jenkins-bot has submitted this change and it was merged. Change subject: Reject usernames with namespace or interwiki prefixes ......................................................................
Reject usernames with namespace or interwiki prefixes User::getCanonicalName silently stripped namepace/iw prefixes, resulting in weird behavior (e.g. entering 'Template:Foo' in the registration form username field was accepted, but user 'Foo' was created). Explicitly reject such names instead. Also remove leading whitespace from test cases testing for something else. Bug: T94656 Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae --- M includes/user/User.php M tests/phpunit/includes/user/UserTest.php 2 files changed, 34 insertions(+), 18 deletions(-) Approvals: Anomie: Looks good to me, but someone else must approve Legoktm: Looks good to me, approved jenkins-bot: Verified diff --git a/includes/user/User.php b/includes/user/User.php index 04eba97..c1e096b 100644 --- a/includes/user/User.php +++ b/includes/user/User.php @@ -1070,9 +1070,9 @@ // Clean up name according to title rules, // but only when validation is requested (bug 12654) $t = ( $validate !== false ) ? - Title::newFromText( $name ) : Title::makeTitle( NS_USER, $name ); + Title::newFromText( $name, NS_USER ) : Title::makeTitle( NS_USER, $name ); // Check for invalid titles - if ( is_null( $t ) ) { + if ( is_null( $t ) || $t->getNamespace() !== NS_USER || $t->isExternal() ) { return false; } diff --git a/tests/phpunit/includes/user/UserTest.php b/tests/phpunit/includes/user/UserTest.php index 88bb328..c9b6929 100644 --- a/tests/phpunit/includes/user/UserTest.php +++ b/tests/phpunit/includes/user/UserTest.php @@ -342,30 +342,46 @@ * @covers User::getCanonicalName() * @dataProvider provideGetCanonicalName */ - public function testGetCanonicalName( $name, $expectedArray, $msg ) { + public function testGetCanonicalName( $name, $expectedArray ) { + // fake interwiki map for the 'Interwiki prefix' testcase + $this->mergeMwGlobalArrayValue( 'wgHooks', [ + 'InterwikiLoadPrefix' => [ + function ( $prefix, &$iwdata ) { + if ( $prefix === 'interwiki' ) { + $iwdata = [ + 'iw_url' => 'http://example.com/', + 'iw_local' => 0, + 'iw_trans' => 0, + ]; + return false; + } + }, + ], + ] ); + foreach ( $expectedArray as $validate => $expected ) { $this->assertEquals( $expected, - User::getCanonicalName( $name, $validate === 'false' ? false : $validate ), - $msg . ' (' . $validate . ')' - ); + User::getCanonicalName( $name, $validate === 'false' ? false : $validate ), $validate ); } } public static function provideGetCanonicalName() { return [ - [ ' Trailing space ', [ 'creatable' => 'Trailing space' ], 'Trailing spaces' ], - // @todo FIXME: Maybe the creatable name should be 'Talk:Username' or false to reject? - [ 'Talk:Username', [ 'creatable' => 'Username', 'usable' => 'Username', - 'valid' => 'Username', 'false' => 'Talk:Username' ], 'Namespace prefix' ], - [ ' name with # hash', [ 'creatable' => false, 'usable' => false ], 'With hash' ], - [ 'Multi spaces', [ 'creatable' => 'Multi spaces', - 'usable' => 'Multi spaces' ], 'Multi spaces' ], - [ 'lowercase', [ 'creatable' => 'Lowercase' ], 'Lowercase' ], - [ 'in[]valid', [ 'creatable' => false, 'usable' => false, 'valid' => false, - 'false' => 'In[]valid' ], 'Invalid' ], - [ 'with / slash', [ 'creatable' => false, 'usable' => false, 'valid' => false, - 'false' => 'With / slash' ], 'With slash' ], + 'Leading space' => [ ' Leading space', [ 'creatable' => 'Leading space' ] ], + 'Trailing space ' => [ 'Trailing space ', [ 'creatable' => 'Trailing space' ] ], + 'Namespace prefix' => [ 'Talk:Username', [ 'creatable' => false, 'usable' => false, + 'valid' => false, 'false' => 'Talk:Username' ] ], + 'Interwiki prefix' => [ 'interwiki:Username', [ 'creatable' => false, 'usable' => false, + 'valid' => false, 'false' => 'Interwiki:Username' ] ], + 'With hash' => [ 'name with # hash', [ 'creatable' => false, 'usable' => false ] ], + 'Multi spaces' => [ 'Multi spaces', [ 'creatable' => 'Multi spaces', + 'usable' => 'Multi spaces' ] ], + 'Lowercase' => [ 'lowercase', [ 'creatable' => 'Lowercase' ] ], + 'Invalid character' => [ 'in[]valid', [ 'creatable' => false, 'usable' => false, + 'valid' => false, 'false' => 'In[]valid' ] ], + 'With slash' => [ 'with / slash', [ 'creatable' => false, 'usable' => false, 'valid' => false, + 'false' => 'With / slash' ] ], ]; } -- To view, visit https://gerrit.wikimedia.org/r/283775 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idfb22f998cb069fca24abcf5809afd6e0324b0ae Gerrit-PatchSet: 6 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Anomie <bjor...@wikimedia.org> Gerrit-Reviewer: Gergő Tisza <gti...@wikimedia.org> Gerrit-Reviewer: Legoktm <legoktm.wikipe...@gmail.com> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits