Page MenuHomePhabricator
Create Task
Maniphest T126861

Content for AbuseFilter was transformed into JSON
Closed, ResolvedPublic
Actions

Description

In these logs, new_wikitext and added_lines have JSON instead of the entity serialization in old_wikitext:

I cannot say under what conditions this happens though KasparBot triggered a filter many times as a result of this bug.

Details

SubjectRepoBranchLines +/-
Don't filter undos coming in via the "APIEditBeforeSave" hookmediawiki/extensions/AbuseFiltermaster+6 -0
Customize query in gerrit

Related Objects

Event Timeline

matej_suchanek created this task.Feb 13 2016, 11:26 AM
matej_suchanek raised the priority of this task from to Needs Triage.
matej_suchanek updated the task description. (Show Details)
matej_suchanek added projects: Wikidata, MediaWiki-extensions-WikibaseRepository.
matej_suchanek subscribed.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptFeb 13 2016, 11:26 AM
matej_suchanek updated the task description. (Show Details)Feb 13 2016, 11:29 AM
matej_suchanek set Security to None.
Lydia_Pintscher added a subscriber: hoo.Feb 18 2016, 12:39 PM
Lydia_Pintscher subscribed.

How bad is this?

Lydia_Pintscher moved this task from incoming to needs discussion or investigation on the Wikidata board.Feb 18 2016, 12:47 PM
matej_suchanek added a comment.Feb 18 2016, 3:35 PM

Two of the linked changes are rollbacks... aren't rollbacks excluded from AbuseFilter at all? This could also indicate a bug.

hoo added a comment.EditedFeb 18 2016, 5:09 PM

I could reproduce this by undoing a content object using the api with action=edit&undo=…&undoafter=…. Will look into this further.

These weren't actual rollbacks, but emulated ones by @Ricordisamoa's https://www.wikidata.org/wiki/User:Ricordisamoa/Rollback.js.

hoo added a subscriber: Ricordisamoa.Feb 18 2016, 5:10 PM
hoo claimed this task.EditedFeb 18 2016, 5:28 PM
hoo added projects: AbuseFilter, MediaWiki-Action-API.
hoo added subscribers: aude, daniel, Anomie.

The problem here got visible with @aude's a225cbdca89563e878c19580fb04c9e1d805d6c7 which made it possible to use ApiEditPage for undoing edits on entity content.

ApiEditPage always runs APIEditBeforeSave, even when undoing an edit. That is inconsistent with for example EditFilterMergedContent.

I see two ways to fix this:

  • Don't run the hook on undo (this is a breaking change, but would make the behavior consistent with EditFilterMergedContent)
  • Make AbuseFilter ignore undos coming in via that hook

Whatever we choose to do, we should document the (new) behavior of the hook properly (right now its not obvious whether it's supposed to run on undo or not).

Ricordisamoa added a comment.EditedFeb 18 2016, 5:30 PM
In T126861#2040222, @hoo wrote:

These weren't actual rollbacks, but emulated ones by @Ricordisamoa's https://www.wikidata.org/wiki/User:Ricordisamoa/Rollback.js.

Ha! I knew it was going to mess up one day... (only using undo since Jan 23)

Anomie moved this task from Unsorted to Non-core-API stuff on the MediaWiki-Action-API board.Feb 18 2016, 5:32 PM
hoo added a comment.Feb 18 2016, 5:40 PM

@Anomie Given you moved this to not a core issue, I suspect you say that the core behavior shouldn't be altered?

Anomie added a comment.Feb 18 2016, 5:48 PM

Yeah, it makes more sense to me that the "ApiEditBeforeSave" hook would be called for all API action=edit calls, including undo.

Ricordisamoa added a comment.Feb 18 2016, 6:03 PM

Whatever conversion is applied to new_wikitext and added_lines, can't it be applied regardless of the action?

gerritbot subscribed.Mar 17 2016, 7:51 PM

Change 278071 had a related patch set uploaded (by Hoo man):
Don't filter undos coming in via the "APIEditBeforeSave" hook

https://gerrit.wikimedia.org/r/278071

gerritbot added a project: Patch-For-Review.Mar 17 2016, 7:51 PM
gerritbot added a comment.Mar 18 2016, 2:18 PM

Change 278071 merged by jenkins-bot:
Don't filter undos coming in via the "APIEditBeforeSave" hook

https://gerrit.wikimedia.org/r/278071

ReleaseTaggerBot added a project: MW-1.27-release (WMF-deploy-2016-03-22_(1.27.0-wmf.18)).Mar 18 2016, 3:00 PM
hoo closed this task as Resolved.Mar 18 2016, 4:54 PM
hoo removed a project: Patch-For-Review.
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL