robchurch@svn.leuksman.com wrote:
Revision: 13955
[snip]
$wgUser = $u;
$wgUser->setCookies();
[snip]
wfRunHooks( 'AddNewAccount', array( $u ) );# Call hooks
Calling the hook here, now before $wgUser is set, caused a privacy leak for a few minutes. IP addresses of people registering new accounts were broadcast on Recent Changes and the IRC feeds until the change was reverted.
I've removed the offending entries from the recentchanges tables.
-- brion vibber (brion @ pobox.com)
On 30/04/06, Brion Vibber brion@pobox.com wrote:
robchurch@svn.leuksman.com wrote:
Revision: 13955
[snip]
$wgUser = $u;
$wgUser->setCookies();
[snip]
# Call hooks wfRunHooks( 'AddNewAccount', array( $u ) );
Calling the hook here, now before $wgUser is set, caused a privacy leak for a few minutes. IP addresses of people registering new accounts were broadcast on Recent Changes and the IRC feeds until the change was reverted.
I've removed the offending entries from the recentchanges tables.
Well, "oh fuck" seems like a good first response. Closely followed by, "I've fixed this again in r13971, holding back on calling hooks until an appropriate time. Testing with Newuserlog (which I suspect is the reason all hell broke loose) shows it now works as expected."
On a more serious note; clearly this is a more direct cockup than I've made so far, so I'll apologise profusely for it. If someone could double and triple check that commit before taking it live, I'd be extremely grateful.
Rob Church
wikitech-l@lists.wikimedia.org