UploadWizard can directly upload images from Flickr (using an in-app selection dialog and server-side upload), with a license check, but license checking happens in Javascript and a malicious user could easily fake it. Because of that the Flickr upload feature has been limited to some privileged user groups on Commons (and now apparently they broke it even for those people with an abuse filter). It would be nice to do the check on the server side (see T89131: Server side flickr review) but as a temporary workaround at least stop it from claiming the image is verified (use the flickrreview template instead of FlickrVerifiedByUploadWizard) which would unbreak the upload process and make it possible to enable the upload UI to everyone. It should still be fine to add FlickrVerifiedByUploadWizard if the account is trusted, however (for example administrators).
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | kaldari | T90004 Enable Flickr import for all users on Commons | |||
Resolved | kaldari | T100062 Do not put "verified" template on UploadWizard Flicker uploads if user isn't trusted |
Event Timeline
Change 212948 had a related patch set uploaded (by Brian Wolff):
[WIP] Add flickr checking to backend
Change 213234 had a related patch set uploaded (by MarkTraceur):
Use new Flickr API instead of old hacky JS
Change 212948 abandoned by MarkTraceur:
[WIP] Add flickr checking to backend
Reason:
No progress, not a priority, can revive later
Change 213234 abandoned by MarkTraceur:
Use new Flickr API instead of old hacky JS
Reason:
No progress on parent patch, not a priority, can be revived later
@AlexisJazz: You are very welcome to use developer access to submit your proposed code changes as a Git branch directly into Gerrit. If you don't want to set up Git/Gerrit, you can also use the Gerrit Patch Uploader. Thanks.
I fixed the AbuseFilter, so this should no longer be an issue. Extended-uploaders are trusted regarding licensing, so I just exempted them from the filter. Agree that moving the check to the server-side is the best long-term solution, but that's covered in T89131.
I think there is still value in changing the template (at least for non-extended-uploaders) as that way everyone could use the Flickr upload interface, which is a much more convenient way of uploading those files. That was the original reason for filing this task - that the Flickr upload button is now disabled for most users, even though the tool doesn't do anything you couldn't do by hand, because the use of the verified temlate disrupted workflows.
(Granted, the Commons community might well decide to not widen access to the tool even if that happens, as they tend to be concerned with making uploading too easy. So maybe that should be checked first.)
"It should still be fine to add FlickrVerifiedByUploadWizard if the account is trusted, however (for example administrators)."
@kaldari actually even that isn't really great. UploadWizard doesn't look at https://commons.wikimedia.org/wiki/Commons:Questionable_Flickr_images but the Flickr review bot does. Correction, it does. Why did I think it doesn't?
Change 485141 had a related patch set uploaded (by Zhuyifei1999; owner: Alexis Jazz):
[mediawiki/extensions/UploadWizard@master] mw.FlickrChecker: Use {{flickrreview}}
Change 485141 merged by jenkins-bot:
[mediawiki/extensions/UploadWizard@master] mw.FlickrChecker: Use {{flickrreview}}
@kaldari errr I think so. I hope FlickreviewR 2 isn't going to break anytime soon as Zhuyifei1999 has left the building, but that's an unrelated matter.