesuggest=0 ajaxsearch=0 skin= math=1 usenewrc=0 rcdays=7 rclimit=50 wllimit=250 hideminor=0 highlightbroken=1 stubthreshold=0 previewontop=1 previewonfirst=0 editsection=1 editsectiononrightclick=0 editondblclick=0 editwidth=0 showtoc=1 showtoolbar=1 minordefault=0 date=default imagesize=2 thumbsize=2 rememberpassword=0 enotifwatchlistpages=0 enotifusertalkpages=1 enotifminoredits=0 enotifrevealaddr=0 shownumberswatching=1 fancysig=0 externaleditor=0 externaldiff=0 showjumplinks=1 numberheadings=0 uselivepreview=0 watchlistdays=3 extendwatchlist=0 watchlisthideminor=0 watchlisthidebots=0 watchlisthideown=0 watchcreations=0 watchdefault=0 watchmoves=0 watchdeletion=0 variant=de language=de searchNs0=1','b1821d58eed30ceb814a1cdfbaf13ecc','2008-11-28 13:08:53 GMT','0') Function: User::addToDatabase Error: 1 ERROR: duplicate key violates unique constraint "mwuser_user_name_key"

Backtrace:

   1. 0 /var/www/wiki/includes/db/Database.php(561): DatabasePostgres->reportQueryError('ERROR: duplica...', 1, 'INSERT INTO mwu...', 'User::addToData...', )
   2. 1 /var/www/wiki/includes/db/DatabasePostgres.php(817): Database->query('INSERT INTO mwu...', 'User::addToData...', )
   3. 2 /var/www/wiki/includes/User.php(2271): DatabasePostgres->insert('user', Array, 'User::addToData...')
   4. 3 /var/www/wiki/includes/specials/SpecialUserlogin.php(339): User->addToDatabase()
   5. 4 /var/www/wiki/includes/specials/SpecialUserlogin.php(324): LoginForm->initUser(Object(User), false)
   6. 5 /var/www/wiki/includes/specials/SpecialUserlogin.php(153): LoginForm->addNewAccountInternal()
   7. 6 /var/www/wiki/includes/specials/SpecialUserlogin.php(96): LoginForm->addNewAccount()
   8. 7 /var/www/wiki/includes/specials/SpecialUserlogin.php(17): LoginForm->execute()
   9. 8 [internal function]: wfSpecialUserlogin(NULL, Object(SpecialPage))
  10. 9 /var/www/wiki/includes/SpecialPage.php(748): call_user_func('wfSpecialUserlo...', NULL, Object(SpecialPage))
  11. 10 /var/www/wiki/includes/SpecialPage.php(534): SpecialPage->execute(NULL)
  12. 11 /var/www/www.gfi.cx/wiki-gfi/includes/Wiki.php(224): SpecialPage::executePath(Object(Title))
  13. 12 /var/www/www.gfi.cx/wiki-gfi/includes/Wiki.php(55): MediaWiki->initializeSpecialCases(Object(Title), Object(OutputPage), Object(WebRequest))
  14. 13 /var/www/www.gfi.cx/wiki-gfi/index.php(93): MediaWiki->initialize(Object(Title), NULL, Object(OutputPage), Object(User), Object(WebRequest))
  15. 14 {main}</nowiki>
Comment 1 sacher 2008-11-28 17:57:58 UTC
Please Note: Path to wiki is allways the same, I just faild at renaming the path in this bug report.
Comment 2 sacher 2008-11-30 13:17:39 UTC
In other words: I cannot delete the user because he does not exist. I cannot create the user because he exists. And he is shown in the user list. So, what is wrong? Is it a bug in this Version?
Comment 3 Tim Starling 2009-01-09 04:43:34 UTC
It's a nasty hack implemented in order to make foreign key constraints work in a schema that wasn't designed for them.

-- Create a dummy user to satisfy fk contraints especially with revisions
INSERT INTO mwuser
  VALUES (DEFAULT,'Anonymous','',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,now(),now());

I would suggest removing the foreign key constraints from the PG schema, which are more trouble than they're worth.
Comment 4 Karun 2009-05-09 00:52:09 UTC
Hello,
I would like to propose that we hide the User:Anonymous user from the user list. 
Comment 5 Karun 2009-05-09 01:11:43 UTC
Created attachment 6098 [details]
Patch that hides User:Anonymous on the user list.

I have created a patch that hides User:Anonymous from the user list. Im not sure if this would be the best way to resolve this bug.
Comment 6 Karun 2009-05-09 11:51:16 UTC
Are there any backdoors that could result from the Anonymous user being in the database? I think if they are able to do something to the anonymous user in the database through a backdoor, then it will probably just affect all users rather than just one.

Comment 7 Max Semenik 2010-01-09 10:33:16 UTC
Review of the patch: it doesn't take into account that there are different DB backends, most of which doesn't create that dummy account. Therefore, someone could register a stealth account 'Anonymous' that will be hard to track. And using a hardcoded value for checks is also extremely problematic.
Comment 8 Karun 2010-01-22 07:36:28 UTC
(In reply to comment #7)
> Review of the patch: it doesn't take into account that there are different DB
> backends, most of which doesn't create that dummy account. Therefore, someone
> could register a stealth account 'Anonymous' that will be hard to track. And
> using a hardcoded value for checks is also extremely problematic.

Would checking the database, be suitable so if postgresql is used then the anonymous account is hidden from the user list?
Comment 9 Platonides 2010-04-21 17:34:04 UTC
Fixed on r65405

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links