User:DWalden (WMF)/T324603
Permissions and Validation
edit(N.B. Each row may represent more than on test condition)
Performer | Rights | Prefs | Blocked | Target | Type | Suppressed | Revision | Result |
---|---|---|---|---|---|---|---|---|
Admin | all except cta[1] | n/a | no | *Unregistered {1,2,3}, Admin | Mixed | mixed | mixed | "You do not have permission to perform the action" |
Adam | none | n/a | no | *Unregistered {1,2,3}, Admin | Mixed | mixed | mixed | "You do not have permission to perform the action" |
Admin | all | off | no | *Unregistered {1,2,3}, Admin | Mixed | mixed | mixed | "You do not have permission to perform the action" |
Adam | cta | off | no | *Unregistered {1,2,3}, Admin | Mixed | mixed | mixed | "You do not have permission to perform the action" |
Adam | cta | on | no | *Unregistered 1 | Temp | no | hidden | See IP |
Adam | cta | on | no | *Unregistered 1 | Temp | yes | suppressed | See IP |
Admin | all | on | no | *Unregistered 1 | Temp | yes | suppressed | See IP |
Admin | all | on | no | *Unregistered 2 | Temp | no | normal | See IP |
Adam | cta | on | no | *Unregistered 2 | Temp | no | normal | See IP |
Admin | all | on | no | *Unregistered 3 | Nonexistent | n/a | n/a | "The specified user (*Unregistered 3) does not exist" |
Adam | cta | on | no | *Unregistered 3 | Nonexistent | n/a | n/a | "The specified user (*Unregistered 3) does not exist" |
Admin | all | on | no | Admin | Regular | no | regular | "The specified username (Admin) is invalid" |
Adam | cta | on | no | Admin | Regular | no | regular | "The specified username (Admin) is invalid" |
Admin | all | on | no | 172.18.0.1 | Anon | n/a | mixed? | "The specified username (172.18.0.1) is invalid" |
Adam | cta | on | no | 172.18.0.1 | Anon | n/a | mixed? | "The specified username (172.18.0.1) is invalid" |
Admin | all | on | yes | *Unregistered {1,2,3}, Admin, 172.18.0.1 | Mixed | mixed | mixed | "You do not have permission to perform the action because your account is blocked" |
Adam | cta | on | yes | *Unregistered {1,2,3}, Admin, 172.18.0.1 | Mixed | mixed | mixed | "You do not have permission to perform the action because your account is blocked" |
- ↑ cta = checkuser-temporary-account
With $wgAutoCreateTempUser['enabled'] = false;
Performer | Rights | Prefs | Blocked | Target | Type | Suppressed | Revision | Result |
---|---|---|---|---|---|---|---|---|
Admin | all | on | no | 172.18.0.1 | Anon | no | regular | "The specified username (172.18.0.1) is invalid" |
Admin | all | on | no | Admin | Regular | no | regular | "The specified username (Admin) is invalid" |
Admin | all | on | no | *Unregistered 1 | Nonexistent | n/a | n/a | "The specified username (*Unregistered 1) is invalid" |
Information disclosure
editNot info disclosure:
- I see $ip1 for $rev1 and $tempuser1
- Admin suppresses $tempuser1 with autoblock (if this is possible)
- I cannot see $ip1 for $rev1, so I conclude $tempuser1 uses $ip1
Not info disclosure:
- I see $ip1 for $tempuser1
- Admin suppresses $tempuser1 with autoblock (if this is possible)
- I cannot see $ip1 for $tempuser1
Info disclosure?:
- I see $ip1 for $tempuser1
- Admin suppresses $nameduser1 with autoblock on $ip1
- I cannot see $ip1 for $tempuser1
- Except I would not be blocked from $tempuser1 revisions, so I would see $ip1
Info disclosure?:
- I see $ip1 for $tempuser1 and $rev1
- Admin suppresses $rev1
- I cannot see $ip1 for $tempuser1 and $rev1
- I know that $ip1 made edit $rev1
- But I knew that anyway
Info disclosure?:
- I see $ip1 for $tempuser1 (but I don't know it is $rev1)
- Admin suppresses $rev1
- I cannot see $ip1 for $tempuser1
- I know that $ip1 made edit $rev1
- But I could have found that out before with the rev api endpoint