Last modified: 2014-01-08 06:21:46 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T36838, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 34838 - 127.0.0.1 in CheckUser log: Editing APIs should never use FauxRequest
127.0.0.1 in CheckUser log: Editing APIs should never use FauxRequest
Status: NEW
Product: MediaWiki
Classification: Unclassified
API (Other open bugs)
1.19
All All
: Normal minor (vote)
: Future release
Assigned To: Nobody - You can work on this!
https://meta.wikimedia.org/wiki/Speci...
:
Depends on:
Blocks: user-127.0.0.1
  Show dependency treegraph
 
Reported: 2012-03-01 03:52 UTC by Marcin Cieślak
Modified: 2014-01-08 06:21 UTC (History)
17 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marcin Cieślak 2012-03-01 03:52:08 UTC 
Using FauxRequest with APIs that change something (like action="edit") causes this action to be logged without User Agent and with 127.0.0.1 as the IP address.

Maybe FauxRequest should have also FauxUserAgent to help track this down?

Example fix for WikiLove is in r112758.
Comment 1 Marcin Cieślak 2012-03-01 04:27:28 UTC 
Fixed for MoodBar in r112770
Comment 2 Marcin Cieślak 2012-03-01 05:34:02 UTC 
Fixed for Extension:Collection in r112775
Comment 3 Antoine "hashar" Musso (WMF) 2012-03-01 09:37:01 UTC 
Can we make it so that ApiMain throw an exception when ever we try to use FauxRequest ? Cause that will happen again.
Comment 4 Max Semenik 2012-03-01 10:11:05 UTC 
(In reply to comment #3)
> Can we make it so that ApiMain throw an exception when ever we try to use
> FauxRequest ? Cause that will happen again.

This is a documented[1] and useful feature. Using API from PHP instead of WikiPage::doEdit() is indeed weird and should be forbidden. I can support the FauxRequest prohibition only for write modules.

----
[1] https://www.mediawiki.org/wiki/API:Calling_internally
Comment 5 John Du Hart 2012-03-01 10:55:47 UTC 
(In reply to comment #3)
> Can we make it so that ApiMain throw an exception when ever we try to use
> FauxRequest ? Cause that will happen again.

The reason why it supports FauxRequest is for backwards compatibility.
Comment 6 Marcin Cieślak 2012-05-03 13:57:19 UTC 
I have updated the API documentation: https://www.mediawiki.org/w/index.php?title=API:Calling_internally&diff=532697&oldid=522077

Feedback welcome!
Comment 7 Max Semenik 2012-05-03 15:17:11 UTC 
Eh, $wgRequest?
Comment 8 Kunal Mehta (Legoktm) 2013-11-05 18:08:40 UTC 
Is there anything here that still needs to be done?

(In reply to comment #7)
> Eh, $wgRequest?

I removed the references to it and used $this->getRequest() instead.
Comment 9 Marcin Cieślak 2013-11-05 18:21:55 UTC 
Thanks legoktm, now docs look pretty much okay.

I know that Special:Translate causes 127.0.0.1 in the CheckUser Log, but not sure about the current status.

What about converting this bug into some kind of tracking bug, to be updated and particular bugs filed against core/extensions whenever this happens? (CC bugmeister)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links