Discovered for AbuseFilter (Special:AbuseFilter/import) while testing apache builds in CI (example).
The form has the action set to the full URL of Special:AbuseFilter/new, where it POSTs the import data. If this url uses the ?title= variant (e.g. 127.0.0.1:9413/index.php?title=Special:AbuseFilter/new), as opposed to e.g. //localhost/pedia/index.php/Special:AbuseFilter/new, submitting the form will leave the user on the import page.
This happens because the form has a hidden title input whose value is Special:AbuseFilter/import, and this takes precedence over the query string in the action.
You can easily reproduce this bug by:
- Going to Special:AbuseFilter/import
- Manually changing the form action to use the "title=" variant
- Add any text into the field and submit
In particular, an exception will be thrown due to HTMLForm mishandling, but the root cause is that we're actually showing the wrong special page (/import).
I think one possible fix might be to conditionally set the title input like we do for GET forms, see here. I'm not very familiar with HTMLForm though, so deferring to someone else.