Page MenuHomePhabricator

Don't allow non-admins to remove semi-protection from pages by just moving back and forth
Closed, DuplicatePublic

Description

Please see T136792#2355255.

Steps to reproduce the issue:

  1. Semi-protect a page.
  1. Use another account that has no sysop rights.
  1. Using your secondary account (that has no sysop rights), move the semi-protected page to another page.

Both pages now have semi-protection, if you will see.

  1. Move the target page back to its source page.

At this point, you will see that only one page has semi-protection.

  1. Repeat steps 3 and 4.

Now you will see that the semi-protection is gone, without even using the unprotect special page.

Event Timeline

Restricted Application added subscribers: Zppix, Malyacko. · View Herald TranscriptJun 4 2016, 10:07 AM
Poyekhali set Security to Software security bug.Jun 4 2016, 10:08 AM
Poyekhali changed the visibility from "Public (No Login Required)" to "Custom Policy".
Poyekhali removed a subscriber: Zppix.Jun 4 2016, 10:22 AM
Anomie added a subscriber: Anomie.Jun 7 2016, 2:04 PM

There's not much point in adding subscribers to the closed-as-duplicate task. Discussion should continue on the task that's open.

matmarex removed a subscriber: matmarex.Jun 7 2016, 3:30 PM

T128624 is now resolved, can this task be visible to the public now? Thanks.

Restricted Application removed a subscriber: Poyekhali. · View Herald TranscriptDec 22 2016, 3:35 AM
Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 22 2016, 6:15 AM
Bawolff added a subscriber: Poyekhali.
In T137018#2895437, @Pokefan95 wrote:

T128624 is now resolved, can this task be visible to the public now? Thanks.

Done.

Restricted Application removed a subscriber: Poyekhali. · View Herald TranscriptDec 22 2016, 6:15 AM