mediawiki-extensions-Echo/includes
Matěj Suchánek 11b9e66f9f Disallow anonymous non-IP agents, handle truncated names
Why:
* Echo stores agents by their user id or by the name if the user
  is not registered. This works for IPs since the "event_agent_ip"
  field has limit of 39 bytes (32× [0-9A-F] + 7× colon for IPv6).
* However, it's possible to hold a user identity that is not
  an IP address, but the user name has not been or cannot be
  registered (e.g., external users). Echo wouldn't validate this
  and would attempt to insert the user name into "event_agent_ip",
  possibly causing silent truncation and data corruption.

What:
* Do not let events with such agents be saved. For now, log an
  error in the production. Wikibase, the only known source of this
  problem, has already been fixed.
* In runtime, replace every possibly corrupted user name with
  a placeholder to avoid unexpected null values and exceptions
  in production.

Bug: T367638
Change-Id: Ic2bd218b10651d13da9e9aea54dd2d668a33d946
Depends-On: I03b4367355dc5a3fc0c14aad5fdf19fbcd0caa3d
Depends-On: I92eb93983e81708b289e9f7d837884d539dade0b
2024-11-14 11:44:19 +01:00
..
Api Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
Cache Remove obsolete PHPDoc copies from fully typed constructors 2024-08-11 18:05:01 +02:00
Controller Merge "Avoid event insertion if possible" 2024-10-30 15:06:30 +00:00
Formatters Handle hidden revisions in user page edit notification 2024-11-01 09:31:17 +01:00
Gateway Remove obsolete PHPDoc copies from fully typed constructors 2024-08-11 18:05:01 +02:00
Hooks Use namespaced classes 2023-12-11 16:39:00 +01:00
Iterator Replace gettype() with get_debug_type() in exception messages etc. 2024-08-16 16:53:47 +00:00
Jobs Avoid event insertion if possible 2024-10-11 20:12:11 +02:00
Mapper Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
Model Disallow anonymous non-IP agents, handle truncated names 2024-11-14 11:44:19 +01:00
OOUI
Push Merge "Avoid event insertion if possible" 2024-10-30 15:06:30 +00:00
Special special: Check login permissions before calling execute method 2024-10-27 10:03:09 +01:00
ArrayList.php Remove obsolete PHPDoc copies from fully typed constructors 2024-08-11 18:05:01 +02:00
AttributeManager.php More specific type hints and type declarations 2024-05-16 10:32:19 +02:00
Bundleable.php Namespace some more classes 2023-08-18 21:24:59 +01:00
Bundler.php Namespace some more classes 2023-08-18 21:24:59 +01:00
CachedList.php Use namespaced classes 2024-10-20 00:55:03 +02:00
ConfigNames.php Avoid use of globals for reading config in hooks 2023-10-29 15:41:21 +05:30
ContainmentList.php Namespace some more classes 2023-08-18 21:24:59 +01:00
ContainmentSet.php Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
DataOutputFormatter.php Use namespaced classes 2024-10-20 00:55:03 +02:00
DbFactory.php Replace deprecated usage of wfGetDB 2024-02-13 20:22:33 +01:00
DeferredMarkAsDeletedUpdate.php Use namespaced classes 2023-12-11 16:39:00 +01:00
DiffGroup.php Namespace a few more classes 2023-08-18 21:48:15 +01:00
DiffParser.php Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
DiscussionParser.php Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
EmailBatch.php Use namespaced classes 2024-10-20 00:55:03 +02:00
EmailFormat.php Namespace some more classes 2023-08-18 21:24:59 +01:00
EmailFrequency.php Namespace some more classes 2023-08-18 21:24:59 +01:00
ForeignNotifications.php Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
ForeignWikiRequest.php Use namespaced classes 2024-10-20 00:55:03 +02:00
Hooks.php Use namespaced classes 2024-10-20 00:55:03 +02:00
Notifier.php Avoid event insertion if possible 2024-10-11 20:12:11 +02:00
NotifUser.php Use namespaced classes 2024-10-20 00:55:03 +02:00
OnWikiList.php Use namespaced classes 2024-10-20 00:55:03 +02:00
ResourceLoaderEchoImageModule.php Replace empty() with falsy check 2023-10-22 11:12:41 +02:00
SchemaHooks.php Use namespaced classes 2024-06-12 20:31:47 +02:00
SeenTime.php Use namespaced classes 2024-10-20 00:55:03 +02:00
Services.php Remove obsolete PHPDoc copies from fully typed constructors 2024-08-11 18:05:01 +02:00
SummaryParser.php Use explicit nullable type on parameter arguments (for PHP 8.4) 2024-10-26 15:05:13 +02:00
SuppressionRowUpdateGenerator.php More specific type hints and type declarations 2024-05-16 10:32:19 +02:00
UnreadWikis.php Migrate to IReadableDatabase::newSelectQueryBuilder 2024-04-28 01:05:10 +02:00
UserLocator.php More specific type hints and type declarations 2024-05-16 10:32:19 +02:00
UserMergeHooks.php Revert "Suppress phan errors caused by UserMerge undeploy" 2024-05-14 08:40:50 +00:00