From 5e667a6b56929fe3141749189d642de5a9a32463 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 29 Sep 2009 17:27:21 +0000 Subject: [PATCH] Fix regression from r54429 "(bug 17864 + bug 19519) - Do input normalization on the username before doing existence/permission checks" This did some overactive canonicalization of the input username before username and database were split, breaking access to remote users where the database name contained an underscore -- it was changed to space. This would also have broken numeric access, I think, but I didn't bother to test that. :) Fix moves the username canonicalization down into fetchUser() after we split the name and database, so we now can access remote folks via non-canonical forms and we don't break the dbnames. --- includes/specials/SpecialUserrights.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/includes/specials/SpecialUserrights.php b/includes/specials/SpecialUserrights.php index cd10217a5a..d3c9a31aa1 100644 --- a/includes/specials/SpecialUserrights.php +++ b/includes/specials/SpecialUserrights.php @@ -54,7 +54,6 @@ class UserrightsPage extends SpecialPage { } else { $this->mTarget = $wgRequest->getVal( 'user' ); } - $this->mTarget = User::getCanonicalName( $this->mTarget ); /* * If the user is blocked and they only have "partial" access @@ -312,6 +311,12 @@ class UserrightsPage extends SpecialPage { if( !$name ) { return new WikiErrorMsg( 'noname' ); } + } else { + $name = User::getCanonicalName( $name ); + if( !$name ) { + // invalid name + return new WikiErrorMsg( 'nosuchusershort', $username ); + } } if( $database == '' ) { -- 2.20.1