Page MenuHomePhabricator

The ReturnTo query parameter of Special:UserLogin skips array-valued parameters
Closed, ResolvedPublic

Description

Author: it_is_me_here

Description:
See https://en.wikipedia.org/wiki/User_talk:Anomie#User_script. If you aren't logged in on a particular browser, then you paste in a Wikimedia URL that is only accessible to Admins/whatever and that includes doing an action (e.g. deleting) on multiple items (log entries, old versions of pages, etc.), and then you log in and click "return to X", you get an error message. An example of such a URL is https://en.wikipedia.org/w/index.php?title=Wikipedia%3ASandbox&action=historysubmit&revisiondelete=1&diff=477738682&ids%5B477738682%5D=1&oldid=477736475&ids%5B477736475%5D=1&ids%5B477734577%5D=1. The error message you get when trying to return to the page is:

"Invalid target revision: You have either not specified a target revision(s) to perform this function, the specified revision does not exist, or you are attempting to hide the current revision.
Return to Main Page."

If you are already logged in, pasting in the URL works fine.


Version: 1.19
Severity: normal

Details

Reference
bz34521

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 12:13 AM
bzimport set Reference to bz34521.
bzimport added a subscriber: Unknown Object (MLST).

it_is_me_here wrote:

I've now found another example of this. If you are editing the section of a page whilst logged out (e.g. [https://en.wikipedia.org/w/index.php?title=Kentucky_Constitution&action=edit&section=2]), click the "logged in" link from [https://en.wikipedia.org/wiki/MediaWiki:Anoneditwarning], then the URL you are led to is [https://en.wikipedia.org/w/index.php?title=Special:UserLogin&returnto=Kentucky_Constitution&returntoquery=action%3Dedit] and, sure enough, you will be taken back, upon logging in, to [https://en.wikipedia.org/w/index.php?title=Kentucky_Constitution&action=edit] (i.e. without the section-edit bit).

Benny investigated this bug and tracked it down to a bug in WebRequest::getValues(). This function claims not to apply any transformations to its input, but that's a lie, it calls getVal() which strips out arrays.

Fixed in r113545.