https://bugzilla.wikimedia.org/show_bug.cgi?id=40648
Web browser: ---
Bug #: 40648
Summary: can't validate username against blocking extensions
like AntiSpoof
Product: MediaWiki
Version: 1.20-git
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: User login
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Classification: Unclassified
Mobile Platform: ---
The AntiSpoof extension blocks usernames that use certain Unicode ranges, are
all letters or punctuation, usernames that "l0ok l1ke" existing usernames, etc.
But MediaWiki only hooks into it *while* it is creating a new user account
(with the AbortNewAccount hook). Because MW does not run a hook on
User::isValidUserName() or variants like User::getCanonicalName('creatable'),
there is no way for a validating account creation form to check if a username
will be rejected by AntiSpoof before the user submits it. This reduces the
effectiveness of the improved account creation that the E3 team is exploring.
The simplest fix is to introduce a new isUsableUsername hook that User.php runs
from User::isUsableName(), and adapt AntiSpoof (and similar extensions like
Minimum Name Length extension, etc.) to respond to it with similar code to its
AbortNewAccount hook.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
