From 91c385e138690deeb32605cdf5465d5085b334ac Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Fri, 18 May 2018 11:59:04 +0200
Subject: [PATCH] API: Use User::getCanonicalName() when validating user names

This is a bit more interoperable than trying to roll our own by using
Title::makeTitleSafe().

We still need to handle IP addresses separately, of course.

Bug: T194916
Change-Id: Ie3900d768cbe15aef079b97d91f7fd23dc7c3e26
---
 includes/api/ApiBase.php                   | 22 ++++++++++------------
 tests/phpunit/includes/api/ApiBaseTest.php |  6 ++++++
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php
index 0802e160b1..c2483cb73c 100644
--- a/includes/api/ApiBase.php
+++ b/includes/api/ApiBase.php
@@ -1691,32 +1691,30 @@ abstract class ApiBase extends ContextSource {
 			return $value;
 		}
 
-		$titleObj = Title::makeTitleSafe( NS_USER, $value );
-
-		if ( $titleObj ) {
-			$value = $titleObj->getText();
+		$name = User::getCanonicalName( $value, 'valid' );
+		if ( $name !== false ) {
+			return $name;
 		}
 
 		if (
-			!User::isValidUserName( $value ) &&
 			// We allow ranges as well, for blocks.
-			!IP::isIPAddress( $value ) &&
+			IP::isIPAddress( $value ) ||
 			// See comment for User::isIP.  We don't just call that function
 			// here because it also returns true for things like
 			// 300.300.300.300 that are neither valid usernames nor valid IP
 			// addresses.
-			!preg_match(
+			preg_match(
 				'/^' . RE_IP_BYTE . '\.' . RE_IP_BYTE . '\.' . RE_IP_BYTE . '\.xxx$/',
 				$value
 			)
 		) {
-			$this->dieWithError(
-				[ 'apierror-baduser', $encParamName, wfEscapeWikiText( $value ) ],
-				"baduser_{$encParamName}"
-			);
+			return IP::sanitizeIP( $value );
 		}
 
-		return $value;
+		$this->dieWithError(
+			[ 'apierror-baduser', $encParamName, wfEscapeWikiText( $value ) ],
+			"baduser_{$encParamName}"
+		);
 	}
 
 	/**@}*/
diff --git a/tests/phpunit/includes/api/ApiBaseTest.php b/tests/phpunit/includes/api/ApiBaseTest.php
index e7db68eee5..bb3de4d116 100644
--- a/tests/phpunit/includes/api/ApiBaseTest.php
+++ b/tests/phpunit/includes/api/ApiBaseTest.php
@@ -995,6 +995,12 @@ class ApiBaseTest extends ApiTestCase {
 				'Foo bar',
 				[],
 			],
+			'User prefixed with "User:"' => [
+				'User:foo_bar',
+				[ ApiBase::PARAM_TYPE => 'user' ],
+				'Foo bar',
+				[],
+			],
 			'Invalid username "|"' => [
 				'|',
 				[ ApiBase::PARAM_TYPE => 'user' ],
-- 
2.20.1