git.heureux-cyclage.org - lhc/web/wiklou.git/commit

dépôts / lhc / web / wiklou.git / commit

author	Brad Jorsch <bjorsch@wikimedia.org>
	Tue, 19 Dec 2017 14:56:16 +0000 (09:56 -0500)
committer	Brad Jorsch <bjorsch@wikimedia.org>
	Tue, 19 Dec 2017 15:03:11 +0000 (10:03 -0500)
commit	162af2aba0a60c29a5a1262208f1a9a22740c299
tree	6f68e7bdb32b08bb56bd3c30b22a0ae2788e0904	tree \| snapshot
parent	3f484f6241a104338f1f7408b859374505cb0aa8	commit \| diff

ApiBlock: Improve username validation

The current username validation lets any invalid username through, on
the assumption that it's an IP address. We can do better: call the
backend to get the actual type and target, and reject anything with
TYPE_USER where the actual input name is invalid (regardless of
underlying mangling for stuff like T31797).

Bug: T183211
Change-Id: I676642eee1222447df22a1c32b24f55e6273bcec

includes/api/ApiBlock.php

diff | blob | history

Wiklou, le Wiki du Wiklou

RSS Atom