Page MenuHomePhabricator
Create Task
Maniphest T137018

Don't allow non-admins to remove semi-protection from pages by just moving back and forth
Closed, DuplicatePublic
Actions

Description

Please see T136792#2355255.

Steps to reproduce the issue:

  1. Semi-protect a page.
  1. Use another account that has no sysop rights.
  1. Using your secondary account (that has no sysop rights), move the semi-protected page to another page.

Both pages now have semi-protection, if you will see.

  1. Move the target page back to its source page.

At this point, you will see that only one page has semi-protection.

  1. Repeat steps 3 and 4.

Now you will see that the semi-protection is gone, without even using the unprotect special page.

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 DuplicateNoneT137018 Don't allow non-admins to remove semi-protection from pages by just moving back and forth

Event Timeline

Poyekhali created this task.Jun 4 2016, 10:07 AM
Restricted Application added subscribers: Zppix, Malyacko. · View Herald TranscriptJun 4 2016, 10:07 AM
Poyekhali set Security to Software security bug.Jun 4 2016, 10:08 AM
Poyekhali changed the visibility from "Public (No Login Required)" to "Custom Policy".
Poyekhali removed a subscriber: Zppix.Jun 4 2016, 10:22 AM
Anomie closed this task as a duplicate of T128624: Moving a page over redirect loses the protection settings for that page.Jun 6 2016, 1:14 PM
Poyekhali added subscribers: Luke081515, csteipp, Bawolff and 2 others.Jun 7 2016, 12:52 AM

Adding subscribers from T128624

Anomie subscribed.Jun 7 2016, 2:04 PM

There's not much point in adding subscribers to the closed-as-duplicate task. Discussion should continue on the task that's open.

matmarex unsubscribed.Jun 7 2016, 3:30 PM
Poyekhali added a comment.Dec 22 2016, 3:35 AM

T128624 is now resolved, can this task be visible to the public now? Thanks.

Restricted Application removed a subscriber: Poyekhali. · View Herald TranscriptDec 22 2016, 3:35 AM
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 22 2016, 6:15 AM
Bawolff added a subscriber: Poyekhali.
In T137018#2895437, @Pokefan95 wrote:

T128624 is now resolved, can this task be visible to the public now? Thanks.

Done.

Restricted Application removed a subscriber: Poyekhali. · View Herald TranscriptDec 22 2016, 6:15 AM
chasemp added a project: Security.Feb 10 2020, 10:53 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:14 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL