Page MenuHomePhabricator

[Bug] Every other abusive edit request succeeds for rule 94
Closed, InvalidPublic

Description

The Wikipedia Android app has a test for exercising rule 94 on the test wiki[0]. The test's first request appears to fail properly but the second, even identical, request succeeds. The bug may be reproduced by simply running the following request twice:

https://test.m.wikipedia.org/w/api.php?action=edit&format=json&title=User%3AYuvipandaaaaaaaa&section=0&text=Testing%20Abusefilter%20by%20simply%20editing%20this%20page.%20Triggering%20rule%2094%20at%201452636976514&summary=

Headers
User-Agent WikipediaApp/2.1.137-dev-2016-01-12 (Android 4.0.4; Phone) Developer Channel
Accept-Language test,en;q=0.8
X-WMF-UUID 96d1f2ef-ab7f-4406-b333-79e26e3ed6ed

Body
token +\

Expected response

{
  "edit": {
    "code": "abusefilter-warning/userpage_edit",
    "info": "Hit AbuseFilter: Editing user page by anonymous user",
    "warning": "<b>Warning:</b> This action has been automatically identified as harmful.\nUnconstructive edits will be quickly reverted,\nand egregious or repeated unconstructive editing will result in your account or IP address being blocked.\nIf you believe this action to be constructive, you may submit it again to confirm it.\nA brief description of the abuse rule which your action matched is: Editing user page by anonymous user",
    "result": "Failure"
  }
}

Actual response

{
  "edit": {
    "result": "Success",
    "pageid": 75480,
    "title": "User:Yuvipandaaaaaaaa",
    "contentmodel": "wikitext",
    "oldrevid": 260224,
    "newrevid": 260225,
    "newtimestamp": "2016-01-12T23:07:55Z"
  }
}

[0] https://test.wikipedia.org/wiki/Special:AbuseFilter/94

Event Timeline

Niedzielski raised the priority of this task from to High.
Niedzielski updated the task description. (Show Details)
Niedzielski added a subscriber: Niedzielski.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 12 2016, 11:10 PM
Se4598 added a subscriber: Se4598.EditedJan 12 2016, 11:43 PM

This isn't a issue of AbuseFilter, is it? The filter is only set to warn, not prevent any edit. So after the warning, if you resubmit it (or something for the same pagename) in the same php session again, it will go through. Doing as intended from AbuseFilter side.

@Niedzielski could you clarify if you mean the test in the app should be fixed?
Or can I assume that you are wondering why the edit goes through? This is as intended (see before) and the text in the warning message. ( "Prevent the user from performing the action in question" unchecked, "Trigger these actions after giving the user a warning" checked in the filter). Please close as invalid if resolved for you.

Niedzielski closed this task as Invalid.Jan 13 2016, 4:52 PM
Niedzielski claimed this task.

@Se4598, ah! My mistake!