Page MenuHomePhabricator

ContentTranslation probably saves changes repeatedly and this is affected by AbuseFilter
Open, Needs TriagePublic

Description

Hi all,
ContentTranslation probably saves changes repeatedly and AbuseFilter catches this saves mistakely.

Czech Wikipedia has an abusefilter (number 92, see https://cs.wikipedia.org/wiki/Speci%C3%A1ln%C3%AD:Filtry_zneu%C5%BEit%C3%AD/92 for details) which inform users when they saves a page more than six times per hour. ContentTranslation shows "Problémy s obsahem: Ukázat náhled Byl nalezen: Obsah, který nesplňuje omezení stanovené Wikipedii pro čeština. Prosím opravte problémy před zveřejněním překladu.". (translation: "Problems with content: Show preview: There is some content which do not meet rules set by Czech Wikipedia").

There is nothing in the AbuseLog. It seems ContentTranslation verifies content through AbuseFilter regularly without logging. I don't think this is good behaviour, please unset unset this.

Best,
Martin Urbanec
https.//cs.wikipedia.org/wiki/User:Martin_Urbanec
https://meta.wikimedia.org/wiki/User:Martin_Urbanec

See also

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

One shouldn't use AbuseFilter for this. MediaWiki has built-in support for setting the limit for number of edits in a given timeframe through configuration.

@Nikerabbit This is correct. However, the problem reported by Urbanecm pops out whenever we have a filter with "throttling" enabled, for whatever reason. Repeated savings may produce highly unexpected (and dangerous) results.

CX does validate the sections on save (sometimes, not always) to surface those warnings and errors to the translators sooner than at publish time. AbuseFilter doesn't provide a nice interface to do this (please correct me if I am wrong), so I don't think it is possible to satisfy this and all the product requirements without reworking AbuseFilter (which we know very little about).

@Nikerabbit I looked at CX (specifically, this class) and I see that CX takes consequences with getConsequencesForFilters and then the serious ones are outputted. And yes, you're right, currently there's no way to get an array of processed actions. However, I recently sent this patch, currently under review, to do exactly this: given an array of per-filter consequences, filter it in order to leave only actions to really execute. This includes unsetting any action if throttle counter isn't hit, and other similar cases. Also, the introduced function (getFilteredConsequences) has the benefit of not altering the global state, so that calling it twice won't damage anything. I guess CX could use it as long as it'll be merged.

Change 462931 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/AbuseFilter@master] Filter out actions to execute before actually executing them

https://gerrit.wikimedia.org/r/462931

Change 465662 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/ContentTranslation@master] Filter out consequences before warning the user

https://gerrit.wikimedia.org/r/465662

One shouldn't use AbuseFilter for this. MediaWiki has built-in support for setting the limit for number of edits in a given timeframe through configuration.

Unless I'm mistaken, MediaWiki doesn't allow to throttle edits by user and page.

Change 462931 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/AbuseFilter@master] Filter out actions to execute before actually executing them

https://gerrit.wikimedia.org/r/462931

Change 465662 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/extensions/ContentTranslation@master] Filter out consequences before warning the user

https://gerrit.wikimedia.org/r/465662

Change 465662 abandoned by Daimona Eaytoy:
[mediawiki/extensions/ContentTranslation@master] Filter out consequences before warning the user

Reason:
The relevant code is being refactored in AF, so this is no longer valid. Note, I believe that this code here is a huge hack that is not really sustainable and has some potential drawbacks, so I'd actually consider its removal.

https://gerrit.wikimedia.org/r/465662