Page MenuHomePhabricator
Create Task
Maniphest T119234

Change deleted topic titles to be consistently visible and reflect this in permissions system
Closed, ResolvedPublic
Actions

Assigned To
Mattflaschen-WMF
Authored By
Mattflaschen-WMF
Nov 20 2015, 8:03 PM
Tags
Referenced Files
F4368641: Screen Shot 2016-08-16 at 4.28.46 PM.png
Aug 16 2016, 11:53 PM
F4368652: Screen Shot 2016-08-16 at 4.50.35 PM.png
Aug 16 2016, 11:53 PM
Subscribers
Aklapper
Etonkovidova
gerritbot
jmatazzoni
Mattflaschen-WMF
matthiasmullie
Quiddity
View All 9 Subscribers

Description

My understanding is that they are not considered private from non-privileged users.

However, history shows them as "" (which also looks broken). (You can probably find an example at https://www.mediawiki.org/w/index.php?title=Manual_talk:FAQ&action=history ):

(cur prev	topic) 22:09, 19 November 2015 . . SPage (WMF) (talk | contribs) deleted the topic "" (kgh put a "candidates for speedy deletion" template on this) . . (-80)‎

And it turns out this only shows on logs because the permissions are not enforced there. I don't think this is actually a security problem if we agree that topic title is not sensitive for deleted topics. Suppress logs are restricted by a separate mechanism (https://www.mediawiki.org/wiki/Special:Log/suppress).

So if we confirm this is not sensitive, the permission system should reflect this. Probably, they should also be visible on history. If not, though, I suggest we make a history message that does not look broken.

Details

SubjectRepoBranchLines +/-
SECURITY: Fix topic title visibilitymediawiki/extensions/FlowREL1_26+113 -31
SECURITY: Fix topic title visibilitymediawiki/extensions/FlowREL1_27+110 -24
SECURITY: Fix topic title visibilitymediawiki/extensions/Flowmaster+110 -24
Customize query in gerrit

Related Objects

Event Timeline

Mattflaschen-WMF created this task.Nov 20 2015, 8:03 PM
Mattflaschen-WMF raised the priority of this task from to Needs Triage.
Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF added a project: StructuredDiscussions.
Mattflaschen-WMF added subscribers: Mattflaschen-WMF, Quiddity, matthiasmullie, SBisson.
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptNov 20 2015, 8:03 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald Transcript
Quiddity added a comment.Nov 20 2015, 8:22 PM

That is all correct. Meta details of the entries in the standard deletion log are fully visible to everyone. That's also how LQT does it.

Mattflaschen-WMF added a comment.EditedNov 20 2015, 8:26 PM
In T119234#1821638, @Quiddity wrote:

That is all correct. Meta details of the entries in the standard deletion log are fully visible to everyone. That's also how LQT does it.

Do you also agree we should change it to:

deleted the topic "Actual topic title"

instead of:

deleted the topic ""

in history?

Mattflaschen-WMF updated the task description. (Show Details)Nov 20 2015, 8:27 PM
Mattflaschen-WMF set Security to None.
Quiddity added a comment.Nov 20 2015, 8:40 PM
In T119234#1821677, @Mattflaschen wrote:

Do you also agree we should change it to:

Yes. Removing the visibility of the topic title, would be more along the lines of {T116301}, IIUC.

Mattflaschen-WMF renamed this task from Be consistent about whether topic titles of deleted topics are visible to Change deleted topic titles to be consistently visible and reflect this in permissions system.Nov 20 2015, 8:57 PM
Mattflaschen-WMF added a comment.Nov 24 2015, 10:16 PM

The team discussed this in a meeting, and we're in agreement that this is public data.

Mattflaschen-WMF mentioned this in T137593: Topics that are deleted then suppressed expose topic title in public deletion log.Jun 10 2016, 8:58 PM
Mattflaschen-WMF mentioned this in T137288: Applying deletelogentry restrictions to flow deletion log entries does not work.Jun 10 2016, 9:01 PM
Mattflaschen-WMF edited projects, added Collab-Team-2016-Apr-Jun-Q4; removed Collaboration-Team-Triage.Jun 10 2016, 9:10 PM
Mattflaschen-WMF moved this task from Untriaged to Needs Review on the Collab-Team-2016-Apr-Jun-Q4 board.

Patch at T137593: Topics that are deleted then suppressed expose topic title in public deletion log.

gerritbot subscribed.Jun 13 2016, 9:43 PM

Change 294175 had a related patch set uploaded (by Mattflaschen):
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/294175

gerritbot added a project: Patch-For-Review.Jun 13 2016, 9:43 PM
gerritbot added a comment.Jul 19 2016, 9:16 PM

Change 299864 had a related patch set uploaded (by Mattflaschen):
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299864

gerritbot added a comment.Jul 19 2016, 9:29 PM

Change 299864 merged by jenkins-bot:
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299864

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-07-26_(1.28.0-wmf.12)).Jul 19 2016, 10:00 PM
gerritbot added a comment.Jul 19 2016, 10:27 PM

Change 299883 had a related patch set uploaded (by Mattflaschen):
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299883

gerritbot added a comment.Jul 19 2016, 10:28 PM

Change 299885 had a related patch set uploaded (by Mattflaschen):
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299885

gerritbot added a comment.Jul 19 2016, 10:45 PM

Change 299885 merged by jenkins-bot:
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299885

gerritbot added a comment.Jul 19 2016, 10:49 PM

Change 299883 merged by jenkins-bot:
SECURITY: Fix topic title visibility

https://gerrit.wikimedia.org/r/299883

Mattflaschen-WMF edited projects, added Collab-Team-Q1-July-Sep-2016; removed Collab-Team-2016-Apr-Jun-Q4.Aug 2 2016, 1:02 AM
Mattflaschen-WMF moved this task from Untriaged to Needs Review on the Collab-Team-Q1-July-Sep-2016 board.
Mattflaschen-WMF moved this task from Needs Review to QA Review on the Collab-Team-Q1-July-Sep-2016 board.Aug 15 2016, 10:07 PM
Etonkovidova subscribed.Aug 16 2016, 11:53 PM

Checked in betalabs - the deleted topic titles will be displayed to all logged users and anon users on 'View history', 'Recent changes', and Special:Log/delete.

e.g.

Screen Shot 2016-08-16 at 4.28.46 PM.png (47×1 px, 35 KB)

Screen Shot 2016-08-16 at 4.50.35 PM.png (629×1 px, 213 KB)

Etonkovidova moved this task from QA Review to Product Review on the Collab-Team-Q1-July-Sep-2016 board.Aug 16 2016, 11:53 PM
jmatazzoni closed this task as Resolved.Aug 19 2016, 12:18 AM
jmatazzoni claimed this task.
Mattflaschen-WMF claimed this task.Aug 19 2016, 12:42 AM
Mattflaschen-WMF added a subscriber: jmatazzoni.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL