https://bugzilla.wikimedia.org/show_bug.cgi?id=54677
Web browser: ---
Bug ID: 54677
Summary: Do account creation checks when creating users
Product: MediaWiki extensions
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: OpenID
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Mobile Platform: ---
It doesn't look like SpecialOpenIDLogin.body.php is doing the same checks that
MediaWiki core is doing on account creation. I'm not sure if vandals could
abuse this, but it would be good to check.
Specific checks that need to happen (apologies if I've missed these somewhere
else):
* Username needs to valid against the 'creatable' checks, so some thing like
$u = User::newFromName( $name, 'creatable' );
if ( !is_object( $u ) ) {
return null;
* The AbortNewAccount hook should be run
* IP throttle needs to be checked
* Make sure the email passes Sanitizer::validateEmail()
Thanks!
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
