Last modified: 2013-11-12 17:32:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T46202, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 44202 - Account creation through API leaks account creator's IP address
Account creation through API leaks account creator's IP address
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
API (Other open bugs)
1.21.x
All All
: High major (vote)
: ---
Assigned To: Alexandre Emsenhuber [IAlex]
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-21 11:03 UTC by Alexandre Emsenhuber [IAlex]
Modified: 2013-11-12 17:32 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Alexandre Emsenhuber [IAlex] 2013-01-21 11:03:32 UTC 
When creating an account through the API from an anonymous user, its IP address is publicly accessible the new users log as action performer. In such case, it contains entries like this:

User account TestApiCreate (Talk | contribs | block) was created by ::1 (Talk | block)

It should be instead:

User account TestApiCreate (Talk | contribs | block) was created

and the user itself should be logged as action performer.

A patch will come soon to fix this.
Comment 1 Alexandre Emsenhuber [IAlex] 2013-01-21 11:06:22 UTC 
Proposed fix in Gerrit change #44966.
Comment 2 Brad Jorsch 2013-01-21 22:31:55 UTC 
Change merged.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links