| Tchanders | |
| Dec 7 2022, 11:20 PM |
| F36956234: specialblock_associated_ips_two_lists.png | |
| Apr 19 2023, 8:17 AM |
| F36956228: specialblock_associated_ips_second.png | |
| Apr 19 2023, 8:17 AM |
| F36956226: specialblock_associated_ips_initial.png | |
| Apr 19 2023, 8:17 AM |
| F36955902: T324719_IPMasking_SpecialBlock_3orMoreIPs_Click.png | |
| Apr 18 2023, 11:09 PM |
| F36955900: T324719_IPMasking_SpecialBlock_3orMoreIPs.png | |
| Apr 18 2023, 11:09 PM |
| F35845298: image.png | |
| Dec 7 2022, 11:20 PM |
Following T324602, Special:Block will display IP addresses used by a temporary account, if a temporary account is selected in the target field.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Restricted Task | |||||
| Resolved | kostajh | T294511 2021 Security Team wikireplicas audit | |||
| Declined | None | T284948 Raw IPs of logged-out users disclosed in wiki-replicas | |||
| In Progress | Niharika | T324492 Temporary accounts - MVP | |||
| Open | Niharika | T340001 [Epic] Deployment plan for Temporary Accounts | |||
| Resolved | Niharika | T348895 [Epic] Temporary accounts testwiki deployment | |||
| Resolved | Goal | Niharika | T300294 [Epic] Temporary account block workflow | ||
| Resolved | • TThoabala | T324719 In Special:Block, hide IP addresses associated with a temporary account, if there are too many | |||
| Resolved | Dreamy_Jazz | T371116 Deploy temporary accounts to test2wiki | |||
| Resolved | kostajh | T378334 Temporary Accounts: Minor pilot - Oct 29 deploy | |||
| Resolved | Tchanders | T378336 Temporary Accounts: Minor pilots - Nov 5 deploy | |||
| Open | None | T379108 Enable temporary accounts on metawiki beta |
Change 901115 had a related patch set uploaded (by TsepoThoabala; author: TsepoThoabala):
[mediawiki/extensions/CheckUser@master] In Special:Block, hide IP addresses associated with a temporary account, if there are too many
Change 901115 merged by jenkins-bot:
[mediawiki/extensions/CheckUser@master] In Special:Block, hide IP addresses associated with a temporary account, if there are too many
@TThoabala Looking good so far as seen in the screenshots. I'm just going to test a few more things and if I don't come across anything, I'll move this to Done. Thanks!
Unclick w/5 Ips
@TThoabala just some observations, not sure if any of them are important.
I notice each time I select a temporary user or click "see n more" a new .ext-checkuser-tempaccount-specialblock-ips div is created. Is this intentional? I haven't noticed any bad side-effects so far.
If you enter the username in the url (i.e. Special:Block/<username>), we don't seem to validate the username before sending the request to the temporaryaccount endpoint. For example, if you go to something like http://localhost:8080/wiki/Special:Block/*Unregistered_70%3Flimit=3 it will make the request: /w/rest.php/checkuser/v0/temporaryaccount/*Unregistered%2070?limit=3. I don't know if this is a problem. I haven't found any way to exploit this yet.
There are some circumstances where I can make two lists of associated IPs appear. If I throttle my connection and enter two users one after another quickly enough.
Steps to reproduce (on Firefox, Chrome should be very similar):
I notice each time I select a temporary user or click "see n more" a new .ext-checkuser-tempaccount-specialblock-ips div is created. Is this intentional? I haven't noticed any bad side-effects so far.
@dom_walden it looks like we are going to remove this functionality on this ticket T335253 .
I think we should create separate tickets for username validation and one for the multiple IP look ups in quick successions as they are not directly related to this patch( I think...).