From 792c38f4242fc8c90454ee6297e9614b5eeeb7c9 Mon Sep 17 00:00:00 2001 From: Roan Kattouw Date: Sun, 20 Nov 2011 10:55:58 +0000 Subject: [PATCH] =?utf8?q?(bug=2026854)=20Invalid=20user=20names=20go=20un?= =?utf8?q?checked.=20Applied=20most=20of=20the=20patch=20submitted=20by=20?= =?utf8?q?S=C3=B8ren=20L=C3=B8vborg,=20checking=20for=20null=20return=20va?= =?utf8?q?lues=20from=20User::newFromName()?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- CREDITS | 1 + includes/Article.php | 2 +- includes/EditPage.php | 2 +- includes/Skin.php | 2 +- includes/WikiPage.php | 4 +++- includes/api/ApiBase.php | 2 +- includes/job/DoubleRedirectJob.php | 1 + includes/job/EnotifNotifyJob.php | 1 + includes/specials/SpecialBlockme.php | 1 + maintenance/changePassword.php | 2 +- maintenance/cleanupSpam.php | 3 +++ maintenance/deleteBatch.php | 3 +++ maintenance/deleteDefaultMessages.php | 3 +++ maintenance/moveBatch.php | 3 +++ maintenance/protect.php | 4 ++++ maintenance/reassignEdits.php | 3 +++ maintenance/undelete.php | 3 +++ 17 files changed, 34 insertions(+), 6 deletions(-) diff --git a/CREDITS b/CREDITS index 3fa6e1d9e8..437ccd7956 100644 --- a/CREDITS +++ b/CREDITS @@ -163,6 +163,7 @@ following names for their contribution to the product. * Scott Colcord * Simon Walker * Solitarius +* Søren Løvborg * Stefano Codari * Str4nd * svip diff --git a/includes/Article.php b/includes/Article.php index 0b5f7d0834..6901165600 100644 --- a/includes/Article.php +++ b/includes/Article.php @@ -928,7 +928,7 @@ class Article extends Page { $user = User::newFromName( $rootPart, false /* allow IP users*/ ); $ip = User::isIP( $rootPart ); - if ( !$user->isLoggedIn() && !$ip ) { # User does not exist + if ( !($user && $user->isLoggedIn()) && !$ip ) { # User does not exist $wgOut->wrapWikiMsg( "
\n\$1\n
", array( 'userpage-userdoesnotexist-view', wfEscapeWikiText( $rootPart ) ) ); } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked diff --git a/includes/EditPage.php b/includes/EditPage.php index cad6503594..05374062e4 100644 --- a/includes/EditPage.php +++ b/includes/EditPage.php @@ -1475,7 +1475,7 @@ class EditPage { $username = $parts[0]; $user = User::newFromName( $username, false /* allow IP users*/ ); $ip = User::isIP( $username ); - if ( !$user->isLoggedIn() && !$ip ) { # User does not exist + if ( !($user && $user->isLoggedIn()) && !$ip ) { # User does not exist $wgOut->wrapWikiMsg( "
\n$1\n
", array( 'userpage-userdoesnotexist', wfEscapeWikiText( $username ) ) ); } elseif ( $user->isBlocked() ) { # Show log extract if the user is currently blocked diff --git a/includes/Skin.php b/includes/Skin.php index 43176f2945..26de63cd8c 100644 --- a/includes/Skin.php +++ b/includes/Skin.php @@ -269,7 +269,7 @@ abstract class Skin extends ContextSource { $this->mRelevantUser = User::newFromName( $rootUser, false ); } else { $user = User::newFromName( $rootUser, false ); - if ( $user->isLoggedIn() ) { + if ( $user && $user->isLoggedIn() ) { $this->mRelevantUser = $user; } } diff --git a/includes/WikiPage.php b/includes/WikiPage.php index fff85cec77..8bfc4e19fa 100644 --- a/includes/WikiPage.php +++ b/includes/WikiPage.php @@ -2322,7 +2322,9 @@ class WikiPage extends Page { # User talk pages if ( $title->getNamespace() == NS_USER_TALK ) { $user = User::newFromName( $title->getText(), false ); - $user->setNewtalk( false ); + if ( $user ) { + $user->setNewtalk( false ); + } } # Image redirects diff --git a/includes/api/ApiBase.php b/includes/api/ApiBase.php index 2627b357f7..3613a6cc5d 100644 --- a/includes/api/ApiBase.php +++ b/includes/api/ApiBase.php @@ -1301,7 +1301,7 @@ abstract class ApiBase extends ContextSource { public function getWatchlistUser( $params ) { if ( !is_null( $params['owner'] ) && !is_null( $params['token'] ) ) { $user = User::newFromName( $params['owner'], false ); - if ( !$user->getId() ) { + if ( !($user && $user->getId()) ) { $this->dieUsage( 'Specified user does not exist', 'bad_wlowner' ); } $token = $user->getOption( 'watchlisttoken' ); diff --git a/includes/job/DoubleRedirectJob.php b/includes/job/DoubleRedirectJob.php index f9918831d9..2b7cd7c8f8 100644 --- a/includes/job/DoubleRedirectJob.php +++ b/includes/job/DoubleRedirectJob.php @@ -180,6 +180,7 @@ class DoubleRedirectJob extends Job { function getUser() { if ( !self::$user ) { self::$user = User::newFromName( wfMsgForContent( 'double-redirect-fixer' ), false ); + # FIXME: newFromName could return false on a badly configured wiki. if ( !self::$user->isLoggedIn() ) { self::$user->addToDatabase(); } diff --git a/includes/job/EnotifNotifyJob.php