Page MenuHomePhabricator
Create Task
Maniphest T102840

Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Certain DataValues use URIs internally, and we are slowly introducing more of these cases:

  • Calendar models in time values.
  • Globes in coordinates.
  • Units in quantities.

In all these cases our current validators allow everything, as long as the URL starts with http or https and doesn't exceed 255 characters. The relevant code can be seen in Wikibase\Repo\ValidatorBuilders.

In all these cases I suggest to:

  • Disallow http://wikidata.org with the "www" missing.
  • Disallow http://www.wikidata.org/wiki/ with "wiki" instead of "entity". Moreover, disallow every wikidata.org URI but canonical /entity/ URIs.
  • Clarify what canonical /entity/ URIs include
  • Disallow every entity type but Items.

Details

SubjectRepoBranchLines +/-
Validate entity ID part of URIs in data valuesmediawiki/extensions/Wikibasemaster+243 -28
Add strict types to ValidatorBuildersmediawiki/extensions/Wikibasemaster+63 -84
Rework EntityLabelUnitFormatter into ItemLabelUnitFormattermediawiki/extensions/Wikibasemaster+130 -138
Customize query in gerrit

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
OpenNoneT56318 Quantity datatype (tracking)
OpenNoneT103834 [Epic] Improve input elements for complex datatypes
ResolvedLucas_Werkmeister_WMDET102840 Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values
ResolveddanielT111171 [Task] Restrict URIs for units, calendars, and globes
· · ·

Event Timeline

thiemowmde created this task.Jun 17 2015, 4:20 PM
thiemowmde raised the priority of this task from to Needs Triage.
thiemowmde updated the task description. (Show Details)
thiemowmde added projects: Wikidata, MediaWiki-extensions-WikibaseRepository, DataValues.
thiemowmde added subscribers: thiemowmde, daniel, Lydia_Pintscher.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 17 2015, 4:20 PM
thiemowmde added a project: Patch-For-Review.Jun 17 2015, 4:21 PM

https://github.com/wmde/WikibaseDataModel/pull/503

thiemowmde mentioned this in T92380: Implement (dumb) formatter for quantities with units based on URIs.Jun 17 2015, 4:25 PM
gerritbot subscribed.Jun 17 2015, 8:18 PM

Change 219016 had a related patch set uploaded (by Thiemo Mättig (WMDE)):
Rework EntityLabelUnitFormatter into ItemLabelUnitFormatter

https://gerrit.wikimedia.org/r/219016

Lydia_Pintscher moved this task from incoming to ready to go on the Wikidata board.Jun 19 2015, 2:35 PM
Lydia_Pintscher triaged this task as Medium priority.Jun 26 2015, 11:20 AM
Lydia_Pintscher set Security to None.
Lydia_Pintscher moved this task from ready to go to consider for next sprint on the Wikidata board.
Jonas renamed this task from Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values to [Story] Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values.Aug 13 2015, 3:03 PM
Jonas added a parent task: T76230: [Epic] data quality and trust.Aug 13 2015, 3:06 PM
Ricordisamoa subscribed.Aug 13 2015, 4:07 PM
thiemowmde added a parent task: T56318: Quantity datatype (tracking).Sep 2 2015, 9:17 AM
thiemowmde mentioned this in T110675: [Story] Editing units should show unit label instead of URIs right away..
thiemowmde added a subtask: T111058: [Story] Block non-vocabulary repo URIs for units.Sep 2 2015, 9:20 AM
daniel edited subtasks, added: T111171: [Task] Restrict URIs for units, calendars, and globes; removed: T111058: [Story] Block non-vocabulary repo URIs for units.Sep 2 2015, 4:23 PM
daniel closed subtask T111171: [Task] Restrict URIs for units, calendars, and globes as Resolved.Sep 4 2015, 2:17 PM
JanZerebecki added a project: Story.Sep 25 2015, 8:31 PM
matej_suchanek added a parent task: T103834: [Epic] Improve input elements for complex datatypes.Apr 15 2016, 1:32 PM
gerritbot added a comment.Jul 4 2016, 2:19 PM

Change 219016 abandoned by Thiemo Mättig (WMDE):
Rework EntityLabelUnitFormatter into ItemLabelUnitFormatter

Reason:
Became obsolete with I776a4aa.

https://gerrit.wikimedia.org/r/219016

thiemowmde closed this task as Resolved.Jul 4 2016, 2:19 PM
thiemowmde claimed this task.

Resolved with https://gerrit.wikimedia.org/r/218917.

thiemowmde reopened this task as Open.Jul 4 2016, 2:21 PM

Sorry, https://gerrit.wikimedia.org/r/218917 was about formatting, but this ticket is about validation, which is not resolved.

Lydia_Pintscher moved this task from consider for next sprint to ready to go on the Wikidata board.Oct 17 2016, 2:49 PM
Ladsgroup removed a project: Patch-For-Review.Jul 20 2017, 11:05 AM
thiemowmde removed thiemowmde as the assignee of this task.Sep 4 2018, 12:03 PM
thiemowmde added a project: patch-welcome.
Lydia_Pintscher added a project: Wikidata data quality and trust.Jul 11 2022, 10:05 AM
Bugreporter removed a parent task: T76230: [Epic] data quality and trust.Jul 11 2022, 11:16 AM
ItamarWMDE renamed this task from [Story] Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values to Disallow wikidata.org URIs to non-Item pages in unit/globe/calendar values.Oct 27 2022, 9:12 AM
ItamarWMDE added a project: Wikidata Dev Team.
Lucas_Werkmeister_WMDE subscribed.Nov 25 2022, 3:16 PM

FWIW, the current validation rules are:

  • coordinate globes and time calendars must be URIs below http://www.wikidata.org/entity/. (Always Wikidata, hard-coded in ValidatorBuilders::$wikidataBaseUri.)
  • quantity units must be URIs below the local wiki’s /entity/ URI. (On Wikidata, this is the same URI as for coordinate globes and time calendars, but on other wikis it’s different. All Wikibases refer to Wikidata for globes and calendars, but units are local.)

