jenkins-bot has submitted this change and it was merged.
Change subject: Reject usernames with namespace or interwiki prefixes
......................................................................
Reject usernames with namespace or interwiki prefixes
User::getCanonicalName silently stripped namepace/iw prefixes,
resulting in weird behavior (e.g. entering 'Template:Foo' in the
registration form username field was accepted, but user 'Foo' was
created). Explicitly reject such names instead.
Also remove leading whitespace from test cases testing for something
else.
Bug: T94656
Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae
---
M includes/user/User.php
M tests/phpunit/includes/user/UserTest.php
2 files changed, 34 insertions(+), 18 deletions(-)
Approvals:
Anomie: Looks good to me, but someone else must approve
Legoktm: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/user/User.php b/includes/user/User.php
index 04eba97..c1e096b 100644
--- a/includes/user/User.php
+++ b/includes/user/User.php
@@ -1070,9 +1070,9 @@
// Clean up name according to title rules,
// but only when validation is requested (bug 12654)
$t = ( $validate !== false ) ?
- Title::newFromText( $name ) : Title::makeTitle(
NS_USER, $name );
+ Title::newFromText( $name, NS_USER ) :
Title::makeTitle( NS_USER, $name );
// Check for invalid titles
- if ( is_null( $t ) ) {
+ if ( is_null( $t ) || $t->getNamespace() !== NS_USER ||
$t->isExternal() ) {
return false;
}
diff --git a/tests/phpunit/includes/user/UserTest.php
b/tests/phpunit/includes/user/UserTest.php
index 88bb328..c9b6929 100644
--- a/tests/phpunit/includes/user/UserTest.php
+++ b/tests/phpunit/includes/user/UserTest.php
@@ -342,30 +342,46 @@
* @covers User::getCanonicalName()
* @dataProvider provideGetCanonicalName
*/
- public function testGetCanonicalName( $name, $expectedArray, $msg ) {
+ public function testGetCanonicalName( $name, $expectedArray ) {
+ // fake interwiki map for the 'Interwiki prefix' testcase
+ $this->mergeMwGlobalArrayValue( 'wgHooks', [
+ 'InterwikiLoadPrefix' => [
+ function ( $prefix, &$iwdata ) {
+ if ( $prefix === 'interwiki' ) {
+ $iwdata = [
+ 'iw_url' =>
'http://example.com/',
+ 'iw_local' => 0,
+ 'iw_trans' => 0,
+ ];
+ return false;
+ }
+ },
+ ],
+ ] );
+
foreach ( $expectedArray as $validate => $expected ) {
$this->assertEquals(
$expected,
- User::getCanonicalName( $name, $validate ===
'false' ? false : $validate ),
- $msg . ' (' . $validate . ')'
- );
+ User::getCanonicalName( $name, $validate ===
'false' ? false : $validate ), $validate );
}
}
public static function provideGetCanonicalName() {
return [
- [ ' Trailing space ', [ 'creatable' => 'Trailing space'
], 'Trailing spaces' ],
- // @todo FIXME: Maybe the creatable name should be
'Talk:Username' or false to reject?
- [ 'Talk:Username', [ 'creatable' => 'Username',
'usable' => 'Username',
- 'valid' => 'Username', 'false' =>
'Talk:Username' ], 'Namespace prefix' ],
- [ ' name with # hash', [ 'creatable' => false, 'usable'
=> false ], 'With hash' ],
- [ 'Multi spaces', [ 'creatable' => 'Multi spaces',
- 'usable' => 'Multi spaces' ], 'Multi spaces' ],
- [ 'lowercase', [ 'creatable' => 'Lowercase' ],
'Lowercase' ],
- [ 'in[]valid', [ 'creatable' => false, 'usable' =>
false, 'valid' => false,
- 'false' => 'In[]valid' ], 'Invalid' ],
- [ 'with / slash', [ 'creatable' => false, 'usable' =>
false, 'valid' => false,
- 'false' => 'With / slash' ], 'With slash' ],
+ 'Leading space' => [ ' Leading space', [ 'creatable' =>
'Leading space' ] ],
+ 'Trailing space ' => [ 'Trailing space ', [ 'creatable'
=> 'Trailing space' ] ],
+ 'Namespace prefix' => [ 'Talk:Username', [ 'creatable'
=> false, 'usable' => false,
+ 'valid' => false, 'false' => 'Talk:Username' ]
],
+ 'Interwiki prefix' => [ 'interwiki:Username', [
'creatable' => false, 'usable' => false,
+ 'valid' => false, 'false' =>
'Interwiki:Username' ] ],
+ 'With hash' => [ 'name with # hash', [ 'creatable' =>
false, 'usable' => false ] ],
+ 'Multi spaces' => [ 'Multi spaces', [ 'creatable' =>
'Multi spaces',
+ 'usable' => 'Multi spaces' ] ],
+ 'Lowercase' => [ 'lowercase', [ 'creatable' =>
'Lowercase' ] ],
+ 'Invalid character' => [ 'in[]valid', [ 'creatable' =>
false, 'usable' => false,
+ 'valid' => false, 'false' => 'In[]valid' ] ],
+ 'With slash' => [ 'with / slash', [ 'creatable' =>
false, 'usable' => false, 'valid' => false,
+ 'false' => 'With / slash' ] ],
];
}
--
To view, visit https://gerrit.wikimedia.org/r/283775
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae
Gerrit-PatchSet: 6
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org>
Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