b/includes/job/EnotifNotifyJob.php index 8545043f0c..eb154eced0 100644 --- a/includes/job/EnotifNotifyJob.php +++ b/includes/job/EnotifNotifyJob.php @@ -24,6 +24,7 @@ class EnotifNotifyJob extends Job { $editor = User::newFromId( $this->params['editorID'] ); // B/C, only the name might be given. } else { + # FIXME: newFromName could return false on a badly configured wiki. $editor = User::newFromName( $this->params['editor'], false ); } $enotif->actuallyNotifyOnPageChange( diff --git a/includes/specials/SpecialBlockme.php b/includes/specials/SpecialBlockme.php index 95f92f494a..ebfe07e677 100644 --- a/includes/specials/SpecialBlockme.php +++ b/includes/specials/SpecialBlockme.php @@ -45,6 +45,7 @@ class SpecialBlockme extends UnlistedSpecialPage { } $user = User::newFromName( wfMsgForContent( 'proxyblocker' ) ); + # FIXME: newFromName could return false on a badly configured wiki. if ( !$user->isLoggedIn() ) { $user->addToDatabase(); } diff --git a/maintenance/changePassword.php b/maintenance/changePassword.php index ef87dfbdb5..cfcac40670 100644 --- a/maintenance/changePassword.php +++ b/maintenance/changePassword.php @@ -43,7 +43,7 @@ class ChangePassword extends Maintenance { } else { $this->error( "A \"user\" or \"userid\" must be set to change the password for" , true ); } - if ( !$user->getId() ) { + if ( !$user || !$user->getId() ) { $this->error( "No such user: " . $this->getOption( 'user' ), true ); } try { diff --git a/maintenance/cleanupSpam.php b/maintenance/cleanupSpam.php index 8561281dd9..b11a8f382b 100644 --- a/maintenance/cleanupSpam.php +++ b/maintenance/cleanupSpam.php @@ -36,6 +36,9 @@ class CleanupSpam extends Maintenance { $username = wfMsg( 'spambot_username' ); $wgUser = User::newFromName( $username ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } // Create the user if necessary if ( !$wgUser->getId() ) { $wgUser->addToDatabase(); diff --git a/maintenance/deleteBatch.php b/maintenance/deleteBatch.php index 14db16425a..2b0026d777 100644 --- a/maintenance/deleteBatch.php +++ b/maintenance/deleteBatch.php @@ -63,6 +63,9 @@ class DeleteBatch extends Maintenance { $this->error( "Unable to read file, exiting", true ); } $wgUser = User::newFromName( $user ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } $dbw = wfGetDB( DB_MASTER ); # Handle each entry diff --git a/maintenance/deleteDefaultMessages.php b/maintenance/deleteDefaultMessages.php index a33921b108..5093871786 100644 --- a/maintenance/deleteDefaultMessages.php +++ b/maintenance/deleteDefaultMessages.php @@ -56,6 +56,9 @@ class DeleteDefaultMessages extends Maintenance { # in order to hide it in RecentChanges. global $wgUser; $wgUser = User::newFromName( $user ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } $wgUser->addGroup( 'bot' ); # Handle deletion diff --git a/maintenance/moveBatch.php b/maintenance/moveBatch.php index 9b9f910519..6ecc775e5a 100644 --- a/maintenance/moveBatch.php +++ b/maintenance/moveBatch.php @@ -67,6 +67,9 @@ class MoveBatch extends Maintenance { $this->error( "Unable to read file, exiting", true ); } $wgUser = User::newFromName( $user ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } # Setup complete, now start $dbw = wfGetDB( DB_MASTER ); diff --git a/maintenance/protect.php b/maintenance/protect.php index aab84d6879..c3043967d4 100644 --- a/maintenance/protect.php +++ b/maintenance/protect.php @@ -47,6 +47,10 @@ class Protect extends Maintenance { } $wgUser = User::newFromName( $userName ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } + $restrictions = array( 'edit' => $protection, 'move' => $protection ); $t = Title::newFromText( $this->getArg() ); diff --git a/maintenance/reassignEdits.php b/maintenance/reassignEdits.php index 20de17e6e5..3830fe382e 100644 --- a/maintenance/reassignEdits.php +++ b/maintenance/reassignEdits.php @@ -160,6 +160,9 @@ class ReassignEdits extends Maintenance { $user->setName( $username ); } else { $user = User::newFromName( $username ); + if ( !$user ) { + $this->error( "Invalid username", true ); + } } $user->load(); return $user; diff --git a/maintenance/undelete.php b/maintenance/undelete.php index 7213d096a9..1c3b14a567 100644 --- a/maintenance/undelete.php +++ b/maintenance/undelete.php @@ -44,6 +44,9 @@ class Undelete extends Maintenance { $this->error( "Invalid title", true ); } $wgUser = User::newFromName( $user ); + if ( !$wgUser ) { + $this->error( "Invalid username", true ); + } $archive = new PageArchive( $title ); $this->output( "Undeleting " . $title->getPrefixedDBkey() . '...' ); $archive->undelete( array(), $reason ); -- 2.20.1