So I think the first two bullet points of the suggestions in the task description (disallow missing “www”, and disallow “/wiki/” or other non-“/entity/” paths) are already done. However, we don’t yet validate that the part after the /entity/ is a valid item ID (I confirmed locally that http://www.wikidata.org/entity/abcde is accepted as a globe, and it definitely shouldn’t be).

ItamarWMDE subscribed.Jan 31 2023, 3:34 PM

Task Triage Notes:

  • This task is truly about making sure the part after /entity/ is a valid entity ID
  • We can also reaffirm that the above comment is correct
  • We will discuss this further at story time, to improve the task description
ItamarWMDE moved this task from Incoming to Product Backlog on the Wikidata Dev Team board.Jan 31 2023, 3:34 PM
Arian_Bozorg updated the task description. (Show Details)Feb 1 2023, 10:19 AM
karapayneWMDE moved this task from Product Backlog to Unified DOT Backlog on the Wikidata Dev Team board.Feb 1 2023, 10:35 AM
karapayneWMDE set the point value for this task to 3.Feb 7 2023, 10:45 AM
karapayneWMDE moved this task from Unified DOT Backlog to Sprint-∞ on the Wikidata Dev Team board.
karapayneWMDE edited projects, added Wikidata Dev Team (Sprint-∞); removed Wikidata Dev Team.
Lucas_Werkmeister_WMDE moved this task from Parents/Waiting to Todo/Backlog on the Wikidata Dev Team (Sprint-∞) board.Feb 15 2023, 4:43 PM
Lucas_Werkmeister_WMDE claimed this task.Feb 16 2023, 1:25 PM
Lucas_Werkmeister_WMDE moved this task from Todo/Backlog to Doing on the Wikidata Dev Team (Sprint-∞) board.
Lucas_Werkmeister_WMDE added a comment.Feb 16 2023, 2:56 PM
  • coordinate globes and time calendars must be URIs below http://www.wikidata.org/entity/. (Always Wikidata, hard-coded in ValidatorBuilders::$wikidataBaseUri.)
  • quantity units must be URIs below the local wiki’s /entity/ URI. (On Wikidata, this is the same URI as for coordinate globes and time calendars, but on other wikis it’s different. All Wikibases refer to Wikidata for globes and calendars, but units are local.)

Fun fact: when this was implemented in 2015, we forgot to define the wikibase-validator-bad-prefix message used by these errors.

{
    "error": {
        "code": "modification-failed",
        "info": "⧼wikibase-validator-bad-prefix⧽",
        "messages": [
            {
                "name": "wikibase-validator-bad-prefix",
                "parameters": [
                    "http://example.com/"
                ],
                "html": "⧼wikibase-validator-bad-prefix⧽"
            }
        ],
        "docref": "See https://www.wikidata.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
    },
    "servedby": "mw1358"
}
gerritbot added a comment.Feb 16 2023, 3:45 PM

Change 889813 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[mediawiki/extensions/Wikibase@master] Add strict types to ValidatorBuilders

https://gerrit.wikimedia.org/r/889813

gerritbot added a project: Patch-For-Review.Feb 16 2023, 3:45 PM

Change 889814 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[mediawiki/extensions/Wikibase@master] Validate entity ID part of URIs in data values

https://gerrit.wikimedia.org/r/889814

Lucas_Werkmeister_WMDE moved this task from Doing to Peer Review on the Wikidata Dev Team (Sprint-∞) board.Feb 16 2023, 4:10 PM
gerritbot added a comment.Feb 20 2023, 10:26 PM

Change 889813 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Add strict types to ValidatorBuilders

https://gerrit.wikimedia.org/r/889813

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.24; 2023-02-20).Feb 20 2023, 11:00 PM
Lucas_Werkmeister_WMDE moved this task from Peer Review to Doing on the Wikidata Dev Team (Sprint-∞) board.Feb 23 2023, 12:53 PM
Lucas_Werkmeister_WMDE moved this task from Doing to Peer Review on the Wikidata Dev Team (Sprint-∞) board.Feb 23 2023, 1:17 PM
gerritbot added a comment.Feb 23 2023, 3:40 PM

Change 889814 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Validate entity ID part of URIs in data values

https://gerrit.wikimedia.org/r/889814

Lucas_Werkmeister_WMDE moved this task from Peer Review to Product Verification on the Wikidata Dev Team (Sprint-∞) board.Feb 23 2023, 3:41 PM
ReleaseTaggerBot edited projects, added MW-1.40-notes (1.40.0-wmf.25; 2023-02-27); removed MW-1.40-notes (1.40.0-wmf.24; 2023-02-20).Feb 23 2023, 4:00 PM
Arian_Bozorg closed this task as Resolved.Feb 28 2023, 1:34 PM
Arian_Bozorg moved this task from Product Verification to Our work done on the Wikidata Dev Team (Sprint-∞) board.
Arian_Bozorg subscribed.

Thanks team :)

karapayneWMDE moved this task from Our work done to 2023 completed tasks on the Wikidata Dev Team (Sprint-∞) board.May 12 2023, 7:55 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL