jenkins-bot has submitted this change and it was merged. Change subject: (bug 44202) Account creation through API no longer leaks IP address of account creator ......................................................................
(bug 44202) Account creation through API no longer leaks IP address of account creator This happens when an anonymous user wants to create an account for himself through the API. This is due to the fact that User::addNewUserLogEntry() was always using $wgUser as performer, but the API does not replace $wgUser by the newly created user object when the peformer is an anonymous user. Changed User::addNewUserLogEntry() to directly take the log action as first parameter, rather than a boolean value saying whether the password was sent by e-mail or not, and force the performer to be the user itself in the log action is "create". This avoids such problems in that case, no matter the value of $wgUser, and it makes this parameter much more readable that the old one. Backward compatibility is maintained. Creating an user and sending its password by e-mail will still log the performer's IP address in the log if this is made by an anonymous user. Finally the second parameter of the AddNewAccount is now correct when creating an account from the API, it was always false previously. Change-Id: I188ecf420b85e9d1dab6fb933ed50d5f58532109 --- M includes/User.php M includes/api/ApiCreateAccount.php M includes/specials/SpecialUserlogin.php 3 files changed, 49 insertions(+), 19 deletions(-) Approvals: Anomie: Looks good to me, approved jenkins-bot: Verified -- To view, visit https://gerrit.wikimedia.org/r/44966 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I188ecf420b85e9d1dab6fb933ed50d5f58532109 Gerrit-PatchSet: 4 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: IAlex <[email protected]> Gerrit-Reviewer: Aaron Schulz <[email protected]> Gerrit-Reviewer: Anomie <[email protected]> Gerrit-Reviewer: IAlex <[email protected]> Gerrit-Reviewer: Parent5446 <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
