Page MenuHomePhabricator
Create Task
Maniphest T32909

URL parameters for checkboxes in Special:Block no longer work
Closed, ResolvedPublic
Actions

Description

Using URL parameters to (un)check the checkboxes on Special:Block no longer works. In 1.17 and before URLs like /wiki/Special:Block/127.0.0.1?wpWatchUser=1 etc. used to work, i. e. the checkbox was checked when the page was opened. (I didn't test this myself, but an admin on de.wikipedia told me that it works.)
This worked for wpAnonOnly, wpCreateAccount, wpEnableAutoblock, wpEmailBan, wpWatchUser, wpAllowUsertalk.
While I am still able to fill the inputs for the text (expiry, reason) I can't find a way for the checkboxes, neither in 1.18 (tested in a wiki I installed from trunk a few days before the re-branch) nor in the current trunk.

Version: 1.20.x
Severity: normal

Details

Reference
bz30909

Event Timeline

bzimport raised the priority of this task from to High.Nov 21 2014, 11:57 PM
bzimport added projects: MW-1.18.0-release, MediaWiki-User-management.
bzimport set Reference to bz30909.
Schnark created this task.Sep 15 2011, 8:00 AM
duplicatebug added a comment.Sep 17 2011, 5:44 PM

HTMLTextField has no own loadDataFromRequest

HTMLCheckField has a own loadDataFromRequest and is checking there against the method of the form (r84814), but that is always 'post' and so the values from the request are not used.

Setting $form->setMethod( 'get' ); in SpecialBlock.php fixed this, but than also a validation of the input fields is done on 'get' and the special page shows a error at the first visit.

bzimport added a comment.Sep 18 2011, 8:38 PM

happy.melon.wiki wrote:

(In reply to comment #1)

Setting $form->setMethod( 'get' ); in SpecialBlock.php fixed this, but than
also a validation of the input fields is done on 'get' and the special page
shows a error at the first visit.

And more importantly would submit the form via a GET request, which has a variety of negative security implications.

duplicatebug added a comment.Sep 30 2011, 7:15 PM
  • Bug 31273 has been marked as a duplicate of this bug. ***
Anomie added a comment.Oct 10 2011, 6:52 PM

Created attachment 9210
Patch to use the request-supplied value for checkbox variables

Right now, HTMLCheckField guesses if the form is being submitted (i.e. it's a method="GET" form or it supplies wpEditToken). If not, it completely ignores the request-supplied value in favor of the form's default.

Perhaps the thing to do is to always use the request-supplied value any time there is one, as well as when it thinks the form is being submitted. This should result in the appropriate logic for forms such as Special:Block: ?wpWatch=1 forces the checkbox on, ?wpWatch=0 forces it off, and not specifying wpWatch at all gives the form default.

Attached:

diff571 BDownload

hashar added a comment.Oct 31 2011, 10:59 PM

bug 31770 most probably has the same root cause.

hashar added a comment.Nov 1 2011, 9:29 AM

Patched with r101464 pending code review.
Will need to be merged back to REL1_18.

hashar added a comment.Nov 1 2011, 10:16 AM
  • Bug 31851 has been marked as a duplicate of this bug. ***
hashar added a comment.Nov 8 2011, 3:59 PM

Marking this one as resolved. Pending merge to 1.18 for tarball release.

hashar added a comment.Nov 9 2011, 5:37 PM

merged in 1.18 by r102533

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL