Page MenuHomePhabricator
Create Task
Maniphest T35853

Can register usernames that could be potentially valid IPv6 addresses
Open, MediumPublicBUG REPORT
Actions

Description

It has been reported on Wikipedia that MediaWiki does not prevent the creation of users with usernames that could be potentially valid IPv6 addresses, and that MediaWiki treats 2001:db8 like 2001:db8::. Furthermore, MediaWiki does not effectively deal with usernames which already are potentially valid IPv6 addresses.

Version: 1.24rc
Severity: major

Details

Reference
bz33853
SubjectRepoBranchLines +/-
Disallow usernames that look like IPv6 addressesmediawiki/coremaster+128 -49
Customize query in gerrit
TitleReferenceAuthorSource BranchDest Branch
maintain-kubeusers: bump service quota for wikibugsrepos/cloud/toolforge/toolforge-deploy!210bd808work/bd808/T358538main
Customize query in GitLab

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:59 PM
bzimport added projects: MediaWiki-User-login-and-signup, IPv6.
bzimport set Reference to bz33853.
bzimport added a subscriber: Unknown Object (MLST).
Jasper created this task.Jan 21 2012, 1:55 AM
aaron added a comment.Feb 13 2012, 8:42 PM

I've tested 1.19 and can't seem to create IPv6 usernames.

Current IPv6 names must be migrated, which will be easier when bug 31863 is fixed.

Aklapper added a comment.Jun 19 2014, 1:30 PM

I created a user named 8000:63bf:3fff:fdd2:
on mediawiki.org today so I guess this ticket is still valid.

Jasper added a comment.Jun 19 2014, 4:04 PM

That's not a valid IPv6 address, it's missing a colon at the end.

Aklapper changed the subtype of this task from "Task" to "Bug Report".Feb 15 2022, 9:39 PM
Aklapper removed a subscriber: wikibugs-l-list.
Winston_Sung merged a task: T39884: Do not allow usernames which look like IPv6 addresses.May 3 2023, 9:42 AM
Winston_Sung added subscribers: ToAruShiroiNeko, Krenair, Nemo_bis and 2 others.
gerritbot added a comment.May 8 2023, 6:33 AM

Change 12782 had a related patch set uploaded (by Winston Sung; author: Platonides):

[mediawiki/core@master] Disallow usernames that look like IPv6 addresses

https://gerrit.wikimedia.org/r/12782

gerritbot added a project: Patch-For-Review.May 8 2023, 6:33 AM
Winston_Sung edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.May 8 2023, 6:34 AM
Winston_Sung added a subtask: T39884: Do not allow usernames which look like IPv6 addresses.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL