Wikipedia:Request an account/Changelog

This is a summary of any technical changes that have occurred recently in the ACC Interface.

The current revision is r3086.

New Features

• Checkusers are allowed to see IP addresses in requests.
• ACCBot can respond to commands in PMs. (ACC-132)
• Tool Administrators can break any reservations on requests. (ACC-148)
• A count of current "Checkuser needed" requests is shown on statistics.php.
• Users can now filter for "Defer to checkuser" logs. (ACC-149)
• A Javascript popup box will appear when attempting to leave a request page when there is an unsubmitted comment. (ACC-150)
• Users can now filter for "SUL Taken" logs.
• When requesting an account an API check will be performed to determine if the requested name already exists in SUL. The request will not go through if the check finds a SUL account.
• E-Mail Addresses will now be hidden similarly to IP Addresses. (ACC-151)
• IP Addresses and E-Mail addresses will only show to non-tool admins and non-Checkusers if they have reserved the request or if the reserving user linked them to a specific URL in the format http://toolserver.org/~acc/acc.php?action=zoom&id=127001&hash=8b3616a71c3ef2a36b3276ede5689624. This URL will be visible only to the reserving user on a request's zoom page. (ACC-154)
• Request IDs will now be shown in outgoing E-Mails to users.
• Logs for reserving requests will now link to the request in question.

Bug fixes

• Interface and ACCBot now reports "Request X deferred to flagged users" instead of "Request X deferred to admins" when deferring a request to Account Creators. (ACC-143)
• Changed edit counter link in user management to use Soxred's edit counter instead of Interiot's edit counter which no longer works. (ACC-147)
• Prevent quotes from being added to the username box when filtering for logs.
• Comments should now look correct when they are reported by ACCBot. For example "Will this comment get \"sanitized\"?" will become "Will this comment get "sanitized"?".
• Fixed most HTML validation errors present in the interface. (ACC-11)
• Fixed an SQL injection vulnerability that was present for any usernames requested with a ' in them.
• ACCBot will not post "DCC", "CTCP", or "PRIVMSG" if it appears in comments.

Other

• "Hagger" and "Haggar" will no longer trigger the blacklist.
• Fixed an issue with links to the statistics pages in Sand.
• Search.php no longer allows E-Mail Address searching for non-admins/non-checkusers. (ACC-151)
• Cleaned up Search.php for better error handling and to hide the options for E-Mail and IP Address searching from non-admins.
• Ban management will no longer link to the EMail/IP search pages for non-admins/non-checkusers.

New features

• Added "Account Created" checkbox to custom email form that will distinguish between accounts created and not created.
• Added {{User:Hi878/Welcome}} to welcome templates list.
• Improved changing passwords in action=prefs by making it so that a user only needs to enter their old password and their new one twice to change it, instead of using the forgotten password feature.
• If a user attempts to mark a request as created where the username does not exist on the English Wikipedia, a confirmation message will appear.
• Confirmation is now added for several actions in user management.

Bug fixes

• "Preference editing" log filter changed to "Message editing".
• Ban input is now validated (IE: Checking email bans are emails, IP bans are IPs etc) ACC-57.
• When force breaking a request reservation, the request ID in the URL is checked to confirm that it is a valid request ID that is currently reserved.
• Fixed an HTML Injection vulnerability with commenting, and an SQL Injection vulnerability with renaming.
• Input is now encoded in
  ISO-8859-1
  , which will allow names in languages such as Arabic and Chinese to be handled correctly by the tool.
• Usernames with spaces in them will be correctly handled by the automatic "Taken in SUL" check with occurs when requesting.
• The links in action=zoom now work correctly for names with ampersands (&) in them.
• Whitespace is now stripped from the !count and !stats ACCBot commands.
• Invalid request IDs are now caught in action=done and action=breakreserve.
• Input into banning forms is now validated.

Other

• Requests that have been closed for a week can no longer be re-opened or reserved by non-admins. (ACC-154)
• Email searching re-enabled for non-admins.
• ~ is now caught as an invalid character by the tool.
• Fixed HTML injections in user management.
• Fixed 2 CSS validation issues.
• Requests that have been closed for a week can no longer be reopened/reserved except by tool administrators and checkusers.
• "CC to mailing list" is now checked by default in custom closes.
• The "preference editing" log filter now more accurately states "message editing".

Bug Fixes

• Fixed the message displayed when wiki functions are disabled. (stwalkerster, r3091)

New Features

• Add geolocation link. (funpika, r3080)

Other

• Hide the close links from the main page in an incredibly hacky way. (funpika, r3073)
• If a request is not reserved, don't show the links for marking as done. (funpika, r3075)
• Moving the check links out of the same area as the username, email, actual IP address, done links, etc and putting them just below. (funpika, r3077, stwalkerster, r3087, r3090)

• Removed references to configuration variable $enableReserving in config.inc.php, acc.php, functions.php. Reserving is now permanently enabled. (stwalkerster, r3081)
• Hide the "Create!" link from the main page and from unreserved requests per CR-ACC-38 (funpika, r3083)

Bug fixes

• Better handling of non-standard usernames:
  • Comments from users with non-latin usernames will now display correctly.
  • An issue with statistics pages for usernames with non-latin usernames has been fixed.
  • Apostrophes in usernames are now correctly handled.
• The user statistics page on sand was using data from live, this has been fixed.
• Creation links for usernames containing ampersands now work correctly.
• The page showing inactive users now correctly leaves out checkusers.

New features

• The request log and the comment log have been merged into one view.
• There are now new links to reset the passwords of similar users, if it appears that it may be belong to the requester.
• There is a new close type - 'Password Reset' - which sends an email to the requester telling them that the password of a similarly-named account has been reset, and asking them to reply if they did not get the password reset email.
• The tool now accepts
  XFF
  headers from trusted proxies, and displays the links for the actual IP, as well as the proxy, if applicable.

Other

• The whole tool is now valid HTML.
• The sandbox has been cleared to update the database. Users should re-register.