Page MenuHomePhabricator

File upload bypasses spam blacklist
Closed, ResolvedPublic


Uploaders are currently uploading content on video2commons which hits the spam filter. Thus it is impossible to change the page without removing or altering the links. For some odd reason, this also has the side effect of not refreshing categories on the page when the batch process runs around 12AM Eastern time.


Event Timeline

brion added a subscriber: brion.

Sounds like the upload API might be bypassing the spam filter (which probably has lots of redirects in it for dubious reasons). Should reject the upload save in the first place if the description page hits the filter...

Why should be blacklisted anyways...

Change 300546 had a related patch set uploaded (by Matthias Mullie):
Filter file uploads

matmarex renamed this task from video2commons is clashing with the spam filter to File upload bypasses spam blacklist.Jul 27 2016, 4:12 PM

Thus it is impossible to change the page without removing or altering the links.

This should not be the case. SpamBlacklist is supposed to only look at links which are added in the edit, not an previously existing ones. If you're sure that this occurs, can you file a separate bug for it?

matmarex assigned this task to matthiasmullie.
matmarex removed a project: Patch-For-Review.

With the patch by Matthias, an error message is shown on Special:Upload, giving the user a chance to correct the description without reuploading the file:

pasted_file (946×1 px, 109 KB)

The action=upload API returns a result like this (the 'filekey' can also be used to complete the upload without having to upload the whole file again). I'm not sure where the "0" is coming from, there is a lot of weird legacy stuff in action=upload output. But you can rely on the code and spamblacklist properties.

  "error": {
    "code": "spamblacklist",
    "info": "The text you wanted to save was blocked by the spam filter.\nThis is probably caused by a link to a blacklisted external site.",
    "0": [
    "filekey": "1472tkcdwc4o.jpeeh1.1.png",
    "sessionkey": "1472tkcdwc4o.jpeeh1.1.png",
    "invalidparameter": null,
    "spamblacklist": {
      "matches": [
    "*": "See http://localhost:3080/w/api.php for API usage"

Change 300546 merged by jenkins-bot:
Filter file uploads